Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    BORN Ontario child registry data breach affects 3.4 million people

Featured Deal: Get started in AI or make your own with this $19.97 course bundle

Latest Buyer's Guide:    Best VPNs to unblock Stan outside Australia in 2023

Generic User Avatar

Cryptojacked 2miners.com - Overheating CPU

Started by greghhhh , Today, 10:28 AM

  • Please log in to reply
3 replies to this topic

#1 greghhhh

greghhhh

  • Avatar image
  • Members
  • 3 posts
  • OFFLINE
    •  
  • Local time:02:23 AM

Posted Today, 10:28 AM

Hi,

After 30s-1 minute of my computer being turned on, the CPU starts heating up and being used as if I was playing an intensive game. When I open up Task Manager, it goes back down. I am monitoring the CPU usage and heat through OCCT so can see the spike as soon as I open or close task manager. 

I am 99% sure where this came - I downloaded a cracked program I needed and mounted the .iso but before installing it, I checked the comments of the torrent site to see if there were any issues to which the comments said it was infected. I used the MD5 hash to check the file against the original uploader's hash file and it didn't match (the person who uploaded the torrent file wasn't the person who cracked the software). It meant that the file that I had (stupidly) downloaded and opened had been altered. I deleted the file straightaway but the damage was done. 

 

Some things I have found out:

 

- You can stop the crypto miner temporarily by opening up task manager.
- It communicates to p22.2miners.com through explorer.exe (found this out through ProcessMonitor - I have attached a screenshot)
- I've blocked the above site (using IP addresses found online) through MS Firewall but hasn't helped.
- I've tried iExplorer, ESET online scanner, malwarebytes, kaspersky (KVRT), hitman pro, Spyhunter, RogueKiller, MSERT and Housecall - none of these have worked.
- It mainly uses the CPU when mining
- It saves a whole list of antivirus websites in the hosts file pointing to 0.0.0.0 so you can't visit them unless you remove them from the hosts file (I have removed these but they come back on every start up)
 
I created this FRST after trying quite a few things - would it be better that I redo this on a fresh restart while the miner is running?
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-09-2023
Ran by Greg (administrator) on DESKTOP-LBCF8FI (Micro-Star International Co., Ltd. MS-7B89) (25-09-2023 15:40:37)
Running from D:\Downloads\scoped_dir10624_306559415\FRST64.exe
Loaded Profiles: Greg & Mum & postgres
Platform: Microsoft Windows 10 Enterprise LTSC Version 21H2 19044.3448 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(C:\Program Files\Opera\opera.exe ->) (Opera Norway AS -> Opera Software) C:\Program Files\Opera\102.0.4880.56\opera_crashreporter.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(explorer.exe ->) (ocbase.com -> OCCT) D:\Downloads\OCCT.exe
(explorer.exe ->) (Vivaldi Technologies AS -> Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\vivaldi.exe <17>
(F.lux Software LLC -> f.lux Software LLC) C:\Users\Greg\AppData\Local\FluxSoftware\Flux\flux.exe
(Kilonova LLC -> Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Greg\AppData\Local\Microsoft\BingWallpaperApp\BingWallpaperApp.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
(Opera Norway AS -> Opera Software) C:\Program Files\Opera\opera.exe <34>
(services.exe ->) (Creative Technology Ltd -> Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(services.exe ->) (EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe
(services.exe ->) (nordvpn s.a. -> nordvpn S.A.) C:\Program Files\NordUpdater\NordUpdateService.exe
(services.exe ->) (Seagate Technology LLC -> LaCie) C:\Program Files (x86)\LaCie\LaCie Desktop Manager\LaCieDesktopManagerDaemon.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\RunOnce: [5353a3fa-7ea0-438f-bba9-6f63f6305433] => "C:\Users\Greg\AppData\Local\Temp\{0372e583-4625-4d44-b98b-87e466f3b047}\5353a3fa-7ea0-438f-bba9-6f63f6305433.cmd" (No File) <==== ATTENTION
HKU\S-1-5-21-2743476253-3818321080-4174246603-1001\...\Run: [Discord] => C:\Users\Greg\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-2743476253-3818321080-4174246603-1001\...\Run: [f.lux] => C:\Users\Greg\AppData\Local\FluxSoftware\Flux\flux.exe [1525880 2023-05-18] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-2743476253-3818321080-4174246603-1001\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [193592 2023-09-24] (Adobe Inc. -> Adobe Inc.)
HKU\S-1-5-21-2743476253-3818321080-4174246603-1001\...\Run: [Adobe Acrobat Synchronizer] => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" (No File)
HKU\S-1-5-21-2743476253-3818321080-4174246603-1001\...\Run: [Steam] => E:\Program Files (x86)\Steam\steam.exe [4374888 2023-09-11] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-2743476253-3818321080-4174246603-1001\...\Run: [DDAssist] => E:\Program Files (x86)\Drobo\Drobo Dashboard\DDAssist.exe [827408 2019-11-25] (Drobo Inc -> Drobo, Inc.)
HKU\S-1-5-21-2743476253-3818321080-4174246603-1001\...\Run: [Spotify] => C:\Users\Greg\AppData\Roaming\Spotify\Spotify.exe [28942200 2023-09-22] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-2743476253-3818321080-4174246603-1001\...\Run: [Creative.SBCommand.exe] => D:\Program Files (x86)\Creative\Sound Blaster Command\Creative.SBCommand.exe [199168 2021-05-21] (Creative Technology Ltd) [File not signed]
HKU\S-1-5-21-2743476253-3818321080-4174246603-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2607648 2023-09-19] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2743476253-3818321080-4174246603-1001\...\Run: [CiscoSpark] => C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webex\Webex.lnk [1469 2023-07-29] () [File not signed]
HKU\S-1-5-21-2743476253-3818321080-4174246603-1001\...\Run: [CiscoMeetingDaemon] => C:\Users\Greg\AppData\Local\WebEx\WebexHost.exe [8077920 2023-07-13] (Cisco WebEx LLC -> Cisco Webex LLC)
HKU\S-1-5-21-2743476253-3818321080-4174246603-1001\...\Run: [BingWallpaperApp] => C:\Users\Greg\AppData\Local\Microsoft\BingWallpaperApp\BingWallpaperApp.exe [14037384 2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2743476253-3818321080-4174246603-1001\...\MountPoints2: {b0bdb7a9-48a5-11ee-84eb-309c23e2580e} - "F:\OnePlus_setup.exe" /s
HKU\S-1-5-21-2743476253-3818321080-4174246603-1002\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2607648 2023-09-19] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2743476253-3818321080-4174246603-1003\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2607648 2023-09-19] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\116.0.5845.188\Installer\chrmstp.exe [2023-09-12] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{9C142C0C-124C-4467-B117-EBCC62801D7B}] -> "C:\Program Files\Vivaldi\Application\6.2.3105.51\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --vivaldi-install-dir="C:\Program Files\Vivaldi"
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
Startup: C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2023-07-02]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Greg\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {CBF33B3E-ECC6-44FB-B79F-CFA94745CD8A} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-2743476253-3818321080-4174246603-1001 => C:\Users\Greg\AppData\Local\MEGAsync\MEGAupdater.exe [2531504 2023-08-21] (Mega Limited -> )
Task: {F4DFABB7-F467-4C51-96B7-FC932D736939} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913760 2023-09-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {DF06D194-E6C8-424B-B1AD-5A054747A20B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913760 2023-09-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {13C27CAE-9335-4DB9-A020-E0D253645C24} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158664 2023-09-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {E51563F6-FD77-4BB3-B2FD-14D56747FF0E} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158664 2023-09-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {6540625F-A5CB-481A-9377-6F2A6B834D16} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [167864 2023-09-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {86B9CE48-975C-4791-8DEA-B0FCF87BA023} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {330A42D4-0FB0-4B55-82E0-227E76E52AF0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AE5B0CE8-0A1C-4691-87A9-E11FCE9105E8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {182CBB94-78B3-41DA-9443-F3CD4057FC83} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6DB17226-7E3D-4B7B-98B2-954D4E49A500} - System32\Tasks\Microsoft\Windows\WindowsBackup\User => C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe [486400 2023-09-14] (Microsoft Windows -> Microsoft Corporation) -> 
Task: {0B7232CA-51DC-4695-9388-F22264B1E7F3} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [722336 2023-09-16] (Mozilla Corporation -> Mozilla Foundation)
Task: {2F5814EB-EC54-4C6D-B4FC-7EDD412A4E83} - System32\Tasks\VivaldiUpdateCheck-7a68811dd27bdea0 => C:\Program Files\Vivaldi\Application\update_notifier.exe [3845520 2023-09-21] (Vivaldi Technologies AS -> Vivaldi Technologies AS)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{66fa9fdb-5a4a-4564-a8e6-30c6c18b56ee}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{66fa9fdb-5a4a-4564-a8e6-30c6c18b56ee}: [DhcpNameServer] 192.168.1.254
 
Edge: 
=======
Edge Profile: C:\Users\Greg\AppData\Local\Microsoft\Edge\User Data\Default [2023-09-25]
 
FireFox:
========
FF DefaultProfile: p16x8pf3.default
FF ProfilePath: C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\p16x8pf3.default [2023-09-25]
FF Extension: (Dark Reader) - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\p16x8pf3.default\Extensions\addon@darkreader.org.xpi [2023-08-17]
FF Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\p16x8pf3.default\Extensions\firefox@ghostery.com.xpi [2023-07-31]
FF Extension: (Foto – Balanced) - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\p16x8pf3.default\Extensions\foto-balanced-colorway@mozilla.org.xpi [2023-06-21]
FF Extension: (To Google Translate) - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\p16x8pf3.default\Extensions\jid1-93WyvpgvxzGATw@jetpack.xpi [2021-06-23]
FF Extension: (Playmaker – Bold) - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\p16x8pf3.default\Extensions\playmaker-bold-colorway@mozilla.org.xpi [2023-06-21]
FF Extension: (Mastercarder: Credit Card Generator) - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\p16x8pf3.default\Extensions\{2f105e73-8d1d-482e-b00b-3454a3794498}.xpi [2022-06-17] [UpdateUrl:hxxps://clients2.google.com/service/update2/crx]
FF Extension: (Gener8) - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\p16x8pf3.default\Extensions\{33faa1bb-2d20-47db-9e39-d80adea64190}.xpi [2020-01-04]
FF Extension: (Gener8) - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\p16x8pf3.default\Extensions\{76f7bd40-e33f-4d9f-af4b-38100b4b18f6}.xpi [2023-09-25]
FF HKU\S-1-5-21-2743476253-3818321080-4174246603-1001\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Greg\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi
FF Extension: (Ace Script) - C:\Users\Greg\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi [2018-11-26]
FF Plugin: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-01-27] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-01-27] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-09-14] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-01-27] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-01-27] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2023-09-14] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-09-14] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.14 -> E:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2022-10-25] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.16 -> E:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2022-10-25] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.18 -> E:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2022-10-25] (VideoLAN -> VideoLAN)
FF Plugin HKU\S-1-5-21-2743476253-3818321080-4174246603-1001: @acestream.net/acestreamplugin,version=3.1.32 -> C:\Users\Greg\AppData\Roaming\ACEStream\player\npace_plugin.dll [2017-01-13] (Innovative Digital Technologies -> Innovative Digital Technologies)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default [2023-09-25]
CHR DownloadDir: D:\Downloads
CHR Notifications: Default -> hxxps://app.chime.aws; hxxps://cart.godaddy.com; hxxps://helpchat.hostgator.com; hxxps://meet.google.com; hxxps://productivity.godaddy.com; hxxps://teams.microsoft.com; hxxps://twitter.com; hxxps://uk.godaddy.com
CHR Extension: (AdGuard AdBlocker) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2023-09-21]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-08-28]
CHR Extension: (Google Docs Offline) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-08-24]
CHR Extension: (Ace Script) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2023-09-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Profile: C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-09-09]
CHR Profile: C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1 [2022-03-21]
CHR Session Restore: Profile 1 -> is enabled.
CHR Extension: (Slides) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-07-20]
CHR Extension: (Docs) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2020-07-20]
CHR Extension: (Google Drive) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-02]
CHR Extension: (YouTube) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-07-20]
CHR Extension: (Ali Insider- AliExpress Product Research Tool) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cbcoaginjmpgjalcbfmlkpjkeldoaeio [2022-03-21]
CHR Extension: (Adobe Acrobat) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-05-22]
CHR Extension: (Sheets) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-07-20]
CHR Extension: (Shopify Theme Inspector for Chrome) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fndnankcflemoafdeboboehphmiijkgp [2022-03-21]
CHR Extension: (Google Docs Offline) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-03-21]
CHR Extension: (Easy AliExpress ePacket Finder) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hencchoidjkafdoeoodcneiemlcfnbhb [2020-07-20]
CHR Extension: (Oberlo - Aliexpress.com Product Importer) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hmanipjnbjnhoicdnooapcnfonebefel [2022-03-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-11]
CHR Extension: (Image Downloader Plus) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nokomaoipjjmdoomodhjkohlghnaafdn [2020-07-20]
CHR Extension: (Gmail) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-02]
CHR Profile: C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 3 [2023-08-24]
CHR Extension: (Slides) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2022-02-01]
CHR Extension: (Docs) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2022-02-01]
CHR Extension: (Google Drive) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2022-02-01]
CHR Extension: (YouTube) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2022-02-01]
CHR Extension: (Adobe Acrobat) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-02-01]
CHR Extension: (Sheets) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2022-02-01]
CHR Extension: (Google Docs Offline) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-08-24]
CHR Extension: (Ace Script) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2022-02-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-02-01]
CHR Extension: (Gmail) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2022-02-01]
CHR Profile: C:\Users\Greg\AppData\Local\Google\Chrome\User Data\System Profile [2021-05-23]
CHR HKU\S-1-5-21-2743476253-3818321080-4174246603-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKU\S-1-5-21-2743476253-3818321080-4174246603-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo]
 
