Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-12-2023 Ran by Iskander (administrator) on ISKANDER-PC (31-12-2023 15:53:32) Running from F:\Downloads\FRST64 (3).exe Loaded Profiles: Iskander & postgres Platform: Microsoft Windows 10 Pro Version 20H2 19042.1706 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe (C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe (C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Creative Cloud UI Helper.exe <2> (C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe ->) (PostgreSQL Global Development Group) [File not signed] C:\Program Files\PostgreSQL\9.2\bin\postgres.exe <7> (explorer.exe ->) () [File not signed] C:\Program Files\Bitcoin\bitcoin-qt.exe (explorer.exe ->) (Antibody Software Limited -> ) C:\Program Files (x86)\WizMouse\WizMouse.exe (explorer.exe ->) (F.lux Software LLC -> f.lux Software LLC) C:\Users\Iskander\AppData\Local\FluxSoftware\Flux\flux.exe (explorer.exe ->) (Focusrite Audio Engineering, Ltd.) [File not signed] C:\Program Files\FocusriteUSB\Focusrite Notifier.exe (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7> (explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mstsc.exe (explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe (explorer.exe ->) (Vincent Burel -> VB-AUDIO Software) C:\Program Files (x86)\VB\Voicemeeter\voicemeeterpro.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <37> (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler64.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\perfmon.exe (Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (Open Source Developer, Florian Höch -> ) D:\Program Files (x86)\DisplayCAL\DisplayCAL-apply-profiles.exe (services.exe ->) () [File not signed] C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\DesktopVideoHelper.exe (services.exe ->) () [File not signed] C:\Program Files (x86)\NetTime\NetTimeService.exe (services.exe ->) () [File not signed] C:\Program Files (x86)\vMix\drivers\vMixService.exe (services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (services.exe ->) (ASROCK Incorporation -> ) D:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe (services.exe ->) (Autodesk, Inc -> Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe (services.exe ->) (Avid Technology, Inc. -> Avid Technology, Inc.) C:\Program Files\Avid\Editor Transcode\TranscodeService\AvidEditorDbEngine.exe <2> (services.exe ->) (Avid Technology, Inc. -> Avid Technology, Inc.) C:\Program Files\Avid\Editor Transcode\TranscodeService\AvidEditorMSE.exe <2> (services.exe ->) (Avid Technology, Inc. -> Avid Technology, Inc.) C:\Program Files\Avid\Editor Transcode\TranscodeService\rnc-central\AvidEditorTranscodeStatus.exe <2> (services.exe ->) (Avid Technology, Inc.) [File not signed] C:\Program Files\Avid\Pro Tools\MMERefresh.exe (services.exe ->) (Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe (services.exe ->) (Code Sector -> Code Sector) D:\Program Files\TeraCopy\TeraCopyService.exe (services.exe ->) (DEVGURU CO LTD -> DEVGURU Co., LTD.) D:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe (services.exe ->) (Dynu Systems, Inc. -> Dynu Systems, Inc.) [File not signed] D:\Program Files (x86)\Dynu Systems\Dynu IP Update Client\Dynu.Service.exe (services.exe ->) (Focusrite Audio Engineering Ltd.) [File not signed] C:\Program Files\Focusrite\Focusrite Control\Server\ControlServer.exe (services.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome Remote Desktop\121.0.6167.13\remoting_host.exe <2> (services.exe ->) (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (services.exe ->) (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (services.exe ->) (M-Audio -> M-Audio) C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2> (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2> (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_1ddf203f8d876fdf\Display.NvContainer\NVDisplay.Container.exe <2> (services.exe ->) (OpenVPN Inc. -> The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpnserv.exe (services.exe ->) (PACE Anti-Piracy, Inc. -> PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe (services.exe ->) (Parsec Cloud, Inc. -> Parsec) C:\Program Files\Parsec\pservice.exe (services.exe ->) (PostgreSQL Global Development Group) [File not signed] C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe (services.exe ->) (SafeNet, Inc. -> SafeNet Inc.) C:\Windows\System32\hasplms.exe (services.exe ->) (SafeNet, Inc. -> SafeNet, Inc) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (services.exe ->) (SafeNet, Inc. -> SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe (services.exe ->) (SafeNet, Inc.) [File not signed] C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (services.exe ->) (Symless Ltd. -> ) D:\Program Files\Synergy\synergyd.exe (services.exe ->) (Tobias Erichsen -> Tobias Erichsen) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe (services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (services.exe ->) (VMware, Inc. -> VMware, Inc.) D:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (services.exe ->) (voidtools -> voidtools) C:\Program Files\Everything\Everything.exe <2> (services.exe ->) (Wondershare Technology Group Co.,Ltd -> ) C:\ProgramData\Wondershare\wsServices\ElevationService.exe (services.exe ->) (Wondershare Technology Group Co.,Ltd -> wondershare) C:\ProgramData\Wondershare\wsServices\WsidService.exe (services.exe ->) (X-Rite Incorporated -> X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe (svchost.exe ->) () [File not signed] D:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\AsrSP.exe (svchost.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc\AdobeNotificationClient.exe (svchost.exe ->) (Adobe Systems Incorporated -> ) C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe (svchost.exe ->) (Artur Liberman -> ) D:\Program Files\Core Temp\Core Temp.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2307.4.0_x64__8wekyb3d8bbwe\CalculatorApp.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [4096992 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14021336 2015-06-18] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [Focusrite Notifier] => C:\Program Files\Focusriteusb\Focusrite Notifier.exe [5029376 2020-06-02] (Focusrite Audio Engineering, Ltd.) [File not signed] HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM\...\Run: [Blackmagic Streaming Server] => C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\BMDStreamingServer.exe [995840 2016-09-05] () [File not signed] HKLM\...