Every 2 minutes (or less), BitDefender says detected threat is being disinfected and then malicious application has been blocked. The file in question is mchost.exe located at C:\Users\harsh\AppData\Roaming\mqoakadlqc. I went to that folder and tried deleting that exe file, but it says it requires permission from the admin, which I'm already logged in as.
Bitdefender says:
"Application mchost.exe has been detected as potentially malicious and was blocked.
Application path: C:\Users\harsh\AppData\Roaming\mqoakadlqc\mchost.exe
Command line parameters: C:\Users\harsh\AppData\Roaming\mqoakadlqc\mchost.exe "C:\Users\harsh\AppData\Roaming\mqoakadlqc\mchost.chm"
Detection ID: SuspiciousBehavior.41DD99DA46B1B505"
I was also forced to attach FRST.txt and Addition because my browser locks up as soon as I copy/paste the FRST contents. I tried Brave too, but same issue. Browser locks up as soon as I copy/paste, and only option is to end task browser. Very odd issue. I tried restarting pc. Let me know if you want me to copy/paste content of text files elsewhere. Thanks!
Edit:
Finally was able to copy/paste after multiple tries
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-12-2022
Ran by harsh (administrator) on HARSH-PC (Micro-Star International Co., Ltd. MS-7D59) (27-12-2022 20:55:36)
Running from C:\Users\harsh\Desktop
Loaded Profiles: harsh
Platform: Microsoft Windows 10 Pro Version 22H2 19045.2364 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files (x86)\MSI\MSI Center\MSI.CentralServer.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\MSI Center\Engine\CC_Engine_x64.exe
(C:\Program Files (x86)\MSI\MSI Center\MSI_Central_Service.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\MSI.CentralServer.exe
(C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe ->) (Razer USA Ltd. -> The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe <5>
(C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
(C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe ->) (Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\Synapse3\UserProcess\Razer Synapse Service Process.exe
(C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe ->) (Surfshark B.V. -> Surfshark) C:\Program Files (x86)\Surfshark\Surfshark.AntivirusService.exe
(C:\Program Files\Bitdefender Agent\ProductAgentService.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\26.0.1.233\DiscoverySrv.exe
(C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe
(C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdntwrk.exe
(C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdwtxag.exe
(C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\seccenter.exe
(C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe ->) (S.C. BITDEFENDER S.R.L. -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\wsccommunicator.exe
(C:\Program Files\HotVirtualKeyboard\hvk.exe ->) (Comfort Software Group -> Comfort Software Group) C:\Program Files\HotVirtualKeyboard\hvkcm64.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Comfort Software Group -> Comfort Software Group) C:\Program Files\HotVirtualKeyboard\hvk.exe
(explorer.exe ->) (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(explorer.exe ->) (F.lux Software LLC -> f.lux Software LLC) C:\Users\harsh\AppData\Local\FluxSoftware\Flux\flux.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <23>
(explorer.exe ->) (Mullvad VPN) [File not signed] C:\Program Files\Mullvad VPN\Mullvad VPN.exe <4>
(explorer.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe <2>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\redline\bdredline.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe <3>
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(services.exe ->) (Logitech Inc -> Logitech) C:\Program Files\Logitech\LogiCapture\bin\Service\LogiFacecamService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Case\MSI_Case_Service.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\MSI_Central_Service.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Voice Control\VoiceControl_Service.exe
(services.exe ->) (Mullvad VPN AB -> Mullvad VPN AB) C:\Program Files\Mullvad VPN\resources\mullvad-daemon.exe
(services.exe ->) (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(services.exe ->) (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_6fd074e02d655c70\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (O&O Software GmbH -> O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(services.exe ->) (Plex, Inc. -> Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzChromaStreamServer.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Surfshark B.V. -> Surfshark) C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe
(services.exe ->) (Surfshark B.V. -> Surfshark) C:\Program Files (x86)\Surfshark\Surfshark.Service.exe
(services.exe ->) (Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.231\WsAppService.exe
(svchost.exe ->) () [File not signed] C:\Program Files (x86)\MSI\MSI Companion\Gamebar_Connect.exe
(svchost.exe ->) () [File not signed] C:\Program Files (x86)\MSI\MSI Companion\MSI_GamebarTool.exe
(svchost.exe ->) (Lespeed Technology Ltd. -> WiseCleaner.COM) C:\Program Files (x86)\Wise\Wise Auto Shutdown\WiseAutoShutdown.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2210.0.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22102.229.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Copyright © 2020 Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Companion\TraceFPS.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\MSI.TerminalServer.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Speed Up\StorageMonitor.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Voice Control\VoiceControlEngine.exe
(ZOHO Corporation Private Limited -> Zoho Corp) C:\Program Files\Notebook\Notebook.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [4465448 2014-08-29] (O&O Software GmbH -> O&O Software GmbH)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [18727048 2018-10-05] (Logitech Inc -> Logitech Inc.)
HKLM\...\Run: [notebookAutoLaunch] => explorer.exe notebook-windows://background (No File)
HKLM-x32\...\Run: [hvk] => C:\Program Files\HotVirtualKeyboard\hvk.exe [8149416 2017-02-10] (Comfort Software Group -> Comfort Software Group)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2075480 ] (Flexera Software LLC -> Flexera Software LLC.)
HKLM-x32\...\Run: [DNS7reminder] => F:\Programs\NaturallySpeaking15\Ereg\Ereg.exe [3146120 2016-05-06] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2369240 2015-10-20] (Microsoft Corporation -> Microsoft Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [711288 2022-09-15] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\Run: [Amazon Music Helper] => C:\Users\harsh\AppData\Local\Amazon Music\Amazon Music Helper.exe [2099656 2020-12-11] (Amazon.com Services LLC -> Amazon.com Services LLC)
HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2075480 2013-06-24] (Flexera Software LLC -> Flexera Software LLC.)
HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\Run: [Chromium] => "c:\users\harsh\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session [829440 2017-02-15] (The Chromium Authors) [File not signed]
HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [729704 2018-03-21] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\Run: [f.lux] => C:\Users\harsh\AppData\Local\FluxSoftware\Flux\flux.exe [1515848 2021-06-17] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18534016 2018-07-20] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3542536 2022-12-12] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\Run: [MicrosoftEdgeAutoLaunch_6E1ADB05E443F1CB09F802BBD4C0D6A8] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3879848 2022-12-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\Run: [net.mullvad.vpn] => C:\Program Files\Mullvad VPN\Mullvad VPN.exe [149006336 2022-10-14] (Mullvad VPN) [File not signed]
HKU\S-1-5-18\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18534016 2018-07-20] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-18\...\Run: [] => [X]
HKU\S-1-5-18\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [24605528 2022-06-27] (Plex, Inc. -> Plex, Inc.)
HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3542536 2022-12-12] (Razer USA Ltd. -> Razer Inc.)
HKLM\...\Windows x64\Print Processors\hpcpp155: C:\Windows\System32\spool\prtprocs\x64\hpcpp155.DLL [597792 2013-09-04] (Hewlett-Packard Company -> Hewlett-Packard Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\108.0.5359.125\Installer\chrmstp.exe [2022-12-15] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\108.1.46.144\Installer\chrmstp.exe [2022-12-14] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\O&O Defrag Tray.lnk [2017-11-30]
ShortcutTarget: O&O Defrag Tray.lnk -> C:\Windows\Installer\{50C961A1-889F-4A4E-9587-2772A45B6AAD}\app_icon.ico () [File not signed]
Startup: C:\Users\harsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Emby Server.lnk [2019-11-25]
ShortcutTarget: Emby Server.lnk -> C:\Users\harsh\AppData\Roaming\Emby-Server\system\EmbyServer.exe (Emby LLC -> Emby) [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00AA548D-416A-4105-8E22-9199CF197B9C} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -SqlLiteRecoveryTask (No File)
Task: {052B9B4C-828B-4238-8137-18C7714A34A2} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144344 2022-12-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {0A340A66-523C-45AF-A587-55CF9C79825E} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {0C57B2EB-5604-4B4B-9655-8CFCF86416DF} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-04-18] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {0F5F7D27-FE27-4487-81B6-53C339217AF7} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3341432 2022-05-05] (Nvidia Corporation -> NVIDIA Corporation)
Task: {0FED4227-7D4A-4C7A-9126-689FD1E433EB} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (No File)
Task: {14635B2B-C737-412A-AD69-E135A26018A5} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (No File)
Task: {19D06995-78E9-43C3-8C55-D0B1BA09594B} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe /RestartRecording (No File)
Task: {24C2551B-F34F-43B7-BD56-A86C9C06354A} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (No File)
Task: {24D1CE51-8F36-48F3-A9DC-DDBCD26C792A} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (No File)
Task: {25370D35-657C-41CF-A51B-857A765B598B} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {309BC360-8259-43A4-AA3E-7CF8D26F7666} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [13684416 2018-07-20] (Piriform Ltd -> Piriform Ltd)
Task: {320A07E0-0FE1-4B55-8C9C-5540A8847A5B} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\26.0.1.233\WatchDog.exe [1053264 2022-07-25] (Bitdefender SRL -> Bitdefender)
Task: {364DB9B8-6DF1-40FD-A1E5-6E4A552E0945} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905984 2022-05-04] (Nvidia Corporation -> NVIDIA Corporation)
Task: {39A4664E-9AA4-4205-906B-755A30ADB322} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [647424 2022-05-04] (Nvidia Corporation -> NVIDIA Corporation)
Task: {3A3226F2-EC6B-4E67-AB2C-65CDBA282E1D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /PBDADiscovery (No File)
Task: {3F2D926F-AF83-4698-9D31-A566A0BD9702} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe /OCURActivate (No File)
Task: {40213571-BE65-4E93-833C-130B0831F4CC} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1649920 2022-05-04] (Nvidia Corporation -> NVIDIA Corporation)
Task: {410ADBAD-EDAD-4044-8A46-314B9094E2CF} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {420BD8E7-AA1E-4699-8E8A-C0915A3AF90F} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-04-18] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {4768C49B-6CA5-4DF8-8D12-62FEB5F50C11} - System32\Tasks\GoogleUpdateTaskMachineCore1d3ee4cf7ca0a91 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-10-22] (Google Inc -> Google Inc.)
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {48C426C7-774C-480E-8B82-720E25EBC207} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe $(Arg0) (No File)
Task: {51D88FBB-D972-4C89-A376-B57722BC5C11} - System32\Tasks\MSI_TraceFPS => C:\Program Files (x86)\MSI\MSI Companion\TraceFPS.exe [2780144 2022-12-27] (MICRO-STAR INTERNATIONAL CO., LTD. -> Copyright © 2020 Micro-Star INT'L CO., LTD.)
Task: {52EAA434-4938-4FC8-BA46-99C2587C94FC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8509392 2022-12-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {53B7FC0A-3AC9-4C4A-9DA3-096E9302DBAE} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {6B9351F3-95FB-45C1-B827-1A454C2D6FA3} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26308584 2022-12-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {6D4D7B0D-E548-4217-A04A-56AB431FFC65} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (No File)
Task: {704AC569-02D7-438F-86D1-6A310567BD90} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {720EADFB-2BD3-469A-866E-67E73DC78AC0} - System32\Tasks\Wise Auto Shutdown Task.job => C:\Program Files (x86)\Wise\Wise Auto Shutdown\WiseAutoShutdown.exe -a
Task: {76FA05D3-6968-4435-9B70-650C89FC0229} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -MediaCenterRecoveryTask (No File)
Task: {796309E7-D9B6-4313-98E3-C44E972BE5A2} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [146816 2022-12-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {7C761D0F-E986-418A-8727-242B924537AF} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {7C839511-5B5E-4469-B17B-4D53CA1E2B6A} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe /DoReindexSearchRoot (No File)
Task: {81CAE07D-0990-4C62-9E9F-5627D4673800} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-10-22] (Google Inc -> Google Inc.)
