Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2021 Ran by Fred (05-11-2021 20:38:24) Running from C:\Users\Fred\Desktop Microsoft Windows 10 Remote Server Version 1803 17134.1304 (X64) (2018-11-27 09:36:53) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-1935842148-1994693060-1218045284-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1935842148-1994693060-1218045284-503 - Limited - Disabled) Fred (S-1-5-21-1935842148-1994693060-1218045284-1002 - Administrator - Enabled) => C:\Users\Fred Guest (S-1-5-21-1935842148-1994693060-1218045284-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-1935842148-1994693060-1218045284-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Kaspersky Free (Disabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov) Adobe Acrobat Reader DC - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}) (Version: 21.007.20099 - Adobe Systems Incorporated) Adobe After Effects CC 2018 (HKLM-x32\...\AEFT_15_0_1) (Version: 15.0.1 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.1.0.407 - Adobe Systems Incorporated) Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: - Adobe) Adobe Media Encoder 2020 (HKLM-x32\...\AME_14_0) (Version: 14.0 - Adobe Systems Incorporated) Adobe Photoshop CC 2018 (HKLM\...\{65627652-1535-451C-A31B-ACAF785F5812}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden Adobe Photoshop CC 2018 (HKLM-x32\...\PHSP_19_0) (Version: 19.0 - Adobe Systems Incorporated) Adobe premier (HKLM\...\{A33A5D8E-C860-48A7-B8DF-11B354570F70}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden Adobe Premiere Pro 2020 (HKLM-x32\...\PPRO_14_0_1) (Version: 14.0.1 - Adobe Systems Incorporated) Adobe Premiere Pro CC 2018 (HKLM-x32\...\PPRO_12_0_1) (Version: 12.0.1 - Adobe Systems Incorporated) adobe_2 (HKLM\...\{F94F3F2E-47FB-456C-8818-72605B0E9F6B}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden Adobe_AE (HKLM\...\{98A07ED9-5471-4A1C-832B-9FFD5A4AB93F}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden Anaconda3 2021.05 (Python 3.8.8 64-bit) (HKU\S-1-5-21-1935842148-1994693060-1218045284-1002\...\Anaconda3 2021.05 (Python 3.8.8 64-bit)) (Version: 2021.05 - Anaconda, Inc.) Application Verifier x64 External Package (HKLM\...\{8A4CD158-E6B3-6D91-D7DE-10098BC980E2}) (Version: 10.1.19041.685 - Microsoft) Hidden Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Blackmagic RAW Common Components (HKLM\...\{47DFB167-EACF-4A3D-A16F-BDF9E0D68983}) (Version: 2.1 - Blackmagic Design) Burning Crusade Classic (HKLM-x32\...\Burning Crusade Classic) (Version: - Blizzard Entertainment) CCleaner (HKLM\...\CCleaner) (Version: 5.86 - Piriform) CCleaner Browser (HKLM-x32\...\CCleaner Browser) (Version: 95.0.12827.72 - Piriform Software) CCleaner Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.8.1067.0 - Piriform Software) Hidden Chrome Remote Desktop Host (HKLM-x32\...\{1180A2CA-8F3D-4AD0-A1EF-1ED38327C683}) (Version: 94.0.4606.27 - Google LLC) D2R Technical Alpha (HKLM-x32\...\D2R Technical Alpha) (Version: - Blizzard Entertainment) DaVinci Resolve (HKLM\...\{22644994-D6EC-4A29-8A82-7DEF9A6A9BA9}) (Version: 17.2.20004 - Blackmagic Design) DaVinci Resolve Control Panels (HKLM\...\{1488D9B9-38D3-4EEC-B97A-D2E82F7BE993}) (Version: 1.6.1.0 - Blackmagic Design) Diablo II Resurrected (HKLM-x32\...\Diablo II Resurrected) (Version: - Blizzard Entertainment) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) DiagnosticsHub_CollectionService (HKLM\...\{1F3C3AAC-9F7A-47DA-A082-0ACE770041BE}) (Version: 16.1.28901 - Microsoft Corporation) Hidden Discord (HKU\S-1-5-21-1935842148-1994693060-1218045284-1002\...\Discord) (Version: 0.0.309 - Discord Inc.) Epic Games Launcher (HKLM-x32\...\{1D4EB18B-0FEE-444E-B4D1-6F2CFBC363E6}) (Version: 1.1.267.0 - Epic Games, Inc.) Ethereum - Geth - Official Go implementation of the Ethereum protocol (HKLM-x32\...\Ethereum Geth) (Version: 1.10.4-aa637fd3 - Ethereum) FileZilla Client 3.44.2 (HKLM-x32\...\FileZilla Client) (Version: 3.44.2 - Tim Kosse) Frostpunk The Fall of Winterhome (HKLM-x32\...\Frostpunk The Fall of Winterhome_is1) (Version: - ) GitHub Desktop (HKU\S-1-5-21-1935842148-1994693060-1218045284-1002\...\GitHubDesktop) (Version: 2.9.0 - GitHub, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 95.0.4638.69 - Google LLC) HandBrake 1.2.2 (HKLM-x32\...\HandBrake) (Version: 1.2.2 - ) icecap_collection_neutral (HKLM-x32\...\{1036893D-9917-4E70-B96C-8D72A2B224BC}) (Version: 16.10.31306 - Microsoft Corporation) Hidden icecap_collection_x64 (HKLM\...\{289873DF-80D0-4D7D-8068-D25D342A26FA}) (Version: 16.10.31306 - Microsoft Corporation) Hidden icecap_collectionresources (HKLM-x32\...\{D2B4539C-173B-4B8D-A021-E22E9566BC24}) (Version: 16.10.31306 - Microsoft Corporation) Hidden icecap_collectionresourcesx64 (HKLM-x32\...\{38CE202D-7880-4101-9739-83619300EC58}) (Version: 16.10.31306 - Microsoft Corporation) Hidden Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4624 - Intel Corporation) Java 8 Update 201 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation) Kaspersky Free (HKLM-x32\...\{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden Kaspersky Free (HKLM-x32\...\InstallWIX_{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab) Kaspersky Secure Connection (HKLM-x32\...\{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab) Kits Configuration Installer (HKLM-x32\...\{E75A9998-E979-760B-6AEB-49763F279EDD}) (Version: 10.1.19041.685 - Microsoft) Hidden Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc) Logitech Gaming Software 9.02 (HKLM\...\Logitech Gaming Software) (Version: 9.02.65 - Logitech Inc.) MacDisk version 8.0 (HKLM-x32\...\LSD-MacDisk_is1) (Version: 8.0.6 - Logiciels & Services Duhem) Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes) MeldaProduction Audio Plugins 13 (HKLM-x32\...\MeldaProduction Audio Plugins 13) (Version: - MeldaProduction) Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.14527.20234 - Microsoft Corporation) Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 18.151.0729.0013 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1935842148-1994693060-1218045284-1002\...\OneDriveSetup.exe) (Version: 21.205.1003.0003 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM\...