BitDefender keeps blocking some mchost.exe in endless loop - Virus, Trojan, Spyware, and Malware Removal Help (2023)

Every 2 minutes (or less), BitDefender says detected threat is being disinfected and then malicious application has been blocked. The file in question is mchost.exe located at C:\Users\harsh\AppData\Roaming\mqoakadlqc. I went to that folder and tried deleting that exe file, but it says it requires permission from the admin, which I'm already logged in as.

Bitdefender says:

"Application mchost.exe has been detected as potentially malicious and was blocked.

Application path: C:\Users\harsh\AppData\Roaming\mqoakadlqc\mchost.exe

Command line parameters: C:\Users\harsh\AppData\Roaming\mqoakadlqc\mchost.exe "C:\Users\harsh\AppData\Roaming\mqoakadlqc\mchost.chm"

Detection ID: SuspiciousBehavior.41DD99DA46B1B505"

I was also forced to attach FRST.txt and Addition because my browser locks up as soon as I copy/paste the FRST contents. I tried Brave too, but same issue. Browser locks up as soon as I copy/paste, and only option is to end task browser. Very odd issue. I tried restarting pc. Let me know if you want me to copy/paste content of text files elsewhere. Thanks!

Edit:

Finally was able to copy/paste after multiple tries

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-12-2022

Ran by harsh (administrator) on HARSH-PC (Micro-Star International Co., Ltd. MS-7D59) (27-12-2022 20:55:36)

Running from C:\Users\harsh\Desktop

Loaded Profiles: harsh

Platform: Microsoft Windows 10 Pro Version 22H2 19045.2364 (X64) Language: English (United States)

Default browser: Edge

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\MSI\MSI Center\MSI.CentralServer.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\MSI Center\Engine\CC_Engine_x64.exe

(C:\Program Files (x86)\MSI\MSI Center\MSI_Central_Service.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\MSI.CentralServer.exe

(C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe ->) (Razer USA Ltd. -> The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe <5>

(C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe

(C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe ->) (Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\Synapse3\UserProcess\Razer Synapse Service Process.exe

(C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe ->) (Surfshark B.V. -> Surfshark) C:\Program Files (x86)\Surfshark\Surfshark.AntivirusService.exe

(C:\Program Files\Bitdefender Agent\ProductAgentService.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\26.0.1.233\DiscoverySrv.exe

(C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe

(C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdntwrk.exe

(C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdwtxag.exe

(C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\seccenter.exe

(C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe ->) (S.C. BITDEFENDER S.R.L. -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\wsccommunicator.exe

(C:\Program Files\HotVirtualKeyboard\hvk.exe ->) (Comfort Software Group -> Comfort Software Group) C:\Program Files\HotVirtualKeyboard\hvkcm64.exe

(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>

(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe

(Comfort Software Group -> Comfort Software Group) C:\Program Files\HotVirtualKeyboard\hvk.exe

(explorer.exe ->) (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe

(explorer.exe ->) (F.lux Software LLC -> f.lux Software LLC) C:\Users\harsh\AppData\Local\FluxSoftware\Flux\flux.exe

(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <23>

(explorer.exe ->) (Mullvad VPN) [File not signed] C:\Program Files\Mullvad VPN\Mullvad VPN.exe <4>

(explorer.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe

(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe

(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Piriform Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe <2>

(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(services.exe ->) (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe

(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe

(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\redline\bdredline.exe

(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe <3>

(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe

(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe

(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe

(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe

(services.exe ->) (Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe

(services.exe ->) (Logitech Inc -> Logitech) C:\Program Files\Logitech\LogiCapture\bin\Service\LogiFacecamService.exe

(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Case\MSI_Case_Service.exe

(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\MSI_Central_Service.exe

(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Voice Control\VoiceControl_Service.exe

(services.exe ->) (Mullvad VPN AB -> Mullvad VPN AB) C:\Program Files\Mullvad VPN\resources\mullvad-daemon.exe

(services.exe ->) (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe

(services.exe ->) (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe

(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>

(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_6fd074e02d655c70\Display.NvContainer\NVDisplay.Container.exe <2>

(services.exe ->) (O&O Software GmbH -> O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe

(services.exe ->) (Plex, Inc. -> Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe

(services.exe ->) (Razer USA Ltd. -> Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe

(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzChromaStreamServer.exe

(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe

(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe

(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe

(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe

(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe

(services.exe ->) (Surfshark B.V. -> Surfshark) C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe

(services.exe ->) (Surfshark B.V. -> Surfshark) C:\Program Files (x86)\Surfshark\Surfshark.Service.exe

(services.exe ->) (Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.231\WsAppService.exe

(svchost.exe ->) () [File not signed] C:\Program Files (x86)\MSI\MSI Companion\Gamebar_Connect.exe

(svchost.exe ->) () [File not signed] C:\Program Files (x86)\MSI\MSI Companion\MSI_GamebarTool.exe

(svchost.exe ->) (Lespeed Technology Ltd. -> WiseCleaner.COM) C:\Program Files (x86)\Wise\Wise Auto Shutdown\WiseAutoShutdown.exe

(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe

(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2210.0.0_x64__8wekyb3d8bbwe\CalculatorApp.exe

(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22102.229.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe <2>

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Copyright © 2020 Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Companion\TraceFPS.exe

(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\MSI.TerminalServer.exe

(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Speed Up\StorageMonitor.exe

(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Voice Control\VoiceControlEngine.exe

(ZOHO Corporation Private Limited -> Zoho Corp) C:\Program Files\Notebook\Notebook.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor Corp -> Realtek Semiconductor)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc. -> Apple Inc.)

HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [4465448 2014-08-29] (O&O Software GmbH -> O&O Software GmbH)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [18727048 2018-10-05] (Logitech Inc -> Logitech Inc.)

HKLM\...\Run: [notebookAutoLaunch] => explorer.exe notebook-windows://background (No File)

HKLM-x32\...\Run: [hvk] => C:\Program Files\HotVirtualKeyboard\hvk.exe [8149416 2017-02-10] (Comfort Software Group -> Comfort Software Group)

HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2075480 ] (Flexera Software LLC -> Flexera Software LLC.)

HKLM-x32\...\Run: [DNS7reminder] => F:\Programs\NaturallySpeaking15\Ereg\Ereg.exe [3146120 2016-05-06] (Nuance Communications, Inc. -> Nuance Communications, Inc.)

HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2369240 2015-10-20] (Microsoft Corporation -> Microsoft Corp.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [711288 2022-09-15] (Oracle America, Inc. -> Oracle Corporation)

HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION

HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION

HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\Run: [Amazon Music Helper] => C:\Users\harsh\AppData\Local\Amazon Music\Amazon Music Helper.exe [2099656 2020-12-11] (Amazon.com Services LLC -> Amazon.com Services LLC)

HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2075480 2013-06-24] (Flexera Software LLC -> Flexera Software LLC.)

HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\Run: [Chromium] => "c:\users\harsh\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session [829440 2017-02-15] (The Chromium Authors) [File not signed]

HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [729704 2018-03-21] (AVB Disc Soft, SIA -> Disc Soft Ltd)

HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\Run: [f.lux] => C:\Users\harsh\AppData\Local\FluxSoftware\Flux\flux.exe [1515848 2021-06-17] (F.lux Software LLC -> f.lux Software LLC)

HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18534016 2018-07-20] (Piriform Ltd -> Piriform Ltd)

HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\Run: [GalaxyClient] => [X]

HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3542536 2022-12-12] (Razer USA Ltd. -> Razer Inc.)

HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\Run: [MicrosoftEdgeAutoLaunch_6E1ADB05E443F1CB09F802BBD4C0D6A8] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3879848 2022-12-15] (Microsoft Corporation -> Microsoft Corporation)

HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\Run: [net.mullvad.vpn] => C:\Program Files\Mullvad VPN\Mullvad VPN.exe [149006336 2022-10-14] (Mullvad VPN) [File not signed]

HKU\S-1-5-18\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18534016 2018-07-20] (Piriform Ltd -> Piriform Ltd)

HKU\S-1-5-18\...\Run: [] => [X]

HKU\S-1-5-18\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [24605528 2022-06-27] (Plex, Inc. -> Plex, Inc.)

HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3542536 2022-12-12] (Razer USA Ltd. -> Razer Inc.)

HKLM\...\Windows x64\Print Processors\hpcpp155: C:\Windows\System32\spool\prtprocs\x64\hpcpp155.DLL [597792 2013-09-04] (Hewlett-Packard Company -> Hewlett-Packard Corporation)

HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\108.0.5359.125\Installer\chrmstp.exe [2022-12-15] (Google LLC -> Google LLC)

HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\108.1.46.144\Installer\chrmstp.exe [2022-12-14] (Brave Software, Inc. -> Brave Software, Inc.)

HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\O&O Defrag Tray.lnk [2017-11-30]

ShortcutTarget: O&O Defrag Tray.lnk -> C:\Windows\Installer\{50C961A1-889F-4A4E-9587-2772A45B6AAD}\app_icon.ico () [File not signed]

Startup: C:\Users\harsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Emby Server.lnk [2019-11-25]

ShortcutTarget: Emby Server.lnk -> C:\Users\harsh\AppData\Roaming\Emby-Server\system\EmbyServer.exe (Emby LLC -> Emby) [File not signed]

GroupPolicy: Restriction ? <==== ATTENTION

Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00AA548D-416A-4105-8E22-9199CF197B9C} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -SqlLiteRecoveryTask (No File)

Task: {052B9B4C-828B-4238-8137-18C7714A34A2} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144344 2022-12-17] (Microsoft Corporation -> Microsoft Corporation)

Task: {0A340A66-523C-45AF-A587-55CF9C79825E} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}

Task: {0C57B2EB-5604-4B4B-9655-8CFCF86416DF} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-04-18] (Brave Software, Inc. -> BraveSoftware Inc.)

Task: {0F5F7D27-FE27-4487-81B6-53C339217AF7} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3341432 2022-05-05] (Nvidia Corporation -> NVIDIA Corporation)

Task: {0FED4227-7D4A-4C7A-9126-689FD1E433EB} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (No File)

Task: {14635B2B-C737-412A-AD69-E135A26018A5} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (No File)

Task: {19D06995-78E9-43C3-8C55-D0B1BA09594B} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe /RestartRecording (No File)

Task: {24C2551B-F34F-43B7-BD56-A86C9C06354A} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (No File)

Task: {24D1CE51-8F36-48F3-A9DC-DDBCD26C792A} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (No File)

Task: {25370D35-657C-41CF-A51B-857A765B598B} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}

Task: {309BC360-8259-43A4-AA3E-7CF8D26F7666} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [13684416 2018-07-20] (Piriform Ltd -> Piriform Ltd)

Task: {320A07E0-0FE1-4B55-8C9C-5540A8847A5B} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\26.0.1.233\WatchDog.exe [1053264 2022-07-25] (Bitdefender SRL -> Bitdefender)

Task: {364DB9B8-6DF1-40FD-A1E5-6E4A552E0945} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905984 2022-05-04] (Nvidia Corporation -> NVIDIA Corporation)

Task: {39A4664E-9AA4-4205-906B-755A30ADB322} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [647424 2022-05-04] (Nvidia Corporation -> NVIDIA Corporation)

Task: {3A3226F2-EC6B-4E67-AB2C-65CDBA282E1D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /PBDADiscovery (No File)

Task: {3F2D926F-AF83-4698-9D31-A566A0BD9702} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe /OCURActivate (No File)

Task: {40213571-BE65-4E93-833C-130B0831F4CC} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1649920 2022-05-04] (Nvidia Corporation -> NVIDIA Corporation)

Task: {410ADBAD-EDAD-4044-8A46-314B9094E2CF} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-04] (Piriform Software Ltd -> Piriform Software Ltd)

Task: {420BD8E7-AA1E-4699-8E8A-C0915A3AF90F} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-04-18] (Brave Software, Inc. -> BraveSoftware Inc.)

Task: {4768C49B-6CA5-4DF8-8D12-62FEB5F50C11} - System32\Tasks\GoogleUpdateTaskMachineCore1d3ee4cf7ca0a91 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-10-22] (Google Inc -> Google Inc.)

Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}

Task: {48C426C7-774C-480E-8B82-720E25EBC207} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe $(Arg0) (No File)

Task: {51D88FBB-D972-4C89-A376-B57722BC5C11} - System32\Tasks\MSI_TraceFPS => C:\Program Files (x86)\MSI\MSI Companion\TraceFPS.exe [2780144 2022-12-27] (MICRO-STAR INTERNATIONAL CO., LTD. -> Copyright © 2020 Micro-Star INT'L CO., LTD.)