Task: {8282340D-B6CF-40C4-8F97-5B32B28E0CAE} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe /DRMInit (No File)
Task: {832CA8E2-0009-408B-A80D-C6821408246B} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -ObjectStoreRecoveryTask (No File)
Task: {85E1A35C-88C9-4492-BFBD-B5F971841074} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1649920 2022-05-04] (Nvidia Corporation -> NVIDIA Corporation)
Task: {8DACE16E-4DEC-406F-8464-3095709B96C7} - \Mozilla\anlbfb -> No File <==== ATTENTION
Task: {926D6815-032A-4476-BAA5-7BFF6B5D0CAA} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -PvrRecoveryTask (No File)
Task: {964B4E21-010D-4391-943E-A7BB5FF05762} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-10-22] (Google Inc -> Google Inc.)
Task: {9918C49C-2E67-4DAA-A0A6-3AFD8C5F6615} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe -pscn 0 (No File)
Task: {AA797FF6-713B-419C-9F1F-A4A3D4CA4158} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1649920 2022-05-04] (Nvidia Corporation -> NVIDIA Corporation)
Task: {B06759D8-2731-408D-8E7E-E7ACB1DD5AB4} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {B5327845-28EA-402D-822D-7394B7C39432} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (No File)
Task: {B7B43A85-3887-4FAD-AA26-CCC874A60DBE} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {B82B00A5-F47F-4AD2-A168-359101F5B8E0} - System32\Tasks\GoogleUpdateTaskMachineUA1d5796e4cc8c1d9 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-10-22] (Google Inc -> Google Inc.)
Task: {BED34713-068F-4401-80A3-9685581118DD} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905984 2022-05-04] (Nvidia Corporation -> NVIDIA Corporation)
Task: {BFC48C90-ECDA-45D5-B6F5-ECB23ABFD06F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1552376 2022-09-26] (Adobe Inc. -> Adobe Inc.)
Task: {C4A1B537-8781-47FC-BFF6-EDEB4AE8FDC3} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {D461C4C9-F933-4140-A21E-782BBFB8A33D} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144344 2022-12-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {D78704B6-0B71-45C6-B1DA-3314652CC365} - System32\Tasks\MSI_GamebarConnect => C:\Program Files (x86)\MSI\MSI Companion\Gamebar_Connect.exe [94720 2022-12-27] () [File not signed]
Task: {D7B3DEC6-F317-45E7-A5B4-FACDCA0B26C4} - System32\Tasks\Update Manager => C:\Users\harsh\AppData\Roaming\The.Elder.Scrolls.V.Skyrim.Legendary.Edition.With.update1.9+ALLDLCs\auujqq.exe /upgradeid=f561932c-0bef-41b9-9289-b7d5c099b86b (No File)
Task: {E4DEC8D7-2EB6-47E5-BEDB-AFFFE9BDB814} - System32\Tasks\GoogleUpdateTaskMachineCore1d5796e4cc59ba5 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-10-22] (Google Inc -> Google Inc.)
Task: {E4F3255B-6FD4-4209-95F9-E13B2D096B63} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1649920 2022-05-04] (Nvidia Corporation -> NVIDIA Corporation)
Task: {E661E14C-C8E2-437F-A483-49AB2AA55C11} - System32\Tasks\MSI Task Host - FixNorton.exe => C:\Program Files (x86)\MSI\MSI Center\PushCast\Push20221215131801\FixNorton.exe [25208 2022-12-19] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
Task: {EAEE9CB6-F277-4E6A-82B3-115C2DC8406D} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-03-24] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {EBBDE9EF-807D-42FC-8BC2-B881EFF8E854} - System32\Tasks\MSI_GamebarTool => C:\Program Files (x86)\MSI\MSI Companion\MSI_GamebarTool.exe [88064 2022-12-27] () [File not signed]
Task: {EBC42FDF-6DA9-45DF-9931-971540D8B47B} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26308584 2022-12-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {EE00E37A-9141-48B9-930E-753BB15648B2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (No File)
Task: {EF0F4C34-C18B-4B29-A9AC-4830D994888E} - System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C => C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe [989208 2022-12-06] (Bitdefender SRL -> Bitdefender)
Task: {F2040282-10B1-4E54-89A3-65866CA16B40} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoActivateWindowsSearch (No File)
Task: {F6334368-6761-44EE-A2AF-3F30A2ECE9B1} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe -PvrSchedule (No File)
Task: {FB094FA6-F3F6-4699-941A-4E5C4D6AEF62} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (No File)
Task: {FF7C78D3-EA1A-49AF-8E12-809DFA2B2415} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8509392 2022-12-10] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\..\Interfaces\{514a3988-9716-43d5-8b05-31da25a044a9}: [NameServer] 100.64.0.4
Tcpip\..\Interfaces\{a7be1398-ee7f-4bd1-9f64-96311b317949}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C21BBE9A-CCAA-48F4-830B-9EB74E7454DC}: [DhcpNameServer] 192.168.1.1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Edge:
=======
DownloadDir: C:\Users\harsh\Downloads
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\harsh\AppData\Local\Microsoft\Edge\User Data\Default [2022-12-27]
Edge DownloadDir: Default -> C:\Users\harsh\Desktop
Edge DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
Edge DefaultSearchKeyword: Default -> duckduckgo.com
Edge DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
Edge DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
Edge Extension: (PayPal Honey: Automatic Coupons & Cash Back) - C:\Users\harsh\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\amnbcmdbanbkjhnfoeceemmmdiepnbpp [2022-12-05]
Edge Extension: (ReviewMeta.com Review Analyzer) - C:\Users\harsh\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cagmalmckifngccehkojnimlabphpgci [2022-12-05]
Edge Extension: (YouTube Music) - C:\Users\harsh\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cinhimbnkkaeohfgghhklpknlkffjgod [2021-05-14]
Edge Extension: (Dragon Web Extension) - C:\Users\harsh\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ddaloccgjfibfpkalenodgehlhkgoahe [2022-12-16]
Edge Extension: (Survey Junkie Pulse) - C:\Users\harsh\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hcohkdneahbdhaflbchfhleggjmeoikl [2022-12-07]
Edge Extension: (Bitwarden - Free Password Manager) - C:\Users\harsh\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jbkfoedolllekgbhcbcoahefnbanhhlh [2022-12-22]
Edge Extension: (Smile Always) - C:\Users\harsh\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jgpmhnmjbhgkhpbgelalfpplebgfjmbf [2022-12-05]
Edge Extension: (Google Docs Dark Mode) - C:\Users\harsh\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lgjhepbpjcmfmjlpkkdjlbgomamkgonb [2022-11-30]
Edge Extension: (Fakespot Fake Amazon Reviews and eBay Sellers) - C:\Users\harsh\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nakplnnackehceedgkgkokbgbmfghain [2022-12-11]
Edge Extension: (Context Menu Search) - C:\Users\harsh\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ocpcmghnefmdhljkoiapafejjohldoga [2020-06-20]
Edge Extension: (uBlock Origin) - C:\Users\harsh\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2022-12-23]
Edge HKU\S-1-5-21-4124628483-520521852-4121828158-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2020-07-21]
Edge HKLM-x32\...\Edge\Extension: [pdhdldaneekjpoaldekpgomomeabpnek]
FireFox:
========
FF DefaultProfile: wr37962e.default-1515287002417
FF ProfilePath: C:\Users\harsh\AppData\Roaming\Mozilla\Firefox\Profiles\wr37962e.default-1515287002417 [2022-12-11]
FF DownloadDir: C:\Users\harsh\Desktop
FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi [2022-12-06] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/wallet/updates.json ]
FF HKLM\...\Firefox\Extensions: [bdtbe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi
FF Extension: (Bitdefender Anti-tracker) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi [2022-12-06] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/antitracker/updates.json ]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2021-07-29] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
FF HKLM-x32\...\Firefox\Extensions: [bdtbe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\harsh\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\harsh\AppData\Roaming\IDM\idmmzcc5 [2020-07-21] [Legacy] [not signed]
FF HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2017-10-22] (LastPass (Marvasol Inc) -> LastPass)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-11-14] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin: nuance.com/DgnRia2_x86_64 -> F:\Programs\NaturallySpeaking15\Program\x64\npDgnRia2_x64.dll [2017-02-13] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.351.2 -> C:\Program Files (x86)\Java\jre1.8.0_351\bin\dtplugin\npDeployJava1.dll [2022-10-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.351.2 -> C:\Program Files (x86)\Java\jre1.8.0_351\bin\plugin2\npjp2.dll [2022-10-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2017-10-22] (LastPass (Marvasol Inc) -> LastPass)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: nuance.com/DgnRia2 -> F:\Programs\NaturallySpeaking15\Program\npDgnRia2.dll [2017-02-13] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
FF Plugin HKU\S-1-5-21-4124628483-520521852-4121828158-1001: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [2020-10-01] (TD Ameritrade -> TD Ameritrade)
FF Plugin HKU\S-1-5-21-4124628483-520521852-4121828158-1001: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [2020-10-01] (TD Ameritrade -> TD Ameritrade)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\bd_js_config.js [2021-12-23] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\bd_config.cfg [2021-12-23] <==== ATTENTION
Chrome:
=======
CHR Profile: C:\Users\harsh\AppData\Local\Google\Chrome\User Data\Default [2022-07-13]
CHR DownloadDir: C:\Users\harsh\Desktop
CHR Extension: (Ledger Manager) - C:\Users\harsh\AppData\Local\Google\Chrome\User Data\Default\Extensions\beimhnaefocolcplfimocfiaiefpkgbf [2020-07-24]
CHR Extension: (uBlock Origin) - C:\Users\harsh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2022-07-13]
CHR Extension: (Survey Junkie Pulse) - C:\Users\harsh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnfbbeblcdlfnoneibihgklodmlkimfo [2022-07-13]
CHR Extension: (Google Play Music) - C:\Users\harsh\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2020-12-30]
CHR Extension: (ReviewMeta.com Review Analyzer) - C:\Users\harsh\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjifglfkcaipnmhngbigdebkoikioend [2019-02-08]
CHR Extension: (FantasyPros: Win your Fantasy League) - C:\Users\harsh\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfbepnlhpkbgbkcebjnfhgjckibfdfkc [2022-07-13]
CHR Extension: (Google Docs Offline) - C:\Users\harsh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-07-13]
CHR Extension: (Ledger Wallet Ethereum) - C:\Users\harsh\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmlhkialjkaldndjnlcdfdphcgeadkkm [2019-03-20]
CHR Extension: (Google Play Music) - C:\Users\harsh\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2017-11-18]
CHR Extension: (Smile Always) - C:\Users\harsh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpmhnmjbhgkhpbgelalfpplebgfjmbf [2018-08-14]
CHR Extension: (Slickdeals: Automatic Coupons and Deals) - C:\Users\harsh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpdapbcmfllbpojmkefcikllfeoahglb [2022-07-13]
CHR Extension: (Ledger Wallet Bitcoin) - C:\Users\harsh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkdpmhnladdopljabkgpacgpliggeeaf [2020-07-31]
CHR Extension: (StayFocusd) - C:\Users\harsh\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2020-12-30]
CHR Extension: (SuperNova SWF Enabler) - C:\Users\harsh\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhmphnocemakkjdampibehejoaleebpo [2022-05-16]
CHR Extension: (Fakespot Fake Amazon Reviews and eBay Sellers) - C:\Users\harsh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nakplnnackehceedgkgkokbgbmfghain [2022-07-13]
CHR Extension: (IDM Integration Module) - C:\Users\harsh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2022-07-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\harsh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-08]
CHR Extension: (Context Menu Search) - C:\Users\harsh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocpcmghnefmdhljkoiapafejjohldoga [2019-03-14]
CHR Profile: C:\Users\harsh\AppData\Local\Google\Chrome\User Data\System Profile [2018-09-06]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2020-07-21]
CHR HKU\S-1-5-21-4124628483-520521852-4121828158-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mhmphnocemakkjdampibehejoaleebpo]
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl]
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd]
CHR HKLM-x32\...\Chrome\Extension: [khndhdhbebhaddchcgnalcjlaekbbeof]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2020-07-21]
Brave:
=======
BRA Profile: C:\Users\harsh\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2022-12-03]
BRA Extension: (Bitdefender Wallet) - C:\Users\harsh\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\gannpgaobkkhmpomoijebaigcapoeebl [2022-12-03]
BRA Extension: (LastPass: Free Password Manager) - C:\Users\harsh\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2022-12-03]
BRA Extension: (Bitdefender Anti-tracker) - C:\Users\harsh\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\khndhdhbebhaddchcgnalcjlaekbbeof [2021-04-18]
BRA Extension: (SuperNova SWF Enabler) - C:\Users\harsh\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\mhmphnocemakkjdampibehejoaleebpo [2022-10-22]
BRA Extension: (IDM Integration Module) - C:\Users\harsh\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2022-10-25]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\harsh\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2022-12-03]
BRA Extension: (Brave NTP background images) - C:\Users\harsh\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2022-10-25]
BRA Extension: (Wallet Data Files Updater) - C:\Users\harsh\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2022-12-03]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\harsh\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2022-10-25]
BRA Extension: (Brave NTP sponsored images) - C:\Users\harsh\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2022-12-03]
BRA Extension: (Brave Ad Block Updater (Regional Catalog)) - C:\Users\harsh\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc [2022-12-03]
BRA Extension: (Brave Ad Block Updater (Default (plaintext))) - C:\Users\harsh\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo [2022-12-03]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\harsh\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2022-10-25]
BRA Extension: (Brave Ad Block Updater (Resources)) - C:\Users\harsh\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop [2022-12-03]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\harsh\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2022-12-03]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2022-09-26] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc. -> Apple Inc.)