Opera: 
=======
OPR DefaultProfile: Opera Stable
OPR Profile: C:\Users\Greg\AppData\Roaming\Opera Software\Opera Stable [2023-09-25]
OPR DownloadDir: D:\Downloads
OPR Notifications: Opera Stable -> hxxps://meet.google.com; hxxps://web.skype.com
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Bye Rupert) - C:\Users\Greg\AppData\Roaming\Opera Software\Opera Stable\Extensions\ehdikikkfbfjjemfadgggcohkjoggoof [2021-11-06]
OPR Extension: (Rich Hints Agent) - C:\Users\Greg\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2023-07-05]
OPR Extension: (Opera Wallet) - C:\Users\Greg\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2023-09-15]
OPR Extension: (Aria) - C:\Users\Greg\AppData\Roaming\Opera Software\Opera Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm [2023-09-25]
OPR Extension: (Dark Mode) - C:\Users\Greg\AppData\Roaming\Opera Software\Opera Stable\Extensions\jabpfojepndedlelamfloejfoopkogcf [2021-07-12]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\Greg\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-08-14]
OPR Extension: (uBlock Origin) - C:\Users\Greg\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2023-09-25]
OPR Extension: (Install Chrome Extensions) - C:\Users\Greg\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2020-01-04]
OPR Extension: (Gener8 Tabs) - C:\Users\Greg\AppData\Roaming\Opera Software\Opera Stable\Extensions\mmdjkpjlfodmimjjlpniccomookbnhlb [2021-07-02]
 
Vivaldi: 
=======
VIV DefaultProfile: Default
VIV Profile: C:\Users\Greg\AppData\Local\Vivaldi\User Data\Default [2023-09-25]
VIV DownloadDir: D:\Downloads
VIV Notifications: Default -> hxxps://meet.google.com; hxxps://web.skype.com
VIV Extension: (Phantom) - C:\Users\Greg\AppData\Local\Vivaldi\User Data\Default\Extensions\bfnaelmomeimhlpmgjnjophhpkkoljpa [2023-09-21]
VIV Extension: (AdGuard AdBlocker) - C:\Users\Greg\AppData\Local\Vivaldi\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2023-09-18]
VIV Extension: (Night Mode - for all websites) - C:\Users\Greg\AppData\Local\Vivaldi\User Data\Default\Extensions\cjjfaljaaljdjknnmhoajnmgbdcchmpp [2021-07-20]
VIV Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Greg\AppData\Local\Vivaldi\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-09-25]
VIV Extension: (Bye Rupert) - C:\Users\Greg\AppData\Local\Vivaldi\User Data\Default\Extensions\ehdikikkfbfjjemfadgggcohkjoggoof [2021-11-08]
VIV Extension: (LastPass: Free Password Manager) - C:\Users\Greg\AppData\Local\Vivaldi\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2023-09-14]
VIV Extension: (Ace Script) - C:\Users\Greg\AppData\Local\Vivaldi\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2023-09-25]
VIV Extension: (MetaMask) - C:\Users\Greg\AppData\Local\Vivaldi\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2023-09-12]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
"MpKsl4e6fdb2e" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\MpKsl4e6fdb2e => \??\C:\WINDOWS\system32\MpEngineStore\MpKslDrv.sys <==== ATTENTION (Rootkit!/Locked Service)
 