\Run: [Blackmagic CheckVersion PCI] => C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\CheckVersionPCI.exe [145711152 2016-09-05] (Blackmagic Design Pty Ltd -> Blackmagic Design) HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [2265096 2023-05-26] (voidtools -> voidtools) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> ) HKLM-x32\...\Run: [Blackmagic CheckVersion] => C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\CheckVersion.exe (No File) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [1129440 2023-07-17] (Adobe Inc. -> Adobe Inc.) HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <==== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <==== ATTENTION HKU\S-1-5-21-3257870137-4252036179-3097448466-1000\...\Run: [VeraCrypt] => C:\Program Files\VeraCrypt\VeraCrypt.exe [5597840 2018-01-29] (IDRIX -> IDRIX) HKU\S-1-5-21-3257870137-4252036179-3097448466-1000\...\Run: [f.lux] => C:\Users\Iskander\AppData\Local\FluxSoftware\Flux\flux.exe [1525880 2023-05-18] (F.lux Software LLC -> f.lux Software LLC) HKU\S-1-5-21-3257870137-4252036179-3097448466-1000\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [193592 2023-08-25] (Adobe Inc. -> Adobe Inc.) HKU\S-1-5-21-3257870137-4252036179-3097448466-1000\...\Run: [OpenVPN-GUI] => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [755296 2020-09-30] (OpenVPN Inc. -> ) HKU\S-1-5-21-3257870137-4252036179-3097448466-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-3257870137-4252036179-3097448466-1000\...\Run: [WizMouse] => C:\Program Files (x86)\WizMouse\WizMouse.exe [119000 2013-09-22] (Antibody Software Limited -> ) HKU\S-1-5-21-3257870137-4252036179-3097448466-1000\...\Run: [MicrosoftEdgeAutoLaunch_D217C85F1D9EB501B802F9D74CEBEDD0] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3854280 2023-12-21] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-3257870137-4252036179-3097448466-1000\...\Run: [PopupUI] => D:\Program Files (x86)\Wondershare\Dr.Fone Virtual Location\PopupUI.exe (No File) HKU\S-1-5-21-3257870137-4252036179-3097448466-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [5553104 2023-02-14] (Adobe Inc. -> Adobe Systems Incorporated) HKU\S-1-5-21-3257870137-4252036179-3097448466-1000\...\MountPoints2: {09d9ef07-36a6-11ed-bb65-5cf3709fa23e} - "H:\HiSuiteDownLoader.exe" HKU\S-1-5-21-3257870137-4252036179-3097448466-1000\...\MountPoints2: {47a6b1b2-5ea1-11ec-bb1d-5cf370991e24} - "K:\HiSuiteDownLoader.exe" HKU\S-1-5-21-3257870137-4252036179-3097448466-1000\...\MountPoints2: {63ce3df1-c750-11ea-906e-5cf370991e24} - "K:\HiSuiteDownLoader.exe" HKU\S-1-5-21-3257870137-4252036179-3097448466-1000\...\MountPoints2: {990da62b-0683-11ed-bb49-5cf3709fa23e} - "H:\HiSuiteDownLoader.exe" HKU\S-1-5-21-3257870137-4252036179-3097448466-1000\...\MountPoints2: {dd022671-0ffd-11ec-bade-5cf370991e24} - "G:\OInstall.exe" HKU\S-1-5-21-3257870137-4252036179-3097448466-1000\...\MountPoints2: {eb405b53-6223-11eb-ba70-d0509967c341} - "G:\HiSuiteDownLoader.exe" HKU\S-1-5-21-3257870137-4252036179-3097448466-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [39936 2019-12-07] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Print\Monitors\Adobe PDF Port Monitor: c:\windows\system32\AdobePDF.dll [203936 2021-12-24] (Adobe Inc. -> Adobe Systems Inc) HKLM\Software\...\AppCompatFlags\Custom\H3Blade.exe: [{62a24b39-0106-4990-90ea-3a09e9dda7a6}.sdb] -> HoMM III Compatibility Database HKLM\Software\...\AppCompatFlags\Custom\Heroes3.exe: [{62a24b39-0106-4990-90ea-3a09e9dda7a6}.sdb] -> HoMM III Compatibility Database HKLM\Software\...\AppCompatFlags\InstalledSDB\{62a24b39-0106-4990-90ea-3a09e9dda7a6}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{62a24b39-0106-4990-90ea-3a09e9dda7a6}.sdb [2022-12-28] HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\120.0.6099.130\Installer\chrmstp.exe [2023-12-27] (Google LLC -> Google LLC) HKLM\Software\...\Authentication\Credential Providers: [{3AFAB1A7-F3DB-4DED-B51B-25E34D21D798}] -> c:\windows\system32\USBKeyCredentialProvider.dll [2014-07-31] (ASROCK Incorporation -> ) Lsa: [Notification Packages] scecli D:\Program Files\ASUS\Bluetooth Software\BtwProximityCP.dll Startup: C:\Users\Iskander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1427216864196.png [2015-03-24] () [File not signed] Startup: C:\Users\Iskander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\14272168641962.png [2017-07-23] () [File not signed] Startup: C:\Users\Iskander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Voicemeeter (VB-Audio).LNK [2021-07-18] ShortcutTarget: Voicemeeter (VB-Audio).LNK -> C:\Program Files (x86)\VB\Voicemeeter\voicemeeterpro.exe (Vincent Burel -> VB-AUDIO Software) GroupPolicy: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {C727D991-7BEA-4FB1-9660-4F12762D78D0} - System32\Tasks\ACC => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [446432 2023-07-17] (Adobe Inc. -> Adobe Inc.) Task: {1BB0F2BB-613E-474D-9AF6-FBE88317319C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1566200 2023-09-20] (Adobe Inc. -> Adobe Inc.) Task: {F6DFB2FA-01C1-4EE2-A089-690018D3648F} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [4096992 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {0D85563B-FBF4-4A8A-9DC7-61D6FA761512} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [4434400 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {38FAD577-4D67-4100-8052-C65CBD0DDA60} - System32\Tasks\AsrSP.exe => D:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\AsrSP.exe [2646528 2014-12-02] () [File not signed] Task: {DEB4016F-0DC5-4291-A435-C3CE00D1975B} - System32\Tasks\Core Temp Autostart Iskander => D:\Program Files\Core Temp\Core Temp.exe [891344 2016-02-21] (Artur Liberman -> ) Task: {A7713CC6-136C-4F9D-A93F-DABFCF6F64EF} - System32\Tasks\DisplayCAL Profile Loader Launcher => D:\Program Files (x86)\DisplayCAL\DisplayCAL-apply-profiles-launcher.exe [178120 2019-12-14] (Open Source Developer, Florian Höch -> ) Task: {D7C94432-5AC1-4FCB-90B9-4D65562BE144} - System32\Tasks\DisplayCAL Profile Loader Launcher - Daily Restart => D:\Program Files (x86)\DisplayCAL\DisplayCAL-apply-profiles-launcher.exe [178120 2019-12-14] (Open Source Developer, Florian Höch -> ) Task: {1D6B38BF-BEA2-49D6-97AB-7A4DF82425BF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-20] (Google LLC -> Google LLC) Task: {13BBE082-7DB8-4F28-9071-155BDC1FE003} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-20] (Google LLC -> Google LLC) Task: {CD22112C-EFAD-4827-BE64-C383B0FF9E22} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [855352 2016-02-19] (Intel(R) Trusted Connect Service -> Intel(R) Corporation) Task: {81AC4E71-BD90-4F8E-9361-F9C646F4F144} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21865360 2023-07-25] (Microsoft Corporation -> Microsoft Corporation) Task: {1AC06BB2-B0C7-4C1B-A390-C781E6EC15A9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21865360 2023-07-25] (Microsoft Corporation -> Microsoft Corporation) Task: {127E2110-3AB5-4238-9D2E-F285CF75AC39} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141248 2023-08-03] (Microsoft Corporation -> Microsoft Corporation) Task: {6C8AC857-9144-4DC3-8D82-46CB4201AB50} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141248 2023-08-03] (Microsoft Corporation -> Microsoft Corporation) Task: {E7DACFB5-D6EB-4C91-8FA9-3B611598EEC1} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe [73176 2023-04-15] (Microsoft Corporation -> Microsoft) Task: {A557BB39-81DD-4870-8F41-819A356BD5A6} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E} Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40b4-8963-D3C761B18371} Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A} Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47c2-B62A-B7C4CED925CB} Task: {3EC2E20A-FD4C-4EF9-81F0-D12289A71608} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316} Task: {094A1A74-4AD4-41CF-B0B6-3A9D9B3D30FB} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61} Task: {51F201B1-8A2C-4493-8977-AB7472B03096} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1} Task: {4E776642-00AF-4278-9628-6C7CA83D08CD} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969} Task: {31311589-948F-4824-91E2-589E07D4F94E} - System32\Tasks\Microsoft\Windows\WaaSMedic\MaintenanceWork => {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32} Task: {7645F037-3605-49A3-A3C4-249F646ABAD3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-07] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {A6858C86-9BAB-4203-9855-92BE1870A5DE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-07] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {C48A13E3-0767-45BB-B6B7-59F62C2DD469} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-07] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {F40CCB03-BAFD-49E3-9CF8-CA69F70A3227} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-07] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {4C0F23E2-7423-4AA3-BE9B-603107935685} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2023-08-05] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log Task: {D57233D2-59E0-4766-8F9A-86C237E86304} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342376 2023-08-05] (Nvidia Corporation -> NVIDIA Corporation) Task: {D9D6B588-E4C4-454D-A777-217ECD082375} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649784 2023-08-05] (NVIDIA Corporation -> NVIDIA Corporation) Task: {3095B7D2-514E-4C64-8EAF-EC30C3AD60A2} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-08-05] (NVIDIA Corporation -> NVIDIA Corporation) Task: {E68BF5BF-6A97-4D43-A560-1C58EF64E8DD} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-08-05] (NVIDIA Corporation -> NVIDIA Corporation) Task: {D27554CC-30D0-412A-A864-7D624D6D3101} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-08-05] (NVIDIA Corporation -> NVIDIA Corporation) Task: {1AB8D114-DBFE-4DC4-BCDD-25DEE280614D} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-08-05] (NVIDIA Corporation -> NVIDIA Corporation) Task: {EFB54818-03BA-47AB-84B5-DA8AAB25E8DA} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-08-05] (NVIDIA Corporation -> NVIDIA Corporation) Task: {F79FD6F2-8722-4E7D-BC5F-EE495DA02816} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-08-05] (NVIDIA Corporation -> NVIDIA Corporation) Task: {10809709-6691-4ED3-87CC-6715F0C05A8C} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Anti-Beacon immunization => D:\Program Files (x86)\Spybot Anti-Beacon\SDAntiBeacon.exe [5584920 2015-10-19] (Safer-Networking Ltd. -> Safer-Networking Ltd.) [File not signed] Task: {0747EFF2-201E-4758-8671-015CAEBB41B8} - System32\Tasks\sync time => c:\windows\system32\W32tm.exe [108032 2019-12-07] (Microsoft Windows -> Microsoft Corporation) Task: {E4C80BCB-6A48-404A-8369-B03DE4F5D19A} - System32\Tasks\X-Rite Device Services Software Updater => C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe [31656 2020-01-30] (X-Rite Incorporated -> X-Rite Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\X-Rite Device Services Software Updater.job => C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\..\Interfaces\{0F2CF23A-318C-4AA3-AAAD-F1551991E256}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{194F7395-9450-4F5A-A66E-34AB6015B33E}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{205DE2D8-AD96-4E75-BD04-9F1C0AEEE4A2}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{2C9BAFE7-EEDC-41CE-A6E9-B8DACA150075}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{51E59711-D37D-465D-9A44-E68F9BE87A1D}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{64436EED-2F0B-4EEF-B3BE-8D0BC3A6131A}: [DhcpNameServer] 10.1.5.1 Tcpip\..\Interfaces\{7B8EBCD2-E7D8-403F-8076-AC9F916B5ED9}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{7E13CE1E-926F-43DF-81C8-9F33419C2C53}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{80669DDC-BE06-4231-8994-20570CEB7238}: [NameServer] 192.168.1.1 Tcpip\..\Interfaces\{84CDD5B1-9C4E-450B-AE87-CC658ECA8B13}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{88223CCD-E15E-45C3-A4B9-827CBAB855F0}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{88CB9F8D-F556-4F99-88F0-CEF12D22EF08}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{919F8E5C-D911-4F3A-B501-145688C91B77}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{9ADF610D-D3FC-4A86-9EC3-23923128F248}: [NameServer] 192.168.2.1,8.8.8.8 Tcpip\..