[RESOLVED] Laptop Seems To Be Little Slow - Page 2
Page 2 of 2 FirstFirst 12
Results 16 to 29 of 29

Thread: [RESOLVED] Laptop Seems To Be Little Slow

  1. #16
    Join Date
    Jul 2008
    Posts
    289
    Here @Broni!

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-10-2021
    Ran by Thomazing! (administrator) on THOMAZINGERZEE (ASUSTeK COMPUTER INC. ROG Zephyrus G14 GA401II_GA401II) (05-10-2021 14:35:04)
    Running from C:\Users\Thomazing!\Downloads\Programs
    Loaded Profiles: Thomazing!
    Platform: Windows 10 Home Single Language Version 20H2 19042.1237 (X64) Language: English (United States)
    Default browser: Edge
    Boot Mode: Normal

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    () [File not signed] C:\Program Files (x86)\Avaya\Avaya one-X Agent\ClickToDial\ie\AvayaIEBroker.exe
    () [File not signed] C:\Program Files\TechSmith\Snagit 2020\crashpad_handler.exe <2>
    (ADLICE (ASCOET JULIEN) -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
    (ADLICE (ASCOET JULIEN) -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
    (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
    (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
    (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe
    (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
    (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
    (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
    (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0360470.inf_amd64_b06c374aee20d185\B360357\atieclxx.exe
    (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0360470.inf_amd64_b06c374aee20d185\B360357\atiesrxx.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe
    (ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent\ArmourySwAgent.exe
    (ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
    (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_74be8ed024c977b8\ASUSLinkRemote\AsusLinkRemote.exe
    (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_74be8ed024c977b8\ASUSSoftwareManager\AsusSoftwareManagerAgent.exe
    (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe
    (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUSTeK COMPUTER INC\RefreshRateService\RefreshRateService.exe
    (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\LightingService\LightingService.exe
    (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Program Files\ASUS\ARMOURY CRATE Service\ArmouryCrate.Service.exe
    (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Program Files\ASUS\ARMOURY CRATE Service\ArmouryCrate.UserSessionHelper.exe
    (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_74be8ed024c977b8\AsusAppService\AsusAppService.exe
    (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_74be8ed024c977b8\ASUSLinkNear\AsusLinkNear.exe
    (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_74be8ed024c977b8\ASUSOptimization\AsusOptimization.exe
    (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_74be8ed024c977b8\ASUSOptimization\AsusOptimizationStartupTask.exe
    (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_74be8ed024c977b8\ASUSOptimization\AsusOSD.exe
    (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_74be8ed024c977b8\ASUSSoftwareManager\AsusSoftwareManager.exe
    (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_74be8ed024c977b8\ASUSSystemAnalysis\AsusSystemAnalysis.exe
    (ASUSTEK COMPUTER INCORPORATION -> ASUSTek COMPUTER INC.) C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe
    (ASUSTEK COMPUTER INCORPORATION -> ASUSTeK COMPUTER INC.) C:\Windows\System32\ASUSACCI\ArmouryCrateControlInterface.exe
    (ASUSTEK COMPUTER INCORPORATION -> ASUSTeK COMPUTER INC.) C:\Windows\System32\ASUSACCI\ArmouryCrateKeyControl.exe
    (Avaya Inc. -> Avaya Inc.) C:\Program Files (x86)\Common Files\Avaya\QoS\QosServM.exe
    (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\25.0.1.194\DiscoverySrv.exe
    (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
    (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\redline\bdredline.exe
    (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe
    (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdntwrk.exe
    (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe <3>
    (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe
    (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender VPN\bdvpnapp.exe
    (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender VPN\BdVpnService.exe
    (Bitdefender SRL -> Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
    (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\DAA27D~1.INF\DAX3API.exe
    (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_c28b41707aefc6b9\DAX3API.exe
    (F5 Networks -> F5 Networks, Inc.) C:\Windows\SysWOW64\F5TrafficSrv.exe
    (F5 Networks Inc -> F5 Networks, Inc.) C:\Windows\SysWOW64\F5FltSrv.exe
    (F5 Networks Inc -> F5 Networks, Inc.) C:\Windows\SysWOW64\F5InstallerService.exe
    (Google LLC -> ) C:\Program Files\Google\Drive File Stream\51.0.15.0\crashpad_handler.exe <3>
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
    (Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\51.0.15.0\GoogleDriveFS.exe <7>
    (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_a7be790d73ea14eb\x64\TouchpointAnalyticsClientService.exe
    (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_06530f962635deac\x64\AppHelperCap.exe
    (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_06530f962635deac\x64\NetworkCap.exe
    (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_06530f962635deac\x64\SysInfoCap.exe
    (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\piecomponent.inf_amd64_3623bab62426ba87\Intel_PIE_Service.exe
    (Krisp Technologies, Inc -> Krisp) C:\Program Files\Krisp\Krisp.exe
    (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe
    (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <41>
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <2>
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_74be8ed024c977b8\ASUSSystemDiagnosis\AsusSystemDiagnosis.exe
    (Microsoft Windows Hardware Compatibility Publisher -> Goodix) C:\Windows\System32\drivers\SessionService.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvam.inf_amd64_21f432cacc7a9a01\Display.NvContainer\NVDisplay.Container.exe <2>
    (Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\Synapse3\UserProcess\Razer Synapse Service Process.exe
    (Razer USA Ltd. -> Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
    (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
    (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
    (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
    (Slack Technologies, Inc. -> Slack Technologies Inc.) C:\Users\Thomazing!\AppData\Local\slack\app-4.20.0\slack.exe <7>
    (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
    (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
    (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    (TechSmith Corporation -> TechSmith Corporation) C:\Program Files\TechSmith\Snagit 2020\Snagit32.exe
    (TechSmith Corporation -> TechSmith Corporation) C:\Program Files\TechSmith\Snagit 2020\SnagitEditor.exe
    (TechSmith Corporation -> TechSmith Corporation) C:\Program Files\TechSmith\Snagit 2020\SnagPriv.exe
    (TEFINCOM S.A. -> TEFINCOM S.A.) C:\Program Files\NordVPN\nordvpn-service.exe
    (Tonec Inc. -> Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
    (Tonec Inc. -> Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
    (Viber Media S.Ã* r.l. -> Viber Media S.Ã* r.l.) C:\Users\Thomazing!\AppData\Local\Viber\Viber.exe

  2. #17
    Join Date
    Jul 2008
    Posts
    289
    ==================== Registry (Whitelisted) ===================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
    HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)
    HKLM\...\Run: [TechSmithSnagit] => C:\Program Files\TechSmith\Snagit 2020\Snagit32.exe [9094360 2021-07-22] (TechSmith Corporation -> TechSmith Corporation)
    HKLM\...\Run: [BdVpnApp] => C:\Program Files\Bitdefender\Bitdefender VPN\BdVpnApp.exe [261224 2021-08-30] (Bitdefender SRL -> Bitdefender)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3500056 2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
    HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncher.exe [267056 2021-01-14] (Razer USA Ltd. -> Razer Inc.)
    HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\51.0.15.0\GoogleDriveFS.exe [54124376 2021-09-09] (Google LLC -> Google, Inc.)
    HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\51.0.15.0\GoogleDriveFS.exe [54124376 2021-09-09] (Google LLC -> Google, Inc.)
    HKU\S-1-5-21-1947618817-924375218-263046451-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32721976 2021-02-16] (Piriform Software Ltd -> Piriform Software Ltd)
    HKU\S-1-5-21-1947618817-924375218-263046451-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [5708192 2021-07-17] (Tonec Inc. -> Tonec Inc.)
    HKU\S-1-5-21-1947618817-924375218-263046451-1001\...\Run: [Krisp] => C:\Program Files\Krisp\Krisp.exe [2977488 2021-08-23] (Krisp Technologies, Inc -> Krisp)
    HKU\S-1-5-21-1947618817-924375218-263046451-1001\...\Run: [Viber] => C:\Users\Thomazing!\AppData\Local\Viber\Viber.exe [54700304 2021-09-10] (Viber Media S.Ã* r.l. -> Viber Media S.Ã* r.l.)
    HKU\S-1-5-21-1947618817-924375218-263046451-1001\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3514720 2021-01-18] (Razer USA Ltd. -> Razer Inc.)
    HKU\S-1-5-21-1947618817-924375218-263046451-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [114017640 2021-08-10] (Skype Software Sarl -> Skype Technologies S.A.)
    HKU\S-1-5-21-1947618817-924375218-263046451-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\51.0.15.0\GoogleDriveFS.exe [54124376 2021-09-09] (Google LLC -> Google, Inc.)
    HKU\S-1-5-21-1947618817-924375218-263046451-1001\...\Run: [com.squirrel.slack.slack] => C:\Users\Thomazing!\AppData\Local\slack\slack.exe [309568 2021-09-23] (Slack Technologies, Inc. -> Slack Technologies Inc.)
    HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3514720 2021-01-18] (Razer USA Ltd. -> Razer Inc.)
    HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\51.0.15.0\GoogleDriveFS.exe [54124376 2021-09-09] (Google LLC -> Google, Inc.)
    HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [55432 2012-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc)
    HKLM\...\Print\Monitors\HP AC11 Status Monitor: C:\WINDOWS\system32\hpinkstsAC11LM.dll [331664 2012-10-03] (Hewlett Packard -> Hewlett-Packard Co.)
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\94.0.4606.71\Installer\chrmstp.exe [2021-10-05] (Google LLC -> Google LLC)
    HKLM\Software\...\Authentication\PLAP Providers: [{0D4C4485-D868-41C6-876A-8AA3F6709BD5}] -> C:\Program Files (x86)\F5 VPN\F5CredProv64.dll [2015-10-08] (F5 Networks -> F5 Networks, Inc.)
    HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
    HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

    ==================== Scheduled Tasks (Whitelisted) ============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {15A1C033-AF7B-4C78-A8FD-B4B8445D5355} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)
    Task: {1B46BC56-080D-40A6-80AC-703DEED8F9AB} - System32\Tasks\ASUS\ASUSUpdateTaskMachineUA => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [163176 2021-01-30] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
    Task: {1D38A6E0-4DE0-41D5-8BCB-A57517037AEE} - System32\Tasks\ASUS\ArmourySocketServer => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe [1667792 2020-03-30] (ASUSTeK Computer Inc. -> ASUS)
    Task: {21F346BF-661C-49B6-9C64-2BF79DC9AB44} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\25.0.1.194\WatchDog.exe [937064 2021-08-10] (Bitdefender SRL -> Bitdefender)
    Task: {28D87AE9-0986-4A37-8E37-A44E37A26AD6} - System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C => C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe [957528 2021-08-16] (Bitdefender SRL -> Bitdefender)
    Task: {33F2E8BD-F6CE-4B4C-88D9-0C4C88BCE706} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
    Task: {3B2A6B0C-C7B0-47A0-B4AB-767672FF6EF7} - System32\Tasks\ASUS\ASUSUpdateTaskMachineCore => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [163176 2021-01-30] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
    Task: {40BA1BA1-D0A1-4E0F-9DD3-50FF8C41A50D} - System32\Tasks\update-S-1-5-21-1947618817-924375218-263046451-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
    Task: {424FA409-EFD3-4209-9CA5-AA69D2B39848} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-18] (Google Inc -> Google LLC)
    Task: {43A81F13-F170-4DF3-9A5C-C8CEE9A03555} - System32\Tasks\ASUS\Framework Service => C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe [49048864 2020-03-16] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
    Task: {4DF16152-C02F-41BE-85A7-BD315895DCD0} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1947618817-924375218-263046451-500 => C:\Users\Thomazing!\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
    Task: {5CB73645-68F9-48F0-BD85-BA80ECAA092A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
    Task: {5EC2422A-86EE-401A-8895-DA1789F31229} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe [51120 2019-10-29] (ASUSTeK Computer Inc. -> )
    Task: {60357738-0991-41D4-84FC-D84F1F9F1413} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-18] (Google Inc -> Google LLC)
    Task: {67F44A79-BE65-448C-A640-65D73E406463} - System32\Tasks\ASUS Promotion => C:\Program Files\ASUS\ASUS Promotion\ASUS Promotion.exe [787936 2018-09-06] (ASUSTeK Computer Inc. -> ASUSTeK COMPUTER INC.)
    Task: {7FA9FECD-BCF2-4C03-9A33-871ED71474D1} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1947618817-924375218-263046451-1001 => C:\Users\Thomazing!\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
    Task: {812A8C38-4CFB-4E42-9156-7E251BF58524} - System32\Tasks\ASUS Optimization 36D18D69AFC3 => C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_74be8ed024c977b8\ASUSOptimization\AsusHotkeyExec.exe [233616 2021-08-19] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
    Task: {93057B36-5F2E-4FE8-8BFF-514BFD200632} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27165752 2021-02-16] (Piriform Software Ltd -> Piriform Software Ltd)
    Task: {9AB2068A-C67B-4DCF-95A5-185F42A08270} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [680888 2021-09-12] (Mozilla Corporation -> Mozilla Foundation)
    Task: {9AEF5AC8-A5ED-425B-8960-67743F03FE19} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
    Task: {9DA886BF-C54B-4DDE-A234-432E024C75CB} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
    Task: {A48B9B8A-9899-44EA-BA52-9D2D409FA9EA} - System32\Tasks\RtkAudUService64_BG => C:\WINDOWS\System32\RtkAudUService64.exe [1141552 2020-08-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    Task: {BFB443C0-05C7-4905-9AF4-96E8E4EB8BB1} - System32\Tasks\ASUS Update Checker 2.0 => C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_74be8ed024c977b8\ASUSSoftwareManager\AsusUpdateChecker.exe [771208 2021-08-19] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
    Task: {C6CF98C7-29F0-4F0F-9804-2F9ECF32B0D4} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [69304 2020-08-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
    Task: {CBD3FE36-146B-4BE7-8541-DF8BB1857CA3} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-08-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
    Task: {CE2788E3-C4F1-4DBA-9602-9BDA52BDFB28} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-02-16] (Piriform Software Ltd -> Piriform)
    Task: {DF57C5E9-F710-422C-AE9F-338F69AA6CB3} - System32\Tasks\AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474 => C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_74be8ed024c977b8\ASUSSystemAnalysis\AsusSystemAnalysis.exe [2553472 2021-08-19] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
    Task: {ED6B036E-3B86-4F4A-A4F7-55774B9CF98D} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\update-S-1-5-21-1947618817-924375218-263046451-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
    Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.)
    Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-30] (Apple Inc. -> Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{29b1195b-4689-4608-babd-18a7f8f7019d}: [DhcpNameServer] 8.8.8.8
    Tcpip\..\Interfaces\{81bedeac-8821-446f-a3b0-414172b8a752}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{97c839e9-dd28-4d6c-86ce-ec62c7fe9321}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{ff5239d6-b40c-40cf-85f2-f7ba1366cb62}: [DhcpNameServer] 172.168.0.7