\{8D7CE3B0-5379-46FE-9F4B-A65D9F4CC1F1}) (Version: 15.0.1200.24 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM-x32\...\{725CC962-98BD-42C7-87D8-51C680FB1779}) (Version: 15.0.1200.24 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30038 (HKLM-x32\...\{7f336035-fa39-4d06-bd17-fbf472a381e8}) (Version: 14.29.30038.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30038 (HKLM-x32\...\{9120a466-433b-4dd9-a5e0-3092abd2cc1d}) (Version: 14.29.30038.0 - Microsoft Corporation) Microsoft Visual Studio Code (User) (HKU\S-1-5-21-1935842148-1994693060-1218045284-1002\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.61.2 - Microsoft Corporation) Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 2.11.13.53049 - Microsoft Corporation) Minecraft Launcher (HKLM-x32\...\{733C3ACB-432D-4880-B0E1-660000D7974D}) (Version: 1.0.0.0 - Mojang) mIRC (HKLM-x32\...\mIRC) (Version: 7.54 - mIRC Co. Ltd.) Mocha Plug-ins 2019.5 for Adobe (HKLM\...\{466D52E7-052E-4C6E-AFB1-EB350A56DE37}) (Version: 6.1.1 - BorisFX) mocha Pro V5.2.0-12816 (HKLM\...\{0B2CE768-9D51-45E8-A515-D91E8210FDFE}) (Version: 5.20.12816 - Imagineer Systems) Mozilla Firefox (x64 fr) (HKLM\...\Mozilla Firefox 90.0.2 (x64 fr)) (Version: 90.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 63.0.3 - Mozilla) MSI Development Tools (HKLM-x32\...\{7AAC93B0-F3D7-6B24-6B37-9E74980C1C81}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden Node.js (HKLM\...\{3B28E735-6F18-49DB-B45E-ED251E2F212B}) (Version: 16.13.0 - Node.js Foundation) Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.6.1 - Notepad++ Team) NVIDIA Graphics Driver 456.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 456.71 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.38.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.35 - NVIDIA Corporation) NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14527.20234 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20234 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20234 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden Origin (HKLM-x32\...\Origin) (Version: 10.5.101.48500 - Electronic Arts, Inc.) Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment) Paragon HFS+ for Windows™ 10.4 (HKLM-x32\...\{456534C0-51E7-11DF-B336-005056C00008}) (Version: 1.00 - Paragon Software) Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 3.16.0.53829 - Grinding Gear Games) Hidden Path of Exile (HKLM-x32\...\{f47cf046-3abe-4270-9315-22239bac9331}) (Version: 3.16.0.53829 - Grinding Gear Games) PDFescape Desktop (HKLM-x32\...\PDFescape Desktop) (Version: 4.0.24.1356 - RedSoftware) PDFescape Desktop Asian Fonts Pack (HKLM\...\{D81F9B76-24DE-4DFF-8869-B31289B36FAC}) (Version: 4.0.24.4617 - Red Software) Hidden PDFescape Desktop Convert Module (HKLM\...\{CC6DC81A-06C1-4933-8117-794710375AD3}) (Version: 4.0.24.4617 - Red Software) Hidden PDFescape Desktop Create Module (HKLM\...\{CCBE3E06-E721-410C-8D36-EDEF37F56743}) (Version: 4.0.24.4617 - Red Software) Hidden PDFescape Desktop Edit Module (HKLM\...\{00CEFC51-9626-4E7E-920B-4757DF0B9491}) (Version: 4.0.24.4617 - Red Software) Hidden PDFescape Desktop Forms Module (HKLM\...\{87391E47-A919-4E89-8D07-EA259AD63DB8}) (Version: 4.0.24.4617 - Red Software) Hidden PDFescape Desktop Insert Module (HKLM\...\{8B686E57-76A7-4330-A981-4AB69DF7A568}) (Version: 4.0.24.4617 - Red Software) Hidden PDFescape Desktop Review Module (HKLM\...\{42EF2557-7C52-40EE-81CF-B658B64C7095}) (Version: 4.0.24.4617 - Red Software) Hidden PDFescape Desktop Secure Module (HKLM\...\{B9EB4384-5195-4ED6-BAB0-661FC5B36E14}) (Version: 4.0.24.4617 - Red Software) Hidden PDFescape Desktop View Module (HKLM\...\{F108BACE-2CE0-447B-A953-68E2019F7B66}) (Version: 4.0.24.4617 - Red Software) Hidden PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.) Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.37.349 - Rockstar Games) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.8.1 - Rockstar Games) SDK ARM Additions (HKLM-x32\...\{FCF9D89E-6F79-64FB-B08D-B0E69FF54DEE}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden SDK ARM Redistributables (HKLM-x32\...\{72DB07D6-E166-5A3F-B6E6-4664383781B8}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.16.8 - TeamViewer) Telegram Desktop version 3.2 (HKU\S-1-5-21-1935842148-1994693060-1218045284-1002\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 3.2 - Telegram FZ-LLC) TypeScript SDK (HKLM-x32\...\{C34D7309-4E94-4B6A-ABE8-C1EE566E9C1F}) (Version: 4.2.4.0 - Microsoft Corporation) Hidden UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden Universal CRT Extension SDK (HKLM-x32\...\{4D69FB64-4443-F2DD-DE1C-F14FD98AAC59}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden Universal CRT Headers Libraries and Sources (HKLM-x32\...\{6B56745A-F6A4-C51C-933A-AD96C00683EA}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden Universal CRT Redistributable (HKLM-x32\...\{0460C87B-7F4C-3170-FAC9-B7A6AE5CE4E9}) (Version: 10.0.26624 - Microsoft Corporation) Hidden Universal CRT Redistributable (HKLM-x32\...\{A57CD0A6-4297-FD30-34A4-34758B6F5F69}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden Universal CRT Tools x64 (HKLM\...\{CD06199B-41C1-AE6D-7567-984CC68792C3}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden Universal CRT Tools x86 (HKLM-x32\...\{BD75F257-50A4-E0CD-9942-C3550CA3E66A}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden Universal General MIDI DLS Extension SDK (HKLM-x32\...\{A7E95C47-B5F4-110C-D27A-DECB03412B96}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden Universe (HKLM\...\Universe v3.0.2) (Version: - Red Giant LLC) Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation) UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden vcpp_crt.redist.clickonce (HKLM-x32\...\{9BE18F4E-9100-4B29-9F08-61F21A2045DD}) (Version: 14.29.30038 - Microsoft Corporation) Hidden VdhCoApp 1.3.0 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper) Videostream (HKU\S-1-5-21-1935842148-1994693060-1218045284-1002\...\Videostream) (Version: 0.3.5 - Videostream) Visual Studio Build Tools 2019 (HKLM-x32\...\291ae0fe) (Version: 16.10.3 - Microsoft Corporation) Visual Studio Community 2019 (2) (HKLM-x32\...