\Interfaces\{9BBBA971-691C-4839-B72C-E3BFCF1463D2}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{AEF84146-DD3F-40F3-9B74-CDF77DFAD784}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{BCD5AE6D-80CE-44BE-90CC-336BA977DE7C}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{C60C40C3-349A-454D-B149-F5FB1604B0D8}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{DA73A426-C3F2-4718-86CC-5FA197C7ED8E}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{E5EA3BBF-8AE5-4EEE-BEF9-4E0E994C4F32}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{E7DCD705-BD3F-46E5-842C-1DE35087AD40}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Edge: ======= Edge DefaultProfile: Profile 1 Edge Profile: C:\Users\Iskander\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2023-12-31] Edge Extension: (Google Docs Offline) - C:\Users\Iskander\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-12] Edge Extension: (Edge relevant text changes) - C:\Users\Iskander\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-15] FireFox: ======== FF DefaultProfile: 6p9e0rjm.default FF ProfilePath: C:\Users\Iskander\AppData\Roaming\Nvu\Profiles\tk48zmpv.default [2014-12-02] FF ProfilePath: C:\Users\Iskander\AppData\Roaming\Mozilla\Firefox\Profiles\6p9e0rjm.default [2021-01-31] FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2021-02-01] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-08-03] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2023-07-17] (Adobe Inc. -> Adobe Systems) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=5.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2016-03-16] (Intel(R) Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-08-03] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-02-14] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2023-07-17] (Adobe Inc. -> Adobe Systems) FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [No File] FF Plugin HKU\S-1-5-21-3257870137-4252036179-3097448466-501: SkypePlugin -> C:\Users\Gość\AppData\Local\SkypePlugin\7.5.0.127\npGatewayNpapi.dll [2015-08-02] (Microsoft Corporation -> Skype Technologies S.A.) FF Plugin HKU\S-1-5-21-3257870137-4252036179-3097448466-501: SkypePlugin64 -> C:\Users\Gość\AppData\Local\SkypePlugin\7.5.0.127\npGatewayNpapi-x64.dll [2015-08-02] (Microsoft Corporation -> Skype Technologies S.A.) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\Iskander\AppData\Local\Google\Chrome\User Data\Default [2023-12-31] CHR DownloadDir: F:\Downloads CHR Notifications: Default -> hxxps://boards.4channel.org; hxxps://flow.steinberg.net CHR StartupUrls: Default -> "hxxps://mail.google.com/mail/u/0/#inbox","hxxps://mail.google.com/mail/u/1/#inbox","hxxps://mail.google.com/mail/u/2/#inbox","hxxp://google.com/","hxxp://www.google.com/" CHR NewTab: Default -> Active:"chrome-extension://glcipcfhmopcgidicgdociohdoicpdfc/index.html" CHR Session Restore: Default -> is enabled. CHR Extension: (SQLite Viewer with Google Drive) - C:\Users\Iskander\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaeojgplhedihcdhfcgodiepddeecepl [2016-08-20] CHR Extension: (Google Translate) - C:\Users\Iskander\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2023-03-24] CHR Extension: (Duolingo on the Web) - C:\Users\Iskander\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2015-04-28] CHR Extension: (Spotify Playback Speed) - C:\Users\Iskander\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgehnoihoklmofgehcefiaicdcdgppck [2023-12-05] CHR Extension: (Netflix 1080p) - C:\Users\Iskander\AppData\Local\Google\Chrome\User Data\Default\Extensions\cankofcoohmbhfpcemhmaaeennfbnmgp [2021-12-25] CHR Extension: (uBlock Origin development build) - C:\Users\Iskander\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbcahbpdhpcegmbfconppldiemgcoii [2023-12-31] CHR Extension: (uBlock Origin) - C:\Users\Iskander\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2023-12-05] CHR Extension: (Tags for YouTube™) - C:\Users\Iskander\AppData\Local\Google\Chrome\User Data\Default\Extensions\dggphokdgjikekfiakjcpidcclbmkfga [2020-06-17] CHR Extension: (Tampermonkey) - C:\Users\Iskander\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2023-12-17] CHR Extension: (Wayback Machine) - C:\Users\Iskander\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpnmgdkabkmnadcjpehmlllkndpkmiak [2023-11-29] CHR Extension: (Hola VPN - The Website Unblocker) - C:\Users\Iskander\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2023-12-31] CHR Extension: (Muzli - Design inspiration hub) - C:\Users\Iskander\AppData\Local\Google\Chrome\User Data\Default\Extensions\glcipcfhmopcgidicgdociohdoicpdfc [2023-12-05] CHR Extension: (Ignore X-Frame headers) - C:\Users\Iskander\AppData\Local\Google\Chrome\User Data\Default\Extensions\gleekbfjekiniecknbkamfmkohkpodhe [2023-11-29] CHR Extension: (Sort Emails by Attachment Size For Gmail) - C:\Users\Iskander\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhgfpnbjdbejajbjfabefffbgkheboh [2016-08-19] CHR Extension: (Chrome Remote Desktop) - C:\Users\Iskander\AppData\Local\Google\Chrome\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2022-12-24] CHR Extension: (View Image) - C:\Users\Iskander\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpcmhcelnjdmblfmjabdeclccemkghjk [2023-12-31] CHR Extension: (Reddit Enhancement Suite) - C:\Users\Iskander\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2023-04-05] CHR Extension: (Pitch shifter - HTML5 Video audio FX) - C:\Users\Iskander\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpmkclglcbkjchakihfpblainfncennj [2023-07-01] CHR Extension: (Video Speed Controller) - C:\Users\Iskander\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffaoalbilbmmfgbnbgppjihopabppdk [2022-10-25] CHR Extension: (Allow-Control-Allow-Origin: *) - C:\Users\Iskander\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfbmbojpeacfghkpbjhddihlkkiljbi [2017-07-29] CHR Extension: (Fluff Busting Purity) - C:\Users\Iskander\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkinhboiljjkhaknpaeaicmdjhagpep [2023-10-16] CHR Extension: (Chrome Web Store Payments) - C:\Users\Iskander\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29] CHR HKU\S-1-5-21-3257870137-4252036179-3097448466-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Iskander\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2016-12-11] CHR HKU\S-1-5-21-3257870137-4252036179-3097448466-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKU\S-1-5-21-3257870137-4252036179-3097448466-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1290744 2017-01-06] (Autodesk, Inc -> Autodesk Inc.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-09-20] (Adobe Inc. -> Adobe Inc.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [944096 2023-07-17] (Adobe Inc. -> Adobe Inc.