Task: {52EAA434-4938-4FC8-BA46-99C2587C94FC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8509392 2022-12-10] (Microsoft Corporation -> Microsoft Corporation)

Task: {53B7FC0A-3AC9-4C4A-9DA3-096E9302DBAE} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION

Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}

Task: {6B9351F3-95FB-45C1-B827-1A454C2D6FA3} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26308584 2022-12-17] (Microsoft Corporation -> Microsoft Corporation)

Task: {6D4D7B0D-E548-4217-A04A-56AB431FFC65} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (No File)

Task: {704AC569-02D7-438F-86D1-6A310567BD90} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}

Task: {720EADFB-2BD3-469A-866E-67E73DC78AC0} - System32\Tasks\Wise Auto Shutdown Task.job => C:\Program Files (x86)\Wise\Wise Auto Shutdown\WiseAutoShutdown.exe -a

Task: {76FA05D3-6968-4435-9B70-650C89FC0229} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -MediaCenterRecoveryTask (No File)

Task: {796309E7-D9B6-4313-98E3-C44E972BE5A2} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [146816 2022-12-10] (Microsoft Corporation -> Microsoft Corporation)

Task: {7C761D0F-E986-418A-8727-242B924537AF} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}

Task: {7C839511-5B5E-4469-B17B-4D53CA1E2B6A} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe /DoReindexSearchRoot (No File)

Task: {81CAE07D-0990-4C62-9E9F-5627D4673800} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-10-22] (Google Inc -> Google Inc.)

Task: {8282340D-B6CF-40C4-8F97-5B32B28E0CAE} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe /DRMInit (No File)

Task: {832CA8E2-0009-408B-A80D-C6821408246B} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -ObjectStoreRecoveryTask (No File)

Task: {85E1A35C-88C9-4492-BFBD-B5F971841074} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1649920 2022-05-04] (Nvidia Corporation -> NVIDIA Corporation)

Task: {8DACE16E-4DEC-406F-8464-3095709B96C7} - \Mozilla\anlbfb -> No File <==== ATTENTION

Task: {926D6815-032A-4476-BAA5-7BFF6B5D0CAA} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -PvrRecoveryTask (No File)

Task: {964B4E21-010D-4391-943E-A7BB5FF05762} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-10-22] (Google Inc -> Google Inc.)

Task: {9918C49C-2E67-4DAA-A0A6-3AFD8C5F6615} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe -pscn 0 (No File)

Task: {AA797FF6-713B-419C-9F1F-A4A3D4CA4158} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1649920 2022-05-04] (Nvidia Corporation -> NVIDIA Corporation)

Task: {B06759D8-2731-408D-8E7E-E7ACB1DD5AB4} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate

Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}

Task: {B5327845-28EA-402D-822D-7394B7C39432} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (No File)

Task: {B7B43A85-3887-4FAD-AA26-CCC874A60DBE} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}

Task: {B82B00A5-F47F-4AD2-A168-359101F5B8E0} - System32\Tasks\GoogleUpdateTaskMachineUA1d5796e4cc8c1d9 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-10-22] (Google Inc -> Google Inc.)

Task: {BED34713-068F-4401-80A3-9685581118DD} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905984 2022-05-04] (Nvidia Corporation -> NVIDIA Corporation)

Task: {BFC48C90-ECDA-45D5-B6F5-ECB23ABFD06F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1552376 2022-09-26] (Adobe Inc. -> Adobe Inc.)

Task: {C4A1B537-8781-47FC-BFF6-EDEB4AE8FDC3} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"

Task: {D461C4C9-F933-4140-A21E-782BBFB8A33D} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144344 2022-12-17] (Microsoft Corporation -> Microsoft Corporation)

Task: {D78704B6-0B71-45C6-B1DA-3314652CC365} - System32\Tasks\MSI_GamebarConnect => C:\Program Files (x86)\MSI\MSI Companion\Gamebar_Connect.exe [94720 2022-12-27] () [File not signed]

Task: {D7B3DEC6-F317-45E7-A5B4-FACDCA0B26C4} - System32\Tasks\Update Manager => C:\Users\harsh\AppData\Roaming\The.Elder.Scrolls.V.Skyrim.Legendary.Edition.With.update1.9+ALLDLCs\auujqq.exe /upgradeid=f561932c-0bef-41b9-9289-b7d5c099b86b (No File)

Task: {E4DEC8D7-2EB6-47E5-BEDB-AFFFE9BDB814} - System32\Tasks\GoogleUpdateTaskMachineCore1d5796e4cc59ba5 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-10-22] (Google Inc -> Google Inc.)

Task: {E4F3255B-6FD4-4209-95F9-E13B2D096B63} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1649920 2022-05-04] (Nvidia Corporation -> NVIDIA Corporation)

Task: {E661E14C-C8E2-437F-A483-49AB2AA55C11} - System32\Tasks\MSI Task Host - FixNorton.exe => C:\Program Files (x86)\MSI\MSI Center\PushCast\Push20221215131801\FixNorton.exe [25208 2022-12-19] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)

Task: {EAEE9CB6-F277-4E6A-82B3-115C2DC8406D} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-03-24] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log

Task: {EBBDE9EF-807D-42FC-8BC2-B881EFF8E854} - System32\Tasks\MSI_GamebarTool => C:\Program Files (x86)\MSI\MSI Companion\MSI_GamebarTool.exe [88064 2022-12-27] () [File not signed]

Task: {EBC42FDF-6DA9-45DF-9931-971540D8B47B} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26308584 2022-12-17] (Microsoft Corporation -> Microsoft Corporation)

Task: {EE00E37A-9141-48B9-930E-753BB15648B2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (No File)

Task: {EF0F4C34-C18B-4B29-A9AC-4830D994888E} - System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C => C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe [989208 2022-12-06] (Bitdefender SRL -> Bitdefender)

Task: {F2040282-10B1-4E54-89A3-65866CA16B40} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoActivateWindowsSearch (No File)

Task: {F6334368-6761-44EE-A2AF-3F30A2ECE9B1} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe -PvrSchedule (No File)

Task: {FB094FA6-F3F6-4699-941A-4E5C4D6AEF62} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (No File)

Task: {FF7C78D3-EA1A-49AF-8E12-809DFA2B2415} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8509392 2022-12-10] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{514a3988-9716-43d5-8b05-31da25a044a9}: [NameServer] 100.64.0.4

Tcpip\..\Interfaces\{a7be1398-ee7f-4bd1-9f64-96311b317949}: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{C21BBE9A-CCAA-48F4-830B-9EB74E7454DC}: [DhcpNameServer] 192.168.1.1

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

Edge:

=======

DownloadDir: C:\Users\harsh\Downloads

Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]

Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]

Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]

Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]

Edge DefaultProfile: Default

Edge Profile: C:\Users\harsh\AppData\Local\Microsoft\Edge\User Data\Default [2022-12-27]

Edge DownloadDir: Default -> C:\Users\harsh\Desktop

Edge DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}

Edge DefaultSearchKeyword: Default -> duckduckgo.com

Edge DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab

Edge DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list

Edge Extension: (PayPal Honey: Automatic Coupons & Cash Back) - C:\Users\harsh\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\amnbcmdbanbkjhnfoeceemmmdiepnbpp [2022-12-05]

Edge Extension: (ReviewMeta.com Review Analyzer) - C:\Users\harsh\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cagmalmckifngccehkojnimlabphpgci [2022-12-05]

Edge Extension: (YouTube Music) - C:\Users\harsh\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cinhimbnkkaeohfgghhklpknlkffjgod [2021-05-14]

Edge Extension: (Dragon Web Extension) - C:\Users\harsh\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ddaloccgjfibfpkalenodgehlhkgoahe [2022-12-16]

Edge Extension: (Survey Junkie Pulse) - C:\Users\harsh\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hcohkdneahbdhaflbchfhleggjmeoikl [2022-12-07]

Edge Extension: (Bitwarden - Free Password Manager) - C:\Users\harsh\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jbkfoedolllekgbhcbcoahefnbanhhlh [2022-12-22]

Edge Extension: (Smile Always) - C:\Users\harsh\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jgpmhnmjbhgkhpbgelalfpplebgfjmbf [2022-12-05]

Edge Extension: (Google Docs Dark Mode) - C:\Users\harsh\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lgjhepbpjcmfmjlpkkdjlbgomamkgonb [2022-11-30]

Edge Extension: (Fakespot Fake Amazon Reviews and eBay Sellers) - C:\Users\harsh\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nakplnnackehceedgkgkokbgbmfghain [2022-12-11]

Edge Extension: (Context Menu Search) - C:\Users\harsh\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ocpcmghnefmdhljkoiapafejjohldoga [2020-06-20]

Edge Extension: (uBlock Origin) - C:\Users\harsh\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2022-12-23]

Edge HKU\S-1-5-21-4124628483-520521852-4121828158-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2020-07-21]

Edge HKLM-x32\...\Edge\Extension: [pdhdldaneekjpoaldekpgomomeabpnek]

FireFox:

========

FF DefaultProfile: wr37962e.default-1515287002417

FF ProfilePath: C:\Users\harsh\AppData\Roaming\Mozilla\Firefox\Profiles\wr37962e.default-1515287002417 [2022-12-11]

FF DownloadDir: C:\Users\harsh\Desktop

FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi

FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi [2022-12-06] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/wallet/updates.json ]

FF HKLM\...\Firefox\Extensions: [bdtbe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi

FF Extension: (Bitdefender Anti-tracker) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi [2022-12-06] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/antitracker/updates.json ]

FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext

FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2021-07-29] [Legacy] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi

FF HKLM-x32\...\Firefox\Extensions: [bdtbe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi

FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext

FF HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\harsh\AppData\Roaming\IDM\idmmzcc5

FF Extension: (IDM CC) - C:\Users\harsh\AppData\Roaming\IDM\idmmzcc5 [2020-07-21] [Legacy] [not signed]

FF HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi

FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]

FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2017-10-22] (LastPass (Marvasol Inc) -> LastPass)

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)

FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-11-14] (Adobe Inc. -> Adobe Systems Inc.)

FF Plugin: nuance.com/DgnRia2_x86_64 -> F:\Programs\NaturallySpeaking15\Program\x64\npDgnRia2_x64.dll [2017-02-13] (Nuance Communications, Inc. -> Nuance Communications, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=11.351.2 -> C:\Program Files (x86)\Java\jre1.8.0_351\bin\dtplugin\npDeployJava1.dll [2022-10-19] (Oracle America, Inc. -> Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.351.2 -> C:\Program Files (x86)\Java\jre1.8.0_351\bin\plugin2\npjp2.dll [2022-10-19] (Oracle America, Inc. -> Oracle Corporation)

FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2017-10-22] (LastPass (Marvasol Inc) -> LastPass)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: nuance.com/DgnRia2 -> F:\Programs\NaturallySpeaking15\Program\npDgnRia2.dll [2017-02-13] (Nuance Communications, Inc. -> Nuance Communications, Inc.)

FF Plugin HKU\S-1-5-21-4124628483-520521852-4121828158-1001: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [2020-10-01] (TD Ameritrade -> TD Ameritrade)

FF Plugin HKU\S-1-5-21-4124628483-520521852-4121828158-1001: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [2020-10-01] (TD Ameritrade -> TD Ameritrade)

FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\bd_js_config.js [2021-12-23] <==== ATTENTION (Points to *.cfg file)

FF ExtraCheck: C:\Program Files\mozilla firefox\bd_config.cfg [2021-12-23] <==== ATTENTION

Chrome:

=======

CHR Profile: C:\Users\harsh\AppData\Local\Google\Chrome\User Data\Default [2022-07-13]

CHR DownloadDir: C:\Users\harsh\Desktop

CHR Extension: (Ledger Manager) - C:\Users\harsh\AppData\Local\Google\Chrome\User Data\Default\Extensions\beimhnaefocolcplfimocfiaiefpkgbf [2020-07-24]

CHR Extension: (uBlock Origin) - C:\Users\harsh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2022-07-13]

CHR Extension: (Survey Junkie Pulse) - C:\Users\harsh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnfbbeblcdlfnoneibihgklodmlkimfo [2022-07-13]

CHR Extension: (Google Play Music) - C:\Users\harsh\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2020-12-30]

CHR Extension: (ReviewMeta.com Review Analyzer) - C:\Users\harsh\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjifglfkcaipnmhngbigdebkoikioend [2019-02-08]

CHR Extension: (FantasyPros: Win your Fantasy League) - C:\Users\harsh\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfbepnlhpkbgbkcebjnfhgjckibfdfkc [2022-07-13]

CHR Extension: (Google Docs Offline) - C:\Users\harsh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-07-13]

CHR Extension: (Ledger Wallet Ethereum) - C:\Users\harsh\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmlhkialjkaldndjnlcdfdphcgeadkkm [2019-03-20]

CHR Extension: (Google Play Music) - C:\Users\harsh\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2017-11-18]

CHR Extension: (Smile Always) - C:\Users\harsh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpmhnmjbhgkhpbgelalfpplebgfjmbf [2018-08-14]

CHR Extension: (Slickdeals: Automatic Coupons and Deals) - C:\Users\harsh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpdapbcmfllbpojmkefcikllfeoahglb [2022-07-13]