\b7cfa9d4) (Version: 16.10.3 - Microsoft Corporation) VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN) VS Immersive Activate Helper (HKLM-x32\...\{A71406B5-E487-4B01-8E59-D466841350F5}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden VS JIT Debugger (HKLM\...\{C7E8A4F2-EF09-42A8-B892-69D5ED99D965}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden VS Script Debugging Common (HKLM\...\{A4272808-82F5-410F-A5F9-1BF6F63F6B9A}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden vs_communitymsi (HKLM-x32\...\{F2362422-8A5F-473B-B793-E9592B1EA9FA}) (Version: 16.10.31306 - Microsoft Corporation) Hidden vs_communitymsires (HKLM-x32\...\{3751D1CF-9A44-43D2-B4BB-80FA6E7925A8}) (Version: 16.10.31213 - Microsoft Corporation) Hidden vs_devenvmsi (HKLM-x32\...\{AD0C92A4-1514-4BC1-A723-A272A8343924}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_filehandler_amd64 (HKLM-x32\...\{8B6AE4FB-1E51-4BB4-B52C-CAC8A0340310}) (Version: 16.10.31206 - Microsoft Corporation) Hidden vs_filehandler_x86 (HKLM-x32\...\{B0AA3BF6-3C13-4C9A-A043-4CEFBBE0A2D3}) (Version: 16.10.31206 - Microsoft Corporation) Hidden vs_FileTracker_Singleton (HKLM-x32\...\{05CA3463-0B45-425D-9AF2-E1964AB85CBB}) (Version: 16.10.31303 - Microsoft Corporation) Hidden vs_Graphics_Singletonx64 (HKLM\...\{76133D32-1325-48F3-929A-27EC7A323FBA}) (Version: 16.10.31213 - Microsoft Corporation) Hidden vs_Graphics_Singletonx86 (HKLM-x32\...\{E42F1CFF-80C7-4865-B378-1EFCF312C1BF}) (Version: 16.10.31213 - Microsoft Corporation) Hidden vs_minshellinteropmsi (HKLM-x32\...\{883D29E5-9A41-4C45-A192-C10B8078BF0C}) (Version: 16.10.31306 - Microsoft Corporation) Hidden vs_minshellmsi (HKLM-x32\...\{E6B8D127-6C17-4E21-BA5C-B1D0C322BBA2}) (Version: 16.10.31320 - Microsoft Corporation) Hidden vs_minshellmsires (HKLM-x32\...\{0916C6E1-6A0A-4887-9E00-D96FD44AFACE}) (Version: 16.10.31303 - Microsoft Corporation) Hidden vs_tipsmsi (HKLM-x32\...\{E208E682-50EE-4F2F-9860-C91B906B8A03}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_vswebprotocolselectormsi (HKLM-x32\...\{634F7BE2-E181-4544-946F-B8BA774B9059}) (Version: 16.10.31206 - Microsoft Corporation) Hidden Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.6.0 - Azureus Software, Inc.) Warcraft III (HKLM-x32\...\Warcraft III) (Version: - Blizzard Entertainment) Weedcraft Inc (HKLM-x32\...\Weedcraft Inc_is1) (Version: - ) WinAppDeploy (HKLM-x32\...\{2ADF1977-BF31-E127-B651-AC28A8658317}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden Windows SDK AddOn (HKLM-x32\...\{E18618EC-D9DB-4BCE-B382-85ADA2CBB340}) (Version: 10.1.0.0 - Microsoft Corporation) Windows Software Development Kit - Windows 10.0.19041.685 (HKLM-x32\...\{4591faf1-a2db-4a3d-bfda-aa5a4ebb1587}) (Version: 10.1.19041.685 - Microsoft Corporation) WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH) WinRT Intellisense Desktop - en-us (HKLM-x32\...\{BCF7CA0F-E53C-2A4F-B128-A751EC9A1016}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{B42BF427-AFDB-C00F-DB60-6F51395D74A1}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden WinRT Intellisense IoT - en-us (HKLM-x32\...\{3335615C-ABEB-960E-2226-4274CD28E046}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{216D5F47-257D-6284-5849-B51037875EFA}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden WinRT Intellisense Mobile - en-us (HKLM-x32\...\{443FF51E-16C3-F23B-18FC-0D1D66024B0B}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden WinRT Intellisense PPI - en-us (HKLM-x32\...\{15E29AFF-CB19-A20B-9A81-B0765A63115F}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{FF2B49B7-0254-3D6A-4BE0-EF4C59DBCC2B}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden WinRT Intellisense UAP - en-us (HKLM-x32\...\{0AF3B821-474B-1885-473A-6E3FB4F1CF71}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{8832F8ED-1035-9ABE-FD73-4E5ABAA84A5C}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment) World of Warcraft Classic (HKLM-x32\...\World of Warcraft Classic) (Version: - Blizzard Entertainment) Packages: ========= Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc [2019-11-25] (Adobe Systems Incorporated) Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_2.4.2070.0_x64__rz1tebttyb220 [2019-09-13] (Dolby Laboratories) Fitbit Coach -> C:\Program Files\WindowsApps\Fitbit.FitbitCoach_4.4.133.0_x64__6mqt6hf9g46tw [2018-11-25] (Fitbit) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-08-03] (Microsoft Studios) [MS Ad] Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-15] (Netflix, Inc.) NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-05-25] (NVIDIA Corp.) Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.56.102.0_x64__kzf8qxf38zg5c [2020-02-04] (Skype) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1935842148-1994693060-1218045284-1002_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6} CustomCLSID: HKU\S-1-5-21-1935842148-1994693060-1218045284-1002_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-7FDE248C413F} -> [Creative Cloud Files] => C:\Users\Fred\Creative Cloud Files [2019-11-25 18:39] CustomCLSID: HKU\S-1-5-21-1935842148-1994693060-1218045284-1002_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems) ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Fred\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Fred\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Fred\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Fred\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Fred\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Fred\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => F:\Programmes\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => F:\Programmes\Notepad++\NppShell_06.dll [2018-12-12] (Notepad++ -> ) ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Fred\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ContextMenuHandlers1: [PDFescapeDesktop_ManagerExt] -> {D3C28D54-72B8-4B8D-B204-157EFA9BF3E7} => C:\Program Files\PDFescape Desktop\context-menu.dll [2019-07-01] (PDFescape -> Red Software) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Fred\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Fred\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => F:\Programmes\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed] ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Fred\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-03-17] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_feed726c6560f7a7\nvshext.dll [2020-10-02] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => F:\Programmes\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed] ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Fred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applications Chrome\Bureau à distance Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp ShortcutWithArgument: C:\Users\Fred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)\Anaconda Prompt (anaconda3).lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> "/K" C:\Users\Fred\anaconda3\Scripts\activate.bat C:\Users\Fred\anaconda3 ==================== Loaded Modules (Whitelisted) ============= 2019-07-15 16:52 - 2019-02-21 17:00 - 000078336 _____ (Igor Pavlov) [File not signed] F:\Programmes\7-Zip\7-zip.dll 2018-12-10 09:29 - 2018-12-10 09:29 - 000438272 _____ (The curl library, hxxps://curl.haxx.se/) [File not signed] C:\Program Files\PDFescape Desktop\libcurl.dll 2019-05-05 18:40 - 2021-03-25 15:12 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll 2019-05-05 18:40 - 2021-03-25 15:12 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll 2018-04-06 19:29 - 2018-04-06 19:29 - 002286747 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Logitech Gaming Software\LIBEAY32.dll 2018-04-06 19:29 - 2018-04-06 19:29 - 000416627 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Logitech Gaming Software\ssleay32.dll 2019-05-05 18:40 - 2021-03-25 15:12 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll 2019-05-05 18:40 - 2021-03-25 15:12 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll 2019-05-05 18:40 - 2021-03-25 15:12 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll 2019-05-05 18:40 - 2021-03-25 15:12 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll 2019-05-05 18:40 - 2021-03-25 15:12 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll 2019-05-05 18:40 - 2021-03-25 15:12 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll 2019-05-05 18:40 - 2021-03-25 15:12 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Fred\Application Data:00e481b5e22dbe1f649fcddd505d3eb7 [362] AlternateDataStreams: C:\Users\Fred\Application Data:6699d3ee8dd9cf775caae782c8f44f03 [394] AlternateDataStreams: C:\Users\Fred\Local Settings:01-11-2021 [376544] AlternateDataStreams: C:\Users\Fred\Local Settings:02-11-2021 [313091] AlternateDataStreams: C:\Users\Fred\Local Settings:03-11-2021 [1390159] AlternateDataStreams: C:\Users\Fred\Local Settings:04-11-2021 [324746] AlternateDataStreams: C:\Users\Fred\Local Settings:05-11-2021 [1511244] AlternateDataStreams: C:\Users\Fred\Local Settings:22-10-2021 [180394] AlternateDataStreams: C:\Users\Fred\Local Settings:24-10-2021 [127834] AlternateDataStreams: C:\Users\Fred\Local Settings:25-10-2021 [213266] AlternateDataStreams: C:\Users\Fred\Local Settings:26-10-2021 [265881] AlternateDataStreams: C:\Users\Fred\Local Settings:27-10-2021 [116952] AlternateDataStreams: C:\Users\Fred\Local Settings:28-10-2021 [528473] AlternateDataStreams: C:\Users\Fred\Local Settings:29-10-2021 [212280] AlternateDataStreams: C:\Users\Fred\Local Settings:30-10-2021 [205169] AlternateDataStreams: C:\Users\Fred\Local Settings:31-10-2021 [95355] AlternateDataStreams: C:\Users\Fred\AppData\Local:01-11-2021 [376544] AlternateDataStreams: C:\Users\Fred\AppData\Local:02-11-2021 [313091] AlternateDataStreams: C:\Users\Fred\AppData\Local:03-11-2021 [1390159] AlternateDataStreams: C:\Users\Fred\AppData\Local:04-11-2021 [324746] AlternateDataStreams: C:\Users\Fred\AppData\Local:05-11-2021 [1511244] AlternateDataStreams: C:\Users\Fred\AppData\Local:22-10-2021 [180394] AlternateDataStreams: C:\Users\Fred\AppData\Local:24-10-2021 [127834] AlternateDataStreams: C:\Users\Fred\AppData\Local:25-10-2021 [213266] AlternateDataStreams: C:\Users\Fred\AppData\Local:26-10-2021 [265881] AlternateDataStreams: C:\Users\Fred\AppData\Local:27-10-2021 [116952] AlternateDataStreams: C:\Users\Fred\AppData\Local:28-10-2021 [528473] AlternateDataStreams: C:\Users\Fred\AppData\Local:29-10-2021 [212280] AlternateDataStreams: C:\Users\Fred\AppData\Local:30-10-2021 [205169] AlternateDataStreams: C:\Users\Fred\AppData\Local:31-10-2021 [95355] AlternateDataStreams: C:\Users\Fred\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [362] AlternateDataStreams: C:\Users\Fred\AppData\Roaming:6699d3ee8dd9cf775caae782c8f44f03 [394] AlternateDataStreams: C:\Users\Fred\AppData\Local\Application Data:01-11-2021 [376544] AlternateDataStreams: C:\Users\Fred\AppData\Local\Application Data:02-11-2021 [313091] AlternateDataStreams: C:\Users\Fred\AppData\Local\Application Data:03-11-2021 [1390159] AlternateDataStreams: C:\Users\Fred\AppData\Local\Application Data:04-11-2021 [324746] AlternateDataStreams: C:\Users\Fred\AppData\Local\Application Data:05-11-2021 [1511244] AlternateDataStreams: C:\Users\Fred\AppData\Local\Application Data:22-10-2021 [180394] AlternateDataStreams: C:\Users\Fred\AppData\Local\Application Data:24-10-2021 [127834] AlternateDataStreams: C:\Users\Fred\AppData\Local\Application Data:25-10-2021 [213266] AlternateDataStreams: C:\Users\Fred\AppData\Local\Application Data:26-10-2021 [265881] AlternateDataStreams: C:\Users\Fred\AppData\Local\Application Data:27-10-2021 [116952] AlternateDataStreams: C:\Users\Fred\AppData\Local\Application Data:28-10-2021 [528473] AlternateDataStreams: C:\Users\Fred\AppData\Local\Application Data:29-10-2021 [212280] AlternateDataStreams: C:\Users\Fred\AppData\Local\Application Data:30-10-2021 [205169] AlternateDataStreams: C:\Users\Fred\AppData\Local\Application Data:31-10-2021 [95355] AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [492] ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-10-30] (Microsoft Corporation -> Microsoft Corporation) BHO: PDFescape Desktop Helper -> {9AF15867-1D90-423B-9853-E99761714165} -> C:\Program Files\PDFescape Desktop\creator\plugins\IEAddin\creator-ie-helper.dll [2019-07-01] (PDFescape -> Red Software) BHO: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\IEExt\ie_plugin.dll [2019-04-08] (Kaspersky Lab -> AO Kaspersky Lab) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-10-30] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [2019-01-24] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: PDFescape Desktop Helper -> {9AF15867-1D90-423B-9853-E99761714165} -> C:\Program Files (x86)\PDFescape Desktop\creator\plugins\IEAddin\creator-ie-helper.dll [2019-07-01] (PDFescape -> Red Software) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-01-24] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\IEExt\ie_plugin.dll [2019-04-08] (Kaspersky Lab -> AO Kaspersky Lab) Toolbar: HKLM - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\IEExt\ie_plugin.dll [2019-04-08] (Kaspersky Lab -> AO Kaspersky Lab) Toolbar: HKLM - PDFescape Desktop Toolbar - {A6D4ADF0-4C82-4712-B9B8-69EE9CF06462} - C:\Program Files\PDFescape Desktop\creator\plugins\IEAddin\creator-ie-plugin.dll [2019-07-01] (PDFescape -> Red Software) Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\IEExt\ie_plugin.dll [2019-04-08] (Kaspersky Lab -> AO Kaspersky Lab) Toolbar: HKLM-x32 - PDFescape Desktop Toolbar - {A6D4ADF0-4C82-4712-B9B8-69EE9CF06462} - C:\Program Files (x86)\PDFescape Desktop\creator\plugins\IEAddin\creator-ie-plugin.dll [2019-07-01] (PDFescape -> Red Software) Toolbar: HKU\S-1-5-21-1935842148-1994693060-1218045284-1002 -> Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\IEExt\ie_plugin.dll [2019-04-08] (Kaspersky Lab -> AO Kaspersky Lab) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-30] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-30] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-30] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-30] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2017-09-29 14:46 - 2019-03-13 17:10 - 000000858 _____ C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 act2.mediafour.com ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Libraries\redist\intel64\compiler;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Geth;D:\GETH;C:\Program Files\nodejs\ HKU\S-1-5-21-1935842148-1994693060-1218045284-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKU\S-1-5-21-1935842148-1994693060-1218045284-1002\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-1935842148-1994693060-1218045284-1002\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-1935842148-1994693060-1218045284-1002\...\StartupApproved\Run: => "Discord" HKU\S-1-5-21-1935842148-1994693060-1218045284-1002\...\StartupApproved\Run: => "EpicGamesLauncher" HKU\S-1-5-21-1935842148-1994693060-1218045284-1002\...\StartupApproved\Run: => "Videostream" HKU\S-1-5-21-1935842148-1994693060-1218045284-1002\...\StartupApproved\Run: => "DAEMON Tools Ultra Automount" HKU\S-1-5-21-1935842148-1994693060-1218045284-1002\...\StartupApproved\Run: => "DAEMON Tools Ultra Agent" HKU\S-1-5-21-1935842148-1994693060-1218045284-1002\...\StartupApproved\Run: => "CCXProcess" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{542D364C-CF0C-4AAC-8316-0B90DC848F8C}C:\program files\adobe\adobe muse cc 2018\muse.exe] => (Allow) C:\program files\adobe\adobe muse cc 2018\muse.exe => No File FirewallRules: [UDP Query User{E7DE0458-C3CD-49F8-A9F5-6167E53BD3BF}C:\program files\adobe\adobe muse cc 2018\muse.exe] => (Allow) C:\program files\adobe\adobe muse cc 2018\muse.exe => No File FirewallRules: [TCP Query User{251D95BD-481F-476B-AAF4-5C3353AB635D}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.) FirewallRules: [UDP Query User{08306335-DD46-4541-9AC1-D1BE5386AE0F}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.) FirewallRules: [TCP Query User{A4BA4AB1-0BA7-489C-88C0-601CCF92100D}F:\programmes\world of warcraft\_retail_\utils\wowvoiceproxy.exe] => (Allow) F:\programmes\world of warcraft\_retail_\utils\wowvoiceproxy.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment) FirewallRules: [UDP Query User{CD83B529-ED63-487F-892D-70166F4DA7DC}F:\programmes\world of warcraft\_retail_\utils\wowvoiceproxy.exe] => (Allow) F:\programmes\world of warcraft\_retail_\utils\wowvoiceproxy.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment) FirewallRules: [{5966EDA1-7C70-476B-8BEB-6518276026F4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{A5E535E9-2FE4-4482-A2E4-A18C1ACF77FA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{E85D724E-7C33-4F19-8013-5DDCFDBBEDF0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{009ABBE3-7048-442D-9B20-43425D245C23}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [TCP Query User{7B82867A-5AF1-4E36-9747-29ABB8985FDA}C:\users\fred\downloads\anydesk.exe] => (Allow) C:\users\fred\downloads\anydesk.exe (philandro Software GmbH -> philandro Software GmbH) FirewallRules: [UDP Query User{7B1441FF-84BB-42A0-BF80-6A366DE97DAB}C:\users\fred\downloads\anydesk.exe] => (Allow) C:\users\fred\downloads\anydesk.exe (philandro Software GmbH -> philandro Software GmbH) FirewallRules: [TCP Query User{C367BC83-D19B-4791-A45E-04FB38CD9235}C:\program files\vuze\azureus.exe] => (Allow) C:\program files\vuze\azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc) FirewallRules: [UDP Query User{B77515C4-324E-4A81-A82F-F7A41A0F2C63}C:\program files\vuze\azureus.exe] => (Allow) C:\program files\vuze\azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc) FirewallRules: [TCP Query User{A0AB37B7-2976-4AF3-8277-33C907989E69}F:\programmes\steam\steam.exe] => (Allow) F:\programmes\steam\steam.exe (Valve -> Valve Corporation) FirewallRules: [UDP Query User{89848175-F513-4F83-8688-A9B8E6757876}F:\programmes\steam\steam.exe] => (Allow) F:\programmes\steam\steam.exe (Valve -> Valve Corporation) FirewallRules: [{F440E234-D872-4D98-8ABF-D63E9906043A}] => (Allow) F:\Programmes\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{63D6B46C-0E1B-46E3-B2E0-E4A797076A8E}] => (Allow) F:\Programmes\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{BA651190-1F87-4619-9D75-EDFBD21A4D2F}] => (Allow) F:\Programmes\Steam\steamapps\common\Valheim\valheim.exe () [File not signed] FirewallRules: [{A70E7DA4-880F-438D-9B21-AB73A59EC9A7}] => (Allow) F:\Programmes\Steam\steamapps\common\Valheim\valheim.exe () [File not signed] FirewallRules: [{98236FB6-2BE8-49EC-96F8-AE1336850448}] => (Allow) F:\Programmes\Steam\steamapps\common\Rust\Rust.exe (Facepunch Studios Ltd -> Epic Games, Inc) FirewallRules: [{3E3F7E33-10C1-4B59-9B2B-390B7169F35C}] => (Allow) F:\Programmes\Steam\steamapps\common\Rust\Rust.exe (Facepunch Studios Ltd -> Epic Games, Inc) FirewallRules: [TCP Query User{F15F6EE7-940E-4995-876F-D2C9BB2E8C46}F:\programmes\ascension launcher\ascension launcher.exe] => (Allow) F:\programmes\ascension launcher\ascension launcher.exe => No File FirewallRules: [UDP Query User{4928388F-6D51-4646-AECA-39029B2A364D}F:\programmes\ascension launcher\ascension launcher.exe] => (Allow) F:\programmes\ascension launcher\ascension launcher.exe => No File FirewallRules: [{E3CF1964-9887-44B9-8DD3-2048F5554731}] => (Allow) F:\Programmes\Steam\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{94960D1B-13A0-4F74-A380-5BF6BCE3713F}] => (Allow) F:\Programmes\Steam\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [TCP Query User{48CAE275-1F8B-401F-BAFB-307C038FE3AA}F:\programmes\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) F:\programmes\steam\steamapps\common\grand theft auto v\gta5.exe => No File FirewallRules: [UDP Query User{75CB755A-B198-4C0A-9040-1B3E966BFFF4}F:\programmes\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) F:\programmes\steam\steamapps\common\grand theft auto v\gta5.exe => No File FirewallRules: [{3DC3B166-69DA-448F-88FF-824E054F57B1}] => (Allow) F:\Programmes\Steam\steamapps\common\Aim Lab\AimLab_tb.exe () [File not signed] FirewallRules: [{4684BCAB-EA68-4AB2-BB1E-59D64076D085}] => (Allow) F:\Programmes\Steam\steamapps\common\Aim Lab\AimLab_tb.exe () [File not signed] FirewallRules: [{45D482FC-A93A-4B4E-B697-D5BC2DDD31C0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{50A1B40B-1885-4ACF-A2C4-8C0CC1018DB9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{64B4341E-FA35-484A-888F-5154951423BC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{C9F2AAD5-CB01-407B-8912-73484A6E75A1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [TCP Query User{022A669D-335D-4DB8-BBDF-64A61892BB02}C:\users\fred\appdata\local\videostream\app-0.3.5\videostream-native\videostream-native.exe] => (Allow) C:\users\fred\appdata\local\videostream\app-0.3.5\videostream-native\videostream-native.exe (Groupnotes, Inc. -> ) FirewallRules: [UDP Query User{DEAFB785-8A5D-41F4-8AF5-64D0D06BBE13}C:\users\fred\appdata\local\videostream\app-0.3.5\videostream-native\videostream-native.exe] => (Allow) C:\users\fred\appdata\local\videostream\app-0.3.5\videostream-native\videostream-native.exe (Groupnotes, Inc. -> ) FirewallRules: [{3A7FAF6A-8472-4EA1-9DA4-0C618F5B1C98}] => (Allow) F:\Programmes\Steam\steamapps\common\Liftoff\Liftoff.exe () [File not signed] FirewallRules: [{413227BF-2AB8-49E3-A5B2-0717F48C0EA3}] => (Allow) F:\Programmes\Steam\steamapps\common\Liftoff\Liftoff.exe () [File not signed] FirewallRules: [{CD340B8A-ED5F-4F07-9717-D707AEE1171B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{17290F95-2CBB-4441-BB5B-D6950EFC7E3C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{A9BA78D4-6781-42D6-B04E-F82E1E2641B1}F:\programmes\call of duty modern warfare\modernwarfare.exe] => (Allow) F:\programmes\call of duty modern warfare\modernwarfare.exe => No File FirewallRules: [UDP Query User{2A610E92-A530-43CC-ADED-E280E8A3E2F6}F:\programmes\call of duty modern warfare\modernwarfare.exe] => (Allow) F:\programmes\call of duty modern warfare\modernwarfare.exe => No File FirewallRules: [{EAAD7A26-5F03-45BE-839A-1F46D253DD9B}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.) FirewallRules: [{6AECE582-CB12-496B-A6D1-9E81B898075E}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe (Blackmagic Design Pty Ltd -> ) FirewallRules: [{AEA64310-A910-4108-A3DF-4B6DE2FC33E7}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DaVinciPanelDaemon.exe (Blackmagic Design Pty Ltd -> ) FirewallRules: [{D32FF445-B8B6-4F47-9B89-58799CB5DC3C}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe (Blackmagic Design Pty Ltd -> ) FirewallRules: [{5E29D892-96D8-4F6D-91F9-1BF29AC19D81}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe (Blackmagic Design Pty Ltd -> ) FirewallRules: [{CFDE228E-9574-4E53-9F91-B8F7CAADAFC5}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe (Blackmagic Design Pty Ltd -> ) FirewallRules: [{59C06933-A8A7-452B-8AFD-32EE3A45C2EA}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe => No File FirewallRules: [{793E4F11-2B7A-41F3-AFE1-4758387C6C10}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\fuscript.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.) FirewallRules: [{0D7DE6A1-A63D-45A7-8490-EAF906CFF87F}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe (Blackmagic Design Pty Ltd -> ) FirewallRules: [TCP Query User{FC7D5AC8-D6AD-42C9-B4CC-B1F1F3E45A30}C:\program files\blackmagic design\davinci resolve\dpdecoder.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\dpdecoder.exe (Blackmagic Design Pty Ltd -> ) FirewallRules: [UDP Query User{0C4472E2-1C89-4673-AA05-C5EC083B3998}C:\program files\blackmagic design\davinci resolve\dpdecoder.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\dpdecoder.exe (Blackmagic Design Pty Ltd -> ) FirewallRules: [TCP Query User{A8F157CD-4D79-41A6-B790-87C8EDB2AC1D}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\resolve.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.) FirewallRules: [UDP Query User{6BA991D1-535A-4611-BC78-6567DA8C7963}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\resolve.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.) FirewallRules: [TCP Query User{76880DB2-67C6-4146-BED2-E8D524841809}C:\program files\blackmagic design\davinci resolve\fuscript.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\fuscript.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.) FirewallRules: [UDP Query User{613CFE44-7A6C-4EEE-ACE0-E0258049CC4C}C:\program files\blackmagic design\davinci resolve\fuscript.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\fuscript.