R2 BDAuxSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [821784 2022-12-06] (Bitdefender SRL -> Bitdefender)
R2 BDProtSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [821784 2022-12-06] (Bitdefender SRL -> Bitdefender)
R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2161256 2018-03-22] (Bitdefender SRL -> Bitdefender)
R2 bdredline_agent; C:\Program Files\Bitdefender Agent\redline\bdredline.exe [2454632 2022-02-10] (Bitdefender SRL -> Bitdefender)
S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173784 2015-10-20] (Microsoft Corporation -> Microsoft Corp.)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-04-18] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-04-18] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12540928 2022-12-17] (Microsoft Corporation -> Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [3639400 2018-03-21] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [166288 2017-02-13] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [16029472 2021-12-16] (Epic Games Inc. -> Epic Games, Inc.)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [1990496 2021-10-28] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6484832 2021-07-16] (GOG Sp. z o.o. -> GOG.com)
R2 LogiFacecamService; C:\Program Files\Logitech\LogiCapture\bin\Service\LogiFacecamService.exe [446600 2020-01-08] (Logitech Inc -> Logitech)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [206472 2018-10-05] (Logitech Inc -> Logitech Inc.)
R2 MSI_Case_Service; C:\Program Files (x86)\MSI\MSI Center\Case\MSI_Case_Service.exe [69280 2022-08-03] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 MSI_Center_Service; C:\Program Files (x86)\MSI\MSI Center\MSI_Central_Service.exe [150176 2022-08-04] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
R2 MSI_VoiceControl_Service; C:\Program Files (x86)\MSI\MSI Center\Voice Control\VoiceControl_Service.exe [34032 2022-05-12] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 MullvadVPN; C:\Program Files\Mullvad VPN\resources\mullvad-daemon.exe [17397976 2022-10-14] (Mullvad VPN AB -> Mullvad VPN AB)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [1660200 2014-08-29] (O&O Software GmbH -> O&O Software GmbH)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2562776 2022-01-20] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3481312 2022-01-20] (Electronic Arts, Inc. -> Electronic Arts)
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [586896 2022-06-27] (Plex, Inc. -> Plex, Inc.)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [789072 2022-07-25] (Bitdefender SRL -> Bitdefender)
S2 Radarr; C:\ProgramData\Radarr\bin\radarr.console.exe [259584 2022-12-11] (radarr.video) [File not signed]
R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [1994664 2022-10-25] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [485296 2022-11-04] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Chroma Stream Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzChromaStreamServer.exe [1354192 2022-10-12] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [254224 2021-11-15] (Razer USA Ltd. -> Razer Inc)
R2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [300552 2022-12-12] (Razer USA Ltd. -> Razer Inc.)
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [537912 2022-10-24] (Razer USA Ltd. -> Razer Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [224184 2022-12-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 Surfshark Antivirus; C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe [441416 2022-02-01] (Surfshark B.V. -> Surfshark)
R2 Surfshark Service; C:\Program Files (x86)\Surfshark\Surfshark.Service.exe [3317832 2022-05-06] (Surfshark B.V. -> Surfshark)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [280088 2022-12-06] (Bitdefender SRL -> Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [821784 2022-12-06] (Bitdefender SRL -> Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.231\WsAppService.exe [493792 2017-10-24] (Wondershare Technology Co.,Ltd -> Wondershare)
S3 BraveElevationService; "C:\Program Files\BraveSoftware\Brave-Browser\Application\108.1.46.144\elevation_service.exe" [X]
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_6fd074e02d655c70\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_6fd074e02d655c70\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [5118384 2022-10-07] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender S.R.L. Bucharest, ROMANIA)
R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [798128 2022-11-10] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [22976 2020-12-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
R0 bdprivmon; C:\WINDOWS\System32\DRIVERS\bdprivmon.sys [33208 2022-03-02] (Microsoft Windows Hardware Compatibility Publisher -> © Bitdefender SRL)
S3 bduefiscan; C:\WINDOWS\system32\DRIVERS\bduefiscan.sys [55864 2022-01-27] (Bitdefender SRL -> Bitdefender)
R1 BDVEDISK; C:\WINDOWS\system32\DRIVERS\bdvedisk.sys [96616 2020-05-28] (Bitdefender SRL -> BitDefender)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 CEUSBAudioSrv; C:\WINDOWS\System32\drivers\ceusbaud.sys [142944 2019-07-24] (CEntrance Inc. -> CEntrance, Inc.)
S3 CLVirtualBus01; C:\WINDOWS\System32\drivers\CLVirtualBus01.sys [103176 2014-11-05] (CyberLink Corp. -> CyberLink)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-11-27] (Disc Soft Ltd -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-11-27] (Disc Soft Ltd -> Disc Soft Ltd)
R0 Gemma; C:\WINDOWS\System32\DRIVERS\gemma.sys [1274296 2022-09-23] (Microsoft Windows Hardware Compatibility Publisher -> BitDefender S.R.L. Bucharest, ROMANIA)
R2 Ignis; C:\WINDOWS\system32\DRIVERS\ignis.sys [185312 2020-12-14] (Bitdefender SRL -> Bitdefender)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2018-10-05] (Logitech Inc -> Logitech Inc.)
S3 LGSHidFilt; C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys [64280 2018-10-05] (Logitech -> Logitech Inc.)
R3 mullvad-split-tunnel; C:\Program Files\Mullvad VPN\resources\mullvad-split-tunnel.sys [90736 2022-10-14] (Mullvad VPN AB -> Mullvad VPN AB)
R3 MullvadWireGuard; C:\WINDOWS\System32\drivers\mullvad-wireguard.sys [498664 2022-06-01] (Mullvad VPN AB -> WireGuard LLC)
R3 NTIOLib_CC_Clock; C:\Program Files (x86)\MSI\MSI Center\Lib\NTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 NTIOLib_CC_COMM; C:\Program Files (x86)\MSI\MSI Center\Lib\SYS\NTIOLib_X64.sys [28480 2022-04-27] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48552 2021-10-31] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [19936 2010-04-09] (MT SOLUTION LTD -> )
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [13280 2010-04-09] (MT SOLUTION LTD -> )
R3 RzCommon; C:\WINDOWS\System32\drivers\RzCommon.sys [64168 2022-08-18] (Razer USA Ltd. -> Razer Inc)
S3 RzDev_007a; C:\WINDOWS\System32\drivers\RzDev_007a.sys [54152 2020-08-24] (Razer USA Ltd. -> Razer Inc)
S3 RzDev_007e; C:\WINDOWS\System32\drivers\RzDev_007e.sys [54152 2020-08-24] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_0094; C:\WINDOWS\System32\drivers\RzDev_0094.sys [55376 2021-01-21] (Razer USA Ltd. -> Razer Inc)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166760 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2017-07-28] (Valve Corp. -> )
R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2017-07-21] (Valve Corp. -> )
S3 SurfsharkSplitTunnelDriver; C:\Program Files (x86)\Surfshark\Resources\x64\SurfsharkSplitTunnelCalloutDriver.sys [39648 2022-02-01] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)
R3 tapsurfshark; C:\WINDOWS\System32\drivers\tapsurfshark.sys [38728 2019-05-22] (WDKTestCert Lenovo,131775874531219913 -> The OpenVPN Project)
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [633264 2022-06-07] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
R0 vlflt; C:\WINDOWS\System32\DRIVERS\vlflt.sys [480184 2022-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 wintun; C:\WINDOWS\system32\DRIVERS\wintun.sys [29592 2022-11-24] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 wintunshark; C:\WINDOWS\system32\DRIVERS\wintunshark.sys [31096 2020-09-17] (WDKTestCert nikod,132409123292239223 -> Surfshark Ltd)
S3 WireGuard; C:\WINDOWS\System32\drivers\wireguard.sys [489368 2022-02-20] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-12-27 20:55 - 2022-12-27 20:56 - 000058313 _____ C:\Users\harsh\Desktop\FRST.txt
2022-12-27 20:55 - 2022-12-27 20:55 - 000000000 ____D C:\FRST
2022-12-27 20:54 - 2022-12-27 20:54 - 002375680 _____ (Farbar) C:\Users\harsh\Desktop\FRST64.exe
2022-12-27 19:57 - 2022-12-27 19:57 - 000003210 _____ C:\WINDOWS\system32\Tasks\MSI_GamebarConnect
2022-12-27 19:57 - 2022-12-27 19:57 - 000003192 _____ C:\WINDOWS\system32\Tasks\MSI_GamebarTool
2022-12-27 19:57 - 2022-12-27 19:57 - 000003102 _____ C:\WINDOWS\system32\Tasks\MSI_TraceFPS
2022-12-27 19:06 - 2022-12-27 19:06 - 000093744 _____ C:\Users\harsh\Desktop\MAS_1.7_Password_1234.7z
2022-12-27 18:56 - 2022-12-27 18:56 - 000000000 ____D C:\Users\harsh\AppData\Roaming\mqoakadlqc
2022-12-27 18:56 - 2022-12-27 18:56 - 000000000 ____D C:\Users\harsh\AppData\Roaming\823AB58C055CC937
2022-12-26 22:23 - 2022-12-26 22:23 - 000003218 _____ C:\WINDOWS\system32\Tasks\MSI Task Host - FixNorton.exe
2022-12-26 22:23 - 2022-05-16 17:23 - 000013576 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\acpimof.dll
2022-12-26 22:22 - 2022-12-27 20:32 - 000000000 ____D C:\MSI
2022-12-26 22:22 - 2022-12-27 19:57 - 000000000 ____D C:\ProgramData\MSI
2022-12-26 22:22 - 2022-12-27 18:45 - 000000000 ____D C:\Program Files (x86)\MSI
2022-12-26 22:22 - 2022-12-26 22:22 - 000000000 ____D C:\Users\harsh\AppData\Local\Downloaded Installations
2022-12-26 19:51 - 2022-12-26 19:51 - 000000000 ___HD C:\$WinREAgent
2022-12-26 19:48 - 2022-12-26 19:48 - 000001383 _____ C:\Users\harsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2022-12-26 19:48 - 2022-12-26 19:48 - 000000000 ____D C:\Users\harsh\AppData\Local\PCHealthCheck
2022-12-24 21:54 - 2022-12-24 21:54 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_UsbXhciCompanion_02_23_00.Wdf
2022-12-24 21:37 - 2022-12-24 21:37 - 000154374 _____ C:\Users\harsh\Desktop\favorites_12_24_22.html
2022-12-13 21:34 - 2022-12-17 19:38 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-12-12 19:24 - 2022-12-12 19:24 - 395969368 _____ C:\Users\harsh\Desktop\IPCC_AR6_WGII_FullReport.pdf
2022-12-10 00:14 - 2022-12-10 00:14 - 000000000 ____D C:\Users\harsh\AppData\Roaming\UserBenchmark