CHR Extension: (Ledger Wallet Bitcoin) - C:\Users\harsh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkdpmhnladdopljabkgpacgpliggeeaf [2020-07-31]

CHR Extension: (StayFocusd) - C:\Users\harsh\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2020-12-30]

CHR Extension: (SuperNova SWF Enabler) - C:\Users\harsh\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhmphnocemakkjdampibehejoaleebpo [2022-05-16]

CHR Extension: (Fakespot Fake Amazon Reviews and eBay Sellers) - C:\Users\harsh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nakplnnackehceedgkgkokbgbmfghain [2022-07-13]

CHR Extension: (IDM Integration Module) - C:\Users\harsh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2022-07-13]

CHR Extension: (Chrome Web Store Payments) - C:\Users\harsh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-08]

CHR Extension: (Context Menu Search) - C:\Users\harsh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocpcmghnefmdhljkoiapafejjohldoga [2019-03-14]

CHR Profile: C:\Users\harsh\AppData\Local\Google\Chrome\User Data\System Profile [2018-09-06]

CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd]

CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2020-07-21]

CHR HKU\S-1-5-21-4124628483-520521852-4121828158-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mhmphnocemakkjdampibehejoaleebpo]

CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl]

CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd]

CHR HKLM-x32\...\Chrome\Extension: [khndhdhbebhaddchcgnalcjlaekbbeof]

CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2020-07-21]

Brave:

=======

BRA Profile: C:\Users\harsh\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2022-12-03]

BRA Extension: (Bitdefender Wallet) - C:\Users\harsh\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\gannpgaobkkhmpomoijebaigcapoeebl [2022-12-03]

BRA Extension: (LastPass: Free Password Manager) - C:\Users\harsh\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2022-12-03]

BRA Extension: (Bitdefender Anti-tracker) - C:\Users\harsh\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\khndhdhbebhaddchcgnalcjlaekbbeof [2021-04-18]

BRA Extension: (SuperNova SWF Enabler) - C:\Users\harsh\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\mhmphnocemakkjdampibehejoaleebpo [2022-10-22]

BRA Extension: (IDM Integration Module) - C:\Users\harsh\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2022-10-25]

BRA Extension: (Brave Local Data Files Updater) - C:\Users\harsh\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2022-12-03]

BRA Extension: (Brave NTP background images) - C:\Users\harsh\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2022-10-25]

BRA Extension: (Wallet Data Files Updater) - C:\Users\harsh\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2022-12-03]

BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\harsh\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2022-10-25]

BRA Extension: (Brave NTP sponsored images) - C:\Users\harsh\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2022-12-03]

BRA Extension: (Brave Ad Block Updater (Regional Catalog)) - C:\Users\harsh\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc [2022-12-03]

BRA Extension: (Brave Ad Block Updater (Default (plaintext))) - C:\Users\harsh\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo [2022-12-03]

BRA Extension: (Brave SpeedReader Updater) - C:\Users\harsh\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2022-10-25]

BRA Extension: (Brave Ad Block Updater (Resources)) - C:\Users\harsh\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop [2022-12-03]

BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\harsh\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2022-12-03]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2022-09-26] (Adobe Inc. -> Adobe Inc.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc. -> Apple Inc.)

R2 BDAuxSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [821784 2022-12-06] (Bitdefender SRL -> Bitdefender)

R2 BDProtSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [821784 2022-12-06] (Bitdefender SRL -> Bitdefender)

R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2161256 2018-03-22] (Bitdefender SRL -> Bitdefender)

R2 bdredline_agent; C:\Program Files\Bitdefender Agent\redline\bdredline.exe [2454632 2022-02-10] (Bitdefender SRL -> Bitdefender)

S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173784 2015-10-20] (Microsoft Corporation -> Microsoft Corp.)

S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-04-18] (Brave Software, Inc. -> BraveSoftware Inc.)

S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-04-18] (Brave Software, Inc. -> BraveSoftware Inc.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12540928 2022-12-17] (Microsoft Corporation -> Microsoft Corporation)

R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [3639400 2018-03-21] (AVB Disc Soft, SIA -> Disc Soft Ltd)

R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [166288 2017-02-13] (Nuance Communications, Inc. -> Nuance Communications, Inc.)

S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [16029472 2021-12-16] (Epic Games Inc. -> Epic Games, Inc.)

S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [1990496 2021-10-28] (GOG Sp. z o.o. -> GOG.com)

S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6484832 2021-07-16] (GOG Sp. z o.o. -> GOG.com)

R2 LogiFacecamService; C:\Program Files\Logitech\LogiCapture\bin\Service\LogiFacecamService.exe [446600 2020-01-08] (Logitech Inc -> Logitech)

R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [206472 2018-10-05] (Logitech Inc -> Logitech Inc.)

R2 MSI_Case_Service; C:\Program Files (x86)\MSI\MSI Center\Case\MSI_Case_Service.exe [69280 2022-08-03] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)

R2 MSI_Center_Service; C:\Program Files (x86)\MSI\MSI Center\MSI_Central_Service.exe [150176 2022-08-04] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)

R2 MSI_VoiceControl_Service; C:\Program Files (x86)\MSI\MSI Center\Voice Control\VoiceControl_Service.exe [34032 2022-05-12] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)

R2 MullvadVPN; C:\Program Files\Mullvad VPN\resources\mullvad-daemon.exe [17397976 2022-10-14] (Mullvad VPN AB -> Mullvad VPN AB)

R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]

R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [1660200 2014-08-29] (O&O Software GmbH -> O&O Software GmbH)

S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2562776 2022-01-20] (Electronic Arts, Inc. -> Electronic Arts)

S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3481312 2022-01-20] (Electronic Arts, Inc. -> Electronic Arts)

R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [586896 2022-06-27] (Plex, Inc. -> Plex, Inc.)

R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]

R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [789072 2022-07-25] (Bitdefender SRL -> Bitdefender)

S2 Radarr; C:\ProgramData\Radarr\bin\radarr.console.exe [259584 2022-12-11] (radarr.video) [File not signed]

R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [1994664 2022-10-25] (Razer USA Ltd. -> Razer Inc.)

R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [485296 2022-11-04] (Razer USA Ltd. -> Razer Inc.)

R2 Razer Chroma Stream Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzChromaStreamServer.exe [1354192 2022-10-12] (Razer USA Ltd. -> Razer Inc.)

R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [254224 2021-11-15] (Razer USA Ltd. -> Razer Inc)

R2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [300552 2022-12-12] (Razer USA Ltd. -> Razer Inc.)

R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [537912 2022-10-24] (Razer USA Ltd. -> Razer Inc.)

S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [224184 2022-12-15] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)

R2 Surfshark Antivirus; C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe [441416 2022-02-01] (Surfshark B.V. -> Surfshark)

R2 Surfshark Service; C:\Program Files (x86)\Surfshark\Surfshark.Service.exe [3317832 2022-05-06] (Surfshark B.V. -> Surfshark)

R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [280088 2022-12-06] (Bitdefender SRL -> Bitdefender)

R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [821784 2022-12-06] (Bitdefender SRL -> Bitdefender)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.231\WsAppService.exe [493792 2017-10-24] (Wondershare Technology Co.,Ltd -> Wondershare)

S3 BraveElevationService; "C:\Program Files\BraveSoftware\Brave-Browser\Application\108.1.46.144\elevation_service.exe" [X]

R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_6fd074e02d655c70\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_6fd074e02d655c70\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [5118384 2022-10-07] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender S.R.L. Bucharest, ROMANIA)

R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [798128 2022-11-10] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)

S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [22976 2020-12-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)

R0 bdprivmon; C:\WINDOWS\System32\DRIVERS\bdprivmon.sys [33208 2022-03-02] (Microsoft Windows Hardware Compatibility Publisher -> © Bitdefender SRL)

S3 bduefiscan; C:\WINDOWS\system32\DRIVERS\bduefiscan.sys [55864 2022-01-27] (Bitdefender SRL -> Bitdefender)

R1 BDVEDISK; C:\WINDOWS\system32\DRIVERS\bdvedisk.sys [96616 2020-05-28] (Bitdefender SRL -> BitDefender)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]

S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]

R3 CEUSBAudioSrv; C:\WINDOWS\System32\drivers\ceusbaud.sys [142944 2019-07-24] (CEntrance Inc. -> CEntrance, Inc.)

S3 CLVirtualBus01; C:\WINDOWS\System32\drivers\CLVirtualBus01.sys [103176 2014-11-05] (CyberLink Corp. -> CyberLink)

R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-11-27] (Disc Soft Ltd -> Disc Soft Ltd)

R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-11-27] (Disc Soft Ltd -> Disc Soft Ltd)

R0 Gemma; C:\WINDOWS\System32\DRIVERS\gemma.sys [1274296 2022-09-23] (Microsoft Windows Hardware Compatibility Publisher -> BitDefender S.R.L. Bucharest, ROMANIA)

R2 Ignis; C:\WINDOWS\system32\DRIVERS\ignis.sys [185312 2020-12-14] (Bitdefender SRL -> Bitdefender)

R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)

R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2018-10-05] (Logitech Inc -> Logitech Inc.)

S3 LGSHidFilt; C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys [64280 2018-10-05] (Logitech -> Logitech Inc.)

R3 mullvad-split-tunnel; C:\Program Files\Mullvad VPN\resources\mullvad-split-tunnel.sys [90736 2022-10-14] (Mullvad VPN AB -> Mullvad VPN AB)

R3 MullvadWireGuard; C:\WINDOWS\System32\drivers\mullvad-wireguard.sys [498664 2022-06-01] (Mullvad VPN AB -> WireGuard LLC)

R3 NTIOLib_CC_Clock; C:\Program Files (x86)\MSI\MSI Center\Lib\NTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)

R3 NTIOLib_CC_COMM; C:\Program Files (x86)\MSI\MSI Center\Lib\SYS\NTIOLib_X64.sys [28480 2022-04-27] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)

R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48552 2021-10-31] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)

S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [19936 2010-04-09] (MT SOLUTION LTD -> )

S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [13280 2010-04-09] (MT SOLUTION LTD -> )

R3 RzCommon; C:\WINDOWS\System32\drivers\RzCommon.sys [64168 2022-08-18] (Razer USA Ltd. -> Razer Inc)

S3 RzDev_007a; C:\WINDOWS\System32\drivers\RzDev_007a.sys [54152 2020-08-24] (Razer USA Ltd. -> Razer Inc)

S3 RzDev_007e; C:\WINDOWS\System32\drivers\RzDev_007e.sys [54152 2020-08-24] (Razer USA Ltd. -> Razer Inc)

R3 RzDev_0094; C:\WINDOWS\System32\drivers\RzDev_0094.sys [55376 2021-01-21] (Razer USA Ltd. -> Razer Inc)

S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166760 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)

R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2017-07-28] (Valve Corp. -> )

R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2017-07-21] (Valve Corp. -> )

S3 SurfsharkSplitTunnelDriver; C:\Program Files (x86)\Surfshark\Resources\x64\SurfsharkSplitTunnelCalloutDriver.sys [39648 2022-02-01] (Microsoft Windows Hardware Compatibility Publisher -> )

R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)

S3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)

R3 tapsurfshark; C:\WINDOWS\System32\drivers\tapsurfshark.sys [38728 2019-05-22] (WDKTestCert Lenovo,131775874531219913 -> The OpenVPN Project)

R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [633264 2022-06-07] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)

R0 vlflt; C:\WINDOWS\System32\DRIVERS\vlflt.sys [480184 2022-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)

S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

S3 wintun; C:\WINDOWS\system32\DRIVERS\wintun.sys [29592 2022-11-24] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)

S3 wintunshark; C:\WINDOWS\system32\DRIVERS\wintunshark.sys [31096 2020-09-17] (WDKTestCert nikod,132409123292239223 -> Surfshark Ltd)

S3 WireGuard; C:\WINDOWS\System32\drivers\wireguard.sys [489368 2022-02-20] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)

U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-12-27 20:55 - 2022-12-27 20:56 - 000058313 _____ C:\Users\harsh\Desktop\FRST.txt

2022-12-27 20:55 - 2022-12-27 20:55 - 000000000 ____D C:\FRST

2022-12-27 20:54 - 2022-12-27 20:54 - 002375680 _____ (Farbar) C:\Users\harsh\Desktop\FRST64.exe

2022-12-27 19:57 - 2022-12-27 19:57 - 000003210 _____ C:\WINDOWS\system32\Tasks\MSI_GamebarConnect

2022-12-27 19:57 - 2022-12-27 19:57 - 000003192 _____ C:\WINDOWS\system32\Tasks\MSI_GamebarTool

2022-12-27 19:57 - 2022-12-27 19:57 - 000003102 _____ C:\WINDOWS\system32\Tasks\MSI_TraceFPS

2022-12-27 19:06 - 2022-12-27 19:06 - 000093744 _____ C:\Users\harsh\Desktop\MAS_1.7_Password_1234.7z