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.) FirewallRules: [TCP Query User{55AEA78F-9213-4CE2-9E98-CB90F7E89438}C:\program files\geth\geth.exe] => (Allow) C:\program files\geth\geth.exe () [File not signed] FirewallRules: [UDP Query User{6E03B0B1-8F45-4D4C-ADDB-6F060641A27B}C:\program files\geth\geth.exe] => (Allow) C:\program files\geth\geth.exe () [File not signed] FirewallRules: [{09F61A36-ED07-4E14-A640-B2165AB011BE}] => (Allow) D:\Geth\geth.exe () [File not signed] FirewallRules: [{BA2C2C91-C360-438B-8495-080A559F46CD}] => (Allow) D:\Geth\geth.exe () [File not signed] FirewallRules: [{31D0B8C6-4407-4A7C-ADC5-DEB868601D97}] => (Allow) D:\Geth\geth.exe () [File not signed] FirewallRules: [TCP Query User{A45C9E63-7D1B-4546-9459-6E88BFF236E8}F:\programmes\overwatch\_retail_\overwatch.exe] => (Allow) F:\programmes\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment) FirewallRules: [UDP Query User{8BB2118A-5E51-4881-A1B5-48514F77C24B}F:\programmes\overwatch\_retail_\overwatch.exe] => (Allow) F:\programmes\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment) FirewallRules: [{E8E15903-8272-46B1-92E9-F792054CFAE5}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\94.0.4606.27\remoting_host.exe (Google LLC -> Google LLC) FirewallRules: [{1D4720CE-7E24-4659-825E-5D172E671A84}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{E6CC455B-6DFD-40F4-9B32-1F5ED7E0E160}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{AC1307EB-ED0E-4D73-85CD-1089CC5AACB7}] => (Allow) C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe (Piriform Software Ltd -> Piriform Software) ==================== Restore Points ========================= 12-10-2021 21:35:49 Windows Update 21-10-2021 11:34:53 Scheduled Checkpoint 22-10-2021 12:51:06 Windows Modules Installer 31-10-2021 16:07:50 Scheduled Checkpoint 02-11-2021 16:05:50 Installed Node.js ==================== Faulty Device Manager Devices ============ Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Bluetooth USB Host Controller Description: Bluetooth USB Host Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ======================== Application errors: ================== Error: (11/05/2021 08:39:06 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: RegAsm.exe, version: 4.8.3761.0, time stamp: 0x60dbd3f2 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x007e2730 Faulting process ID: 0x5894 Faulting application start time: 0x01d7d27ccaa85349 Faulting application path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe Faulting module path: unknown Report ID: e9a4a80d-748e-4966-9a98-8b2a9b5a9de7 Faulting package full name: Faulting package-relative application ID: Error: (11/05/2021 08:38:06 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: RegAsm.exe, version: 4.8.3761.0, time stamp: 0x60dbd3f2 Faulting module name: RegAsm.exe, version: 4.8.3761.0, time stamp: 0x60dbd3f2 Exception code: 0xc0000005 Fault offset: 0x001e2730 Faulting process ID: 0x6208 Faulting application start time: 0x01d7d27ca6e175fd Faulting application path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe Faulting module path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe Report ID: 2613656c-e2bf-45fc-be43-c76fa87ab0c2 Faulting package full name: Faulting package-relative application ID: Error: (11/05/2021 08:34:06 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: RegAsm.exe, version: 4.8.3761.0, time stamp: 0x60dbd3f2 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x007e2730 Faulting process ID: 0x548c Faulting application start time: 0x01d7d27c17d1fbab Faulting application path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe Faulting module path: unknown Report ID: 0863972e-7a3e-44d9-8589-cdcb55b762e5 Faulting package full name: Faulting package-relative application ID: Error: (11/05/2021 08:30:06 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: RegAsm.exe, version: 4.8.3761.0, time stamp: 0x60dbd3f2 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x007e2730 Faulting process ID: 0x3ec4 Faulting application start time: 0x01d7d27b88c6960b Faulting application path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe Faulting module path: unknown Report ID: 4dbcbaa9-5539-4cd7-8562-9e4d291d8eb8 Faulting package full name: Faulting package-relative application ID: Error: (11/05/2021 08:26:07 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: RegAsm.exe, version: 4.8.3761.0, time stamp: 0x60dbd3f2 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x007e2730 Faulting process ID: 0x3b14 Faulting application start time: 0x01d7d27af9cb646a Faulting application path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe Faulting module path: unknown Report ID: 3f4e1f94-3da5-4fd7-ad5d-ae4b1e0c548d Faulting package full name: Faulting package-relative application ID: Error: (11/05/2021 08:25:07 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: RegAsm.exe, version: 4.8.3761.0, time stamp: 0x60dbd3f2 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x007e2730 Faulting process ID: 0x4088 Faulting application start time: 0x01d7d27ad6016126 Faulting application path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe Faulting module path: unknown Report ID: b40a8f7d-df44-4e9c-a71d-70b259268a18 Faulting package full name: Faulting package-relative application ID: Error: (11/05/2021 08:21:07 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: RegAsm.exe, version: 4.8.3761.0, time stamp: 0x60dbd3f2 Faulting module name: RegAsm.exe, version: 4.8.3761.0, time stamp: 0x60dbd3f2 Exception code: 0xc0000005 Fault offset: 0x001e2730 Faulting process ID: 0x1780 Faulting application start time: 0x01d7d27a474194eb Faulting application path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe Faulting module path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe Report ID: 722564e6-7f12-4f18-a47c-8850df1f04a0 Faulting package full name: Faulting package-relative application ID: Error: (11/05/2021 08:20:07 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: RegAsm.exe, version: 4.8.3761.0, time stamp: 0x60dbd3f2 Faulting module name: RegAsm.exe, version: 4.8.3761.0, time stamp: 0x60dbd3f2 Exception code: 0xc0000005 Fault offset: 0x000e2730 Faulting process ID: 0x3300 