Avast Behavior Shield seemingly reports attempt to uninstall itself

Amora R Jelo

Hello,
 
Yesterday, I noticed the following Avast BehaviorShield warning popup:
BNgNcb4.png
 
Given that I did not perform a scan myself, and that the following threat popped up while I was not actively at my computer, I assume Avast must have detected an action occurring in the background. While the warning above mentions the source being Windows’ PowerShell, I did not have one actively open myself, which means that some other program must have tried to run a command through PowerShell/cmd.

The file in question, “UNINSTALLEXCHANGE.PS1”, seems to have been located in the /SETUP folder of my Avast installation, although I currently cannot find it in there anymore. Perhaps Avast deleted it from there upon issuing the warning? Given the name of the file, it sounds like some program tried to uninstall Avast, although I might of course be wrong.

I have, of course, tried to already search on Google to find further information on my situation, but unfortunately have not found much. The only relevant link I found is the following: https://discuss.elastic.co/t/kv-filter-dont-split-on-field-split-pattern-once/165431, where someone (suspiciously?) seems to want to run a certain command using PowerShell on the aforementioned file. However, given the short excerpt of their code, I cannot come to a conclusion on what exactly it is they tried to do. (Or, rather, instead of attempting to run a command they seem to want to parse a log that looks suspiciously similar to the warning on my machine, but that’s all I can figure out from there…)

I would perhaps have put it aside as a false positive, but the fact that something happened in the location Avast itself was installed in, without my knowledge, seems somewhat worrying.
 
So far, I have ran the following scans:
– Full Avast scan: No threats detected.
– Full Windows Defender Scan: Surprisingly, it seems to have detected 3 threats (buxsC0q.png), but even more surprisingly, I can’t seem to be able to see them, given that the threat history is empty (tUXKJgv.png). However, as it turns out, they are listed thanks to FRST — All three of them were just PUPs, and at that, PUPs that I hadn’t executed in years, and of which I am 99.9% sure that they’re harmless (They were mainly product key generators for stuff like JetBrains, which I once used as a teen over half a decade ago. Surprisingly enough, I remember them working. But it’s to no surprise that they get detected as PUPs.)
– Windows Defender Offline scan: Given that I have not received any notification on reboot, I assume no threats were detected.
– Full Malwarebytes scan: No threats detected.
– TDSSKiller: Nothing detected.
 
I have also attempted to find Avast logs regarding the Behavior Shield, but it seems that they don’t exist, or at the very least I am unable to find them.
Finally, I attempted to find logs regarding the usage of PowerShell, but I am unfortunately not well-versed enough in finding such information. The only information that might be relevant is as follows: In the Windows Event Viewer, under “Applications and Services Logs/Microsoft/Windows/PowerShell/Operational/”, I found a “PowerShell Console Startup” event that might match the timing of the Avast warning, although I can’t tell for sure given that Avast apparently didn’t leave any logs. The details under the event look as follows:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
  <Provider Name="Microsoft-Windows-PowerShell" Guid="{a0c1853b-5c40-4b15-8766-3cf1c58f985a}" /> 
  <EventID>40961</EventID> 
  <Version>1</Version> 
  <Level>4</Level> 
  <Task>4</Task> 
  <Opcode>1</Opcode> 
  <Keywords>0x0</Keywords> 
  <TimeCreated SystemTime="2021-04-24T13:18:38.0672859Z" /> 
  <EventRecordID>824</EventRecordID> 
  <Correlation ActivityID="{79918fd2-3531-0000-f610-a7793135d701}" /> 
  <Execution ProcessID="6832" ThreadID="15316" /> 
  <Channel>Microsoft-Windows-PowerShell/Operational</Channel> 
  <Computer>DESKTOP-F8Q1L6N</Computer> 
  <Security UserID="S-1-5-18" /> 
  </System>
  <EventData /> 
  </Event>

Which, unfortunately, does not seem to contain a ton of detail. I am unsure if it is possible to see the full history of commands executed on PowerShell, so I haven’t been able to find out more so far.
 
I also ran FRST, as specified in the Preparation Guide, and received the following results (Also attached to the post, but since the Guide said to paste them, I will do so):
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-04-2021
Ran by MY_USERNAME (administrator) on PC_NAME (25-04-2021 18:16:59)
Running from E:DataDownloads
Loaded Profiles: MY_USERNAME
Platform: Windows 10 Pro Version 2004 19041.928 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:Program FilesAMDCNextCNextamdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:Program FilesAMDCNextCNextAMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:Program FilesAMDCNextCNextRadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:WindowsSystem32DriverStoreFileRepositoryc0346830.inf_amd64_f723e13ffb3b2652B345901atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:WindowsSystem32DriverStoreFileRepositoryc0346830.inf_amd64_f723e13ffb3b2652B345901atiesrxx.exe
(Avast Software s.r.o. -> AVAST Software) C:Programsaswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:ProgramsaswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:ProgramsAvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:ProgramsAvastUI.exe <4>
(Avast Software s.r.o. -> AVAST Software) C:Programswsc_proxy.exe
(Canon Inc. -> CANON INC.) C:Program Files (x86)CanonIJ Network Scanner Selector EX2CNMNSST2.exe
(Flexera Software LLC -> Flexera) C:Program FilesCommon FilesMacrovision SharedFlexNet PublisherFNPLicensingService64.exe
(Google LLC -> Google LLC) C:Program Files (x86)GoogleChromeApplicationchrome.exe <50>
(Malwarebytes Inc -> Malwarebytes) C:Program FilesMalwarebytesAnti-MalwareMBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:Program FilesMalwarebytesAnti-Malwarembamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:Program FilesCommon Filesmicrosoft sharedClickToRunOfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:Program FilesMicrosoft OfficerootOffice16WINWORD.EXE
(Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.WindowsCalculator_10.2101.10.0_x64__8wekyb3d8bbweCalculator.exe
(Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbweWinStore.App.exe
(Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.ZuneMusic_10.20122.11121.0_x64__8wekyb3d8bbweMusic.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsImmersiveControlPanelSystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32dllhost.exe <4>
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32oobeUserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32Taskmgr.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2103.7-0MsMpEng.exe
(Notepad++ -> Don HO [email protected]) C:ApplicationsNotepad++notepad++.exe
(Razer USA Ltd. -> Razer Inc.) C:Program Files (x86)RazerSynapseRzSynapse.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:Program FilesRealtekAudioHDARtkNGUI64.exe
(Spotify AB -> Spotify Ltd) C:UsersMY_USERNAMEAppDataRoamingSpotifySpotify.exe <6>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM…Run: [AvastUI.exe] => C:ProgramsAvLaunch.exe [118496 2021-04-24] (Avast Software s.r.o. -> AVAST Software)
HKLM…Run: [RTHDVCPL] => C:Program FilesRealtekAudioHDARtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32…Run: [IJNetworkScannerSelectorEX2] => C:Program Files (x86)CanonIJ Network Scanner Selector EX2CNMNSST2.exe [279240 2016-12-09] (Canon Inc. -> CANON INC.)
HKLM-x32…Run: [] => [X]
HKLM-x32…Run: [Razer Synapse] => C:Program Files (x86)RazerSynapseRzSynapse.exe [601784 2020-05-13] (Razer USA Ltd. -> Razer Inc.)
HKLM-x32…Run: [TeamsMachineUninstallerLocalAppData] => C:UsersMY_USERNAMEAppDataLocalMicrosoftTeamsUpdate.exe [2453720 2021-04-23] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM-x32…Run: [TeamsMachineUninstallerProgramData] => %ProgramData%MicrosoftTeamsUpdate.exe –uninstall –msiUninstall –source=default
HKUS-1-5-21-848354871-4184821791-1569574031-1001…Run: [Discord] => C:UsersMY_USERNAMEAppDataLocalDiscordUpdate.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKUS-1-5-21-848354871-4184821791-1569574031-1001…Run: [Spotify] => C:UsersMY_USERNAMEAppDataRoamingSpotifySpotify.exe [23839816 2021-04-19] (Spotify AB -> Spotify Ltd)
HKUS-1-5-21-848354871-4184821791-1569574031-1001…Run: [Steam] => C:ApplicationsSteamsteam.exe [3412696 2021-02-13] (Valve -> Valve Corporation)
HKUS-1-5-21-848354871-4184821791-1569574031-1001…Run: [utweb] => C:UsersMY_USERNAMEAppDataRoaminguTorrent Webutweb.exe [5649952 2021-02-04] (BitTorrent Inc -> BitTorrent Inc.)
HKLM…Windows x64Print ProcessorsCanon TR7500 series Print Processor: C:WindowsSystem32spoolprtprocsx64CNMPDDM.DLL [482816 2019-01-10] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM…PrintMonitorsCanon BJ FAX Language Monitor TR7500 series: C:WINDOWSsystem32CNCALDM.DLL [254464 2019-01-28] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM…PrintMonitorsCanon BJ Language Monitor TR7500 series: C:WINDOWSsystem32CNMLMDM.DLL [1302016 2019-01-10] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLMSoftwareMicrosoftActive SetupInstalled Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:Program Files (x86)GoogleChromeApplication90.0.4430.85Installerchrmstp.exe [2021-04-23] (Google LLC -> Google LLC)
Startup: C:ProgramDataMicrosoftWindowsStart MenuProgramsStartupNexon Launcher.lnk [2020-11-02]
ShortcutTarget: Nexon Launcher.lnk -> C:Program Files (x86)NexonNexon Launchernexon_launcher.exe (NEXON Korea Corporation. -> )
HKLMSOFTWAREPoliciesMozillaFirefox: Restriction <==== ATTENTION
HKLMSOFTWAREPoliciesGoogle: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {041ECEB4-9E33-42B3-A297-58FA8DBF5D45} – System32TasksMicrosoftOfficeOfficeTelemetryAgentLogOn2016 => C:Program FilesMicrosoft OfficerootOffice16msoia.exe [5255600 2021-04-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {0A785C81-6497-4E33-BC71-47906CD705FA} – System32TasksAdobe Acrobat Update Task => C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {1725BB1B-CBF3-4A8C-93D3-8E31C36E3B57} – System32Tasksnpcapwatchdog => C:Program FilesNpcapCheckStatus.bat [880 2020-09-25] () [File not signed]
Task: {217EAE92-DDEF-449F-BFB0-6F61CC9EC376} – System32TasksStartDVR => C:Program FilesAMDCNextCNextRSServCmd.exe [68280 2019-08-16] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {38837FD3-64AF-4703-BB23-524F55F3CF46} – System32TasksGoogleUpdateTaskMachineCore => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [156104 2020-02-27] (Google LLC -> Google LLC)
Task: {3ABE1026-90CA-41D0-A452-DC33511CBFCB} – System32TasksMicrosoftOfficeOffice ClickToRun Service Monitor => C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeC2RClient.exe [23248792 2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {4900F689-00EC-4A00-A398-D51CA13E8923} – System32TasksMicrosoftOfficeOffice Feature Updates => C:Program FilesMicrosoft OfficerootOffice16sdxhelper.exe [141160 2021-04-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {5149022E-189C-4B7B-92DF-58CF050F485B} – System32TasksMicrosoftOfficeOfficeTelemetryAgentFallBack2016 => C:Program FilesMicrosoft OfficerootOffice16msoia.exe [5255600 2021-04-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {5DEE8F15-7019-4A07-B690-C7C963C259BB} – System32TasksStartCN => C:Program FilesAMDCNextCNextcncmd.exe [61112 2019-08-16] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {66E055E5-B7E4-4018-BC2E-55A9D852C85D} – System32TasksMicrosoftOfficeOffice Feature Updates Logon => C:Program FilesMicrosoft OfficerootOffice16sdxhelper.exe [141160 2021-04-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {8B27DD9E-D981-4D03-BD5F-2A94C000A53B} – System32TasksGoogleUpdateTaskMachineUA => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [156104 2020-02-27] (Google LLC -> Google LLC)
Task: {A5BCC9C9-67E0-4C37-AD0C-D864E5D3D9A5} – System32TasksMicrosoftOfficeOffice Subscription Maintenance => C:Program FilesMicrosoft OfficerootvfsProgramFilesCommonx64Microsoft SharedOffice16OLicenseHeartbeat.exe [1498000 2021-04-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {AB7A4CE1-E729-4CDA-98F7-38C73C699F0C} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Cache Maintenance => C:ProgramDataMicrosoftWindows Defenderplatform4.18.2103.7-0MpCmdRun.exe [566368 2021-04-24] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AF4995B7-5AE9-4CC6-A05B-4B8028A0D911} – System32TasksMicrosoftOfficeOffice Automatic Updates 2.0 => C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeC2RClient.exe [23248792 2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {B83829E4-BCE4-4CDC-B6EC-2E21097DC582} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Scheduled Scan => C:ProgramDataMicrosoftWindows Defenderplatform4.18.2103.7-0MpCmdRun.exe [566368 2021-04-24] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BD9EEE89-64CF-4542-A36E-867ADD1FE778} – System32TasksMicrosoftVisualStudioVSIX Auto Update => C:Program Files (x86)Microsoft Visual StudioInstallerresourcesappServiceHubServicesMicrosoft.VisualStudio.Setup.ServiceVSIXAutoUpdate.exe [207728 2020-04-06] (Microsoft Corporation -> )
Task: {C262A357-D5D7-44EA-A012-F89675B9993D} – System32TasksAvast Emergency Update => C:ProgramsAvEmUpdate.exe [4699872 2021-04-24] (Avast Software s.r.o. -> AVAST Software)
Task: {C54A1A79-BD9D-49D9-AC91-12520F8CE289} – System32TasksAvast SoftwareOverseer => C:Program FilesCommon FilesAVAST SoftwareOverseeroverseer.exe [1791712 2021-02-23] (Avast Software s.r.o. -> Avast Software)
Task: {D46FFD87-758F-4246-B074-703A513D8DC7} – System32TasksMicrosoftVisualStudioUpdatesUpdateConfiguration_S-1-5-21-848354871-4184821791-1569574031-1001 => C:Program Files (x86)Microsoft Visual StudioInstallerresourcesappServiceHubServicesMicrosoft.VisualStudio.Setup.ServiceVSIXConfigurationUpdater.exe [23456 2020-04-06] (Microsoft Corporation -> Microsoft)
Task: {E6F26828-AA26-4365-BA0A-C35D9A5DFB5D} – System32TasksMicrosoftOfficeOffice Serviceability Manager => C:Program FilesCommon FilesMicrosoft SharedClickToRunofficesvcmgr.exe [4061296 2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {EB09C41A-391E-4D0E-85F3-383E843709FA} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Verification => C:ProgramDataMicrosoftWindows Defenderplatform4.18.2103.7-0MpCmdRun.exe [566368 2021-04-24] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EF65B00E-4EBE-409E-8AFA-F6DC3EEF20F5} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Cleanup => C:ProgramDataMicrosoftWindows Defenderplatform4.18.2103.7-0MpCmdRun.exe [566368 2021-04-24] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