2022-12-08 23:15 - 2022-12-08 23:21 - 001532620 _____ C:\WINDOWS\Minidump\120822-16000-01.dmp
2022-12-05 21:00 - 2022-12-05 21:00 - 000092026 _____ C:\Users\harsh\Desktop\Orders & Purchases.pdf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-12-27 20:47 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-12-27 20:39 - 2017-10-25 16:02 - 000000000 ____D C:\Users\harsh\AppData\LocalLow\Mozilla
2022-12-27 20:39 - 2017-10-22 20:09 - 000000000 ____D C:\ProgramData\NVIDIA
2022-12-27 20:38 - 2021-02-26 23:33 - 000840602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-12-27 20:38 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2022-12-27 20:34 - 2017-10-22 20:31 - 000000000 ____D C:\Program Files (x86)\Google
2022-12-27 20:32 - 2022-05-31 20:33 - 000000000 ____D C:\Users\harsh\AppData\Local\Mullvad VPN
2022-12-27 20:32 - 2022-05-31 20:32 - 000000000 ____D C:\ProgramData\Mullvad VPN
2022-12-27 20:32 - 2021-11-09 20:52 - 000000000 ____D C:\Users\harsh\AppData\Roaming\Notebook
2022-12-27 20:32 - 2021-02-26 23:34 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-12-27 20:32 - 2020-11-24 00:24 - 000008192 ___SH C:\DumpStack.log.tmp
2022-12-27 20:21 - 2019-12-07 04:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-12-27 18:56 - 2022-03-23 18:34 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-12-27 18:55 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-12-27 18:45 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-12-27 18:45 - 2018-07-17 15:20 - 000000000 ____D C:\ProgramData\Packages
2022-12-27 18:45 - 2017-10-22 20:04 - 000000000 ____D C:\Users\harsh\AppData\Local\Packages
2022-12-27 18:41 - 2021-02-26 23:34 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-12-27 18:41 - 2021-02-26 23:34 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-12-26 23:14 - 2021-02-26 23:22 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-12-26 22:59 - 2020-11-18 22:06 - 000000000 ____D C:\Users\harsh\AppData\Roaming\discord
2022-12-26 22:35 - 2020-11-18 22:06 - 000000000 ____D C:\Users\harsh\AppData\Local\Discord
2022-12-26 22:22 - 2021-02-26 23:24 - 000000000 ____D C:\Users\harsh
2022-12-26 21:04 - 2021-11-15 22:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2022-12-26 21:04 - 2021-11-15 22:04 - 000000000 ____D C:\Program Files (x86)\Razer Chroma SDK
2022-12-26 21:04 - 2020-11-21 18:50 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-12-26 21:03 - 2021-04-18 17:43 - 000002364 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2022-12-26 21:03 - 2020-06-20 17:39 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-12-26 21:03 - 2019-12-07 04:03 - 000065536 _____ C:\WINDOWS\system32\config\ELAM
2022-12-26 21:03 - 2017-10-22 20:32 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-12-26 19:53 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-12-24 21:53 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2022-12-24 21:53 - 2019-05-04 16:41 - 000000000 ____D C:\ProgramData\Radarr
2022-12-24 21:53 - 2018-03-02 19:08 - 000000000 ____D C:\Program Files\CCleaner
2022-12-22 20:31 - 2021-05-20 20:57 - 000000000 ____D C:\Users\harsh\AppData\Roaming\Playnite
2022-12-22 19:33 - 2021-05-20 20:51 - 000000000 ____D C:\Users\harsh\AppData\Local\Playnite
2022-12-20 19:07 - 2018-03-30 15:48 - 000004109 _____ C:\Users\harsh\Desktop\bach.txt
2022-12-20 18:52 - 2021-02-26 23:34 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2022-12-17 19:51 - 2017-10-31 17:48 - 000000000 ____D C:\Program Files\Microsoft Office
2022-12-17 19:49 - 2017-11-06 16:30 - 000000000 ____D C:\Users\harsh\AppData\Local\CrashDumps
2022-12-17 19:39 - 2021-02-26 23:22 - 000451032 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-12-17 19:38 - 2017-10-25 16:02 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-12-17 19:37 - 2019-12-07 04:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-12-17 19:37 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2022-12-17 19:37 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2022-12-17 19:37 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2022-12-17 19:37 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2022-12-17 19:37 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2022-12-17 19:37 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2022-12-17 19:37 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-12-17 19:37 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-12-17 19:37 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemApps
2022-12-17 19:37 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2022-12-17 19:37 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2022-12-17 19:37 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2022-12-17 19:37 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2022-12-17 19:37 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-12-17 19:37 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-12-17 19:37 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\Provisioning
2022-12-17 19:37 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-12-17 19:37 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Common Files\System
2022-12-16 00:11 - 2020-07-21 23:48 - 000000000 ____D C:\Users\harsh\AppData\Roaming\DMCache
2022-12-15 19:46 - 2021-02-26 23:23 - 003014656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-12-15 19:25 - 2021-12-12 22:35 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-4124628483-520521852-4121828158-1001
2022-12-15 19:25 - 2021-02-26 23:34 - 000003364 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4124628483-520521852-4121828158-1001
2022-12-15 19:25 - 2021-02-26 23:24 - 000002417 _____ C:\Users\harsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-12-15 19:24 - 2017-10-22 20:20 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-12-15 19:14 - 2017-10-22 20:20 - 148633544 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-12-14 13:04 - 2017-10-25 16:02 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-12-13 21:19 - 2021-11-09 20:52 - 000000000 ____D C:\Program Files\Notebook
2022-12-11 22:44 - 2022-03-23 18:34 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-12-08 23:15 - 2021-03-09 21:26 - 000000000 ____D C:\WINDOWS\Minidump
2022-12-08 23:15 - 2020-03-09 17:41 - 1011404536 _____ C:\WINDOWS\MEMORY.DMP
2022-12-05 23:26 - 2018-10-17 15:33 - 000000000 ____D C:\Users\harsh\AppData\Local\D3DSCache
2022-12-05 23:21 - 2017-10-22 20:12 - 000000000 ____D C:\Users\harsh\AppData\Local\PlaceholderTileLogoFolder
==================== Files in the root of some directories ========
2020-01-30 21:29 - 2020-01-30 21:29 - 000000132 _____ () C:\Users\harsh\AppData\Roaming\Adobe PNG Format CS6 Prefs
2018-01-28 17:54 - 2021-10-29 18:41 - 000001075 _____ () C:\Users\harsh\AppData\Roaming\SAS7_000.DAT
2020-03-20 17:59 - 2020-03-20 17:59 - 000001456 _____ () C:\Users\harsh\AppData\Local\Adobe Save for Web 13.0 Prefs
2019-06-05 18:14 - 2019-06-05 18:16 - 008107202 _____ () C:\Users\harsh\AppData\Local\F.bmp
2019-06-23 20:25 - 2019-06-23 21:04 - 000000128 _____ () C:\Users\harsh\AppData\Local\PUTTY.RND
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-12-2022
Ran by harsh (27-12-2022 20:56:27)
Running from C:\Users\harsh\Desktop
Microsoft Windows 10 Pro Version 22H2 19045.2364 (X64) (2021-02-27 04:34:22)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-4124628483-520521852-4121828158-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4124628483-520521852-4121828158-503 - Limited - Disabled)
Guest (S-1-5-21-4124628483-520521852-4121828158-501 - Limited - Disabled)
harsh (S-1-5-21-4124628483-520521852-4121828158-1001 - Administrator - Enabled) => C:\Users\harsh
HomeGroupUser$ (S-1-5-21-4124628483-520521852-4121828158-1002 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-4124628483-520521852-4121828158-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Bitdefender Antivirus (Enabled - Up to date) {840E1EB8-082E-3D95-EAAA-FD11CF357A26}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {BC359F9D-4241-3CCD-C1F5-542431E63D5D}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\uTorrent) (Version: 3.5.5.45231 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (HKLM\...\{345F3F90-0505-4EDF-B7A9-5E3AC1AC6CE4}) (Version: 15.2.1 - Hewlett-Packard) Hidden
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Accessibility Insights for Android 2022.411.12 (HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\b1d3e4b8-caae-5590-b21b-0cdd04c6063c) (Version: 2022.411.12 - )
adbLink version 3.6 (HKLM-x32\...\{05CF1DD3-4A94-4219-B176-BB1796680A6C}_is1) (Version: 3.6 - jocala.com)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 22.003.20282 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601032}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Amazon Games (HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\{4DD10B06-78A4-4E6F-AA39-25E9C38FA568}) (Version: 2.0.4983.3 - Amazon.com Services, Inc.)
Amazon Music (HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\Amazon Amazon Music) (Version: 8.1.1.2233 - Amazon.com Services LLC)
ApowerMirror version 1.5.9.4 (HKLM-x32\...\{a9482532-9c34-478c-80c3-85bdccbb981f}_is1) (Version: 1.5.9.4 - APOWERSOFT LIMITED)
Apple Application Support (32-bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Assassin's Creed Brotherhood version 1.03 (HKLM-x32\...\{D785301A-D163-4288-9BCB-D795579C318D}_is1) (Version: 1.03 - UBISoft)
Bandicam (HKLM-x32\...\Bandicam) (Version: 4.0.1.1339 - Bandicam.com)
Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandicam.com)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.478.0 - Microsoft Corporation)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 26.0.1.233 - Bitdefender)
Bitdefender Internet Security (HKLM\...\Bitdefender) (Version: 25.0.26.89 - Bitdefender)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 108.1.46.144 - Brave Software Inc)
CCleaner (HKLM\...\CCleaner) (Version: 5.45 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.8.6795 - CDBurnerXP)
CEntrance Universal Audio Driver (HKLM\...\CEntrance Universal Audio Driver) (Version: 8.0.2 - CEntrance)
Charles 4.2.7 (HKLM\...\{D55CB120-51B4-4975-BF4A-BDE2DC7025A2}) (Version: 4.2.7.4 - XK72 Ltd)
CPUID HWMonitor 1.35 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.35 - CPUID, Inc.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.8.0.0401 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\Discord) (Version: 0.0.310 - Discord Inc.)