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8469592 2020-03-03] (BattlEye Innovations e.K. -> )
S3 BITS_bkp; C:\WINDOWS\System32\qmgr.dll [1481216 2023-01-19] (Microsoft Windows -> Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11817040 2023-09-16] (Microsoft Corporation -> Microsoft Corporation)
S4 Creative.VADMonitorService; C:\Program Files (x86)\Creative\Creative App\Creative.VADMonitorService.exe [38872 2023-03-30] (Creative Technology Ltd -> Creative Technology Ltd)
S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
S4 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46824 2023-09-21] (Dropbox, Inc -> Dropbox, Inc.)
S4 DDService; E:\Program Files (x86)\Drobo\Drobo Dashboard\DDService.exe [3202584 2019-11-25] (Drobo Inc -> Drobo, Inc.)
S2 dosvc_bkp; C:\WINDOWS\system32\dosvc.dll [1536000 2023-09-14] (Microsoft Windows -> Microsoft Corporation)
S4 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2019-05-04] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [17417760 2023-09-25] (EnigmaSoft Limited -> EnigmaSoft Limited)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncHelper.exe [3518480 2023-09-19] (Microsoft Corporation -> Microsoft Corporation)
R2 LaCieDesktopManagerDaemon; C:\Program Files (x86)\LaCie\LaCie Desktop Manager\LaCieDesktopManagerDaemon.exe [1149728 2016-09-13] (Seagate Technology LLC -> LaCie)
R2 NordUpdaterService; C:\Program Files\NordUpdater\NordUpdateService.exe [297848 2022-11-21] (nordvpn s.a. -> nordvpn S.A.)
S4 nordvpn-service; D:\Program Files\NordVPN\nordvpn-service.exe [254328 2022-08-03] (nordvpn s.a. -> TEFINCOM S.A.)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.180.0828.0001\OneDriveUpdaterService.exe [3855376 2023-09-19] (Microsoft Corporation -> Microsoft Corporation)
S4 postgresql-x64-9.5; C:\Program Files\PostgreSQL\9.5\bin\pg_ctl.exe [94208 2016-08-09] (PostgreSQL Global Development Group) [File not signed]
S3 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [16014768 2023-09-18] (ADLICE -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [402264 2023-09-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [2522144 2023-09-25] (EnigmaSoft Limited -> EnigmaSoft Limited)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [14811960 2022-11-09] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S2 UsoSvc_bkp; C:\WINDOWS\system32\usosvc.dll [570368 2023-09-14] (Microsoft Windows -> Microsoft Corporation)
S3 WaaSMedicSvc_bkp; C:\WINDOWS\System32\WaaSMedicSvc.dll [427520 2023-07-12] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe [3121008 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe [133688 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 wuauserv_bkp; C:\WINDOWS\system32\wuaueng.dll [3447296 2023-06-20] (Microsoft Windows -> Microsoft Corporation)
S4 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_7e5fd280efaa5445\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_7e5fd280efaa5445\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U3 698dc58d; C:\WINDOWS\System32\Drivers\698dc58d.sys [377392 2023-09-25] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
S3 atvi-brynhildr; C:\ProgramData\Battle.net_components\brynhildr_odin\brynhildr.sys [2336008 2023-07-25] (Activision Publishing Inc -> Activision Blizzard, Inc.)
S3 atvi-randgrid; C:\ProgramData\Battle.net_components\randgridauks\randgrid.sys [2986792 2023-06-20] (Activision Publishing Inc -> Activision Blizzard, Inc.)
S3 HWiNFO_161; C:\Users\Greg\AppData\Local\Temp\HWiNFO64A_161.SYS [64528 2023-09-24] (Martin Malik - REALiX -> REALiX™) <==== ATTENTION
R3 HWiNFO_180; C:\Users\Greg\AppData\Local\Temp\HWiNFO64A_180.SYS [58528 2023-09-25] (WDKTestCert martin,133281419032501408 -> REALiX™) <==== ATTENTION
U0 klupd_698dc58da_arkmon; C:\WINDOWS\System32\Drivers\klupd_698dc58da_arkmon.sys [384656 2023-09-25] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
U3 klupd_698dc58da_arkmon_3EAA902C; C:\KVRT2020_Data\Temp\3EAA902C0B5097D0258FD5FE1D8A2AA9\klupd_698dc58da_arkmon.sys [384656 2023-09-25] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
U3 klupd_698dc58da_klark; C:\WINDOWS\System32\Drivers\klupd_698dc58da_klark.sys [354640 2023-09-25] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
U0 klupd_698dc58da_klbg; C:\WINDOWS\System32\Drivers\klupd_698dc58da_klbg.sys [183120 2023-09-25] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
U3 klupd_698dc58da_mark; C:\WINDOWS\System32\Drivers\klupd_698dc58da_mark.sys [262712 2023-09-25] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 KsUSBa64; C:\WINDOWS\system32\drivers\ksUSBa64.sys [1750032 2022-04-11] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
R2 NDivert; D:\Program Files\NordVPN\7.4.7.0\Drivers\NDivert.sys [131472 2022-06-28] (nordvpn s.a. -> Nordvpn S.A.)
R1 nordlwf; C:\WINDOWS\system32\DRIVERS\nordlwf.sys [44928 2021-06-09] (nordvpn s.a. -> TEFINCOM S.A.)
R3 NvModuleTracker; C:\WINDOWS\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2022-07-14] (Nvidia Corporation -> NVIDIA Corporation)
U5 PROCMON24; C:\Windows\System32\Drivers\PROCMON24.sys [80296 2023-09-25] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals - www.sysinternals.com)
S3 scaudio; C:\WINDOWS\system32\DRIVERS\scaudio.sys [54792 2020-06-04] (Brandmeister LLC -> )
S3 SnapCameraVirtualDevice; C:\WINDOWS\System32\drivers\SnapCameraVirtualDevice.sys [2800232 2020-03-21] (Snap Inc. -> Windows ® Win 7 DDK provider)
S3 sparkocam; C:\WINDOWS\system32\DRIVERS\sparkocam.sys [37712 2018-03-17] (Sparkosoft Inc -> Sparkosoft)
S3 sparkocammic; C:\WINDOWS\system32\drivers\sparkocammic.sys [34640 2018-01-10] (Sparkosoft Inc -> Sparkosoft)
S3 splitcam_hd_driver; C:\WINDOWS\system32\DRIVERS\splitcam_hd_driver.sys [38000 2020-04-18] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
R2 SSGDIO; C:\Windows\SysWOW64\DRIVERS\ssgdio64.sys [14608 2020-11-11] (ATI Technologies, Inc -> ATI Technologies Inc.)
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [49744 2021-06-13] (nordvpn s.a. -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55872 2023-08-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [574872 2023-08-30] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105864 2023-08-30] (Microsoft Windows -> Microsoft Corporation)
S3 wintun; C:\WINDOWS\System32\drivers\wintun.sys [29592 2022-08-29] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-09-25 14:59 - 2023-09-25 15:40 - 000000000 ____D C:\FRST
2023-09-25 11:37 - 2023-09-25 11:37 - 000003790 _____ C:\WINDOWS\system32\Tasks\VivaldiUpdateCheck-7a68811dd27bdea0
2023-09-25 11:26 - 2023-09-25 11:26 - 000003612 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA{9DA87E08-AFAD-4AC8-9DDF-45333A759492}
2023-09-25 11:26 - 2023-09-25 11:26 - 000003488 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore{44333C0F-60F4-48AE-834F-82DC00B41A30}
2023-09-25 10:24 - 2023-09-25 11:24 - 000053696 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2023-09-25 10:24 - 2023-09-25 11:17 - 000000000 ____D C:\ProgramData\RogueKiller
2023-09-25 10:24 - 2023-09-25 10:24 - 000000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2023-09-25 10:24 - 2023-09-25 10:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2023-09-25 10:24 - 2023-09-25 10:24 - 000000000 ____D C:\Program Files\RogueKiller
2023-09-25 09:21 - 2023-09-25 09:21 - 000002399 _____ C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-09-25 09:08 - 2023-09-25 09:08 - 000001079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyHunter5.lnk
2023-09-25 09:08 - 2023-09-25 09:08 - 000001055 _____ C:\Users\Public\Desktop\SpyHunter5.lnk
2023-09-25 09:08 - 2023-09-25 09:08 - 000000000 ____D C:\sh5ldr
2023-09-25 09:08 - 2023-09-25 09:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft
2023-09-25 09:08 - 2023-09-25 09:08 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited
2023-09-25 09:08 - 2023-09-25 09:08 - 000000000 ____D C:\Program Files\EnigmaSoft
2023-09-25 00:49 - 2023-09-25 11:24 - 112197632 _____ C:\WINDOWS\system32\config\SOFTWARE
2023-09-25 00:42 - 2023-09-25 00:49 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2023-09-24 23:53 - 2023-09-25 11:29 - 000000000 ____D C:\KVRT2020_Data
2023-09-24 23:01 - 2023-09-24 23:01 - 000002698 _____ C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Edge WebView2 Runtime.lnk
2023-09-24 22:34 - 2023-09-24 22:34 - 000000000 ____D C:\Program Files\HitmanPro
2023-09-24 22:31 - 2023-09-24 22:34 - 000000000 ____D C:\ProgramData\HitmanPro
2023-09-24 16:32 - 2023-09-24 16:32 - 000001381 _____ C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2023-09-24 16:32 - 2023-09-24 16:32 - 000001275 _____ C:\Users\Greg\Desktop\ESET Online Scanner.lnk
2023-09-24 16:32 - 2023-09-24 16:32 - 000000000 ____D C:\Users\Greg\AppData\Local\ESET
2023-09-24 16:22 - 2023-09-24 16:22 - 000000000 ____D C:\Users\Greg\AppData\Local\mbam
2023-09-24 16:14 - 2023-09-25 14:37 - 000003494 _____ C:\Users\Greg\Desktop\Rkill.txt
2023-09-24 16:14 - 2023-09-25 14:36 - 000000000 ____D C:\Users\Greg\Desktop\rkill
2023-09-24 15:35 - 2023-09-24 15:35 - 000000000 ____D C:\Users\Greg\AppData\Local\ToastNotificationManagerCompat
2023-09-24 15:34 - 2023-09-24 15:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2023-09-24 13:00 - 2023-09-24 13:00 - 000001085 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lightroom Classic.lnk
2023-09-24 12:41 - 2023-09-24 12:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2023-09-23 17:05 - 2023-09-23 17:05 - 000000000 ____D C:\Program Files\Adobemain
2023-09-22 12:07 - 2023-09-25 14:55 - 000000000 ____D C:\Users\Greg\Cisco Packet Tracer 8.2.1
2023-09-22 12:07 - 2023-09-25 13:01 - 000000174 _____ C:\Users\Greg\.packettracer
2023-09-22 12:07 - 2023-09-22 12:07 - 000000000 ____D C:\Users\Greg\AppData\Local\Cisco Packet Tracer
2023-09-22 12:07 - 2023-09-22 12:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Packet Tracer
2023-09-22 12:06 - 2023-09-22 12:07 - 000000000 ____D C:\Program Files\Cisco Packet Tracer 8.2.1
2023-09-21 15:50 - 2023-09-21 15:50 - 000001883 _____ C:\Users\Public\Desktop\Insta360 Studio 2023.lnk
2023-09-21 15:50 - 2023-09-21 15:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Insta360 Studio 2023
2023-09-21 15:49 - 2023-09-21 15:49 - 000000000 ____D C:\Program Files\Common Files\insta360
2023-09-21 12:17 - 2023-09-25 09:46 - 000001994 _____ C:\Users\Greg\Desktop\DaVinci Resolve.lnk
2023-09-21 12:16 - 2023-09-21 12:17 - 000000000 ____D C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blackmagic Design
2023-09-17 20:24 - 2023-09-17 20:29 - 000000000 ____D C:\Program Files\Sublime Text
2023-09-16 14:42 - 2023-03-31 16:39 - 000195544 _____ (Creative Technology Ltd) C:\WINDOWS\system32\CTOPT352.dll
2023-09-16 14:42 - 2023-03-31 16:37 - 000099792 _____ (Creative Technology Ltd) C:\WINDOWS\system32\CTOPT399.dll
2023-09-14 19:12 - 2023-09-14 19:12 - 000000000 ___HD C:\$WinREAgent
2023-09-14 10:26 - 2023-09-19 10:10 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2023-09-14 10:21 - 2023-09-19 10:10 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-09-14 10:21 - 2023-09-14 10:21 - 000000000 ___RD C:\Users\postgres\OneDrive
2023-09-14 10:21 - 2023-09-14 10:21 - 000000000 ___RD C:\Users\Mum\OneDrive
2023-09-14 10:21 - 2023-09-14 10:21 - 000000000 ___RD C:\Users\Default\OneDrive
2023-09-14 10:21 - 2023-09-14 10:21 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2023-09-14 10:21 - 2023-09-14 10:21 - 000000000 ____D C:\Program Files (x86)\Teams Installer
2023-09-14 10:20 - 2023-09-14 10:20 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2023-09-14 10:20 - 2023-09-14 10:20 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2023-09-14 10:20 - 2023-09-14 10:20 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2023-09-14 10:20 - 2023-09-14 10:20 - 000002414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2023-09-14 10:20 - 2023-09-14 10:20 - 000002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2023-09-14 10:20 - 2023-09-14 10:20 - 000002407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2023-09-14 10:20 - 2023-09-14 10:20 - 000002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2023-09-14 10:20 - 2023-09-14 10:20 - 000002393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2023-09-14 10:20 - 2023-09-14 10:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2023-09-14 10:16 - 2023-09-16 16:08 - 000000000 ____D C:\Program Files\Microsoft Office
2023-09-14 10:16 - 2023-09-14 10:16 - 000000000 ____D C:\Program Files\Microsoft Office 15
2023-08-30 22:57 - 2023-08-30 22:57 - 013185174 _____ C:\Users\Greg\Documents\OneDrive-2023-08-30.zip
2023-08-30 22:57 - 2023-08-30 22:57 - 000000000 ____D C:\Users\Greg\Documents\OneDrive-2023-08-30
2023-08-28 21:22 - 2023-08-28 21:22 - 000000000 ____D C:\Users\Greg\AppData\LocalLow\Global Conflagration Team
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-09-25 15:40 - 2019-01-28 20:33 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-09-25 15:30 - 2019-01-27 22:17 - 000000000 ____D C:\Users\Greg\AppData\Roaming\Notepad++
2023-09-25 15:16 - 2020-05-11 15:25 - 000000000 ____D C:\Users\Greg\AppData\Roaming\Microsoft\MMC
2023-09-25 15:10 - 2023-02-12 17:05 - 000000000 ____D C:\Program Files\Maxon Cinema 4D 2023
2023-09-25 15:07 - 2019-04-07 16:58 - 000000000 ____D C:\Users\Public\Documents\Adobe
2023-09-25 15:07 - 2019-04-07 16:55 - 000000000 ____D C:\Program Files\Common Files\Adobe
2023-09-25 15:07 - 2019-04-01 22:40 - 000000000 ____D C:\Program Files\Adobe
2023-09-25 15:06 - 2019-01-27 22:16 - 000000000 ____D C:\ProgramData\Adobe
2023-09-25 14:42 - 2019-05-02 00:33 - 867057664 _____ C:\Users\Greg\AppData\Local\SageThumbs.db3
2023-09-25 13:26 - 2022-11-16 23:59 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-09-25 13:26 - 2020-03-30 22:31 - 000000527 _____ C:\Users\Greg\.vivaldi_reporting_data
2023-09-25 12:58 - 2019-01-28 20:32 - 177941912 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-09-25 12:45 - 2023-06-20 09:41 - 000000000 ____D C:\Log
2023-09-25 11:31 - 2022-11-17 00:09 - 000840606 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-09-25 11:31 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2023-09-25 11:25 - 2021-02-25 15:18 - 000000000 ____D C:\Users\Greg\AppData\Local\Spotify
2023-09-25 11:24 - 2022-11-17 00:03 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-09-25 11:24 - 2022-11-16 23:59 - 000866688 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-09-25 11:24 - 2022-11-16 23:59 - 000008192 ___SH C:\DumpStack.log.tmp
2023-09-25 11:24 - 2021-02-25 15:17 - 000000000 ____D C:\Users\Greg\AppData\Roaming\Spotify
2023-09-25 11:24 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-09-25 11:24 - 2019-12-07 10:03 - 000065536 _____ C:\WINDOWS\system32\config\BBI
2023-09-25 10:02 - 2020-12-21 18:28 - 000000000 ____D C:\Users\Greg\AppData\Local\D3DSCache
2023-09-25 09:51 - 2020-03-19 11:43 - 000000000 ____D C:\Users\Greg\AppData\Roaming\Microsoft\Teams
2023-09-25 09:36 - 2019-05-12 23:06 - 000007614 _____ C:\Users\Greg\AppData\Local\Resmon.ResmonCfg
2023-09-25 09:16 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-09-25 09:09 - 2022-11-16 23:36 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-09-25 09:06 - 2022-11-17 00:00 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-09-25 09:06 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-09-25 09:04 - 2019-12-07 10:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2023-09-24 23:58 - 2022-02-11 00:55 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-09-24 23:57 - 2019-05-07 21:39 - 000000000 ____D C:\Users\Greg\AppData\Roaming\.ACEStream
2023-09-24 23:01 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2023-09-24 23:01 - 2019-01-27 22:16 - 000000000 ____D C:\Users\Greg\AppData\Local\Adobe
2023-09-24 19:53 - 2022-01-24 23:00 - 000000000 ____D C:\Users\Greg\AppData\Local\waifu-updater
2023-09-24 15:35 - 2022-03-01 12:04 - 000000000 ____D C:\Users\Greg\AppData\Local\NordVPN
2023-09-24 15:35 - 2019-01-27 22:06 - 000000000 ___SD C:\Users\Greg\AppData\Roaming\Microsoft\Credentials
2023-09-24 15:34 - 2020-07-07 08:42 - 000000000 ____D C:\Users\Greg\AppData\Local\Dropbox
2023-09-24 15:34 - 2020-07-07 08:42 - 000000000 ____D C:\Program Files (x86)\Dropbox
2023-09-24 15:33 - 2022-03-02 14:10 - 000000000 ____D C:\Program Files\NordUpdater
2023-09-24 15:33 - 2022-03-01 12:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordSec
2023-09-24 15:31 - 2019-05-11 11:39 - 000000000 ____D C:\Program Files (x86)\Google
2023-09-24 14:17 - 2020-12-21 16:35 - 000000000 ____D C:\ProgramData\NVIDIA
2023-09-24 14:16 - 2020-11-17 00:20 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2023-09-24 14:16 - 2019-04-15 23:45 - 000000000 ____D C:\Users\Greg\AppData\Roaming\WTablet
2023-09-24 13:45 - 2019-04-01 22:52 - 000000000 ____D C:\Users\Greg\AppData\Roaming\qBittorrent
2023-09-24 13:06 - 2019-03-03 21:12 - 000000000 ____D C:\Users\Greg\AppData\Local\CrashDumps
2023-09-24 13:05 - 2019-04-05 15:53 - 000000000 ____D C:\Users\Greg\AppData\LocalLow\Adobe
2023-09-24 12:59 - 2019-01-27 22:06 - 000000000 ____D C:\Users\Greg\AppData\Roaming\Adobe
2023-09-24 12:34 - 2023-07-29 20:07 - 000002301 _____ C:\Users\Greg\Desktop\Stremio.lnk
2023-09-23 21:36 - 2019-01-27 22:16 - 000000000 ____D C:\Program Files\Opera
2023-09-23 15:02 - 2020-02-07 21:12 - 000000000 ____D C:\Users\Greg\AppData\Roaming\vlc
2023-09-23 14:41 - 2020-10-27 13:14 - 000000000 ____D C:\Users\Greg\AppData\Roaming\ImageGlass
2023-09-23 12:05 - 2020-03-30 22:31 - 000002206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2023-09-23 12:05 - 2020-03-30 22:31 - 000000000 ____D C:\Program Files\Vivaldi
2023-09-22 14:07 - 2020-01-02 00:48 - 000000000 ____D C:\Users\Greg\AppData\Roaming\Microsoft\Word
2023-09-22 13:49 - 2019-01-27 22:06 - 000000000 ____D C:\Users\Greg\AppData\Local\Packages
2023-09-22 12:07 - 2022-11-16 23:38 - 000000000 ____D C:\Users\Greg
2023-09-21 23:18 - 2020-03-13 20:29 - 000000000 ____D C:\Users\Greg\AppData\Local\Battle.net
2023-09-21 22:59 - 2020-03-13 20:28 - 000000000 ____D C:\Program Files (x86)\Battle.net
2023-09-21 15:50 - 2023-08-04 15:18 - 000000000 ____D C:\Program Files\Insta360 Studio 2023
2023-09-21 13:51 - 2023-07-11 02:17 - 000046824 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2023-09-21 10:06 - 2019-01-27 22:16 - 000001113 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera browser.lnk
2023-09-17 20:29 - 2022-03-23 10:47 - 000000000 ____D C:\Users\Greg\AppData\Local\Sublime Text
2023-09-17 20:20 - 2019-01-27 22:17 - 000001104 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2023-09-17 11:56 - 2019-01-27 22:16 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-09-17 11:56 - 2019-01-27 22:16 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-09-17 00:41 - 2019-01-27 22:19 - 000000000 ____D C:\Users\Greg\AppData\Roaming\Discord
2023-09-17 00:14 - 2019-01-27 22:18 - 000000000 ____D C:\Users\Greg\AppData\Local\Discord
2023-09-16 18:17 - 2021-01-25 12:03 - 000001129 _____ C:\Users\Greg\Desktop\Telegram - Shortcut (2).lnk
2023-09-16 16:14 - 2019-01-27 22:19 - 000002226 _____ C:\Users\Greg\Desktop\Discord.lnk
2023-09-16 14:45 - 2019-01-27 22:16 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-09-16 14:43 - 2019-01-27 22:06 - 000000000 ____D C:\ProgramData\Package Cache
2023-09-16 14:42 - 2022-06-08 22:56 - 000001275 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative App.lnk
2023-09-16 14:42 - 2022-06-08 22:56 - 000001263 _____ C:\Users\Public\Desktop\Creative App.lnk
2023-09-15 19:48 - 2020-03-14 14:55 - 000000000 ____D C:\Program Files (x86)\Call of Duty Modern Warfare
2023-09-15 14:43 - 2019-05-27 23:01 - 000000000 ____D C:\Users\Greg\AppData\Roaming\Microsoft\Office
2023-09-15 00:15 - 2019-12-07 10:51 - 000000000 ___SD C:\WINDOWS\system32\AppV
2023-09-15 00:15 - 2019-12-07 10:51 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2023-09-15 00:15 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2023-09-15 00:15 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-09-15 00:15 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-09-15 00:15 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2023-09-15 00:15 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-09-15 00:15 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-09-15 00:15 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2023-09-15 00:15 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2023-09-15 00:15 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2023-09-15 00:15 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-09-14 19:21 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-09-14 19:18 - 2022-11-17 00:02 - 003014144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-09-14 12:01 - 2019-05-27 23:01 - 000000000 ____D C:\Users\Greg\AppData\Roaming\Microsoft\Excel
2023-09-14 10:21 - 2022-11-16 23:38 - 000000000 ____D C:\Users\postgres
2023-09-14 10:21 - 2022-11-16 23:38 - 000000000 ____D C:\Users\Mum
2023-09-14 10:21 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2023-09-12 20:52 - 2019-05-11 11:39 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-09-10 23:06 - 2020-07-20 22:23 - 000002434 _____ C:\Users\Greg\Desktop\Greg - Chrome.lnk
2023-09-05 19:43 - 2022-11-14 20:47 - 000000000 ____D C:\Program Files (x86)\Call of Duty
2023-09-01 16:32 - 2020-03-19 11:43 - 000002355 _____ C:\Users\Greg\Desktop\Microsoft Teams.lnk
2023-08-30 12:37 - 2019-01-27 21:59 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
 