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-09-24] (Apple Inc. -> Apple Inc.) R2 ASRockIOMon; D:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe [463112 2014-07-31] (ASROCK Incorporation -> ) S3 Avid DMF Service; C:\Program Files\Avid\Editor Transcode\Dynamic Media Files\DMFService.exe [661768 2015-12-03] (Avid Technology, Inc. -> Avid Technology, Inc.) R2 Avid Editor Broker; C:\Program Files\Avid\Editor Transcode\TranscodeService\AvidEditorMSE.exe [662280 2015-12-03] (Avid Technology, Inc. -> Avid Technology, Inc.) R2 Avid Editor Db Engine; C:\Program Files\Avid\Editor Transcode\TranscodeService\AvidEditorDbEngine.exe [661768 2015-12-03] (Avid Technology, Inc. -> Avid Technology, Inc.) S3 Avid Editor Transcode Service; C:\Program Files\Avid\Editor Transcode\TranscodeService\AvidEditorTranscode.exe [662280 2015-12-03] (Avid Technology, Inc. -> Avid Technology, Inc.) R2 Avid Editor Transcode Status; C:\Program Files\Avid\Editor Transcode\TranscodeService\rnc-central\AvidEditorTranscodeStatus.exe [297736 2015-12-03] (Avid Technology, Inc. -> Avid Technology, Inc.) R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\121.0.6167.13\remoting_host.exe [74528 2023-12-11] (Google LLC -> Google LLC) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9201120 2023-07-25] (Microsoft Corporation -> Microsoft Corporation) R2 DFWSIDService; C:\ProgramData\Wondershare\wsServices\WsidService.exe [4231408 2023-07-26] (Wondershare Technology Group Co.,Ltd -> wondershare) R2 DigiRefresh; C:\Program Files\Avid\Pro Tools\MMERefresh.exe [117760 2016-09-14] (Avid Technology, Inc.) [File not signed] S3 digiSPTIService64; C:\Program Files\Avid\Pro Tools\digisptiservice64.exe [197632 2016-09-14] (Avid Technology, Inc.) [File not signed] R2 dvhlp; C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\DesktopVideoHelper.exe [26624 2016-09-05] () [File not signed] R2 Dynu.Service; D:\Program Files (x86)\Dynu Systems\Dynu IP Update Client\Dynu.Service.exe [74736 2020-02-29] (Dynu Systems, Inc. -> Dynu Systems, Inc.) [File not signed] R2 ElevationService; C:\ProgramData\Wondershare\wsServices\ElevationService.exe [981744 2023-07-26] (Wondershare Technology Group Co.,Ltd -> ) R2 Everything; C:\Program Files\Everything\Everything.exe [2265096 2023-05-26] (voidtools -> voidtools) R2 Focusrite Control Server; C:\Program Files\Focusrite\Focusrite Control\Server\ControlServer.exe [1554432 2020-06-02] (Focusrite Audio Engineering Ltd.) [File not signed] R2 hasplms; C:\Windows\system32\hasplms.exe [4608320 2014-11-27] (SafeNet, Inc. -> SafeNet Inc.) S3 mi-raysat_3dsmax2016_64; C:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64server.exe [86016 2011-09-15] () [File not signed] R2 NetTimeSvc; C:\Program Files (x86)\NetTime\NetTimeService.exe [482816 2017-09-14] () [File not signed] R2 OpenVPNServiceInteractive; C:\Program Files\OpenVPN\bin\openvpnserv.exe [74336 2020-09-30] (OpenVPN Inc. -> The OpenVPN Project) R2 Parsec; C:\Program Files\Parsec\pservice.exe [394256 2020-10-08] (Parsec Cloud, Inc. -> Parsec) R2 postgresql-x64-9.2; C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe [89600 2013-04-02] (PostgreSQL Global Development Group) [File not signed] S3 PsShutdownSvc; C:\WINDOWS\PSSDNSVC.EXE [87616 2017-09-23] (Sysinternals -> Systems Internals) S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.) R2 rtpMIDIService; C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe [4012816 2019-12-14] (Tobias Erichsen -> Tobias Erichsen) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6254856 2022-05-16] (Microsoft Windows Publisher -> Microsoft Corporation) R2 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [376832 2013-01-09] (SafeNet, Inc.) [File not signed] R2 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [1259872 2013-01-09] (SafeNet, Inc. -> SafeNet, Inc) R2 SentinelSecurityRuntime; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [293216 2013-01-09] (SafeNet, Inc. -> SafeNet, Inc.) S3 sshd; D:\Program Files\OpenSSH\sshd.exe [914944 2017-08-19] () [File not signed] R2 ss_conn_service; D:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU CO LTD -> DEVGURU Co., LTD.) R2 Synergy; D:\Program Files\Synergy\synergyd.exe [307880 2017-03-03] (Symless Ltd. -> ) R2 TeraCopyService; D:\Program Files\TeraCopy\TeraCopyService.exe [110416 2017-05-05] (Code Sector -> Code Sector) R2 USBMIDIAudioDevMon; C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe [1636872 2010-04-13] (M-Audio -> M-Audio) R2 VMAuthdService; D:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe [95208 2017-09-18] (VMware, Inc. -> VMware, Inc.) R2 vMixService; C:\Program Files (x86)\vMix\drivers\vMixService.exe [20992 2020-10-05] () [File not signed] S3 VssEaseusProvider; C:\Windows\system32\dllhost.exe /Processid:{16879BA3-648A-4B3C-B6C3-F2FF755760DC} [21312 2020-11-19] (Microsoft Windows -> Microsoft Corporation) S3 VSStandardCollectorService150; D:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [142304 2022-06-01] (Microsoft Corporation -> Microsoft Corporation) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe [3174840 2023-12-07] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe [133592 2023-12-07] (Microsoft Windows Publisher -> Microsoft Corporation) R2 xrdd.exe; C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe [91048 2020-01-30] (X-Rite Incorporated -> X-Rite Inc.) R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_1ddf203f8d876fdf\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_1ddf203f8d876fdf\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem R2 PaceLicenseDServices; "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" -u hxxps://activation.paceap.com/InitiateActivation S3 SwitchBoard; "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [X] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 ALSysIO; C:\USERS\ISKANDER\APPDATA\LOCAL\TEMP\ALSysIO64.sys [25072 2023-12-31] (Artur Liberman -> Arthur Liberman) <==== ATTENTION R3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2016-04-17] (ASROCK Incorporation -> ASRock Incorporation) R0 AsrRamDisk; C:\WINDOWS\System32\drivers\AsrRamDisk.sys [40200 2013-05-09] (ASROCK Incorporation -> ASRock Inc.) R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [29208 2014-05-26] (AVAST Software a.s. -> ) R3 BlackmagicIO; C:\WINDOWS\System32\drivers\BlackmagicIO.sys [324096 2016-09-05] (Blackmagic Design Pty Ltd -> ) R3 BMDDeckLinkAudio; C:\WINDOWS\System32\drivers\deckaud.sys [24064 2016-09-05] (Blackmagic Design Pty Ltd -> Blackmagic Design) R3 deckavs; C:\WINDOWS\System32\drivers\deckavs.sys [62464 2016-09-05] (Blackmagic Design Pty Ltd -> Blackmagic Design) R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283064 2021-09-07] (Disc Soft Ltd -> Disc Soft Ltd) S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2019-10-31] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) R3 Focusriteusb; C:\WINDOWS\System32\drivers\Focusriteusb.sys [123456 2020-06-02] (WDKTestCert builds,132265248139626354 -> Focusrite Audio Engineering Ltd.) R3 FocusriteUSBSwRoot; C:\WINDOWS\System32\drivers\FocusriteUSBSwRoot.sys [92568 2020-06-02] (WDKTestCert builds,132265248139626354 -> Focusrite Audio Engineering Ltd.) R3 Focusriteusb_AUDIO; C:\WINDOWS\system32\drivers\FocusriteusbAudio.sys [87912 2020-06-02] (WDKTestCert builds,132265248139626354 -> Focusrite Audio Engineering Ltd.) R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331608 2014-11-27] (SafeNet, Inc. -> SafeNet Inc.) U5 iLokDrvr; C:\Windows\System32\Drivers\iLokDrvr.sys [33544 2021-01-31] (PACE Anti-Piracy, Inc. -> ) S3 LoopBe30; C:\WINDOWS\System32\drivers\loopbe30.sys [16896 2011-02-26] (nerds.de) [File not signed] S3 LoopBeAu; C:\WINDOWS\System32\drivers\loopBeAu.sys [22528 2015-08-14] (nerds.de) [File not signed] S3 LoopBeMidi1; C:\WINDOWS\System32\drivers\loopbe1.sys [13824 2011-04-09] (nerds.de) [File not signed] S3 MAUSBMIDI; C:\WINDOWS\System32\drivers\MAudioUSBMIDI.sys [200200 2010-04-13] (M-Audio -> M-Audio) U5 MBX2DFU; C:\Windows\System32\Drivers\MBX2DFU.sys [31120 2007-10-30] (Avid Technology, Inc. -> Digidesign, A Division of Avid Technology, Inc.) S3 MBX2MIDK; C:\WINDOWS\System32\drivers\mbx2midk.sys [32400 2007-10-30] (Avid Technology, Inc. -> Digidesign, A Division of Avid Technology, Inc.) R3 NewTek_AudioPortClass; C:\WINDOWS\System32\drivers\NewTek_AudioPortClass.sys [47368 2021-06-30] (VI(Z)RT INC. -> NewTek) R3 NewTek_WDM_KS; C:\WINDOWS\System32\drivers\NewTek_WDM_KS.sys [42736 2021-06-09] (VI(Z)RT INC. -> NewTek) R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.) R3 NvModuleTracker; C:\WINDOWS\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2023-08-05] (Nvidia Corporation -> NVIDIA Corporation) R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2019-11-08] (MiniTool Solution Ltd -> ) S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2019-11-08] (MiniTool Solution Ltd -> ) U5 RD9700; C:\Windows\System32\Drivers\RD9700.sys [21504 2012-01-04] (Corechip Semiconductor, Inc. Co Ltd.) [File not signed] R3 sbvMIDI; C:\WINDOWS\System32\drivers\sbvmidi64.sys [32984 2016-12-07] (Springbeats -> Autotheory) R2 Sentinel64; C:\WINDOWS\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc. -> SafeNet, Inc.) R3 synusb64; C:\WINDOWS\System32\drivers\synusb64.sys [30352 2011-12-14] (Steinberg Media Technologies GmbH -> Steinberg Media Technologies GmbH) R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [30720 2020-10-12] (OpenVPN Inc. -> The OpenVPN Project) S3 tap_ovpnconnect; C:\WINDOWS\System32\DRIVERS\tap_ovpnconnect.sys [30720 2020-08-21] (OpenVPN Inc. -> The OpenVPN Project) R3 teVirtualMIDI64; C:\WINDOWS\System32\drivers\teVirtualMIDI64.sys [53120 2019-12-07] (Tobias Erichsen -> Tobias Erichsen) S3 VASDeviceDrm; C:\WINDOWS\System32\drivers\vasdDev.sys [1454896 2015-07-21] (Anhui Green Xin Information Technology Co. Ltd -> ShiningMorning Inc.) R3 VBAudio100VMVAIO3MME; C:\WINDOWS\System32\drivers\vbaudio_vmvaio364_win10.sys [71712 2021-07-14] (Vincent Burel -> Windows (R) Win 7 DDK provider) R3 VBAudioVACMME; C:\WINDOWS\System32\drivers\vbaudio_cable64_win7.sys [41192 2014-09-02] (Vincent Burel -> Windows (R) Win 7 DDK provider) R3 VBAudioVMAUXVAIOMME; C:\WINDOWS\System32\drivers\vbaudio_vmauxvaio64_win10.sys [71920 2021-07-14] (Vincent Burel -> Windows (R) Win 7 DDK provider) R3 VBAudioVMVAIOMME; C:\WINDOWS\System32\drivers\vbaudio_vmvaio64_win10.sys [71712 2021-07-14] (Vincent Burel -> Windows (R) Win 7 DDK provider) R1 veracrypt; C:\WINDOWS\System32\drivers\veracrypt.sys [631200 2018-01-29] (IDRIX -> IDRIX) R3 VirtualAudioCable_83ed7f0e-2028-4956-b0b4-39c76fdaef1d; C:\WINDOWS\System32\drivers\vrtaucbl.sys [224688 2022-04-17] (Muzychenko Evgenii Viktorovich, IP -> EuMus Design) R2 VMnetBridge; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [66520 2017-09-18] (VMware, Inc. -> VMware, Inc.) R0 vsock; C:\WINDOWS\System32\DRIVERS\vsock.sys [93248 2017-09-05] (VMware, Inc. -> VMware, Inc.) U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [50688 2019-12-07] (Microsoft Windows -> Microsoft Corporation) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55856 2023-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [594304 2023-12-07] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105856 2023-12-07] (Microsoft Windows -> Microsoft Corporation) R2 WinI2C-DDC; C:\Windows\system32\drivers\DDCDrv.sys [20832 2020-03-06] (PC Micro Systems Inc. -> Nicomsoft Ltd.) R3 wintun; C:\WINDOWS\System32\drivers\wintun.sys [29576 2020-10-12] (WireGuard LLC -> WireGuard LLC) S3 btwampfl; \SystemRoot\system32\DRIVERS\btwampfl.sys [X] U3 idsvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2023-12-31 15:53 - 2023-12-31 15:54 - 000000000 ____D C:\FRST 2023-12-31 12:10 - 2023-12-31 12:10 - 000000000 ____D C:\ESD 2023-12-31 12:08 - 2023-12-31 12:08 - 000000000 ___HD C:\$Windows.~WS 2023-12-31 12:08 - 2023-12-31 12:08 - 000000000 ____D C:\$WINDOWS.~BT 2023-12-07 23:22 - 2023-12-07 23:22 - 001479495 _____ C:\Users\Iskander\Downloads\rapidsave.com_-bk13i3jnmw4c1.mp4 2023-12-07 23:21 - 2023-12-07 23:21 - 001136277 _____ C:\Users\Iskander\Downloads\to_hide_it_before_going_live_4f9087a72.mp4 2023-12-07 23:20 - 2023-12-07 23:20 - 001334928 _____ C:\Users\Iskander\Downloads\to_hide_it_before_going_live_4f9087a7.mp4 ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2023-12-31 15:50 - 2019-12-07 10:51 - 000000000 ____D C:\WINDOWS\system32\FxsTmp 2023-12-31 15:49 - 2021-07-17 15:27 - 000000000 ____D C:\Users\Iskander\AppData\Local\CrashDumps 2023-12-31 15:49 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2023-12-31 15:47 - 2021-12-26 01:29 - 000000000 ____D C:\WINDOWS\SystemTemp 2023-12-31 15:47 - 2013-11-25 23:38 - 000000000 ____D C:\Program Files (x86)\Google 2023-12-31 15:44 - 2020-11-19 08:43 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2023-12-31 15:06 - 2020-11-19 08:54 - 000935590 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2023-12-31 15:06 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF 2023-12-31 15:01 - 2023-04-20 12:34 - 000003032 _____ C:\WINDOWS\system32\Tasks\AsrSP.exe 2023-12-31 15:01 - 2020-03-31 00:39 - 000000000 ____D C:\Users\Iskander\AppData\Roaming\DisplayCAL 2023-12-31 15:01 - 2017-12-29 18:55 - 000000000 ____D C:\ProgramData\VMware 2023-12-31 15:01 - 2016-03-19 13:23 - 000000000 ____D C:\ProgramData\NVIDIA 2023-12-31 15:00 - 2020-11-19 08:43 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2023-12-31 15:00 