Divinity: Original Sin 2 - Definitive Edition (HKLM-x32\...\1584823040_is1) (Version: 3.6.117.3735 - GOG.com)
Divinity: Original Sin 2 - Sir Lora (HKLM-x32\...\1326441817_is1) (Version: 3.6.117.3735 - GOG.com)
Dragon 15 (HKLM-x32\...\{768AC460-237E-45B6-99B8-1DE6D0F391E8}) (Version: 15.00.000 - Nuance Communications Inc.)
Dynalist 1.0.6 (HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\1e78cdbc-7a18-5e02-93fd-c98dee19d9b8) (Version: 1.0.6 - Dynalist Inc.)
Epic Games Launcher (HKLM-x32\...\{53041896-BE90-4A26-9954-9E9FDC7D4495}) (Version: 1.1.229.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{32C68D93-D32F-4B01-8250-61642BFC22F8}) (Version: 2.0.28.0 - Epic Games, Inc.)
f.lux (HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\Flux) (Version: - f.lux Software LLC)
Feather Wallet version 1.0.1 (HKLM\...\{E3C599C7-4DF1-49F2-9C35-918A288677A4}_is1) (Version: 1.0.1 - Feather Wallet)
FileZilla Client 3.42.1 (HKLM-x32\...\FileZilla Client) (Version: 3.42.1 - Tim Kosse)
Final Fantasy X X-2 HD Remaster (HKLM-x32\...\Final Fantasy X X-2 HD Remaster_is1) (Version: - )
FoneLab Android Data Recovery 3.0.20 (HKLM-x32\...\{9D4E5CFB-1923-4ff6-9305-0E5AF9430AF0}_is1) (Version: 3.0.20 - FoneLab)
Frostpunk (HKLM-x32\...\Frostpunk_is1) (Version: - )
GOG GALAXY (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 108.0.5359.125 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.101.0 - Google LLC) Hidden
Grammarly Editor (HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\GrammarlyForWindows) (Version: 1.5.81 - Grammarly)
Hot Virtual Keyboard (HKLM\...\{0F896F26-E9C0-4331-BB90-28CDDA490C93}_is1) (Version: 8.5.0.0 - Comfort Software Group)
Internet Download Manager 6.37.14 (HKLM-x32\...\Internet Download Manager_is1) (Version: 6.37.14 - lrepacks.ru)
iTunes (HKLM\...\{94E81D4F-FB5A-4B29-B385-33896CC9BE7E}) (Version: 12.7.0.166 - Apple Inc.)
Java 8 Update 351 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180351F0}) (Version: 8.0.3510.10 - Oracle Corporation)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Ledger Live 1.4.1 (HKLM\...\c62032b2-0bca-5abc-b458-fd67cfc9e49b) (Version: 1.4.1 - Ledger)
Ledger Wallet Ripple version 1.0.2 (HKLM-x32\...\{2A226916-F20B-403D-B564-F2CF5CF8CEF8}_is1) (Version: 1.0.2 - Ledger)
Logitech Capture (HKLM\...\Capture) (Version: 2.00.226 - Logitech)
Logitech Gaming Software 9.02 (HKLM\...\Logitech Gaming Software) (Version: 9.02.65 - Logitech Inc.)
Microsoft .NET Core Host - 3.1.8 (x64) (HKLM\...\{D375EE6D-18EF-4EC9-8260-555DEB0EE4EC}) (Version: 24.96.29220 - Microsoft Corporation) Hidden
Microsoft .NET Core Host FX Resolver - 3.1.8 (x64) (HKLM\...\{907E0A78-B4DF-4E35-9878-FEE2F22B6852}) (Version: 24.96.29220 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.8 (x64) (HKLM\...\{912B84A5-61CC-4308-B244-5C34C2C02899}) (Version: 24.96.29220 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 108.0.1462.54 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 108.0.1462.54 - Microsoft Corporation)
Microsoft Excel 2016 - en-us (HKLM\...\ExcelRetail - en-us) (Version: 16.0.15831.20208 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\OneDriveSetup.exe) (Version: 22.238.1114.0002 - Microsoft Corporation)
Microsoft PowerPoint 2016 - en-us (HKLM\...\PowerPointRetail - en-us) (Version: 16.0.15831.20208 - Microsoft Corporation)
Microsoft Project - en-us (HKLM\...\ProjectProRetail - en-us) (Version: 16.0.15831.20208 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{80F1AF52-7AC0-42A3-9AF0-689BFB271D1D}) (Version: 3.68.0.0 - Microsoft Corporation)
Microsoft Visio - en-us (HKLM\...\VisioProRetail - en-us) (Version: 16.0.15831.20208 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.4053 False (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.42 False (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable - x86 8.0.51011 False (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable - x86 8.0.56336 False (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable - x86 8.0.57103 False (HKLM-x32\...\{d8fea624-4f2c-432d-9a54-6eee9cd1a77e}) (Version: 8.0.57103 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable - x86 8.0.58299 False (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable - x86 8.0.59193 False (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29913 (HKLM-x32\...\{855e31d2-9031-46e1-b06d-c9d7777deefb}) (Version: 14.28.29913.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30139 (HKLM-x32\...\{8d5fdf81-7022-423f-bd8b-b513a1050ae1}) (Version: 14.29.30139.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.28.29913 (HKLM\...\{620A7633-7A09-42A8-8580-076A4483C4B0}) (Version: 14.28.29913 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.28.29913 (HKLM\...\{EECDD137-13DA-46ED-ADA0-BDF7F8BE65B8}) (Version: 14.28.29913 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.29.30139 (HKLM-x32\...\{1AEA8854-7597-4CD3-948F-8DE364D94E07}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.29.30139 (HKLM-x32\...\{1679EF65-55F3-4248-B91E-6B3BE1A69CDF}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 3.1.8 (x64) (HKLM\...\{F3871724-6A58-425C-8E4C-4A54935AA68F}) (Version: 24.96.29220 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 3.1.8 (x64) (HKLM-x32\...\{3e04c2ef-ccc7-4fe6-a32f-f36572af0f42}) (Version: 3.1.8.29220 - Microsoft Corporation)
Microsoft Word 2016 - en-us (HKLM\...\WordRetail - en-us) (Version: 16.0.15831.20208 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.51 - mIRC Co. Ltd.)
Moonlight Game Streaming Client (HKLM\...\{8FF7F460-D0B2-429A-AB0E-31431A07EFB0}) (Version: 3.1.3.0 - Moonlight Game Streaming Project) Hidden
Moonlight Game Streaming Client (HKLM-x32\...\{87675f73-8bcb-44b1-a7e2-c748c5694545}) (Version: 3.1.3.0 - Moonlight Game Streaming Project)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 108.0 (x64 en-US)) (Version: 108.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 98.0.2 - Mozilla)
Mp3tag v3.04a (HKLM-x32\...\Mp3tag) (Version: 3.04a - Florian Heidenreich)
MSI Center SDK (HKLM-x32\...\{15289038-41BE-48F8-B8B9-0B1021D3089E}}_is1) (Version: 3.2022.1202.01 - MSI)
Mullvad VPN 2022.5.0 (HKLM\...\2A356FD4-03B7-4F45-99B4-737BE580DC82) (Version: 2022.5.0 - Mullvad VPN)
Nero 2018 Full Repack (HKLM\...\NMMS19) (Version: - )
Notebook 2.0.4 (HKLM\...\07e74316-82bc-58bb-a564-e9fc8e1a4b1c) (Version: 2.0.4 - Zoho Corp)
NVIDIA FrameView SDK 1.2.7704.31296923 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.2.7704.31296923 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.24.0.135 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.24.0.135 - NVIDIA Corporation)
NVIDIA GeForce NOW 2.0.16.148 (HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GeforceNOW) (Version: 2.0.16.148 - NVIDIA Corporation)
NVIDIA Graphics Driver 473.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 473.81 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NZBGet (HKLM-x32\...\NZBGet) (Version: - Andrey Prygunkov)
O&O Defrag Professional (HKLM\...\{50C961A1-889F-4A4E-9587-2772A45B6AAD}) (Version: 18.0.39 - O&O Software GmbH)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 27.0.1 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15831.20184 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.5.110.50000 - Electronic Arts, Inc.)
Partition Wizard Professional Edition 5.0 (HKLM-x32\...\{6BF3C41E-F498-430A-A41E-EEDB5FA2A8B9}_is1) (Version: - MT Solution Ltd.)
Playnite (HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\Playnite_is1) (Version: 10.9 - Josef Nemec)
Plex Media Server (HKLM-x32\...\{25d7c7bc-288b-4d8a-81bc-4baac9712931}) (Version: 1.27.2.5929 - Plex, Inc.)
Plex Media Server (HKLM-x32\...\{C37711DC-ABFD-4374-88A8-A1858EC25B61}) (Version: 1.27.2929 - Plex, Inc.) Hidden
Quip (HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\Quip) (Version: 7.48.0 - Quip)
Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.7.1209.121307 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
Screencast-O-Matic v2.0 (HKLM-x32\...\Screencast-O-Matic v2.0) (Version: v2-1.8 - Screencast-O-Matic)
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
Standard Notes 3.0.15 (only current user) (HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\774f2290-3906-58eb-baae-35b0dc01c31e) (Version: 3.0.15 - Standard Notes)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stopping Plex (HKLM-x32\...\{6F6FA125-A737-436B-AB8C-AD668E2D25D1}) (Version: 1.27.2929 - Plex, Inc.) Hidden
SuperNova Player (HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\TacticsTechnologySuperNova) (Version: - )
Surfshark (HKLM-x32\...\{BC644B76-D9CF-46F8-B333-F67B14FCE815}) (Version: 3.6.0999 - Surfshark) Hidden
Surfshark (HKLM-x32\...\Surfshark 3.6.0999) (Version: 3.6.0999 - Surfshark)
Surfshark TAP Driver Windows (HKLM-x32\...\{EBB4BEDA-92A8-4477-A529-FE48400DE9D7}) (Version: 1.0 - Surfshark)
Syncios Mobile Manager 7.0.6 (HKLM-x32\...\Syncios Mobile Manager) (Version: 7.0.6 - Syncios)
Syncios Toolkit 1.1.0 (HKLM-x32\...\Syncios Toolkit) (Version: 1.1.0 - Syncios)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Telegram Desktop version 1.5.15 (HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.5.15 - Telegram Messenger LLP)
The.Elder.Scrolls.V.Skyrim.Legendary.Edition.With.update1.9+ALLDLCs version 1.9 (HKLM-x32\...\{7EA5FBA1-6235-4458-878C-4811617C03D4}}_is1) (Version: 1.9 - Ali213.net)
thinkorswim (HKLM\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 124.2.10565 - Ubisoft)
Universal Adb Driver (HKLM-x32\...\{C0E08D8D-6076-4117-B644-2AF34F35B757}) (Version: 1.0.4 - ClockworkMod)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{82BD0A1C-815F-487F-9AE7-CE73DA413CFF}) (Version: 4.91.0.0 - Microsoft Corporation)
UsenetWire (HKLM\...\{B710BA5B-CB04-4DFA-9130-D83E307517B4}) (Version: 2.8.10 - UsenetWire)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vysor (HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\Vysor) (Version: 2.2.2 - ClockworkMod)
Web Launch Recorder (HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\WebLaunchRecorder) (Version: 2.0 - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.90 - Winamp SA)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{804A0628-543B-4984-896C-F58BF6A54832}) (Version: 3.7.2204.15001 - Microsoft Corporation)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
Wise Auto Shutdown 1.6.5 (HKLM-x32\...\Wise Auto Shutdown_is1) (Version: 1.6.5 - WiseCleaner.com, Inc.)