    Edge:
    =======
    DownloadDir: C:\Users\Thomazing!\Downloads
    Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
    Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
    Edge Extension: (Nimbus Screen Capture) -> EdgeExtension_NimbusWebNimbusCaptureScreenshotScreenVideoRecor_p5fjnfwkc9ns0 => C:\Program Files\WindowsApps\NimbusWeb.NimbusCapture-ScreenshotScreenVideoRecor_2.2.3.0_neutral__p5fjnfwkc9ns0 [2019-09-25]
    Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
    Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
    Edge DefaultProfile: Default
    Edge Profile: C:\Users\Thomazing!\AppData\Local\Microsoft\Edge\User Data\Default [2021-10-05]
    Edge Notifications: Default -> hxxps://calendar.google.com; hxxps://mail.google.com; hxxps://meet.google.com; hxxps://members.copywritingcourse.com; hxxps://whitelabeladfactory.workplace.com
    Edge HomePage: Default -> hxxps://www.google.com/
    Edge StartupUrls: Default -> "hxxp://google.com/"
    Edge Extension: (LastPass: Free Password Manager) - C:\Users\Thomazing!\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bbcinlkgjjkejfdpemiealijmmooekmp [2021-09-24]
    Edge Extension: (Grammarly for Microsoft Edge) - C:\Users\Thomazing!\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cnlefmmeadmemmdciolhbnfeacpdfbkd [2021-09-20]
    Edge Extension: (Dashlane - Password Manager) - C:\Users\Thomazing!\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gehmmocbbkpblljhkekmfhjpfbkclbph [2021-10-04]
    Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Thomazing!\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-09-15]
    Edge Extension: (IDM Integration Module) - C:\Users\Thomazing!\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\llbjbkhnmlidjebalopleeepgdfgcpec [2021-03-11]
    Edge Extension: (Nimbus Screenshot & Screen Video Recorder) - C:\Users\Thomazing!\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lngaebamompmckcjpaenfkkdcadjigbo [2020-02-08]
    Edge Extension: (Google Hangouts) - C:\Users\Thomazing!\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2021-01-05]
    Edge Extension: (IDM Integration Module) - C:\Users\Thomazing!\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2021-03-09]
    Edge Profile: C:\Users\Thomazing!\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2020-12-22]
    Edge Extension: (IDM Integration Module) - C:\Users\Thomazing!\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\llbjbkhnmlidjebalopleeepgdfgcpec [2020-11-19]
    Edge HKU\S-1-5-21-1947618817-924375218-263046451-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [llbjbkhnmlidjebalopleeepgdfgcpec] - C:\Program Files (x86)\Internet Download Manager\IDMEdgeExt.crx [2021-07-17]
    Edge HKU\S-1-5-21-1947618817-924375218-263046451-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2021-07-17]
    Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

    FireFox:
    ========
    FF DefaultProfile: cq2lc41z.default
    FF ProfilePath: C:\Users\Thomazing!\AppData\Roaming\Mozilla\Firefox\Profiles\cq2lc41z.default [2021-01-30]
    FF ProfilePath: C:\Users\Thomazing!\AppData\Roaming\Mozilla\Firefox\Profiles\culnlh1v.default-release-1610691922677 [2021-09-28]
    FF Extension: (Malwarebytes Browser Guard) - C:\Users\Thomazing!\AppData\Roaming\Mozilla\Firefox\Profiles\culnlh1v.default-release-1610691922677\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2021-09-15]
    FF Extension: (Northern Lake FT by MaDonna) - C:\Users\Thomazing!\AppData\Roaming\Mozilla\Firefox\Profiles\culnlh1v.default-release-1610691922677\Extensions\{fcebb804-5eb9-43d9-a12a-30f6ca1b9b1b}.xpi [2021-05-30]
    FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
    FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2017-11-01]
    FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
    FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi [2021-08-16] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/wallet/updates.json ]
    FF HKLM\...\Firefox\Extensions: [bdtbe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi
    FF Extension: (Bitdefender Anti-tracker) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi [2020-09-17] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/antitracker/updates.json ]
    FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
    FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2021-08-22] [Legacy] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
    FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
    FF HKLM-x32\...\Firefox\Extensions: [bdtbe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi
    FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
    FF HKU\S-1-5-21-1947618817-924375218-263046451-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Thomazing!\AppData\Roaming\IDM\idmmzcc5
    FF Extension: (IDM CC) - C:\Users\Thomazing!\AppData\Roaming\IDM\idmmzcc5 [2019-12-06] [Legacy] [not signed]
    FF HKU\S-1-5-21-1947618817-924375218-263046451-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
    FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
    FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
    FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
    FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
    FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
    FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2020-02-13] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
    FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\bd_js_config.js [2021-02-25] <==== ATTENTION (Points to *.cfg file)
    FF ExtraCheck: C:\Program Files\mozilla firefox\bd_config.cfg [2021-02-25] <==== ATTENTION

  3. #18
    Join Date
    Jul 2008
    Posts
    289
    Chrome:
    =======
    CHR DefaultProfile: Profile 4
    CHR Profile: C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default [2021-10-05]
    CHR Extension: (Slides) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-08-18]
    CHR Extension: (Docs) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-08-18]
    CHR Extension: (Google Drive) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-25]
    CHR Extension: (YouTube) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-08-18]
    CHR Extension: (Nimbus Screenshot & Screen Video Recorder) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2021-09-30]
    CHR Extension: (Flower Power) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpapfcgjbomdehpglobkahgbbfamomgo [2019-08-18]
    CHR Extension: (Adobe Acrobat) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-03-01]
    CHR Extension: (Facebook Pixel Helper) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2020-10-01]
    CHR Extension: (Dashlane - Password Manager) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2021-10-04]
    CHR Extension: (GoFullPage - Full Page Screen Capture) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2021-07-20]
    CHR Extension: (Sheets) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-08-18]
    CHR Extension: (Bitdefender Wallet) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\gannpgaobkkhmpomoijebaigcapoeebl [2021-01-30]
    CHR Extension: (Google Docs Offline) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-09-30]
    CHR Extension: (Wappalyzer) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\gppongmhjkpfnbhagpmjfkannfbllamg [2021-10-02]
    CHR Extension: (LastPass: Free Password Manager) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2021-09-26]
    CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-09-14]
    CHR Extension: (HelloSign: Online signatures made easy) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajjckmbclbffbpecfbiecehkfgopppd [2020-08-13]
    CHR Extension: (Grammarly for Chrome) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-10-02]
    CHR Extension: (Tag Assistant Legacy (by Google)) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2021-09-26]
    CHR Extension: (Loom for Chrome) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\liecbddmkiiihnedobmlmillhodjkdmb [2021-09-11]
    CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-01-24]
    CHR Extension: (IDM Integration Module) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2021-03-09]
    CHR Extension: (PowerAdSpy - Ad Intelligence) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkecaphdplhfmmbkcfnknejeonfnifbn [2021-10-02]
    CHR Extension: (Wordtune - AI-powered Writing Companion) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\nllcnknpjnininklegdoijpljgdjkijc [2021-09-23]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
    CHR Extension: (Gmail) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
    CHR Profile: C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-10-05]
    CHR Profile: C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Profile 2 [2021-09-29]
    CHR Extension: (Slides) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-03-08]
    CHR Extension: (Docs) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2021-03-08]
    CHR Extension: (Google Drive) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-03-08]
    CHR Extension: (YouTube) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-03-08]
    CHR Extension: (Adobe Acrobat) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-09-09]
    CHR Extension: (Emma Bridgewater) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ennchkafgbngcmjcbbicbobbdomhmklc [2021-03-08]
    CHR Extension: (Facebook Pixel Helper) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2021-03-25]
    CHR Extension: (Dashlane - Password Manager) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2021-09-24]
    CHR Extension: (Sheets) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-03-08]
    CHR Extension: (Bitdefender Wallet) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gannpgaobkkhmpomoijebaigcapoeebl [2021-03-08]
    CHR Extension: (Google Docs Offline) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-30]
    CHR Extension: (LastPass: Free Password Manager) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2021-09-26]
    CHR Extension: (Loom for Chrome) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\liecbddmkiiihnedobmlmillhodjkdmb [2021-09-10]
    CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-03-08]
    CHR Extension: (IDM Integration Module) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2021-03-09]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-08]
    CHR Extension: (Gmail) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-03-08]
    CHR Profile: C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Profile 4 [2021-10-05]
    CHR Extension: (Slides) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-09-07]
    CHR Extension: (Docs) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2021-09-07]
    CHR Extension: (YouTube) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-09-07]
    CHR Extension: (Adobe Acrobat) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-09-07]
    CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2021-09-19]
    CHR Extension: (Facebook Pixel Helper) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2021-09-07]
    CHR Extension: (Sheets) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-09-07]
    CHR Extension: (Bitdefender Wallet) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gannpgaobkkhmpomoijebaigcapoeebl [2021-09-07]
    CHR Extension: (Google Docs Offline) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-09-24]
    CHR Extension: (Avast Online Security) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gomekmidlodglbbmalcneegieacbdmki [2021-09-07]
    CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-09-14]
    CHR Extension: (Bitdefender Anti-tracker) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\khndhdhbebhaddchcgnalcjlaekbbeof [2021-09-07]
    CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-09-07]
    CHR Extension: (IDM Integration Module) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2021-09-07]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-09-07]
    CHR Extension: (Gmail) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-09-07]
    CHR Profile: C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Profile 5 [2021-10-04]
    CHR Extension: (Slides) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-09-07]
    CHR Extension: (Docs) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aohghmighlieiainnegkcijnfilokake [2021-09-07]
    CHR Extension: (YouTube) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-09-07]
    CHR Extension: (Adobe Acrobat) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-09-07]
    CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2021-10-04]
    CHR Extension: (Sheets) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-09-07]
    CHR Extension: (Bitdefender Wallet) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\gannpgaobkkhmpomoijebaigcapoeebl [2021-09-07]
    CHR Extension: (Google Docs Offline) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-04]
    CHR Extension: (Avast Online Security) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\gomekmidlodglbbmalcneegieacbdmki [2021-09-07]
    CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-10-04]
    CHR Extension: (Bitdefender Anti-tracker) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\khndhdhbebhaddchcgnalcjlaekbbeof [2021-09-07]
    CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-09-07]
    CHR Extension: (IDM Integration Module) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2021-09-07]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-09-07]
    CHR Extension: (Gmail) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-09-07]
    CHR Profile: C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\System Profile [2021-10-05]
    CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2021-07-17]
    CHR HKU\S-1-5-21-1947618817-924375218-263046451-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\THOMAZ~1\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
    CHR HKU\S-1-5-21-1947618817-924375218-263046451-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
    CHR HKU\S-1-5-21-1947618817-924375218-263046451-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2021-07-17]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2017-11-01]
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
    CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
    CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
    CHR HKLM-x32\...\Chrome\Extension: [khndhdhbebhaddchcgnalcjlaekbbeof]
    CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2021-07-17]