2022-12-27 18:56 - 2022-12-27 18:56 - 000000000 ____D C:\Users\harsh\AppData\Roaming\mqoakadlqc

2022-12-27 18:56 - 2022-12-27 18:56 - 000000000 ____D C:\Users\harsh\AppData\Roaming\823AB58C055CC937

2022-12-26 22:23 - 2022-12-26 22:23 - 000003218 _____ C:\WINDOWS\system32\Tasks\MSI Task Host - FixNorton.exe

2022-12-26 22:23 - 2022-05-16 17:23 - 000013576 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\acpimof.dll

2022-12-26 22:22 - 2022-12-27 20:32 - 000000000 ____D C:\MSI

2022-12-26 22:22 - 2022-12-27 19:57 - 000000000 ____D C:\ProgramData\MSI

2022-12-26 22:22 - 2022-12-27 18:45 - 000000000 ____D C:\Program Files (x86)\MSI

2022-12-26 22:22 - 2022-12-26 22:22 - 000000000 ____D C:\Users\harsh\AppData\Local\Downloaded Installations

2022-12-26 19:51 - 2022-12-26 19:51 - 000000000 ___HD C:\$WinREAgent

2022-12-26 19:48 - 2022-12-26 19:48 - 000001383 _____ C:\Users\harsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk

2022-12-26 19:48 - 2022-12-26 19:48 - 000000000 ____D C:\Users\harsh\AppData\Local\PCHealthCheck

2022-12-24 21:54 - 2022-12-24 21:54 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_UsbXhciCompanion_02_23_00.Wdf

2022-12-24 21:37 - 2022-12-24 21:37 - 000154374 _____ C:\Users\harsh\Desktop\favorites_12_24_22.html

2022-12-13 21:34 - 2022-12-17 19:38 - 000000000 ____D C:\Program Files\Mozilla Firefox

2022-12-12 19:24 - 2022-12-12 19:24 - 395969368 _____ C:\Users\harsh\Desktop\IPCC_AR6_WGII_FullReport.pdf

2022-12-10 00:14 - 2022-12-10 00:14 - 000000000 ____D C:\Users\harsh\AppData\Roaming\UserBenchmark

2022-12-08 23:15 - 2022-12-08 23:21 - 001532620 _____ C:\WINDOWS\Minidump\120822-16000-01.dmp

2022-12-05 21:00 - 2022-12-05 21:00 - 000092026 _____ C:\Users\harsh\Desktop\Orders & Purchases.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-12-27 20:47 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2022-12-27 20:39 - 2017-10-25 16:02 - 000000000 ____D C:\Users\harsh\AppData\LocalLow\Mozilla

2022-12-27 20:39 - 2017-10-22 20:09 - 000000000 ____D C:\ProgramData\NVIDIA

2022-12-27 20:38 - 2021-02-26 23:33 - 000840602 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2022-12-27 20:38 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF

2022-12-27 20:34 - 2017-10-22 20:31 - 000000000 ____D C:\Program Files (x86)\Google

2022-12-27 20:32 - 2022-05-31 20:33 - 000000000 ____D C:\Users\harsh\AppData\Local\Mullvad VPN

2022-12-27 20:32 - 2022-05-31 20:32 - 000000000 ____D C:\ProgramData\Mullvad VPN

2022-12-27 20:32 - 2021-11-09 20:52 - 000000000 ____D C:\Users\harsh\AppData\Roaming\Notebook

2022-12-27 20:32 - 2021-02-26 23:34 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT

2022-12-27 20:32 - 2020-11-24 00:24 - 000008192 ___SH C:\DumpStack.log.tmp

2022-12-27 20:21 - 2019-12-07 04:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI

2022-12-27 18:56 - 2022-03-23 18:34 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla

2022-12-27 18:55 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness

2022-12-27 18:45 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps

2022-12-27 18:45 - 2018-07-17 15:20 - 000000000 ____D C:\ProgramData\Packages

2022-12-27 18:45 - 2017-10-22 20:04 - 000000000 ____D C:\Users\harsh\AppData\Local\Packages

2022-12-27 18:41 - 2021-02-26 23:34 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA

2022-12-27 18:41 - 2021-02-26 23:34 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore

2022-12-26 23:14 - 2021-02-26 23:22 - 000000000 ____D C:\WINDOWS\system32\SleepStudy

2022-12-26 22:59 - 2020-11-18 22:06 - 000000000 ____D C:\Users\harsh\AppData\Roaming\discord

2022-12-26 22:35 - 2020-11-18 22:06 - 000000000 ____D C:\Users\harsh\AppData\Local\Discord

2022-12-26 22:22 - 2021-02-26 23:24 - 000000000 ____D C:\Users\harsh

2022-12-26 21:04 - 2021-11-15 22:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer

2022-12-26 21:04 - 2021-11-15 22:04 - 000000000 ____D C:\Program Files (x86)\Razer Chroma SDK

2022-12-26 21:04 - 2020-11-21 18:50 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools

2022-12-26 21:03 - 2021-04-18 17:43 - 000002364 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk

2022-12-26 21:03 - 2020-06-20 17:39 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk

2022-12-26 21:03 - 2019-12-07 04:03 - 000065536 _____ C:\WINDOWS\system32\config\ELAM

2022-12-26 21:03 - 2017-10-22 20:32 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2022-12-26 19:53 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp

2022-12-24 21:53 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep

2022-12-24 21:53 - 2019-05-04 16:41 - 000000000 ____D C:\ProgramData\Radarr

2022-12-24 21:53 - 2018-03-02 19:08 - 000000000 ____D C:\Program Files\CCleaner

2022-12-22 20:31 - 2021-05-20 20:57 - 000000000 ____D C:\Users\harsh\AppData\Roaming\Playnite

2022-12-22 19:33 - 2021-05-20 20:51 - 000000000 ____D C:\Users\harsh\AppData\Local\Playnite

2022-12-20 19:07 - 2018-03-30 15:48 - 000004109 _____ C:\Users\harsh\Desktop\bach.txt

2022-12-20 18:52 - 2021-02-26 23:34 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update

2022-12-17 19:51 - 2017-10-31 17:48 - 000000000 ____D C:\Program Files\Microsoft Office

2022-12-17 19:49 - 2017-11-06 16:30 - 000000000 ____D C:\Users\harsh\AppData\Local\CrashDumps

2022-12-17 19:39 - 2021-02-26 23:22 - 000451032 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2022-12-17 19:38 - 2017-10-25 16:02 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2022-12-17 19:37 - 2019-12-07 04:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection

2022-12-17 19:37 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\UNP

2022-12-17 19:37 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata

2022-12-17 19:37 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV

2022-12-17 19:37 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT

2022-12-17 19:37 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE

2022-12-17 19:37 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX

2022-12-17 19:37 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism

2022-12-17 19:37 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources

2022-12-17 19:37 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemApps

2022-12-17 19:37 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata

2022-12-17 19:37 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV

2022-12-17 19:37 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT

2022-12-17 19:37 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\et-EE

2022-12-17 19:37 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\es-MX

2022-12-17 19:37 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism

2022-12-17 19:37 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\Provisioning

2022-12-17 19:37 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr

2022-12-17 19:37 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Common Files\System

2022-12-16 00:11 - 2020-07-21 23:48 - 000000000 ____D C:\Users\harsh\AppData\Roaming\DMCache

2022-12-15 19:46 - 2021-02-26 23:23 - 003014656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll

2022-12-15 19:25 - 2021-12-12 22:35 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-4124628483-520521852-4121828158-1001

2022-12-15 19:25 - 2021-02-26 23:34 - 000003364 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4124628483-520521852-4121828158-1001

2022-12-15 19:25 - 2021-02-26 23:24 - 000002417 _____ C:\Users\harsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2022-12-15 19:24 - 2017-10-22 20:20 - 000000000 ____D C:\WINDOWS\system32\MRT

2022-12-15 19:14 - 2017-10-22 20:20 - 148633544 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2022-12-14 13:04 - 2017-10-25 16:02 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk

2022-12-13 21:19 - 2021-11-09 20:52 - 000000000 ____D C:\Program Files\Notebook

2022-12-11 22:44 - 2022-03-23 18:34 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38

2022-12-08 23:15 - 2021-03-09 21:26 - 000000000 ____D C:\WINDOWS\Minidump

2022-12-08 23:15 - 2020-03-09 17:41 - 1011404536 _____ C:\WINDOWS\MEMORY.DMP

2022-12-05 23:26 - 2018-10-17 15:33 - 000000000 ____D C:\Users\harsh\AppData\Local\D3DSCache

2022-12-05 23:21 - 2017-10-22 20:12 - 000000000 ____D C:\Users\harsh\AppData\Local\PlaceholderTileLogoFolder

==================== Files in the root of some directories ========

2020-01-30 21:29 - 2020-01-30 21:29 - 000000132 _____ () C:\Users\harsh\AppData\Roaming\Adobe PNG Format CS6 Prefs

2018-01-28 17:54 - 2021-10-29 18:41 - 000001075 _____ () C:\Users\harsh\AppData\Roaming\SAS7_000.DAT

2020-03-20 17:59 - 2020-03-20 17:59 - 000001456 _____ () C:\Users\harsh\AppData\Local\Adobe Save for Web 13.0 Prefs

2019-06-05 18:14 - 2019-06-05 18:16 - 008107202 _____ () C:\Users\harsh\AppData\Local\F.bmp

2019-06-23 20:25 - 2019-06-23 21:04 - 000000128 _____ () C:\Users\harsh\AppData\Local\PUTTY.RND

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-12-2022

Ran by harsh (27-12-2022 20:56:27)

Running from C:\Users\harsh\Desktop

Microsoft Windows 10 Pro Version 22H2 19045.2364 (X64) (2021-02-27 04:34:22)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-4124628483-520521852-4121828158-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-4124628483-520521852-4121828158-503 - Limited - Disabled)

Guest (S-1-5-21-4124628483-520521852-4121828158-501 - Limited - Disabled)

harsh (S-1-5-21-4124628483-520521852-4121828158-1001 - Administrator - Enabled) => C:\Users\harsh

HomeGroupUser$ (S-1-5-21-4124628483-520521852-4121828158-1002 - Limited - Enabled)

WDAGUtilityAccount (S-1-5-21-4124628483-520521852-4121828158-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Up to date) {840E1EB8-082E-3D95-EAAA-FD11CF357A26}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Bitdefender Firewall (Enabled) {BC359F9D-4241-3CCD-C1F5-542431E63D5D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\uTorrent) (Version: 3.5.5.45231 - BitTorrent Inc.)

64 Bit HP CIO Components Installer (HKLM\...\{345F3F90-0505-4EDF-B7A9-5E3AC1AC6CE4}) (Version: 15.2.1 - Hewlett-Packard) Hidden

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)

Accessibility Insights for Android 2022.411.12 (HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\b1d3e4b8-caae-5590-b21b-0cdd04c6063c) (Version: 2022.411.12 - )

adbLink version 3.6 (HKLM-x32\...\{05CF1DD3-4A94-4219-B176-BB1796680A6C}_is1) (Version: 3.6 - jocala.com)

Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 22.003.20282 - Adobe)

Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601032}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden

Amazon Games (HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\{4DD10B06-78A4-4E6F-AA39-25E9C38FA568}) (Version: 2.0.4983.3 - Amazon.com Services, Inc.)

Amazon Music (HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\Amazon Amazon Music) (Version: 8.1.1.2233 - Amazon.com Services LLC)

ApowerMirror version 1.5.9.4 (HKLM-x32\...\{a9482532-9c34-478c-80c3-85bdccbb981f}_is1) (Version: 1.5.9.4 - APOWERSOFT LIMITED)

Apple Application Support (32-bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)

Assassin's Creed Brotherhood version 1.03 (HKLM-x32\...\{D785301A-D163-4288-9BCB-D795579C318D}_is1) (Version: 1.03 - UBISoft)

Bandicam (HKLM-x32\...\Bandicam) (Version: 4.0.1.1339 - Bandicam.com)

Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandicam.com)

Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)

Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.478.0 - Microsoft Corporation)

Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 26.0.1.233 - Bitdefender)

Bitdefender Internet Security (HKLM\...\Bitdefender) (Version: 25.0.26.89 - Bitdefender)

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 108.1.46.144 - Brave Software Inc)

CCleaner (HKLM\...\CCleaner) (Version: 5.45 - Piriform)

CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.8.6795 - CDBurnerXP)

CEntrance Universal Audio Driver (HKLM\...\CEntrance Universal Audio Driver) (Version: 8.0.2 - CEntrance)

Charles 4.2.7 (HKLM\...\{D55CB120-51B4-4975-BF4A-BDE2DC7025A2}) (Version: 4.2.7.4 - XK72 Ltd)

CPUID HWMonitor 1.35 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.35 - CPUID, Inc.)

DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.8.0.0401 - Disc Soft Ltd)

Discord (HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\Discord) (Version: 0.0.310 - Discord Inc.)