Faulting application start time: 0x01d7d27a2380c672 Faulting application path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe Faulting module path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe Report ID: afc99d73-9717-4d0b-a069-288b86104509 Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (11/05/2021 08:41:19 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-ITV8P0Q) Description: The server {4BD3E4E1-7BD4-4A2B-9964-496400DE5193} did not register with DCOM within the required timeout. Error: (11/05/2021 06:30:49 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-ITV8P0Q) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user DESKTOP-ITV8P0Q\Fred SID (S-1-5-21-1935842148-1994693060-1218045284-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (11/05/2021 06:16:28 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CDPSvc service. Error: (11/05/2021 06:16:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (11/05/2021 06:15:59 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-ITV8P0Q) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user DESKTOP-ITV8P0Q\Fred SID (S-1-5-21-1935842148-1994693060-1218045284-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (11/05/2021 06:15:58 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CDPSvc service. Error: (11/05/2021 06:14:58 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CDPSvc service. Error: (11/05/2021 04:54:56 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-ITV8P0Q) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user DESKTOP-ITV8P0Q\Fred SID (S-1-5-21-1935842148-1994693060-1218045284-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Windows Defender: ================ Date: 2021-11-05 20:21:22.251 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS!rfn&threatid=2147692752&enterprise=0 Name: HackTool:Win32/AutoKMS!rfn Severity: High Category: Tool Path: file:_C:\Users\Fred\Documents\Vuze Downloads\KMSpico 10.2.0 FINAL + Portable (Office and Windows 10 Activator) [TechTools]\KMSpico 10.2.0 FINAL + Portable (Office and Windows 10 Activator) [TechTools.NET]\KMSpico Install\KMSpico_setup.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: G:\Téléchargements\ZHPSuite.exe Security intelligence Version: AV: 1.353.480.0, AS: 1.353.480.0, NIS: 1.353.480.0 Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4 Date: 2021-10-22 14:02:03.486 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Script/Ulthar.A!ml&threatid=2147751841&enterprise=0 Name: Trojan:Script/Ulthar.A!ml Severity: Severe Category: Trojan Path: file:_G:\Téléchargements\ReaperMH (2).zip; webfile:_G:\Téléchargements\ReaperMH (2).zip|https://cdn.discordapp.com/attachments/890677522612772917/899187376885202984/ReaperMH.zip|pid:12120,ProcessStart:132793777232054756 Detection Origin: Internet Detection Type: FastPath Detection Source: Downloads and attachments Process Name: Unknown Security intelligence Version: AV: 1.351.853.0, AS: 1.351.853.0, NIS: 1.351.853.0 Engine Version: AM: 1.1.18600.4, NIS: 1.1.18600.4 Date: 2021-10-22 14:00:54.623 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Script/Ulthar.A!ml&threatid=2147751841&enterprise=0 Name: Trojan:Script/Ulthar.A!ml Severity: Severe Category: Trojan Path: file:_G:\Téléchargements\ReaperMH (2).zip; webfile:_G:\Téléchargements\ReaperMH (2).zip|https://cdn.discordapp.com/attachments/890677522612772917/899187376885202984/ReaperMH.zip|pid:6780,ProcessStart:132793776452333097 Detection Origin: Internet Detection Type: FastPath Detection Source: Downloads and attachments Process Name: Unknown Security intelligence Version: AV: 1.351.853.0, AS: 1.351.853.0, NIS: 1.351.853.0 Engine Version: AM: 1.1.18600.4, NIS: 1.1.18600.4 Date: 2021-10-22 14:00:45.575 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Script/Ulthar.A!ml&threatid=2147751841&enterprise=0 Name: Trojan:Script/Ulthar.A!ml Severity: Severe Category: Trojan Path: file:_G:\Téléchargements\ReaperMH (2).zip; webfile:_G:\Téléchargements\ReaperMH (2).zip|https://cdn.discordapp.com/attachments/890677522612772917/899187376885202984/ReaperMH.zip|pid:6780,ProcessStart:132793776452333097 Detection Origin: Internet Detection Type: FastPath Detection Source: Downloads and attachments Process Name: Unknown Security intelligence Version: AV: 1.351.853.0, AS: 1.351.853.0, NIS: 1.351.853.0 Engine Version: AM: 1.1.18600.4, NIS: 1.1.18600.4 Date: 2021-10-22 14:00:27.863 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Script/Ulthar.A!ml&threatid=2147751841&enterprise=0 Name: Trojan:Script/Ulthar.A!ml Severity: Severe Category: Trojan Path: file:_G:\Téléchargements\ReaperMH (1).zip Detection Origin: Local machine Detection Type: FastPath Detection Source: Real-Time Protection Process Name: C:\Program Files\WinRAR\WinRAR.exe Security intelligence Version: AV: 1.351.853.0, AS: 1.351.853.0, NIS: 1.351.853.0 Engine Version: AM: 1.1.18600.4, NIS: 1.1.18600.4  ==================== Memory info =========================== BIOS: American Megatrends Inc. F9 09/18/2015 Motherboard: Gigabyte Technology Co., Ltd. Z97-D3H-CF Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz Percentage of memory in use: 27% Total physical RAM: 20429.34 MB Available physical RAM: 14769.52 MB Total Virtual: 21709.34 MB Available Virtual: 13816.34 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:222.97 GB) (Free:56.17 GB) NTFS Drive d: (GETH) (Fixed) (Total:931.51 GB) (Free:573.15 GB) NTFS Drive f: (SSD1) (Fixed) (Total:465.76 GB) (Free:58.37 GB) NTFS Drive g: (HDD1) (Fixed) (Total:931.51 GB) (Free:61.01 GB) NTFS \\?\Volume{322fd43e-c09f-4ec4-bd11-c9f4c25f597a}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.11 GB) NTFS \\?\Volume{94b70362-d39c-4caf-a826-c7b5c6bb9b52}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 678F369B) Partition: GPT. ========================================================== Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000) Partition: GPT. ========================================================== Disk: 2 (Size: 223.6 GB) (Disk ID: 0C8B91D0) Partition: GPT. ========================================================== Disk: 3 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt =======================