    ==================== Services (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [82640 2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    S3 AfVpnService; C:\Program Files\Bitdefender\Bitdefender VPN\hydra.sdk.windows.service.exe [198256 2021-01-25] (Pango Inc. -> AnchorFree Inc.)
    R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3779840 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)
    R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3547904 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)
    R2 ArmouryCrateControlInterface; C:\WINDOWS\System32\ASUSACCI\ArmouryCrateControlInterface.exe [890968 2021-07-07] (ASUSTEK COMPUTER INCORPORATION -> ASUSTeK COMPUTER INC.)
    R2 ArmouryCrateService; C:\Program Files\ASUS\ARMOURY CRATE Service\ArmouryCrate.Service.exe [344184 2021-02-23] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
    S2 asus; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [163176 2021-01-30] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
    R2 AsusAppService; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_74be8ed024c977b8\AsusAppService\AsusAppService.exe [364688 2021-08-19] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
    R2 ASUSLinkNear; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_74be8ed024c977b8\ASUSLinkNear\AsusLinkNear.exe [1307792 2021-08-19] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
    R2 ASUSLinkRemote; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_74be8ed024c977b8\ASUSLinkRemote\AsusLinkRemote.exe [753808 2021-08-19] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​)
    S3 asusm; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [163176 2021-01-30] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
    R2 ASUSOptimization; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_74be8ed024c977b8\ASUSOptimization\AsusOptimization.exe [334464 2021-08-19] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
    R2 ASUSSoftwareManager; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_74be8ed024c977b8\ASUSSoftwareManager\AsusSoftwareManager.exe [1012872 2021-08-19] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
    R2 ASUSSystemAnalysis; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_74be8ed024c977b8\ASUSSystemAnalysis\AsusSystemAnalysis.exe [2553472 2021-08-19] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
    R2 ASUSSystemDiagnosis; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_74be8ed024c977b8\ASUSSystemDiagnosis\AsusSystemDiagnosis.exe [612760 2021-08-19] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek COMPUTER INC.)
    R2 AvayaIEBroker; C:\Program Files (x86)\Avaya\Avaya one-X Agent\ClickToDial\ie\AvayaIEBroker.exe [192000 2017-02-09] () [File not signed]
    R2 BDAuxSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [817216 2021-08-16] (Bitdefender SRL -> Bitdefender)
    R2 BDProtSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [817216 2021-08-16] (Bitdefender SRL -> Bitdefender)
    R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2195344 2018-03-22] (Bitdefender SRL -> Bitdefender)
    R2 bdredline_agent; C:\Program Files\Bitdefender Agent\redline\bdredline.exe [1899112 2018-03-22] (Bitdefender SRL -> Bitdefender)
    R2 BdVpnService; C:\Program Files\Bitdefender\Bitdefender VPN\bdvpnservice.exe [256616 2021-08-30] (Bitdefender SRL -> Bitdefender)
    R2 DolbyDAXAPI; C:\WINDOWS\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_c28b41707aefc6b9\DAX3API.exe [2283600 2021-04-28] (Dolby Laboratories, Inc. -> Dolby Laboratories)
    R2 F5 Networks Component Installer; C:\WINDOWS\SysWOW64\F5InstallerService.exe [586208 2019-09-23] (F5 Networks Inc -> F5 Networks, Inc.)
    R2 F5FltSrv; C:\WINDOWS\SysWOW64\F5FltSrv.exe [636896 2019-09-24] (F5 Networks Inc -> F5 Networks, Inc.)
    R2 F5TrafficSrv; C:\WINDOWS\SysWOW64\F5TrafficSrv.exe [217104 2015-10-08] (F5 Networks -> F5 Networks, Inc.)
    R2 HPAppHelperCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_06530f962635deac\x64\AppHelperCap.exe [694520 2020-12-10] (HP Inc. -> HP Inc.)
    R2 HPNetworkCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_06530f962635deac\x64\NetworkCap.exe [692984 2020-12-10] (HP Inc. -> HP Inc.)
    R2 HPSysInfoCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_06530f962635deac\x64\SysInfoCap.exe [693496 2020-12-10] (HP Inc. -> HP Inc.)
    R2 HpTouchpointAnalyticsService; C:\WINDOWS\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_a7be790d73ea14eb\x64\TouchpointAnalyticsClientService.exe [476424 2020-11-04] (HP Inc. -> HP Inc.)
    R2 iClarityQoSService; C:\Program Files (x86)\Common Files\Avaya\QoS\QosServM.exe [1667760 2020-02-28] (Avaya Inc. -> Avaya Inc.)
    R2 LightingService; C:\Program Files (x86)\LightingService\LightingService.exe [3053656 2021-01-11] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7789240 2021-10-02] (Malwarebytes Inc -> Malwarebytes)
    R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [277688 2021-05-14] (TEFINCOM S.A. -> TEFINCOM S.A.)
    R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [785512 2021-08-10] (Bitdefender SRL -> Bitdefender)
    R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [253776 2020-12-01] (Razer USA Ltd. -> Razer Inc)
    R2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [294240 2021-01-15] (Razer USA Ltd. -> Razer Inc.)
    R2 RefreshRateService; C:\Program Files (x86)\ASUSTeK COMPUTER INC\RefreshRateService\RefreshRateService.exe [37344 2020-02-06] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
    R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [14021976 2021-09-02] (ADLICE (ASCOET JULIEN) -> )
    R2 ROG Live Service; C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe [5463128 2021-01-18] (ASUSTEK COMPUTER INCORPORATION -> ASUSTek COMPUTER INC.)
    R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [533376 2020-12-09] (Razer USA Ltd. -> Razer Inc.)
    R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [291304 2021-01-14] (Razer USA Ltd. -> Razer Inc.)
    R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12727576 2021-02-18] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
    R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [306776 2021-08-16] (Bitdefender SRL -> Bitdefender)
    R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [817216 2021-08-16] (Bitdefender SRL -> Bitdefender)
    S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2021-01-30] (Microsoft Windows Publisher -> Microsoft Corporation)
    S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2021-01-30] (Microsoft Windows Publisher -> Microsoft Corporation)
    R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvam.inf_amd64_21f432cacc7a9a01\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvam.inf_amd64_21f432cacc7a9a01\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

    ===================== Drivers (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 AsusPTPDrv; C:\WINDOWS\System32\drivers\AsusPTPFilter.sys [112336 2019-10-02] (ASUSTek Computer Inc. -> ASUSTek COMPUTER INC.)
    S3 ASUSSAIO; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_74be8ed024c977b8\ASUSSystemAnalysis\ASUSSAIO.sys [35968 2021-08-19] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
    R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [3414928 2021-08-16] (Bitdefender SRL -> Bitdefender S.R.L. Bucharest, ROMANIA)
    R1 ATKWMIACPIIO; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_74be8ed024c977b8\ASUSOptimization\atkwmiacpi64.sys [44200 2021-08-19] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
    R2 BdDci; C:\WINDOWS\System32\DRIVERS\bddci.sys [802976 2021-04-21] (Bitdefender SRL -> Bitdefender)
    S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [22976 2021-04-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
    R0 bdprivmon; C:\WINDOWS\System32\DRIVERS\bdprivmon.sys [46056 2021-04-28] (Bitdefender SRL -> © Bitdefender SRL)
    R1 BDVEDISK; C:\WINDOWS\system32\DRIVERS\bdvedisk.sys [96616 2020-05-29] (Bitdefender SRL -> BitDefender)
    S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [34744 2019-02-18] (CHENGDU YIWO Tech Development Co., Ltd. -> )
    R0 EPMVolFl; C:\WINDOWS\System32\drivers\EPMVolFl.sys [30136 2019-04-12] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows (R) Codename Longhorn DDK provider)
    R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2021-09-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
    R0 EUDSKCP; C:\WINDOWS\System32\drivers\EuDskCp.sys [73272 2020-06-04] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
    R1 EUEUMDK; C:\WINDOWS\system32\drivers\EuEumDk.sys [32320 2018-04-19] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
    S3 F5FltDrv; C:\WINDOWS\SysWOW64\drivers\F5FltDrv.sys [55648 2019-09-23] (F5 Networks Inc -> F5 Networks, Inc.)
    S3 f5ipfw; C:\WINDOWS\system32\drivers\urfltv64.sys [34536 2019-09-23] (F5 Networks, Inc. -> F5 Networks, Inc.)
    R0 Gemma; C:\WINDOWS\System32\DRIVERS\gemma.sys [488592 2021-04-21] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
    R1 googledrivefs3525; C:\WINDOWS\System32\DRIVERS\googledrivefs3525.sys [389640 2021-09-09] (Google LLC -> Google, Inc.)
    R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [195232 2020-09-03] (Bitdefender SRL -> BitDefender LLC)
    R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [32696 2020-11-19] (ASUSTek Computer Inc. -> ASUS)
    S3 HPCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_1f5602eb8a12ac4c\x64\hpcustomcapdriver.sys [23960 2018-07-06] (HP Inc. -> HP Inc.)
    R2 Ignis; C:\WINDOWS\System32\DRIVERS\ignis.sys [185312 2020-10-07] (Bitdefender SRL -> Bitdefender)
    R3 KrispSimple; C:\WINDOWS\System32\drivers\KrispVad.sys [48104 2021-04-22] (Krisp Technologies, Inc -> Krisp Technologies, Inc)
    R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210344 2021-10-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
    S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-02-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
    R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [193448 2021-10-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
    R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69040 2021-10-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
    R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-10-02] (Malwarebytes Inc -> Malwarebytes)
    R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [149424 2021-10-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
    R2 NDivert; C:\WINDOWS\System32\drivers\NDivert.sys [105184 2021-02-05] (TEFINCOM S.A. -> )
    R3 nlwt; C:\WINDOWS\system32\DRIVERS\nlwt.sys [39360 2021-02-16] (TEFINCOM S.A. -> WireGuard LLC)
    R1 nordlwf; C:\WINDOWS\system32\DRIVERS\nordlwf.sys [38608 2020-12-14] (TEFINCOM S.A. -> TEFINCOM S.A.)
    R3 RzCommon; C:\WINDOWS\System32\drivers\RzCommon.sys [53656 2020-11-16] (Razer USA Ltd. -> Razer Inc)
    R3 RzDev_0082; C:\WINDOWS\System32\drivers\RzDev_0082.sys [56200 2020-08-24] (Razer USA Ltd. -> Razer Inc)
    S3 RzDev_0083; C:\WINDOWS\System32\drivers\RzDev_0083.sys [54152 2020-08-24] (Razer USA Ltd. -> Razer Inc)
    R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [47920 2020-02-20] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
    R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2020-06-09] (TEFINCOM S.A. -> The OpenVPN Project)
    U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [38032 2021-10-05] (Adlice -> )
    R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [641728 2021-03-25] (Bitdefender SRL -> Bitdefender)
    R3 urvpndrv; C:\WINDOWS\System32\drivers\covpnv64.sys [57736 2019-09-23] (F5 Networks Inc -> F5 Networks, Inc.)
    S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2021-01-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
    S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [429296 2021-01-30] (Microsoft Windows -> Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2021-01-30] (Microsoft Windows -> Microsoft Corporation)
    S3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35392 2020-06-08] (HP Inc. -> HP)

  4. #19
    Join Date
    Jul 2008
    Posts
    289
    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) (Whitelisted) =========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2021-10-05 09:11 - 2021-10-05 09:11 - 000226956 _____ C:\ProgramData\vpn.1633396263.bdinstall.v2.bin
    2021-10-05 09:11 - 2021-10-05 09:11 - 000081136 _____ C:\ProgramData\vpn.uninstall.1633396263.bdinstall.v2.bin
    2021-10-05 09:11 - 2021-10-05 09:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender VPN
    2021-10-05 09:10 - 2021-10-05 09:10 - 000193448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
    2021-10-05 09:10 - 2021-10-05 09:10 - 000149424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
    2021-10-05 09:10 - 2021-10-05 09:10 - 000069040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2021-10-05 09:10 - 2021-10-05 09:10 - 000038032 _____ C:\WINDOWS\system32\Drivers\truesight.sys
    2021-10-05 09:07 - 2021-10-05 09:07 - 000003516 _____ C:\Users\Thomazing!\Desktop\AdwCleaner[C00].txt
    2021-10-05 09:04 - 2021-10-05 09:07 - 000000000 ____D C:\AdwCleaner
    2021-10-05 09:02 - 2021-10-05 09:02 - 000001237 _____ C:\Users\Thomazing!\Desktop\MB.txt
    2021-10-05 08:54 - 2021-10-05 08:54 - 000006422 _____ C:\Users\Thomazing!\Desktop\Rogue.txt
    2021-10-05 08:53 - 2021-10-05 08:53 - 000006424 _____ C:\Users\Thomazing!\Desktop\Rogue Killer.txt
    2021-10-05 08:41 - 2021-10-05 08:41 - 000000906 _____ C:\Users\Public\Desktop\RogueKiller.lnk
    2021-10-05 08:41 - 2021-10-05 08:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2021-10-05 08:41 - 2021-10-05 08:41 - 000000000 ____D C:\Program Files\RogueKiller
    2021-10-05 08:39 - 2021-10-05 09:49 - 000000000 ____D C:\ProgramData\RogueKiller
    2021-10-05 01:08 - 2021-10-05 01:08 - 000491860 _____ C:\Users\Thomazing!\Desktop\wait.webp
    2021-10-02 21:07 - 2021-10-02 21:13 - 000000000 ____D C:\Users\Thomazing!\Downloads\Free Guy (2021) [720p] [BluRay] [YTS.MX]
    2021-10-02 21:07 - 2021-10-02 21:07 - 000021423 _____ C:\Users\Thomazing!\Downloads\Free Guy (2021) [720p] [BluRay] [YTS.MX].torrent
    2021-10-02 18:57 - 2021-10-02 18:57 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2021-10-02 18:57 - 2021-10-02 18:57 - 000210344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
    2021-10-02 18:56 - 2021-10-02 18:56 - 000000072 _____ C:\WINDOWS\system32\AdsInfoCls
    2021-09-23 20:06 - 2021-09-23 20:06 - 000002071 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
    2021-09-23 20:06 - 2021-09-23 20:06 - 000001906 _____ C:\Users\Default\Desktop\Google Slides.lnk
    2021-09-23 20:06 - 2021-09-23 20:06 - 000001906 _____ C:\Users\Default\Desktop\Google Sheets.lnk
    2021-09-23 20:06 - 2021-09-23 20:06 - 000001894 _____ C:\Users\Default\Desktop\Google Docs.lnk
    2021-09-23 20:06 - 2021-09-09 10:29 - 000389640 _____ (Google, Inc.) C:\WINDOWS\system32\Drivers\googledrivefs3525.sys
    2021-09-20 11:00 - 2021-09-20 11:00 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\Viber
    2021-09-18 00:29 - 2021-09-18 00:29 - 000348701 _____ C:\Users\Thomazing!\Downloads\yey yey yey.htm
    2021-09-17 17:57 - 2021-09-17 17:57 - 002111488 _____ (Digimarc) C:\WINDOWS\SysWOW64\DMRCDecoder.dll
    2021-09-17 17:57 - 2021-09-17 17:57 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
    2021-09-17 17:57 - 2021-09-17 17:57 - 001328376 _____ C:\WINDOWS\system32\FaceTrackerInternal.dll
    2021-09-17 17:57 - 2021-09-17 17:57 - 001324032 _____ C:\WINDOWS\system32\FaceProcessor.dll
    2021-09-17 17:57 - 2021-09-17 17:57 - 001313608 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
    2021-09-17 17:57 - 2021-09-17 17:57 - 001164288 _____ C:\WINDOWS\system32\MBR2GPT.EXE
    2021-09-17 17:57 - 2021-09-17 17:57 - 000672768 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
    2021-09-17 17:57 - 2021-09-17 17:57 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2021-09-17 17:57 - 2021-09-17 17:57 - 000512864 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
    2021-09-17 17:57 - 2021-09-17 17:57 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2021-09-17 17:57 - 2021-09-17 17:57 - 000426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
    2021-09-17 17:57 - 2021-09-17 17:57 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
    2021-09-17 17:57 - 2021-09-17 17:57 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
    2021-09-17 17:57 - 2021-09-17 17:57 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
    2021-09-17 17:57 - 2021-09-17 17:57 - 000011355 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
    2021-09-17 17:56 - 2021-09-17 17:56 - 002295296 _____ (Digimarc) C:\WINDOWS\system32\DMRCDecoder.dll
    2021-09-17 17:56 - 2021-09-17 17:56 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
    2021-09-17 17:56 - 2021-09-17 17:56 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2021-09-17 17:56 - 2021-09-17 17:56 - 001393480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2021-09-17 17:56 - 2021-09-17 17:56 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
    2021-09-17 17:56 - 2021-09-17 17:56 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
    2021-09-17 17:56 - 2021-09-17 17:56 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
    2021-09-17 17:56 - 2021-09-17 17:56 - 000098816 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
    2021-09-17 17:47 - 2021-09-17 17:47 - 000000000 ___HD C:\$WinREAgent
    2021-09-16 11:09 - 2021-09-16 12:01 - 000000000 ____D C:\Users\Thomazing!\Downloads\Becoming.Warren.Buffet.2017.1080p.WEBRip.x264-RARBG
    2021-09-15 19:51 - 2021-09-15 19:51 - 000094396 _____ C:\ProgramData\agent.update.1631706659.bdinstall.v2.bin
    2021-09-15 13:39 - 2021-09-15 13:39 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
    2021-09-12 11:35 - 2021-09-27 11:04 - 000000000 ____D C:\Program Files\Mozilla Firefox
    2021-09-08 00:15 - 2021-09-08 00:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Krisp
    2021-09-07 16:32 - 2021-09-07 16:33 - 000311588 _____ C:\Users\Thomazing!\Downloads\AvvisoFornitore_0_3.tiff
    2021-09-07 12:20 - 2021-09-07 12:20 - 000000221 _____ C:\Users\Thomazing!\Downloads\Goldie Agency LP & TY Pages (2).txt
    2021-09-07 12:19 - 2021-09-07 12:19 - 000000221 _____ C:\Users\Thomazing!\Downloads\Goldie Agency LP & TY Pages.txt
    2021-09-07 12:19 - 2021-09-07 12:19 - 000000221 _____ C:\Users\Thomazing!\Downloads\Goldie Agency LP & TY Pages (1).txt
    2021-09-06 21:52 - 2021-09-06 21:52 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom

    ==================== One month (modified) ==================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2021-10-05 14:35 - 2020-06-06 13:29 - 000000000 ____D C:\FRST
    2021-10-05 14:30 - 2019-09-04 21:12 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\Slack
    2021-10-05 14:24 - 2019-08-18 00:11 - 000000000 ____D C:\Program Files (x86)\Google
    2021-10-05 12:57 - 2020-04-01 17:42 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\Krisp
    2021-10-05 12:55 - 2019-12-07 17:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2021-10-05 12:27 - 2020-06-11 14:38 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2021-10-05 11:33 - 2019-12-07 17:14 - 000000000 ___HD C:\Program Files\WindowsApps
    2021-10-05 11:33 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\AppReadiness
    2021-10-05 10:40 - 2019-10-03 22:12 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
    2021-10-05 09:17 - 2021-02-06 14:09 - 000003752 _____ C:\WINDOWS\system32\Tasks\AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474
    2021-10-05 09:14 - 2020-06-11 14:48 - 000934986 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2021-10-05 09:14 - 2019-12-07 17:13 - 000000000 ____D C:\WINDOWS\INF
    2021-10-05 09:12 - 2019-08-18 23:31 - 000000000 ____D C:\Program Files\CCleaner
    2021-10-05 09:11 - 2020-03-05 23:04 - 000000000 ____D C:\Program Files\Bitdefender
    2021-10-05 09:11 - 2019-08-19 09:15 - 000000000 ___RD C:\Users\Thomazing!\Google Drive
    2021-10-05 09:10 - 2021-02-26 11:29 - 000000000 ____D C:\Program Files (x86)\TeamViewer
    2021-10-05 09:10 - 2021-01-31 09:36 - 000000000 ____D C:\ProgramData\NVIDIA
    2021-10-05 09:10 - 2021-01-30 01:03 - 000000000 ____D C:\ProgramData\Goodix
    2021-10-05 09:10 - 2021-01-30 01:01 - 000000000 ____D C:\WINDOWS\system32\ASUSACCI
    2021-10-05 09:10 - 2020-10-16 13:00 - 000008192 ___SH C:\DumpStack.log.tmp
    2021-10-05 09:10 - 2020-06-11 14:49 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2021-10-05 09:10 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\ServiceState
    2021-10-05 09:10 - 2019-12-07 17:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
    2021-10-05 09:10 - 2019-12-07 17:03 - 000065536 _____ C:\WINDOWS\system32\config\ELAM
    2021-10-05 09:09 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
    2021-10-05 09:07 - 2019-08-18 04:36 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\Hewlett-Packard
    2021-10-05 09:07 - 2018-11-22 18:08 - 000000000 ____D C:\ProgramData\HP
    2021-10-05 09:07 - 2018-11-22 18:08 - 000000000 ____D C:\ProgramData\Hewlett-Packard
    2021-10-05 09:07 - 2018-11-22 18:08 - 000000000 ____D C:\Program Files (x86)\HP
    2021-10-05 09:07 - 2018-11-22 18:08 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
    2021-10-05 09:07 - 2018-10-30 06:59 - 000000000 ___HD C:\hp
    2021-10-05 08:41 - 2019-08-18 22:29 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\DMCache
    2021-10-05 07:58 - 2019-08-18 00:21 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2021-10-04 13:38 - 2020-07-08 08:35 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\Grammarly
    2021-10-04 08:59 - 2020-02-08 16:22 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
    2021-10-02 21:30 - 2019-09-29 19:12 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\uTorrent
    2021-10-02 21:24 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2021-10-02 21:23 - 2019-08-19 16:17 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\vlc
    2021-10-02 21:18 - 2020-03-08 12:51 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\BitTorrentHelper
    2021-10-02 21:07 - 2021-09-04 20:46 - 000000000 ____D C:\Users\Thomazing!\AppData\LocalLow\uTorrent
    2021-10-02 10:19 - 2020-06-11 14:49 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
    2021-10-02 10:19 - 2020-06-11 14:49 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
    2021-10-01 17:23 - 2021-01-24 08:53 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
    2021-09-30 13:24 - 2021-02-01 11:50 - 000000000 ____D C:\Users\Thomazing!\Documents\ViberDownloads
    2021-09-29 13:04 - 2020-05-29 10:01 - 000002396 _____ C:\Users\Thomazing!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
    2021-09-29 13:04 - 2019-09-04 21:12 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\SquirrelTemp
    2021-09-29 12:53 - 2018-10-11 13:58 - 000000000 __RHD C:\Users\Public\AccountPictures
    2021-09-29 11:58 - 2021-02-01 14:28 - 000000000 ____D C:\Users\Thomazing!\Downloads\Video
    2021-09-28 23:58 - 2019-08-18 00:39 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\D3DSCache
    2021-09-28 00:52 - 2021-01-30 01:02 - 000004122 _____ C:\WINDOWS\system32\Tasks\ASUS Update Checker 2.0
    2021-09-28 00:51 - 2021-01-30 01:02 - 000003764 _____ C:\WINDOWS\system32\Tasks\ASUS Optimization 36D18D69AFC3
    2021-09-26 23:11 - 2019-08-18 04:32 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\Packages
    2021-09-26 22:56 - 2020-09-21 20:42 - 000000000 ____D C:\ProgramData\Mozilla
    2021-09-26 22:55 - 2020-09-21 20:42 - 000000000 ____D C:\Users\Thomazing!\AppData\LocalLow\Mozilla
    2021-09-24 20:13 - 2019-08-19 08:58 - 000000000 ____D C:\Program Files\Google
    2021-09-24 20:13 - 2019-08-18 00:11 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\Google
    2021-09-23 20:23 - 2019-11-08 23:00 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies Inc
    2021-09-23 20:23 - 2019-09-04 21:12 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\slack
    2021-09-21 08:57 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2021-09-20 12:16 - 2021-01-09 16:04 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\ViberPC
    2021-09-17 21:28 - 2021-02-25 11:12 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
    2021-09-17 21:27 - 2021-02-25 11:11 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
    2021-09-17 21:25 - 2020-10-22 10:58 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\Notepad
    2021-09-17 18:40 - 2020-06-11 14:38 - 000396904 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2021-09-17 18:39 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
    2021-09-17 18:39 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
    2021-09-17 18:39 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
    2021-09-17 18:39 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SystemResources
    2021-09-17 18:39 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
    2021-09-17 18:39 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\oobe
    2021-09-17 18:39 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
    2021-09-17 18:39 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\Dism
    2021-09-17 18:39 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
    2021-09-17 18:39 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
    2021-09-17 18:38 - 2019-12-07 17:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2021-09-17 18:38 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\ShellComponents
    2021-09-17 18:38 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\Provisioning
    2021-09-17 18:38 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\bcastdvr
    2021-09-17 18:38 - 2019-12-07 17:03 - 000000000 ____D C:\WINDOWS\servicing
    2021-09-17 18:37 - 2020-01-13 11:30 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\Discord
    2021-09-17 18:37 - 2019-08-18 06:34 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\CrashDumps
    2021-09-17 18:21 - 2020-01-13 11:29 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\Discord
    2021-09-17 17:59 - 2019-12-07 17:03 - 000000000 ____D C:\WINDOWS\CbsTemp
    2021-09-17 17:46 - 2019-08-18 02:00 - 000000000 ____D C:\WINDOWS\system32\MRT
    2021-09-17 17:43 - 2019-08-18 01:59 - 135637312 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2021-09-15 19:51 - 2021-01-30 21:04 - 000003846 _____ C:\WINDOWS\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
    2021-09-15 19:51 - 2021-01-30 21:02 - 000000000 ____D C:\Program Files\Bitdefender Agent
    2021-09-15 19:45 - 2020-09-21 20:42 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2021-09-15 19:43 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\NDF
    2021-09-15 14:54 - 2020-01-13 11:30 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
    2021-09-15 13:39 - 2020-09-21 20:42 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
    2021-09-14 23:20 - 2021-01-30 21:26 - 000000000 ____D C:\Users\Thomazing!\Downloads\Compressed
    2021-09-14 11:14 - 2019-08-26 16:24 - 000000000 ____D C:\Users\Thomazing!\Documents\Zoom
    2021-09-12 21:01 - 2020-07-08 08:36 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grammarly
    2021-09-12 21:01 - 2020-07-08 08:35 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\GrammarlyForWindows
    2021-09-08 21:47 - 2021-01-24 08:53 - 000605520 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll
    2021-09-08 21:47 - 2021-01-24 08:53 - 000486736 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll
    2021-09-08 00:15 - 2020-11-02 01:22 - 000000000 ____D C:\Program Files\Krisp
    2021-09-06 21:52 - 2019-08-19 12:11 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\Zoom

    ==================== Files in the root of some directories ========

    2020-10-13 11:52 - 2020-10-14 16:56 - 000000232 _____ () C:\Users\Thomazing!\AppData\Roaming\debug.log
    2020-06-06 16:00 - 2020-06-06 21:48 - 000000128 _____ () C:\Users\Thomazing!\AppData\Roaming\winscp.rnd
    2019-08-23 08:12 - 2019-08-23 08:12 - 000000000 _____ () C:\Users\Thomazing!\AppData\Local\oobelibMkey.log
    2020-04-14 12:55 - 2020-07-09 09:29 - 000000128 _____ () C:\Users\Thomazing!\AppData\Local\PUTTY.RND
    2020-06-04 15:29 - 2020-08-17 21:02 - 000007618 _____ () C:\Users\Thomazing!\AppData\Local\Resmon.ResmonCfg
    2021-05-30 11:20 - 2021-05-30 11:20 - 000000003 _____ () C:\Users\Thomazing!\AppData\Local\updater.log
    2021-05-30 11:20 - 2021-05-30 11:20 - 000000424 _____ () C:\Users\Thomazing!\AppData\Local\UserProducts.xml

    ==================== SigCheck ============================

    (There is no automatic fix for files that do not pass verification.)

    ==================== End of FRST.txt ========================

  5. #20
    Join Date
    Jul 2008
    Posts
    289
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-10-2021
    Ran by Thomazing! (05-10-2021 14:37:04)
    Running from C:\Users\Thomazing!\Downloads\Programs
    Windows 10 Home Single Language Version 20H2 19042.1237 (X64) (2020-06-11 06:49:12)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================


    (If an entry is included in the fixlist, it will be removed.)