==================== Files in the root of some directories ========
 
2020-11-27 12:20 - 2021-07-09 09:32 - 000000028 _____ () C:\Users\Greg\AppData\Roaming\kulerdata.json
2020-10-04 16:18 - 2021-06-08 22:19 - 000000016 _____ () C:\Users\Greg\AppData\Roaming\obs-virtualcam.txt
2019-12-30 13:46 - 2019-12-30 13:46 - 000000128 _____ () C:\Users\Greg\AppData\Roaming\PUTTY.RND
2020-07-28 21:48 - 2022-08-17 13:13 - 000001456 _____ () C:\Users\Greg\AppData\Local\Adobe Save for Web 13.0 Prefs
2019-04-01 22:14 - 2023-06-22 21:32 - 000001435 _____ () C:\Users\Greg\AppData\Local\oobelibMkey.log
2019-12-30 13:23 - 2023-08-21 16:02 - 000000456 _____ () C:\Users\Greg\AppData\Local\PUTTY.RND
2019-05-12 23:06 - 2023-09-25 09:36 - 000007614 _____ () C:\Users\Greg\AppData\Local\Resmon.ResmonCfg
2019-05-02 00:33 - 2023-09-25 14:42 - 867057664 _____ () C:\Users\Greg\AppData\Local\SageThumbs.db3
2020-11-12 23:31 - 2020-11-12 23:31 - 000002127 _____ () C:\Users\Greg\AppData\Local\TempGameCenter.main.log
2023-08-04 15:19 - 2023-09-21 15:37 - 000009506 _____ () C:\Users\Greg\AppData\Local\thumbnail.log
2019-07-13 17:33 - 2019-07-13 17:33 - 000000003 _____ () C:\Users\Greg\AppData\Local\updater.log
2019-07-13 17:33 - 2022-03-05 18:56 - 000000424 _____ () C:\Users\Greg\AppData\Local\UserProducts.xml
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-09-2023
Ran by Greg (25-09-2023 15:41:46)
Running from D:\Downloads\scoped_dir10624_306559415
Microsoft Windows 10 Enterprise LTSC Version 21H2 19044.3448 (X64) (2022-11-16 23:03:49)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-2743476253-3818321080-4174246603-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2743476253-3818321080-4174246603-503 - Limited - Disabled)
Greg (S-1-5-21-2743476253-3818321080-4174246603-1001 - Administrator - Enabled) => C:\Users\Greg
Guest (S-1-5-21-2743476253-3818321080-4174246603-501 - Limited - Disabled)
Mum (S-1-5-21-2743476253-3818321080-4174246603-1002 - Limited - Enabled) => C:\Users\Mum
postgres (S-1-5-21-2743476253-3818321080-4174246603-1003 - Limited - Enabled) => C:\Users\postgres
WDAGUtilityAccount (S-1-5-21-2743476253-3818321080-4174246603-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 18.06 (x64) (HKLM\...\7-Zip) (Version: 18.06 - Igor Pavlov)
ABViewer 14 (HKLM-x32\...\ABViewer 14_is1) (Version: 14.1.0.126 - CADSoftTools ®.)
Ace Stream Media 3.1.32 (HKU\S-1-5-21-2743476253-3818321080-4174246603-1001\...\AceStream) (Version: 3.1.32 - Ace Stream Media) <==== ATTENTION
Adobe AIR (HKLM-x32\...\{10E33ABF-D7FB-4F47-900A-7973854AB45A}) (Version: 32.0.0.89 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 32.0.0.89 - Adobe Systems Incorporated)
Adobe Lightroom Classic (HKLM-x32\...\LTRM_12_5) (Version: 12.5 - Adobe Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bing Wallpaper (HKLM-x32\...\{243BC890-C6FB-42B3-8036-75B1CCA94D59}) (Version: 2.0.0.4 - Microsoft Corporation)
Blackmagic RAW (HKLM\...\{C1CB4B9E-4AF5-40F2-804E-BC8497E46B78}) (Version: 1.6.1 - Blackmagic Design)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bulk Rename Utility 3.3.2.1 (64-bit) (HKLM\...\Bulk Rename Utility Installation_is1) (Version:  - TGRMN Software)
Call of Duty (HKLM-x32\...\Call of Duty) (Version:  - Blizzard Entertainment)
Call of Duty Modern Warfare (HKLM-x32\...\Call of Duty Modern Warfare) (Version:  - Blizzard Entertainment)
Cisco Packet Tracer 8.2.1 64Bit (HKLM\...\Cisco Packet Tracer 8.2.1 64Bit_is1) (Version: 8.2.1.118 - Cisco Systems, Inc.)
Cisco Webex Meetings (HKU\S-1-5-21-2743476253-3818321080-4174246603-1001\...\ActiveTouchMeetingClient) (Version: 43.8.0 - Cisco Webex LLC)
Combined Community Codec Pack 64bit 2015-10-18 (HKLM\...\Combined Community Codec Pack 64bit_is1) (Version: 2015.10.19.0 - CCCP Project)
CPUID CPU-Z 1.93 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.93 - CPUID, Inc.)
Creative App version 1.15.08.00 (HKLM-x32\...\Creative App_is1) (Version: 1.15.08.00 - Creative Technology Ltd.)
Creative Sound Blaster USB Audio Drivers (HKLM-x32\...\KSUSBAudio_is1) (Version: 1.1.01.07 - Creative Technology Ltd.)
Creative Sound Blaster USB Audio Drivers Installer (HKLM-x32\...\CtKsUSBDrvInst_is1) (Version: 1.0.03.02 - Creative Technology Ltd.)
Creative USB Native ASIO (HKLM-x32\...\CtUsAsio_is1) (Version: 1.0.00.00 - Creative Technology Ltd.)
DaVinci Resolve (HKLM\...\{DA11EF97-B41D-4B99-83A2-1AEA95688915}) (Version: 18.6.00009 - Blackmagic Design)
DaVinci Resolve Control Panels (HKLM\...\{D1ACF467-9FB4-45DA-942F-A19452E70A3F}) (Version: 2.0.7.0 - Blackmagic Design)
DaVinci Resolve Keyboards (HKLM\...\{04F776FB-37A2-4116-84F2-6CF3D731999D}) (Version: 1.0.0.0 - Blackmagic Design)
Dell Display Manager (HKLM-x32\...\{AC50C05D-9D57-40F5-B2EF-AC402F14312B}_is1) (Version: 1.53.2065 - EnTech Taiwan)
Discord (HKU\S-1-5-21-2743476253-3818321080-4174246603-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Dogecoin Core (64-bit) (HKU\S-1-5-21-2743476253-3818321080-4174246603-1001\...\Dogecoin Core (64-bit)) (Version: 1.14.2 - Dogecoin Core project)
Dolby Digital Live Pack version 5.02.01 (HKLM-x32\...\DDLMaster_is1) (Version: 5.02.01 - Creative Technology Ltd.)
Drobo Dashboard (HKLM-x32\...\{863885B3-7C05-421C-8817-568712778745}) (Version: 3.5.0 - Drobo)
Dropbox (HKLM-x32\...\Dropbox) (Version: 183.4.7058 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.817.1 - Dropbox, Inc.) Hidden
DTS Connect Pack version 3.02.01 (HKLM-x32\...\DTSMaster_is1) (Version: 3.02.01 - Creative Technology Ltd.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
f.lux (HKU\S-1-5-21-2743476253-3818321080-4174246603-1001\...\Flux) (Version: 4.124 - f.lux Software LLC)
Fairlight Audio Accelerator Utility (HKLM\...\FairlightAudioAccelerator_is1) (Version: 1.0.13 - Blackmagic Design)
Fairlight Studio Utility (HKLM\...\{99BCB768-4C60-4944-9E69-DA8808F98661}) (Version: 1.3.0.0 - Blackmagic Design)
FileZilla 3.62.0 (HKLM-x32\...\FileZilla Client) (Version: 3.62.0 - Tim Kosse)
Git (HKLM\...\Git_is1) (Version: 2.39.2 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 116.0.5845.188 - Google LLC)
GV Codec Option (x64) (HKLM\...\{7FDC899F-74E4-40E4-B46C-C3508F274A13}) (Version: 8.5.0.1927 - Grass Valley K.K.) Hidden
GV Codec Option (x86) (HKLM-x32\...\{6B2D7B2A-C9FD-4E83-8005-80D0DC6F102E}) (Version: 8.5.0.1927 - Grass Valley K.K.) Hidden
GV Codec Option 8.50 (HKLM-x32\...\{966f52a8-e272-483f-b356-c1828b413334}) (Version: 8.5.0.1927 - Grass Valley K.K.)
HFSExplorer 2020.9.17 (HKLM-x32\...\HFSExplorer) (Version: 2020.9.17 - Catacombae Software)
HWiNFO64 Version 6.40 (HKLM\...\HWiNFO64_is1) (Version: 6.40 - Martin Malik - REALiX)
ImageGlass (HKLM\...\{15872342-C9E9-4C65-9586-35B4EFDB806B}) (Version: 8.6.7.13 - Duong Dieu Phap)
Imaging Edge Desktop (HKLM\...\{E69C20BB-A477-47A9-8DCF-A70D28D4558A}) (Version: 1.1.00.05260 - Sony Corporation)
Imaging Edge Desktop (Remote/Viewer/Edit) (HKLM\...\{65DC15EB-A98D-44B1-A68B-7CAC75347FA7}) (Version: 3.3.02.03110 - Sony Corporation)
Insta360 Studio 2023 version 4.8.10 (HKLM\...\{78E34D33-E6EF-442B-A808-2351211989E2}}_is1) (Version: 4.8.10 - Arashi Vision Inc.)
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Java 8 Update 201 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
Java 8 Update 201 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
JDownloader 2 (HKLM-x32\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
K-Lite Codec Pack 14.6.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.6.5 - KLCP)
LaCie Desktop Manager 2.9.1 (HKLM-x32\...\{3845209F-142E-4F48-B61A-AA34D2DB54BB}_is1) (Version: 2.9.1 - LaCie)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lightshot-5.5.0.7 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.5.0.7 - Skillbrains)
LINE (HKU\S-1-5-21-2743476253-3818321080-4174246603-1001\...\LINE) (Version: 7.0.0.2546 - LINE Corporation)
Magic Bullet Suite (HKLM\...\Magic Bullet Suite v15.1.0) (Version:  - Maxon Computer GmbH)
Magic Bullet Suite (HKLM\...\Magic Bullet Suite v2023.0.0) (Version:  - Maxon Computer GmbH)
MediaInfo 22.03 (HKLM\...\MediaInfo) (Version: 22.03 - MediaArea.net)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft 365 Apps for business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 16.0.16731.20234 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 117.0.2045.41 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 117.0.2045.36 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 23.180.0828.0001 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2743476253-3818321080-4174246603-1001\...\Teams) (Version: 1.5.00.31168 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31326 (HKLM-x32\...\{2d507699-404c-4c8b-a54a-38e352f32cdd}) (Version: 14.32.31326.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.34.31938 (HKLM-x32\...\{4f84f2dc-3f70-433a-8f50-8293e0089b0f}) (Version: 14.34.31938.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31326 (HKLM\...\{38624EB5-356D-4B08-8357-C33D89A5C0C5}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31326 (HKLM\...\{C96241EA-9900-4FE8-85B3-1E238D509DF6}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.34.31938 (HKLM-x32\...\{080D8397-60F4-44B3-BB95-FBB950CB0B4E}) (Version: 14.34.31938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.34.31938 (HKLM-x32\...\{8DE5B0D4-A6D8-4F72-B8EF-28776A2EE5D5}) (Version: 14.34.31938 - Microsoft Corporation) Hidden
Mister Horse Product Manager (HKLM\...\Mister Horse Product Manager_is1) (Version: 2.0.3 - )
Motion Array Plug-ins for Premiere Pro (HKLM\...\{D155A937-50C3-491E-A3EF-A810D142A40C}) (Version: 1.11.1 - Motion Array)
Mozilla Firefox (x64 en-GB) (HKLM\...\Mozilla Firefox 117.0.1 (x64 en-GB)) (Version: 117.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0.2 - Mozilla)
Nault 1.18.0 (HKU\S-1-5-21-2743476253-3818321080-4174246603-1001\...\c4a8d9de-c9fb-5a90-860f-ed2abaa50f25) (Version: 1.18.0 - The Nano Community / Andrew Steele)
Node.js (HKLM\...\{69F2C81E-00B8-4BD8-AAAB-2DCB9E2686BD}) (Version: 16.15.0 - Node.js Foundation)
NordUpdater (HKLM\...\{6E35DB82-3D19-4DD6-B8CB-F082815FDE18}_is1) (Version: 1.4.0.132 - Nord Security)
NordVPN (HKLM\...\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 7.13.3.0 - Nord Security)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
NotEnoughAV1Encodes version 2.0.1 (HKLM-x32\...\{2C67746E-25DC-4BB5-8D79-EC69C846449C}_is1) (Version: 2.0.1 - Alkl58)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 8.5.7 - Notepad++ Team)
NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.27.0.112 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.27.0.112 - NVIDIA Corporation)
NVIDIA Graphics Driver 536.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 536.23 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 24.0.3 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.7 (HKLM-x32\...\{B72360E4-C272-4A85-84AC-22E8C603095C}) (Version: 4.17.9800 - Apache Software Foundation)
Opera Stable 102.0.4880.56 (HKLM-x32\...\Opera 102.0.4880.56) (Version: 102.0.4880.56 - Opera Software)
Poedit (HKLM-x32\...\{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1) (Version: 2.4.2 - Vaclav Slavik)
PostgreSQL 9.5  (HKLM\...\PostgreSQL 9.5) (Version: 9.5 - PostgreSQL Global Development Group)
proDAD Mercalli NLE 4.0 (64bit) (HKLM\...\proDAD-MercalliPlugins-4.0) (Version: 4.0.487.1 - proDAD GmbH)
PuTTY release 0.78 (64-bit) (HKLM\...\{4EEF2644-700F-46F8-9655-915145248986}) (Version: 0.78.0.0 - Simon Tatham)
Python 3.10.6 (64-bit) (HKU\S-1-5-21-2743476253-3818321080-4174246603-1001\...\{1fab56ed-b241-47a3-9abc-d51dc01b8dff}) (Version: 3.10.6150.0 - Python Software Foundation)
Python 3.10.6 Core Interpreter (64-bit) (HKLM\...\{C91F8E4B-F9C1-4FD1-BCF3-4A91CDAD4B72}) (Version: 3.10.6150.0 - Python Software Foundation) Hidden
Python 3.10.6 Development Libraries (64-bit) (HKLM\...\{07CDAC2C-737C-4D8A-AF42-6BCE111699AE}) (Version: 3.10.6150.0 - Python Software Foundation) Hidden
Python 3.10.6 Documentation (64-bit) (HKLM\...\{4306E3B9-B285-4747-B84D-9FAF08AA412D}) (Version: 3.10.6150.0 - Python Software Foundation) Hidden
Python 3.10.6 Executables (64-bit) (HKLM\...\{750538B5-3E77-4F94-A64A-D3F09E608CA2}) (Version: 3.10.6150.0 - Python Software Foundation) Hidden
Python 3.10.6 pip Bootstrap (64-bit) (HKLM\...\{3983F17E-1088-46F9-BB00-53B888FF3835}) (Version: 3.10.6150.0 - Python Software Foundation) Hidden
Python 3.10.6 Standard Library (64-bit) (HKLM\...\{C3A057F3-209B-4244-9697-D69031B81AAB}) (Version: 3.10.6150.0 - Python Software Foundation) Hidden
Python 3.10.6 Tcl/Tk Support (64-bit) (HKLM\...\{A551B92B-102D-45DC-8050-5CE10DE81CD0}) (Version: 3.10.6150.0 - Python Software Foundation) Hidden
Python 3.10.6 Test Suite (64-bit) (HKLM\...\{1204E654-144E-4FBA-ACA0-558F6E54FC5A}) (Version: 3.10.6150.0 - Python Software Foundation) Hidden
Python 3.10.6 Utility Scripts (64-bit) (HKLM\...\{1D60E386-848D-45D1-BB0A-7E26A3E32011}) (Version: 3.10.6150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{463B0974-B1E1-401E-8F59-B0F9F81258E4}) (Version: 3.10.7581.0 - Python Software Foundation)
qBittorrent (HKLM-x32\...\qBittorrent) (Version: 4.5.5 - The qBittorrent project)
RogueKiller version 15.12.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.12.1.0 - Adlice Software)
SageThumbs 2.0.0.23 (HKLM\...\SageThumbs) (Version: 2.0.0.23 - Cherubic Software)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Sound Blaster Command version 3.4.98.00 (HKLM-x32\...\Sound Blaster Command_is1) (Version: 3.4.98.00 - Creative Technology Ltd.)
Spark AR Studio (HKLM\...\{90A342C4-57EC-4696-8CD1-31F42E04208A}) (Version: 80.0.19 - Facebook Inc.)
Spotify (HKU\S-1-5-21-2743476253-3818321080-4174246603-1001\...\Spotify) (Version: 1.2.20.1218.g02aff7a4 - Spotify AB)
SpyHunter 5 (HKLM-x32\...\SpyHunter5) (Version: 5.15.11.315 - EnigmaSoft Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stremio (HKU\S-1-5-21-2743476253-3818321080-4174246603-1001\...\Stremio) (Version: 4.4.160 - Smart Code Ltd)
Sublime Text (HKLM\...\Sublime Text_is1) (Version:  - Sublime HQ Pty Ltd)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.6.0.18681 - Microsoft Corporation)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.35.9 - TeamViewer)
Transfusion - Style Transfer Suite version 1.6.1 (HKLM-x32\...\Transfusion - Style Transfer Suite_is1) (Version: 1.6.1 - Transfusion.AI S.E.N.C.)
Vivaldi (HKLM-x32\...\Vivaldi) (Version: 6.2.3105.51 - Vivaldi Technologies AS.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.18 - VideoLAN)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.42-2 - Wacom Technology Corp.)
Webex (HKLM\...\{526B4770-0C31-5418-A322-8478E9227F52}) (Version: 43.7.0.26612 - Cisco Systems, Inc)
WebM for Premiere (HKLM\...\{7BCAE84F-ACE9-4089-87BB-75B914551743}) (Version: 1.0.0 - fnord software)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.19041.2183 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-2743476253-3818321080-4174246603-1001\...\ZoomUMX) (Version: 5.14.11 (17466) - Zoom Video Communications, Inc.)
 