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState 2023-12-31 13:44 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2023-12-31 13:43 - 2023-07-07 20:33 - 000000000 ____D C:\Users\Iskander\AppData\Local\Everything 2023-12-31 13:43 - 2023-07-03 09:56 - 000000000 ____D C:\Users\Iskander\AppData\Roaming\Everything 2023-12-31 13:43 - 2021-07-14 10:28 - 000037901 _____ C:\Users\Iskander\AppData\Roaming\VoiceMeeterBananaDefault.xml 2023-12-31 13:43 - 2013-11-26 00:06 - 000000000 ____D C:\Users\Iskander\AppData\Roaming\uTorrent 2023-12-31 12:08 - 2023-04-14 16:01 - 000000000 ____D C:\WINDOWS\Panther 2023-12-29 22:47 - 2023-11-18 12:35 - 000000000 ____D C:\Users\Iskander\AppData\Roaming\foobar2000-v2 2023-12-29 13:27 - 2015-10-08 16:30 - 000000000 ____D C:\Users\Iskander\AppData\Roaming\vlc 2023-12-27 09:59 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2023-12-27 09:58 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps 2023-12-27 09:17 - 2020-11-19 08:46 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2023-12-27 09:17 - 2020-11-19 08:46 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2023-12-27 09:17 - 2020-05-01 15:02 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2023-12-27 09:17 - 2020-05-01 15:02 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2023-12-21 13:23 - 2021-01-29 12:59 - 000000000 ____D C:\Users\Iskander\AppData\Local\D3DSCache 2023-12-21 10:28 - 2023-07-22 19:24 - 000000000 ____D C:\Users\Iskander\AppData\Roaming\Code 2023-12-21 05:00 - 2020-05-07 00:30 - 000000000 ____D C:\Users\Iskander\AppData\Roaming\TeraCopy 2023-12-20 14:47 - 2013-11-26 17:30 - 000000000 ____D C:\Users\Iskander\AppData\Roaming\Microsoft\Word 2023-12-19 13:31 - 2013-12-02 11:34 - 000000000 ____D C:\Users\Iskander\AppData\Roaming\Microsoft\Excel 2023-12-14 23:28 - 2023-07-22 19:20 - 000000000 ____D C:\Users\Iskander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Studio Code 2023-12-07 18:55 - 2021-01-29 12:30 - 000003864 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2023-12-07 18:55 - 2021-01-29 12:30 - 000003740 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2023-12-07 15:03 - 2020-11-19 08:43 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2023-12-05 19:55 - 2015-11-14 23:36 - 000000032 _____ C:\ProgramData\autobk.inc 2023-12-05 19:55 - 2014-03-13 23:42 - 000000032 _____ C:\Users\Iskander\AppData\Roaming\msregsvv.dll 2023-12-05 11:29 - 2023-07-28 08:41 - 000003530 _____ C:\WINDOWS\system32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 2023-12-05 11:29 - 2021-01-29 12:30 - 000003506 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0 ==================== Files in the root of some directories ======== 2020-11-17 23:45 - 2020-11-17 23:45 - 000000054 _____ () C:\ProgramData\.bf45c81f8dc8abfeecf09.dat 2021-01-28 12:17 - 2021-01-28 12:17 - 000450560 _____ () C:\Users\Iskander\backup.dat 2021-01-28 13:24 - 2021-01-28 13:24 - 000835584 _____ () C:\Users\Iskander\bch free wallet.dat 2018-11-07 17:03 - 2018-11-07 17:03 - 000000706 _____ () C:\Program Files\Instructions.txt 2013-11-28 11:05 - 2014-07-27 17:39 - 000000132 _____ () C:\Users\Iskander\AppData\Roaming\Adobe BMP Format CS6 Prefs 2014-03-16 12:09 - 2014-04-13 09:36 - 000000132 _____ () C:\Users\Iskander\AppData\Roaming\Adobe GIF Format CS6 Prefs 2013-11-27 14:12 - 2015-03-07 19:29 - 000000132 _____ () C:\Users\Iskander\AppData\Roaming\Adobe PNG Format CS6 Prefs 2014-07-20 14:39 - 2020-05-23 23:30 - 000000033 _____ () C:\Users\Iskander\AppData\Roaming\AdobeWLCMCache.dat 2016-01-17 04:05 - 2019-10-16 00:05 - 001232108 _____ () C:\Users\Iskander\AppData\Roaming\AvidApplicationManager_Install.log 2019-04-03 23:32 - 2019-04-03 23:32 - 000480902 _____ () C:\Users\Iskander\AppData\Roaming\AvidCloudClientServices_Install.log 2019-04-03 23:32 - 2019-04-06 13:26 - 002037154 _____ () C:\Users\Iskander\AppData\Roaming\AvidLink_Install.log 2019-04-03 23:32 - 2019-10-15 23:06 - 000001186 _____ () C:\Users\Iskander\AppData\Roaming\Avid_CCS_Service_Stop.log 2019-04-03 23:37 - 2019-10-15 23:09 - 000000283 _____ () C:\Users\Iskander\AppData\Roaming\Avid_Editor_Transcode_Services_Stop.log 2016-08-20 16:25 - 2016-08-20 16:25 - 000000110 _____ () C:\Users\Iskander\AppData\Roaming\EAN_Barcode_Generator.prefs 2013-11-26 16:32 - 2013-11-26 16:33 - 004729042 _____ () C:\Users\Iskander\AppData\Roaming\EditorTranscode_Install.log 2015-08-30 21:57 - 2016-09-27 22:37 - 000000028 _____ () C:\Users\Iskander\AppData\Roaming\kulerdata.json 2016-11-25 18:05 - 2023-10-18 17:37 - 000088223 _____ () C:\Users\Iskander\AppData\Roaming\last.vmix 2014-07-27 15:05 - 2014-09-14 17:39 - 000001322 _____ () C:\Users\Iskander\AppData\Roaming\MPQEditor.ini 2014-03-13 23:42 - 2023-12-05 19:55 - 000000032 _____ () C:\Users\Iskander\AppData\Roaming\msregsvv.dll 2015-10-07 20:25 - 2016-02-25 15:01 - 000204503 _____ () C:\Users\Iskander\AppData\Roaming\net.telestream.wirecast.xml 2015-10-07 20:49 - 2015-10-07 20:49 - 000067454 _____ () C:\Users\Iskander\AppData\Roaming\net_telestream_wirecast_partner_NO_AKAMAI_AFFILIATE_ID_brandingimage_destination.png 2015-10-07 20:25 - 2015-10-07 20:25 - 000004755 _____ () C:\Users\Iskander\AppData\Roaming\net_telestream_wirecast_partner_NO_BAMBUSER_AFFILIATE_ID_brandingimage_destination.png 2015-10-07 20:25 - 2016-02-09 11:19 - 000004935 _____ () C:\Users\Iskander\AppData\Roaming\net_telestream_wirecast_partner_NO_CHURCHSTREAMING_AFFILIATE_ID_brandingimage_destination.png 2015-10-07 20:25 - 2015-10-07 20:25 - 000003123 _____ () C:\Users\Iskander\AppData\Roaming\net_telestream_wirecast_partner_NO_DACAST_AFFILIATE_ID_brandingimage_destination.png 2015-10-07 20:49 - 2015-10-07 20:49 - 000003931 _____ () C:\Users\Iskander\AppData\Roaming\net_telestream_wirecast_partner_NO_DAILYMOTION_AFFILIATE_ID_brandingimage_destination.png 2015-10-07 20:25 - 2015-10-07 20:25 - 000003213 _____ () C:\Users\Iskander\AppData\Roaming\net_telestream_wirecast_partner_NO_HIGH_SCHOOL_CUBE_AFFIALITE_ID_brandingimage_destination.png 2015-11-02 13:15 - 2015-11-02 13:15 - 000003213 _____ () C:\Users\Iskander\AppData\Roaming\net_telestream_wirecast_partner_NO_HIGH_SCHOOL_CUBE_AFFILIATE_ID_brandingimage_destination.png 2016-02-09 11:19 - 2016-02-09 11:19 - 000005919 _____ () C:\Users\Iskander\AppData\Roaming\net_telestream_wirecast_partner_NO_LIGHTCAST_AFFILIATE_ID_brandingimage_destination.png 2015-10-07 20:25 - 2015-10-07 20:25 - 000004356 _____ () C:\Users\Iskander\AppData\Roaming\net_telestream_wirecast_partner_NO_MAKETV_AFFIALITE_ID_brandingimage_destination.png 