    Administrator (S-1-5-21-1947618817-924375218-263046451-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-1947618817-924375218-263046451-503 - Limited - Disabled)
    defaultuser0 (S-1-5-21-1947618817-924375218-263046451-1000 - Limited - Disabled)
    Guest (S-1-5-21-1947618817-924375218-263046451-501 - Limited - Disabled)
    Thomazing! (S-1-5-21-1947618817-924375218-263046451-1001 - Administrator - Enabled) => C:\Users\Thomazing!
    WDAGUtilityAccount (S-1-5-21-1947618817-924375218-263046451-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
    AV: Bitdefender Antivirus (Enabled - Up to date) {BAD274F4-FA00-8560-1CDE-6C830442BEFA}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
    AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
    FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
    FW: Bitdefender Firewall (Enabled) {82E9F5D1-B06F-8438-3781-C5B6FA91F981}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-1947618817-924375218-263046451-1001\...\uTorrent) (Version: 3.5.5.46096 - BitTorrent Inc.)
    Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.23 - Adobe Systems)
    Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: - Adobe)
    AI Viewer (HKLM-x32\...\{8C8292F3-7D93-4D40-9738-B24165D7E7CD}_is1) (Version: - IdeaMK)
    Amazon Kindle (HKU\S-1-5-21-1947618817-924375218-263046451-1001\...\Amazon Kindle) (Version: 1.30.0.59056 - Amazon)
    AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2020.0821.1329.24282 - Advanced Micro Devices, Inc.)
    AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 17.7 - Advanced Micro Devices, Inc.)
    Apowersoft Online Launcher version 1.8.0 (HKU\S-1-5-21-1947618817-924375218-263046451-1001\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.8.0 - APOWERSOFT LIMITED)
    ARMOURY CRATE Service (HKLM\...\{01378DC3-088F-4F55-AAFA-DC6A9CCA292A}) (Version: 3.3.7 - ASUS)
    ASUS Aac_NBDT HAL (HKLM\...\{01D3B7AA-D078-4506-B460-60877FCDDBD6}) (Version: 2.5.3.0 - ASUSTek COMPUTER INC.) Hidden
    ASUS Aac_NBDT HAL (HKLM-x32\...\{05cd1e58-e9fb-41b6-9091-4282ccf16b71}) (Version: 2.5.3.0 - ASUSTek COMPUTER INC.) Hidden
    ASUS AURA Display Component (HKLM\...\{AFD1CF98-FE97-434C-A095-9F27C5BEA53C}) (Version: 1.1.26.0 - ASUSTek COMPUTER INC. ) Hidden
    ASUS AURA Display Component (HKLM-x32\...\{3c275600-dcd8-4fde-80ad-56069dfa7813}) (Version: 1.1.26.0 - ASUSTek COMPUTER INC. ) Hidden
    ASUS AURA Headset Component (HKLM\...\{A3C4120D-8096-4307-91A2-FFE37EBD5A3D}) (Version: 1.3.7.0 - ASUSTek COMPUTER INC.) Hidden
    ASUS AURA Headset Component (HKLM-x32\...\{0b7086ac-be35-49b5-b650-93df80b7f9f9}) (Version: 1.3.7.0 - ASUSTek COMPUTER INC.) Hidden
    ASUS Aura SDK (HKLM\...\{CF8E6E00-9C03-4440-81C0-21FACB921A6B}) (Version: 3.04.03 - ASUSTek COMPUTER INC.) Hidden
    ASUS Framework Service (HKLM-x32\...\{4483eb46-7659-4490-8603-2104aa5232ef}) (Version: 1.0.4.4 - ASUSTek COMPUTER INC.)
    ASUS Framework Service (HKLM-x32\...\{CB0E3BB6-3F2F-401E-B1D4-E23C582ACB11}) (Version: 1.0.4.4 - ASUSTek COMPUTER INC.) Hidden
    ASUS Keyboard HAL (HKLM\...\{0FA0CDEE-5DC8-421E-A97D-C74FA6E66FC3}) (Version: 1.1.17.0 - ASUSTek COMPUTER INC.) Hidden
    ASUS Keyboard HAL (HKLM-x32\...\{5cd2922e-8fee-44e3-a95a-62cabc5518fa}) (Version: 1.1.17.0 - ASUSTek COMPUTER INC.) Hidden
    ASUS MB Peripheral Products (HKLM\...\{BFED9861-7D96-4528-89F1-B090ABBF11A7}) (Version: 1.0.33 - ASUSTeK Computer Inc.) Hidden
    ASUS MB Peripheral Products (HKLM-x32\...\{ba1d61ab-a60c-4fc3-ae58-87a688f3e258}) (Version: 1.0.33 - ASUSTeK Computer Inc.) Hidden
    ASUS Mouse HAL (HKLM\...\{1838F91B-D481-45AA-B92F-071C62D0A19A}) (Version: 1.1.0.8 - ASUSTek COMPUTER INC.) Hidden
    ASUS Mouse HAL (HKLM-x32\...\{6a8e2c5f-6a39-4d81-8326-a6117c21089b}) (Version: 1.1.0.8 - ASUSTek COMPUTER INC.) Hidden
    ASUS Promotion (HKLM\...\{10FE8E2F-7BDD-4430-8D63-3D3BA3F708D9}) (Version: 1.0.0 - ASUSTeK COMPUTER INC.)
    ASUS Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.107.59 - ASUSTeK Computer Inc.) Hidden
    AURA lighting effect add-on (HKLM-x32\...\{1E2EA04B-FCA7-457E-B6F4-F33E1858E859}) (Version: 0.0.14 - ASUS)
    AURA lighting effect add-on x64 (HKLM\...\{C5A4A164-4428-4931-B728-96EEF0FA3C44}) (Version: 0.0.14 - ASUS)
    AURA Service (HKLM-x32\...\{0E536061-3B55-4D45-BF58-0BDA261C94B0}) (Version: 3.04.32 - ASUSTeK Computer Inc.) Hidden
    AURA Service (HKLM-x32\...\{1dd27167-f40c-47db-9e8f-b2f5d210f173}) (Version: 3.04.32 - ASUSTeK Computer Inc.)
    Avaya Integrated Management Administration Tools 6.0 SP14 (HKLM-x32\...\{AEB26E7C-1F64-48F6-82ED-6C2812C88B99}) (Version: 6.00.007SP14 - Avaya)
    Avaya Integrated Management Site Administration (HKLM-x32\...\{29914633-C013-43B3-A980-15C1F70DFDB2}) (Version: 6.00.007 - Avaya)
    Avaya one-X Agent - 2.5.10 (HKLM-x32\...\{58D3DB71-90EA-43DE-A89F-5FF4A3D88713}) (Version: 2.5.60037.0 - Avaya)
    Avaya one-X® Communicator (HKLM-x32\...\{E6C75F1C-19A6-4159-B86E-8A8D171B7D7B}) (Version: 6.2.14.4 - Avaya Inc.)
    BIG-IP Edge Client (HKLM-x32\...\{6D4839CB-28B4-4070-8CA7-612CA92CA3D0}) (Version: 71.2019.0923.1603 - F5 Networks, Inc.)
    BIG-IP Edge Client Components (All Users) (HKLM-x32\...\F5 Networks Client Components) (Version: 71.2019.0923.1603 - F5 Networks, Inc.)
    Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 25.0.1.194 - Bitdefender)
    Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 25.0.10.52 - Bitdefender)
    Bitdefender VPN (HKLM\...\Bitdefender VPN) (Version: 25.4.3.41 - Bitdefender)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.77 - Piriform)
    CMS Supervisor R18 (HKLM-x32\...\{FFF49E64-0ACC-4CC0-8E37-BAE63AACF1C5}) (Version: 18.00.041 - Avaya)
    Dashlane (HKU\S-1-5-21-1947618817-924375218-263046451-1001\...\Dashlane) (Version: 6.2103.0.42861 - Dashlane, Inc.)
    Discord (HKU\S-1-5-21-1947618817-924375218-263046451-1001\...\Discord) (Version: 0.0.310 - Discord Inc.)
    EaseUS Disk Copy (HKLM-x32\...\EaseUS Disk Copy_is1) (Version: 3.8 - CHENGDU YIWO Tech Development Co., Ltd)
    EaseUS Partition Master 13.5 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
    EzTiltPen (HKLM\...\{359DAC8D-CE33-4729-84E9-22D3367A44A9}_is1) (Version: 1.0.0.22 - ELAN microelectronics Crop.)
    File Viewer Lite (HKLM-x32\...\{C8B24B83-920A-446E-B027-38F72C9D8898}_is1) (Version: 1.5.0 - Sharpened Productions)
    File Viewer Plus 4 (HKLM-x32\...\{5C61A881-C34E-405E-8C33-800821A618CF}_is1) (Version: 4.0.1 - Sharpened Productions)
    focus booster version 2.2.0 (HKLM-x32\...\{4A8CD634-78D6-4A35-9D1E-98CCBD11910B}_is1) (Version: 2.2.0 - focus booster)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 94.0.4606.71 - Google LLC)
    Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 51.0.15.0 - Google LLC)
    Grammarly (HKU\S-1-5-21-1947618817-924375218-263046451-1001\...\GrammarlyForWindows) (Version: 1.5.78 - Grammarly)
    Grammarly for Microsoft® Office Suite (HKLM\...\{D2F1E2C9-B416-40C6-BA64-67691276A56B}) (Version: 6.8.254 - Grammarly) Hidden
    Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-1947618817-924375218-263046451-1001\...\{2970deb0-0683-4d35-80ae-09b866d6bdd1}) (Version: 6.8.254 - Grammarly)
    Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
    Hubstaff (HKLM-x32\...\Hubstaff) (Version: 1.5.15 - Netsoft Holdings, LLC.)
    Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: 6.39.2 - Tonec Inc.)
    Kobo (HKLM-x32\...\Kobo) (Version: 4.28.15823 - Rakuten Kobo Inc.)
    Krisp (HKLM\...\{7C985632-0891-48B7-A78C-952117F48C9C}) (Version: 1.28.4 - Krisp Technologies, Inc)
    Lightshot-5.5.0.7 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.5.0.7 - Skillbrains)
    Loom 0.56.0 (HKU\S-1-5-21-1947618817-924375218-263046451-1001\...\{3643b966-bc28-5bc8-95ff-3d47d66438db}) (Version: 0.56.0 - Loom, Inc.)
    Loom 0.80.1 (HKU\S-1-5-21-1947618817-924375218-263046451-1001\...\3643b966-bc28-5bc8-95ff-3d47d66438db) (Version: 0.80.1 - Loom, Inc.)
    Malwarebytes version 4.4.6.132 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.6.132 - Malwarebytes)
    Messenger 88.7.120 (HKU\S-1-5-21-1947618817-924375218-263046451-1001\...\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c) (Version: 88.7.120 - Facebook, Inc.)
    Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 94.0.992.38 - Microsoft Corporation)
    Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
    Microsoft Teams (HKU\S-1-5-21-1947618817-924375218-263046451-1001\...\Teams) (Version: 1.4.00.22976 - Microsoft Corporation)
    Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29016 (HKLM-x32\...\{40d3fee2-b257-46c2-bdc0-cb1088d97327}) (Version: 14.27.29016.0 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x86) - 14.14.26429 (HKLM-x32\...\{2019b6a0-8533-4a04-ac0e-b2c10bdb9841}) (Version: 14.14.26429.4 - Microsoft Corporation)
    Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 92.0 (x64 en-US)) (Version: 92.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 84.0.2 - Mozilla)
    NordVPN (HKLM\...\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 6.37.2.0 - TEFINCOM S.A.)
    NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
    NordVPN network TUN (HKLM\...\{BD0E4F38-D3F6-452D-A32E-B14D721839AC}) (Version: 1.0.1 - NordVPN)
    NVIDIA Graphics Driver 457.63 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 457.63 - NVIDIA Corporation)
    OEM Application Profile (HKLM-x32\...\{12C2AEB0-ED60-4CCF-DD83-C65BC7CCFB50}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
    Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
    PuTTY release 0.73 (HKLM-x32\...\{9A5E8BB6-AECA-42FB-8E76-DC8EA546AF2A}) (Version: 0.73.0.0 - Simon Tatham)
    Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 9.13.18.1333 - Razer Inc.)
    Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.6.0130.011816 - Razer Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8971.1 - Realtek Semiconductor Corp.)
    RefreshRateService (HKLM-x32\...\{7E5E84CB-B190-4658-A4DC-166779C329D1}) (Version: 2.0.3 - ASUSTeK COMPUTER INC.)
    ROG Live Service (HKLM-x32\...\{2D87BFB6-C184-4A59-9BBE-3E20CE797631}) (Version: 1.1.16.0 - ASUSTek COMPUTER INC.)
    ROGFontInstaller (HKLM-x32\...\{4CA1E4F5-B991-409C-B68A-BD430D5968CD}) (Version: 1.0.0 - ASUS)
    RogueKiller version 15.1.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.1.0.0 - Adlice Software)
    Screencast-O-Matic v2 (HKU\S-1-5-21-1947618817-924375218-263046451-1001\...\Screencast-O-Matic v2) (Version: - Screencast-O-Matic)
    ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 13.1.0 - ShareX Team)
    SJCAM Windows 10 (HKU\S-1-5-21-1947618817-924375218-263046451-1001\...\130003b4943bf096) (Version: 1.0.0.9 - SJCAM Windows 10)
    Skype version 8.75 (HKLM-x32\...\Skype_is1) (Version: 8.75 - Skype Technologies S.A.)
    Slack (HKU\S-1-5-21-1947618817-924375218-263046451-1001\...\slack) (Version: 4.20.0 - Slack Technologies Inc.)
    Snagit 2020 (HKLM\...\{52C6444E-57B2-4EC7-BFB1-76BB9F5E3EFC}) (Version: 20.1.6 - TechSmith Corporation) Hidden
    Snagit 2020 (HKLM-x32\...\{42fb6bc4-ee20-4082-9eb1-ade2147a8430}) (Version: 20.1.6.11106 - TechSmith Corporation)
    Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
    TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.15.5 - TeamViewer)
    Telegram Desktop version 2.5.1 (HKU\S-1-5-21-1947618817-924375218-263046451-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.5.1 - Telegram FZ-LLC)
    Update for Skype for Business 2016 (KB4493155) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{5376168B-3DBF-4B19-9F74-2ECBDC1BFB46}) (Version: - Microsoft)
    Update for Skype for Business 2016 (KB4493155) 64-Bit Edition (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}_Office16.PROPLUS_{5376168B-3DBF-4B19-9F74-2ECBDC1BFB46}) (Version: - Microsoft)
    Update for Skype for Business 2016 (KB4493155) 64-Bit Edition (HKLM\...\{90160000-012B-0409-1000-0000000FF1CE}_Office16.PROPLUS_{5376168B-3DBF-4B19-9F74-2ECBDC1BFB46}) (Version: - Microsoft)
    Viber (HKLM-x32\...\{E3A96F0B-19F9-4370-9B8D-4F9347D7C583}) (Version: 14.4.1.12 - Viber Media S.a.r.l) Hidden
    Viber (HKU\S-1-5-21-1947618817-924375218-263046451-1001\...\{c1321454-1fd8-4474-8979-2a45e12ec15f}) (Version: 14.4.1.12 - 2010-2020 Viber Media S.a.r.l)
    VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
    Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
    WhatsApp (HKU\S-1-5-21-1947618817-924375218-263046451-1001\...\WhatsApp) (Version: 2.2123.8 - WhatsApp)
    WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
    WinSCP 5.17.5 (HKLM-x32\...\winscp3_is1) (Version: 5.17.5 - Martin Prikryl)
    WizTree v3.41 (HKLM\...\WizTree_is1) (Version: 3.41 - Antibody Software)
    Wondershare Filmora 9.0.7.2 (HKLM\...\Wondershare Filmora_is1) (Version: 9.0.7.2 - lrepacks.ru)
    Zoom (HKU\S-1-5-21-1947618817-924375218-263046451-1001\...\ZoomUMX) (Version: 5.7.7 (1105) - Zoom Video Communications, Inc.)