Divinity: Original Sin 2 - Definitive Edition (HKLM-x32\...\1584823040_is1) (Version: 3.6.117.3735 - GOG.com)

Divinity: Original Sin 2 - Sir Lora (HKLM-x32\...\1326441817_is1) (Version: 3.6.117.3735 - GOG.com)

Dragon 15 (HKLM-x32\...\{768AC460-237E-45B6-99B8-1DE6D0F391E8}) (Version: 15.00.000 - Nuance Communications Inc.)

Dynalist 1.0.6 (HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\1e78cdbc-7a18-5e02-93fd-c98dee19d9b8) (Version: 1.0.6 - Dynalist Inc.)

Epic Games Launcher (HKLM-x32\...\{53041896-BE90-4A26-9954-9E9FDC7D4495}) (Version: 1.1.229.0 - Epic Games, Inc.)

Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden

Epic Online Services (HKLM-x32\...\{32C68D93-D32F-4B01-8250-61642BFC22F8}) (Version: 2.0.28.0 - Epic Games, Inc.)

f.lux (HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\Flux) (Version: - f.lux Software LLC)

Feather Wallet version 1.0.1 (HKLM\...\{E3C599C7-4DF1-49F2-9C35-918A288677A4}_is1) (Version: 1.0.1 - Feather Wallet)

FileZilla Client 3.42.1 (HKLM-x32\...\FileZilla Client) (Version: 3.42.1 - Tim Kosse)

Final Fantasy X X-2 HD Remaster (HKLM-x32\...\Final Fantasy X X-2 HD Remaster_is1) (Version: - )

FoneLab Android Data Recovery 3.0.20 (HKLM-x32\...\{9D4E5CFB-1923-4ff6-9305-0E5AF9430AF0}_is1) (Version: 3.0.20 - FoneLab)

Frostpunk (HKLM-x32\...\Frostpunk_is1) (Version: - )

GOG GALAXY (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 108.0.5359.125 - Google LLC)

Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.101.0 - Google LLC) Hidden

Grammarly Editor (HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\GrammarlyForWindows) (Version: 1.5.81 - Grammarly)

Hot Virtual Keyboard (HKLM\...\{0F896F26-E9C0-4331-BB90-28CDDA490C93}_is1) (Version: 8.5.0.0 - Comfort Software Group)

Internet Download Manager 6.37.14 (HKLM-x32\...\Internet Download Manager_is1) (Version: 6.37.14 - lrepacks.ru)

iTunes (HKLM\...\{94E81D4F-FB5A-4B29-B385-33896CC9BE7E}) (Version: 12.7.0.166 - Apple Inc.)

Java 8 Update 351 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180351F0}) (Version: 8.0.3510.10 - Oracle Corporation)

LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)

Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden

Ledger Live 1.4.1 (HKLM\...\c62032b2-0bca-5abc-b458-fd67cfc9e49b) (Version: 1.4.1 - Ledger)

Ledger Wallet Ripple version 1.0.2 (HKLM-x32\...\{2A226916-F20B-403D-B564-F2CF5CF8CEF8}_is1) (Version: 1.0.2 - Ledger)

Logitech Capture (HKLM\...\Capture) (Version: 2.00.226 - Logitech)

Logitech Gaming Software 9.02 (HKLM\...\Logitech Gaming Software) (Version: 9.02.65 - Logitech Inc.)

Microsoft .NET Core Host - 3.1.8 (x64) (HKLM\...\{D375EE6D-18EF-4EC9-8260-555DEB0EE4EC}) (Version: 24.96.29220 - Microsoft Corporation) Hidden

Microsoft .NET Core Host FX Resolver - 3.1.8 (x64) (HKLM\...\{907E0A78-B4DF-4E35-9878-FEE2F22B6852}) (Version: 24.96.29220 - Microsoft Corporation) Hidden

Microsoft .NET Core Runtime - 3.1.8 (x64) (HKLM\...\{912B84A5-61CC-4308-B244-5C34C2C02899}) (Version: 24.96.29220 - Microsoft Corporation) Hidden

Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 108.0.1462.54 - Microsoft Corporation)

Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 108.0.1462.54 - Microsoft Corporation)

Microsoft Excel 2016 - en-us (HKLM\...\ExcelRetail - en-us) (Version: 16.0.15831.20208 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\OneDriveSetup.exe) (Version: 22.238.1114.0002 - Microsoft Corporation)

Microsoft PowerPoint 2016 - en-us (HKLM\...\PowerPointRetail - en-us) (Version: 16.0.15831.20208 - Microsoft Corporation)

Microsoft Project - en-us (HKLM\...\ProjectProRetail - en-us) (Version: 16.0.15831.20208 - Microsoft Corporation)

Microsoft Update Health Tools (HKLM\...\{80F1AF52-7AC0-42A3-9AF0-689BFB271D1D}) (Version: 3.68.0.0 - Microsoft Corporation)

Microsoft Visio - en-us (HKLM\...\VisioProRetail - en-us) (Version: 16.0.15831.20208 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.4053 False (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.42 False (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2005 Redistributable - x86 8.0.51011 False (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2005 Redistributable - x86 8.0.56336 False (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2005 Redistributable - x86 8.0.57103 False (HKLM-x32\...\{d8fea624-4f2c-432d-9a54-6eee9cd1a77e}) (Version: 8.0.57103 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2005 Redistributable - x86 8.0.58299 False (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2005 Redistributable - x86 8.0.59193 False (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29913 (HKLM-x32\...\{855e31d2-9031-46e1-b06d-c9d7777deefb}) (Version: 14.28.29913.0 - Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30139 (HKLM-x32\...\{8d5fdf81-7022-423f-bd8b-b513a1050ae1}) (Version: 14.29.30139.0 - Microsoft Corporation)

Microsoft Visual C++ 2019 X64 Additional Runtime - 14.28.29913 (HKLM\...\{620A7633-7A09-42A8-8580-076A4483C4B0}) (Version: 14.28.29913 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.28.29913 (HKLM\...\{EECDD137-13DA-46ED-ADA0-BDF7F8BE65B8}) (Version: 14.28.29913 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2019 X86 Additional Runtime - 14.29.30139 (HKLM-x32\...\{1AEA8854-7597-4CD3-948F-8DE364D94E07}) (Version: 14.29.30139 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.29.30139 (HKLM-x32\...\{1679EF65-55F3-4248-B91E-6B3BE1A69CDF}) (Version: 14.29.30139 - Microsoft Corporation) Hidden

Microsoft Windows Desktop Runtime - 3.1.8 (x64) (HKLM\...\{F3871724-6A58-425C-8E4C-4A54935AA68F}) (Version: 24.96.29220 - Microsoft Corporation) Hidden

Microsoft Windows Desktop Runtime - 3.1.8 (x64) (HKLM-x32\...\{3e04c2ef-ccc7-4fe6-a32f-f36572af0f42}) (Version: 3.1.8.29220 - Microsoft Corporation)

Microsoft Word 2016 - en-us (HKLM\...\WordRetail - en-us) (Version: 16.0.15831.20208 - Microsoft Corporation)

mIRC (HKLM-x32\...\mIRC) (Version: 7.51 - mIRC Co. Ltd.)

Moonlight Game Streaming Client (HKLM\...\{8FF7F460-D0B2-429A-AB0E-31431A07EFB0}) (Version: 3.1.3.0 - Moonlight Game Streaming Project) Hidden

Moonlight Game Streaming Client (HKLM-x32\...\{87675f73-8bcb-44b1-a7e2-c748c5694545}) (Version: 3.1.3.0 - Moonlight Game Streaming Project)

Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 108.0 (x64 en-US)) (Version: 108.0 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 98.0.2 - Mozilla)

Mp3tag v3.04a (HKLM-x32\...\Mp3tag) (Version: 3.04a - Florian Heidenreich)

MSI Center SDK (HKLM-x32\...\{15289038-41BE-48F8-B8B9-0B1021D3089E}}_is1) (Version: 3.2022.1202.01 - MSI)

Mullvad VPN 2022.5.0 (HKLM\...\2A356FD4-03B7-4F45-99B4-737BE580DC82) (Version: 2022.5.0 - Mullvad VPN)

Nero 2018 Full Repack (HKLM\...\NMMS19) (Version: - )

Notebook 2.0.4 (HKLM\...\07e74316-82bc-58bb-a564-e9fc8e1a4b1c) (Version: 2.0.4 - Zoho Corp)

NVIDIA FrameView SDK 1.2.7704.31296923 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.2.7704.31296923 - NVIDIA Corporation)

NVIDIA GeForce Experience 3.24.0.135 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.24.0.135 - NVIDIA Corporation)

NVIDIA GeForce NOW 2.0.16.148 (HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GeforceNOW) (Version: 2.0.16.148 - NVIDIA Corporation)

NVIDIA Graphics Driver 473.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 473.81 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)

NZBGet (HKLM-x32\...\NZBGet) (Version: - Andrey Prygunkov)

O&O Defrag Professional (HKLM\...\{50C961A1-889F-4A4E-9587-2772A45B6AAD}) (Version: 18.0.39 - O&O Software GmbH)

OBS Studio (HKLM-x32\...\OBS Studio) (Version: 27.0.1 - OBS Project)

Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15831.20184 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden

Origin (HKLM-x32\...\Origin) (Version: 10.5.110.50000 - Electronic Arts, Inc.)

Partition Wizard Professional Edition 5.0 (HKLM-x32\...\{6BF3C41E-F498-430A-A41E-EEDB5FA2A8B9}_is1) (Version: - MT Solution Ltd.)

Playnite (HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\Playnite_is1) (Version: 10.9 - Josef Nemec)

Plex Media Server (HKLM-x32\...\{25d7c7bc-288b-4d8a-81bc-4baac9712931}) (Version: 1.27.2.5929 - Plex, Inc.)

Plex Media Server (HKLM-x32\...\{C37711DC-ABFD-4374-88A8-A1858EC25B61}) (Version: 1.27.2929 - Plex, Inc.) Hidden

Quip (HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\Quip) (Version: 7.48.0 - Quip)

Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.7.1209.121307 - Razer Inc.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)

Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)

Screencast-O-Matic v2.0 (HKLM-x32\...\Screencast-O-Matic v2.0) (Version: v2-1.8 - Screencast-O-Matic)

Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)

Standard Notes 3.0.15 (only current user) (HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\774f2290-3906-58eb-baae-35b0dc01c31e) (Version: 3.0.15 - Standard Notes)

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

Stopping Plex (HKLM-x32\...\{6F6FA125-A737-436B-AB8C-AD668E2D25D1}) (Version: 1.27.2929 - Plex, Inc.) Hidden

SuperNova Player (HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\TacticsTechnologySuperNova) (Version: - )

Surfshark (HKLM-x32\...\{BC644B76-D9CF-46F8-B333-F67B14FCE815}) (Version: 3.6.0999 - Surfshark) Hidden

Surfshark (HKLM-x32\...\Surfshark 3.6.0999) (Version: 3.6.0999 - Surfshark)

Surfshark TAP Driver Windows (HKLM-x32\...\{EBB4BEDA-92A8-4477-A529-FE48400DE9D7}) (Version: 1.0 - Surfshark)

Syncios Mobile Manager 7.0.6 (HKLM-x32\...\Syncios Mobile Manager) (Version: 7.0.6 - Syncios)

Syncios Toolkit 1.1.0 (HKLM-x32\...\Syncios Toolkit) (Version: 1.1.0 - Syncios)

TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )

Telegram Desktop version 1.5.15 (HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.5.15 - Telegram Messenger LLP)

The.Elder.Scrolls.V.Skyrim.Legendary.Edition.With.update1.9+ALLDLCs version 1.9 (HKLM-x32\...\{7EA5FBA1-6235-4458-878C-4811617C03D4}}_is1) (Version: 1.9 - Ali213.net)

thinkorswim (HKLM\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)

Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 124.2.10565 - Ubisoft)

Universal Adb Driver (HKLM-x32\...\{C0E08D8D-6076-4117-B644-2AF34F35B757}) (Version: 1.0.4 - ClockworkMod)

Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{82BD0A1C-815F-487F-9AE7-CE73DA413CFF}) (Version: 4.91.0.0 - Microsoft Corporation)

UsenetWire (HKLM\...\{B710BA5B-CB04-4DFA-9130-D83E307517B4}) (Version: 2.8.10 - UsenetWire)

VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)

Vysor (HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\Vysor) (Version: 2.2.2 - ClockworkMod)

Web Launch Recorder (HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\WebLaunchRecorder) (Version: 2.0 - )

Winamp (HKLM-x32\...\Winamp) (Version: 5.90 - Winamp SA)

Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)

Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)

Windows PC Health Check (HKLM\...\{804A0628-543B-4984-896C-F58BF6A54832}) (Version: 3.7.2204.15001 - Microsoft Corporation)

WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

Wise Auto Shutdown 1.6.5 (HKLM-x32\...\Wise Auto Shutdown_is1) (Version: 1.6.5 - WiseCleaner.com, Inc.)