Packages:
=========
AV1 Video Extension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.61781.0_x64__8wekyb3d8bbwe [2023-07-12] (Microsoft Corporation)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-03-10] (NVIDIA Corp.)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2743476253-3818321080-4174246603-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Greg\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22272.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2743476253-3818321080-4174246603-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-2743476253-3818321080-4174246603-1001_Classes\CLSID\{4e6f7264-5650-4e00-0000-000000000000}\localserver32 -> D:\Program Files\NordVPN\NordVPN.exe (nordvpn s.a. -> TEFINCOM S.A.)
CustomCLSID: HKU\S-1-5-21-2743476253-3818321080-4174246603-1001_Classes\CLSID\{a3d7e084-b0df-4d14-8e0a-27a572a6332c}\localserver32 -> E:\Program Files\Sony\Imaging Edge Desktop\ied.exe (Sony Corporation -> Sony)
CustomCLSID: HKU\S-1-5-21-2743476253-3818321080-4174246603-1001_Classes\CLSID\{BEA218D2-6950-497B-9434-61683EC065FE}\InprocServer32 -> C:\Users\Greg\AppData\Local\Programs\Python\Launcher\pyshellext.amd64.dll (Python Software Foundation -> Python Software Foundation)
CustomCLSID: HKU\S-1-5-21-2743476253-3818321080-4174246603-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Greg\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
CustomCLSID: HKU\S-1-5-21-2743476253-3818321080-4174246603-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\Greg\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2743476253-3818321080-4174246603-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => E:\Work 2020\Mulberry MC\Dropbox [2021-03-04 14:34]
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Greg\AppData\Local\MEGAsync\ShellExtX64.dll [2023-08-21] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Greg\AppData\Local\MEGAsync\ShellExtX64.dll [2023-08-21] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Greg\AppData\Local\MEGAsync\ShellExtX64.dll [2023-08-21] (Mega Limited -> )
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-06-25] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-06-25] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-06-25] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65.0.dll [2023-09-21] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65.0.dll [2023-09-21] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65.0.dll [2023-09-21] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65.0.dll [2023-09-21] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65.0.dll [2023-09-21] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65.0.dll [2023-09-21] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65.0.dll [2023-09-21] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65.0.dll [2023-09-21] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65.0.dll [2023-09-21] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65.0.dll [2023-09-21] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65.0.dll [2023-09-21] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65.0.dll [2023-09-21] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65.0.dll [2023-09-21] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65.0.dll [2023-09-21] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65.0.dll [2023-09-21] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65.0.dll [2023-09-21] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65.0.dll [2023-09-21] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65.0.dll [2023-09-21] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65.0.dll [2023-09-21] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65.0.dll [2023-09-21] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-19] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-12-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-06-25] (Adobe Inc. -> )
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\contextMenu\NppShell.dll [2023-09-06] (Notepad++ -> Bjarke I. Pedersen gurli@gurlinet.dk)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65.0.dll [2023-09-21] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Greg\AppData\Local\MEGAsync\ShellExtX64.dll [2023-08-21] (Mega Limited -> )
ContextMenuHandlers1: [SageThumbs] -> {4A34B3E3-F50E-4FF6-8979-7E4176466FF2} => C:\Program Files (x86)\SageThumbs\64\SageThumbs.dll [2017-05-09] (CherubicSoft) [File not signed]
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Greg\AppData\Local\MEGAsync\ShellExtX64.dll [2023-08-21] (Mega Limited -> )
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Greg\AppData\Local\MEGAsync\ShellExtX64.dll [2023-08-21] (Mega Limited -> )
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-19] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-12-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65.0.dll [2023-09-21] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Greg\AppData\Local\MEGAsync\ShellExtX64.dll [2023-08-21] (Mega Limited -> )
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-19] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65.0.dll [2023-09-21] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_7e5fd280efaa5445\nvshext.dll [2023-06-21] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-12-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-06-25] (Adobe Inc. -> )
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [vidc.C210] => c:\windows\system32\c210codc.dll [555928 2017-04-06] (Grass Valley K.K. -> Grass Valley K.K.)
HKLM\...\Drivers32: [vidc.CDV5] => c:\windows\system32\cdv5codc.dll [65432 2017-04-06] (Grass Valley K.K. -> Grass Valley K.K.)
HKLM\...\Drivers32: [vidc.CDVC] => c:\windows\system32\cdvccodc.dll [72088 2017-04-06] (Grass Valley K.K. -> Grass Valley K.K.)
HKLM\...\Drivers32: [vidc.CDVH] => c:\windows\system32\cdvhcodc.dll [65432 2017-04-06] (Grass Valley K.K. -> Grass Valley K.K.)
HKLM\...\Drivers32: [vidc.CHQX] => c:\windows\system32\chqxcodc.dll [118168 2017-04-06] (Grass Valley K.K. -> Grass Valley K.K.)
HKLM\...\Drivers32: [vidc.CLLC] => c:\windows\system32\cllccodc.dll [550296 2017-04-06] (Grass Valley K.K. -> Grass Valley K.K.)
HKLM\...\Drivers32: [vidc.CMIC] => c:\windows\system32\cmiccodc.dll [159640 2017-04-06] (Grass Valley K.K. -> Grass Valley K.K.)
HKLM\...\Drivers32: [vidc.CUVC] => c:\windows\system32\cuvccodc.dll [80792 2017-04-06] (Grass Valley K.K. -> Grass Valley K.K.)
HKLM\...\Drivers32: [vidc.C210] => C:\Windows\SysWOW64\c210codc.dll [500632 2017-04-06] (Grass Valley K.K. -> Grass Valley K.K.)
HKLM\...\Drivers32: [vidc.CDV5] => C:\Windows\SysWOW64\cdv5codc.dll [60824 2017-04-06] (Grass Valley K.K. -> Grass Valley K.K.)
HKLM\...\Drivers32: [vidc.CDVC] => C:\Windows\SysWOW64\cdvccodc.dll [65944 2017-04-06] (Grass Valley K.K. -> Grass Valley K.K.)
HKLM\...\Drivers32: [vidc.CDVH] => C:\Windows\SysWOW64\cdvhcodc.dll [60824 2017-04-06] (Grass Valley K.K. -> Grass Valley K.K.)
HKLM\...\Drivers32: [vidc.CHQX] => C:\Windows\SysWOW64\chqxcodc.dll [102808 2017-04-06] (Grass Valley K.K. -> Grass Valley K.K.)
HKLM\...\Drivers32: [vidc.CLLC] => C:\Windows\SysWOW64\cllccodc.dll [496536 2017-04-06] (Grass Valley K.K. -> Grass Valley K.K.)
HKLM\...\Drivers32: [vidc.CMIC] => C:\Windows\SysWOW64\cmiccodc.dll [153496 2017-04-06] (Grass Valley K.K. -> Grass Valley K.K.)
HKLM\...\Drivers32: [vidc.CUVC] => C:\Windows\SysWOW64\cuvccodc.dll [66968 2017-04-06] (Grass Valley K.K. -> Grass Valley K.K.)
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Greg\Desktop\Greg - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\Greg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\969fa00ceac8236d\Vivaldi.lnk -> C:\Program Files\Vivaldi\Application\vivaldi_proxy.exe (Vivaldi Technologies AS) -> --profile-directory=Default --app-id=mpognobbkildjkofajifpdfhcoklimli
 
==================== Loaded Modules (Whitelisted) =============
 
2023-09-24 15:26 - 2023-09-24 15:26 - 004369408 _____ () [File not signed] C:\Users\Greg\AppData\Local\Temp\.net\OCCT\z4ok3rzd.1qp\av_libGLESv2.dll
2017-05-09 08:40 - 2017-05-09 08:40 - 000475648 _____ (CherubicSoft) [File not signed] C:\Program Files (x86)\SageThumbs\64\SageThumbs.dll
2017-05-09 08:40 - 2017-05-09 08:40 - 000716288 _____ (CherubicSoft) [File not signed] C:\Program Files (x86)\SageThumbs\64\sqlite3.dll
2021-09-15 14:25 - 2016-09-13 10:47 - 002555392 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\LaCie\LaCie Desktop Manager\QtCore4.dll
2021-09-15 14:25 - 2016-09-13 10:47 - 001024000 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\LaCie\LaCie Desktop Manager\QtNetwork4.dll
2021-09-15 14:25 - 2016-09-13 10:47 - 000347136 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\LaCie\LaCie Desktop Manager\QtXml4.dll
2019-01-27 22:17 - 2018-12-30 08:00 - 000077824 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2021-09-15 14:25 - 2016-09-13 10:47 - 001150976 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\LaCie\LaCie Desktop Manager\LIBEAY32.dll
2014-02-07 17:47 - 2014-02-07 17:47 - 001519104 _____ (XnView) [File not signed] C:\Program Files (x86)\SageThumbs\64\libgfl340.dll
2014-02-07 17:47 - 2014-02-07 17:47 - 000256000 _____ (XnView) [File not signed] C:\Program Files (x86)\SageThumbs\64\libgfle340.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\698dc58d.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\698dc58d.sys => ""="Driver"
 
==================== Association (Whitelisted) =================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKLM\...\.scr: SageThumbsImage.scr => "%1" /S <==== ATTENTION
HKU\S-1-5-21-2743476253-3818321080-4174246603-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.scr\UserChoice => scrfile
 
==================== Internet Explorer (Whitelisted) ==========
 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2023-09-14] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_201\bin\ssv.dll [2019-01-27] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-01-27] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-09-14] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [2019-01-27] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-01-27] (Oracle America, Inc. -> Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-16] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-16] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-16] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-16] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-16] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-16] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-16] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-16] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2743476253-3818321080-4174246603-1001\...\sharepoint.com -> hxxps://mulberrymcltd-files.sharepoint.com
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2018-09-15 08:31 - 2023-09-25 15:26 - 000001026 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 *.2miners.com
127.0.0.1 2miners.com
0.0.0.0 uplooder.net
0.0.0.0 uploadkon.ir
0.0.0.0 eu1-etc.ethermine.org
0.0.0.0 us1-etc.ethermine.org
0.0.0.0 acc-pool.pw
0.0.0.0 xmr.2miners.com
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> c:\program files (x86)\common files\intel\shared libraries\redist\intel64\compiler;c:\program files (x86)\common files\oracle\java\javapath;c:\windows\system32;c:\windows;c:\windows\system32\wbem;c:\windows\system32\windowspowershell\v1.0\;c:\windows\system32\openssh\;d:\program files\transfusion.ai;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;E:\Program Files\nodejs\;C:\ProgramData\chocolatey\bin;D:\Program Files\PuTTY\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Git\cmd
HKU\S-1-5-21-2743476253-3818321080-4174246603-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Greg\AppData\Local\Microsoft\BingWallpaperApp\WPImages\20230924.jpg
HKU\S-1-5-21-2743476253-3818321080-4174246603-1002\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
HKU\S-1-5-21-2743476253-3818321080-4174246603-1003\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.
 