TcpipParameters: [DhcpNameServer] 192.168.0.254
Tcpip..Interfaces{7d3bfb07-f44f-4a7f-aff5-f4750641e764}: [DhcpNameServer] 192.168.0.254

Edge:
=======
DownloadDir: C:UsersMY_USERNAMEDownloads
Edge Session Restore: HKUS-1-5-21-848354871-4184821791-1569574031-1001 -> is enabled.
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsAutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsBookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsLearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsPinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:UsersMY_USERNAMEAppDataLocalMicrosoftEdgeUser DataDefault [2021-04-25]
Edge DownloadDir: C:UsersMY_USERNAMEDownloads

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:Program FilesMicrosoft OfficerootOffice16NPSPWRAP.DLL [2021-04-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Mozilla Firefoxpluginsnpmeetingjoinpluginoc.dll [2021-04-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16NPSPWRAP.DLL [2021-04-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:Program Files (x86)AdobeAcrobat Reader DCReaderAIRnppdf32.dll [2021-04-21] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefault [2021-04-25]
CHR DownloadDir: E:DataDownloads
CHR DefaultSearchKeyword: Default -> google.com/ncr
CHR Session Restore: Default -> is enabled.
CHR Extension: (Slides) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionsaapocclcgogkmnckokdopfmhonfmgoek [2020-02-27]
CHR Extension: (Safe Torrent Scanner) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionsaegnopegbbhjeeiganiajffnalhlkkjb [2021-01-22]
CHR Extension: (Duolingo on the Web) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionsaiahmijlpehemcpleichkcokhegllfjl [2020-02-27]
CHR Extension: (TooManyTabs for Chrome) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionsamigcgbheognjmfkaieeeadojiibgbdp [2020-05-28]
CHR Extension: (Docs) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake [2020-02-27]
CHR Extension: (Google Drive) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf [2020-10-25]
CHR Extension: (Fast Panopto) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionsbginlheikaacjjdajifcbakcmfcgmefh [2020-07-15]
CHR Extension: (YouTube) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [2020-02-27]
CHR Extension: (Honey) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionsbmnlcjabgnpnenekpadlanbbkooimhnj [2021-04-21]
CHR Extension: (Character Count) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionsbpjdkinahbalcimnlaijodhiigpfkmjf [2020-02-27]
CHR Extension: (OneTab) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionschphlpgkkbolifaimnlloiipkdnihall [2021-03-07]
CHR Extension: (uBlock Origin) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionscjpalhdlnbpafiamejdnhcphjbkeiagm [2021-03-20]
CHR Extension: (BuiltWith Technology Profiler) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionsdapjbgnjinbpoindlpdmhochffioedbn [2020-12-20]
CHR Extension: (Typio Form Recovery) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionsdjkbihbnjhkjahbhjaadbepppbpoedaa [2020-10-05]
CHR Extension: (Adobe Acrobat) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionsefaidnbmnnnibpcajpcglclefindmkaj [2021-03-12]
CHR Extension: (BlockSite – Stay Focused & Control Your Time) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionseiimnmioipafcokbfikbljfdeojpcgbh [2021-04-23]
CHR Extension: (Sheets) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionsfelcaaldnbdncclmgdcncolpebgiejap [2020-02-27]
CHR Extension: (Google Docs Offline) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionsghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-04-16]
CHR Extension: (Avast Online Security) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionsgomekmidlodglbbmalcneegieacbdmki [2021-02-17]
CHR Extension: (Tamper Chrome (extension)) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionshifhgpdkfodlpnlmlnmhchnkepplebkb [2020-12-09]
CHR Extension: (Screen Recorder) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionshniebljpgcogalllopnjokppmgbhaden [2021-04-05]
CHR Extension: (WhatFont) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionsjabopobgcpjmedljpbcaablpmlmfcogm [2020-02-27]
CHR Extension: (Panopto Downloader) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionsjcgoagdconfndcjginjeokegdpahebno [2021-03-20]
CHR Extension: (rikaikun) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionsjipdnfibhldikgcjhfnomkfpcebammhp [2020-09-03]
CHR Extension: (Request Maker) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionskajfghlhfkcocafkcjlajldicbikpgnp [2020-02-27]
CHR Extension: (Reddit Enhancement Suite) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionskbmfpngjjgdllneeigpgjifpgocmfgmb [2021-04-16]
CHR Extension: (Tab Save) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionslkngoeaeclaebmpkgapchgjdbaekacki [2020-02-27]
CHR Extension: (RemoveCookiesForSite) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionslmfdblomdpkcniknaenceeogpgepocmm [2020-02-27]
CHR Extension: (Chrono Download Manager) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionsmciiogijehkdemklbdcbfkefimifhecn [2021-02-14]
CHR Extension: (PowerPoint Online) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionsmdafamggmaaaginooondinjgkgcbpnhp [2020-05-27]
CHR Extension: (Video Speed Controller) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionsnffaoalbilbmmfgbnbgppjihopabppdk [2020-09-13]
CHR Extension: (Chrome Web Store Payments) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Tamper Chrome (application)) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionsodldmflbckacdofpepkdkmkccgdfaemb [2020-02-27]
CHR Extension: (SetupVPN – Lifetime Free VPN) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionsoofgbpoabipfcfjapgnbbjjaenockbdp [2021-04-19]
CHR Extension: (Gmail) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionspkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-24]
CHR HKLM-x32…ChromeExtension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32…ChromeExtension: [eofcbnmajmjmplflapaojjnihcjkigck]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R3 aswbIDSAgent; C:Programsaswidsagent.exe [7894040 2021-04-24] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:ProgramsAvastSvc.exe [606944 2021-04-24] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:ProgramsaswToolsSvc.exe [356064 2021-04-24] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:Programswsc_proxy.exe [56920 2021-04-24] (Avast Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeClickToRun.exe [8788392 2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
R2 MBAMService; C:Program FilesMalwarebytesAnti-MalwareMBAMService.exe [7456464 2021-04-24] (Malwarebytes Inc -> Malwarebytes)
S3 MsMpiLaunchSvc; C:Program FilesMicrosoft MPIBinmsmpilaunchsvc.exe [161040 2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
S3 OfficeSvcManagerAddons; C:WINDOWSsystem32dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [21312 2020-10-16] (Microsoft Windows -> Microsoft Corporation)
S3 OfficeSvcManagerAddons; C:WINDOWSsystem32dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [21312 2020-10-16] (Microsoft Windows -> Microsoft Corporation)
S3 Sense; C:Program FilesWindows Defender Advanced Threat ProtectionMsSense.exe [5361256 2021-04-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 VSStandardCollectorService150; C:Program Files (x86)Microsoft Visual StudioSharedCommonDiagnosticsHub.Collection.ServiceStandardCollector.Service.exe [147392 2019-05-01] (Microsoft Corporation -> Microsoft Corporation)
S3 WdNisSvc; C:ProgramDataMicrosoftWindows Defenderplatform4.18.2103.7-0NisSrv.exe [2624104 2021-04-24] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:ProgramDataMicrosoftWindows Defenderplatform4.18.2103.7-0MsMpEng.exe [128376 2021-04-24] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:WINDOWSSystem32driversamdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 aswArDisk; C:WINDOWSSystem32driversaswArDisk.sys [35664 2021-04-24] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:WINDOWSSystem32driversaswArPot.sys [212192 2021-04-24] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:WINDOWSSystem32driversaswbidsdriver.sys [365024 2021-04-24] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:WINDOWSSystem32driversaswbidsh.sys [250336 2021-04-24] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:WINDOWSSystem32driversaswbuniv.sys [99288 2021-04-24] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:WINDOWSSystem32driversaswElam.sys [17352 2021-04-24] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:WINDOWSSystem32driversaswKbd.sys [41296 2021-04-24] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:WINDOWSSystem32driversaswMonFlt.sys [180448 2021-04-24] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:WINDOWSSystem32driversaswNetHub.sys [522384 2021-04-24] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:WINDOWSSystem32driversaswRdr2.sys [107792 2021-04-24] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:WINDOWSSystem32driversaswRvrt.sys [82872 2021-04-24] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:WINDOWSSystem32driversaswSnx.sys [850632 2021-04-24] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:WINDOWSSystem32driversaswSP.sys [467720 2021-04-24] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:WINDOWSSystem32driversaswStm.sys [215352 2021-04-24] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:WINDOWSSystem32driversaswVmm.sys [326992 2021-04-24] (Avast Software s.r.o. -> AVAST Software)
S3 BthA2dp; C:WINDOWSSystem32driversBthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R1 ESProtectionDriver; C:WINDOWSsystem32driversmbae64.sys [199128 2021-04-24] (Malwarebytes Inc -> Malwarebytes)
R2 MBAMChameleon; C:WINDOWSSystem32DriversMbamChameleon.sys [220752 2021-04-25] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:WINDOWSSystem32DRIVERSMbamElam.sys [19912 2021-04-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:WINDOWSSystem32DRIVERSfarflt.sys [198888 2021-04-25] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:WINDOWSsystem32DRIVERSmbam.sys [77496 2021-04-25] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:WINDOWSSystem32Driversmbamswissarmy.sys [248992 2021-04-24] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:WINDOWSsystem32DRIVERSmwac.sys [157944 2021-04-25] (Malwarebytes Inc -> Malwarebytes)
R1 npcap; C:WINDOWSsystem32DRIVERSnpcap.sys [74616 2020-09-25] (Insecure.Com LLC -> Insecure.Com LLC.)
S3 rzbtendpt; C:WINDOWSSystem32driversrzbtendpt.sys [51912 2015-08-13] (Razer Inc. -> Razer Inc)
S3 rzdaendpt; C:WINDOWSSystem32driversrzdaendpt.sys [43720 2015-08-13] (Razer Inc. -> Razer Inc)
R3 rzendpt; C:WINDOWSSystem32driversrzendpt.sys [50392 2015-08-13] (Razer Inc. -> Razer Inc)
S3 rzhnet; C:WINDOWSSystem32Driversrzhnet.sys [29912 2015-08-13] (Razer Inc. -> Razer Inc)
S3 rzjstk; C:WINDOWSSystem32driversrzjstk.sys [36568 2015-08-13] (Razer Inc. -> Razer Inc)
S3 rzkeypadendpt; C:WINDOWSSystem32driversrzkeypadendpt.sys [46280 2015-08-13] (Razer Inc. -> Razer Inc)
S3 rzmpos; C:WINDOWSSystem32driversrzmpos.sys [48840 2015-08-13] (Razer Inc. -> Razer Inc)
S3 rzp1endpt; C:WINDOWSSystem32driversrzp1endpt.sys [52424 2015-08-13] (Razer Inc. -> Razer Inc)
S3 rzvkeyboard; C:WINDOWSSystem32driversrzvkeyboard.sys [44232 2015-08-13] (Razer Inc. -> Razer Inc)
S3 rzvmouse; C:WINDOWSSystem32driversrzvmouse.sys [42712 2015-08-13] (Razer Inc. -> Razer Inc)
S3 ssudcdf; C:WINDOWSSystem32driversssudcdf.sys [36608 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssuddmgr; C:WINDOWSSystem32driversssuddmgr.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudmdm; C:WINDOWSsystem32DRIVERSssudmdm.sys [166760 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ssudobex; C:WINDOWSSystem32driversssudobex.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudqcfilter; C:WINDOWSSystem32driversssudqcfilter.sys [64640 2016-09-05] (Samsung Electronics CO., LTD. -> QUALCOMM Incorporated)
S3 ssudrmnet; C:WINDOWSSystem32driversssudrmnet.sys [70400 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.)
S3 ssudserd; C:WINDOWSSystem32driversssudserd.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ss_conn_usb_driver; C:WINDOWSSystem32Driversss_conn_usb_driver.sys [26368 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.)
R3 VSTWinDriver6; C:WINDOWSsystem32driversVSTwindrvr6.sys [252928 2015-01-20] (Microsoft Windows Hardware Compatibility Publisher -> Jungo)
S0 WdBoot; C:WINDOWSSystem32driverswdWdBoot.sys [49560 2021-04-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:WINDOWSSystem32driverswdWdFilter.sys [421088 2021-04-24] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:WINDOWSSystem32driverswdWdNisDrv.sys [72928 2021-04-24] (Microsoft Windows -> Microsoft Corporation)
U4 npcap_wifi; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-25 22:53 – 2021-04-25 22:53 – 139984896 _____ C:WINDOWSsystem32configSOFTWARE
2021-04-25 22:47 – 2021-04-25 22:53 – 000000000 ____D C:WINDOWSMicrosoft Antimalware
2021-04-25 18:17 – 2021-04-25 18:17 – 000000000 ____D C:UsersMY_USERNAMEAppDataLocalLowIGDump
2021-04-25 17:27 – 2021-04-25 18:17 – 000000000 ____D C:FRST
2021-04-25 15:53 – 2021-04-25 15:55 – 000188674 _____ C:TDSSKiller.3.1.0.28_25.04.2021_15.53.27_log.txt
2021-04-25 15:26 – 2021-04-25 15:26 – 000000000 ____D C:UsersMY_USERNAMEAppDataLocalApple
2021-04-25 12:53 – 2021-04-25 12:53 – 000220752 _____ (Malwarebytes) C:WINDOWSsystem32DriversMbamChameleon.sys
2021-04-25 12:53 – 2021-04-25 12:53 – 000198888 _____ (Malwarebytes) C:WINDOWSsystem32Driversfarflt.sys
2021-04-25 12:53 – 2021-04-25 12:53 – 000157944 _____ (Malwarebytes) C:WINDOWSsystem32Driversmwac.sys
2021-04-25 12:53 – 2021-04-25 12:53 – 000077496 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbam.sys
2021-04-24 23:28 – 2021-04-24 23:28 – 000248992 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbamswissarmy.sys
2021-04-24 23:28 – 2021-04-24 23:28 – 000199128 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbae64.sys
2021-04-24 23:28 – 2021-04-24 23:28 – 000019912 _____ (Malwarebytes) C:WINDOWSsystem32DriversMbamElam.sys
2021-04-24 23:28 – 2021-04-24 23:28 – 000002033 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes.lnk
2021-04-24 23:28 – 2021-04-24 23:28 – 000002021 _____ C:UsersPublicDesktopMalwarebytes.lnk
2021-04-24 23:28 – 2021-04-24 23:28 – 000002021 _____ C:ProgramDataDesktopMalwarebytes.lnk
2021-04-24 23:26 – 2021-04-24 23:26 – 000000000 ____D C:Program FilesMalwarebytes
2021-04-24 15:18 – 2021-04-24 15:18 – 000339680 _____ (AVAST Software) C:WINDOWSsystem32aswBoot.exe
2021-04-24 15:18 – 2021-04-24 15:18 – 000215352 _____ (AVAST Software) C:WINDOWSsystem32DriversaswStm.sys
2021-04-23 13:32 – 2021-04-23 13:32 – 000000000 ____D C:UsersMY_USERNAMEAppDataRoamingTeams
2021-04-23 00:43 – 2021-04-23 00:43 – 000000000 ____D C:UsersMY_USERNAMEDocumentsCustom Office Templates
2021-04-22 14:25 – 2021-04-22 14:25 – 000002456 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsSkype for Business.lnk
2021-04-22 14:25 – 2021-04-22 14:25 – 000002451 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsWord.lnk
2021-04-22 14:25 – 2021-04-22 14:25 – 000002450 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsPowerPoint.lnk
2021-04-22 14:25 – 2021-04-22 14:25 – 000002414 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsAccess.lnk
2021-04-22 14:25 – 2021-04-22 14:25 – 000002413 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsExcel.lnk
2021-04-22 14:25 – 2021-04-22 14:25 – 000002407 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsOutlook.lnk
2021-04-22 14:25 – 2021-04-22 14:25 – 000002401 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsPublisher.lnk
2021-04-22 14:25 – 2021-04-22 14:25 – 000002393 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsOneNote.lnk
2021-04-22 14:25 – 2021-04-22 14:25 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Office Tools
2021-04-22 14:24 – 2021-04-22 14:24 – 000000000 ____D C:Program FilesCommon FilesDESIGNER
2021-04-22 14:08 – 2021-04-22 14:25 – 000000000 ____D C:Program FilesMicrosoft Office
2021-04-22 14:08 – 2021-04-22 14:08 – 000000000 ____D C:Program FilesMicrosoft Office 15
2021-04-16 23:57 – 2021-04-16 23:57 – 000000056 _____ C:UsersMY_USERNAME.git-credentials
2021-04-15 19:44 – 2021-04-15 19:44 – 001823304 _____ (Microsoft Corporation) C:WINDOWSsystem32winload.efi
2021-04-15 19:44 – 2021-04-15 19:44 – 000231248 _____ C:WINDOWSsystem32containerdevicemanagement.dll
2021-04-15 19:44 – 2021-04-15 19:44 – 000011357 _____ C:WINDOWSsystem32DrtmAuthTxt.wim
2021-04-07 13:05 – 2021-04-07 18:32 – 000000000 ____D C:UsersMY_USERNAMEAppDataRoamingqrenderdoc
2021-04-07 13:05 – 2021-04-07 13:05 – 000000000 ____D C:UsersMY_USERNAMEAppDataRoamingrenderdoc
2021-04-07 13:05 – 2021-04-07 13:05 – 000000000 ____D C:UsersMY_USERNAME.android
2021-03-27 15:02 – 2021-03-27 15:11 – 000000000 ____D C:UsersMY_USERNAMEAppDataRoamingtyranogame