YouTube Music (HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\8f40e403496042219b0fd5f71110422a) (Version: 1.0 - YouTube Music)

Zoom (HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\ZoomUMX) (Version: 5.7.7 (1105) - Zoom Video Communications, Inc.)

Packages:

=========

BitPay for Windows -> C:\Program Files\WindowsApps\18C7659D.BitPayforWindows_12.12.2.0_x64__tq51jcq72mbzw [2022-07-30] (BitPay Inc.)

Emby Theater -> C:\Program Files\WindowsApps\EmbyMedia.EmbyTheater_1.1.464.0_neutral__svmepx4c03f7m [2022-12-17] (Emby LLC)

Kodi -> C:\Program Files\WindowsApps\XBMCFoundation.Kodi_19.90.955.0_x64__4n2hpmxwrvr6p [2022-12-23] (XBMC Foundation)

Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-02-26] (Microsoft Corporation) [MS Ad]

Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-02-26] (Microsoft Corporation) [MS Ad]

Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_52.11129.457.0_x64__8wekyb3d8bbwe [2022-12-04] (Microsoft Corporation)

MSI Center -> C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.MSICenter_1.0.67.0_x64__kzh8wxbdkxb8p [2022-12-26] (MICRO-STAR INTERNATIONAL CO., LTD) [Startup Task]

MSI Game Bar -> C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.MSIGameBar_2.0.6.0_x64__kzh8wxbdkxb8p [2022-12-27] (MICRO-STAR INTERNATIONAL CO., LTD)

NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.963.0_x64__56jybvy8sckqj [2022-10-20] (NVIDIA Corp.)

Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-12-05] (Microsoft Corporation)

Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.15.12020.0_x64__8wekyb3d8bbwe [2022-12-09] (Microsoft Studios) [MS Ad]

YouTube Music -> C:\Program Files\WindowsApps\music.youtube.com-9F558962_1.0.0.1_neutral__vezhnr0wkvrcy [2021-05-13] (music.youtube.com)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4124628483-520521852-4121828158-1001_Classes\CLSID\{46406D82-6EC0-47CC-8A75-1F33C6DEDBBE}\InprocServer32 -> C:\Users\harsh\AppData\Local\Google\Update\1.3.35.442\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-4124628483-520521852-4121828158-1001_Classes\CLSID\{540C17A8-04F2-4B66-95D7-B2FEF9A19B54}\InprocServer32 -> C:\Users\harsh\AppData\Local\Google\Update\1.3.35.422\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-4124628483-520521852-4121828158-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\harsh\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-4124628483-520521852-4121828158-1001_Classes\CLSID\{6D264B70-DA18-401D-910C-B202D89670C6}\InprocServer32 -> C:\Users\harsh\AppData\Local\Google\Update\1.3.36.32\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-4124628483-520521852-4121828158-1001_Classes\CLSID\{84EB3779-151B-4C71-AEF0-A0FEE9481401}\InprocServer32 -> C:\Users\harsh\AppData\Local\Google\Update\1.3.35.342\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-4124628483-520521852-4121828158-1001_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5}\InprocServer32 -> C:\Users\harsh\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-4124628483-520521852-4121828158-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\harsh\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-4124628483-520521852-4121828158-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\harsh\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-4124628483-520521852-4121828158-1001_Classes\CLSID\{CA919489-0396-4164-A6E7-94CDED45A707}\InprocServer32 -> C:\Users\harsh\AppData\Local\Google\Update\1.3.36.52\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-4124628483-520521852-4121828158-1001_Classes\CLSID\{DEDF773D-E27B-485E-8E7D-85C5B0EB5A67}\InprocServer32 -> C:\Users\harsh\AppData\Local\Google\Update\1.3.36.72\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-4124628483-520521852-4121828158-1001_Classes\CLSID\{E9E7529D-7F09-410B-AF2A-CC154473B19C}\InprocServer32 -> C:\Users\harsh\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-4124628483-520521852-4121828158-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\harsh\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-4124628483-520521852-4121828158-1001_Classes\CLSID\{EF076C91-DC9E-43E3-84ED-3D219E065A4F}\InprocServer32 -> C:\Users\harsh\AppData\Local\Google\Update\1.3.35.303\psuser_64.dll => No File

ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2019-05-02] (Tonec Inc. -> Tonec Inc.)

ShellIconOverlayIdentifiers-x32: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2019-05-02] (Tonec Inc. -> Tonec Inc.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]

ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2020-11-27] (Florian Heidenreich) [File not signed]

ContextMenuHandlers1: [OODefrag] -> {48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} => C:\Program Files\OO Software\Defrag\oodsh.dll [2014-08-29] (O&O Software GmbH -> O&O Software GmbH)

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-03-21] (AVB Disc Soft, SIA -> Disc Soft Ltd)

ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2020-11-27] (Florian Heidenreich) [File not signed]

ContextMenuHandlers2: [OODefrag] -> {48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} => C:\Program Files\OO Software\Defrag\oodsh.dll [2014-08-29] (O&O Software GmbH -> O&O Software GmbH)

ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-03-21] (AVB Disc Soft, SIA -> Disc Soft Ltd)

ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]

ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2020-11-27] (Florian Heidenreich) [File not signed]

ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_6fd074e02d655c70\nvshext.dll [2022-07-14] (Nvidia Corporation -> NVIDIA Corporation)

ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]

ContextMenuHandlers6: [OODefrag] -> {48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} => C:\Program Files\OO Software\Defrag\oodsh.dll [2014-08-29] (O&O Software GmbH -> O&O Software GmbH)

ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.i420] => lvcod64.dll

HKLM\...\Drivers32: [vidc.mjpg] => C:\WINDOWS\system32\bdmjpeg64.dll [75248 2017-01-26] (Bandicam Company -> )

HKLM\...\Drivers32: [vidc.mpeg] => C:\WINDOWS\system32\bdmpegv64.dll [75272 2017-01-26] (Bandicam Company -> )

HKLM\...\Drivers32: [msacm.bdmpeg] => C:\WINDOWS\system32\bdmpega64.acm [75784 2017-01-26] (Bandicam Company -> )

HKLM\...\Drivers32-x32: [vidc.i420] => lvcodec2.dll

HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\SysWOW64\bdmjpeg.dll [71152 2017-01-26] (Bandicam Company -> )

HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\SysWOW64\bdmpegv.dll [71176 2017-01-26] (Bandicam Company -> )

HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\SysWOW64\bdmpega.acm [71176 2017-01-26] (Bandicam Company -> )

HKLM\...\Drivers32: [msacm.pspgru] => C:\Windows\SysWOW64\pspgru.acm [401920 2010-03-22] (Philips Austria GmbH - Speech Processing) [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\harsh\AppData\Local\NVIDIA Corporation\Shield Apps\GS Playnite 1440p.lnk -> C:\Users\harsh\AppData\Local\Playnite\gamestream\GS Playnite 1440p.bat ()

Shortcut: C:\Users\harsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Playnite\Safe Mode.lnk -> C:\Users\harsh\AppData\Local\Playnite\Safe Mode.bat ()

Shortcut: C:\Users\harsh\AppData\Roaming\Microsoft\Windows\Start Menu\Emby\Emby Server Dashboard.lnk -> hxxp://localhost:8096/web/dashboard.htm

ShortcutWithArgument: C:\Users\harsh\Desktop\ledger\Ledger Manager.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=beimhnaefocolcplfimocfiaiefpkgbf

ShortcutWithArgument: C:\Users\harsh\Desktop\ledger\Ledger Wallet Bitcoin.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=kkdpmhnladdopljabkgpacgpliggeeaf

ShortcutWithArgument: C:\Users\harsh\Desktop\ledger\Ledger Wallet Ethereum.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=hmlhkialjkaldndjnlcdfdphcgeadkkm

ShortcutWithArgument: C:\Users\harsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YouTube Music.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=cinhimbnkkaeohfgghhklpknlkffjgod --app-url=hxxps://music.youtube.com/?source=pwa

ShortcutWithArgument: C:\Users\harsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi

ShortcutWithArgument: C:\Users\harsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Ledger Manager (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=beimhnaefocolcplfimocfiaiefpkgbf

ShortcutWithArgument: C:\Users\harsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Ledger Manager.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=beimhnaefocolcplfimocfiaiefpkgbf

ShortcutWithArgument: C:\Users\harsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Ledger Wallet Bitcoin (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=kkdpmhnladdopljabkgpacgpliggeeaf

ShortcutWithArgument: C:\Users\harsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Ledger Wallet Bitcoin.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=kkdpmhnladdopljabkgpacgpliggeeaf

ShortcutWithArgument: C:\Users\harsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Ledger Wallet Ethereum (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=hmlhkialjkaldndjnlcdfdphcgeadkkm

ShortcutWithArgument: C:\Users\harsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Ledger Wallet Ethereum.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=hmlhkialjkaldndjnlcdfdphcgeadkkm

==================== Loaded Modules (Whitelisted) =============

2022-10-24 00:03 - 2022-08-08 22:52 - 001427968 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.Core.Runtime.dll

2022-02-01 01:41 - 2022-02-01 01:41 - 000263680 _____ () [File not signed] C:\Program Files (x86)\Surfshark\Resources\x64\Surfshark.Firewall.dll

2021-10-27 04:41 - 2021-10-27 04:41 - 001601536 _____ () [File not signed] C:\Program Files (x86)\Surfshark\runtimes\win-x64\native\e_sqlite3.dll

2021-10-27 04:41 - 2021-10-27 04:41 - 001207296 _____ () [File not signed] C:\Program Files (x86)\Surfshark\runtimes\win-x86\native\e_sqlite3.dll

2022-10-22 21:27 - 2022-10-14 06:03 - 002789888 _____ () [File not signed] C:\Program Files\Mullvad VPN\ffmpeg.dll

2022-10-22 21:27 - 2022-10-14 06:03 - 000471040 _____ () [File not signed] C:\Program Files\Mullvad VPN\libegl.dll

2022-10-22 21:27 - 2022-10-14 06:03 - 007179264 _____ () [File not signed] C:\Program Files\Mullvad VPN\libglesv2.dll

2022-10-22 21:27 - 2022-10-14 06:03 - 004759552 _____ () [File not signed] C:\Program Files\Mullvad VPN\vk_swiftshader.dll

2022-07-29 20:47 - 2022-12-11 01:48 - 002338304 _____ () [File not signed] C:\Program Files\Notebook\ffmpeg.dll

2020-11-27 13:25 - 2020-11-27 13:25 - 000398336 _____ (Florian Heidenreich) [File not signed] C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll

2013-05-16 05:52 - 2013-05-16 05:52 - 000050688 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll

2013-05-16 05:52 - 2013-05-16 05:52 - 000066048 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll

2019-05-07 16:50 - 2019-02-21 11:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll

2018-04-12 14:55 - 2017-09-27 16:30 - 000489984 _____ (Newtonsoft) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.4.3.231\Newtonsoft.Json.dll

2018-04-12 14:55 - 2017-10-24 17:03 - 000088064 _____ (Wondershare) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.4.3.231\WsAppCollect.dll

2018-04-12 14:55 - 2017-10-24 17:03 - 000200192 _____ (Wondershare) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.4.3.231\WsAppCommon.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =

BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2020-01-21] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)

BHO: Bitdefender Trackers Blocking -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:\Program Files\Bitdefender\Bitdefender Security\bdtbie.dll [2022-12-06] (Bitdefender SRL -> Bitdefender)

BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2022-12-06] (Bitdefender SRL -> Bitdefender)

BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> F:\Programs\NaturallySpeaking15\Program\x64\dgnriaie_x64.dll [2017-02-13] (Nuance Communications, Inc. -> Nuance Communications, Inc.)

BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2020-01-21] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)

BHO-x32: Bitdefender Trackers Blocking -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:\Program Files\Bitdefender\Bitdefender Security\antispam32\bdtbie.dll [2022-12-06] (Bitdefender SRL -> Bitdefender)

BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2022-12-06] (Bitdefender SRL -> Bitdefender)

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)

BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> F:\Programs\NaturallySpeaking15\Program\dgnriaie.dll [2017-02-13] (Nuance Communications, Inc. -> Nuance Communications, Inc.)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_351\bin\ssv.dll [2022-10-19] (Oracle America, Inc. -> Oracle Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_351\bin\jp2ssv.dll [2022-10-19] (Oracle America, Inc. -> Oracle Corporation)

Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2022-12-06] (Bitdefender SRL -> Bitdefender)

Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2022-12-06] (Bitdefender SRL -> Bitdefender)

Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-12-10] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-12-10] (Microsoft Corporation -> Microsoft Corporation)

Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-12-10] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-12-10] (Microsoft Corporation -> Microsoft Corporation)

Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-12-10] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-12-10] (Microsoft Corporation -> Microsoft Corporation)

Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-12-10] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-12-10] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\localhost -> localhost

IE trusted site: HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\sharepoint.com -> hxxps://scarletmailrutgers-files.sharepoint.com

IE trusted site: HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2021-04-30 17:23 - 000000849 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Razer Chroma SDK\bin;C:\Program Files\Razer Chroma SDK\bin;C:\Program Files (x86)\Razer\ChromaBroadcast\bin;C:\Program Files\Razer\ChromaBroadcast\bin;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\harsh\AppData\Local\Microsoft\WindowsApps;C:\adb;C:\WINDOWS\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\WindowsApps;C:\Program Files\dotnet\;C:\Program Files\Mullvad VPN\resources

HKU\S-1-5-21-4124628483-520521852-4121828158-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\harsh\Desktop\bay_10-wallpaper-2560x1440.jpg

DNS Servers: 100.64.0.4 - 192.168.1.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )

HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "O&O Defrag Tray.lnk"

HKLM\...\StartupApproved\Run: => "SecurityHealth"

HKLM\...\StartupApproved\Run: => "iTunesHelper"

HKLM\...\StartupApproved\Run: => "OODefragTray"

HKLM\...\StartupApproved\Run32: => "ISUSPM"

HKLM\...\StartupApproved\Run32: => "DNS7reminder"

HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\StartupApproved\StartupFolder: => "Emby Server.lnk"

HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\StartupApproved\Run: => "Amazon Music Helper"

HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\StartupApproved\Run: => "ISUSPM"

HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"

HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\StartupApproved\Run: => "Google Update"

HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

HKU\S-1-5-21-4124628483-520521852-4121828158-1001\...\StartupApproved\Run: => "Chromium"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{EFC0426C-E88C-400F-B135-8A086AA09E5D}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Winamp SA -> Winamp SA)

FirewallRules: [{EEBD0146-806B-4921-9A7D-A0BFB75D57B2}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Winamp SA -> Winamp SA)

FirewallRules: [{0F9E2FE0-CB32-46DA-A2C1-33E56789E1F8}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\84.0.522.15\msedgewebview2.exe => No File

FirewallRules: [{7A86B0E7-34AF-4AC2-8F23-0F75EEF2E0BD}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\84.0.522.11\msedgewebview2.exe => No File

FirewallRules: [{FE93A87C-4620-4C2A-9F7D-4B77591FA9D3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)

FirewallRules: [{974B7DEE-C780-42F9-81AA-60760C6C7388}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)

FirewallRules: [UDP Query User{5EB40991-E5B7-4B2C-B594-934CE82C78EF}F:\games\age of empires ii definitive edition\battleserver\battleserver.exe] => (Block) F:\games\age of empires ii definitive edition\battleserver\battleserver.exe => No File

FirewallRules: [TCP Query User{BFDE45B1-7E09-4EE0-8822-7B95C8E5F5DC}F:\games\age of empires ii definitive edition\battleserver\battleserver.exe] => (Block) F:\games\age of empires ii definitive edition\battleserver\battleserver.exe => No File

FirewallRules: [UDP Query User{D2393624-3B2A-40B7-993B-B64EA193ECF3}F:\games\age of empires ii definitive edition\aoe2de_s.exe] => (Block) F:\games\age of empires ii definitive edition\aoe2de_s.exe => No File

FirewallRules: [TCP Query User{D5FBE313-2A2D-4CCB-8CB9-86842DF4B8E9}F:\games\age of empires ii definitive edition\aoe2de_s.exe] => (Block) F:\games\age of empires ii definitive edition\aoe2de_s.exe => No File

FirewallRules: [{6CFBC5A0-1AA1-46D1-9E64-A6009B6807D7}] => (Block) C:\program files (x86)\plex\plex media server\plex dlna server.exe (Plex, Inc. -> Plex, Inc.)

FirewallRules: [{D35C4C4B-CC4A-4760-9237-63857F194149}] => (Block) C:\program files (x86)\plex\plex media server\plex dlna server.exe (Plex, Inc. -> Plex, Inc.)

FirewallRules: [UDP Query User{9540BBE9-C9A0-4176-A784-231461233600}C:\program files (x86)\plex\plex media server\plex dlna server.exe] => (Allow) C:\program files (x86)\plex\plex media server\plex dlna server.exe (Plex, Inc. -> Plex, Inc.)

FirewallRules: [TCP Query User{6A66964B-36A4-46A6-BD90-3BFF9FDA5090}C:\program files (x86)\plex\plex media server\plex dlna server.exe] => (Allow) C:\program files (x86)\plex\plex media server\plex dlna server.exe (Plex, Inc. -> Plex, Inc.)

FirewallRules: [{0094C266-AED0-4F3E-B722-C747E6557FFF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)

FirewallRules: [{4B1D1F68-66AF-4A3E-92AF-7BFE7C2812C0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)

FirewallRules: [UDP Query User{45210016-3B88-4609-B11F-74C617BFB5F9}C:\users\harsh\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\harsh\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)

FirewallRules: [TCP Query User{D4C71F5D-B34E-4E85-B0A3-20242B87F413}C:\users\harsh\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\harsh\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)

FirewallRules: [{F2EFBF88-602E-4293-B13D-1C0DFE4A2BAC}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)

FirewallRules: [{F7B7A786-1CEA-4896-B588-761B11EAD63A}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)

FirewallRules: [{CCFFE5AF-477B-4A63-91C3-A7DCDE74B8D8}] => (Block) F:\Games\Final Fantasy X X-2 HD Remaster\FFX&X-2_LAUNCHER.exe (SQUARE ENIX CO., LTD.) [File not signed]

FirewallRules: [{6D1898BA-9DFD-43B8-A3A3-DE3F8767B027}] => (Block) F:\Games\Final Fantasy X X-2 HD Remaster\FFX&X-2_Will.exe (SQUARE ENIX CO., LTD.) [File not signed]

FirewallRules: [{3D441925-2E83-4164-8C48-E36AD91F6446}] => (Block) F:\Games\Final Fantasy X X-2 HD Remaster\FFX-2.exe (SQUARE ENIX CO., LTD.) [File not signed]

FirewallRules: [{D036D169-AE80-44D9-8C48-B568622EABF1}] => (Block) F:\Games\Final Fantasy X X-2 HD Remaster\FFX.exe (SQUARE ENIX CO., LTD.) [File not signed]

FirewallRules: [{B1528368-50A8-4075-A93F-CAB958D2E382}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

FirewallRules: [{1D22EA7F-7F58-49D8-BA86-918D1DFAA3EB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

FirewallRules: [{5297A3C5-9FFF-40C1-A448-41E8D3D80331}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File

FirewallRules: [{288E80B4-2CA8-438C-B712-2FC953AC5E84}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File

FirewallRules: [{3C0A5393-B87A-4C62-84B3-1BD6D8393F32}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)

FirewallRules: [{E56E1928-5753-4513-A044-AA56DB7ED87B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)

FirewallRules: [TCP Query User{C2095805-122B-4A73-8BC6-C673B3DD8D52}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)

FirewallRules: [UDP Query User{BB001495-21F6-49BC-B83E-73E93313D17F}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)

FirewallRules: [TCP Query User{2F6CFC32-826F-4128-8667-FD882AB81C87}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe (mIRC Co. Ltd. -> mIRC Co. Ltd.)

FirewallRules: [UDP Query User{84791016-318F-43C3-9EF1-E5A81E72A26C}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe (mIRC Co. Ltd. -> mIRC Co. Ltd.)

FirewallRules: [{AA5E0A55-779A-4F1E-ABAE-07F13BBD08E7}] => (Block) C:\program files (x86)\mirc\mirc.exe (mIRC Co. Ltd. -> mIRC Co. Ltd.)

FirewallRules: [{8B760EBF-7AE0-4C9C-94ED-A46740434597}] => (Block) C:\program files (x86)\mirc\mirc.exe (mIRC Co. Ltd. -> mIRC Co. Ltd.)

FirewallRules: [{639D1C84-24FC-41F6-80D1-ACC1272D6D3A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe => No File

FirewallRules: [{396B4085-4ECF-4388-8562-7DC244DFBD34}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe => No File

FirewallRules: [TCP Query User{CEAFCE55-2BB3-46F1-9F7A-EA77541911E5}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe => No File

FirewallRules: [UDP Query User{5BFE243A-2BCA-44E5-A085-FF5F84A53E2A}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe => No File

FirewallRules: [{178208C8-A49E-4308-B96E-B0101ADDE9FB}] => (Block) C:\program files (x86)\airdroid\airdroid.exe => No File

FirewallRules: [{AAFC7C38-A906-45B8-9B01-9B97E82FDB41}] => (Block) C:\program files (x86)\airdroid\airdroid.exe => No File

FirewallRules: [{7332F0F9-1470-47DF-92F3-0E232BFE3422}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerManager\ApowerManager.exe => No File

FirewallRules: [{D6C4139F-3556-4C79-A975-AC571FB247C8}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerManager\ApowerManager.exe => No File

FirewallRules: [{8FBB281D-2501-482C-BCBC-56E5BBFB7BEA}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerManager\ApowerManagerCoreServices.exe => No File

FirewallRules: [{7C3CF98C-0D1A-462B-BC3B-808CFB4A3739}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerManager\ApowerManagerCoreServices.exe => No File

FirewallRules: [TCP Query User{7554F064-F6F8-40B4-98BC-96481C355E0D}C:\program files (x86)\nero\nero 2018\nero burning rom\nero.exe] => (Allow) C:\program files (x86)\nero\nero 2018\nero burning rom\nero.exe (Nero AG -> Nero AG)

FirewallRules: [UDP Query User{C3E8929D-8E19-46E6-B738-53F6A0AF1954}C:\program files (x86)\nero\nero 2018\nero burning rom\nero.exe] => (Allow) C:\program files (x86)\nero\nero 2018\nero burning rom\nero.exe (Nero AG -> Nero AG)

FirewallRules: [{5B3F2DD9-2CE9-4C1F-A801-E4894EAC9481}] => (Block) C:\program files (x86)\nero\nero 2018\nero burning rom\nero.exe (Nero AG -> Nero AG)

FirewallRules: [{12FBD7A9-9696-4C24-836F-DBD52C3588EC}] => (Block) C:\program files (x86)\nero\nero 2018\nero burning rom\nero.exe (Nero AG -> Nero AG)

FirewallRules: [TCP Query User{B10B5EED-E0E1-4F93-A9D3-75D5C35F5AE6}C:\program files (x86)\common files\oracle\java\javapath_target_154970437\java.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_154970437\java.exe => No File

FirewallRules: [UDP Query User{2FCA24D2-CB74-47F6-9122-ECCA3BC326CB}C:\program files (x86)\common files\oracle\java\javapath_target_154970437\java.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_154970437\java.exe => No File

FirewallRules: [{ABFC6E9E-1D1E-469C-A2F6-C7AB725A1D73}] => (Block) C:\program files (x86)\common files\oracle\java\javapath_target_154970437\java.exe => No File

FirewallRules: [{D2B9E4F0-8C95-456A-AE04-46E622605A7D}] => (Block) C:\program files (x86)\common files\oracle\java\javapath_target_154970437\java.exe => No File

FirewallRules: [TCP Query User{27D798DB-3737-40C5-8CC6-701F24609122}C:\program files\nzbget\nzbget.exe] => (Block) C:\program files\nzbget\nzbget.exe () [File not signed]

FirewallRules: [UDP Query User{7D46F2C4-2270-4A59-BA7B-7C87462BBDED}C:\program files\nzbget\nzbget.exe] => (Block) C:\program files\nzbget\nzbget.exe () [File not signed]

FirewallRules: [{F745DDCE-09DE-4BB4-888B-A1CD7FE294D0}] => (Allow) LPort=7878

FirewallRules: [TCP Query User{FD0E6B8F-9A61-496A-9F56-649ACC1181B3}C:\users\harsh\appdata\local\nvidia corporation\geforcenow\cef\geforcenowstreamer.exe] => (Allow) C:\users\harsh\appdata\local\nvidia corporation\geforcenow\cef\geforcenowstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [UDP Query User{BF7B0CC8-B63B-4132-A8F0-BB7487C797C5}C:\users\harsh\appdata\local\nvidia corporation\geforcenow\cef\geforcenowstreamer.exe] => (Allow) C:\users\harsh\appdata\local\nvidia corporation\geforcenow\cef\geforcenowstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{5E13BB74-1B2A-4DA8-AEBC-7BC33C971C18}] => (Allow) LPort=7359

FirewallRules: [{C8CA20A4-EE59-4199-ACAC-AB887E662CCF}] => (Allow) LPort=8096

FirewallRules: [{B7EB6E9C-51F1-4221-B211-B8C20A9756B8}] => (Allow) LPort=8920

FirewallRules: [{E1256D1E-D987-4FE6-B6F3-822721EFEF6E}] => (Allow) C:\Users\harsh\AppData\Roaming\Emby-Server\system\EmbyServer.dll (Emby) [File not signed]

FirewallRules: [{FBF4D382-4382-4781-9A40-B14BE8A9A042}] => (Allow) C:\Users\harsh\AppData\Roaming\Emby-Server\system\EmbyServer.dll (Emby) [File not signed]