Network Binding:
=============
Ethernet: NordVPN LightWeight Firewall -> NordLwf (enabled) 
Ethernet 3: NordVPN LightWeight Firewall -> NordLwf (enabled) 
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AdobeUpdateService => 2
MSCONFIG\Services: AGMService => 2
MSCONFIG\Services: AGSService => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Creative.VADMonitorService => 2
MSCONFIG\Services: dbupdate => 2
MSCONFIG\Services: dbupdatem => 3
MSCONFIG\Services: DbxSvc => 2
MSCONFIG\Services: DDService => 2
MSCONFIG\Services: EasyAntiCheat => 3
MSCONFIG\Services: FvSvc => 3
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: nordvpn-service => 2
MSCONFIG\Services: NvContainerLocalSystem => 2
MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: Origin Web Helper Service => 2
MSCONFIG\Services: postgresql-x64-9.5 => 2
MSCONFIG\Services: Rockstar Service => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: WTabletServicePro => 2
HKLM\...\StartupApproved\StartupFolder: => "Dell Display Manager.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Imaging Edge Desktop.lnk"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run: => "RtkAudUService"
HKLM\...\StartupApproved\Run32: => "Discord"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Opera Browser Assistant"
HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe"
HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller"
HKLM\...\StartupApproved\Run32: => "Creative.SBCommand"
HKU\S-1-5-21-2743476253-3818321080-4174246603-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-2743476253-3818321080-4174246603-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2743476253-3818321080-4174246603-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2743476253-3818321080-4174246603-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-2743476253-3818321080-4174246603-1001\...\StartupApproved\Run: => "CCXProcess"
HKU\S-1-5-21-2743476253-3818321080-4174246603-1001\...\StartupApproved\Run: => "Snap Camera"
HKU\S-1-5-21-2743476253-3818321080-4174246603-1001\...\StartupApproved\Run: => "Vivaldi Update Notifier"
HKU\S-1-5-21-2743476253-3818321080-4174246603-1001\...\StartupApproved\Run: => "DDAssist"
HKU\S-1-5-21-2743476253-3818321080-4174246603-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2743476253-3818321080-4174246603-1001\...\StartupApproved\Run: => "Creative.SBCommand.exe"
HKU\S-1-5-21-2743476253-3818321080-4174246603-1001\...\StartupApproved\Run: => "CiscoMeetingDaemon"
HKU\S-1-5-21-2743476253-3818321080-4174246603-1001\...\StartupApproved\Run: => "CiscoSpark"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{38F7681D-103F-4E03-A711-AAD68DE0975D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{EB90F124-0F24-4E3E-AD53-817E1B9E693A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{CBFDD1FB-268B-464F-A6F7-AFC4C763FA27}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{96D33B59-64A2-48BA-96E6-9EADC108CF25}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [UDP Query User{0F8F4698-4975-45ED-A4A7-E0FFFA85F74B}C:\program files\blackmagic design\davinci resolve\davincipaneldaemon.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\davincipaneldaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [TCP Query User{F251B428-DF7E-45CB-9A80-D68A31D5587C}C:\program files\blackmagic design\davinci resolve\davincipaneldaemon.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\davincipaneldaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [UDP Query User{2ADCEAE2-1C51-4602-978F-3CF3C5E146EA}E:\program files\nodejs\node.exe] => (Allow) E:\program files\nodejs\node.exe (OpenJS Foundation -> Node.js)
FirewallRules: [TCP Query User{B7EFB781-82E6-43AB-937C-30EEA0E31E50}E:\program files\nodejs\node.exe] => (Allow) E:\program files\nodejs\node.exe (OpenJS Foundation -> Node.js)
FirewallRules: [UDP Query User{4FB5F5F9-DFBE-407B-BF01-B1B58FB2C9BB}C:\program files (x86)\call of duty vanguard\vanguard.exe] => (Allow) C:\program files (x86)\call of duty vanguard\vanguard.exe => No File
FirewallRules: [TCP Query User{1238FE43-9F5A-428E-A010-620E6146C5AA}C:\program files (x86)\call of duty vanguard\vanguard.exe] => (Allow) C:\program files (x86)\call of duty vanguard\vanguard.exe => No File
FirewallRules: [{447E7FD9-A644-4833-BFCE-EB226F5E68E7}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\METAL GEAR RISING REVENGEANCE\METAL GEAR RISING REVENGEANCE.exe () [File not signed]
FirewallRules: [{19E5381D-D4C2-4613-89A5-023FD11E7B30}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\METAL GEAR RISING REVENGEANCE\METAL GEAR RISING REVENGEANCE.exe () [File not signed]
FirewallRules: [UDP Query User{31101D06-2096-4F9E-98DD-2ED5461DC118}E:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) E:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{4FE44383-0B64-4E41-B89D-11879A7CFA68}E:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) E:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{B8D00803-DD6B-4989-87AA-DD9A45D8C26D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{91C44305-79D7-45CB-BF51-E9C6B3FDC048}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [UDP Query User{779172E7-D4F7-41A2-A930-FAAA41445514}C:\users\greg\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe] => (Allow) C:\users\greg\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe (Smart Code OOD -> Stremio Runtime)
FirewallRules: [TCP Query User{E903EDDF-71CE-45A4-80A4-D3A79828CAAD}C:\users\greg\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe] => (Allow) C:\users\greg\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe (Smart Code OOD -> Stremio Runtime)
FirewallRules: [UDP Query User{55263CD1-8EA3-4ABA-9963-C6EE747E633E}C:\users\greg\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\greg\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{67C54380-8BB2-4DFA-A066-2FF2CE870926}C:\users\greg\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\greg\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{ACA49C8B-1629-4D6E-9730-60A78AE649DE}C:\users\greg\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\greg\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{10F20F30-0010-4620-985C-3147DF3FBDEF}C:\users\greg\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\greg\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{55978B47-2D4F-4375-BF45-828EF3572B52}I:\misc\dogecoin-qt-v13-win\2021\dogecoin\dogecoin-qt.exe] => (Allow) I:\misc\dogecoin-qt-v13-win\2021\dogecoin\dogecoin-qt.exe => No File
FirewallRules: [TCP Query User{AC76D1DF-AC44-4375-88D3-9DB290151C22}I:\misc\dogecoin-qt-v13-win\2021\dogecoin\dogecoin-qt.exe] => (Allow) I:\misc\dogecoin-qt-v13-win\2021\dogecoin\dogecoin-qt.exe => No File
FirewallRules: [UDP Query User{043E3588-9B6C-46C2-8C1D-32B24E0DD58E}I:\misc\dogecoin-qt-v13-win\dogecoin-qt.exe] => (Allow) I:\misc\dogecoin-qt-v13-win\dogecoin-qt.exe => No File
FirewallRules: [TCP Query User{0D0AF941-1DA5-4275-B917-DA88646A01E4}I:\misc\dogecoin-qt-v13-win\dogecoin-qt.exe] => (Allow) I:\misc\dogecoin-qt-v13-win\dogecoin-qt.exe => No File
FirewallRules: [{B7F3EE6E-1118-4A37-BCE5-D3148CCDA33B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\AoE2DE\BattleServer\BattleServer.exe () [File not signed]
FirewallRules: [{403F8E6F-5005-4A06-98F3-736BCA77234E}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\AoE2DE\BattleServer\BattleServer.exe () [File not signed]
FirewallRules: [{6EF99C33-A529-41A7-836B-FD44E54E07FF}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\AoE2DE\AoE2DE_s.exe (Wicked Witch Software Pty Ltd -> Microsoft Corporation)
FirewallRules: [{4F7EEC32-75A1-4F8E-ADFA-CCA6234D60BB}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\AoE2DE\AoE2DE_s.exe (Wicked Witch Software Pty Ltd -> Microsoft Corporation)
FirewallRules: [{D3202D79-719D-4D65-A755-B02A951579AA}] => (Allow) E:\Program Files (x86)\Drobo\Drobo Dashboard\Drobo Dashboard.exe (Drobo Inc -> Drobo, Inc.)
FirewallRules: [{044CF63D-D293-4185-88CE-80F79B5351AF}] => (Allow) E:\Program Files (x86)\Drobo\Drobo Dashboard\Drobo Dashboard.exe (Drobo Inc -> Drobo, Inc.)
FirewallRules: [{AB545347-F801-48EC-8E69-C2DE31DAC5CB}] => (Allow) E:\Program Files (x86)\Drobo\Drobo Dashboard\DDService.exe (Drobo Inc -> Drobo, Inc.)
FirewallRules: [{6C08293B-D88C-4896-A49D-78454D600CCE}] => (Allow) E:\Program Files (x86)\Drobo\Drobo Dashboard\DDService.exe (Drobo Inc -> Drobo, Inc.)
FirewallRules: [UDP Query User{A561BDBB-9E24-4490-BC06-1FB558DD19C6}C:\program files (x86)\call of duty black ops cold war\blackopscoldwar.exe] => (Allow) C:\program files (x86)\call of duty black ops cold war\blackopscoldwar.exe => No File
FirewallRules: [TCP Query User{BD3CB4BA-5CD5-4016-8886-42BF739689B0}C:\program files (x86)\call of duty black ops cold war\blackopscoldwar.exe] => (Allow) C:\program files (x86)\call of duty black ops cold war\blackopscoldwar.exe => No File
FirewallRules: [UDP Query User{1A8206F6-700C-4FB3-9137-1366E5399D78}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{A7B316C0-5A53-43F0-93FD-21AEC8084977}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{BBEB423D-7274-4A3B-B2FD-7138AB6BD9E0}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{9D98DD74-F830-4DDD-9B88-DEC492807849}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{9C2D51C8-8D25-457C-97B5-FFF1E0EADD84}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{3EDF9691-6B1B-48FC-B925-4F35F24687E4}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{35EDB85A-0D80-4804-A9E7-5E68D27CDA2D}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{DF51C348-3236-4196-B92A-17D9C2E23DF6}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [UDP Query User{79FC6573-DA5F-4E3E-9ACF-753B7F84EC89}C:\program files (x86)\steamlibrary\steamapps\common\conqueror's blade\gamecenter\gamecenter.exe] => (Allow) C:\program files (x86)\steamlibrary\steamapps\common\conqueror's blade\gamecenter\gamecenter.exe (Mail.Ru LLC -> )
FirewallRules: [TCP Query User{7F1FDD00-BF3C-429F-8F32-BCA8B1F08190}C:\program files (x86)\steamlibrary\steamapps\common\conqueror's blade\gamecenter\gamecenter.exe] => (Allow) C:\program files (x86)\steamlibrary\steamapps\common\conqueror's blade\gamecenter\gamecenter.exe (Mail.Ru LLC -> )
FirewallRules: [{25B633A6-5914-4C2F-BF9E-C648A958AA2D}] => (Allow) C:\Program Files (x86)\SteamLibrary\steamapps\common\Conqueror's Blade\ConquerorsBladeSteamLoader.exe (Mail.Ru LLC -> )
FirewallRules: [{7F3358F7-B7C5-4492-980D-E206AFF47C1F}] => (Allow) C:\Program Files (x86)\SteamLibrary\steamapps\common\Conqueror's Blade\ConquerorsBladeSteamLoader.exe (Mail.Ru LLC -> )
FirewallRules: [UDP Query User{C0D71102-B468-4061-A7E8-55A468DC271F}C:\program files\blackmagic design\davinci resolve\fuscript.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\fuscript.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [TCP Query User{FDD41C6E-68F6-4F01-A3CC-574FF19B7E90}C:\program files\blackmagic design\davinci resolve\fuscript.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\fuscript.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [UDP Query User{427EC552-ED51-4E70-8850-D1C6AAD759F7}D:\downloads\qdslrdashboard_v3.5.9_windows_x64\qdslrdashboard.exe] => (Allow) D:\downloads\qdslrdashboard_v3.5.9_windows_x64\qdslrdashboard.exe () [File not signed]
FirewallRules: [TCP Query User{B6EC284E-E7C1-4897-A592-87686C814337}D:\downloads\qdslrdashboard_v3.5.9_windows_x64\qdslrdashboard.exe] => (Allow) D:\downloads\qdslrdashboard_v3.5.9_windows_x64\qdslrdashboard.exe () [File not signed]
FirewallRules: [UDP Query User{9BF1C986-05A1-4AD8-9100-4495D5A2EEDC}C:\program files (x86)\call of duty black ops cold war beta\blackopscoldwar.exe] => (Allow) C:\program files (x86)\call of duty black ops cold war beta\blackopscoldwar.exe => No File
FirewallRules: [TCP Query User{FBBD7A86-FBB0-46EA-BC84-98CE333CE7CB}C:\program files (x86)\call of duty black ops cold war beta\blackopscoldwar.exe] => (Allow) C:\program files (x86)\call of duty black ops cold war beta\blackopscoldwar.exe => No File
FirewallRules: [UDP Query User{C9602559-CFBB-43C1-A9D1-F06236A9BA8A}D:\program files\blackmagic design\davinci resolve\davincipaneldaemon.exe] => (Allow) D:\program files\blackmagic design\davinci resolve\davincipaneldaemon.exe => No File
FirewallRules: [TCP Query User{68BC9B97-2C0D-4838-96D8-AF5A28ED660F}D:\program files\blackmagic design\davinci resolve\davincipaneldaemon.exe] => (Allow) D:\program files\blackmagic design\davinci resolve\davincipaneldaemon.exe => No File
FirewallRules: [UDP Query User{698AF336-EA0A-4B25-AC22-4D5758BEE0A2}D:\program files\blackmagic design\davinci resolve\fuscript.exe] => (Allow) D:\program files\blackmagic design\davinci resolve\fuscript.exe => No File
FirewallRules: [TCP Query User{1D5D6A61-1A1F-4DE5-8DC4-CB5242B53241}D:\program files\blackmagic design\davinci resolve\fuscript.exe] => (Allow) D:\program files\blackmagic design\davinci resolve\fuscript.exe => No File
FirewallRules: [UDP Query User{AA95EE7F-FBB3-49CD-86B6-38578C13738B}C:\users\greg\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\greg\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{FDAA32B5-F45A-4BAA-B96D-94818F012851}C:\users\greg\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\greg\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{ED228451-341F-4196-BB4D-E6AB3C8A5E2F}D:\program files (x86)\origin games\command and conquer generals zero hour\command and conquer generals\generals.exe] => (Allow) D:\program files (x86)\origin games\command and conquer generals zero hour\command and conquer generals\generals.exe => No File
FirewallRules: [TCP Query User{B26B6971-C690-409A-87F8-3EB52F74D743}D:\program files (x86)\origin games\command and conquer generals zero hour\command and conquer generals\generals.exe] => (Allow) D:\program files (x86)\origin games\command and conquer generals zero hour\command and conquer generals\generals.exe => No File
FirewallRules: [UDP Query User{B62A5638-4C5C-428B-A822-BB14B944826B}C:\users\greg\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\greg\appdata\roaming\acestream\engine\ace_engine.exe (INNOVATIVE DIGITAL TECHNOLOGIES LLC -> Innovative Digital Technologies)
FirewallRules: [TCP Query User{4E09D7D7-85EC-4CF6-A75F-583C96253640}C:\users\greg\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\greg\appdata\roaming\acestream\engine\ace_engine.exe (INNOVATIVE DIGITAL TECHNOLOGIES LLC -> Innovative Digital Technologies)
FirewallRules: [UDP Query User{03E80522-4465-4BB3-9329-69B5D89F762C}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe (Activision Publishing Inc -> Activision)
FirewallRules: [TCP Query User{D25E204B-C1A0-406C-AAAD-742029802C85}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe (Activision Publishing Inc -> Activision)
FirewallRules: [TCP Query User{93C1A031-3E96-4028-916B-2D996C156D6F}C:\users\greg\appdata\local\programs\lnv\stremio-4\node.exe] => (Allow) C:\users\greg\appdata\local\programs\lnv\stremio-4\node.exe => No File
FirewallRules: [{DF840641-9807-4E71-B395-E4598147856C}] => (Allow) C:\Program Files (x86)\SteamLibrary\steamapps\common\CnCRemastered\ClientLauncherG.exe (Electronic Arts, Inc. -> Petroglyph Games Inc.)
FirewallRules: [{533D61EF-BF00-4F04-A95A-5AFD06DEB3F0}] => (Allow) C:\Program Files (x86)\SteamLibrary\steamapps\common\CnCRemastered\ClientLauncherG.exe (Electronic Arts, Inc. -> Petroglyph Games Inc.)
FirewallRules: [{0A657E3B-28CF-4642-A0C9-64856AF13E29}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe => No File
FirewallRules: [{CB1D3B7A-CD61-4062-B097-39FCBE5A6A18}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe => No File
FirewallRules: [{00EF1AB6-53AA-4CF3-8334-43262E9092FF}] => (Allow) C:\Program Files (x86)\SteamLibrary\steamapps\common\CnCRemastered\InstanceServerG.exe (Electronic Arts, Inc. -> Petroglyph Games Inc.)