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-25 18:12 – 2019-12-07 11:14 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft
2021-04-25 17:52 – 2020-10-07 23:39 – 000000000 ____D C:WINDOWSsystem32SleepStudy
2021-04-25 17:52 – 2020-02-27 17:58 – 000000000 ____D C:UsersMY_USERNAMEAppDataRoamingdiscord
2021-04-25 17:46 – 2020-02-27 17:58 – 000000000 ____D C:UsersMY_USERNAMEAppDataLocalDiscord
2021-04-25 17:27 – 2019-12-07 11:13 – 000000000 ____D C:WINDOWSINF
2021-04-25 16:27 – 2020-03-01 19:19 – 000000000 ____D C:UsersMY_USERNAMEAppDataRoamingSpotify
2021-04-25 16:05 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSRegistration
2021-04-25 15:26 – 2020-02-27 19:19 – 000000000 ___HD C:Program Files (x86)InstallShield Installation Information
2021-04-25 15:25 – 2020-05-29 20:00 – 000000000 ____D C:UsersMY_USERNAMEAppDataLocalPackage Cache
2021-04-25 15:24 – 2021-02-06 14:40 – 000000000 ____D C:WINDOWSsystem32appmgmt
2021-04-25 13:46 – 2020-02-27 18:02 – 000000000 ____D C:ProgramDataRiot Games
2021-04-25 13:46 – 2020-02-26 23:32 – 000000000 ____D C:UsersMY_USERNAMEAppDataLocalD3DSCache
2021-04-25 13:01 – 2019-12-07 11:14 – 000000000 ___HD C:Program FilesWindowsApps
2021-04-25 13:00 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSAppReadiness
2021-04-25 12:59 – 2020-10-08 09:08 – 000789980 _____ C:WINDOWSsystem32perfh00C.dat
2021-04-25 12:59 – 2020-10-08 09:08 – 000149496 _____ C:WINDOWSsystem32perfc00C.dat
2021-04-25 12:59 – 2020-10-08 09:06 – 000487072 _____ C:WINDOWSsystem32perfh011.dat
2021-04-25 12:59 – 2020-10-08 09:06 – 000132800 _____ C:WINDOWSsystem32perfc011.dat
2021-04-25 12:59 – 2020-10-08 09:04 – 000497116 _____ C:WINDOWSsystem32perfh012.dat
2021-04-25 12:59 – 2020-10-08 09:04 – 000132824 _____ C:WINDOWSsystem32perfc012.dat
2021-04-25 12:59 – 2020-10-07 23:49 – 003002386 _____ C:WINDOWSsystem32PerfStringBackup.INI
2021-04-25 12:53 – 2020-10-07 23:54 – 000000006 ____H C:WINDOWSTasksSA.DAT
2021-04-25 12:53 – 2020-10-07 23:39 – 000008192 ___SH C:DumpStack.log.tmp
2021-04-25 12:53 – 2020-02-27 00:01 – 000000000 ____D C:ProgramDataAVAST Software
2021-04-25 12:47 – 2020-02-27 08:16 – 000065536 _____ C:WINDOWSsystem32spu_storage.bin
2021-04-25 12:47 – 2019-12-07 11:03 – 000786432 _____ C:WINDOWSsystem32configBBI
2021-04-25 12:45 – 2020-03-01 19:20 – 000000000 ____D C:UsersMY_USERNAMEAppDataLocalSpotify
2021-04-25 07:21 – 2020-10-08 02:27 – 000003386 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskMachineCore1d69cf319188bf1
2021-04-25 07:21 – 2020-10-07 23:54 – 000003480 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskMachineUA
2021-04-25 03:54 – 2019-12-07 11:03 – 000000000 ____D C:WINDOWSCbsTemp
2021-04-24 23:34 – 2020-02-27 08:16 – 000000000 ____D C:WINDOWSsystem32Driverswd
2021-04-24 23:28 – 2019-12-07 11:14 – 000000000 ___HD C:WINDOWSELAMBKUP
2021-04-24 23:24 – 2019-12-07 11:03 – 000032768 _____ C:WINDOWSsystem32configELAM
2021-04-24 23:03 – 2020-11-05 01:05 – 000002176 _____ C:WINDOWSsystem32Tasksnpcapwatchdog
2021-04-24 23:03 – 2020-10-07 23:54 – 000003482 _____ C:WINDOWSsystem32TasksAdobe Acrobat Update Task
2021-04-24 23:03 – 2020-10-07 23:54 – 000003346 _____ C:WINDOWSsystem32TasksGoogleUpdateTaskMachineUA
2021-04-24 23:03 – 2020-10-07 23:54 – 000003184 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskMachineCore
2021-04-24 23:03 – 2020-10-07 23:54 – 000003122 _____ C:WINDOWSsystem32TasksGoogleUpdateTaskMachineCore
2021-04-24 23:03 – 2020-10-07 23:54 – 000002858 _____ C:WINDOWSsystem32TasksOneDrive Standalone Update Task-S-1-5-21-848354871-4184821791-1569574031-1003
2021-04-24 23:03 – 2020-10-07 23:54 – 000002858 _____ C:WINDOWSsystem32TasksOneDrive Standalone Update Task-S-1-5-21-848354871-4184821791-1569574031-1001
2021-04-24 23:03 – 2020-10-07 23:54 – 000002202 _____ C:WINDOWSsystem32TasksStartCN
2021-04-24 23:03 – 2020-10-07 23:54 – 000002122 _____ C:WINDOWSsystem32TasksStartDVR
2021-04-24 23:03 – 2020-10-07 23:54 – 000000000 ____D C:WINDOWSsystem32TasksAvast Software
2021-04-24 19:14 – 2020-10-07 23:39 – 000500832 _____ C:WINDOWSsystem32FNTCACHE.DAT
2021-04-24 19:00 – 2020-03-15 23:50 – 000000000 ____D C:UsersMY_USERNAMEAppDataRoaming.minecraft
2021-04-24 15:18 – 2020-10-13 19:55 – 000180448 _____ (AVAST Software) C:WINDOWSsystem32DriversaswMonFlt.sys
2021-04-24 15:18 – 2020-10-07 23:54 – 000003938 _____ C:WINDOWSsystem32TasksAvast Emergency Update
2021-04-24 15:18 – 2020-04-15 16:26 – 000522384 _____ (AVAST Software) C:WINDOWSsystem32DriversaswNetHub.sys
2021-04-24 15:18 – 2020-02-27 00:05 – 000850632 _____ (AVAST Software) C:WINDOWSsystem32DriversaswSnx.sys
2021-04-24 15:18 – 2020-02-27 00:05 – 000467720 _____ (AVAST Software) C:WINDOWSsystem32DriversaswSP.sys
2021-04-24 15:18 – 2020-02-27 00:05 – 000365024 _____ (AVAST Software) C:WINDOWSsystem32Driversaswbidsdriver.sys
2021-04-24 15:18 – 2020-02-27 00:05 – 000326992 _____ (AVAST Software) C:WINDOWSsystem32DriversaswVmm.sys
2021-04-24 15:18 – 2020-02-27 00:05 – 000250336 _____ (AVAST Software) C:WINDOWSsystem32Driversaswbidsh.sys
2021-04-24 15:18 – 2020-02-27 00:05 – 000212192 _____ (AVAST Software) C:WINDOWSsystem32DriversaswArPot.sys
2021-04-24 15:18 – 2020-02-27 00:05 – 000107792 _____ (AVAST Software) C:WINDOWSsystem32DriversaswRdr2.sys
2021-04-24 15:18 – 2020-02-27 00:05 – 000099288 _____ (AVAST Software) C:WINDOWSsystem32Driversaswbuniv.sys
2021-04-24 15:18 – 2020-02-27 00:05 – 000082872 _____ (AVAST Software) C:WINDOWSsystem32DriversaswRvrt.sys
2021-04-24 15:18 – 2020-02-27 00:05 – 000041296 _____ (AVAST Software) C:WINDOWSsystem32DriversaswKbd.sys
2021-04-24 15:18 – 2020-02-27 00:05 – 000035664 _____ (AVAST Software) C:WINDOWSsystem32DriversaswArDisk.sys
2021-04-24 15:18 – 2020-02-27 00:05 – 000017352 _____ (AVAST Software) C:WINDOWSsystem32DriversaswElam.sys
2021-04-24 11:22 – 2020-08-21 13:40 – 000002438 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Edge.lnk
2021-04-23 13:44 – 2020-02-27 00:02 – 000002136 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsAcrobat Reader DC.lnk
2021-04-23 13:32 – 2020-02-27 17:58 – 000000000 ____D C:UsersMY_USERNAMEAppDataLocalSquirrelTemp
2021-04-23 00:19 – 2020-02-27 00:25 – 000002301 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk
2021-04-22 14:29 – 2020-02-26 23:32 – 000000000 __RHD C:UsersPublicAccountPictures
2021-04-22 14:25 – 2019-12-07 11:14 – 000000000 ____D C:Program FilesCommon Filesmicrosoft shared
2021-04-21 19:10 – 2021-02-02 13:04 – 000000000 ____D C:UsersMY_USERNAMEDocumentsMy Kindle Content
2021-04-21 17:36 – 2020-03-01 00:55 – 000000000 ____D C:UsersMY_USERNAMEAppDataLocal.IdentityService
2021-04-19 18:22 – 2020-03-01 14:42 – 000000000 ____D C:UsersMY_USERNAME.p2
2021-04-19 17:45 – 2020-06-14 16:36 – 000000000 ____D C:UsersMY_USERNAMEAppDataRoamingvlc
2021-04-19 17:33 – 2020-10-08 09:02 – 000000000 ____D C:WINDOWSsystem32Driversen-GB
2021-04-19 17:33 – 2019-12-07 11:54 – 000000000 ____D C:Program FilesWindows Defender Advanced Threat Protection
2021-04-19 17:33 – 2019-12-07 11:14 – 000000000 ___SD C:WINDOWSsystem32DiagSvcs
2021-04-19 17:33 – 2019-12-07 11:14 – 000000000 ___RD C:WINDOWSImmersiveControlPanel
2021-04-19 17:33 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSSystemResources
2021-04-19 17:33 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSsystem32setup
2021-04-19 17:33 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSsystem32oobe
2021-04-19 17:33 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSsystem32lv-LV
2021-04-19 17:33 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSsystem32lt-LT
2021-04-19 17:33 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSsystem32et-EE
2021-04-19 17:33 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSsystem32es-MX
2021-04-19 17:33 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSProvisioning
2021-04-19 17:33 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSPolicyDefinitions
2021-04-19 17:33 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSbcastdvr
2021-04-18 22:17 – 2020-02-28 12:46 – 000000000 ____D C:UsersMY_USERNAMEAppDataRoamingAnki2
2021-04-17 02:05 – 2021-02-02 13:04 – 000002292 _____ C:UsersMY_USERNAMEDesktopKindle.lnk
2021-04-17 02:05 – 2021-02-02 13:04 – 000000000 ____D C:UsersMY_USERNAMEAppDataLocalAmazon
2021-04-16 23:57 – 2020-10-07 23:41 – 000000000 ____D C:UsersMY_USERNAME
2021-04-16 23:20 – 2020-02-27 18:45 – 000000000 ____D C:UsersMY_USERNAMEDocumentsSound recordings
2021-04-15 19:44 – 2020-10-07 23:39 – 002877440 _____ (Microsoft Corporation) C:WINDOWSSysWOW64PrintConfig.dll
2021-04-15 19:34 – 2020-02-27 19:01 – 000000000 ____D C:WINDOWSsystem32MRT
2021-04-15 19:32 – 2020-02-27 19:01 – 131963968 ____C (Microsoft Corporation) C:WINDOWSsystem32MRT.exe
2021-04-12 22:44 – 2020-08-18 19:42 – 000000000 ____D C:UsersMY_USERNAMEDocumentsMy Games
2021-04-12 21:18 – 2020-10-07 23:41 – 000002363 _____ C:UsersMY_USERNAMEAppDataRoamingMicrosoftWindowsStart MenuProgramsOneDrive.lnk
2021-04-12 21:18 – 2020-02-26 23:35 – 000000000 ___RD C:UsersMY_USERNAMEOneDrive
2021-04-11 22:14 – 2020-11-19 16:07 – 000000000 ____D C:UsersMY_USERNAMEDocumentsZoom
2021-04-10 22:35 – 2020-03-28 01:56 – 000000000 ____D C:UsersMY_USERNAMEAppDataRoamingRenPy