FirewallRules: [{DF080E36-977F-4548-B2EB-E8EA51CBBF25}] => (Allow) C:\Users\harsh\AppData\Roaming\Emby-Server\system\EmbyServer.dll (Emby) [File not signed]

FirewallRules: [{43EA575F-D787-45C3-8DA3-FA3150B0D3D4}] => (Allow) C:\Users\harsh\AppData\Roaming\Emby-Server\system\EmbyServer.dll (Emby) [File not signed]

FirewallRules: [TCP Query User{C1703088-1718-429B-A512-07ED8E9C5B1B}C:\users\harsh\appdata\roaming\emby-server\system\embyserver.exe] => (Allow) C:\users\harsh\appdata\roaming\emby-server\system\embyserver.exe (Emby LLC -> Emby) [File not signed]

FirewallRules: [UDP Query User{8377F668-A4EA-48F7-AD1B-2A6CE706AA87}C:\users\harsh\appdata\roaming\emby-server\system\embyserver.exe] => (Allow) C:\users\harsh\appdata\roaming\emby-server\system\embyserver.exe (Emby LLC -> Emby) [File not signed]

FirewallRules: [TCP Query User{BD29BE68-D998-4B64-9321-3FC02914DC72}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)

FirewallRules: [UDP Query User{E22AD66F-0AF5-4C14-92F7-CEE1A378A931}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)

FirewallRules: [{68D7CD78-E7FF-4302-B7FB-CD3D5F0D6DBA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{EDBDA55D-1AFC-4ADA-9054-7FF2BAD1DF42}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{AAA86B14-2D8E-4E98-A01F-5E8A0C1DC8F4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{E5E59987-A3C8-43EE-BE1A-951A865CCB1C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [TCP Query User{FD3AD6E1-6C9B-436C-AB0A-DEC4B837FE37}C:\users\harsh\appdata\local\vysor\app-2.1.2\vysor.exe] => (Allow) C:\users\harsh\appdata\local\vysor\app-2.1.2\vysor.exe (ClockworkMod) [File not signed]

FirewallRules: [UDP Query User{FF823940-8BBD-44F4-9EB3-444212877E9B}C:\users\harsh\appdata\local\vysor\app-2.1.2\vysor.exe] => (Allow) C:\users\harsh\appdata\local\vysor\app-2.1.2\vysor.exe (ClockworkMod) [File not signed]

FirewallRules: [{F1A7000D-2B81-4411-8712-67814C758D67}] => (Block) C:\users\harsh\appdata\local\vysor\app-2.1.2\vysor.exe (ClockworkMod) [File not signed]

FirewallRules: [{B19071EC-F96A-480B-88E7-7A31BAD85763}] => (Block) C:\users\harsh\appdata\local\vysor\app-2.1.2\vysor.exe (ClockworkMod) [File not signed]

FirewallRules: [{57A4022A-9278-4A65-B80E-729D3953D93E}] => (Allow) C:\Program Files\Trust.Zone VPN Client\trustzone_x64.exe => No File

FirewallRules: [{50E0539A-4FAB-49AC-A708-2F375CB74C7A}] => (Allow) C:\Program Files\Trust.Zone VPN Client\trustzone.exe => No File

FirewallRules: [{84BB068A-B9BB-4C2A-BA9F-AD520EA5D4BC}] => (Allow) C:\Program Files\Trust.Zone VPN Client\tzclient.exe => No File

FirewallRules: [{98C4E964-FC97-4240-BEE0-76EBA730DDFF}] => (Allow) C:\Program Files\Trust.Zone VPN Client\tzclient_x64.exe => No File

FirewallRules: [{C8C69CE3-92DC-45EE-A9EF-DF9A37646AAA}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe (Apowersoft Ltd -> Apowersoft)

FirewallRules: [{99FE37E9-E6D3-4EBE-AB6A-825762FB10FA}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe (Apowersoft Ltd -> Apowersoft)

FirewallRules: [{B2385446-AA7B-412E-BB9B-D86FEE9EBEB6}] => (Allow) C:\Program Files\Moonlight Game Streaming\Moonlight.exe (Cameron Gutman -> Moonlight Game Streaming Project)

FirewallRules: [{427B912E-C8BD-4344-BFF3-499718FE7DA6}] => (Allow) C:\Users\harsh\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

FirewallRules: [{2203F5E0-D342-4589-A52B-E08FD67FC3B5}] => (Allow) C:\Users\harsh\AppData\Roaming\Zoom\bin\airhost.exe => No File

FirewallRules: [{CCA4AF97-0B48-4DA7-B814-7736E3E54734}] => (Allow) C:\Users\harsh\AppData\Roaming\Zoom\bin\airhost.exe => No File

FirewallRules: [{EF894820-5A62-4E4E-96C4-05FC8D1C005B}] => (Allow) C:\Program Files (x86)\Syncios\Syncios Mobile Manager\Syncios Mobile Manager.exe (Anvsoft Inc. -> Syncios)

FirewallRules: [{BF7905D9-2ED9-4380-A641-40CE21345582}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)

FirewallRules: [{9DBEEB04-6F3F-429E-A7A0-2D8595689B52}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)

FirewallRules: [{5012C5C9-9B21-45F6-9091-351470349E0F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)

FirewallRules: [{06BF8391-E1C6-44B1-8BEF-2B6C40592790}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)

FirewallRules: [{9023AFAA-D042-4A44-85F6-ACE5A96EFEEF}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc. -> Plex, Inc.)

FirewallRules: [{E1EC03A9-8377-49B6-ABA1-7A9E116EA0DF}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe (Plex, Inc. -> )

FirewallRules: [{10D38CD5-7DA1-4762-B43A-738C23B6D2B0}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe (Plex, Inc. -> Plex, Inc.)

FirewallRules: [{7726A7DA-9150-4976-B37D-86CEE144D861}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe (Plex, Inc. -> )

FirewallRules: [{3A8A0FB0-7563-46BE-B9C0-5E2287142F59}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Game Transcoder\Plex Game Transcoder.exe (Plex, Inc. -> )

FirewallRules: [{1C62B292-9BD9-42AC-9126-902E7D90208C}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)

FirewallRules: [{70813800-CBB5-4133-8947-4C8ACB535925}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3204.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{277B28A4-01A0-4353-B05E-DC97F6D7D75F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3204.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{2B625C0A-8EF6-4102-A7F5-DBEAB9A1F2F1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3204.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{E4A676BB-2D07-4B65-AF1A-6AEB15F44339}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3204.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{9ED7B737-A460-4D59-AD62-E1942A0E09A2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

FirewallRules: [{69F4198E-EB91-479B-A936-92B4A21030F4}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\108.0.1462.54\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{4CC20964-1A8F-49FB-B05E-45AD7F8B9D35}] => (Allow) LPort=32683

FirewallRules: [{91C0BC09-990D-4237-9280-18B5D1C4C476}] => (Allow) LPort=26822

==================== Restore Points =========================

15-12-2022 19:24:57 Windows Modules Installer

24-12-2022 19:24:12 Scheduled Checkpoint

26-12-2022 19:48:12 Installed Windows PC Health Check

==================== Faulty Device Manager Devices ============

Name: PCI Device

Description: PCI Device

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device

Description: Base System Device

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM Bus Controller

Description: SM Bus Controller

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:

Description:

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: ========================

Application errors:

==================

Error: (12/27/2022 06:47:04 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: harsh-PC)

Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).

Error: (12/27/2022 06:41:17 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )

Description: License Activation (slui.exe) failed with the following error code:

hr=0x803F7001

Command-line arguments:

RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (12/27/2022 06:41:16 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )

Description: License Activation (slui.exe) failed with the following error code:

hr=0x803F7001

Command-line arguments:

RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (12/27/2022 06:41:16 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )

Description: License Activation (slui.exe) failed with the following error code:

hr=0xC0EA000A

Command-line arguments:

RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=2

Error: (12/26/2022 11:15:22 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )

Description: License Activation (slui.exe) failed with the following error code:

hr=0x803F7001

Command-line arguments:

RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (12/26/2022 11:15:22 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )

Description: License Activation (slui.exe) failed with the following error code:

hr=0x803F7001

Command-line arguments:

RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (12/26/2022 10:17:32 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )

Description: License Activation (slui.exe) failed with the following error code:

hr=0x803F7001

Command-line arguments:

RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (12/26/2022 09:03:37 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )

Description: License Activation (slui.exe) failed with the following error code:

hr=0x803F7001

Command-line arguments:

RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable

System errors:

=============

Error: (12/27/2022 08:32:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Radarr service failed to start due to the following error:

The service did not respond to the start or control request in a timely fashion.

Error: (12/27/2022 08:32:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (45000 milliseconds) while waiting for the Radarr service to connect.

Error: (12/27/2022 08:32:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (45000 milliseconds) while waiting for the BingDesktopUpdate service to connect.

Error: (12/27/2022 08:32:09 PM) (Source: TPM) (EventID: 15) (User: NT AUTHORITY)

Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.

Error: (12/27/2022 08:21:18 PM) (Source: DCOM) (EventID: 10010) (User: harsh-PC)

Description: The server {5F7F3F7B-1177-4D4B-B1DB-BC6F671B8F25} did not register with DCOM within the required timeout.

Error: (12/27/2022 08:21:18 PM) (Source: DCOM) (EventID: 10010) (User: harsh-PC)

Description: The server {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} did not register with DCOM within the required timeout.

Error: (12/27/2022 06:41:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Mullvad VPN Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 3000 milliseconds: Restart the service.

Error: (12/27/2022 06:41:03 PM) (Source: Service Control Manager) (EventID: 7024) (User: )

Description: The Mullvad VPN Service service terminated with the following service-specific error:

Incorrect function.

CodeIntegrity:

===============

Date: 2022-12-27 20:50:36

Description:

Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files\HotVirtualKeyboard\hvkh64.dll that did not meet the Microsoft signing level requirements.

Date: 2022-12-27 20:42:27

Description:

Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Mullvad VPN\Mullvad VPN.exe) attempted to load \Device\HarddiskVolume3\Program Files\HotVirtualKeyboard\hvkh64.dll that did not meet the Microsoft signing level requirements.

Date: 2022-12-27 20:35:46

Description:

Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender Security\bdamsi\266169003402645883\antimalware_provider64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends International, LLC. 1.10 03/04/2022

Motherboard: Micro-Star International Co., Ltd. PRO B660-A DDR4 (MS-7D59)

Processor: 12th Gen Intel® Core™ i3-12100F

Percentage of memory in use: 49%

Total physical RAM: 16241.4 MB

Available physical RAM: 8241.95 MB

Total Virtual: 32241.4 MB

Available Virtual: 22765.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.27 GB) (Free:83.96 GB) (Model: Samsung SSD 850 EVO 250GB) NTFS

Drive f: (Backup 2) (Fixed) (Total:931.51 GB) (Free:83.39 GB) (Model: SAMSUNG HD103SJ) NTFS

Drive g: (Backup 3) (Fixed) (Total:76.69 GB) (Free:76.52 GB) (Model: HDS728080PLA380) NTFS

Drive h: (Local Disk) (Fixed) (Total:74.53 GB) (Free:37.82 GB) (Model: ST380815AS) NTFS

\\?\Volume{28b464b9-b6d7-11e7-bb6e-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

\\?\Volume{267195c0-0000-0000-0000-b0173a000000}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================

Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 433563BA)

Partition 1: (Not Active) - (Size=931.5 GB) - (Type=42)

==========================================================

Disk: 1 (MBR Code: Windows 7/8/10) (Size: 76.7 GB) (Disk ID: 000C5C0D)

Partition 1: (Not Active) - (Size=76.7 GB) - (Type=07 NTFS)

==========================================================

Disk: 2 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 267195C0)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=232.3 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=525 MB) - (Type=27)

==========================================================

Disk: 3 (MBR Code: Windows 7/8/10) (Size: 74.5 GB) (Disk ID: 400E400D)

Partition 1: (Not Active) - (Size=74.5 GB) - (Type=0F Extended)

==================== End of Addition.txt =======================

Attached Files

  • Addition.txt 71.38KB2 downloads

Edited by blade12, 27 December 2022 - 10:34 PM.

References

Top Articles
Latest Posts
Article information

Author: Patricia Veum II

Last Updated: 31/10/2023

Views: 5950

Rating: 4.3 / 5 (64 voted)

Reviews: 95% of readers found this page helpful

Author information

Name: Patricia Veum II

Birthday: 1994-12-16

Address: 2064 Little Summit, Goldieton, MS 97651-0862

Phone: +6873952696715

Job: Principal Officer

Hobby: Rafting, Cabaret, Candle making, Jigsaw puzzles, Inline skating, Magic, Graffiti

Introduction: My name is Patricia Veum II, I am a vast, combative, smiling, famous, inexpensive, zealous, sparkling person who loves writing and wants to share my knowledge and understanding with you.