FirewallRules: [{46210008-2DFC-4CBC-8809-F6717F126016}] => (Allow) C:\Program Files (x86)\SteamLibrary\steamapps\common\CnCRemastered\InstanceServerG.exe (Electronic Arts, Inc. -> Petroglyph Games Inc.)
FirewallRules: [{9B56076D-18FA-425E-89D8-9A375B3130F5}] => (Allow) C:\Program Files (x86)\SteamLibrary\steamapps\common\CnCRemastered\ClientG.exe (Electronic Arts, Inc. -> Petroglyph Games Inc.)
FirewallRules: [{231FCBE2-93C1-4AEE-8B8D-59F12440D9B1}] => (Allow) C:\Program Files (x86)\SteamLibrary\steamapps\common\CnCRemastered\ClientG.exe (Electronic Arts, Inc. -> Petroglyph Games Inc.)
FirewallRules: [{AAF12A6F-4541-422C-A0E0-9AA724055028}] => (Allow) C:\Program Files (x86)\SteamLibrary\steamapps\common\CnCRemastered\ClientLauncherG.exe (Electronic Arts, Inc. -> Petroglyph Games Inc.)
FirewallRules: [{9FE72BA1-B909-46F3-B8D2-E6D16A9C7F0F}] => (Allow) C:\Program Files (x86)\SteamLibrary\steamapps\common\CnCRemastered\ClientLauncherG.exe (Electronic Arts, Inc. -> Petroglyph Games Inc.)
FirewallRules: [{1139826F-8307-4165-962C-8102EAFCA30A}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe => No File
FirewallRules: [{15B34645-D113-4543-BCF1-F2EA13BDD842}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe => No File
FirewallRules: [{8F8AC4E4-0A2D-4DE5-9341-63832C6FDB0B}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer.exe => No File
FirewallRules: [{EA0CB35A-0C05-4EC6-82CC-4400710C7181}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer.exe => No File
FirewallRules: [UDP Query User{BF88BAF8-B81D-44AB-A9C3-2FF4AA72D018}C:\program files\epic games\gtav\gta5.exe] => (Allow) C:\program files\epic games\gtav\gta5.exe => No File
FirewallRules: [TCP Query User{84DD3D3F-0413-4F66-8AA5-905D8EB23E0B}C:\program files\epic games\gtav\gta5.exe] => (Allow) C:\program files\epic games\gtav\gta5.exe => No File
FirewallRules: [{F8088AA0-BA0B-40B2-87B7-D7734A0740BB}] => (Allow) C:\Users\Greg\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{47CF22C5-9E2F-4621-9C28-00A4830FE041}] => (Allow) C:\Users\Greg\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{BBC04E49-CC74-4CC4-8762-1A7876E11752}] => (Allow) D:\Program Files (x86)\Origin Games\Command and Conquer Generals Zero Hour\Generals.exe => No File
FirewallRules: [{20CAB27E-4F34-4E37-9F6A-FFDADFF6E9DE}] => (Allow) D:\Program Files (x86)\Origin Games\Command and Conquer Generals Zero Hour\Generals.exe => No File
FirewallRules: [UDP Query User{A2FF94C5-33D3-47B2-ABA9-9B116F0A1E3E}D:\program files (x86)\origin games\command and conquer generals zero hour\command and conquer generals zero hour\generals.exe] => (Allow) D:\program files (x86)\origin games\command and conquer generals zero hour\command and conquer generals zero hour\generals.exe => No File
FirewallRules: [TCP Query User{BA62C379-6620-40B2-86B9-310DFCBDFD51}D:\program files (x86)\origin games\command and conquer generals zero hour\command and conquer generals zero hour\generals.exe] => (Allow) D:\program files (x86)\origin games\command and conquer generals zero hour\command and conquer generals zero hour\generals.exe => No File
FirewallRules: [{918C5987-90D2-4229-AB69-CC8EFB7C412E}] => (Allow) D:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{AFC66395-05A8-42F5-9580-DA9E22193499}] => (Allow) D:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{E1056FA8-176F-4E4C-AD43-DA5DDA48D076}] => (Allow) D:\Program Files (x86)\Origin Games\Command and Conquer 3 TW and KW\CNC3Launcher.exe => No File
FirewallRules: [{6466BD0D-A42D-4139-8260-537DE80BDAFE}] => (Allow) D:\Program Files (x86)\Origin Games\Command and Conquer 3 TW and KW\CNC3Launcher.exe => No File
FirewallRules: [UDP Query User{86B391D0-32C7-4BE0-835A-2A2ECF9E03D3}D:\program files (x86)\origin games\command and conquer red alert ii\gamemd-spawn.exe] => (Allow) D:\program files (x86)\origin games\command and conquer red alert ii\gamemd-spawn.exe => No File
FirewallRules: [TCP Query User{711380E7-4E5E-4CBC-B3C4-49FFD633FE87}D:\program files (x86)\origin games\command and conquer red alert ii\gamemd-spawn.exe] => (Allow) D:\program files (x86)\origin games\command and conquer red alert ii\gamemd-spawn.exe => No File
FirewallRules: [UDP Query User{A0F4BDEE-E8F0-475D-B434-232EA3FE4E16}C:\users\greg\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\greg\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{26E8A372-6EFA-46F4-8B7A-B0E0C8A4D592}C:\users\greg\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\greg\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{B1879ABA-3E10-40FB-A6AE-975D900957A6}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe (Activision Publishing Inc -> Activision)
FirewallRules: [TCP Query User{858B6895-226E-4BAB-A2B6-9356F58EF6E9}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe (Activision Publishing Inc -> Activision)
FirewallRules: [UDP Query User{84A4F50F-EF5E-4E89-A4E9-745B1F8C583F}D:\program files (x86)\origin games\command and conquer tiberian sun\ts-spawn.exe] => (Allow) D:\program files (x86)\origin games\command and conquer tiberian sun\ts-spawn.exe (Westwood Studios) [File not signed]
FirewallRules: [TCP Query User{B1EC7A0B-E16F-412E-9E61-398338DFA523}D:\program files (x86)\origin games\command and conquer tiberian sun\ts-spawn.exe] => (Allow) D:\program files (x86)\origin games\command and conquer tiberian sun\ts-spawn.exe (Westwood Studios) [File not signed]
FirewallRules: [{E3DA820A-0CF1-4139-A848-85F0D84B7BF6}] => (Allow) D:\Program Files (x86)\Origin Games\Command and Conquer Tiberian Sun\TSLauncher.exe => No File
FirewallRules: [{F71BDEB2-29CE-4AE4-8148-60E708508BAE}] => (Allow) D:\Program Files (x86)\Origin Games\Command and Conquer Tiberian Sun\TSLauncher.exe => No File
FirewallRules: [UDP Query User{95936B89-4FE7-43A6-BD16-BB619E743382}D:\program files (x86)\openra\redalert.exe] => (Allow) D:\program files (x86)\openra\redalert.exe => No File
FirewallRules: [TCP Query User{85501452-16FE-4DA6-849C-20CD0F53E387}D:\program files (x86)\openra\redalert.exe] => (Allow) D:\program files (x86)\openra\redalert.exe => No File
FirewallRules: [UDP Query User{705F4A45-3742-4F77-BC53-5D381F6F7B83}D:\program files (x86)\openra\tiberiandawn.exe] => (Allow) D:\program files (x86)\openra\tiberiandawn.exe => No File
FirewallRules: [TCP Query User{C3344D8D-C687-4F56-AE9B-728677D37949}D:\program files (x86)\openra\tiberiandawn.exe] => (Allow) D:\program files (x86)\openra\tiberiandawn.exe => No File
FirewallRules: [{351881BD-E400-4C53-A748-C1FEB2EA1063}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{83FE2B82-E5A9-4136-B7C8-71FBC39C6DA3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D3FC6FDF-2AEE-433C-8CF0-114299FDE51F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9C7ABB68-1268-448E-BDC7-242493F0D169}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [UDP Query User{D7275DD6-9420-431C-B8A8-FE2A7C257136}D:\program files\blackmagic design\davinci resolve\fuscript.exe] => (Allow) D:\program files\blackmagic design\davinci resolve\fuscript.exe => No File
FirewallRules: [TCP Query User{D882748B-C94B-4C54-9317-9D6C926809BB}D:\program files\blackmagic design\davinci resolve\fuscript.exe] => (Allow) D:\program files\blackmagic design\davinci resolve\fuscript.exe => No File
FirewallRules: [UDP Query User{FADB3C35-03E6-457D-AE2C-793E4C8D567A}D:\program files\blackmagic design\davinci resolve\resolve.exe] => (Allow) D:\program files\blackmagic design\davinci resolve\resolve.exe => No File
FirewallRules: [TCP Query User{D0A83246-4259-4CDD-8C45-3F516EDEEEB2}D:\program files\blackmagic design\davinci resolve\resolve.exe] => (Allow) D:\program files\blackmagic design\davinci resolve\resolve.exe => No File
FirewallRules: [UDP Query User{5CBE9649-5E81-4DE3-878F-5BCB2013E2AE}D:\program files\blackmagic design\davinci resolve\dpdecoder.exe] => (Allow) D:\program files\blackmagic design\davinci resolve\dpdecoder.exe => No File
FirewallRules: [TCP Query User{6CD86BB4-65ED-45D0-9B71-27757C20BD4C}D:\program files\blackmagic design\davinci resolve\dpdecoder.exe] => (Allow) D:\program files\blackmagic design\davinci resolve\dpdecoder.exe => No File
FirewallRules: [{26397E40-38E2-4A84-A70C-D0530E3EFBF5}] => (Allow) C:\Users\Greg\AppData\Roaming\ACEStream\engine\ace_engine.exe (INNOVATIVE DIGITAL TECHNOLOGIES LLC -> Innovative Digital Technologies)
FirewallRules: [{93F17FA1-219B-4CAD-9F26-829A38F1348C}] => (Allow) C:\Users\Greg\AppData\Roaming\ACEStream\engine\ace_engine.exe (INNOVATIVE DIGITAL TECHNOLOGIES LLC -> Innovative Digital Technologies)
FirewallRules: [{AFF1F8AD-6F42-492D-A3D2-D733AF86245F}] => (Allow) C:\Program Files (x86)\SteamLibrary\steamapps\common\MGS_TPP\mgsvtpp.exe (Konami Digital Entertainment) [File not signed]
FirewallRules: [{0E1711D7-8034-4E59-91FB-41EA9165C544}] => (Allow) C:\Program Files (x86)\SteamLibrary\steamapps\common\MGS_TPP\mgsvtpp.exe (Konami Digital Entertainment) [File not signed]
FirewallRules: [UDP Query User{D555A397-155C-4866-BE9D-29364BE8507D}C:\users\greg\appdata\local\programs\lnv\stremio-4\node.exe] => (Allow) C:\users\greg\appdata\local\programs\lnv\stremio-4\node.exe => No File
FirewallRules: [TCP Query User{1794C4A5-6807-4667-865E-D2C09AD01134}C:\users\greg\appdata\local\programs\lnv\stremio-4\node.exe] => (Allow) C:\users\greg\appdata\local\programs\lnv\stremio-4\node.exe => No File
FirewallRules: [{9706EF09-2D47-43F6-9475-8C3997E7892A}] => (Allow) C:\Users\Greg\AppData\Local\LINE\bin\5.13.0.1874\LineUpdater.exe => No File
FirewallRules: [{AACDE48A-AB6F-4822-9AF9-216CDD78C561}] => (Allow) C:\Users\Greg\AppData\Local\LINE\bin\5.13.0.1874\LineUpdater.exe => No File
FirewallRules: [{8104D8A4-8533-4F08-B332-FFCECC52291C}] => (Allow) C:\Users\Greg\AppData\Local\LINE\bin\5.13.0.1874\LINE.exe => No File
FirewallRules: [{F26E7457-79B3-4A25-82BB-628A60426B72}] => (Allow) C:\Users\Greg\AppData\Local\LINE\bin\5.13.0.1874\LINE.exe => No File
FirewallRules: [{577A833F-254F-4F75-80FC-FE474AE2F16E}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{42096089-29F4-463A-AF5A-8DDBE1F55D70}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{99F28249-B79F-4696-BC9B-0AC0EE6EC5CD}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{9BC95662-8EBC-41D7-8DB8-C2C3C297B253}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{924F2A5C-F784-4536-8BF2-8DEAAA84E487}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{14F6B9DE-9542-42A0-90E3-39C3D41E2E71}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [UDP Query User{8EB33C22-F8E6-4C37-8504-E7733F4379BF}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [TCP Query User{5DB3D805-46E9-430C-B555-6B9B61F14FCE}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [UDP Query User{34F1E256-E455-493C-9EBF-C6557BEA6263}D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe => No File
FirewallRules: [TCP Query User{2C239A3C-B31D-407F-9519-E152BF7B8E16}D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe => No File
FirewallRules: [{AE374364-226D-4EB3-8BDD-C02B3B4AC3EB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E9D5B37E-CF41-46CD-ABAE-19848B250629}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{69E9C92E-7BDA-4126-B9CE-ACB71EABF99D}C:\program files (x86)\call of duty\_retail_\cod.exe] => (Allow) C:\program files (x86)\call of duty\_retail_\cod.exe (Activision Publishing Inc -> Activision)
FirewallRules: [UDP Query User{6A3F0E01-F083-4DA2-BB9E-8C2A55312456}C:\program files (x86)\call of duty\_retail_\cod.exe] => (Allow) C:\program files (x86)\call of duty\_retail_\cod.exe (Activision Publishing Inc -> Activision)
FirewallRules: [TCP Query User{29AC3EAC-989E-4572-B10B-A115E1A1CC9F}C:\users\greg\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe] => (Allow) C:\users\greg\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe (Smart Code OOD -> Stremio Runtime)
FirewallRules: [UDP Query User{838930AD-25BD-45A2-BC45-9719006B2FF0}C:\users\greg\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe] => (Allow) C:\users\greg\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe (Smart Code OOD -> Stremio Runtime)
FirewallRules: [{1D18E961-8836-4FE1-B137-DBD7CBFACE8E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{54A4C9C9-86C3-4387-88BA-F8296D4150E4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{C144914E-D694-47B9-B404-83EA1FD17BC8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{C118D68A-D4C8-4028-9F67-FF368F64B13F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{E4A8496C-9851-4459-90FC-93838F532D05}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{80F62D72-0BA5-4FDA-B4C5-B79DA2825107}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EBAA9A03-EC97-40E9-918A-E7239ADA7F76}] => (Allow) C:\Program Files\Opera\101.0.4843.43\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{CE02D948-056D-4A25-AA8F-69122B90951B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{F729F75D-61D1-4BAD-8AA6-DEFA2D9C589E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{210E7C82-F7F3-49D1-83C6-55EA39B27F4F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1F1215B7-6275-445E-B40D-398A2D9F413B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E6CBE442-2847-4320-92F1-86DD520F1ECC}] => (Allow) C:\Program Files\Opera\102.0.4880.56\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{7031406C-1344-4576-9909-EC03D97C982E}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [{52354106-A1E2-4486-80E3-48389B6DC240}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{C7350582-02CE-4242-AD07-9C3D61B1A627}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DaVinciPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{2CC9F5CF-A501-4736-BA58-728333262CB1}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{74E8BFCB-3AE9-487A-8FCD-99EEB09529EF}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{C483FBFE-AFDC-4690-B451-54A9EE4AE4F7}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{46EDF261-49CE-44E6-8776-902E4B9007BE}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe => No File
FirewallRules: [{8A5640E2-BA71-49DF-9274-51F08F27E146}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\fuscript.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [TCP Query User{5977E08B-21CF-43F3-94B4-F323942700C4}C:\program files\opera\opera.exe] => (Allow) C:\program files\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{539C501C-2290-40A0-9F3C-7BA271AB574D}C:\program files\opera\opera.exe] => (Allow) C:\program files\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [TCP Query User{557FBF7F-C491-4EF7-B7CF-E242A3E215B9}C:\program files\cisco packet tracer 8.2.1\bin\packettracer.exe] => (Allow) C:\program files\cisco packet tracer 8.2.1\bin\packettracer.exe (CISCO SYSTEMS, INC. -> Cisco Systems, Inc)
FirewallRules: [UDP Query User{051BB0AA-E097-43B6-9D33-7AEBB10F6D58}C:\program files\cisco packet tracer 8.2.1\bin\packettracer.exe] => (Allow) C:\program files\cisco packet tracer 8.2.1\bin\packettracer.exe (CISCO SYSTEMS, INC. -> Cisco Systems, Inc)
FirewallRules: [{EA7A54F0-AECC-4B8B-8A79-21CF4FFE7994}] => (Allow) C:\Program Files\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
FirewallRules: [{7CF38943-FFAE-44F4-B4A4-66AA4BE42010}] => (Allow) D:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{9EE77DA5-322D-478A-8FAB-84CC10542C68}] => (Allow) D:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{48EF4FCB-AB75-4ADA-BBFA-082BA0B35133}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{89BE17BA-622D-4E4E-A70B-3E54864EE21D}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{28ABBC08-E9E7-4874-84FC-5455F9892173}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.36\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
25-09-2023 10:05:39 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices ============
 