==================== Files in the root of some directories ========

2020-04-17 01:45 – 2020-04-18 01:29 – 000000812 _____ () C:UsersMY_USERNAMEAppDataRoamingjd-gui.cfg
2020-12-24 20:18 – 2020-12-26 16:09 – 000000128 _____ () C:UsersMY_USERNAMEAppDataLocalPUTTY.RND
2021-03-02 14:44 – 2021-03-02 14:44 – 000002158 _____ () C:UsersMY_USERNAMEAppDataLocalrecently-used.xbel
2020-05-12 17:48 – 2020-05-12 17:48 – 000007621 _____ () C:UsersMY_USERNAMEAppDataLocalResmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

And Addition.txt:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2021
Ran by MY_USERNAME (25-04-2021 18:39:40)
Running from E:DataDownloads
Windows 10 Pro Version 2004 19041.928 (X64) (2020-10-07 21:54:27)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-848354871-4184821791-1569574031-500 – Administrator – Disabled)
DefaultAccount (S-1-5-21-848354871-4184821791-1569574031-503 – Limited – Disabled)
Guest (S-1-5-21-848354871-4184821791-1569574031-501 – Limited – Disabled)
MY_USERNAME (S-1-5-21-848354871-4184821791-1569574031-1001 – Administrator – Enabled) => C:UsersMY_USERNAME
WDAGUtilityAccount (S-1-5-21-848354871-4184821791-1569574031-504 – Limited – Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled – Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AV: Malwarebytes (Enabled – Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM…7-Zip) (Version: 19.00 – Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32…{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.001.20150 – Adobe Systems Incorporated)
Amazon Kindle (HKUS-1-5-21-848354871-4184821791-1569574031-1001…Amazon Kindle) (Version: 1.31.0.60170 – Amazon)
AMD Settings (HKLM…WUCCCApp) (Version: 2019.0816.1152.21357 – Advanced Micro Devices, Inc.)
Anaconda3 2020.11 (Python 3.8.5 64-bit) (HKUS-1-5-21-848354871-4184821791-1569574031-1001…Anaconda3 2020.11 (Python 3.8.5 64-bit)) (Version: 2020.11 – Anaconda, Inc.)
Anki (HKLM-x32…Anki) (Version: 2.1.30 – )
Application Verifier x64 External Package (HKLM…{10CA1677-8F02-3131-F25C-780BAB52E468}) (Version: 10.1.18362.1 – Microsoft) Hidden
Avast Free Antivirus (HKLM-x32…Avast Antivirus) (Version: 21.3.2459 – Avast Software)
Canon IJ Network Scanner Selector EX2 (HKLM-x32…Canon_IJ_Network_Scanner_Selector_EX2) (Version: 2.0.5.3 – Canon Inc.)
Canon IJ Printer Assistant Tool (HKLM-x32…Canon IJ Printer Assistant Tool) (Version: 1.00.1.51 – Canon Inc.)
Canon IJ Scan Utility (HKLM-x32…Canon_IJ_Scan_Utility) (Version: 1.4.0.16 – Canon Inc.)
Canon TR7500 series MP Drivers (HKLM…{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_TR7500_series) (Version: 1.02 – Canon Inc.)
Cheat Engine 7.1 (HKLM…Cheat Engine_is1) (Version: – Cheat Engine)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32…{0243F145-076D-423A-8F77-218DC8840261}) (Version: 4.8.04119 – Microsoft Corporation) Hidden
CMake (HKLM…{E4AE8797-642B-4E04-86C6-AC7228086CF4}) (Version: 3.18.0 – Kitware)
DiagnosticsHub_CollectionService (HKLM…{1F3C3AAC-9F7A-47DA-A082-0ACE770041BE}) (Version: 16.1.28901 – Microsoft Corporation) Hidden
Discord (HKUS-1-5-21-848354871-4184821791-1569574031-1001…Discord) (Version: 0.0.309 – Discord Inc.)
dupeGuru 4.1.0 (HKLM…dupeGuru) (Version: 4.1.0 – Hardcoded Software)
Electrum (HKUS-1-5-21-848354871-4184821791-1569574031-1001…Electrum) (Version: 4.0.2 – Electrum Technologies GmbH)
Epic Games Launcher (HKLM-x32…{FEF3A9BA-A962-4469-AD62-04839D4BB847}) (Version: 1.1.298.0 – Epic Games, Inc.)
FileZilla Client 3.51.0 (HKLM-x32…FileZilla Client) (Version: 3.51.0 – Tim Kosse)
GIMP 2.10.18 (HKLM…GIMP-2_is1) (Version: 2.10.18 – The GIMP Team)
Git version 2.25.1 (HKLM…Git_is1) (Version: 2.25.1 – The Git Development Community)
Google Chrome (HKLM-x32…Google Chrome) (Version: 90.0.4430.85 – Google LLC)
heroku (HKLM-x32…heroku) (Version: – Heroku)
icecap_collection_neutral (HKLM-x32…{929EAD9A-42D2-4FC7-B7E6-529AAD5F6D0D}) (Version: 16.5.29814 – Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM…{84EC5964-D540-4494-9043-BF7BEE37D1E1}) (Version: 16.5.29814 – Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32…{16D7574C-1007-4A85-93FF-666E74AD60D2}) (Version: 16.5.29521 – Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32…{F5C67FC5-BF18-4304-9268-A971876B245A}) (Version: 16.4.29411 – Microsoft Corporation) Hidden
IntelliTraceProfilerProxy (HKLM-x32…{7D94CF67-6666-4111-B027-D7AB7F189F70}) (Version: 15.0.18198.01 – Microsoft Corporation) Hidden
Java™ SE Development Kit 13.0.2 (64-bit) (HKLM…{606493F9-D1F1-5355-BB8A-F0E30F1AFFED}) (Version: 13.0.2.0 – Oracle Corporation)
Kits Configuration Installer (HKLM-x32…{63AAA877-5536-9481-2385-28A082100D78}) (Version: 10.1.18362.1 – Microsoft) Hidden
Launcher Prerequisites (x64) (HKLM-x32…{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 – Epic Games, Inc.) Hidden
League of Legends (HKUS-1-5-21-848354871-4184821791-1569574031-1001…Riot Game league_of_legends.live) (Version: – Riot Games, Inc)
Malwarebytes version 4.3.0.98 (HKLM…{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 – Malwarebytes)
Microsoft .NET Core SDK 3.1.201 (x64) from Visual Studio (HKLM…{AE0BA5F1-D63A-4784-944F-114B82FB8202}) (Version: 3.1.201.015034 – Microsoft Corporation)
Microsoft 365 Apps for enterprise – en-us (HKLM…O365ProPlusRetail – en-us) (Version: 16.0.13901.20400 – Microsoft Corporation)
Microsoft Edge (HKLM-x32…Microsoft Edge) (Version: 90.0.818.46 – Microsoft Corporation)
Microsoft MPI (10.0.12498.5) (HKLM…{8499ACD3-C1E3-45AB-BF96-DA491727EBE1}) (Version: 10.0.12498.5 – Microsoft Corporation)
Microsoft ODBC Driver 17 for SQL Server (HKLM…{E36FFC78-D25E-4962-872B-9CE0E50E62CD}) (Version: 17.5.1.1 – Microsoft Corporation)
Microsoft OneDrive (HKUS-1-5-21-848354871-4184821791-1569574031-1001…OneDriveSetup.exe) (Version: 21.052.0314.0001 – Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM…{8D7CE3B0-5379-46FE-9F4B-A65D9F4CC1F1}) (Version: 15.0.1200.24 – Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM-x32…{725CC962-98BD-42C7-87D8-51C680FB1779}) (Version: 15.0.1200.24 – Microsoft Corporation)
Microsoft Update Health Tools (HKLM…{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 – Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable – x64 9.0.30729.17 (HKLM…{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 – Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.6161 (HKLM-x32…{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 – Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable – 10.0.40219 (HKLM-x32…{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 – Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.40649 (HKLM-x32…{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 – Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) – 12.0.21005 (HKLM-x32…{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 – Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) – 14.25.28508 (HKLM-x32…{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 – Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) – 14.25.28508 (HKLM-x32…{65e650ff-30be-469d-b63a-418d71ea1765}) (Version: 14.25.28508.3 – Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM…{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 2.5.2059.317 – Microsoft Corporation)
Minecraft Launcher (HKLM-x32…{E15F69FA-660D-45CC-B28F-6CBC4CAD2091}) (Version: 1.0.0.0 – Mojang)
MSI Development Tools (HKLM-x32…{DB4DB790-64DD-1902-4BF2-833B3B6DBCA1}) (Version: 10.1.18362.1 – Microsoft Corporation) Hidden
Nexon Launcher (HKLM-x32…Nexon Nexon Launcher) (Version: 2.0.0 – Nexon)
Nmap 7.91 (HKLM-x32…Nmap) (Version: 7.91 – Nmap Project)
Notepad++ (32-bit x86) (HKLM-x32…Notepad++) (Version: 7.8.4 – Notepad++ Team)
Npcap (HKLM-x32…NpcapInst) (Version: 1.00 – Nmap Project)
OBS Studio (HKLM-x32…OBS Studio) (Version: 25.0.8 – OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM…{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13901.20400 – Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM…{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13901.20400 – Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM…{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13901.20336 – Microsoft Corporation) Hidden
OpenShot Video Editor version 2.5.1 (HKLM…{4BB0DCDC-BC24-49EC-8937-72956C33A470}_is1) (Version: 2.5.1 – OpenShot Studios, LLC)
osu! (HKLM-x32…{7c910db9-0f2a-47bd-9d98-3f72f69f5b9e}) (Version: latest – ppy Pty Ltd)
psqlODBC_x64 (HKLM…{3F8971B0-061B-4163-9D3F-EA94151B2FCF}) (Version: 09.06.0504 – PostgreSQL Global Development Group)
PuTTY release 0.74 (64-bit) (HKLM…{127B996B-5308-4012-865B-9446451EA326}) (Version: 0.74.0.0 – Simon Tatham)
Python 3.8.3 (64-bit) (HKUS-1-5-21-848354871-4184821791-1569574031-1001…{f7b3255c-a01a-4595-8768-ff8f6613898c}) (Version: 3.8.3150.0 – Python Software Foundation)
Python 3.8.3 Add to Path (64-bit) (HKLM…{13E05234-E037-4C96-BF0C-585FD0A8E2B0}) (Version: 3.8.3150.0 – Python Software Foundation) Hidden