2015-11-02 13:15 - 2015-11-02 13:15 - 000004356 _____ () C:\Users\Iskander\AppData\Roaming\net_telestream_wirecast_partner_NO_MAKETV_AFFILIATE_ID_brandingimage_destination.png 2015-10-07 20:25 - 2015-10-07 20:25 - 000003439 _____ () C:\Users\Iskander\AppData\Roaming\net_telestream_wirecast_partner_NO_MERIDIX_AFFIALITE_ID_brandingimage_destination.png 2015-10-07 20:25 - 2015-10-07 20:25 - 000003825 _____ () C:\Users\Iskander\AppData\Roaming\net_telestream_wirecast_partner_NO_MERIDIX_AFFIALITE_ID_brandingimage_main.png 2015-11-02 13:15 - 2015-11-02 13:15 - 000003439 _____ () C:\Users\Iskander\AppData\Roaming\net_telestream_wirecast_partner_NO_MERIDIX_AFFILIATE_ID_brandingimage_destination.png 2015-11-02 13:15 - 2015-11-02 13:15 - 000003825 _____ () C:\Users\Iskander\AppData\Roaming\net_telestream_wirecast_partner_NO_MERIDIX_AFFILIATE_ID_brandingimage_main.png 2015-10-07 20:25 - 2015-10-07 20:25 - 000005621 _____ () C:\Users\Iskander\AppData\Roaming\net_telestream_wirecast_partner_NO_NETBRIEFINGS_AFFIALITE_ID_brandingimage_destination.png 2015-11-02 13:15 - 2015-11-02 13:15 - 000005621 _____ () C:\Users\Iskander\AppData\Roaming\net_telestream_wirecast_partner_NO_NETBRIEFINGS_AFFILIATE_ID_brandingimage_destination.png 2015-11-02 13:15 - 2015-11-02 13:15 - 000016357 _____ () C:\Users\Iskander\AppData\Roaming\net_telestream_wirecast_partner_NO_ONSTREAM_AFFILIATE_ID_brandingimage_destination.png 2015-10-07 20:25 - 2015-10-07 20:25 - 000010088 _____ () C:\Users\Iskander\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMINGCHURCH_AFFIALITE_ID_brandingimage_destination.png 2015-10-07 20:25 - 2015-10-07 20:25 - 000004482 _____ () C:\Users\Iskander\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMINGCHURCH_AFFIALITE_ID_brandingimage_main.png 2015-11-02 13:15 - 2015-11-02 13:15 - 000010088 _____ () C:\Users\Iskander\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMINGCHURCH_AFFILIATE_ID_brandingimage_destination.png 2015-11-02 13:15 - 2015-11-02 13:15 - 000004482 _____ () C:\Users\Iskander\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMINGCHURCH_AFFILIATE_ID_brandingimage_main.png 2015-10-07 20:25 - 2015-10-07 20:25 - 000007122 _____ () C:\Users\Iskander\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMING_MEDIA_HOSTING_AFFILIATE_ID_brandingimage_destination.png 2016-02-09 11:19 - 2016-02-09 11:19 - 000008261 _____ () C:\Users\Iskander\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMSHARK_AFFILIATE_ID_brandingimage_destination.png 2015-10-07 20:25 - 2015-10-07 20:25 - 000010619 _____ () C:\Users\Iskander\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMVU_AFFIALITE_ID_brandingimage_destination.png 2015-11-02 13:15 - 2015-11-02 13:15 - 000010619 _____ () C:\Users\Iskander\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMVU_AFFILIATE_ID_brandingimage_destination.png 2015-10-07 20:49 - 2015-10-09 13:39 - 000005241 _____ () C:\Users\Iskander\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAM_SPOT_AFFILIATE_ID_brandingimage_destination.png 2015-10-07 20:25 - 2015-10-07 20:25 - 000016966 _____ () C:\Users\Iskander\AppData\Roaming\net_telestream_wirecast_partner_NO_STRETCH_INTERNET_AFFIALITE_ID_brandingimage_destination.png 2015-11-02 13:15 - 2015-11-02 13:15 - 000016966 _____ () C:\Users\Iskander\AppData\Roaming\net_telestream_wirecast_partner_NO_STRETCH_INTERNET_AFFILIATE_ID_brandingimage_destination.png 2015-10-07 20:25 - 2015-10-07 20:25 - 000008986 _____ () C:\Users\Iskander\AppData\Roaming\net_telestream_wirecast_partner_NO_SUNDAY_STREAMS_AFFIALITE_ID_brandingimage_destination.png 2015-11-02 13:15 - 2015-11-02 13:15 - 000008986 _____ () C:\Users\Iskander\AppData\Roaming\net_telestream_wirecast_partner_NO_SUNDAY_STREAMS_AFFILIATE_ID_brandingimage_destination.png 2016-02-09 19:45 - 2016-02-09 19:45 - 000022670 _____ () C:\Users\Iskander\AppData\Roaming\net_telestream_wirecast_partner_NO_TILTEDGLOBE_AFFILIATE_ID_brandingimage_destination.png 2015-10-07 20:25 - 2015-10-07 20:25 - 000003302 _____ () C:\Users\Iskander\AppData\Roaming\net_telestream_wirecast_partner_NO_TULIX_AFFIALITE_ID_brandingimage_destination.png 2015-11-02 13:15 - 2015-11-02 13:15 - 000003302 _____ () C:\Users\Iskander\AppData\Roaming\net_telestream_wirecast_partner_NO_TULIX_AFFILIATE_ID_brandingimage_destination.png 2015-11-17 02:53 - 2015-11-17 02:53 - 000005091 _____ () C:\Users\Iskander\AppData\Roaming\net_telestream_wirecast_partner_NO_VERIZON_AFFILIATE_ID_brandingimage_destination.png 2015-11-17 02:53 - 2015-11-17 02:53 - 000005091 _____ () C:\Users\Iskander\AppData\Roaming\net_telestream_wirecast_partner_NO_VERIZON_AFFILIATE_ID_brandingimage_main.png 2015-10-07 20:49 - 2015-10-07 20:49 - 000008683 _____ () C:\Users\Iskander\AppData\Roaming\net_telestream_wirecast_partner_NO_ZIXI_AFFILIATE_ID_brandingimage_destination.png 2016-02-09 19:46 - 2016-02-09 20:46 - 000000204 _____ () C:\Users\Iskander\AppData\Roaming\pc-capture-log.txt 2015-10-09 16:44 - 2015-10-09 16:49 - 000007680 ___SH () C:\Users\Iskander\AppData\Roaming\Thumbs.db 2021-07-14 10:28 - 2023-12-31 13:43 - 000037901 _____ () C:\Users\Iskander\AppData\Roaming\VoiceMeeterBananaDefault.xml 2020-09-19 15:48 - 2022-12-02 00:29 - 000006095 _____ () C:\Users\Iskander\AppData\Roaming\VoiceMeeterDefault.xml 2021-07-14 09:47 - 2021-07-14 10:29 - 000069892 _____ () C:\Users\Iskander\AppData\Roaming\VoiceMeeterPotatoDefault.xml 2014-05-08 22:29 - 2023-11-11 13:02 - 000000600 _____ () C:\Users\Iskander\AppData\Roaming\winscp.rnd 2020-07-19 13:38 - 2020-07-19 13:39 - 000000051 _____ () C:\Users\Iskander\AppData\Roaming\~SiMPLEX.ini 2014-03-19 13:55 - 2021-02-13 17:14 - 000001456 _____ () C:\Users\Iskander\AppData\Local\Adobe Save for Web 13.0 Prefs 2018-07-12 23:42 - 2022-05-14 17:00 - 000000000 _____ () C:\Users\Iskander\AppData\Local\FILM_AE_LogFile.txt 2018-09-28 15:45 - 2018-09-28 15:45 - 000000000 _____ () C:\Users\Iskander\AppData\Local\oobelibMkey.log 2018-03-20 00:39 - 2022-03-18 18:33 - 000000600 _____ () C:\Users\Iskander\AppData\Local\PUTTY.RND 2018-05-16 23:21 - 2018-05-16 23:21 - 000001729 _____ () C:\Users\Iskander\AppData\Local\recently-used.xbel 2014-11-12 16:15 - 2023-10-28 14:32 - 000007680 _____ () C:\Users\Iskander\AppData\Local\resmon.resmoncfg 2020-03-10 20:00 - 2020-03-10 20:00 - 000000067 _____ () C:\Users\Iskander\AppData\Local\uts.ini 2018-03-22 23:24 - 2018-03-22 23:24 - 000000000 _____ () C:\Users\Iskander\AppData\Local\{6284D77C-F407-414A-9C4A-2E2E65473885} ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================