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (09/25/2023 03:24:33 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=32d2fab3-e4a8-42c2-923b-4bf4fd13e6ee;NotificationInterval=1440;Trigger=TimerEvent
 
Error: (09/25/2023 01:24:52 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=32d2fab3-e4a8-42c2-923b-4bf4fd13e6ee;NotificationInterval=1440;Trigger=TimerEvent
 
Error: (09/25/2023 01:24:16 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=32d2fab3-e4a8-42c2-923b-4bf4fd13e6ee;NotificationInterval=1440;Trigger=TimerEvent
 
Error: (09/25/2023 12:13:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 10.0.19041.3448, time stamp: 0x64289cf8
Faulting module name: explorer.exe, version: 10.0.19041.3448, time stamp: 0x64289cf8
Exception code: 0xc0000409
Fault offset: 0x0000000000258dcd
Faulting process id: 0x228
Faulting application start time: 0x01d9ef9ac5c5b891
Faulting application path: C:\WINDOWS\explorer.exe
Faulting module path: C:\WINDOWS\explorer.exe
Report Id: af4ef959-22fa-4221-9925-3ad8b6f3ceb5
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (09/25/2023 03:40:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinRing0_1_2_0 service failed to start due to the following error: 
The system cannot find the path specified.
 
Error: (09/25/2023 03:22:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinRing0_1_2_0 service failed to start due to the following error: 
The system cannot find the path specified.
 
Error: (09/25/2023 02:32:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinRing0_1_2_0 service failed to start due to the following error: 
The system cannot find the path specified.
 
Error: (09/25/2023 12:53:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinRing0_1_2_0 service failed to start due to the following error: 
The system cannot find the path specified.
 
Error: (09/25/2023 12:46:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinRing0_1_2_0 service failed to start due to the following error: 
The system cannot find the path specified.
 
Error: (09/25/2023 11:33:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinRing0_1_2_0 service failed to start due to the following error: 
The system cannot find the path specified.
 
Error: (09/25/2023 11:26:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinRing0_1_2_0 service failed to start due to the following error: 
The system cannot find the path specified.
 
Error: (09/25/2023 11:26:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update Orchestrator Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
 
Windows Defender:
================
Date: 2023-09-25 09:55:54
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-09-25 06:38:06
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: PUA:Win32/GameHack
Severity: Low
Category: Potentially Unwanted Software
Path: file:_D:\Software\Microsoft Office 2019 ProPlus 1808 (Build 10730.20102) RETAIL\KMS-Digital-Online_Activation_Suite_v5.7_ENG\bin\WinDivert\$OEM$\$$\Setup\Scripts\x86\KMS.exe; file:_D:\Software\Microsoft Office 2019 ProPlus 1808 (Build 10730.20102) RETAIL\KMS-Digital-Online_Activation_Suite_v5.7_ENG\bin\WinDivert\x86\KMS.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\Greg\AppData\Local\Temp\{b18aed09-c398-4c45-924b-12c6d3c77963}\d06c6d98.exe
Security intelligence Version: AV: 1.397.1520.0, AS: 1.397.1520.0, NIS: 1.397.1520.0
Engine Version: AM: 1.1.23080.2005, NIS: 1.1.23080.2005
 
Date: 2023-09-25 06:11:44
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: PUA:Win32/GameHack
Severity: Low
Category: Potentially Unwanted Software
Path: file:_D:\Software\Microsoft Office 2019 ProPlus 1808 (Build 10730.20102) RETAIL\KMS-Digital-Online_Activation_Suite_v5.7_ENG\bin\WinDivert\$OEM$\$$\Setup\Scripts\x86\KMS.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\Greg\AppData\Local\Temp\{b18aed09-c398-4c45-924b-12c6d3c77963}\d06c6d98.exe
Security intelligence Version: AV: 1.397.1520.0, AS: 1.397.1520.0, NIS: 1.397.1520.0
Engine Version: AM: 1.1.23080.2005, NIS: 1.1.23080.2005
 
Date: 2023-09-25 06:11:43
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win32/AutoKMS
Severity: High
Category: Tool
Path: file:_D:\Software\Microsoft Office 2019 ProPlus 1808 (Build 10730.20102) RETAIL\KMS-Digital-Online_Activation_Suite_v5.7_ENG\bin\Inject\$OEM$\$$\Setup\Scripts\x64\KMS.dll; file:_D:\Software\Microsoft Office 2019 ProPlus 1808 (Build 10730.20102) RETAIL\KMS-Digital-Online_Activation_Suite_v5.7_ENG\bin\Inject\x64\KMS.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\Greg\AppData\Local\Temp\{b18aed09-c398-4c45-924b-12c6d3c77963}\d06c6d98.exe
Security intelligence Version: AV: 1.397.1520.0, AS: 1.397.1520.0, NIS: 1.397.1520.0
Engine Version: AM: 1.1.23080.2005, NIS: 1.1.23080.2005
 
Date: 2023-09-25 06:11:43
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win32/AutoKMS
Severity: High
Category: Tool
Path: file:_D:\Software\Microsoft Office 2019 ProPlus 1808 (Build 10730.20102) RETAIL\KMS-Digital-Online_Activation_Suite_v5.7_ENG\bin\Inject\$OEM$\$$\Setup\Scripts\x64\KMS.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\Greg\AppData\Local\Temp\{b18aed09-c398-4c45-924b-12c6d3c77963}\d06c6d98.exe
Security intelligence Version: AV: 1.397.1520.0, AS: 1.397.1520.0, NIS: 1.397.1520.0
Engine Version: AM: 1.1.23080.2005, NIS: 1.1.23080.2005
Event[0]:
 
Date: 2023-07-13 17:03:41
Description: 
Microsoft Defender Antivirus has encountered an error trying to upload a suspicious file for further analysis.
Filename: C:\Users\Greg\AppData\Local\Vivaldi\User Data\Default\IndexedDB\https_coinmarketcap.com_0.indexeddb.blob\18\00\12
Sha256: 29ce4a10f9e4025e692a82711c3a96cd696f99787d8d3ddcbdad1af6bb2d34ca
Current security intelligence Version: AV: 1.393.218.0, AS: 1.393.218.0
Current Engine Version: 1.1.23060.1005
Error code: 0x80508016
 
CodeIntegrity:
===============
Date: 2023-09-25 09:55:51
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2023-09-24 16:33:57
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2023-08-01 17:43:06
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. 1.00 07/16/2018
Motherboard: Micro-Star International Co., Ltd. B450M MORTAR (MS-7B89)
Processor: AMD Ryzen 5 2600X Six-Core Processor 
Percentage of memory in use: 39%
Total physical RAM: 32719.15 MB
Available physical RAM: 19639 MB
Total Virtual: 37583.15 MB
Available Virtual: 21258.05 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:952.6 GB) (Free:324.39 GB) (Model: ADATA SX8200PNP) NTFS
Drive d: (HDD) (Fixed) (Total:1862.89 GB) (Free:833.57 GB) (Model: ST2000DM006-2DM164) NTFS
Drive e: (SSD) (Fixed) (Total:931.39 GB) (Free:473.78 GB) (Model: CT1000MX500SSD1) NTFS
 
\\?\Volume{8a50cf77-b979-4dba-94f5-d407bbd00f85}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.47 GB) NTFS
\\?\Volume{e4d160ae-c37a-4548-a358-68f907128c40}\ () (Fixed) (Total:0.55 GB) (Free:0.07 GB) NTFS
\\?\Volume{3a9f6a26-0518-4e4e-8c13-5b6fd6e4b076}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: AD1D3399)
 
Partition: GPT.
 
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: BDA66C21)
 
Partition: GPT.
 
==========================================================
Disk: 2 (Size: 953.9 GB) (Disk ID: 6984699B)
 
Partition: GPT.
 
==================== End of Addition.txt =======================
 
 

 


BC AdBot (Login to Remove)

 

#2 dennis_l

dennis_l

  • Avatar image
  • Malware Response Team
  • 2,423 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:UK
  • Local time:02:23 AM

Posted Today, 10:46 AM

Hi greghhhh,
My name is Dennis and I will assist you with your computer problems.
Please read through these guidelines before we start.

  • Back up any important data, as a precaution, before starting this process.
  • If you are unsure about anything then please ask. This makes the task much easier in the long run.
  • Do not run any other tools or make changes to your system during the removal process.
  • Please do not start a new topic and keep all replies in this thread.
  • Follow the instructions in the sequence advised.
  • Copy and paste the logs into the reply. I will advise if anything needs to be added as an attachment.
  • Here at Bleeping Computer we are mostly volunteers, so please be patient with us. I’ll try to respond within 24 hours. You will be advised if it is expected to be longer than 48 hours.
  • Please let me know if you are going to be delayed in responding. If you do not reply after 5 days, I’ll assume you do not want to continue and will close the topic.
  • Sometimes things might seem to be resolved, but there may still need to be more checks necessary, so please wait until I give the all clear.

Please give me some time to examine your logs and I will get back to you as soon as possible.

Dennis


#3 dennis_l

dennis_l

  • Avatar image
  • Malware Response Team
  • 2,423 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:UK
  • Local time:02:23 AM

Posted Today, 10:55 AM

Regarding your question, we can work of these logs for now.
I'll let you know if a new scan is needed.

 


#4 greghhhh

greghhhh
  • Topic Starter

  • Avatar image
  • Members
  • 3 posts
  • OFFLINE
    •  
  • Local time:02:23 AM

Posted Today, 11:03 AM

Great, thanks for the prompt response!


Back to Virus, Trojan, Spyware, and Malware Removal Help


11 user(s) are reading this topic

0 members, 11 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·