Python 3.8.3 Core Interpreter (64-bit) (HKLM…{A0258B41-0D21-496B-A342-B8BCCB8F2B8D}) (Version: 3.8.3150.0 – Python Software Foundation) Hidden
Python 3.8.3 Development Libraries (64-bit) (HKLM…{91ECF664-C305-44DD-A08E-0319EAD11534}) (Version: 3.8.3150.0 – Python Software Foundation) Hidden
Python 3.8.3 Documentation (64-bit) (HKLM…{519DA1AF-03AD-4CEA-813F-F47B4B14DF3F}) (Version: 3.8.3150.0 – Python Software Foundation) Hidden
Python 3.8.3 Executables (64-bit) (HKLM…{245A2BD7-1E51-448C-810D-356286B18BA8}) (Version: 3.8.3150.0 – Python Software Foundation) Hidden
Python 3.8.3 pip Bootstrap (64-bit) (HKLM…{698BFA23-9AF5-43B1-A08E-293477F8FD9B}) (Version: 3.8.3150.0 – Python Software Foundation) Hidden
Python 3.8.3 Standard Library (64-bit) (HKLM…{3E010818-0B52-4BCD-994D-D321F25ABAEC}) (Version: 3.8.3150.0 – Python Software Foundation) Hidden
Python 3.8.3 Tcl/Tk Support (64-bit) (HKLM…{7FD17CEE-EE81-4241-96B1-EA4BE139AA38}) (Version: 3.8.3150.0 – Python Software Foundation) Hidden
Python 3.8.3 Test Suite (64-bit) (HKLM…{381E4487-0C58-447D-A3F7-7EC5902DDAF4}) (Version: 3.8.3150.0 – Python Software Foundation) Hidden
Python 3.8.3 Utility Scripts (64-bit) (HKLM…{AF4FC66A-D11F-4270-B93C-F556D565E32C}) (Version: 3.8.3150.0 – Python Software Foundation) Hidden
Python Launcher (HKLM-x32…{406A47EE-C4AE-4944-BADE-1B543A443873}) (Version: 3.8.7072.0 – Python Software Foundation)
R for Windows 4.0.3 (HKLM…R for Windows 4.0.3_is1) (Version: 4.0.3 – R Core Team)
Razer Synapse (HKLM-x32…{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.21.24.34 – Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32…{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 – Realtek Semiconductor Corp.)
RStudio (HKLM-x32…RStudio) (Version: 1.4.1103 – RStudio)
Rtools 4.0 (4.0.0.28) (HKLM…Rtools_is1) (Version: 4.0 – The R Foundation)
SDK ARM Additions (HKLM-x32…{73681F86-CD86-4208-572F-959B45430B04}) (Version: 10.1.18362.1 – Microsoft Corporation) Hidden
SDK ARM Redistributables (HKLM-x32…{67EE3804-9642-62BA-EBF1-B1561FB4ECBE}) (Version: 10.1.18362.1 – Microsoft Corporation) Hidden
Spotify (HKUS-1-5-21-848354871-4184821791-1569574031-1001…Spotify) (Version: 1.1.57.443.ga029a6c4 – Spotify AB)
Steam (HKLM-x32…Steam) (Version: 2.10.91.91 – Valve Corporation)
Synaptics Pointing Device Driver (HKLM…SynTPDeinstKey) (Version: 19.0.14.1 – Synaptics Incorporated)
Tableau 2020.3 (20203.20.1110.1623) (HKLM…{FDFFDD1D-665B-4459-85ED-0F00EE587864}) (Version: 20.3.29762 – Tableau Software) Hidden
Tableau 2020.3 (20203.20.1110.1623) (HKLM-x32…{6a3a9b8d-f769-43b6-8b7f-be54b3f59471}) (Version: 20.3.29762 – Tableau Software)
TreeSize Free V4.4.2 (HKLM-x32…TreeSize Free_is1) (Version: 4.4.2 – JAM Software)
UE4 Prerequisites (x64) (HKLM…{F9EC45F9-074A-48BF-92E9-A8CADD56F693}) (Version: 1.0.11.0 – Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32…{4e242cc8-5e3c-4b08-9d55-dbc62ddd1208}) (Version: 1.0.13.0 – Epic Games, Inc.) Hidden
Universal CRT Extension SDK (HKLM-x32…{13952D7A-B7B3-F4F8-5F29-5CD18E8168B7}) (Version: 10.1.18362.1 – Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32…{74CBC330-ED16-31B9-E8BE-0C6A8E67DE32}) (Version: 10.1.18362.1 – Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32…{0460C87B-7F4C-3170-FAC9-B7A6AE5CE4E9}) (Version: 10.0.26624 – Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32…{847D4DAF-0182-265B-324F-406462E8A90D}) (Version: 10.1.18362.1 – Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM…{54FE4D23-11A2-F1C4-76E9-79C8FB40A4A1}) (Version: 10.1.18362.1 – Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32…{9F7B0D96-881D-8850-C303-43F3A08E6902}) (Version: 10.1.18362.1 – Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32…{6F54BF87-2EE6-FA6D-431D-33A665992D49}) (Version: 10.1.18362.1 – Microsoft Corporation) Hidden
Update for (KB2504637) (HKLM-x32…{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 – Microsoft Corporation)
uTorrent Web (HKUS-1-5-21-848354871-4184821791-1569574031-1001…utweb) (Version: 1.1.4 – BitTorrent, Inc.)
vcpp_crt.redist.clickonce (HKLM-x32…{6B25D94A-4B50-45E2-BBD3-54E68700E1BC}) (Version: 14.25.28508 – Microsoft Corporation) Hidden
Visual Studio Community 2019 (HKLM-x32…d6292e34) (Version: 16.5.29926.136 – Microsoft Corporation)
VLC media player (HKLM…VLC media player) (Version: 3.0.10 – VideoLAN)
VS Immersive Activate Helper (HKLM-x32…{78500789-0EBE-4490-BE43-F9EF8250BF42}) (Version: 16.0.98.0 – Microsoft Corporation) Hidden
VS JIT Debugger (HKLM…{4137D3AB-5B44-4AC9-83A4-5273F2E2547E}) (Version: 16.0.98.0 – Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM…{D8B26CBD-15D2-440B-BCBD-5616D74EFC7D}) (Version: 16.0.98.0 – Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32…{B5E3A3E1-1529-4D5A-9E95-34971FA07825}) (Version: 16.0.28329 – Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32…{BAF91847-0A64-405E-98EC-A0BA6FB4BC4E}) (Version: 16.0.28329 – Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32…{271F1F42-B547-4498-825F-590DBB1774F7}) (Version: 16.0.28329 – Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32…{30D97A69-3C0F-4552-9A72-60E591B210C7}) (Version: 16.0.28329 – Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32…{FDC38876-AD68-4616-942D-AC3194DAB0A3}) (Version: 16.5.29814 – Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32…{95E79BBC-97FD-4FEB-91B5-CC0231324812}) (Version: 16.0.28329 – Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32…{AD0C92A4-1514-4BC1-A723-A272A8343924}) (Version: 16.0.28329 – Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32…{7DB17E2A-450D-4DBD-9C17-545A95804B0C}) (Version: 16.5.29814 – Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32…{C309FC3D-20C2-4F48-AF46-E59674774602}) (Version: 16.5.29814 – Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32…{692A0FB3-E6A2-4D41-AC03-4136B4312DC0}) (Version: 16.3.29209 – Microsoft Corporation) Hidden
vs_Graphics_Singletonx64 (HKLM…{ABBD10CA-0CFA-4D76-B033-F76C55A54336}) (Version: 16.4.29411 – Microsoft Corporation) Hidden
vs_Graphics_Singletonx86 (HKLM-x32…{E47B4703-2337-4ED0-BA24-3EC08D643684}) (Version: 16.4.29411 – Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32…{27B16914-BC5D-4018-8074-071262A27F6D}) (Version: 16.2.28917 – Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32…{4D33D909-B071-41D2-B305-96B8586F911E}) (Version: 16.5.29814 – Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32…{EC04CD66-C03A-470D-B0D2-4BBC87F6382D}) (Version: 16.0.28329 – Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32…{0A54CADD-CBA1-4BC9-A134-6C9F91F41B9A}) (Version: 16.5.29521 – Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32…{E208E682-50EE-4F2F-9860-C91B906B8A03}) (Version: 16.0.28329 – Microsoft Corporation) Hidden
WinAppDeploy (HKLM-x32…{8E3AE0EF-D067-700C-BDB4-10D5552155DC}) (Version: 10.1.18362.1 – Microsoft Corporation) Hidden
Windows Driver Package – Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0) (HKLM…EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 – Texas Instruments Inc.)
Windows Driver Package – Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1) (HKLM…7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 – Texas Instruments Inc.)
Windows SDK AddOn (HKLM-x32…{E6F877A1-2F65-4BF0-87B6-A4071B7663D3}) (Version: 10.1.0.0 – Microsoft Corporation)
Windows Software Development Kit – Windows 10.0.18362.1 (HKLM-x32…{126dedf0-cc0e-4b48-9ece-806b0e437195}) (Version: 10.1.18362.1 – Microsoft Corporation)
WinRAR 5.90 beta 2 (64-bit) (HKLM…WinRAR archiver) (Version: 5.90.2 – win.rar GmbH)
WinRT Intellisense Desktop – en-us (HKLM-x32…{E67F1F03-FB4A-3D61-8999-E6A4C4B26F34}) (Version: 10.1.18362.1 – Microsoft Corporation) Hidden
WinRT Intellisense Desktop – Other Languages (HKLM-x32…{7EF010FF-7800-28BA-FF49-2D219EC7BA82}) (Version: 10.1.18362.1 – Microsoft Corporation) Hidden
WinRT Intellisense IoT – en-us (HKLM-x32…{36AE12FB-4349-6EAA-B6E4-5F4E06FA8AE8}) (Version: 10.1.18362.1 – Microsoft Corporation) Hidden
WinRT Intellisense IoT – Other Languages (HKLM-x32…{6B03A6A4-643C-57CE-CA6F-4E19BF47497A}) (Version: 10.1.18362.1 – Microsoft Corporation) Hidden
WinRT Intellisense Mobile – en-us (HKLM-x32…{918A448F-59E8-FBF5-B087-D3F07160C7E0}) (Version: 10.1.18362.1 – Microsoft Corporation) Hidden
WinRT Intellisense PPI – en-us (HKLM-x32…{66483041-F590-EC46-4AF0-EE39C62FB680}) (Version: 10.1.18362.1 – Microsoft Corporation) Hidden
WinRT Intellisense PPI – Other Languages (HKLM-x32…{9C61E6D2-C43E-6746-B519-6185558C4A24}) (Version: 10.1.18362.1 – Microsoft Corporation) Hidden
WinRT Intellisense UAP – en-us (HKLM-x32…{6B37CC5B-78DF-5050-2215-68479716A587}) (Version: 10.1.18362.1 – Microsoft Corporation) Hidden
WinRT Intellisense UAP – Other Languages (HKLM-x32…{250D5341-0879-4016-399C-BBCD87B80E95}) (Version: 10.1.18362.1 – Microsoft Corporation) Hidden
Zoom (HKUS-1-5-21-848354871-4184821791-1569574031-1001…ZoomUMX) (Version: 5.4.9 (59931.0110) – Zoom Video Communications, Inc.)