YouTube Music (HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\8f40e403496042219b0fd5f71110422a) (Version: 1.0 - YouTube Music)
Zoom (HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\ZoomUMX) (Version: 5.7.7 (1105) - Zoom Video Communications, Inc.)
Packages:
=========
BitPay for Windows -> C:\Program Files\WindowsApps\18C7659D.BitPayforWindows_12.12.2.0_x64__tq51jcq72mbzw [2022-07-30] (BitPay Inc.)
Emby Theater -> C:\Program Files\WindowsApps\EmbyMedia.EmbyTheater_1.1.464.0_neutral__svmepx4c03f7m [2022-12-17] (Emby LLC)
Kodi -> C:\Program Files\WindowsApps\XBMCFoundation.Kodi_19.90.955.0_x64__4n2hpmxwrvr6p [2022-12-23] (XBMC Foundation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-02-26] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-02-26] (Microsoft Corporation) [MS Ad]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_52.11129.457.0_x64__8wekyb3d8bbwe [2022-12-04] (Microsoft Corporation)
MSI Center -> C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.MSICenter_1.0.67.0_x64__kzh8wxbdkxb8p [2022-12-26] (MICRO-STAR INTERNATIONAL CO., LTD) [Startup Task]
MSI Game Bar -> C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.MSIGameBar_2.0.6.0_x64__kzh8wxbdkxb8p [2022-12-27] (MICRO-STAR INTERNATIONAL CO., LTD)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.963.0_x64__56jybvy8sckqj [2022-10-20] (NVIDIA Corp.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-12-05] (Microsoft Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.15.12020.0_x64__8wekyb3d8bbwe [2022-12-09] (Microsoft Studios) [MS Ad]
YouTube Music -> C:\Program Files\WindowsApps\music.youtube.com-9F558962_1.0.0.1_neutral__vezhnr0wkvrcy [2021-05-13] (music.youtube.com)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4124628483-520521852-4121828158-1001_Classes\CLSID\{46406D82-6EC0-47CC-8A75-1F33C6DEDBBE}\InprocServer32 -> C:\Users\harsh\AppData\Local\Google\Update\1.3.35.442\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4124628483-520521852-4121828158-1001_Classes\CLSID\{540C17A8-04F2-4B66-95D7-B2FEF9A19B54}\InprocServer32 -> C:\Users\harsh\AppData\Local\Google\Update\1.3.35.422\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4124628483-520521852-4121828158-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\harsh\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4124628483-520521852-4121828158-1001_Classes\CLSID\{6D264B70-DA18-401D-910C-B202D89670C6}\InprocServer32 -> C:\Users\harsh\AppData\Local\Google\Update\1.3.36.32\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4124628483-520521852-4121828158-1001_Classes\CLSID\{84EB3779-151B-4C71-AEF0-A0FEE9481401}\InprocServer32 -> C:\Users\harsh\AppData\Local\Google\Update\1.3.35.342\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4124628483-520521852-4121828158-1001_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5}\InprocServer32 -> C:\Users\harsh\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4124628483-520521852-4121828158-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\harsh\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4124628483-520521852-4121828158-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\harsh\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4124628483-520521852-4121828158-1001_Classes\CLSID\{CA919489-0396-4164-A6E7-94CDED45A707}\InprocServer32 -> C:\Users\harsh\AppData\Local\Google\Update\1.3.36.52\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4124628483-520521852-4121828158-1001_Classes\CLSID\{DEDF773D-E27B-485E-8E7D-85C5B0EB5A67}\InprocServer32 -> C:\Users\harsh\AppData\Local\Google\Update\1.3.36.72\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4124628483-520521852-4121828158-1001_Classes\CLSID\{E9E7529D-7F09-410B-AF2A-CC154473B19C}\InprocServer32 -> C:\Users\harsh\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4124628483-520521852-4121828158-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\harsh\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4124628483-520521852-4121828158-1001_Classes\CLSID\{EF076C91-DC9E-43E3-84ED-3D219E065A4F}\InprocServer32 -> C:\Users\harsh\AppData\Local\Google\Update\1.3.35.303\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2019-05-02] (Tonec Inc. -> Tonec Inc.)
ShellIconOverlayIdentifiers-x32: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2019-05-02] (Tonec Inc. -> Tonec Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2020-11-27] (Florian Heidenreich) [File not signed]
ContextMenuHandlers1: [OODefrag] -> {48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} => C:\Program Files\OO Software\Defrag\oodsh.dll [2014-08-29] (O&O Software GmbH -> O&O Software GmbH)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-03-21] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2020-11-27] (Florian Heidenreich) [File not signed]
ContextMenuHandlers2: [OODefrag] -> {48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} => C:\Program Files\OO Software\Defrag\oodsh.dll [2014-08-29] (O&O Software GmbH -> O&O Software GmbH)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-03-21] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2020-11-27] (Florian Heidenreich) [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_6fd074e02d655c70\nvshext.dll [2022-07-14] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [OODefrag] -> {48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} => C:\Program Files\OO Software\Defrag\oodsh.dll [2014-08-29] (O&O Software GmbH -> O&O Software GmbH)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.i420] => lvcod64.dll
HKLM\...\Drivers32: [vidc.mjpg] => C:\WINDOWS\system32\bdmjpeg64.dll [75248 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\WINDOWS\system32\bdmpegv64.dll [75272 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\WINDOWS\system32\bdmpega64.acm [75784 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32-x32: [vidc.i420] => lvcodec2.dll
HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\SysWOW64\bdmjpeg.dll [71152 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\SysWOW64\bdmpegv.dll [71176 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\SysWOW64\bdmpega.acm [71176 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.pspgru] => C:\Windows\SysWOW64\pspgru.acm [401920 2010-03-22] (Philips Austria GmbH - Speech Processing) [File not signed]
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\harsh\AppData\Local\NVIDIA Corporation\Shield Apps\GS Playnite 1440p.lnk -> C:\Users\harsh\AppData\Local\Playnite\gamestream\GS Playnite 1440p.bat ()
Shortcut: C:\Users\harsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Playnite\Safe Mode.lnk -> C:\Users\harsh\AppData\Local\Playnite\Safe Mode.bat ()
Shortcut: C:\Users\harsh\AppData\Roaming\Microsoft\Windows\Start Menu\Emby\Emby Server Dashboard.lnk -> hxxp://localhost:8096/web/dashboard.htm
ShortcutWithArgument: C:\Users\harsh\Desktop\ledger\Ledger Manager.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=beimhnaefocolcplfimocfiaiefpkgbf
ShortcutWithArgument: C:\Users\harsh\Desktop\ledger\Ledger Wallet Bitcoin.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=kkdpmhnladdopljabkgpacgpliggeeaf
ShortcutWithArgument: C:\Users\harsh\Desktop\ledger\Ledger Wallet Ethereum.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=hmlhkialjkaldndjnlcdfdphcgeadkkm
ShortcutWithArgument: C:\Users\harsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YouTube Music.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=cinhimbnkkaeohfgghhklpknlkffjgod --app-url=hxxps://music.youtube.com/?source=pwa
ShortcutWithArgument: C:\Users\harsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
ShortcutWithArgument: C:\Users\harsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Ledger Manager (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=beimhnaefocolcplfimocfiaiefpkgbf
ShortcutWithArgument: C:\Users\harsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Ledger Manager.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=beimhnaefocolcplfimocfiaiefpkgbf
ShortcutWithArgument: C:\Users\harsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Ledger Wallet Bitcoin (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=kkdpmhnladdopljabkgpacgpliggeeaf
ShortcutWithArgument: C:\Users\harsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Ledger Wallet Bitcoin.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=kkdpmhnladdopljabkgpacgpliggeeaf
ShortcutWithArgument: C:\Users\harsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Ledger Wallet Ethereum (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=hmlhkialjkaldndjnlcdfdphcgeadkkm
ShortcutWithArgument: C:\Users\harsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Ledger Wallet Ethereum.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=hmlhkialjkaldndjnlcdfdphcgeadkkm
==================== Loaded Modules (Whitelisted) =============
2022-10-24 00:03 - 2022-08-08 22:52 - 001427968 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.Core.Runtime.dll
2022-02-01 01:41 - 2022-02-01 01:41 - 000263680 _____ () [File not signed] C:\Program Files (x86)\Surfshark\Resources\x64\Surfshark.Firewall.dll
2021-10-27 04:41 - 2021-10-27 04:41 - 001601536 _____ () [File not signed] C:\Program Files (x86)\Surfshark\runtimes\win-x64\native\e_sqlite3.dll
2021-10-27 04:41 - 2021-10-27 04:41 - 001207296 _____ () [File not signed] C:\Program Files (x86)\Surfshark\runtimes\win-x86\native\e_sqlite3.dll
2022-10-22 21:27 - 2022-10-14 06:03 - 002789888 _____ () [File not signed] C:\Program Files\Mullvad VPN\ffmpeg.dll
2022-10-22 21:27 - 2022-10-14 06:03 - 000471040 _____ () [File not signed] C:\Program Files\Mullvad VPN\libegl.dll
2022-10-22 21:27 - 2022-10-14 06:03 - 007179264 _____ () [File not signed] C:\Program Files\Mullvad VPN\libglesv2.dll
2022-10-22 21:27 - 2022-10-14 06:03 - 004759552 _____ () [File not signed] C:\Program Files\Mullvad VPN\vk_swiftshader.dll
2022-07-29 20:47 - 2022-12-11 01:48 - 002338304 _____ () [File not signed] C:\Program Files\Notebook\ffmpeg.dll
2020-11-27 13:25 - 2020-11-27 13:25 - 000398336 _____ (Florian Heidenreich) [File not signed] C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll
2013-05-16 05:52 - 2013-05-16 05:52 - 000050688 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll
2013-05-16 05:52 - 2013-05-16 05:52 - 000066048 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll
2019-05-07 16:50 - 2019-02-21 11:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2018-04-12 14:55 - 2017-09-27 16:30 - 000489984 _____ (Newtonsoft) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.4.3.231\Newtonsoft.Json.dll
2018-04-12 14:55 - 2017-10-24 17:03 - 000088064 _____ (Wondershare) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.4.3.231\WsAppCollect.dll
2018-04-12 14:55 - 2017-10-24 17:03 - 000200192 _____ (Wondershare) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.4.3.231\WsAppCommon.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2020-01-21] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO: Bitdefender Trackers Blocking -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:\Program Files\Bitdefender\Bitdefender Security\bdtbie.dll [2022-12-06] (Bitdefender SRL -> Bitdefender)
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2022-12-06] (Bitdefender SRL -> Bitdefender)
BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> F:\Programs\NaturallySpeaking15\Program\x64\dgnriaie_x64.dll [2017-02-13] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2020-01-21] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: Bitdefender Trackers Blocking -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:\Program Files\Bitdefender\Bitdefender Security\antispam32\bdtbie.dll [2022-12-06] (Bitdefender SRL -> Bitdefender)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2022-12-06] (Bitdefender SRL -> Bitdefender)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> F:\Programs\NaturallySpeaking15\Program\dgnriaie.dll [2017-02-13] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_351\bin\ssv.dll [2022-10-19] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_351\bin\jp2ssv.dll [2022-10-19] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2022-12-06] (Bitdefender SRL -> Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2022-12-06] (Bitdefender SRL -> Bitdefender)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-12-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-12-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-12-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-12-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-12-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-12-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-12-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-12-10] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\sharepoint.com -> hxxps://scarletmailrutgers-files.sharepoint.com
IE trusted site: HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2021-04-30 17:23 - 000000849 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Razer Chroma SDK\bin;C:\Program Files\Razer Chroma SDK\bin;C:\Program Files (x86)\Razer\ChromaBroadcast\bin;C:\Program Files\Razer\ChromaBroadcast\bin;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\harsh\AppData\Local\Microsoft\WindowsApps;C:\adb;C:\WINDOWS\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\WindowsApps;C:\Program Files\dotnet\;C:\Program Files\Mullvad VPN\resources
HKU\S-1-5-21-4124628483-520521852-4121828158-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\harsh\Desktop\bay_10-wallpaper-2560x1440.jpg
DNS Servers: 100.64.0.4 - 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\StartupFolder: => "O&O Defrag Tray.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "OODefragTray"
HKLM\...\StartupApproved\Run32: => "ISUSPM"
HKLM\...\StartupApproved\Run32: => "DNS7reminder"
HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\StartupApproved\StartupFolder: => "Emby Server.lnk"
HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\StartupApproved\Run: => "Amazon Music Helper"
HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\StartupApproved\Run: => "ISUSPM"
HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\StartupApproved\Run: => "Chromium"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{EFC0426C-E88C-400F-B135-8A086AA09E5D}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Winamp SA -> Winamp SA)
FirewallRules: [{EEBD0146-806B-4921-9A7D-A0BFB75D57B2}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Winamp SA -> Winamp SA)
FirewallRules: [{0F9E2FE0-CB32-46DA-A2C1-33E56789E1F8}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\84.0.522.15\msedgewebview2.exe => No File
FirewallRules: [{7A86B0E7-34AF-4AC2-8F23-0F75EEF2E0BD}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\84.0.522.11\msedgewebview2.exe => No File
FirewallRules: [{FE93A87C-4620-4C2A-9F7D-4B77591FA9D3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{974B7DEE-C780-42F9-81AA-60760C6C7388}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [UDP Query User{5EB40991-E5B7-4B2C-B594-934CE82C78EF}F:\games\age of empires ii definitive edition\battleserver\battleserver.exe] => (Block) F:\games\age of empires ii definitive edition\battleserver\battleserver.exe => No File
FirewallRules: [TCP Query User{BFDE45B1-7E09-4EE0-8822-7B95C8E5F5DC}F:\games\age of empires ii definitive edition\battleserver\battleserver.exe] => (Block) F:\games\age of empires ii definitive edition\battleserver\battleserver.exe => No File
FirewallRules: [UDP Query User{D2393624-3B2A-40B7-993B-B64EA193ECF3}F:\games\age of empires ii definitive edition\aoe2de_s.exe] => (Block) F:\games\age of empires ii definitive edition\aoe2de_s.exe => No File
FirewallRules: [TCP Query User{D5FBE313-2A2D-4CCB-8CB9-86842DF4B8E9}F:\games\age of empires ii definitive edition\aoe2de_s.exe] => (Block) F:\games\age of empires ii definitive edition\aoe2de_s.exe => No File
FirewallRules: [{6CFBC5A0-1AA1-46D1-9E64-A6009B6807D7}] => (Block) C:\program files (x86)\plex\plex media server\plex dlna server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [{D35C4C4B-CC4A-4760-9237-63857F194149}] => (Block) C:\program files (x86)\plex\plex media server\plex dlna server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [UDP Query User{9540BBE9-C9A0-4176-A784-231461233600}C:\program files (x86)\plex\plex media server\plex dlna server.exe] => (Allow) C:\program files (x86)\plex\plex media server\plex dlna server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [TCP Query User{6A66964B-36A4-46A6-BD90-3BFF9FDA5090}C:\program files (x86)\plex\plex media server\plex dlna server.exe] => (Allow) C:\program files (x86)\plex\plex media server\plex dlna server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [{0094C266-AED0-4F3E-B722-C747E6557FFF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{4B1D1F68-66AF-4A3E-92AF-7BFE7C2812C0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [UDP Query User{45210016-3B88-4609-B11F-74C617BFB5F9}C:\users\harsh\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\harsh\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{D4C71F5D-B34E-4E85-B0A3-20242B87F413}C:\users\harsh\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\harsh\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{F2EFBF88-602E-4293-B13D-1C0DFE4A2BAC}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{F7B7A786-1CEA-4896-B588-761B11EAD63A}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{CCFFE5AF-477B-4A63-91C3-A7DCDE74B8D8}] => (Block) F:\Games\Final Fantasy X X-2 HD Remaster\FFX&X-2_LAUNCHER.exe (SQUARE ENIX CO., LTD.) [File not signed]
FirewallRules: [{6D1898BA-9DFD-43B8-A3A3-DE3F8767B027}] => (Block) F:\Games\Final Fantasy X X-2 HD Remaster\FFX&X-2_Will.exe (SQUARE ENIX CO., LTD.) [File not signed]
FirewallRules: [{3D441925-2E83-4164-8C48-E36AD91F6446}] => (Block) F:\Games\Final Fantasy X X-2 HD Remaster\FFX-2.exe (SQUARE ENIX CO., LTD.) [File not signed]
FirewallRules: [{D036D169-AE80-44D9-8C48-B568622EABF1}] => (Block) F:\Games\Final Fantasy X X-2 HD Remaster\FFX.exe (SQUARE ENIX CO., LTD.) [File not signed]
FirewallRules: [{B1528368-50A8-4075-A93F-CAB958D2E382}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1D22EA7F-7F58-49D8-BA86-918D1DFAA3EB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5297A3C5-9FFF-40C1-A448-41E8D3D80331}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{288E80B4-2CA8-438C-B712-2FC953AC5E84}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{3C0A5393-B87A-4C62-84B3-1BD6D8393F32}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{E56E1928-5753-4513-A044-AA56DB7ED87B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [TCP Query User{C2095805-122B-4A73-8BC6-C673B3DD8D52}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [UDP Query User{BB001495-21F6-49BC-B83E-73E93313D17F}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [TCP Query User{2F6CFC32-826F-4128-8667-FD882AB81C87}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe (mIRC Co. Ltd. -> mIRC Co. Ltd.)
FirewallRules: [UDP Query User{84791016-318F-43C3-9EF1-E5A81E72A26C}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe (mIRC Co. Ltd. -> mIRC Co. Ltd.)
FirewallRules: [{AA5E0A55-779A-4F1E-ABAE-07F13BBD08E7}] => (Block) C:\program files (x86)\mirc\mirc.exe (mIRC Co. Ltd. -> mIRC Co. Ltd.)
FirewallRules: [{8B760EBF-7AE0-4C9C-94ED-A46740434597}] => (Block) C:\program files (x86)\mirc\mirc.exe (mIRC Co. Ltd. -> mIRC Co. Ltd.)
FirewallRules: [{639D1C84-24FC-41F6-80D1-ACC1272D6D3A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe => No File
FirewallRules: [{396B4085-4ECF-4388-8562-7DC244DFBD34}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe => No File
FirewallRules: [TCP Query User{CEAFCE55-2BB3-46F1-9F7A-EA77541911E5}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe => No File
FirewallRules: [UDP Query User{5BFE243A-2BCA-44E5-A085-FF5F84A53E2A}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe => No File
FirewallRules: [{178208C8-A49E-4308-B96E-B0101ADDE9FB}] => (Block) C:\program files (x86)\airdroid\airdroid.exe => No File
FirewallRules: [{AAFC7C38-A906-45B8-9B01-9B97E82FDB41}] => (Block) C:\program files (x86)\airdroid\airdroid.exe => No File
FirewallRules: [{7332F0F9-1470-47DF-92F3-0E232BFE3422}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerManager\ApowerManager.exe => No File
FirewallRules: [{D6C4139F-3556-4C79-A975-AC571FB247C8}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerManager\ApowerManager.exe => No File
FirewallRules: [{8FBB281D-2501-482C-BCBC-56E5BBFB7BEA}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerManager\ApowerManagerCoreServices.exe => No File
FirewallRules: [{7C3CF98C-0D1A-462B-BC3B-808CFB4A3739}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerManager\ApowerManagerCoreServices.exe => No File
FirewallRules: [TCP Query User{7554F064-F6F8-40B4-98BC-96481C355E0D}C:\program files (x86)\nero\nero 2018\nero burning rom\nero.exe] => (Allow) C:\program files (x86)\nero\nero 2018\nero burning rom\nero.exe (Nero AG -> Nero AG)
FirewallRules: [UDP Query User{C3E8929D-8E19-46E6-B738-53F6A0AF1954}C:\program files (x86)\nero\nero 2018\nero burning rom\nero.exe] => (Allow) C:\program files (x86)\nero\nero 2018\nero burning rom\nero.exe (Nero AG -> Nero AG)
FirewallRules: [{5B3F2DD9-2CE9-4C1F-A801-E4894EAC9481}] => (Block) C:\program files (x86)\nero\nero 2018\nero burning rom\nero.exe (Nero AG -> Nero AG)
FirewallRules: [{12FBD7A9-9696-4C24-836F-DBD52C3588EC}] => (Block) C:\program files (x86)\nero\nero 2018\nero burning rom\nero.exe (Nero AG -> Nero AG)
FirewallRules: [TCP Query User{B10B5EED-E0E1-4F93-A9D3-75D5C35F5AE6}C:\program files (x86)\common files\oracle\java\javapath_target_154970437\java.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_154970437\java.exe => No File
FirewallRules: [UDP Query User{2FCA24D2-CB74-47F6-9122-ECCA3BC326CB}C:\program files (x86)\common files\oracle\java\javapath_target_154970437\java.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_154970437\java.exe => No File
FirewallRules: [{ABFC6E9E-1D1E-469C-A2F6-C7AB725A1D73}] => (Block) C:\program files (x86)\common files\oracle\java\javapath_target_154970437\java.exe => No File
FirewallRules: [{D2B9E4F0-8C95-456A-AE04-46E622605A7D}] => (Block) C:\program files (x86)\common files\oracle\java\javapath_target_154970437\java.exe => No File
FirewallRules: [TCP Query User{27D798DB-3737-40C5-8CC6-701F24609122}C:\program files\nzbget\nzbget.exe] => (Block) C:\program files\nzbget\nzbget.exe () [File not signed]
FirewallRules: [UDP Query User{7D46F2C4-2270-4A59-BA7B-7C87462BBDED}C:\program files\nzbget\nzbget.exe] => (Block) C:\program files\nzbget\nzbget.exe () [File not signed]
FirewallRules: [{F745DDCE-09DE-4BB4-888B-A1CD7FE294D0}] => (Allow) LPort=7878