    Packages:
    =========
    Booking.com APAC: Big savings on hotels in 96,000 destinations worldwide -> C:\Program Files\WindowsApps\PricelinePartnerNetwork.Booking.comAPACBigsavingso_2.0.5.0_x64__mgae2k3ys4ra0 [2021-04-16] (Priceline Partner Network)
    Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.10.183.0_x64__rz1tebttyb220 [2021-10-01] (Dolby Laboratories)
    Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.3.0_x64__xbfy0k16fey96 [2020-01-17] (Dropbox Inc.)
    DTS Sound Unbound -> C:\Program Files\WindowsApps\DTSInc.DTSSoundUnbound_2021.3.73.0_x64__t5j2fzbtdg37r [2021-10-05] (DTS, Inc.)
    Google Chat -> C:\Program Files\WindowsApps\mail.google.com-98783EC6_1.0.0.1_neutral__vq8mrer2vmnwe [2021-09-26] (mail.google.com)
    Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.14430.20234.0_x86__8wekyb3d8bbwe [2021-10-01] (Microsoft Corporation)
    Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.14430.20234.0_x86__8wekyb3d8bbwe [2021-10-01] (Microsoft Corporation)
    Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.14430.20234.0_x86__8wekyb3d8bbwe [2021-10-01] (Microsoft Corporation)
    Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.14430.20234.0_x86__8wekyb3d8bbwe [2021-10-01] (Microsoft Corporation)
    Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.14430.20234.0_x86__8wekyb3d8bbwe [2021-10-01] (Microsoft Corporation)
    Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.14430.20234.0_x86__8wekyb3d8bbwe [2021-10-01] (Microsoft Corporation)
    Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.14430.20234.0_x86__8wekyb3d8bbwe [2021-10-01] (Microsoft Corporation)
    MyASUS -> C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.0.22.0_x64__qmba6cd70vzyy [2021-10-01] (ASUSTeK COMPUTER INC.)
    Nimbus Screen Capture -> C:\Program Files\WindowsApps\NimbusWeb.NimbusCapture-ScreenshotScreenVideoRecor_2.2.3.0_neutral__p5fjnfwkc9ns0 [2019-09-25] (Nimbus Web)
    NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-05-26] (NVIDIA Corp.)
    Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-11-01] (Microsoft Corporation)
    Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.16.228.0_x64__dt26b99r8h8gj [2021-01-30] (Realtek Semiconductor Corp)
    Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.3.1.0_x64__kx24dqmazqk8j [2021-09-12] (Random Salad Games LLC)
    SJCAM Zone UWP -> C:\Program Files\WindowsApps\132728F202473.SJCAMZoneUWP_1.1.0.0_x86__tthxwnw0xv2tg [2021-05-03] (Максим Гутиков)
    TextNow - Unlimited Text + Calls -> C:\Program Files\WindowsApps\Enflick.TextNow-UnlimitedTextCalls_21.0.0.0_x64__dkxvxr4vem6pc [2021-04-16] (TextNow Inc.)

    ==================== Custom CLSID (Whitelisted): ==============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1947618817-924375218-263046451-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Thomazing!\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21161.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1947618817-924375218-263046451-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Thomazing!\AppData\Local\Microsoft\OneDrive\20.201.1005.0009\amd64\FileSyncShell64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1947618817-924375218-263046451-1001_Classes\CLSID\{2AD206F1-152C-4F9D-A24E-6F93FE7A4AFC}\InprocServer32 -> C:\Users\Thomazing!\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.8.254\D7CFC89A3C\GrammarlyShim64.dll (Grammarly, Inc. -> CompanyName)
    CustomCLSID: HKU\S-1-5-21-1947618817-924375218-263046451-1001_Classes\CLSID\{47E6DCAF-41F8-441C-BD0E-A50D5FE6C4D1}\localserver32 -> "C:\Users\Thomazing!\AppData\Local\Microsoft\OneDrive\20.201.1005.0009\MicrosoftListSync.exe" => No File
    CustomCLSID: HKU\S-1-5-21-1947618817-924375218-263046451-1001_Classes\CLSID\{4BE56754-B616-4998-B825-D16983AEE1B2}\InprocServer32 -> C:\Users\Thomazing!\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.8.254\D7CFC89A3C\Grammarly.AddIn.Connect.ActiveX.dll (Grammarly, Inc. -> Grammarly)
    CustomCLSID: HKU\S-1-5-21-1947618817-924375218-263046451-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Thomazing!\AppData\Local\Microsoft\OneDrive\20.201.1005.0009\amd64\FileSyncShell64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1947618817-924375218-263046451-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Thomazing!\AppData\Local\Microsoft\OneDrive\20.201.1005.0009\amd64\FileSyncShell64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1947618817-924375218-263046451-1001_Classes\CLSID\{917E8742-AA3B-7318-FA12-10485FB322A2}\localserver32 -> "C:\Users\Thomazing!\AppData\Local\Microsoft\OneDrive\20.201.1005.0009\MicrosoftListSync.exe" => No File
    CustomCLSID: HKU\S-1-5-21-1947618817-924375218-263046451-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Thomazing!\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
    ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2021-03-03] (Tonec Inc. -> Tonec FZE)
    ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\51.0.15.0\drivefsext.dll [2021-09-09] (Google LLC -> Google, Inc.)
    ShellIconOverlayIdentifiers: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\51.0.15.0\drivefsext.dll [2021-09-09] (Google LLC -> Google, Inc.)
    ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\51.0.15.0\drivefsext.dll [2021-09-09] (Google LLC -> Google, Inc.)
    ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\51.0.15.0\drivefsext.dll [2021-09-09] (Google LLC -> Google, Inc.)
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
    ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\51.0.15.0\drivefsext.dll [2021-09-09] (Google LLC -> Google, Inc.)
    ContextMenuHandlers1: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files\TechSmith\Snagit 2020\DLLx64\SnagitShellExt64.dll [2021-07-22] (TechSmith Corporation -> TechSmith Corporation)
    ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-28] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-28] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-25] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\51.0.15.0\drivefsext.dll [2021-09-09] (Google LLC -> Google, Inc.)
    ContextMenuHandlers4: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files\TechSmith\Snagit 2020\DLLx64\SnagitShellExt64.dll [2021-07-22] (TechSmith Corporation -> TechSmith Corporation)
    ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2020-08-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
    ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\51.0.15.0\drivefsext.dll [2021-09-09] (Google LLC -> Google, Inc.)
    ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvam.inf_amd64_21f432cacc7a9a01\nvshext.dll [2021-01-21] (NVIDIA Corporation -> NVIDIA Corporation)
    ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-25] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-28] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-28] (win.rar GmbH -> Alexander Roshal)

    ==================== Codecs (Whitelisted) ====================

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)

    ShortcutWithArgument: C:\Users\Thomazing!\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\dd8df11be87a5f99\Google Hangouts.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=nckgahadagoaajjgafhacjanaoiihapd --app-url
    ShortcutWithArgument: C:\Users\Thomazing!\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Local (Local Ads Team) - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2"

  6. #21
    Join Date
    Jul 2008
    Posts
    289
    ==================== Loaded Modules (Whitelisted) =============

    2020-02-27 17:05 - 2020-02-27 17:05 - 000148992 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\ffi\build\Release\ffi_bindings.node
    2020-02-27 17:05 - 2020-02-27 17:05 - 000138752 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\ref\build\Release\binding.node
    2021-01-30 17:25 - 2019-12-23 18:51 - 000093184 _____ () [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\zlibwapi.dll
    2021-01-30 17:25 - 2019-06-26 16:07 - 000094208 _____ () [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent\MacroControl.dll
    2020-02-27 17:05 - 2020-02-27 17:05 - 000081920 _____ () [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\WindowID\WindowID.dll
    2020-07-14 17:32 - 2020-07-14 17:32 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
    2020-07-14 17:32 - 2020-07-14 17:32 - 003567616 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
    2019-07-04 18:16 - 2019-07-04 18:16 - 001748992 _____ () [File not signed] C:\Program Files\Krisp\libsndfile-1.dll
    2018-08-14 14:49 - 2018-08-14 14:49 - 001874432 _____ () [File not signed] C:\Program Files\TechSmith\Snagit 2020\cairo.dll
    2018-08-14 14:49 - 2018-08-14 14:49 - 000790528 _____ () [File not signed] C:\Program Files\TechSmith\Snagit 2020\fontconfig.dll
    2018-08-14 14:49 - 2018-08-14 14:49 - 001041920 _____ () [File not signed] C:\Program Files\TechSmith\Snagit 2020\harfbuzz-vs14.dll
    2018-08-14 14:49 - 2018-08-14 14:49 - 000060928 _____ () [File not signed] C:\Program Files\TechSmith\Snagit 2020\iconv.dll
    2018-12-11 15:09 - 2018-12-11 15:09 - 000790016 _____ () [File not signed] C:\Program Files\TechSmith\Snagit 2020\libhpdf.dll
    2018-08-14 14:49 - 2018-08-14 14:49 - 000257536 _____ () [File not signed] C:\Program Files\TechSmith\Snagit 2020\libpng16.dll
    2018-08-14 14:49 - 2018-08-14 14:49 - 001294336 _____ () [File not signed] C:\Program Files\TechSmith\Snagit 2020\libxml2.dll
    2019-07-01 16:23 - 2019-07-01 16:23 - 016857600 _____ () [File not signed] C:\Program Files\TechSmith\Snagit 2020\opencv_core410.dll
    2019-07-01 16:23 - 2019-07-01 16:23 - 046091264 _____ () [File not signed] C:\Program Files\TechSmith\Snagit 2020\opencv_imgproc410.dll
    2018-08-14 14:49 - 2018-08-14 14:49 - 000086528 _____ () [File not signed] C:\Program Files\TechSmith\Snagit 2020\zlib1.dll
    2017-11-01 22:27 - 2017-11-01 22:27 - 000495203 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\plug_ins\Accessibility.api
    2017-11-01 22:27 - 2017-11-01 22:27 - 008278627 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\plug_ins\Annots.api
    2017-11-01 22:27 - 2017-11-01 22:27 - 001758819 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\plug_ins\EScript.api
    2017-11-01 22:27 - 2017-11-01 22:27 - 000110179 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\plug_ins\IA32.api
    2017-11-01 22:27 - 2017-11-01 22:27 - 000174179 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\plug_ins\Updater.api
    2017-11-01 22:27 - 2017-11-01 22:27 - 000305763 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\plug_ins\weblink.api
    2017-11-01 22:27 - 2017-11-01 22:27 - 000797795 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\plug_ins\WebPDF.api
    2020-08-21 13:19 - 2020-08-21 13:19 - 001562624 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\WVR\OpenVR\bin\win64\driver_amdwvr.dll
    2020-05-26 17:08 - 2020-05-26 17:08 - 002831360 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\LightingService\log4cxx.dll
    2021-01-30 17:25 - 2019-10-24 11:15 - 002676736 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\AURAChecker.dll
    2018-08-14 14:49 - 2018-08-14 14:49 - 000088576 _____ (Free Software Foundation) [File not signed] C:\Program Files\TechSmith\Snagit 2020\intl.dll
    2021-08-13 16:17 - 2021-08-13 16:17 - 001345024 _____ (gsscoder;nemec;ericnewton76;moh-hassan) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CommandLine\b308fa1f13bbe54d5f74a7f6ebaebedc\CommandLine.ni.dll
    2019-07-01 15:08 - 2019-07-01 15:08 - 000332288 _____ (Home) [File not signed] C:\Program Files\Krisp\P7x64.dll
    2016-01-08 13:28 - 2016-01-08 13:28 - 000356352 _____ (http://hunspell.sourceforge.net/) [File not signed] C:\Program Files\TechSmith\Snagit 2020\libhunspell.dll
    2021-08-13 16:16 - 2021-08-13 16:16 - 003864576 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Newtonsoft.Json\7b8ab54038ddb56a6cb56f93d2867a79\Newtonsoft.Json.ni.dll
    2021-02-26 13:52 - 2021-02-26 13:52 - 000048640 _____ (painter) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\amtlib.dll
    2018-08-14 14:49 - 2018-08-14 14:49 - 000291840 _____ (Red Hat Software) [File not signed] C:\Program Files\TechSmith\Snagit 2020\pango-1.0.dll
    2018-08-14 14:49 - 2018-08-14 14:49 - 000578560 _____ (Red Hat Software) [File not signed] C:\Program Files\TechSmith\Snagit 2020\pangocairo-1.0.dll
    2018-08-14 14:49 - 2018-08-14 14:49 - 000605184 _____ (Red Hat Software) [File not signed] C:\Program Files\TechSmith\Snagit 2020\pangoft2-1.0.dll
    2018-08-14 14:49 - 2018-08-14 14:49 - 000064512 _____ (Red Hat Software) [File not signed] C:\Program Files\TechSmith\Snagit 2020\pangowin32-1.0.dll
    2018-08-14 14:49 - 2018-08-14 14:49 - 001338368 _____ (The GLib developer community) [File not signed] C:\Program Files\TechSmith\Snagit 2020\glib-2.0.dll
    2018-08-14 14:49 - 2018-08-14 14:49 - 000284160 _____ (The GLib developer community) [File not signed] C:\Program Files\TechSmith\Snagit 2020\gobject-2.0.dll
    2021-01-30 17:25 - 2019-06-26 16:07 - 003394560 _____ (The OpenSSL Project, http://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\libcrypto-1_1-x64.dll
    2021-01-30 17:25 - 2019-06-26 16:07 - 000679424 _____ (The OpenSSL Project, http://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\libssl-1_1-x64.dll
    2020-07-14 17:32 - 2020-07-14 17:32 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll
    2020-07-14 17:32 - 2020-07-14 17:32 - 000039424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll
    2020-07-14 17:32 - 2020-07-14 17:32 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll
    2020-07-14 17:32 - 2020-07-14 17:32 - 000413696 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll
    2020-07-14 17:32 - 2020-07-14 17:32 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll
    2020-07-14 17:32 - 2020-07-14 17:32 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll
    2020-07-14 17:32 - 2020-07-14 17:32 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll
    2020-07-14 17:32 - 2020-07-14 17:32 - 000519168 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll
    2020-07-14 17:32 - 2020-07-14 17:32 - 001431040 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll
    2020-07-14 17:32 - 2020-07-14 17:32 - 001180672 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
    2020-07-14 17:32 - 2020-07-14 17:32 - 000135680 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\styles\qwindowsvistastyle.dll
    2020-08-21 13:28 - 2020-08-21 13:28 - 006010880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
    2020-07-14 17:32 - 2020-07-14 17:32 - 006345216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
    2020-07-14 17:32 - 2020-07-14 17:32 - 001078272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
    2020-07-14 17:32 - 2020-07-14 17:32 - 000313856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
    2020-07-14 17:32 - 2020-07-14 17:32 - 004000256 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
    2020-07-14 17:32 - 2020-07-14 17:32 - 003802624 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
    2020-07-14 17:32 - 2020-07-14 17:32 - 000171008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickControls2.dll
    2020-07-14 17:32 - 2020-07-14 17:32 - 001083904 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickTemplates2.dll
    2020-07-14 17:32 - 2020-07-14 17:32 - 000205312 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll
    2020-07-14 17:32 - 2020-07-14 17:32 - 000329728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
    2020-07-14 17:32 - 2020-07-14 17:32 - 000113152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
    2020-07-14 17:32 - 2020-07-14 17:32 - 000376320 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
    2020-07-14 17:32 - 2020-07-14 17:32 - 092323328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
    2020-07-14 17:32 - 2020-07-14 17:32 - 005560832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
    2020-07-14 17:32 - 2020-07-14 17:32 - 000463360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
    2020-07-14 17:32 - 2020-07-14 17:32 - 000188416 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
    2020-07-14 17:32 - 2020-07-14 17:32 - 002888704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
    2020-07-14 17:32 - 2020-07-14 17:32 - 000053760 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
    2020-07-14 17:32 - 2020-07-14 17:32 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
    2020-07-14 17:32 - 2020-07-14 17:32 - 000017408 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
    2020-07-14 17:32 - 2020-07-14 17:32 - 000287232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll
    2020-07-14 17:32 - 2020-07-14 17:32 - 000329216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
    2020-07-14 17:32 - 2020-07-14 17:32 - 000136192 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
    2020-07-14 17:32 - 2020-07-14 17:32 - 000089088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
    2020-07-14 17:32 - 2020-07-14 17:32 - 000312320 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll
    2020-07-14 17:32 - 2020-07-14 17:32 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
    2020-08-21 13:28 - 2020-08-21 13:28 - 000085504 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtWebEngine\qtwebengineplugin.dll
    2021-01-30 17:25 - 2019-07-31 14:48 - 000072704 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Protocol\Interrupt\InterruptTransfer.dll