Packages:
=========
Canon Inkjet Print Utility -> C:Program FilesWindowsApps34791E63.CanonInkjetPrintUtility_3.1.0.0_neutral__6e5tt8cgb93ep [2021-02-18] (Canon Inc.)
Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsmicrosoft.advertising.xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-02-27] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsmicrosoft.advertising.xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-02-27] (Microsoft Corporation) [MS Ad]
Photos Media Engine Add-on -> C:Program FilesWindowsAppsMicrosoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-10-04] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKUS-1-5-21-848354871-4184821791-1569574031-1001_ClassesCLSID{C52B9871-E5E9-41FD-B84D-C5ACADBEC7AE}InprocServer32 -> E:UNUSED_PATHLocale EmulatorLEContextMenuHandler.DLL (Paddy Xu) [File not signed] [File is in use]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:ProgramsashShell.dll [2021-04-24] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:ProgramsashShell.dll [2021-04-24] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => E:DataApplications7-Zip7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:ApplicationsNotepad++NppShell_06.dll [2020-01-30] (Notepad++ -> )
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:ProgramsashShell.dll [2021-04-24] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:ApplicationsWinRARrarext.dll [2020-02-22] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:ApplicationsWinRARrarext32.dll [2020-02-22] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:ProgramsashShell.dll [2021-04-24] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2021-04-24] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => E:DataApplications7-Zip7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:Program FilesAMDCNextCNextatiacm64.dll [2019-08-16] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => E:DataApplications7-Zip7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:ProgramsashShell.dll [2021-04-24] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2021-04-24] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:ApplicationsWinRARrarext.dll [2020-02-22] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:ApplicationsWinRARrarext32.dll [2020-02-22] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:UsersMY_USERNAMEAppDataRoamingMicrosoftWindowsStart MenuProgramsChrome AppsTamper Chrome (application).lnk -> C:Program Files (x86)GoogleChromeApplicationchrome_proxy.exe (Google LLC) -> –profile-directory=Default –app-id=odldmflbckacdofpepkdkmkccgdfaemb
ShortcutWithArgument: C:UsersMY_USERNAMEAppDataRoamingMicrosoftWindowsStart MenuProgramsAnaconda3 (64-bit)Anaconda Prompt (Anaconda).lnk -> C:WindowsSystem32cmd.exe (Microsoft Corporation) -> “/K” E:DataApplicationsAnacondaScriptsactivate.bat E:DataApplicationsAnaconda
ShortcutWithArgument: C:UsersMY_USERNAMEAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedImplicitAppShortcuts890307056398c20Screen Recorder.lnk -> C:Program Files (x86)GoogleChromeApplicationchrome_proxy.exe (Google LLC) -> –profile-directory=Default –app-id=hniebljpgcogalllopnjokppmgbhaden

==================== Loaded Modules (Whitelisted) =============

2019-06-28 17:32 – 2019-06-28 17:32 – 000017920 _____ () [File not signed] C:Program FilesAMDCNextCNextlibEGL.DLL
2019-06-28 17:32 – 2019-06-28 17:32 – 003598336 _____ () [File not signed] C:Program FilesAMDCNextCNextlibGLESv2.dll
2019-08-16 21:37 – 2019-08-16 21:37 – 000158208 _____ (Advanced Micro Devices, Inc.) [File not signed] C:WINDOWSSYSTEM32amdihk64.dll
2020-05-04 17:05 – 2016-10-21 16:06 – 000318976 _____ (CANON INC) [File not signed] C:Program Files (x86)CanonIJ Network Scanner Selector EX2scchmpm.dll
2020-05-04 17:05 – 2016-12-01 09:23 – 000219648 _____ (CANON INC.) [File not signed] C:Program Files (x86)CanonIJ Network Scanner Selector EX2cnmpu2.dll
2020-05-04 17:05 – 2016-12-09 11:09 – 000008192 _____ (CANON INC.) [File not signed] C:Program Files (x86)CanonIJ Network Scanner Selector EX2CNS2_ENU.DLL
2020-05-04 17:05 – 2016-12-09 11:09 – 000104960 _____ (CANON INC.) [File not signed] C:Program Files (x86)CanonIJ Network Scanner Selector EX2CNS2_IMG.dll
2020-11-28 16:01 – 2019-02-21 18:00 – 000078336 _____ (Igor Pavlov) [File not signed] E:DataApplications7-Zip7-zip.dll
2021-04-22 14:24 – 2021-04-22 14:24 – 000000000 ____L (Microsoft Corporation) C:Program FilesMicrosoft OfficeRootOffice16AppVIsvSubsystems64.dll
2021-04-22 14:24 – 2021-04-22 14:24 – 000000000 ____L (Microsoft Corporation) C:Program FilesMicrosoft OfficeRootOffice16c2r64.dll
2019-06-28 17:32 – 2019-06-28 17:32 – 000031744 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextimageformatsqgif.dll
2019-06-28 17:32 – 2019-06-28 17:32 – 000040960 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextimageformatsqicns.dll
2019-06-28 17:32 – 2019-06-28 17:32 – 000031744 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextimageformatsqico.dll
2019-06-28 17:32 – 2019-06-28 17:32 – 000414208 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextimageformatsqjpeg.dll
2019-06-28 17:32 – 2019-06-28 17:32 – 000025088 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextimageformatsqsvg.dll
2019-06-28 17:32 – 2019-06-28 17:32 – 000025088 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextimageformatsqtga.dll
2019-06-28 17:32 – 2019-06-28 17:32 – 000023552 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextimageformatsqwbmp.dll
2019-06-28 17:32 – 2019-06-28 17:32 – 000516608 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextimageformatsqwebp.dll
2019-06-28 17:32 – 2019-06-28 17:32 – 001441280 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextplatformsqwindows.dll
2019-08-16 11:49 – 2019-08-16 11:49 – 005999104 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Core.dll
2019-06-28 17:32 – 2019-06-28 17:32 – 006413824 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Gui.dll
2019-06-28 17:32 – 2019-06-28 17:32 – 001141760 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Network.dll
2019-06-28 17:32 – 2019-06-28 17:32 – 000339968 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Positioning.dll
2019-06-28 17:32 – 2019-06-28 17:32 – 004143104 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Qml.dll
2019-06-28 17:32 – 2019-06-28 17:32 – 003840000 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Quick.dll
2019-06-28 17:32 – 2019-06-28 17:32 – 000332800 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Svg.dll
2019-06-28 17:32 – 2019-06-28 17:32 – 000113152 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5WebChannel.dll
2019-06-28 17:32 – 2019-06-28 17:32 – 000349184 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5WebEngine.dll
2019-06-28 17:32 – 2019-06-28 17:32 – 080959488 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5WebEngineCore.dll
2019-06-28 17:32 – 2019-06-28 17:32 – 005622272 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Widgets.dll
2019-06-28 17:32 – 2019-06-28 17:32 – 000463360 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5WinExtras.dll
2019-06-28 17:32 – 2019-06-28 17:32 – 000190464 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Xml.dll
2019-06-28 17:32 – 2019-06-28 17:32 – 002825216 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5XmlPatterns.dll
2019-06-28 17:33 – 2019-06-28 17:33 – 000053760 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtGraphicalEffectsprivateqtgraphicaleffectsprivate.dll
2019-06-28 17:33 – 2019-06-28 17:33 – 000059392 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtGraphicalEffectsqtgraphicaleffectsplugin.dll
2019-06-28 17:33 – 2019-06-28 17:33 – 000017408 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuick.2qtquick2plugin.dll
2019-06-28 17:33 – 2019-06-28 17:33 – 000330752 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickControlsqtquickcontrolsplugin.dll
2019-06-28 17:33 – 2019-06-28 17:33 – 000137216 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickDialogsdialogplugin.dll
2019-06-28 17:33 – 2019-06-28 17:33 – 000090112 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickLayoutsqquicklayoutsplugin.dll
2019-06-28 17:33 – 2019-06-28 17:33 – 000017920 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickWindow.2windowplugin.dll
2019-06-28 17:33 – 2019-06-28 17:33 – 000136192 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextstylesqwindowsvistastyle.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalaswSP.sys => “”=”Driver”
HKLMSYSTEMCurrentControlSetControlSafeBootMinimalMBAMService => “”=”Service”
HKLMSYSTEMCurrentControlSetControlSafeBootNetworkaswSP.sys => “”=”Driver”
HKLMSYSTEMCurrentControlSetControlSafeBootNetworkMBAMService => “”=”Service”

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:Program FilesMicrosoft OfficerootOffice16OCHelper.dll [2021-04-22] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16OCHelper.dll [2021-04-22] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 – {83C25742-A9F7-49FB-9138-434302C88D07} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-04-22] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 – {83C25742-A9F7-49FB-9138-434302C88D07} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-04-22] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-04-22] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-04-22] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-04-22] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-04-22] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 – {5504BE45-A83B-4808-900A-3A5C36E7F77A} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-04-22] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 – {5504BE45-A83B-4808-900A-3A5C36E7F77A} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-04-22] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKUS-1-5-21-848354871-4184821791-1569574031-1001…sharepoint.com -> hxxps://<domain>-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2020-02-27 04:39 – 2020-02-27 04:37 – 000000824 _____ C:WINDOWSsystem32driversetchosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLMSystemCurrentControlSetControlSession ManagerEnvironmentPath -> C:Program FilesMicrosoft MPIBin;C:Program FilesPython38Scripts;C:Program FilesPython38;%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;%SYSTEMROOT%System32WindowsPowerShellv1.0;%SYSTEMROOT%System32OpenSSH;C:ApplicationsGitcmd;C:Program Filesdotnet;E:DataApplicationsPutty
HKUS-1-5-21-848354871-4184821791-1569574031-1001Control PanelDesktopWallpaper -> E:wallpaper.jpg
DNS Servers: 192.168.0.254
HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM…StartupApprovedStartupFolder: => “Nexon Launcher.lnk”
HKLM…StartupApprovedRun: => “SynTPEnh”
HKLM…StartupApprovedRun: => “WindowsDefender”
HKLM…StartupApprovedRun32: => “APSDaemon”
HKUS-1-5-21-848354871-4184821791-1569574031-1001…StartupApprovedRun: => “OneDrive”
HKUS-1-5-21-848354871-4184821791-1569574031-1001…StartupApprovedRun: => “Discord”
HKUS-1-5-21-848354871-4184821791-1569574031-1001…StartupApprovedRun: => “Steam”
HKUS-1-5-21-848354871-4184821791-1569574031-1001…StartupApprovedRun: => “utweb”
HKUS-1-5-21-848354871-4184821791-1569574031-1001…StartupApprovedRun: => “EpicGamesLauncher”
HKUS-1-5-21-848354871-4184821791-1569574031-1001…StartupApprovedRun: => “BlueJeans.Detector” <– Pretty sure I uninstalled this.
HKUS-1-5-21-848354871-4184821791-1569574031-1001…StartupApprovedRun: => “Wargaming.net Game Center” <– Pretty sure I uninstalled this.