FirewallRules: [TCP Query User{FD0E6B8F-9A61-496A-9F56-649ACC1181B3}C:\users\harsh\appdata\local\nvidia corporation\geforcenow\cef\geforcenowstreamer.exe] => (Allow) C:\users\harsh\appdata\local\nvidia corporation\geforcenow\cef\geforcenowstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [UDP Query User{BF7B0CC8-B63B-4132-A8F0-BB7487C797C5}C:\users\harsh\appdata\local\nvidia corporation\geforcenow\cef\geforcenowstreamer.exe] => (Allow) C:\users\harsh\appdata\local\nvidia corporation\geforcenow\cef\geforcenowstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5E13BB74-1B2A-4DA8-AEBC-7BC33C971C18}] => (Allow) LPort=7359
FirewallRules: [{C8CA20A4-EE59-4199-ACAC-AB887E662CCF}] => (Allow) LPort=8096
FirewallRules: [{B7EB6E9C-51F1-4221-B211-B8C20A9756B8}] => (Allow) LPort=8920
FirewallRules: [{E1256D1E-D987-4FE6-B6F3-822721EFEF6E}] => (Allow) C:\Users\harsh\AppData\Roaming\Emby-Server\system\EmbyServer.dll (Emby) [File not signed]
FirewallRules: [{FBF4D382-4382-4781-9A40-B14BE8A9A042}] => (Allow) C:\Users\harsh\AppData\Roaming\Emby-Server\system\EmbyServer.dll (Emby) [File not signed]
FirewallRules: [{DF080E36-977F-4548-B2EB-E8EA51CBBF25}] => (Allow) C:\Users\harsh\AppData\Roaming\Emby-Server\system\EmbyServer.dll (Emby) [File not signed]
FirewallRules: [{43EA575F-D787-45C3-8DA3-FA3150B0D3D4}] => (Allow) C:\Users\harsh\AppData\Roaming\Emby-Server\system\EmbyServer.dll (Emby) [File not signed]
FirewallRules: [TCP Query User{C1703088-1718-429B-A512-07ED8E9C5B1B}C:\users\harsh\appdata\roaming\emby-server\system\embyserver.exe] => (Allow) C:\users\harsh\appdata\roaming\emby-server\system\embyserver.exe (Emby LLC -> Emby) [File not signed]
FirewallRules: [UDP Query User{8377F668-A4EA-48F7-AD1B-2A6CE706AA87}C:\users\harsh\appdata\roaming\emby-server\system\embyserver.exe] => (Allow) C:\users\harsh\appdata\roaming\emby-server\system\embyserver.exe (Emby LLC -> Emby) [File not signed]
FirewallRules: [TCP Query User{BD29BE68-D998-4B64-9321-3FC02914DC72}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [UDP Query User{E22AD66F-0AF5-4C14-92F7-CEE1A378A931}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [{68D7CD78-E7FF-4302-B7FB-CD3D5F0D6DBA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{EDBDA55D-1AFC-4ADA-9054-7FF2BAD1DF42}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{AAA86B14-2D8E-4E98-A01F-5E8A0C1DC8F4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E5E59987-A3C8-43EE-BE1A-951A865CCB1C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{FD3AD6E1-6C9B-436C-AB0A-DEC4B837FE37}C:\users\harsh\appdata\local\vysor\app-2.1.2\vysor.exe] => (Allow) C:\users\harsh\appdata\local\vysor\app-2.1.2\vysor.exe (ClockworkMod) [File not signed]
FirewallRules: [UDP Query User{FF823940-8BBD-44F4-9EB3-444212877E9B}C:\users\harsh\appdata\local\vysor\app-2.1.2\vysor.exe] => (Allow) C:\users\harsh\appdata\local\vysor\app-2.1.2\vysor.exe (ClockworkMod) [File not signed]
FirewallRules: [{F1A7000D-2B81-4411-8712-67814C758D67}] => (Block) C:\users\harsh\appdata\local\vysor\app-2.1.2\vysor.exe (ClockworkMod) [File not signed]
FirewallRules: [{B19071EC-F96A-480B-88E7-7A31BAD85763}] => (Block) C:\users\harsh\appdata\local\vysor\app-2.1.2\vysor.exe (ClockworkMod) [File not signed]
FirewallRules: [{57A4022A-9278-4A65-B80E-729D3953D93E}] => (Allow) C:\Program Files\Trust.Zone VPN Client\trustzone_x64.exe => No File
FirewallRules: [{50E0539A-4FAB-49AC-A708-2F375CB74C7A}] => (Allow) C:\Program Files\Trust.Zone VPN Client\trustzone.exe => No File
FirewallRules: [{84BB068A-B9BB-4C2A-BA9F-AD520EA5D4BC}] => (Allow) C:\Program Files\Trust.Zone VPN Client\tzclient.exe => No File
FirewallRules: [{98C4E964-FC97-4240-BEE0-76EBA730DDFF}] => (Allow) C:\Program Files\Trust.Zone VPN Client\tzclient_x64.exe => No File
FirewallRules: [{C8C69CE3-92DC-45EE-A9EF-DF9A37646AAA}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{99FE37E9-E6D3-4EBE-AB6A-825762FB10FA}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{B2385446-AA7B-412E-BB9B-D86FEE9EBEB6}] => (Allow) C:\Program Files\Moonlight Game Streaming\Moonlight.exe (Cameron Gutman -> Moonlight Game Streaming Project)
FirewallRules: [{427B912E-C8BD-4344-BFF3-499718FE7DA6}] => (Allow) C:\Users\harsh\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{2203F5E0-D342-4589-A52B-E08FD67FC3B5}] => (Allow) C:\Users\harsh\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{CCA4AF97-0B48-4DA7-B814-7736E3E54734}] => (Allow) C:\Users\harsh\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{EF894820-5A62-4E4E-96C4-05FC8D1C005B}] => (Allow) C:\Program Files (x86)\Syncios\Syncios Mobile Manager\Syncios Mobile Manager.exe (Anvsoft Inc. -> Syncios)
FirewallRules: [{BF7905D9-2ED9-4380-A641-40CE21345582}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{9DBEEB04-6F3F-429E-A7A0-2D8595689B52}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{5012C5C9-9B21-45F6-9091-351470349E0F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{06BF8391-E1C6-44B1-8BEF-2B6C40592790}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{9023AFAA-D042-4A44-85F6-ACE5A96EFEEF}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [{E1EC03A9-8377-49B6-ABA1-7A9E116EA0DF}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe (Plex, Inc. -> )
FirewallRules: [{10D38CD5-7DA1-4762-B43A-738C23B6D2B0}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [{7726A7DA-9150-4976-B37D-86CEE144D861}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe (Plex, Inc. -> )
FirewallRules: [{3A8A0FB0-7563-46BE-B9C0-5E2287142F59}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Game Transcoder\Plex Game Transcoder.exe (Plex, Inc. -> )
FirewallRules: [{1C62B292-9BD9-42AC-9126-902E7D90208C}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{70813800-CBB5-4133-8947-4C8ACB535925}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3204.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{277B28A4-01A0-4353-B05E-DC97F6D7D75F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3204.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2B625C0A-8EF6-4102-A7F5-DBEAB9A1F2F1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3204.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E4A676BB-2D07-4B65-AF1A-6AEB15F44339}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3204.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9ED7B737-A460-4D59-AD62-E1942A0E09A2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{69F4198E-EB91-479B-A936-92B4A21030F4}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\108.0.1462.54\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4CC20964-1A8F-49FB-B05E-45AD7F8B9D35}] => (Allow) LPort=32683
FirewallRules: [{91C0BC09-990D-4237-9280-18B5D1C4C476}] => (Allow) LPort=26822
==================== Restore Points =========================
15-12-2022 19:24:57 Windows Modules Installer
24-12-2022 19:24:12 Scheduled Checkpoint
26-12-2022 19:48:12 Installed Windows PC Health Check
==================== Faulty Device Manager Devices ============
Name: PCI Device
Description: PCI Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: ========================
Application errors:
==================
Error: (12/27/2022 06:47:04 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: harsh-PC)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).
Error: (12/27/2022 06:41:17 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (12/27/2022 06:41:16 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (12/27/2022 06:41:16 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC0EA000A
Command-line arguments:
RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=2
Error: (12/26/2022 11:15:22 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (12/26/2022 11:15:22 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
Error: (12/26/2022 10:17:32 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (12/26/2022 09:03:37 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable
System errors:
=============
Error: (12/27/2022 08:32:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Radarr service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (12/27/2022 08:32:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the Radarr service to connect.
Error: (12/27/2022 08:32:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the BingDesktopUpdate service to connect.
Error: (12/27/2022 08:32:09 PM) (Source: TPM) (EventID: 15) (User: NT AUTHORITY)
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.
Error: (12/27/2022 08:21:18 PM) (Source: DCOM) (EventID: 10010) (User: harsh-PC)
Description: The server {5F7F3F7B-1177-4D4B-B1DB-BC6F671B8F25} did not register with DCOM within the required timeout.
Error: (12/27/2022 08:21:18 PM) (Source: DCOM) (EventID: 10010) (User: harsh-PC)
Description: The server {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} did not register with DCOM within the required timeout.
Error: (12/27/2022 06:41:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Mullvad VPN Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 3000 milliseconds: Restart the service.
Error: (12/27/2022 06:41:03 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Mullvad VPN Service service terminated with the following service-specific error:
Incorrect function.
CodeIntegrity:
===============
Date: 2022-12-27 20:50:36
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files\HotVirtualKeyboard\hvkh64.dll that did not meet the Microsoft signing level requirements.
Date: 2022-12-27 20:42:27
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Mullvad VPN\Mullvad VPN.exe) attempted to load \Device\HarddiskVolume3\Program Files\HotVirtualKeyboard\hvkh64.dll that did not meet the Microsoft signing level requirements.
Date: 2022-12-27 20:35:46
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender Security\bdamsi\266169003402645883\antimalware_provider64.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends International, LLC. 1.10 03/04/2022
Motherboard: Micro-Star International Co., Ltd. PRO B660-A DDR4 (MS-7D59)
Processor: 12th Gen Intel® Core i3-12100F
Percentage of memory in use: 49%
Total physical RAM: 16241.4 MB
Available physical RAM: 8241.95 MB
Total Virtual: 32241.4 MB
Available Virtual: 22765.89 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:232.27 GB) (Free:83.96 GB) (Model: Samsung SSD 850 EVO 250GB) NTFS
Drive f: (Backup 2) (Fixed) (Total:931.51 GB) (Free:83.39 GB) (Model: SAMSUNG HD103SJ) NTFS
Drive g: (Backup 3) (Fixed) (Total:76.69 GB) (Free:76.52 GB) (Model: HDS728080PLA380) NTFS
Drive h: (Local Disk) (Fixed) (Total:74.53 GB) (Free:37.82 GB) (Model: ST380815AS) NTFS
\\?\Volume{28b464b9-b6d7-11e7-bb6e-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{267195c0-0000-0000-0000-b0173a000000}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 433563BA)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=42)
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 76.7 GB) (Disk ID: 000C5C0D)
Partition 1: (Not Active) - (Size=76.7 GB) - (Type=07 NTFS)
==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 267195C0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=525 MB) - (Type=27)
==========================================================
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 74.5 GB) (Disk ID: 400E400D)
Partition 1: (Not Active) - (Size=74.5 GB) - (Type=0F Extended)
==================== End of Addition.txt =======================
Attached Files
- Addition.txt 71.38KB2 downloads
Edited by blade12, 27 December 2022 - 10:34 PM.