    ==================== Alternate Data Streams (Whitelisted) ========

    ==================== Safe Mode (Whitelisted) ==================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) =================

    ==================== Internet Explorer (Whitelisted) ==========

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
    HKU\S-1-5-21-1947618817-924375218-263046451-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
    HKU\S-1-5-21-1947618817-924375218-263046451-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
    BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2020-12-13] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
    BHO: Bitdefender Trackers Blocking -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:\Program Files\Bitdefender\Bitdefender Security\bdtbie.dll [2021-08-16] (Bitdefender SRL -> Bitdefender)
    BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2021-08-16] (Bitdefender SRL -> Bitdefender)
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2021-04-15] (Microsoft Corporation -> Microsoft Corporation)
    BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    BHO: AvayaIEHlprObj Class -> {E6DF0B46-7D6F-407A-A6A2-62D17A021A9A} -> C:\Program Files (x86)\Avaya\Avaya one-X Agent\ClickToDial\ie\AvayaIEHelper_x64.dll [2017-02-09] (Avaya) [File not signed]
    BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2020-12-13] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
    BHO-x32: Bitdefender Trackers Blocking -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:\Program Files\Bitdefender\Bitdefender Security\antispam32\bdtbie.dll [2021-08-16] (Bitdefender SRL -> Bitdefender)
    BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2021-08-16] (Bitdefender SRL -> Bitdefender)
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2021-04-14] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-22] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: AvayaIEHlprObj Class -> {E6DF0B46-7D6F-407A-A6A2-62D17A021A9A} -> C:\Program Files (x86)\Avaya\Avaya one-X Agent\ClickToDial\ie\AvayaIEHelper.dll [2017-02-09] (Avaya) [File not signed]
    BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2021-08-16] (Bitdefender SRL -> Bitdefender)
    Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2021-08-16] (Bitdefender SRL -> Bitdefender)
    DPF: HKLM-x32 {00627E89-A19D-4A2B-938B-059CB7B1B493} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5certchk.cab
    DPF: HKLM-x32 {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} file://C:/Program Files (x86)/F5 VPN/F5_TMP/cachecleaner.cab
    DPF: HKLM-x32 {2BCDB465-81F9-41CB-832C-8037A4064446} C:\WINDOWS\TEMP\f5tmp\urxvpn.cab
    DPF: HKLM-x32 {2c8ffa64-e3f7-49ae-87c2-49018fde3aea} file://C:/Program Files (x86)/F5 VPN/F5_TMP/OesisInspector.cab
    DPF: HKLM-x32 {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} C:\WINDOWS\TEMP\f5tmp\f5tunsrv.cab
    DPF: HKLM-x32 {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\WINDOWS\TEMP\f5tmp\InstallerControl.cab
    DPF: HKLM-x32 {57C76689-F052-487B-A19F-855AFDDF28EE} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5InspectionHost.cab
    DPF: HKLM-x32 {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} file://C:/Program Files (x86)/F5 VPN/F5_TMP/vdeskctrl.cab
    DPF: HKLM-x32 {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} C:\WINDOWS\TEMP\f5tmp\urxshost.cab
    DPF: HKLM-x32 {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\WINDOWS\TEMP\f5tmp\urxhost.cab
    DPF: HKLM-x32 {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5syschk.cab
    Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
    Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-1947618817-924375218-263046451-1001\...\localhost -> localhost
    IE trusted site: HKU\S-1-5-21-1947618817-924375218-263046451-1001\...\realpage.com -> hxxps://vpnrp.realpage.com

    ==================== Hosts content: =========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2018-09-15 15:31 - 2021-10-05 14:10 - 000000000 _____ C:\WINDOWS\system32\drivers\etc\hosts

    ==================== Other Areas ===========================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1947618817-924375218-263046451-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Thomazing!\Downloads\Universe.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
    Windows Firewall is enabled.

  7. #22
    Join Date
    Jul 2008
    Posts
    289
    Network Binding:
    =============
    Ethernet 2: NordVPN LightWeight Firewall -> NordLwf (enabled)
    Wi-Fi 2: NordVPN LightWeight Firewall -> NordLwf (enabled)
    Local Area Connection 2: NordVPN LightWeight Firewall -> NordLwf (enabled)

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (If an entry is included in the fixlist, it will be removed.)

    HKLM\...\StartupApproved\StartupFolder: => "Avast SecureLine.lnk"
    HKLM\...\StartupApproved\StartupFolder: => "Avast SecureLine VPN.lnk"
    HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
    HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
    HKLM\...\StartupApproved\Run: => "BdVpnApp"
    HKLM\...\StartupApproved\Run: => "Krisp"
    HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
    HKLM\...\StartupApproved\Run32: => "AdobeGCInvoker-1.0"
    HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
    HKLM\...\StartupApproved\Run32: => "Adobe ARM"
    HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
    HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
    HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe"
    HKLM\...\StartupApproved\Run32: => "RazerCortex"
    HKU\S-1-5-21-1947618817-924375218-263046451-1001\...\StartupApproved\StartupFolder: => "Analytics Edge Missed Refresh Check.lnk"
    HKU\S-1-5-21-1947618817-924375218-263046451-1001\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-1947618817-924375218-263046451-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
    HKU\S-1-5-21-1947618817-924375218-263046451-1001\...\StartupApproved\Run: => "AvastBrowserAutoLaunch_7C605F436D1B85DDFA94A90406371805"
    HKU\S-1-5-21-1947618817-924375218-263046451-1001\...\StartupApproved\Run: => "IDMan"
    HKU\S-1-5-21-1947618817-924375218-263046451-1001\...\StartupApproved\Run: => "F5 Networks VPN Cleanup {2BCDB465-81F9-41CB-832C-8037A4064446}"
    HKU\S-1-5-21-1947618817-924375218-263046451-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
    HKU\S-1-5-21-1947618817-924375218-263046451-1001\...\StartupApproved\Run: => "Krisp"
    HKU\S-1-5-21-1947618817-924375218-263046451-1001\...\StartupApproved\Run: => "Skype for Desktop"
    HKU\S-1-5-21-1947618817-924375218-263046451-1001\...\StartupApproved\Run: => "Viber"
    HKU\S-1-5-21-1947618817-924375218-263046451-1001\...\StartupApproved\Run: => "Facebook.MessengerDesktop"
    HKU\S-1-5-21-1947618817-924375218-263046451-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_BE0BFBB616485A78E44C0CBAF29F45B7"
    HKU\S-1-5-21-1947618817-924375218-263046451-1001\...\StartupApproved\Run: => "Synapse3"
    HKU\S-1-5-21-1947618817-924375218-263046451-1001\...\StartupApproved\Run: => "com.squirrel.slack.slack"

    ==================== FirewallRules (Whitelisted) ================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{2DFE2712-E521-4130-86CD-CB37AC91ABD4}] => (Allow) C:\Users\Thomazing!\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
    FirewallRules: [{095F1567-7EC5-4C4E-AAF7-D58DC75F0B3A}] => (Allow) C:\Users\Thomazing!\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
    FirewallRules: [{497809AB-AB23-4166-80F1-21FDE297699D}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{BC30B44D-1A1B-44C8-8437-77971CAD280A}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{44706008-62CC-40EE-8A97-5CCF691865F0}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{94BCB239-FAB9-4A40-8AB7-E5CA483311C9}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{CA46E908-F51F-44C0-B244-D710EBF2E2E1}] => (Allow) C:\Users\Thomazing!\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
    FirewallRules: [{55087ADA-4E45-44B2-851B-BF67D24DA0A5}] => (Allow) C:\Users\Thomazing!\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
    FirewallRules: [{C00C2F81-2B5E-41E4-A1A9-B03410B8B1BF}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => No File
    FirewallRules: [{6120ABD9-2022-4187-B66E-6801F9E8A654}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
    FirewallRules: [{AECDA9D1-E45A-451B-834F-E1D322996492}] => (Allow) LPort=8299
    FirewallRules: [{2EBCAFC6-4C41-4D19-A233-FEE150149B54}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{D288635D-87A1-45D1-AF4A-3C0E24F49510}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{75C0B020-0314-4F47-8EB3-7A6FE18E58C3}] => (Allow) C:\Program Files (x86)\EaseUS\EaseUS Video Editor\EaseUS Video Editor.exe => No File
    FirewallRules: [{61F3019C-21AC-45C1-9C99-547C0E80039E}] => (Allow) C:\Program Files (x86)\EaseUS\EaseUS Video Editor\EaseUS Video Editor.exe => No File
    FirewallRules: [{E1ECBD29-0555-4363-996D-D758E91EFDA5}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{F437A815-EC89-4C49-AF1F-3E41F99B59B4}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{80191694-F243-4756-AEC4-1FD53A166869}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{A9AB4506-97C4-4AC5-B8BB-A61E7BC50EDC}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{4ECA5B08-EF42-42DD-AD5D-4B75590197BE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{8C35B5B8-6A89-495C-8CB4-AB3380AEB929}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{87D28D7A-4FF7-4C22-B672-50C8CE36BD65}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{197C5E23-6EDD-4E74-9090-A286A7399347}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{9D3B3384-DBA8-4E2E-AEAA-B338546F7027}] => (Allow) C:\Program Files (x86)\EaseUS\Disk Copy\bin\EaseUS Disk Copy.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
    FirewallRules: [{15688B37-C2C3-4CDF-90AF-A7A21846444D}] => (Allow) C:\Program Files (x86)\EaseUS\Disk Copy\bin\EaseUS Disk Copy.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
    FirewallRules: [{BA672362-8D24-486F-A06E-00AA18DC40B4}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmouryHtmlDebugServer.exe (ASUSTeK Computer Inc. -> ASUS)
    FirewallRules: [{6B5636AF-95AC-449A-AB98-E6F14205A852}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe (ASUSTeK Computer Inc. -> ASUS)
    FirewallRules: [{A5F73EEB-AB2A-4609-B1BF-396CE8B86D81}] => (Allow) C:\Program Files\ASUS\ARMOURY CRATE Service\MobilePlugin\AutoConnectHelper.exe (ASUSTeK COMPUTER INC. -> )
    FirewallRules: [{0A5D92AB-259B-46EE-B8D4-2A53576300FB}] => (Allow) C:\Program Files\ASUS\ARMOURY CRATE Service\MobilePlugin\AutoConnectHelper.exe (ASUSTeK COMPUTER INC. -> )
    FirewallRules: [{BE41BA39-481F-4F8D-A9A7-298B5D3AACA9}] => (Allow) C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe (ASUSTEK COMPUTER INCORPORATION -> ASUSTek COMPUTER INC.)
    FirewallRules: [{E865B3D3-F962-4999-BF1B-56B5E11793C7}] => (Allow) C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe (ASUSTEK COMPUTER INCORPORATION -> ASUSTek COMPUTER INC.)
    FirewallRules: [{D06BF247-BDEE-4050-A1FB-7F2CB58DD569}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
    FirewallRules: [{EE83F982-C8F9-4869-83A5-17F13C744715}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
    FirewallRules: [{4AEF03FB-F59C-46EE-84F7-00AAB28BE343}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
    FirewallRules: [{5C5634B1-0E0E-4D15-8C04-6AF27879E83B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
    FirewallRules: [{B806C590-65F2-43EC-813E-EC5545792C04}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe => No File
    FirewallRules: [{E3C3EB6E-6933-4DE7-92FB-B57706952F2E}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{2A7DB977-DB36-4E04-9588-FAA79787D884}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{DEB3447C-BEE6-4DE9-BF36-4E47B167C26A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.14430.20234.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{09CF9402-2218-4B01-82E5-E697750A0D39}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
    FirewallRules: [{363C338B-BAC3-45F8-861E-F3FCA51DDA6B}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_74be8ed024c977b8\ASUSLinkNear\AsusLinkNear.exe (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
    FirewallRules: [{D379B4AA-40C4-4DD9-953A-214FE5135F41}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_74be8ed024c977b8\ASUSLinkRemote\AsusLinkRemoteAgent.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​)
    FirewallRules: [{73FBF6DB-5635-4197-9F7A-960371802AB2}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_74be8ed024c977b8\ASUSLinkRemote\AsusLinkRemoteAgent.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​)