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{2EE28565-E589-4038-82F6-8EC0C59FC639}C:applicationsjavajdk-13.0.2binjava.exe] => (Allow) C:applicationsjavajdk-13.0.2binjava.exe
FirewallRules: [TCP Query User{FCA68CCE-2142-4AE5-B285-A0C2465638FE}C:applicationsjavajdk-13.0.2binjava.exe] => (Allow) C:applicationsjavajdk-13.0.2binjava.exe
FirewallRules: [{64F3E5F9-9E68-40E1-8B7E-494134848F96}] => (Block) E:dataapplicationsue4epic gamesue_4.24enginebinarieswin64crashreportclienteditor.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{261DFA3B-1335-491B-A4B5-7C43DD9A2C86}] => (Block) E:dataapplicationsue4epic gamesue_4.24enginebinarieswin64crashreportclienteditor.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{BD18FFC4-0F66-4BDF-801A-CB5D8D552689}E:dataapplicationsue4epic gamesue_4.24enginebinarieswin64crashreportclienteditor.exe] => (Allow) E:dataapplicationsue4epic gamesue_4.24enginebinarieswin64crashreportclienteditor.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{4C8131B6-3AFC-4023-B6FF-2746F3331299}E:dataapplicationsue4epic gamesue_4.24enginebinarieswin64crashreportclienteditor.exe] => (Allow) E:dataapplicationsue4epic gamesue_4.24enginebinarieswin64crashreportclienteditor.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{07B1A8F9-63B2-40E8-AAE5-803F3B61E2CF}] => (Block) E:dataapplicationsue4epic gamesue_4.24enginebinarieswin64ue4editor.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{A5377052-1F80-497D-A784-4FF75DB184BB}] => (Block) E:dataapplicationsue4epic gamesue_4.24enginebinarieswin64ue4editor.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{0DF99CAE-4D2F-4E8A-8ABD-2C886AFD8D8C}E:dataapplicationsue4epic gamesue_4.24enginebinarieswin64ue4editor.exe] => (Allow) E:dataapplicationsue4epic gamesue_4.24enginebinarieswin64ue4editor.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{47C995C9-2AAD-49DC-9C5C-A3E2E146754D}E:dataapplicationsue4epic gamesue_4.24enginebinarieswin64ue4editor.exe] => (Allow) E:dataapplicationsue4epic gamesue_4.24enginebinarieswin64ue4editor.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{3878302A-DC82-41C5-8EC3-73CFF61C2317}] => (Block) C:usersMY_USERNAMEdesktopiperfiperf-3.1.3-win64iperf3.exe () [File not signed]
FirewallRules: [{3549C5DE-4A72-45B9-B02D-EB36F03F8CBD}] => (Block) C:usersMY_USERNAMEdesktopiperfiperf-3.1.3-win64iperf3.exe () [File not signed]
FirewallRules: [UDP Query User{FD222444-6096-480B-B533-1FE07DE3BB20}C:usersMY_USERNAMEdesktopiperfiperf-3.1.3-win64iperf3.exe] => (Allow) C:usersMY_USERNAMEdesktopiperfiperf-3.1.3-win64iperf3.exe () [File not signed]
FirewallRules: [TCP Query User{575B0EF7-442C-4862-BB5C-C3D27323475E}C:usersMY_USERNAMEdesktopiperfiperf-3.1.3-win64iperf3.exe] => (Allow) C:usersMY_USERNAMEdesktopiperfiperf-3.1.3-win64iperf3.exe () [File not signed]
FirewallRules: [{26D5C7B8-16C6-4B82-9D9B-69AA67954853}] => (Block) E:dataapplicationsvlcvlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{F624EE59-65CE-42CC-B9DA-D3C0392E37D8}] => (Block) E:dataapplicationsvlcvlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{05049C7A-B292-4842-8B78-79C652ADDF3A}E:dataapplicationsvlcvlc.exe] => (Allow) E:dataapplicationsvlcvlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{67CE2A99-D333-4D37-983D-6E05860C01BC}E:dataapplicationsvlcvlc.exe] => (Allow) E:dataapplicationsvlcvlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{B8084D65-D663-4BFB-9AA1-5AA77C7D7BD7}] => (Allow) C:Program FilesMicrosoft MPIBinsmpd.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{ED121269-AF53-446F-B429-E66CCCA55780}] => (Allow) C:Program FilesMicrosoft MPIBinsmpd.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D5D77C9D-BFCA-4F0C-AB28-2B2B18C6DEDB}] => (Allow) C:Program FilesMicrosoft MPIBinmpiexec.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DF95E454-10C2-427E-8EE7-D18A835E92B1}] => (Allow) C:Program FilesMicrosoft MPIBinmpiexec.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A6877064-E827-4813-99A0-7AAB62850C58}] => (Allow) C:Program FilesMicrosoft MPIBinmsmpilaunchsvc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7F04CDC0-28D8-44A3-BD55-3128E7A66F94}] => (Allow) C:Program FilesMicrosoft MPIBinmsmpilaunchsvc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8769222D-41E7-4389-AC25-837ACE6C76B6}] => (Block) E:gamesworld_of_tanks_euwin64worldoftanks.exe => No File
FirewallRules: [{259CA0C0-0FD8-4AFB-A1DB-87F9DF2CF0B8}] => (Block) E:gamesworld_of_tanks_euwin64worldoftanks.exe => No File
FirewallRules: [UDP Query User{5343DFE6-76FF-447C-92FA-D760DF83F0ED}E:gamesworld_of_tanks_euwin64worldoftanks.exe] => (Allow) E:gamesworld_of_tanks_euwin64worldoftanks.exe => No File
FirewallRules: [TCP Query User{C325AA0B-934D-48BE-ABF3-6BB02CA95570}E:gamesworld_of_tanks_euwin64worldoftanks.exe] => (Allow) E:gamesworld_of_tanks_euwin64worldoftanks.exe => No File
FirewallRules: [{65EEC05A-03AB-44BB-BA63-A467167E3BC4}] => (Block) E:datagameswargaming.netgamecenterwgc.exe => No File
FirewallRules: [{44CE0D85-B7A0-430C-80C3-D0326ED23134}] => (Block) E:datagameswargaming.netgamecenterwgc.exe => No File
FirewallRules: [UDP Query User{10277247-4A17-4B76-B67B-AA1170D5E22C}E:datagameswargaming.netgamecenterwgc.exe] => (Allow) E:datagameswargaming.netgamecenterwgc.exe => No File
FirewallRules: [TCP Query User{AB1B1FBA-FE4C-417A-8B0D-A76FFB851AB5}E:datagameswargaming.netgamecenterwgc.exe] => (Allow) E:datagameswargaming.netgamecenterwgc.exe => No File
FirewallRules: [{C5D84E84-2AF4-4E26-8F6C-4B80B5F0460E}] => (Block) C:usersMY_USERNAMEappdatalocalbluejeanscurrentbluejeans.exe => No File
FirewallRules: [{81AE5525-2CF9-49C4-BDE8-0CA6E60FFFEA}] => (Block) C:usersMY_USERNAMEappdatalocalbluejeanscurrentbluejeans.exe => No File
FirewallRules: [UDP Query User{6FF46F46-E9F6-46CD-9F94-200FC6B76907}C:usersMY_USERNAMEappdatalocalbluejeanscurrentbluejeans.exe] => (Allow) C:usersMY_USERNAMEappdatalocalbluejeanscurrentbluejeans.exe => No File
FirewallRules: [TCP Query User{86271907-8EEE-4C92-992F-A0986D096708}C:usersMY_USERNAMEappdatalocalbluejeanscurrentbluejeans.exe] => (Allow) C:usersMY_USERNAMEappdatalocalbluejeanscurrentbluejeans.exe => No File
FirewallRules: [{C775683A-72CC-41F4-91D7-9C206CE7D1FD}] => (Allow) C:UsersMY_USERNAMEAppDataRoamingZoombinairhost.exe => No File
FirewallRules: [{84D67CDD-1F19-42E4-B37C-81826FAD423C}] => (Allow) C:UsersMY_USERNAMEAppDataRoamingZoombinZoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{2CF0D115-DB1F-40A8-8778-7B7C075D48CF}] => (Block) C:applicationsue4epic gameslauncherportalbinarieswin64epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{D39DA9F1-1A6B-431D-A67C-0AFE4CFD4C4B}] => (Block) C:applicationsue4epic gameslauncherportalbinarieswin64epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{C44D05EF-FA3F-4AD2-B5E0-C2ADEE56F413}] => (Block) C:applicationsue4epic gamesue_4.24enginebinarieswin64crashreportclienteditor.exe => No File
FirewallRules: [{07AAD894-AAA8-4E11-81F8-5D828BD9C2E5}] => (Block) C:applicationsue4epic gamesue_4.24enginebinarieswin64crashreportclienteditor.exe => No File
FirewallRules: [{9D824715-E27F-4EF2-9F10-E86EE94CA4DA}] => (Block) C:applicationsue4epic gamesue_4.24enginebinarieswin64ue4editor.exe => No File
FirewallRules: [UDP Query User{7BBCC27B-5A98-41D3-8828-C7CDF5791217}C:applicationsue4epic gamesue_4.24enginebinarieswin64crashreportclienteditor.exe] => (Allow) C:applicationsue4epic gamesue_4.24enginebinarieswin64crashreportclienteditor.exe => No File
FirewallRules: [TCP Query User{EEADBBD6-BE63-474C-8EB3-88A040A797FC}C:applicationsue4epic gamesue_4.24enginebinarieswin64crashreportclienteditor.exe] => (Allow) C:applicationsue4epic gamesue_4.24enginebinarieswin64crashreportclienteditor.exe => No File
FirewallRules: [{E98C88E2-492F-4033-A7B4-7F6C493199BF}] => (Block) C:applicationsue4epic gamesue_4.24enginebinarieswin64ue4editor.exe => No File
FirewallRules: [UDP Query User{6D10252A-450B-4589-8AA9-209874EF6E7E}C:applicationsue4epic gamesue_4.24enginebinarieswin64ue4editor.exe] => (Allow) C:applicationsue4epic gamesue_4.24enginebinarieswin64ue4editor.exe => No File
FirewallRules: [TCP Query User{E60A8130-85A9-487A-9583-D42E23C27CB9}C:applicationsue4epic gamesue_4.24enginebinarieswin64ue4editor.exe] => (Allow) C:applicationsue4epic gamesue_4.24enginebinarieswin64ue4editor.exe => No File
FirewallRules: [UDP Query User{1E02B351-A030-417A-A24E-4C280BACCAA2}C:applicationsue4epic gameslauncherportalbinarieswin64epicgameslauncher.exe] => (Allow) C:applicationsue4epic gameslauncherportalbinarieswin64epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{2206D692-0992-4137-90BD-BBC2DC1F1919}C:applicationsue4epic gameslauncherportalbinarieswin64epicgameslauncher.exe] => (Allow) C:applicationsue4epic gameslauncherportalbinarieswin64epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{865ECB0A-3780-4819-B818-667C064CABB1}] => (Allow) C:UsersMY_USERNAMEAppDataRoaminguTorrent Webutweb.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{C69024C6-3BB3-4B2E-B2CB-38E8FC577E66}] => (Allow) C:UsersMY_USERNAMEAppDataRoaminguTorrent Webutweb.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{67B2F9EE-BA9E-40BE-98E5-48F55CEB0C2D}] => (Allow) C:ApplicationsSteambincefcef.win7x64steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{B045E921-D5C6-4D67-A0A9-3F99AD102CF6}] => (Allow) C:ApplicationsSteambincefcef.win7x64steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [UDP Query User{DD65947A-A4FE-4339-9200-ECDE0D67FB55}C:applicationsminecraftruntimejre-x64binjavaw.exe] => (Allow) C:applicationsminecraftruntimejre-x64binjavaw.exe
FirewallRules: [TCP Query User{233E37B1-B8CF-4497-9560-637BF3F00E56}C:applicationsminecraftruntimejre-x64binjavaw.exe] => (Allow) C:applicationsminecraftruntimejre-x64binjavaw.exe
FirewallRules: [{D9F1672D-20C3-4850-AA68-D81B55ECAF47}] => (Allow) C:ApplicationsSteambincefcef.win7steamwebhelper.exe => No File
FirewallRules: [{8C4ACE0C-3F30-42C4-ACA8-C5DBC3967AF5}] => (Allow) C:ApplicationsSteambincefcef.win7steamwebhelper.exe => No File
FirewallRules: [{AE7AC4F4-C4BB-4CBF-ABE2-14BD46C11600}] => (Allow) C:ApplicationsSteamSteam.exe (Valve -> Valve Corporation)
FirewallRules: [{794FB143-5ED0-4285-9035-C1F548ACB06E}] => (Allow) C:ApplicationsSteamSteam.exe (Valve -> Valve Corporation)
FirewallRules: [{D44C0BAA-D246-4720-BE66-795A90E865D0}] => (Block) C:usersMY_USERNAMEappdataroamingspotifyspotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7A7682C9-9AAA-44DE-85F8-D1987DEA499D}] => (Block) C:usersMY_USERNAMEappdataroamingspotifyspotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{04A167D0-EA2E-41D1-9602-35A64647A1C2}C:usersMY_USERNAMEappdataroamingspotifyspotify.exe] => (Allow) C:usersMY_USERNAMEappdataroamingspotifyspotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{42647679-C6F9-454C-8C44-9B36E0B4C503}C:usersMY_USERNAMEappdataroamingspotifyspotify.exe] => (Allow) C:usersMY_USERNAMEappdataroamingspotifyspotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4CB39A59-4F45-44FD-A531-28960824B080}] => (Allow) E:Gamesvindictusappdataen-USNMService.exe (NEXON Korea Corporation. -> Nexon Corp.)
FirewallRules: [{87943F7E-D91A-4BE2-97D6-B3776F8F5B77}] => (Allow) E:Gamesvindictusappdataen-USNMService.exe (NEXON Korea Corporation. -> Nexon Corp.)
FirewallRules: [TCP Query User{471B03AF-7287-4F04-A4F8-2B6F09C5F839}E:gamesvindictusappdataen-usvindictus.exe] => (Allow) E:gamesvindictusappdataen-usvindictus.exe (NEXON Korea Corporation. -> NEXON Corp.)
FirewallRules: [UDP Query User{CB25CE5A-E94C-400D-B32F-888CD0B3BE04}E:gamesvindictusappdataen-usvindictus.exe] => (Allow) E:gamesvindictusappdataen-usvindictus.exe (NEXON Korea Corporation. -> NEXON Corp.)
FirewallRules: [{92ECFF2A-C7DE-4E8B-9463-666EBB41D962}] => (Block) E:gamesvindictusappdataen-usvindictus.exe (NEXON Korea Corporation. -> NEXON Corp.)
FirewallRules: [{25CE5A37-BED1-4629-932C-4EE3FAEF9D85}] => (Block) E:gamesvindictusappdataen-usvindictus.exe (NEXON Korea Corporation. -> NEXON Corp.)
FirewallRules: [TCP Query User{D08E138C-8BFA-4E86-A2D4-551EA7FE39B6}C:program filespython38python.exe] => (Block) C:program filespython38python.exe (Python Software Foundation -> Python Software Foundation)
FirewallRules: [UDP Query User{93E3716E-0C97-4857-90F1-3B89820780DC}C:program filespython38python.exe] => (Block) C:program filespython38python.exe (Python Software Foundation -> Python Software Foundation)
FirewallRules: [TCP Query User{96FA858C-6E75-49D5-ACAE-F5197489E4AE}C:program filesrstudiobinrsession.exe] => (Block) C:program filesrstudiobinrsession.exe (RStudio, PBC) [File not signed]
FirewallRules: [UDP Query User{2CFAA424-2DC0-4E96-B07E-CE9D46DAEC5D}C:program filesrstudiobinrsession.exe] => (Block) C:program filesrstudiobinrsession.exe (RStudio, PBC) [File not signed]
FirewallRules: [{238CAE49-10A7-43FB-A031-0CF202CDD742}] => (Allow) C:ApplicationsOpenShot Video Editoropenshot-qt.exe (OpenShot Studios, LLC) [File not signed]
FirewallRules: [TCP Query User{78DA16A9-6F08-42AA-9072-6369BABC2E12}E:dataprogrammingcppclothmodellingtestsx64debugclothmodellingtests.exe] => (Allow) E:dataprogrammingcppclothmodellingtestsx64debugclothmodellingtests.exe () [File not signed]
FirewallRules: [UDP Query User{41C5DFF7-F646-4C20-B8D5-0B89D2F94DC0}E:dataprogrammingcppclothmodellingtestsx64debugclothmodellingtests.exe] => (Allow) E:dataprogrammingcppclothmodellingtestsx64debugclothmodellingtests.exe () [File not signed]
FirewallRules: [{5565C32B-91C5-4B6D-9DD9-9C89B225EE97}] => (Allow) C:Program FilesMicrosoft OfficerootOffice16outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9134E10F-4286-4794-A156-8A03678A95A4}] => (Allow) C:Program FilesMicrosoft OfficerootOffice16Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B956502A-1752-4A10-AF4F-752064508A81}] => (Allow) C:Program FilesMicrosoft OfficerootOffice16Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D1FAB238-3B21-43F5-8051-6A85D28F7F75}] => (Allow) C:Program FilesMicrosoft OfficerootOffice16UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{ECEB0CE9-98F0-4B9D-864F-5766F04467DE}] => (Allow) C:Program FilesMicrosoft OfficerootOffice16UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{626E8A1F-D36E-4D67-85C3-9C19DBA9C2F6}] => (Allow) C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC -> Google LLC)
FirewallRules: [{BF0776F5-0F61-452E-9697-DBFAF2A67660}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{063853FD-82F3-40E7-BE4C-4F706A08052E}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{30A20632-6D86-4F65-8EEC-33600C176A22}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{81BC0D4D-9DD2-4123-866F-57102AC4ABDE}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:110.73 GB) (Free:18.25 GB) (16%)

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (04/23/2021 03:10:57 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn’t complete retrim on (E:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (04/23/2021 02:51:34 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn’t complete retrim on System Reserved (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (04/23/2021 02:04:09 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn’t complete retrim on System Reserved (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (04/19/2021 05:34:01 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (04/19/2021 05:34:01 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (04/19/2021 05:34:01 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (04/19/2021 05:34:01 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (04/19/2021 03:31:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SnippingTool.exe, version: 10.0.19041.746, time stamp: 0xeb13aef9
Faulting module name: ntdll.dll, version: 10.0.19041.844, time stamp: 0x60a6ca36
Exception code: 0xc0000409
Fault offset: 0x000000000008c57f
Faulting process id: 0x20d4
Faulting application start time: 0x01d7352045ab3d37
Faulting application path: C:WINDOWSsystem32SnippingTool.exe
Faulting module path: C:WINDOWSSYSTEM32ntdll.dll
Report Id: 83b89f64-8144-40ca-bde7-9375b79e18bc
Faulting package full name:
Faulting package-relative application ID:

System errors:
=============
Error: (04/25/2021 12:47:12 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error “1115” attempting to start the service wuauserv with arguments “Unavailable” in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (04/25/2021 12:47:11 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error “1115” attempting to start the service wuauserv with arguments “Unavailable” in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (04/25/2021 12:47:11 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error “1115” attempting to start the service wuauserv with arguments “Unavailable” in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (04/25/2021 12:47:11 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error “1115” attempting to start the service wuauserv with arguments “Unavailable” in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (04/25/2021 12:47:11 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error “1115” attempting to start the service wuauserv with arguments “Unavailable” in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (04/25/2021 12:47:11 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error “1115” attempting to start the service wuauserv with arguments “Unavailable” in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (04/25/2021 12:47:11 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error “1115” attempting to start the service wuauserv with arguments “Unavailable” in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (04/25/2021 12:47:01 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-F8Q1L6N)
Description: The server Microsoft.Windows.ContentDeliveryManager_10.0.19041.423_neutral_neutral_cw5n1h2txyewy!App.AppXw3qcpc7p849541dp39vvqd01bn7z9ybh.mca did not register with DCOM within the required timeout.

Windows Defender:
================
Date: 2021-04-25 03:54:49
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-04-25 03:54:42
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Adware:Win32/Zdengo&threatid=242576&enterprise=0
Name: Adware:Win32/Zdengo
Severity: High
Category: Adware
Path: file:_E:DataApplicationskeygen.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: User
Process Name: Unknown
Security intelligence Version: AV: 1.335.1598.0, AS: 1.335.1598.0, NIS: 1.335.1598.0
Engine Version: AM: 1.1.18000.5, NIS: 1.1.18000.5

Date: 2021-04-25 03:54:42
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win64/ProductKey.G!MSR&threatid=2147765679&enterprise=0
Name: HackTool:Win64/ProductKey.G!MSR
Severity: High
Category: Tool
Path: containerfile:_E:DataApplicationsprodukey-x64.zip; file:_E:DataApplicationsprodukey-x64.zip->ProduKey.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: User
Process Name: Unknown
Security intelligence Version: AV: 1.335.1598.0, AS: 1.335.1598.0, NIS: 1.335.1598.0
Engine Version: AM: 1.1.18000.5, NIS: 1.1.18000.5

Date: 2021-04-24 23:34:33
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Full Scan

CodeIntegrity:
===============
Date: 2021-04-25 18:32:17
Description:
Code Integrity determined that a process (DeviceHarddiskVolume2Program Files (x86)GoogleChromeApplicationchrome.exe) attempted to load DeviceHarddiskVolume2Programsaswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2021-04-25 18:02:16
Description:
Code Integrity determined that a process (DeviceHarddiskVolume2WindowsSystem32SecurityHealthService.exe) attempted to load DeviceHarddiskVolume2ProgramsaswAMSI.dll that did not meet the Windows signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 1106 07/27/2012
Motherboard: ASUSTeK COMPUTER INC. P8Z77-V LX
Processor: Intel® Core™ i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 50%
Total physical RAM: 16336.51 MB
Available physical RAM: 8117.01 MB
Total Virtual: 26576.51 MB
Available Virtual: 11965.5 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:110.73 GB) (Free:18.25 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.08 GB) NTFS
Drive e: () (Fixed) (Total:931.41 GB) (Free:216.37 GB) NTFS

?Volume{dc54e5ad-0000-0000-0000-100000000000} (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
?Volume{dc54e5ad-0000-0000-0000-30b51b000000} () (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS
?Volume{dc54e5ad-0000-0000-0000-60d61b000000} () (Fixed) (Total:0.44 GB) (Free:0.11 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: DC54E5AD)
Partition 1: (Active) – (Size=100 MB) – (Type=07 NTFS)
Partition 2: (Not Active) – (Size=110.7 GB) – (Type=07 NTFS)
Partition 3: (Not Active) – (Size=530 MB) – (Type=27)
Partition 4: (Not Active) – (Size=450 MB) – (Type=27)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 6E78F4AA)
Partition 1: (Active) – (Size=100 MB) – (Type=07 NTFS)
Partition 2: (Not Active) – (Size=931.4 GB) – (Type=07 NTFS)

==================== End of Addition.txt =======================

It might just have been a false positive, who knows, but it did seem really suspicious. I would really appreciate any help regarding this, as I am worried that my PC might have gotten infected.
Thank you very much!

Edited by Devvy, 25 April 2021 – 12:42 PM.

Next Post

iOS 14.5 Features: Everything New in iOS 14.5

Apple today released iOS 14.5 and iPadOS 14.5 to the public, introducing a slew of new features and changes. These updates are the biggest updates that we’ve had since iOS and iPadOS 14 were released, and we’ve highlighted everything that’s new below. Unlock Your iPhone With Apple Watch When Wearing […]