    ==================== Restore Points =========================

    17-09-2021 17:47:04 Windows Modules Installer
    24-09-2021 20:12:19 Removed Backup and Sync from Google
    28-09-2021 00:51:31 Windows Update
    05-10-2021 09:06:47 AdwCleaner_BeforeCleaning_05/10/2021_09:06:47

    ==================== Faulty Device Manager Devices ============


    ==================== Event log errors: ========================

    Application errors:
    ==================
    Error: (10/05/2021 01:53:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Local Hostname Thomazingerzee.local already in use; will try Thomazingerzee-2.local instead

    Error: (10/05/2021 01:53:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Thomazingerzee.local. Addr 192.168.1.11

    Error: (10/05/2021 01:53:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Received from 192.168.1.11:5353 16 Thomazingerzee.local. AAAA 2001:4453:0623:4800:75F4:BFC2:0B5B:8450

    Error: (10/05/2021 01:53:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 Thomazingerzee.local. AAAA FE80:0000:0000:0000:094D:18C8:9213:11B4

    Error: (10/05/2021 01:53:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Received from 192.168.1.11:5353 16 Thomazingerzee.local. AAAA 2001:4453:0623:4800:75F4:BFC2:0B5B:8450

    Error: (10/05/2021 01:53:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 Thomazingerzee.local. AAAA 2001:4453:0623:4800:61F5:AA62:C618:5069

    Error: (10/05/2021 01:53:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Received from 192.168.1.11:5353 16 Thomazingerzee.local. AAAA 2001:4453:0623:4800:75F4:BFC2:0B5B:8450

    Error: (10/05/2021 01:53:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 Thomazingerzee.local. AAAA 2001:4453:0623:4800:094D:18C8:9213:11B4


    System errors:
    =============
    Error: (10/05/2021 09:09:57 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.

    Module Path: C:\WINDOWS\system32\IntelIHVRouter08.dll

    Error: (10/05/2021 09:09:57 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.

    Module Path: C:\WINDOWS\system32\IntelIHVRouter08.dll

    Error: (10/05/2021 09:09:51 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.

    Module Path: C:\WINDOWS\system32\IntelIHVRouter08.dll

    Error: (10/05/2021 09:07:14 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The RzKLService service terminated unexpectedly. It has done this 1 time(s).

    Error: (10/05/2021 09:07:05 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The LightingService service terminated unexpectedly. It has done this 1 time(s).

    Error: (10/05/2021 09:07:05 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Razer Synapse Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (10/05/2021 09:07:05 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The ASUS App Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

    Error: (10/05/2021 09:07:05 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The NVIDIA Display Container LS service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.


    Windows Defender:
    ================
    Date: 2021-01-30 20:17:26
    Description:
    Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.311.598.0
    Update Source: Microsoft Malware Protection Center
    Security intelligence Type: AntiSpyware
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16800.2
    Error code: 0x80072f8f
    Error description: A security error occurred

    Date: 2021-01-30 20:17:26
    Description:
    Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.311.598.0
    Update Source: Microsoft Malware Protection Center
    Security intelligence Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16800.2
    Error code: 0x80072f8f
    Error description: A security error occurred

    Date: 2021-01-30 20:17:26
    Description:
    Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.311.598.0
    Update Source: Microsoft Update Server
    Security intelligence Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16800.2
    Error code: 0x80240022
    Error description: The program can't check for definition updates.

    Date: 2021-01-30 20:17:26
    Description:
    Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.311.598.0
    Update Source: Microsoft Update Server
    Security intelligence Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16800.2
    Error code: 0x80240022
    Error description: The program can't check for definition updates.

    CodeIntegrity:
    ===============
    Date: 2021-10-05 13:01:46
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    BIOS: American Megatrends Inc. GA401II.219 12/30/2020
    Motherboard: ASUSTeK COMPUTER INC. GA401II
    Processor: AMD Ryzen 7 4800HS with Radeon Graphics
    Percentage of memory in use: 41%
    Total physical RAM: 40365.59 MB
    Available physical RAM: 23514.5 MB
    Total Virtual: 46253.59 MB
    Available Virtual: 26024.59 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:416.43 GB) (Free:222.99 GB) NTFS
    Drive d: (Abebi) (Fixed) (Total:513.08 GB) (Free:392.33 GB) NTFS
    Drive g: (Google Drive) (Fixed) (Total:100 GB) (Free:61.1 GB) FAT32

    \\?\Volume{3b6f7970-a0b1-4f3f-9312-2fddeb7419d7}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.47 GB) NTFS
    \\?\Volume{56e9d1ba-7211-4f83-874a-a62d0b54ca6f}\ (SYSTEM) (Fixed) (Total:1.02 GB) (Free:0.95 GB) FAT32

    ==================== MBR & Partition Table ====================

    ==========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 6015120A)

    Partition: GPT.

    ==================== End of Addition.txt =======================

  8. #23
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
    Attached Files Attached Files

  9. #24
    Join Date
    Jul 2008
    Posts
    289
    Gotcha! Here @Broni!

    Fix result of Farbar Recovery Scan Tool (x64) Version: 05-10-2021
    Ran by Thomazing! (06-10-2021 09:39:38) Run:1
    Running from C:\Users\Thomazing!\Desktop
    Loaded Profiles: Thomazing!
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
    HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
    FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\bd_js_config.js [2021-02-25] <==== ATTENTION (Points to *.cfg file)
    FF ExtraCheck: C:\Program Files\mozilla firefox\bd_config.cfg [2021-02-25] <==== ATTENTION
    2020-10-13 11:52 - 2020-10-14 16:56 - 000000232 _____ () C:\Users\Thomazing!\AppData\Roaming\debug.log
    2020-06-06 16:00 - 2020-06-06 21:48 - 000000128 _____ () C:\Users\Thomazing!\AppData\Roaming\winscp.rnd
    2019-08-23 08:12 - 2019-08-23 08:12 - 000000000 _____ () C:\Users\Thomazing!\AppData\Local\oobelibMkey.log
    2020-04-14 12:55 - 2020-07-09 09:29 - 000000128 _____ () C:\Users\Thomazing!\AppData\Local\PUTTY.RND
    2020-06-04 15:29 - 2020-08-17 21:02 - 000007618 _____ () C:\Users\Thomazing!\AppData\Local\Resmon.ResmonCfg
    2021-05-30 11:20 - 2021-05-30 11:20 - 000000003 _____ () C:\Users\Thomazing!\AppData\Local\updater.log
    2021-05-30 11:20 - 2021-05-30 11:20 - 000000424 _____ () C:\Users\Thomazing!\AppData\Local\UserProducts.xml
    CustomCLSID: HKU\S-1-5-21-1947618817-924375218-263046451-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Thomazing!\AppData\Local\Microsoft\OneDrive\20.201.1005.0009\amd64\FileSyncShell64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1947618817-924375218-263046451-1001_Classes\CLSID\{47E6DCAF-41F8-441C-BD0E-A50D5FE6C4D1}\localserver32 -> "C:\Users\Thomazing!\AppData\Local\Microsoft\OneDrive\20.201.1005.0009\MicrosoftListSync.exe" => No File
    CustomCLSID: HKU\S-1-5-21-1947618817-924375218-263046451-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Thomazing!\AppData\Local\Microsoft\OneDrive\20.201.1005.0009\amd64\FileSyncShell64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1947618817-924375218-263046451-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Thomazing!\AppData\Local\Microsoft\OneDrive\20.201.1005.0009\amd64\FileSyncShell64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1947618817-924375218-263046451-1001_Classes\CLSID\{917E8742-AA3B-7318-FA12-10485FB322A2}\localserver32 -> "C:\Users\Thomazing!\AppData\Local\Microsoft\OneDrive\20.201.1005.0009\MicrosoftListSync.exe" => No File
    CustomCLSID: HKU\S-1-5-21-1947618817-924375218-263046451-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Thomazing!\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    FirewallRules: [{C00C2F81-2B5E-41E4-A1A9-B03410B8B1BF}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => No File
    FirewallRules: [{6120ABD9-2022-4187-B66E-6801F9E8A654}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
    FirewallRules: [{75C0B020-0314-4F47-8EB3-7A6FE18E58C3}] => (Allow) C:\Program Files (x86)\EaseUS\EaseUS Video Editor\EaseUS Video Editor.exe => No File
    FirewallRules: [{61F3019C-21AC-45C1-9C99-547C0E80039E}] => (Allow) C:\Program Files (x86)\EaseUS\EaseUS Video Editor\EaseUS Video Editor.exe => No File
    FirewallRules: [{B806C590-65F2-43EC-813E-EC5545792C04}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe => No File

    *****************

    HKLM\SOFTWARE\Policies\Mozilla => removed successfully
    HKLM\SOFTWARE\Policies\Google => removed successfully
    C:\Program Files\mozilla firefox\defaults\pref\bd_js_config.js => moved successfully
    C:\Program Files\mozilla firefox\bd_config.cfg => moved successfully
    C:\Users\Thomazing!\AppData\Roaming\debug.log => moved successfully
    C:\Users\Thomazing!\AppData\Roaming\winscp.rnd => moved successfully
    C:\Users\Thomazing!\AppData\Local\oobelibMkey.log => moved successfully
    C:\Users\Thomazing!\AppData\Local\PUTTY.RND => moved successfully
    C:\Users\Thomazing!\AppData\Local\Resmon.ResmonCfg => moved successfully
    C:\Users\Thomazing!\AppData\Local\updater.log => moved successfully
    C:\Users\Thomazing!\AppData\Local\UserProducts.xml => moved successfully
    HKU\S-1-5-21-1947618817-924375218-263046451-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => removed successfully
    HKU\S-1-5-21-1947618817-924375218-263046451-1001_Classes\CLSID\{47E6DCAF-41F8-441C-BD0E-A50D5FE6C4D1} => removed successfully
    HKU\S-1-5-21-1947618817-924375218-263046451-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => removed successfully
    HKU\S-1-5-21-1947618817-924375218-263046451-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => removed successfully
    HKU\S-1-5-21-1947618817-924375218-263046451-1001_Classes\CLSID\{917E8742-AA3B-7318-FA12-10485FB322A2} => removed successfully
    HKU\S-1-5-21-1947618817-924375218-263046451-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92} => removed successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C00C2F81-2B5E-41E4-A1A9-B03410B8B1BF}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6120ABD9-2022-4187-B66E-6801F9E8A654}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{75C0B020-0314-4F47-8EB3-7A6FE18E58C3}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{61F3019C-21AC-45C1-9C99-547C0E80039E}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B806C590-65F2-43EC-813E-EC5545792C04}" => removed successfully

    ==== End of Fixlog 09:39:38 ====

  10. #25
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Last scans...

    Download Security Check from here or here and save it to your Desktop.

    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services



    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.


    Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.




    Download Sophos Free Virus Removal Tool and save it to your desktop.

    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program

  11. #26
    Join Date
    Jul 2008
    Posts
    289
    Got it! Here:

    Farbar Service Scanner Version: 23-12-2020
    Ran by Thomazing! (administrator) on 07-10-2021 at 08:29:47
    Running from "C:\Users\Thomazing!\Desktop"
    Microsoft Windows 10 Home Single Language (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Policy:
    ========================


    Windows Security:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend: ""C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe"".


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\Drivers\afd.sys => File is digitally signed
    C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\SecurityHealthService.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****


    ==========================================================================================
    ==========================================================================================


    Results of screen317's Security Check version 1.014 --- 12/23/15
    x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Avast Antivirus
    Bitdefender Antivirus
    Windows Defender
    Malwarebytes
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Google Chrome (94.0.4606.71)
    Google Chrome (SetupMetrics...)
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamtray.exe
    Malwarebytes Anti-Malware MbamBgNativeMsg.exe
    Bitdefender Bitdefender Security bdservicehost.exe
    Bitdefender Agent ProductAgentService.exe
    Bitdefender Bitdefender Security updatesrv.exe
    Bitdefender Bitdefender Security bdntwrk.exe
    Bitdefender Bitdefender VPN bdvpnservice.exe
    Common Files Bitdefender SetupInformation Bitdefender RedLine\bdredline.exe
    Bitdefender Agent redline bdredline.exe
    Bitdefender Agent 25.0.1.194 DiscoverySrv.exe
    Bitdefender Bitdefender Security bdagent.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````


    ==========================================================================================
    ==========================================================================================



    As per Sophos logs, there isn't.

    No threats were found. See image link.

    Link >> https://prnt.sc/1v4d896
    Last edited by peker; October 7th, 2021 at 02:13 AM.

  12. #27
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Your computer is clean [img=https://www.bleepstatic.com/fhost/uploads/6/snag-0004.jpg]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:

    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings


    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

    5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    6. Run Temporary File Cleaner (TFC) and AdwCleaner weekly (you need to redownload these tools since they were removed by DelFix).

    7. (optional) If you want to keep all your programs up to date, download and install FileHippo App Manager.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    9. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tuto...r-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/foru.../#entry3187642

    10. Please, let me know, how your computer is doing.

  13. #28
    Join Date
    Jul 2008
    Posts
    289
    Yey! Thanks so much for all these tips @Broni! Will bookmark this.

    Yeah, so far things got better. I notice the slow down took place when I'm chatting using the facebook messenger. It was slow to type and I notice something wormy happening on my laptop that's why I came to your help. AHAHAH

    But all good now. It's been a while since we last touched on this forum. And you are still so awesome and fantastic on what you do!

    How can I repay you?

  14. #29
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    You already did by saying "thanks"
    Good luck and stay safe

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •