I recently got my crypto stolen from one of my chrome based wallets and then I discovered I am infected prob with a trojan. I ran tron script and it was unable to get rid of the malware.  They show up as suspended services:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-11-2021

Ran by Patrick (administrator) on CRUSTY-LAPTOP (Acer Swift SF314-42) (05-11-2021 22:52:45)

Running from C:UsersPatrickOneDriveDesktop

Loaded Profiles: Patrick

: Microsoft Windows 10 Pro Version 21H1 19043.1288 (X64) Language: English (United States)

Default browser: FF

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:Program Files (x86)Remote MouseRemoteMouseService.exe

(Adobe Inc. -> Adobe Inc) C:Program Files (x86)Common FilesAdobeAdobe Desktop CommonIPCBoxAdobeIPCBroker.exe

(Adobe Inc. -> Adobe Inc.) C:Program Files (x86)Common FilesAdobeAdobe Desktop CommonElevationManagerAdobeUpdateService.exe

(Adobe Inc. -> Adobe Systems Incorporated) C:Program FilesAdobeAdobe Creative Cloud ExperienceCCXProcess.exe

(Advanced Micro Devices, Inc. -> AMD) C:WindowsSystem32DriverStoreFileRepositoryu0368330.inf_amd64_2a773f4c46cdd019B367597atieclxx.exe

(Advanced Micro Devices, Inc. -> AMD) C:WindowsSystem32DriverStoreFileRepositoryu0368330.inf_amd64_2a773f4c46cdd019B367597atiesrxx.exe

(Apple Inc. -> Apple Inc.) C:Program FilesBonjourmDNSResponder.exe

(Apple Inc. -> Apple Inc.) C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe

(Code Sector -> Code Sector) C:Program FilesTeraCopyTeraCopyService.exe

(Dropbox, Inc -> Dropbox, Inc.) C:Program Files (x86)DropboxUpdateDropboxUpdate.exe

(Dropbox, Inc -> Dropbox, Inc.) C:WindowsSystem32DbxSvc.exe

(DTS, Inc. -> DTS Inc.) C:WindowsSystem32DTSPCAPO4xDtsApo4Service.exe

(FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:Program Files (x86)Foxit SoftwareFoxit ReaderFoxitReaderUpdateService.exe

(Glarysoft LTD -> Glarysoft Ltd) C:Program Files (x86)Glary Utilities 5Integrator.exe

(Ivaylo Beltchev -> IvoSoft) [File not signed] C:Program FilesClassic ShellClassicStartMenu.exe

(Malwarebytes Inc -> Malwarebytes) C:Program FilesMalwarebytesAnti-MalwareMBAMService.exe

(Malwarebytes Inc -> Malwarebytes) C:Program FilesMalwarebytesAnti-Malwarembamtray.exe

(Microsoft Corporation -> Microsoft Corporation) C:Program FilesCommon Filesmicrosoft sharedClickToRunOfficeClickToRun.exe

(Microsoft Corporation -> Microsoft Corporation) C:UsersPatrickAppDataLocalMicrosoftOneDrive21.205.1003.0005FileCoAuth.exe

(Microsoft Windows -> Microsoft Corporation) C:Program FilesMicrosoft Update Health Toolsuhssvc.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32dllhost.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32LogonUI.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32rdpclip.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32sethc.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32smartscreen.exe

(Microsoft Windows Publisher -> Microsoft Corporation) C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2110.6-0MpCopyAccelerator.exe

(Microsoft Windows Publisher -> Microsoft Corporation) C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2110.6-0MsMpEng.exe

(Microsoft Windows Publisher -> Microsoft Corporation) C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2110.6-0NisSrv.exe

(Mozilla Corporation -> Mozilla Corporation) C:Program FilesMozilla Firefoxfirefox.exe <10>

(OpenJS Foundation -> Node.js) C:Program FilesAdobeAdobe Creative Cloud Experiencelibsnode.exe

(Phase Five Systems LLC -> Phase Five Systems) C:Program Files (x86)Phase Five SystemsJump Desktop Connect6.7.52.0JumpConnect.exe

(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:WindowsSystem32RtkAudUService64.exe <2>

(remotemouse.net) [File not signed] C:Program Files (x86)Remote MouseRemoteMouse.exe

(RemoteMouse.net) [File not signed] C:Program Files (x86)Remote MouseRemoteMouseCore.exe

(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:Program Files (x86)TeamViewerTeamViewer.exe

(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:Program Files (x86)TeamViewerTeamViewer_Service.exe

(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:Program Files (x86)TeamViewertv_w32.exe

(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:Program Files (x86)TeamViewertv_x64.exe

(Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) C:Program Files (x86)Common FilesZoomSupportCptService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM…Run: [RtkAudUService] => C:WINDOWSSystem32RtkAudUService64.exe [1081648 2020-06-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

HKLM…Run: [Everything] => C:Program FilesEverythingEverything.exe [2254152 2020-08-04] (voidtools -> voidtools)

HKLM…Run: [Classic Start Menu] => C:Program FilesClassic ShellClassicStartMenu.exe [163640 2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]

HKLM…Run: [iTunesHelper] => C:Program FilesiTunesiTunesHelper.exe [340440 2021-04-16] (Apple Inc. -> Apple Inc.)

HKLM-x32…Run: [Discord] => C:ProgramDataSquirrelMachineInstallsDiscord.exe [62636856 2020-09-08] (Discord Inc. -> Discord Inc.)

HKLM-x32…Run: [Dropbox] => C:Program Files (x86)DropboxClientDropbox.exe [8807712 2021-10-23] (Dropbox, Inc -> Dropbox, Inc.)

HKLM-x32…Run: [Adobe Creative Cloud] => C:Program FilesAdobeAdobe Creative CloudACCCreative Cloud.exe [781552 2021-10-24] (Adobe Inc. -> Adobe Inc.)

HKLM-x32…Run: [Adobe CCXProcess] => C:Program Files (x86)AdobeAdobe Creative Cloud ExperienceCCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )

HKLM…PoliciesExplorer: [HideSCAMeetNow] 1

HKLMSOFTWAREPoliciesMicrosoftWindows Defender: Restriction <==== ATTENTION

HKUS-1-5-21-3117520339-3902473568-3870579923-1001…Run: [GUDelayStartup] => C:Program Files (x86)Glary Utilities 5StartupManager.exe [45488 2020-09-04] (Glarysoft LTD -> Glarysoft Ltd)

HKUS-1-5-21-3117520339-3902473568-3870579923-1001…Run: [Discord] => C:UsersPatrickAppDataLocalDiscordUpdate.exe [1512608 2021-09-21] (Discord Inc. -> GitHub)

HKUS-1-5-21-3117520339-3902473568-3870579923-1001…Run: [Spotify] => C:UsersPatrickAppDataRoamingSpotifySpotify.exe [18682808 2021-11-05] (Spotify AB -> Spotify Ltd)

HKUS-1-5-21-3117520339-3902473568-3870579923-1001…PoliciesExplorer: [HideSCAMeetNow] 1

HKLM…PrintMonitorsCutePDF Writer Monitor v4.0: C:WINDOWSsystem32cpwmon64_v40.dll [89584 2019-10-20] (Acro Software Inc -> )

HKLMSoftwareMicrosoftActive SetupInstalled Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:Program FilesBraveSoftwareBrave-BrowserApplication95.1.31.88Installerchrmstp.exe [2021-10-29] (Brave Software, Inc. -> Brave Software, Inc.)

HKLMSOFTWAREPoliciesMicrosoftEdge: Restriction <==== ATTENTION

HKUS-1-5-21-3117520339-3902473568-3870579923-1001SOFTWAREPoliciesMicrosoftEdge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {10F474D4-C3A4-496B-88A4-5CF91B59B590} – System32TasksMicrosoftOfficeOffice Subscription Maintenance => C:Program FilesMicrosoft OfficerootvfsProgramFilesCommonx64Microsoft SharedOffice16OLicenseHeartbeat.exe [1600408 2021-10-29] (Microsoft Corporation -> Microsoft Corporation)

Task: {164BE03F-2DC5-4A45-B509-6FB55D568473} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Verification => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2110.6-0MpCmdRun.exe [901056 2021-11-03] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {17C61F12-DB72-48F8-828A-FFA0CC1E28B4} – System32TasksDropboxUpdateTaskMachineUA => C:Program Files (x86)DropboxUpdateDropboxUpdate.exe [129808 2021-08-13] (Dropbox, Inc -> Dropbox, Inc.)

Task: {3D6C3F40-7016-40CB-B2A4-C227CE40EA79} – System32TasksMicrosoftOfficeOffice Feature Updates => C:Program FilesMicrosoft OfficerootOffice16sdxhelper.exe [138600 2021-10-29] (Microsoft Corporation -> Microsoft Corporation)

Task: {5273D4A7-58C8-4FE2-950E-12FD76EC6CA3} – System32TasksAppleAppleSoftwareUpdate => C:Program Files (x86)Apple Software UpdateSoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)

Task: {53A48019-8748-4F5E-A138-64FBE47C03C1} – System32TasksIPVanish => C:Program FilesIPVanish VPNIPVanish.exe [2529872 2021-01-14] (Mudhook Marketing, Inc. -> Mudhook Marketing, Inc)

Task: {5BA2864C-1652-4445-992F-D0F38761BFAC} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Scheduled Scan => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2110.6-0MpCmdRun.exe [901056 2021-11-03] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {5BCDEFB0-339B-403E-A232-93E5B7BFBCF3} – System32TasksMicrosoftOfficeOffice Feature Updates Logon => C:Program FilesMicrosoft OfficerootOffice16sdxhelper.exe [138600 2021-10-29] (Microsoft Corporation -> Microsoft Corporation)

Task: {5E61CDFE-448B-4CD4-9671-9F5AE80D8851} – System32TasksBraveSoftwareUpdateTaskMachineCore => C:Program Files (x86)BraveSoftwareUpdateBraveUpdate.exe [162456 2021-09-25] (Brave Software, Inc. -> BraveSoftware Inc.)

Task: {652F928F-82B6-4728-A473-4A06F48ECFB1} – System32TasksMicrosoftOfficeOffice ClickToRun Service Monitor => C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeC2RClient.exe [22655904 2021-10-29] (Microsoft Corporation -> Microsoft Corporation)

Task: {83B56082-5434-4DAB-8A00-C0FC028E7CA9} – System32TasksMozillaFirefox Default Browser Agent 308046B0AF4A39CB => C:Program FilesMozilla Firefoxdefault-browser-agent.exe [682936 2021-11-04] (Mozilla Corporation -> Mozilla Foundation)

Task: {AD0CBD63-D604-4906-A7E5-FC09251BAA46} – System32Tasksnpcapwatchdog => C:Program FilesNpcapCheckStatus.bat [1145 2021-04-21] () [File not signed]

Task: {C4B49AB1-3ACA-498C-941B-0A5149A787FE} – System32TasksDropboxUpdateTaskMachineCore => C:Program Files (x86)DropboxUpdateDropboxUpdate.exe [129808 2021-08-13] (Dropbox, Inc -> Dropbox, Inc.)

Task: {C8DE4046-BDC0-48E8-B5C5-E51D4A4D041A} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Cleanup => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2110.6-0MpCmdRun.exe [901056 2021-11-03] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {CA71860E-1756-48DA-8F4C-4FCFB487E8B4} – System32TasksMozillaFirefox Background Update 308046B0AF4A39CB => C:Program FilesMozilla Firefoxfirefox.exe –MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 –MOZ_LOG_FILE C:ProgramDataMozillaupdates308046B0AF4A39CBbackgroundupdate.moz_log –backgroundtask backgroundupdate

Task: {D81F21F0-3632-4ED5-A48B-80BC065E71C3} – System32TasksGlaryInitialize 5 => C:Program Files (x86)Glary Utilities 5Initialize.exe [138160 2020-09-04] (Glarysoft LTD -> Glarysoft Ltd)

Task: {E0E90881-4E69-405B-8043-BEE63FC11943} – System32TasksOpera scheduled Autoupdate 1599624138 => C:Program FilesOperalauncher.exe [46227664 2021-10-20] (Opera Software AS -> Opera Software)

Task: {E82C7A51-29A4-432C-A2E1-A1F86BB67572} – System32TasksMicrosoftOfficeOffice Automatic Updates 2.0 => C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeC2RClient.exe [22655904 2021-10-29] (Microsoft Corporation -> Microsoft Corporation)

Task: {F067C2BD-4284-45BC-8C99-A516DC8C1D14} – System32TasksGU5SkipUAC => C:Program Files (x86)Glary Utilities 5Integrator.exe [918960 2020-09-04] (Glarysoft LTD -> Glarysoft Ltd)

Task: {F363D6BF-552E-4F79-A02C-0207D45E989C} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Cache Maintenance => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2110.6-0MpCmdRun.exe [901056 2021-11-03] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {F5DD5CA8-EC74-44FC-90A0-1B9394AF5DF9} – System32TasksBraveSoftwareUpdateTaskMachineUA => C:Program Files (x86)BraveSoftwareUpdateBraveUpdate.exe [162456 2021-09-25] (Brave Software, Inc. -> BraveSoftware Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:WINDOWSTasksDropboxUpdateTaskMachineCore.job => C:Program Files (x86)DropboxUpdateDropboxUpdate.exe

Task: C:WINDOWSTasksDropboxUpdateTaskMachineUA.job => C:Program Files (x86)DropboxUpdateDropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

TcpipParameters: [DhcpNameServer] 9.9.9.9 149.112.112.112

Tcpip..Interfaces{25feb924-f764-496a-8af4-85633f594608}: [DhcpNameServer] 9.9.9.9 149.112.112.112

Tcpip..Interfaces{8b0262dc-de9b-4d26-b936-393f185015ec}: [DhcpNameServer] 9.9.9.9 149.112.112.112

Tcpip..Interfaces{cbe61f0a-be44-4a89-a520-46c49c74504d}: [DhcpNameServer] 9.9.9.9 149.112.112.112

Tcpip..Interfaces{de7ae5eb-01f4-4d85-a122-90dcc6a31eac}: [DhcpNameServer] 9.9.9.9 149.112.112.112

Edge:

=======

Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsAutoFormFill [not found]

Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsBookViewer [not found]

Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsLearningTools [not found]

Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsPinJSAPI [not found]

Edge Profile: C:UsersPatrickAppDataLocalMicrosoftEdgeUser DataDefault [2021-11-05]

Edge HKUS-1-5-21-3117520339-3902473568-3870579923-1001SOFTWAREMicrosoftEdgeExtensions…EdgeExtension: [llbjbkhnmlidjebalopleeepgdfgcpec] – C:Program Files (x86)Internet Download ManagerIDMEdgeExt.crx

FireFox:

========

FF DefaultProfile: 7rpk8yk3.default

FF ProfilePath: C:UsersPatrickAppDataRoamingMozillaFirefoxProfiles7rpk8yk3.default [2020-09-08]

FF ProfilePath: C:UsersPatrickAppDataRoamingMozillaFirefoxProfilessnmmxe40.default-release [2021-11-05]

FF Session Restore: MozillaFirefoxProfilessnmmxe40.default-release -> is enabled.

FF Notifications: MozillaFirefoxProfilessnmmxe40.default-release -> hxxps://web.telegram.org; hxxps://changenow.io

FF Extension: (Disconnect) – C:UsersPatrickAppDataRoamingMozillaFirefoxProfilessnmmxe40.default-releaseExtensions2.0@disconnect.me.xpi [2020-10-07]

FF Extension: (Google Container) – C:UsersPatrickAppDataRoamingMozillaFirefoxProfilessnmmxe40.default-releaseExtensions@contain-google.xpi [2021-06-12]

FF Extension: (Keepa – Amazon Price Tracker) – C:UsersPatrickAppDataRoamingMozillaFirefoxProfilessnmmxe40.default-releaseExtensionsamptra@keepa.com.xpi [2021-09-19]

FF Extension: (OneNote Web Clipper) – C:UsersPatrickAppDataRoamingMozillaFirefoxProfilessnmmxe40.default-releaseExtensionsClipper@OneNote.com.xpi [2020-10-23]

FF Extension: (Don’t bleep With Paste) – C:UsersPatrickAppDataRoamingMozillaFirefoxProfilessnmmxe40.default-releaseExtensionsDontbleepWithPaste@raim.ist.xpi [2020-09-08]

FF Extension: (Folx) – C:UsersPatrickAppDataRoamingMozillaFirefoxProfilessnmmxe40.default-releaseExtensionsfolx5@eltima.com.xpi [2021-05-22]

FF Extension: (Disable WebRTC) – C:UsersPatrickAppDataRoamingMozillaFirefoxProfilessnmmxe40.default-releaseExtensionsjid1-5Fs7iTLscUaZBgwr@jetpack.xpi [2021-06-13]

FF Extension: (Honey) – C:UsersPatrickAppDataRoamingMozillaFirefoxProfilessnmmxe40.default-releaseExtensionsjid1-93CWPmRbVPjRQA@jetpack.xpi [2021-06-25]

FF Extension: (Decentraleyes) – C:UsersPatrickAppDataRoamingMozillaFirefoxProfilessnmmxe40.default-releaseExtensionsjid1-BoFifL9Vbdl2zQ@jetpack.xpi [2021-09-04]

FF Extension: (I don’t care about cookies) – C:UsersPatrickAppDataRoamingMozillaFirefoxProfilessnmmxe40.default-releaseExtensionsjid1-KKzOGWgsW3Ao4Q@jetpack.xpi [2021-09-21]

FF Extension: (Double-click Image Downloader) – C:UsersPatrickAppDataRoamingMozillaFirefoxProfilessnmmxe40.default-releaseExtensionsjid1-xgtdawe3yyUeBQ@jetpack.xpi [2021-05-22]

FF Extension: (Reddit Enhancement Suite) – C:UsersPatrickAppDataRoamingMozillaFirefoxProfilessnmmxe40.default-releaseExtensionsjid1-xUfzOsOFlzSOXg@jetpack.xpi [2021-06-05]

FF Extension: (Pinterest Save Button) – C:UsersPatrickAppDataRoamingMozillaFirefoxProfilessnmmxe40.default-releaseExtensionsjid1-YcMV6ngYmQRA2w@jetpack.xpi [2021-09-08]

FF Extension: (IDM Integration Module) – C:UsersPatrickAppDataRoamingMozillaFirefoxProfilessnmmxe40.default-releaseExtensionsmozilla_cc3@internetdownloadmanager.com.xpi [2021-03-09]

FF Extension: (Download Manager (S3)) – C:UsersPatrickAppDataRoamingMozillaFirefoxProfilessnmmxe40.default-releaseExtensionss3download@statusbar.xpi [2020-12-30]

FF Extension: (LastPass: Free Password Manager) – C:UsersPatrickAppDataRoamingMozillaFirefoxProfilessnmmxe40.default-releaseExtensionssupport@lastpass.com.xpi [2021-09-23]

FF Extension: (Google Translator for Firefox) – C:UsersPatrickAppDataRoamingMozillaFirefoxProfilessnmmxe40.default-releaseExtensionstranslator@zoli.bod.xpi [2020-09-08]

FF Extension: (uBlock Origin) – C:UsersPatrickAppDataRoamingMozillaFirefoxProfilessnmmxe40.default-releaseExtensionsuBlock0@raymondhill.net.xpi [2021-08-01]

FF Extension: (Paste n’ Go) – C:UsersPatrickAppDataRoamingMozillaFirefoxProfilessnmmxe40.default-releaseExtensions{000a756d-5efb-4897-b40c-57ef8c5caa59}.xpi [2020-09-08]

FF Extension: (Take Webpage Screenshots Entirely – FireShot) – C:UsersPatrickAppDataRoamingMozillaFirefoxProfilessnmmxe40.default-releaseExtensions{0b457cAA-602d-484a-8fe7-c1d894a011ba}.xpi [2021-07-29]

FF Extension: (CSS Toggler) – C:UsersPatrickAppDataRoamingMozillaFirefoxProfilessnmmxe40.default-releaseExtensions{16898b73-edd0-419f-a0a9-e5afd2a4c904}.xpi [2020-09-08]

FF Extension: (Startpage.com — Private Search Engine) – C:UsersPatrickAppDataRoamingMozillaFirefoxProfilessnmmxe40.default-releaseExtensions{20fc2e06-e3e4-4b2b-812b-ab431220cada}.xpi [2020-09-08]

FF Extension: (Video Download) – C:UsersPatrickAppDataRoamingMozillaFirefoxProfilessnmmxe40.default-releaseExtensions{2c1bf1db-1d03-469a-8d76-c7a3c8b8d928}.xpi [2021-03-03]

FF Extension: (Download All Images) – C:UsersPatrickAppDataRoamingMozillaFirefoxProfilessnmmxe40.default-releaseExtensions{32af1358-428a-446d-873e-5f8eb5f2a72e}.xpi [2021-07-07]

FF Extension: (Send to VLC (VideoLAN) media player) – C:UsersPatrickAppDataRoamingMozillaFirefoxProfilessnmmxe40.default-releaseExtensions{3e0ac434-26e0-4c03-b757-3078486800c3}.xpi [2020-09-08]

FF Extension: (IDM: Video Downloader) – C:UsersPatrickAppDataRoamingMozillaFirefoxProfilessnmmxe40.default-releaseExtensions{40412284-6577-4bb6-9b8d-e8af25f6105c}.xpi [2021-02-27]

FF Extension: (Disable JavaScript) – C:UsersPatrickAppDataRoamingMozillaFirefoxProfilessnmmxe40.default-releaseExtensions{41f9e51d-35e4-4b29-af66-422ff81c8b41}.xpi [2020-09-08]

FF Extension: (Eno® from Capital One®) – C:UsersPatrickAppDataRoamingMozillaFirefoxProfilessnmmxe40.default-releaseExtensions{4d5b7a5e-5232-9e45-97f4-f8e1ca2626e5}.xpi [2021-08-12]

FF Extension: (Science Fiction Florest) – C:UsersPatrickAppDataRoamingMozillaFirefoxProfilessnmmxe40.default-releaseExtensions{4d6138be-7d98-4fed-8cb9-277c3a351183}.xpi [2020-09-09]

FF Extension: (Blue Carbon Fiber) – C:UsersPatrickAppDataRoamingMozillaFirefoxProfilessnmmxe40.default-releaseExtensions{5ab03bdd-3d91-4c73-801e-607ca27458d0}.xpi [2020-09-08]

FF Extension: (ColorZilla) – C:UsersPatrickAppDataRoamingMozillaFirefoxProfilessnmmxe40.default-releaseExtensions{6AC85730-7D0F-4de0-B3FA-21142DD85326}.xpi [2020-09-08]

FF Extension: (Hot air balloons v5 by CP) – C:UsersPatrickAppDataRoamingMozillaFirefoxProfilessnmmxe40.default-releaseExtensions{790388bf-f135-4368-ab9b-36c8062a09c2}.xpi [2021-06-17]

FF Extension: (Plexus Crystals (Yellow)) – C:UsersPatrickAppDataRoamingMozillaFirefoxProfilessnmmxe40.default-releaseExtensions{826d3ea1-5a85-4e6c-8749-aff3f72ccc5d}.xpi [2021-06-17]

FF Extension: (Clippings) – C:UsersPatrickAppDataRoamingMozillaFirefoxProfilessnmmxe40.default-releaseExtensions{91aa5abe-9de4-4347-b7b5-322c38dd9271}.xpi [2021-09-08]

FF Extension: (Absolute Right Click) – C:UsersPatrickAppDataRoamingMozillaFirefoxProfilessnmmxe40.default-releaseExtensions{9350bc42-47fb-4598-ae0f-825e3dd9ceba}.xpi [2021-08-03]

FF Extension: (Capital One Shopping: Online Coupon Tool) – C:UsersPatrickAppDataRoamingMozillaFirefoxProfilessnmmxe40.default-releaseExtensions{aff8af88-06a9-4eee-b383-3af08c47b8c8}.xpi [2021-08-31]

FF Extension: (The universe of ancient times.) – C:UsersPatrickAppDataRoamingMozillaFirefoxProfilessnmmxe40.default-releaseExtensions{b6d370bd-f532-4049-9a82-f53b47f369b3}.xpi [2020-09-08]

FF Extension: (flashy pastel rainbow) – C:UsersPatrickAppDataRoamingMozillaFirefoxProfilessnmmxe40.default-releaseExtensions{ced18bb2-3a5e-4d85-b0ad-5b99cb34fa73}.xpi [2021-03-29]

FF Extension: (Polynial design) – C:UsersPatrickAppDataRoamingMozillaFirefoxProfilessnmmxe40.default-releaseExtensions{d7dce9c0-165e-44ff-90b9-c5ce9f7a7721}.xpi [2021-06-17]

FF Extension: (Matte Black (Orange)) – C:UsersPatrickAppDataRoamingMozillaFirefoxProfilessnmmxe40.default-releaseExtensions{e7c9fb23-17c0-4bb6-a8ba-ff52a7770b89}.xpi [2021-06-17]

FF Extension: (Plexus Crystals (Violet)) – C:UsersPatrickAppDataRoamingMozillaFirefoxProfilessnmmxe40.default-releaseExtensions{ff571d12-dfde-4e8f-be1d-38c145a98443}.xpi [2021-06-17]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:Program FilesMicrosoft Silverlight5.1.50918.0npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:Program FilesMicrosoft OfficerootOffice16NPSPWRAP.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:Program FilesVideoLANVLCnpvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)

FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:Program FilesVideoLANVLCnpvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)

FF Plugin: adobe.com/AdobeAAMDetect -> C:Program Files (x86)AdobeAdobe Creative CloudUtilsnpAdobeAAMDetect64.dll [2021-10-24] (Adobe Inc. -> Adobe Systems)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:Program Files (x86)Foxit SoftwareFoxit ReaderpluginsnpFoxitReaderPlugin.dll [2020-07-08] (FOXIT SOFTWARE INC. -> Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:Program Files (x86)Foxit SoftwareFoxit ReaderpluginsnpFoxitReaderPlugin.dll [2020-07-08] (FOXIT SOFTWARE INC. -> Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:Program Files (x86)Foxit SoftwareFoxit ReaderpluginsnpFoxitReaderPlugin.dll [2020-07-08] (FOXIT SOFTWARE INC. -> Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:Program Files (x86)Foxit SoftwareFoxit ReaderpluginsnpFoxitReaderPlugin.dll [2020-07-08] (FOXIT SOFTWARE INC. -> Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:Program Files (x86)Foxit SoftwareFoxit ReaderpluginsnpFoxitReaderPlugin.dll [2020-07-08] (FOXIT SOFTWARE INC. -> Foxit Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:Program Files (x86)Microsoft Silverlight5.1.50918.0npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16NPSPWRAP.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:Program Files (x86)AdobeAdobe Creative CloudUtilsnpAdobeAAMDetect32.dll [2021-10-24] (Adobe Inc. -> Adobe Systems)

Opera:

=======

OPR Profile: C:UsersPatrickAppDataRoamingOpera SoftwareOpera Stable [2021-11-05]

OPR DownloadDir: C:UsersPatrickDownloadsopera downloads

OPR DefaultSuggestURL: Opera Stable -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list&t={opera:vpnClient}

OPR Extension: (Rich Hints Agent) – C:UsersPatrickAppDataRoamingOpera SoftwareOpera StableExtensionsenegjkbbakeegngfapepobipndnebkdk [2021-11-03]

OPR Extension: (Amazon Assistant Promotion) – C:UsersPatrickAppDataRoamingOpera SoftwareOpera StableExtensionskbmoiomgmchbpihhdpabemajcbjpcijk [2021-08-16]

Brave:

=======

BRA Profile: C:UsersPatrickAppDataLocalBraveSoftwareBrave-BrowserUser DataDefault [2021-11-05]

BRA DefaultSearchURL: Default -> hxxps://www.startpage.com/do/search?q={searchTerms}&segment=startpage.brave

BRA DefaultSearchKeyword: Default -> :sp

BRA DefaultSuggestURL: Default -> hxxps://www.startpage.com/cgi-bin/csuggest?query={searchTerms}&limit=10&format=json

BRA Extension: (Pink Triangles) – C:UsersPatrickAppDataLocalBraveSoftwareBrave-BrowserUser DataDefaultExtensionsfklljnhmbagigkninckdfeknliepoock [2021-10-03]

BRA Extension: (Brave Local Data Files Updater) – C:UsersPatrickAppDataLocalBraveSoftwareBrave-BrowserUser Dataafalakplffnnnlkncjhbmahjfjhmlkal [2021-10-13]

BRA Extension: (Brave Ad Block Updater (Default)) – C:UsersPatrickAppDataLocalBraveSoftwareBrave-BrowserUser Datacffkpbalmllkdoenhmdmpbkajipdjfam [2021-11-05]

BRA Extension: (Brave NTP sponsored images) – C:UsersPatrickAppDataLocalBraveSoftwareBrave-BrowserUser Datagccbbckogglekeggclmmekihdgdpdgoe [2021-11-05]

BRA Extension: (Brave Ads Resources) – C:UsersPatrickAppDataLocalBraveSoftwareBrave-BrowserUser Dataiblokdlgekdjophgeonmanpnjihcjkjj [2021-11-04]

BRA Extension: (Brave SpeedReader Updater) – C:UsersPatrickAppDataLocalBraveSoftwareBrave-BrowserUser Datajicbkmdloagakknpihibphagfckhjdih [2021-09-25]

BRA Extension: (Brave Ads Resources) – C:UsersPatrickAppDataLocalBraveSoftwareBrave-BrowserUser Dataocilmpijebaopmdifcomolmpigakocmo [2021-11-04]

BRA Extension: (Crypto Wallets) – C:UsersPatrickAppDataLocalBraveSoftwareBrave-BrowserUser Dataodbfpeeihdkbihmopkbjmoonfanlbfcl [2021-10-22]

BRA Extension: (Brave HTTPS Everywhere Updater) – C:UsersPatrickAppDataLocalBraveSoftwareBrave-BrowserUser Dataoofiananboodjbbmdelgdommihjbkfag [2021-11-04]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:Program Files (x86)Common FilesAdobeAdobe Desktop CommonElevationManagerAdobeUpdateService.exe [844528 2021-10-24] (Adobe Inc. -> Adobe Inc.)

R2 Apple Mobile Device Service; C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe [99104 2021-03-16] (Apple Inc. -> Apple Inc.)

S2 brave; C:Program Files (x86)BraveSoftwareUpdateBraveUpdate.exe [162456 2021-09-25] (Brave Software, Inc. -> BraveSoftware Inc.)

S3 bravem; C:Program Files (x86)BraveSoftwareUpdateBraveUpdate.exe [162456 2021-09-25] (Brave Software, Inc. -> BraveSoftware Inc.)

R2 ClickToRunSvc; C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeClickToRun.exe [12034464 2021-10-29] (Microsoft Corporation -> Microsoft Corporation)

S2 dbupdate; C:Program Files (x86)DropboxUpdateDropboxUpdate.exe [129808 2021-08-13] (Dropbox, Inc -> Dropbox, Inc.)

S3 dbupdatem; C:Program Files (x86)DropboxUpdateDropboxUpdate.exe [129808 2021-08-13] (Dropbox, Inc -> Dropbox, Inc.)

R2 DbxSvc; C:WINDOWSsystem32DbxSvc.exe [44328 2021-10-23] (Dropbox, Inc -> Dropbox, Inc.)

R2 DtsApo4Service; C:WINDOWSSystem32DTSPCAPO4xDtsApo4Service.exe [213432 2021-02-21] (DTS, Inc. -> DTS Inc.)

R2 FoxitReaderUpdateService; C:Program Files (x86)Foxit SoftwareFoxit ReaderFoxitReaderUpdateService.exe [1995184 2020-07-08] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)

R2 JumpConnect; C:Program Files (x86)Phase Five SystemsJump Desktop Connect6.7.52.0JumpConnect.exe [149912 2021-08-27] (Phase Five Systems LLC -> Phase Five Systems)

R2 MBAMService; C:Program FilesMalwarebytesAnti-MalwareMBAMService.exe [7826104 2021-10-29] (Malwarebytes Inc -> Malwarebytes)

R2 RemoteMouseService; C:Program Files (x86)Remote MouseRemoteMouseService.exe [10752 2021-07-06] () [File not signed]

S3 Sense; C:Program FilesWindows Defender Advanced Threat ProtectionMsSense.exe [5414976 2021-10-14] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 TeamViewer; C:Program Files (x86)TeamViewerTeamViewer_Service.exe [13353768 2021-09-15] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

R2 TeraCopyService; C:Program FilesTeraCopyTeraCopyService.exe [110416 2017-05-05] (Code Sector -> Code Sector)

R3 WdNisSvc; C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2110.6-0NisSrv.exe [2872024 2021-11-03] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 WinDefend; C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2110.6-0MsMpEng.exe [128376 2021-11-03] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 ZoomCptService; “C:Program Files (x86)Common FilesZoomSupportCptService.exe” -user_path “C:UsersPatrickAppDataRoamingZoom”

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AcerAirplaneModeController; C:WINDOWSSystem32driversAcerAirplaneModeController.sys [30168 2020-05-12] (Acer Incorporated -> Acer Incorporated)

R3 AMDAfdAudioService; C:WINDOWSSystem32DriverStoreFileRepositoryamdacpafd.inf_amd64_708f3b34ab3922e3amdacpafd.sys [327776 2020-07-01] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)

R3 amdwddmg; C:WINDOWSSystem32DriverStoreFileRepositoryu0368330.inf_amd64_2a773f4c46cdd019B367597amdkmdag.sys [83084936 2021-06-09] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

S3 AppleKmdfFilter; C:WINDOWSSystem32driversAppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)

S3 AppleLowerFilter; C:WINDOWSSystem32driversAppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)

S1 GUBootStartup; C:WINDOWSSystem32driversGUBootStartup.sys [28936 2020-09-08] (Glarysoft LTD -> Glarysoft Ltd)

R2 MBAMChameleon; C:WINDOWSSystem32DriversMbamChameleon.sys [210344 2021-10-01] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

S0 MbamElam; C:WINDOWSSystem32DRIVERSMbamElam.sys [19912 2021-01-27] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)

R3 MBAMSwissArmy; C:WINDOWSSystem32Driversmbamswissarmy.sys [248992 2021-10-29] (Malwarebytes Inc -> Malwarebytes)

S3 Netaapl; C:WINDOWSSystem32driversnetaapl64.sys [23040 2020-05-06] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)

R1 npcap; C:WINDOWSsystem32DRIVERSnpcap.sys [74744 2021-04-21] (Insecure.Com LLC -> Insecure.Com LLC.)

S4 npcap_wifi; C:WINDOWSsystem32DRIVERSnpcap.sys [74744 2021-04-21] (Insecure.Com LLC -> Insecure.Com LLC.)

S3 SIVDriver; C:WINDOWSsystem32DriversSIVX64.sys [205552 2021-02-12] (RH Software Ltd -> Ray Hinchliffe)

S3 USBAAPL64; C:WINDOWSSystem32Driversusbaapl64.sys [54784 2020-05-06] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)

R3 USBPcap; C:WINDOWSsystem32DRIVERSUSBPcap.sys [52872 2020-05-22] (Tomasz Moń -> USBPcap)

S0 WdBoot; C:WINDOWSSystem32driverswdWdBoot.sys [48520 2021-11-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

R0 WdFilter; C:WINDOWSSystem32driverswdWdFilter.sys [435424 2021-11-03] (Microsoft Windows -> Microsoft Corporation)

R3 WdNisDrv; C:WINDOWSSystem32driverswdWdNisDrv.sys [86240 2021-11-03] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-11-05 22:52 – 2021-11-05 22:53 – 000000000 ____D C:FRST

2021-11-05 22:42 – 2021-11-05 22:42 – 000000000 ____D C:WINDOWSsystem32appmgmt

2021-11-05 20:09 – 2021-10-18 16:02 – 000000000 ____D C:UsersPatrickintegrity_verification

2021-11-05 20:09 – 2021-10-18 15:55 – 000000000 ____D C:UsersPatricktron

2021-11-05 20:05 – 2021-11-05 18:35 – 476374211 _____ (Igor Pavlov) C:UsersPatrickTron v12.0.1 (2021-10-18).exe

2021-11-05 18:02 – 2021-11-05 18:02 – 000000000 ____D C:UsersPatrickDownloadsback-to-school-personal-use

2021-11-05 09:12 – 2021-11-05 09:12 – 000739787 _____ C:UsersPatrickDownloadsLiberator_Personal_License.zip

2021-11-05 09:12 – 2021-11-05 09:12 – 000460450 _____ C:UsersPatrickDownloadsGeared_Personal_License.zip

2021-11-05 09:11 – 2021-11-05 09:11 – 000152291 _____ C:UsersPatrickDownloadsostrich-sans.zip

2021-11-05 09:05 – 2021-11-05 09:05 – 000656082 _____ C:UsersPatrickDownloadsblack-note.zip

2021-11-05 09:04 – 2021-11-05 09:04 – 002088678 _____ C:UsersPatrickDownloadsrooster-personal-use.zip

2021-11-05 09:04 – 2021-11-05 09:04 – 000378304 _____ C:UsersPatrickDownloadsback-to-school-personal-use.zip

2021-11-05 09:03 – 2021-11-05 09:03 – 001727392 _____ C:UsersPatrickDownloadsbonaro.zip

2021-11-05 09:03 – 2021-11-05 09:03 – 001573288 _____ C:UsersPatrickDownloadshigh-performance-demo.zip

2021-11-05 09:03 – 2021-11-05 09:03 – 001506824 _____ C:UsersPatrickDownloadsbardon.zip

2021-11-05 09:03 – 2021-11-05 09:03 – 000410069 _____ C:UsersPatrickDownloadsrolling-beat-personal-use.zip

2021-11-05 09:03 – 2021-11-05 09:03 – 000334875 _____ C:UsersPatrickDownloadsrockybilly.zip

2021-11-04 14:22 – 2021-11-05 17:13 – 000000000 ____D C:Program FilesMozilla Firefox

2021-11-03 21:04 – 2021-11-05 17:05 – 000000000 ____D C:UsersPatrickAppDataLocalDiscord

2021-11-03 21:04 – 2021-11-03 21:04 – 082973864 _____ (Discord Inc.) C:UsersPatrickDownloadsDiscordSetup (1).exe

2021-11-03 19:33 – 2021-11-03 19:33 – 000113157 _____ C:UsersPatrickDownloads7db54f8a-f8da-449e-971d-e02adba73735.jfif

2021-11-03 08:52 – 2021-11-03 08:52 – 000000000 ____D C:UsersPatrickai_TEMPLATES

2021-11-03 04:51 – 2021-11-03 04:51 – 008682039 _____ C:UsersPatrickDownloadsusb_driver_r13-windows (2).zip

2021-11-03 04:51 – 2021-11-03 04:51 – 008682039 _____ C:UsersPatrickDownloadsusb_driver_r13-windows (1).zip

2021-11-03 04:46 – 2021-11-03 04:51 – 008682039 _____ C:UsersPatrickDownloadsusb_driver_r13-windows.zip

2021-11-03 04:35 – 2021-11-03 04:35 – 048182882 _____ C:UsersPatrickDownloadsmiflash_unlock-en-3.3.827.31.zip

2021-11-03 04:27 – 2021-11-03 04:28 – 011912013 _____ C:UsersPatrickDownloadsplatform-tools_r31.0.3-windows (1).zip

2021-11-02 11:40 – 2021-11-02 11:40 – 000000000 ____D C:UsersPatrickDownloadsmetropolis

2021-11-02 11:39 – 2021-11-02 11:39 – 001280744 _____ C:UsersPatrickDownloadsmetropolis.zip

2021-11-02 11:38 – 2021-11-02 11:38 – 004503326 _____ C:UsersPatrickDownloadscolorful-halftone-style-modern-business-card-design.zip

2021-11-02 11:38 – 2021-11-02 11:38 – 000000000 ____D C:UsersPatrickDownloadscolorful-halftone-style-modern-business-card-design

2021-11-02 11:36 – 2021-11-02 11:36 – 000000000 ____D C:UsersPatrickDownloadsmodern-business-card-template (1)

2021-11-02 11:35 – 2021-11-02 11:35 – 006443655 _____ C:UsersPatrickDownloadsmodern-business-card-template (1).zip

2021-11-02 11:34 – 2021-11-02 11:34 – 006443655 _____ C:UsersPatrickDownloadsmodern-business-card-template.zip

2021-11-02 04:47 – 2021-11-02 04:47 – 000749598 _____ C:UsersPatrickDownloadsdistro.zip

2021-11-02 04:47 – 2021-11-02 04:47 – 000006996 _____ C:UsersPatrickDownloadsasgalt.zip

2021-11-02 04:45 – 2021-11-02 04:45 – 000066067 _____ C:UsersPatrickDownloadsacid.zip

2021-11-02 04:38 – 2021-11-02 04:38 – 000051192 _____ C:UsersPatrickDownloadsmiddle-earth-nf.zip

2021-11-02 04:30 – 2021-11-02 04:31 – 001158081 _____ C:UsersPatrickDownloadsleague-gothic.zip

2021-11-02 04:20 – 2021-11-02 04:20 – 000083297 _____ C:UsersPatrickDownloadsantonio.zip

2021-11-02 04:17 – 2021-11-02 04:17 – 000074375 _____ C:UsersPatrickDownloadsbebas-neue.zip

2021-11-02 04:14 – 2021-11-02 04:14 – 000035299 _____ C:UsersPatrickDownloadsjames-tan-dinawanao.zip

2021-11-02 04:12 – 2021-11-02 04:12 – 000100759 _____ C:UsersPatrickDownloadswc-mano-negra-bta.zip

2021-11-02 04:12 – 2021-11-02 04:12 – 000080828 _____ C:UsersPatrickDownloadsrock-salt.zip

2021-11-02 04:10 – 2021-11-02 04:10 – 008124469 _____ C:UsersPatrickDownloadsyeah-papa.zip

2021-11-02 04:10 – 2021-11-02 04:10 – 000023798 _____ C:UsersPatrickDownloadsblzee.zip

2021-10-31 23:02 – 2021-10-31 23:02 – 000030651 _____ C:UsersPatrickDownloadsclose to home ai.ai

2021-10-31 22:09 – 2021-10-31 22:09 – 000031142 _____ C:UsersPatrickDownloadsChanga_One.zip

2021-10-31 22:08 – 2021-10-31 22:08 – 000474670 _____ C:UsersPatrickDownloadsChanga.zip

2021-10-31 21:59 – 2021-10-31 21:59 – 001480467 _____ C:UsersPatrickDownloadselements-burford-marquee-E78D9B-2016-11-09.zip

2021-10-31 21:53 – 2021-10-31 21:53 – 001734410 _____ C:UsersPatrickDownloadselements-burford-stripes-a-UHZJAQ-2016-11-09.zip

2021-10-29 19:02 – 2021-10-29 19:02 – 000248992 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbamswissarmy.sys

2021-10-29 10:32 – 2021-10-31 21:37 – 000000000 ____D C:UsersPatrickDownloads1x

2021-10-29 09:57 – 2021-11-05 18:07 – 000000000 ____D C:AITEMP

2021-10-28 20:16 – 2021-11-02 05:13 – 000325529 _____ C:UsersPatrickDownloadsstreetwear-logo-maker-featuring-a-mustached-monster-252d-el1-2.ai

2021-10-28 04:34 – 2021-10-28 04:34 – 000004130 _____ C:UsersPatrickDownloadscorma.zip

2021-10-28 02:54 – 2021-10-28 02:54 – 000020435 _____ C:UsersPatrickDownloadspirata_one.zip

2021-10-28 00:14 – 2021-10-28 00:14 – 000314790 _____ C:UsersPatrickDownloadsstreetwear-logo-maker-featuring-a-cool-character-illustration-3169d2-99.ai

2021-10-27 21:19 – 2021-10-27 21:19 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsDropbox

2021-10-27 21:06 – 2021-10-27 21:06 – 001295212 _____ C:UsersPatrickDownloadsda40a4d7-35d8-4aa3-9b9b-adb1a09d6613.mp4

2021-10-27 21:06 – 2021-10-27 21:06 – 001295212 _____ C:UsersPatrickDownloadsda40a4d7-35d8-4aa3-9b9b-adb1a09d6613 (2).mp4

2021-10-27 21:06 – 2021-10-27 21:06 – 001295212 _____ C:UsersPatrickDownloadsda40a4d7-35d8-4aa3-9b9b-adb1a09d6613 (1).mp4

2021-10-24 23:48 – 2021-10-24 23:48 – 000444094 _____ C:UsersPatrickDownloadsUntitled-2.ai

2021-10-24 23:47 – 2021-10-24 23:47 – 000425707 _____ C:UsersPatrickDownloadsstreetwear-logo-maker-featuring-a-cool-character-illustration-3169d2.ai

2021-10-24 10:51 – 2021-10-24 10:51 – 000000000 ___SD C:UsersPatrickOneDriveDocumentsMy Data Sources

2021-10-24 06:23 – 2021-10-24 06:23 – 001007261 _____ C:UsersPatrickDownloadspimp_avenue_transparent2.ai

2021-10-24 03:33 – 2021-10-24 03:33 – 004865933 _____ C:UsersPatrickDownloadsbukhari_script.zip

2021-10-24 03:31 – 2021-10-24 03:31 – 000187432 _____ C:UsersPatrickDownloadsFontsFree-Net-NexaRustSans-Black.ttf

2021-10-24 01:52 – 2021-10-24 01:52 – 000007435 _____ C:UsersPatrickDownloadsparker.zip

2021-10-24 01:50 – 2021-10-24 01:50 – 004266858 _____ C:UsersPatrickDownloadsCalderock-Typeface-Extras.zip

2021-10-24 01:14 – 2021-10-24 01:14 – 000002497 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsAdobe Illustrator 2021.lnk

2021-10-24 01:14 – 2021-10-24 01:14 – 000000000 ____D C:UsersPatrickAppDataRoamingcom.adobe.dunamis

2021-10-24 01:14 – 2021-10-24 01:14 – 000000000 ____D C:UsersPatrickAppDataLocalLowAdobe

2021-10-24 01:11 – 2021-11-05 17:14 – 000000000 ___RD C:UsersPatrickCreative Cloud Files

2021-10-24 01:11 – 2021-10-24 01:11 – 000000000 ____D C:UsersPatrickAppDataLocalCEF

2021-10-24 01:08 – 2021-10-24 01:08 – 000001390 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsAdobe Creative Cloud.lnk

2021-10-24 01:08 – 2021-10-24 01:08 – 000001360 _____ C:UsersPublicDesktopAdobe Creative Cloud.lnk

2021-10-24 01:07 – 2021-11-03 19:59 – 000000000 ____D C:Program FilesCommon FilesAdobe

2021-10-24 01:07 – 2021-10-24 01:11 – 000000000 ____D C:Program FilesAdobe

2021-10-23 23:34 – 2021-10-23 23:34 – 029051412 _____ C:UsersPatrickDownloadsAI_2021_SDK_Mac.dmg

2021-10-23 23:27 – 2021-10-23 23:28 – 029932789 _____ C:UsersPatrickDownloadsAI_2021_SDK_Win.zip

2021-10-23 17:16 – 2021-10-23 17:16 – 000000055 _____ C:UsersPatrickDownloadsTransactions for bittybittybitcoinbop from 01-10-2018 to 31-10-2018.csv

2021-10-23 13:59 – 2021-10-23 13:59 – 000047600 _____ (Dropbox, Inc.) C:WINDOWSsystem32Driversdbx-stable.sys

2021-10-23 13:59 – 2021-10-23 13:59 – 000047600 _____ (Dropbox, Inc.) C:WINDOWSsystem32Driversdbx-dev.sys

2021-10-23 13:59 – 2021-10-23 13:59 – 000047600 _____ (Dropbox, Inc.) C:WINDOWSsystem32Driversdbx-canary.sys

2021-10-23 13:59 – 2021-10-23 13:59 – 000044328 _____ (Dropbox, Inc.) C:WINDOWSsystem32DbxSvc.exe

2021-10-16 22:22 – 2021-10-16 22:22 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsRemote Mouse

2021-10-16 22:22 – 2021-10-16 22:22 – 000000000 ____D C:Program Files (x86)Remote Mouse

2021-10-16 22:21 – 2021-10-16 22:22 – 002541884 _____ (Remote Mouse ) C:UsersPatrickDownloadsRemoteMouse.exe

2021-10-15 14:39 – 2021-10-15 14:39 – 000132830 _____ C:UsersPatrickDownloadsAdobeColor-Gradient pink abstract banner background.jpeg

2021-10-14 00:23 – 2021-10-14 00:23 – 000570368 _____ (Microsoft Corporation) C:WINDOWSsystem32inetcpl.cpl

2021-10-14 00:23 – 2021-10-14 00:23 – 000452096 _____ (Microsoft Corporation) C:WINDOWSSysWOW64inetcpl.cpl

2021-10-14 00:23 – 2021-10-14 00:23 – 000203264 _____ C:WINDOWSsystem32uwfcfgmgmt.dll

2021-10-14 00:23 – 2021-10-14 00:23 – 000158208 _____ C:WINDOWSsystem32uwfcsp.dll

2021-10-14 00:23 – 2021-10-14 00:23 – 000040960 _____ C:WINDOWSsystem32uwfservicingapi.dll

2021-10-14 00:22 – 2021-10-14 00:22 – 000706536 _____ C:WINDOWSsystem32TextShaping.dll

2021-10-14 00:22 – 2021-10-14 00:22 – 000611960 _____ C:WINDOWSSysWOW64TextShaping.dll

2021-10-14 00:22 – 2021-10-14 00:22 – 000288768 _____ C:WINDOWSsystem32Windows.Management.InprocObjects.dll

2021-10-14 00:22 – 2021-10-14 00:22 – 000098304 _____ C:WINDOWSsystem32Driverscimfs.sys

2021-10-14 00:22 – 2021-10-14 00:22 – 000011495 _____ C:WINDOWSsystem32DrtmAuthTxt.wim

2021-10-14 00:16 – 2021-10-14 00:17 – 000000000 ___HD C:$WinREAgent

2021-10-13 12:49 – 2021-10-13 12:49 – 000001903 _____ C:UsersPatrickAppDataLocalrecently-used.xbel

2021-10-13 01:58 – 2021-11-05 20:16 – 000000000 ____D C:UsersPatrickAppDataRoaminginkscape

2021-10-13 01:58 – 2021-10-13 01:58 – 000000000 ____D C:UsersPatrickAppDataLocalfontconfig

2021-10-13 01:56 – 2021-10-13 01:57 – 000000000 ____D C:Program FilesInkscape

2021-10-13 01:56 – 2021-10-13 01:56 – 000000869 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsInkscape.lnk

2021-10-12 05:33 – 2021-10-12 05:33 – 000000489 _____ C:UsersPatrickDownloadsUTC–2021-10-12T10_33_02.071Z — 0x1fa234e2EBA678698bd71172FEc88204b0be4FA6.json

2021-10-12 05:22 – 2021-10-12 05:22 – 000000489 _____ C:UsersPatrickDownloadsUTC–2021-10-12T10_22_12.601Z — 0x1fa234e2EBA678698bd71172FEc88204b0be4FA6.json

2021-10-12 05:15 – 2021-10-12 05:15 – 000000489 _____ C:UsersPatrickDownloadsUTC–2021-10-12T10_15_44.050Z — 0xe33Cd8865c7c39541BBD5C97C645b1111F9C8eDb.json

2021-10-12 05:11 – 2021-10-12 05:11 – 000000000 ____D C:UsersPatrickAppDataRoamingMicrosoftWindowsStart MenuProgramsChromium Apps

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-11-05 22:51 – 2020-09-08 23:04 – 000000000 ____D C:UsersPatrickAppDataLocalClassicShell

2021-11-05 22:43 – 2021-04-19 23:32 – 000007634 _____ C:UsersPatrickAppDataLocalResmon.ResmonCfg

2021-11-05 22:17 – 2020-12-01 13:31 – 000002518 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Edge.lnk

2021-11-05 22:09 – 2019-12-07 04:14 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft

2021-11-05 22:05 – 2020-09-08 23:22 – 000000000 ____D C:UsersPatrickAppDataLocalLowMozilla

2021-11-05 21:40 – 2021-04-21 01:55 – 000000000 ____D C:UsersPatrickAppDataLocalIPVanish

2021-11-05 21:40 – 2020-09-09 12:12 – 000000000 ___RD C:UsersPatrickOneDrive

2021-11-05 21:40 – 2020-09-08 23:03 – 000000000 ____D C:Program Files (x86)Glary Utilities 5

2021-11-05 21:39 – 2020-10-14 23:23 – 000000000 ____D C:WINDOWSsystem32SleepStudy

2021-11-05 21:39 – 2019-12-07 04:14 – 000000000 ____D C:WINDOWSServiceState

2021-11-05 20:56 – 2020-10-14 23:29 – 000840602 _____ C:WINDOWSsystem32PerfStringBackup.INI

2021-11-05 20:56 – 2019-12-07 04:13 – 000000000 ____D C:WINDOWSINF

2021-11-05 20:48 – 2020-10-14 23:27 – 000000006 ____H C:WINDOWSTasksSA.DAT

2021-11-05 20:48 – 2020-10-14 23:24 – 000000000 ____D C:UsersPatrick

2021-11-05 20:48 – 2020-10-14 23:23 – 000008192 ___SH C:DumpStack.log.tmp

2021-11-05 20:48 – 2020-09-08 23:04 – 000000000 ____D C:Program Files (x86)TeamViewer

2021-11-05 20:48 – 2019-12-07 04:03 – 000524288 _____ C:WINDOWSsystem32configBBI

2021-11-05 20:47 – 2020-09-08 23:03 – 000000000 ____D C:Program Files7-Zip

2021-11-05 20:45 – 2019-12-07 04:03 – 000000000 ____D C:WINDOWSCbsTemp

2021-11-05 20:41 – 2019-12-07 04:14 – 000000000 ___HD C:Program FilesWindowsApps

2021-11-05 20:41 – 2019-12-07 04:14 – 000000000 ____D C:WINDOWSAppReadiness

2021-11-05 20:40 – 2020-09-09 13:06 – 000000000 ____D C:UsersPatrickAppDataLocalPackages

2021-11-05 20:33 – 2020-11-02 22:34 – 000000000 ____D C:Program FilesMicrosoft Office

2021-11-05 20:33 – 2019-12-07 04:14 – 000000000 ____D C:Program FilesCommon Filesmicrosoft shared

2021-11-05 20:16 – 2021-07-20 06:37 – 000000000 ____D C:Program FilesNpcap

2021-11-05 20:16 – 2020-09-09 13:06 – 000000000 ____D C:UsersPatrickAppDataLocalD3DSCache

2021-11-05 20:16 – 2020-09-08 23:08 – 000000000 ____D C:UsersPatrickAppDataLocalCrashDumps

2021-11-05 20:12 – 2020-09-08 23:03 – 000000000 ____D C:UsersPatrickAppDataRoamingEverything

2021-11-05 20:11 – 2021-07-20 01:33 – 000000000 ____D C:UsersPatrickAppDataRoamingTeraCopy

2021-11-05 19:55 – 2020-10-14 23:27 – 000003380 _____ C:WINDOWSsystem32TasksOneDrive Standalone Update Task-S-1-5-21-3117520339-3902473568-3870579923-1001

2021-11-05 19:55 – 2020-10-14 23:24 – 000002393 _____ C:UsersPatrickAppDataRoamingMicrosoftWindowsStart MenuProgramsOneDrive.lnk

2021-11-05 17:14 – 2021-09-20 10:18 – 000000000 ____D C:UsersPatrickAppDataLocalSpotify

2021-11-05 17:14 – 2020-09-08 23:05 – 000000000 ____D C:UsersPatrickAppDataLocalDropbox

2021-11-05 17:13 – 2021-07-20 01:09 – 000000000 ____D C:UsersPatrickAppDataRoamingSpotify

2021-11-05 17:13 – 2020-09-08 23:02 – 000000000 ____D C:Program Files (x86)Mozilla Maintenance Service

2021-11-05 17:12 – 2020-09-20 18:12 – 000000000 ____D C:UsersPatrickAppDataLocalEverything

2021-11-05 17:12 – 2020-09-08 23:04 – 000000000 ____D C:UsersPatrickAppDataRoamingdiscord

2021-11-05 16:41 – 2021-08-28 03:46 – 000000000 ____D C:UsersPatrickAppDataRoamingGuarda

2021-11-05 10:25 – 2020-12-28 19:22 – 000000000 ____D C:UsersPatrickAppDataRoamingTelegram Desktop

2021-11-04 22:46 – 2021-10-05 19:42 – 000000000 ____D C:WINDOWSsystem32TasksMozilla

2021-11-04 22:46 – 2020-09-08 23:02 – 000001009 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsFirefox.lnk

2021-11-03 21:04 – 2020-09-08 23:04 – 000000000 ____D C:UsersPatrickAppDataRoamingMicrosoftWindowsStart MenuProgramsDiscord Inc

2021-11-03 21:04 – 2020-09-08 23:04 – 000000000 ____D C:UsersPatrickAppDataLocalSquirrelTemp

2021-11-03 04:50 – 2021-09-09 17:38 – 000000000 ____D C:UsersPatrickDownloadsopera downloads

2021-11-03 04:37 – 2021-08-08 00:08 – 000000000 ____D C:UsersPatrickAppDataRoamingXiaomi

2021-11-03 02:00 – 2020-09-09 12:32 – 000000000 ____D C:WINDOWSsystem32Driverswd

2021-11-02 10:29 – 2021-09-17 08:00 – 000000000 ____D C:UsersPatrickAppDataRoamingradix-olympia-desktop-wallet

2021-10-29 16:03 – 2021-09-25 09:58 – 000002368 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsBrave.lnk

2021-10-29 09:57 – 2020-09-09 13:06 – 000000000 ____D C:UsersPatrickAppDataRoamingAdobe

2021-10-28 19:25 – 2019-12-07 04:14 – 000000000 ____D C:WINDOWSLiveKernelReports

2021-10-27 21:19 – 2020-09-08 23:05 – 000000000 ____D C:Program Files (x86)Dropbox

2021-10-24 23:50 – 2020-09-08 23:02 – 000000000 ____D C:Program FilesOpera

2021-10-24 11:00 – 2021-09-05 13:46 – 000014967 _____ C:UsersPatrickOneDriveDocumentscc.xlsx

2021-10-24 01:11 – 2020-09-08 23:02 – 000000000 ____D C:UsersPatrickAppDataLocalAdobe

2021-10-24 01:10 – 2020-09-08 23:02 – 000000000 ____D C:Program Files (x86)Adobe

2021-10-24 01:09 – 2020-09-09 13:22 – 000000000 ____D C:ProgramDataPackages

2021-10-24 01:09 – 2020-09-08 23:02 – 000000000 ____D C:ProgramDataAdobe

2021-10-24 01:07 – 2020-09-29 21:52 – 000000000 ____D C:ProgramDataPackage Cache

2021-10-23 11:32 – 2021-09-18 14:25 – 000000000 ____D C:UsersPatrickAppDataRoamingatomic

2021-10-23 11:22 – 2021-09-18 14:25 – 000000000 ____D C:UsersPatrickAppDataLocalatomic-updater

2021-10-23 04:43 – 2020-12-30 08:12 – 000000000 ____D C:UsersPatrickdwhelper

2021-10-22 06:12 – 2020-10-14 23:27 – 000003954 _____ C:WINDOWSsystem32TasksOpera scheduled Autoupdate 1599624138

2021-10-22 06:12 – 2020-09-08 23:02 – 000001117 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsOpera Browser.lnk

2021-10-14 04:41 – 2020-09-09 12:11 – 000000000 ___RD C:UsersPatrick3D Objects

2021-10-14 01:20 – 2020-10-14 23:23 – 000439656 _____ C:WINDOWSsystem32FNTCACHE.DAT

2021-10-14 01:19 – 2019-12-07 04:54 – 000000000 ____D C:Program FilesWindows Defender Advanced Threat Protection

2021-10-14 01:19 – 2019-12-07 04:14 – 000000000 ___SD C:WINDOWSsystem32UNP

2021-10-14 01:19 – 2019-12-07 04:14 – 000000000 ___RD C:WINDOWSImmersiveControlPanel

2021-10-14 01:19 – 2019-12-07 04:14 – 000000000 ____D C:WINDOWSSysWOW64oobe

2021-10-14 01:19 – 2019-12-07 04:14 – 000000000 ____D C:WINDOWSSystemResources

2021-10-14 01:19 – 2019-12-07 04:14 – 000000000 ____D C:WINDOWSsystem32WinBioPlugIns

2021-10-14 01:19 – 2019-12-07 04:14 – 000000000 ____D C:WINDOWSsystem32oobe

2021-10-14 01:19 – 2019-12-07 04:14 – 000000000 ____D C:WINDOWSPolicyDefinitions

2021-10-14 01:19 – 2019-12-07 04:14 – 000000000 ____D C:WINDOWSDiagTrack

2021-10-14 01:19 – 2019-12-07 04:14 – 000000000 ____D C:WINDOWSbcastdvr

2021-10-14 00:16 – 2020-09-08 22:40 – 000000000 ____D C:WINDOWSsystem32MRT

2021-10-14 00:14 – 2020-09-08 22:40 – 139806512 ____C (Microsoft Corporation) C:WINDOWSsystem32MRT.exe

2021-10-12 22:14 – 2020-10-19 02:00 – 000000000 ____D C:WINDOWSMinidump

2021-10-12 01:13 – 2021-05-10 14:06 – 000000000 ____D C:UsersPatrickAppDataRoamingExodus

2021-10-10 00:23 – 2020-12-01 13:31 – 000003480 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskMachineUA

2021-10-10 00:23 – 2020-12-01 13:31 – 000003356 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskMachineCore

2021-10-09 15:22 – 2021-02-19 16:08 – 000000000 ____D C:Program FilesMicrosoft Update Health Tools

==================== Files in the root of some directories ========

2021-11-05 20:05 – 2021-11-05 18:35 – 476374211 _____ (Igor Pavlov) C:UsersPatrickTron v12.0.1 (2021-10-18).exe

2021-10-13 12:49 – 2021-10-13 12:49 – 000001903 _____ () C:UsersPatrickAppDataLocalrecently-used.xbel

2021-04-19 23:32 – 2021-11-05 22:43 – 000007634 _____ () C:UsersPatrickAppDataLocalResmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2021

Ran by Patrick (05-11-2021 22:54:32)

Running from C:UsersPatrickOneDriveDesktop

Microsoft Windows 10 Pro Version 21H1 19043.1288 (X64) (2020-10-15 04:28:03)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3117520339-3902473568-3870579923-500 – Administrator – Disabled)

DefaultAccount (S-1-5-21-3117520339-3902473568-3870579923-503 – Limited – Disabled)

defaultuser0 (S-1-5-21-3117520339-3902473568-3870579923-1000 – Limited – Disabled)

Guest (S-1-5-21-3117520339-3902473568-3870579923-501 – Limited – Disabled)

Patrick (S-1-5-21-3117520339-3902473568-3870579923-1001 – Administrator – Enabled) => C:UsersPatrick

WDAGUtilityAccount (S-1-5-21-3117520339-3902473568-3870579923-504 – Limited – Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Malwarebytes (Enabled – Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64 edition) (HKLM…{23170F69-40C1-2702-1900-000001000000}) (Version: 19.00.00.0 – Igor Pavlov)

Adobe AIR (HKLM-x32…Adobe AIR) (Version: 32.0.0.125 – Adobe)

Adobe Creative Cloud (HKLM-x32…Adobe Creative Cloud) (Version: 5.6.0.788 – Adobe Inc.)

Adobe Illustrator 2021 (HKLM-x32…ILST_25_4_1) (Version: 25.4.1 – Adobe Inc.)

Apple Application Support (32-bit) (HKLM-x32…{9738288C-21BC-4F54-AB4F-72F059339376}) (Version: 8.6 – Apple Inc.)

Apple Application Support (64-bit) (HKLM…{DEB339C1-2687-43AB-816A-8714F3E26846}) (Version: 8.6 – Apple Inc.)

Apple Mobile Device Support (HKLM…{74CC99EB-7DC0-4CB0-847A-F8C2FE39690C}) (Version: 14.5.0.7 – Apple Inc.)

Apple Software Update (HKLM-x32…{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 – Apple Inc.)

Atomic Wallet 2.33.3 (HKUS-1-5-21-3117520339-3902473568-3870579923-1001…ba5fe9b-2a0d-54e2-a47a-d2764be56a7d) (Version: 2.33.3 – atomicwallet.io)

Audacity 2.4.2 (HKLM-x32…Audacity_is1) (Version: 2.4.2 – Audacity Team)

Bonjour (HKLM…{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 – Apple Inc.)

Brave (HKLM-x32…BraveSoftware Brave-Browser) (Version: 95.1.31.88 – Brave Software Inc)

Classic Shell (HKLM…{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 – IvoSoft)

CutePDF Writer (HKLM…CutePDF Writer Installation) (Version:  4.0 – Acro Software Inc.)

Dell FW Upgrade Tool (HKLM-x32…{ABAB2298-2AB5-4B58-87D8-AF13688C543F}) (Version: 1.4.1.6 – Dell) Hidden

Discord (HKUS-1-5-21-3117520339-3902473568-3870579923-1001…Discord) (Version: 1.0.9003 – Discord Inc.)

Dropbox (HKLM-x32…Dropbox) (Version: 134.4.4115 – Dropbox, Inc.)

Evernote v. 6.25.1 (HKLM-x32…{CA92FF58-B652-11EA-A23A-42010A401FD0}) (Version: 6.25.1.9091 – Evernote Corp.)

Everything 1.4.1.988 (x64) (HKLM…Everything) (Version: 1.4.1.988 – David Carpenter)

Exodus (HKUS-1-5-21-3117520339-3902473568-3870579923-1001…exodus) (Version: 21.9.10 – Exodus Movement Inc)

foobar2000 v1.6 (HKLM-x32…foobar2000) (Version: 1.6 – Peter Pawlowski)

Foxit Reader (HKLM-x32…Foxit Reader_is1) (Version: 10.0.1.35811 – Foxit Software Inc.)

Glary Utilities 5.150 (HKLM-x32…Glary Utilities 5) (Version: 5.150.0.176 – Glarysoft Ltd)

Google Earth Pro (HKLM-x32…{59F21DFB-6977-434B-9CB9-67783D6E7B6B}) (Version: 7.3.3.7786 – Google)

Guarda 1.0.20 (HKUS-1-5-21-3117520339-3902473568-3870579923-1001…efc221e4-8306-5d6f-a018-a3ceae4bc72c) (Version: 1.0.20 – Guardarian OU)

HandBrake 1.3.3 (HKLM-x32…HandBrake) (Version: 1.3.3 – )

ImgBurn (HKLM-x32…ImgBurn) (Version: 2.5.8.0 – LIGHTNING UK!)

Inkscape 0.92.4 (HKLM-x32…Inkscape) (Version: 0.92.4 – Inkscape Project)

IPVanish (HKLM…{DF6274BF-A14B-4644-88A8-4407CB8E9907}) (Version: 3.6.5.0 – Mudhook Marketing, Inc) Hidden

IPVanish (HKLM-x32…{1568fda7-cb17-4769-bc1b-e21983b35aeb}) (Version: 3.6.5.0 – Mudhook Marketing, Inc)

IrfanView 4.54 (32-bit) (HKLM-x32…IrfanView) (Version: 4.54 – Irfan Skiljan)

iTunes (HKLM…{653C59E1-B78D-4D82-9259-C14DFD9F6EFC}) (Version: 12.11.3.17 – Apple Inc.)

Jump Desktop Connect (HKLM-x32…{ED6312AD-9DEE-437F-B69B-AC1F9047AB1C}) (Version: 6.7.52.0 – Phase Five Systems)

Malwarebytes version 4.4.9.142 (HKLM…{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.9.142 – Malwarebytes)

MediaMonkey 4.1 (HKLM-x32…MediaMonkey_is1) (Version: 4.1 – Ventis Media Inc.)

Microsoft 365 – en-us (HKLM…O365HomePremRetail – en-us) (Version: 16.0.14527.20234 – Microsoft Corporation)

Microsoft Edge (HKLM-x32…Microsoft Edge) (Version: 95.0.1020.44 – Microsoft Corporation)

Microsoft OneDrive (HKUS-1-5-21-3117520339-3902473568-3870579923-1001…OneDriveSetup.exe) (Version: 21.205.1003.0005 – Microsoft Corporation)

Microsoft Silverlight (HKLM…{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 – Microsoft Corporation)

Microsoft Update Health Tools (HKLM…{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 – Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable – 10.0.40219 (HKLM…{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 – Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable – 10.0.40219 (HKLM-x32…{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 – Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) – 11.0.61030 (HKLM-x32…{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 – Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) – 11.0.61030 (HKLM-x32…{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 – Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.40664 (HKLM-x32…{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 – Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) – 12.0.40664 (HKLM-x32…{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 – Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x64) – 14.29.30037 (HKLM-x32…{4b2f3795-f407-415e-88d5-8c8ab322909d}) (Version: 14.29.30037.0 – Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x86) – 14.23.27820 (HKLM-x32…{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 – Microsoft Corporation)

Microsoft Windows Desktop Runtime – 3.1.6 (x64) (HKLM-x32…{7bc97a3a-1c5c-4743-bba3-f20f8eb448b8}) (Version: 3.1.6.29016 – Microsoft Corporation)

Mozilla Firefox (x64 en-US) (HKLM…Mozilla Firefox 94.0.1 (x64 en-US)) (Version: 94.0.1 – Mozilla)

Mozilla Maintenance Service (HKLM…MozillaMaintenanceService) (Version: 80.0.1 – Mozilla)

Npcap (HKLM-x32…NpcapInst) (Version: 1.31 – Nmap Project)

Opera Stable 80.0.4170.63 (HKLM-x32…Opera 80.0.4170.63) (Version: 80.0.4170.63 – Opera Software)

Pindownloader (HKLM-x32…Pindownloader_is1) (Version:  – )

PotPlayer-64 bit (HKLM…PotPlayer64) (Version: 210929 – Kakao Corp.)

PuTTY release 0.74 (64-bit) (HKLM…{127B996B-5308-4012-865B-9446451EA326}) (Version: 0.74.0.0 – Simon Tatham)

qBittorrent 4.2.5 (HKLM-x32…qBittorrent) (Version: 4.2.5 – The qBittorrent project)

Radix Wallet 1.2.5 (HKUS-1-5-21-3117520339-3902473568-3870579923-1001…ee44986f-12c5-5b67-9d9e-155016976465) (Version: 1.2.5 – Radix Tokens Jersey Limited)

Remote Mouse version 4.002 (HKLM-x32…{01E4BC6D-3ACC-45E1-8928-C2FF626F63F3}_is1) (Version: 4.002 – Remote Mouse)

Revo Uninstaller 2.1.7 (HKLM…{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.1.7 – VS Revo Group, Ltd.)

Skype version 8.64 (HKLM-x32…Skype_is1) (Version: 8.64 – Skype Technologies S.A.)

Spotify (HKUS-1-5-21-3117520339-3902473568-3870579923-1001…Spotify) (Version: 1.1.71.560.gc21c3367 – Spotify AB)

SumatraPDF (HKLM…SumatraPDF) (Version: 3.2 – Krzysztof Kowalczyk)

TeamViewer (HKLM-x32…TeamViewer) (Version: 15.22.3 – TeamViewer)

Telegram Desktop version 3.1.1 (HKUS-1-5-21-3117520339-3902473568-3870579923-1001…{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 3.1.1 – Telegram FZ-LLC)

TeraCopy version 3.26 (HKLM…TeraCopy_is1) (Version: 3.26 – Code Sector)

USBPcap 1.5.4.0 (HKLM…USBPcap) (Version: 1.5.4.0 – Tomasz Mon)

UXP WebView Support (HKLM-x32…UXPW_1_1_0) (Version: 1.1.0 – Adobe Inc.)

VdhCoApp 1.6.0 (HKLM…weh-iss-net.downloadhelper.coapp_is1) (Version:  – DownloadHelper)

VLC media player (HKLM…VLC media player) (Version: 3.0.16 – VideoLAN)

Wallet4All 1.3.3 (HKUS-1-5-21-3117520339-3902473568-3870579923-1001…f45cf65a-7bb4-54b7-985f-0f12844b4446) (Version: 1.3.3 – Electron React Boilerplate Maintainers)

WinDirStat 1.1.2 (HKUS-1-5-21-3117520339-3902473568-3870579923-1001…WinDirStat) (Version:  – )

WinMerge 2.16.8.0 x64 (HKLM…WinMerge_is1) (Version: 2.16.8.0 – Thingamahoochie Software)

WinSCP 5.17.7 (HKLM-x32…winscp3_is1) (Version: 5.17.7 – Martin Prikryl)

Wireshark 3.4.7 64-bit (HKLM-x32…Wireshark) (Version: 3.4.7 – The Wireshark developer community, hxxps://www.wireshark.org)

XnView 2.49.3 (HKLM-x32…XnView_is1) (Version: 2.49.3 – Gougelet Pierre-e)

Youtube-DLG version 0.4 (HKLM-x32…{3C455028-FC99-4846-8E04-4FCD87D85613}_is1) (Version: 0.4 – Sotiris Papadopoulos)

Zoom (HKLM-x32…{8D97F9DB-7C36-4EBA-8C59-866CF92CFF9F}) (Version: 5.2.45120 – Zoom)

Packages:

=========

AMD Radeon Software -> C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m [2021-06-20] (Advanced Micro Devices Inc.) [Startup Task]

GoTrust ID -> C:Program FilesWindowsAppsGOTrustTechnologyInc.GO-TrustAuthenticator_3.1.21.0_x64__0r04f53sqacg6 [2021-09-05] (GoTrustID Inc.)

O3 -> C:Program FilesWindowsAppsO3LabsInc.O3Wallet_3.8.7.0_x64__zp30z9xwexphp [2021-11-01] (O3 Labs Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKUS-1-5-21-3117520339-3902473568-3870579923-1001_ClassesCLSID{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive – Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}

CustomCLSID: HKUS-1-5-21-3117520339-3902473568-3870579923-1001_ClassesCLSID{0E270DAA-1BE6-48F2-AC49-7DC61EEACE02} -> [Creative Cloud Files] => C:UsersPatrickCreative Cloud Files [2021-10-24 01:11]

CustomCLSID: HKUS-1-5-21-3117520339-3902473568-3870579923-1001_ClassesCLSID{2F81B25E-7507-4844-BFF2-77D2CC24CED4}localserver32 -> C:Program FilesAdobeAdobe Creative CloudACCCreative Cloud.exe (Adobe Inc. -> Adobe Inc.)

CustomCLSID: HKUS-1-5-21-3117520339-3902473568-3870579923-1001_ClassesCLSID{dd5cacda-7c2e-4997-a62a-04a597b58f76}localserver32 -> “C:Program FilesPowerToysmoduleslauncherPowerLauncher.exe” -ToastActivated => No File

CustomCLSID: HKUS-1-5-21-3117520339-3902473568-3870579923-1001_ClassesCLSID{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:UsersPatrickDropbox [2021-09-02 06:13]

CustomCLSID: HKUS-1-5-21-3117520339-3902473568-3870579923-1001_ClassesCLSID{e8c77137-e224-5791-b6e9-ff0305797a13}InprocServer32 -> C:Program Files (x86)AdobeAdobe Creative CloudUtilsnpAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)

CustomCLSID: HKUS-1-5-21-3117520339-3902473568-3870579923-1001_ClassesCLSID{DA72E423-1FCD-40BD-A89B-4509695157D2} -> [Documents on Ryans-iMac] => \tsclientDocuments [0000-00-00 00:00]

ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:Program Files (x86)Common FilesAdobeCoreSyncExtensionCoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )

ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:Program Files (x86)Common FilesAdobeCoreSyncExtensionCoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )

ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:Program Files (x86)Common FilesAdobeCoreSyncExtensionCoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )

ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:Program Files7-Zip7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]

ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:Program Files (x86)Common FilesAdobeCoreSyncExtensionCoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )

ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:Program Files (x86)DropboxClientDropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)

ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:Program Files (x86)Glary Utilities 5x64ContextHandler.dll [2020-09-04] (Glarysoft LTD -> Glarysoft Ltd)

ContextMenuHandlers1: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:Program FilesTeraCopyTeraCopyExt.dll [2016-12-07] (Code Sector -> )

ContextMenuHandlers1: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:Program FilesWinMergeShellExtensionX64.dll [2020-07-20] (hxxp://winmerge.org) [File not signed]

ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:Program Files (x86)Glary Utilities 5x64ContextHandler.dll [2020-09-04] (Glarysoft LTD -> Glarysoft Ltd)

ContextMenuHandlers2: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:Program FilesTeraCopyTeraCopyExt.dll [2016-12-07] (Code Sector -> )

ContextMenuHandlers2: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:Program FilesWinMergeShellExtensionX64.dll [2020-07-20] (hxxp://winmerge.org) [File not signed]

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2020-09-08] (Malwarebytes Corporation -> Malwarebytes)

ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:Program Files7-Zip7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]

ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:Program Files (x86)DropboxClientDropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)

ContextMenuHandlers4: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:Program FilesTeraCopyTeraCopyExt.dll [2016-12-07] (Code Sector -> )

ContextMenuHandlers4: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:Program FilesWinMergeShellExtensionX64.dll [2020-07-20] (hxxp://winmerge.org) [File not signed]

ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:WINDOWSSystem32atiacm64.dll [2021-06-09] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:Program Files (x86)DropboxClientDropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)

ContextMenuHandlers5: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:Program FilesWinMergeShellExtensionX64.dll [2020-07-20] (hxxp://winmerge.org) [File not signed]

ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:Program Files7-Zip7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]

ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:Program Files (x86)Common FilesAdobeCoreSyncExtensionCoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )

ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:Program Files (x86)Glary Utilities 5x64ContextHandler.dll [2020-09-04] (Glarysoft LTD -> Glarysoft Ltd)

ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2020-09-08] (Malwarebytes Corporation -> Malwarebytes)

ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:WINDOWSSystem32StartMenuHelper64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]

ContextMenuHandlers6: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:Program FilesTeraCopyTeraCopyExt.dll [2016-12-07] (Code Sector -> )

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:UsersPatrickAppDataRoamingMicrosoftWindowsStart MenuProgramsChromium AppsFantom fWallet.lnk -> C:UsersPatrickDownloadschrome-winchrome_proxy.exe (The Chromium Authors) ->  –profile-directory=Default –app-id=aohnacngmggbmhdknpglolgpcmkiadnf

ShortcutWithArgument: C:UsersPatrickAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedImplicitAppShortcuts922303e6790b7a7bCoin98 Wallet.lnk -> C:UsersPatrickDownloadschrome-winchrome_proxy.exe (The Chromium Authors) -> –profile-directory=Default –app-id=aeachknmefphepccionboohckonoeemg

ShortcutWithArgument: C:UsersPatrickAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedImplicitAppShortcuts6644063067c8d6cdChromium.lnk -> C:UsersPatrickDownloadschrome-winchrome.exe (The Chromium Authors) -> –profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

2020-09-08 23:03 – 2020-07-20 19:01 – 000203264 _____ (hxxp://winmerge.org) [File not signed] C:Program FilesWinMergeShellExtensionX64.dll

2019-02-21 21:00 – 2019-02-21 21:00 – 000078336 _____ (Igor Pavlov) [File not signed] C:Program Files7-Zip7-zip.dll

2017-08-13 08:49 – 2017-08-13 08:49 – 003664184 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:Program FilesClassic ShellClassicStartMenuDLL.dll

2017-08-13 08:49 – 2017-08-13 08:49 – 000291128 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:WINDOWSSystem32StartMenuHelper64.dll

2021-08-27 15:53 – 2021-08-27 15:53 – 013681664 _____ (Phase Five Systems) [File not signed] C:Program Files (x86)Phase Five SystemsJump Desktop Connect6.7.52.0JumpConnectCore.dll

2021-10-16 22:22 – 2019-04-19 17:12 – 001391104 _____ (Remote Mouse) [File not signed] C:Program Files (x86)Remote Mousewindows_api.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalMBAMService => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkMBAMService => “”=”Service”

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16OCHelper.dll [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)

BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:Program Files (x86)EvernoteEvernoteEvernoteIE.dll [2020-06-24] (Evernote Corporation -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

Handler: mso-minsb-roaming.16 – {83C25742-A9F7-49FB-9138-434302C88D07} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb-roaming.16 – {83C25742-A9F7-49FB-9138-434302C88D07} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)

Handler: mso-minsb.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)

Handler: osf-roaming.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf-roaming.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)

Handler: osf.16 – {5504BE45-A83B-4808-900A-3A5C36E7F77A} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf.16 – {5504BE45-A83B-4808-900A-3A5C36E7F77A} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2020-09-09 13:25 – 2021-11-05 20:47 – 000002820 _____ C:WINDOWSsystem32driversetchosts

0.0.0.0    choice.microsoft.com

0.0.0.0    choice.microsoft.com.nstac.net

0.0.0.0    df.telemetry.microsoft.com

0.0.0.0    oca.telemetry.microsoft.com

0.0.0.0    oca.telemetry.microsoft.com.nsatc.net

0.0.0.0    redir.metaservices.microsoft.com

0.0.0.0    reports.wes.df.telemetry.microsoft.com

0.0.0.0    services.wes.df.telemetry.microsoft.com

0.0.0.0    settings-sandbox.data.microsoft.com

0.0.0.0    settings-win.data.microsoft.com

0.0.0.0    sqm.df.telemetry.microsoft.com

0.0.0.0    sqm.telemetry.microsoft.com

0.0.0.0    sqm.telemetry.microsoft.com.nsatc.net

0.0.0.0    telecommand.telemetry.microsoft.com

0.0.0.0    telecommand.telemetry.microsoft.com.nsatc.net

0.0.0.0    telemetry.appex.bing.net

0.0.0.0    telemetry.microsoft.com

0.0.0.0    telemetry.urs.microsoft.com

0.0.0.0    vortex-sandbox.data.microsoft.com

0.0.0.0    vortex-win.data.microsoft.com

0.0.0.0    vortex.data.microsoft.com

0.0.0.0    watson.telemetry.microsoft.com

0.0.0.0    watson.telemetry.microsoft.com.nsatc.net

0.0.0.0    watson.ppe.telemetry.microsoft.com

0.0.0.0    wes.df.telemetry.microsoft.com

0.0.0.0    vortex-bn2.metron.live.com.nsatc.net

0.0.0.0    vortex-cy2.metron.live.com.nsatc.net

0.0.0.0    watson.live.com

0.0.0.0    watson.microsoft.com

0.0.0.0    feedback.search.microsoft.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKUS-1-5-21-3117520339-3902473568-3870579923-1001Control PanelDesktop\Wallpaper -> c:windowswebwallpapertheme1img13.jpg

DNS Servers: 9.9.9.9 – 149.112.112.112

HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: )

Windows Firewall is enabled.

Network Binding:

=============

Wi-Fi: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)

Wi-Fi: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled)

Bluetooth Network Connection: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)

Wi-Fi 2: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)

Wi-Fi 2: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM…StartupApprovedRun: => “Everything”

HKLM…StartupApprovedRun: => “iTunesHelper”

HKLM…StartupApprovedRun32: => “Discord”

HKLM…StartupApprovedRun32: => “Dropbox”

HKLM…StartupApprovedRun32: => “Adobe Creative Cloud”

HKUS-1-5-21-3117520339-3902473568-3870579923-1001…StartupApprovedStartupFolder: => “ShareX.lnk”

HKUS-1-5-21-3117520339-3902473568-3870579923-1001…StartupApprovedRun: => “Discord”

HKUS-1-5-21-3117520339-3902473568-3870579923-1001…StartupApprovedRun: => “GUDelayStartup”

HKUS-1-5-21-3117520339-3902473568-3870579923-1001…StartupApprovedRun: => “SugarSync”

HKUS-1-5-21-3117520339-3902473568-3870579923-1001…StartupApprovedRun: => “Spotify”

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [Microsoft-Windows-Unified-Telemetry-Client] => (Block) C:WINDOWSsystem32svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)

FirewallRules: [{144928BA-C70B-4711-A694-5073BD6E1D0C}] => (Allow) C:Program Files (x86)BonjourmDNSResponder.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{745FB77C-A066-44CD-9E8C-94544181361A}] => (Allow) C:Program Files (x86)BonjourmDNSResponder.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{65F5E875-AACB-4828-B3B1-42103BDFB2B3}] => (Allow) C:Program FilesBonjourmDNSResponder.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{01A5D6E4-EBF9-4371-9EE5-E996683838C8}] => (Allow) C:Program FilesBonjourmDNSResponder.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{A2BD7810-96D4-49D1-AD22-284BE8D85E14}] => (Allow) C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{F8360520-D9D1-485F-B2A9-9D05FD85653A}] => (Allow) C:Program Files (x86)MicrosoftSkype for DesktopSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{89A323A9-F568-4D5C-B98C-867A3329A17E}] => (Allow) C:Program Files (x86)MicrosoftSkype for DesktopSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{D74046DF-2143-4446-8E69-A47693EFE719}] => (Allow) C:Program Files (x86)Zoombinairhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

FirewallRules: [{F3AB4A5F-DC56-42DE-BCAF-B39A7D0721BA}] => (Allow) C:Program Files (x86)Zoombinairhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

FirewallRules: [{EDD9417C-2536-4E1F-BEC9-DDAAB1F853E0}] => (Allow) C:Program Files (x86)ZoombinZoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

FirewallRules: [{6DD049EA-F680-44BC-A21A-A2A010BFA9AD}] => (Allow) C:Program FilesqBittorrentqbittorrent.exe () [File not signed]

FirewallRules: [{7036EADD-CB52-4A84-A728-0CF15856A476}] => (Allow) C:Program FilesqBittorrentqbittorrent.exe () [File not signed]

FirewallRules: [{03C6996B-A8D4-4171-8D9C-66919540AFA4}] => (Allow) C:Program FilesMozilla Firefoxfirefox.exe (Mozilla Corporation -> Mozilla Corporation)

FirewallRules: [{A5AFC4A2-9FE8-4462-83F1-FA93A27E6BAC}] => (Allow) C:Program FilesMozilla Firefoxfirefox.exe (Mozilla Corporation -> Mozilla Corporation)

FirewallRules: [TCP Query User{EDCC256B-293C-48F7-A551-F86F99BAA71C}C:userspatrickdownloadschrome-winchrome.exe] => (Allow) C:userspatrickdownloadschrome-winchrome.exe (The Chromium Authors) [File not signed]

FirewallRules: [UDP Query User{AAAB6BC1-C447-4F81-A7FB-57EA45CEEAF8}C:userspatrickdownloadschrome-winchrome.exe] => (Allow) C:userspatrickdownloadschrome-winchrome.exe (The Chromium Authors) [File not signed]

FirewallRules: [TCP Query User{BC3FC589-1673-4F87-A069-89E3D503565F}C:userspatrickdownloadschrome-winchrome.exe] => (Allow) C:userspatrickdownloadschrome-winchrome.exe (The Chromium Authors) [File not signed]

FirewallRules: [UDP Query User{29E4A8E2-C89B-4CE3-9157-98F64B361FC1}C:userspatrickdownloadschrome-winchrome.exe] => (Allow) C:userspatrickdownloadschrome-winchrome.exe (The Chromium Authors) [File not signed]

FirewallRules: [{7AD789C7-CC46-48E3-A902-B9AA7116C7BA}] => (Allow) C:Program Files (x86)Phase Five SystemsJump Desktop Connect6.7.52.0JumpConnect.exe (Phase Five Systems LLC -> Phase Five Systems)

FirewallRules: [{16B6D48F-806C-459E-9E19-9B496F5F6FF2}] => (Allow) C:Program Files (x86)Phase Five SystemsJump Desktop Connect6.7.52.0JumpConnect.exe (Phase Five Systems LLC -> Phase Five Systems)

FirewallRules: [TCP Query User{584CD948-D9B1-47AB-A6CE-A3A4F44FAA91}C:userspatrickappdatalocalmicrosoftonedrive21.073.0411.0002filecoauth.exe] => (Allow) C:userspatrickappdatalocalmicrosoftonedrive21.073.0411.0002filecoauth.exe => No File

FirewallRules: [UDP Query User{64CBC5BF-1A75-4D64-9C59-AA1FE82513DD}C:userspatrickappdatalocalmicrosoftonedrive21.073.0411.0002filecoauth.exe] => (Allow) C:userspatrickappdatalocalmicrosoftonedrive21.073.0411.0002filecoauth.exe => No File

FirewallRules: [{A9693627-8BF8-4E48-8A38-7B2854B5EDA6}] => (Block) C:userspatrickappdatalocalmicrosoftonedrive21.073.0411.0002filecoauth.exe => No File

FirewallRules: [{5C0BA439-16A9-476D-BD44-35DE1815D2DE}] => (Block) C:userspatrickappdatalocalmicrosoftonedrive21.073.0411.0002filecoauth.exe => No File

FirewallRules: [{0D8640A4-B56F-4C3F-B95A-09CC0DC47088}] => (Allow) C:Program FilesiTunesiTunes.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [TCP Query User{B44F0746-E4EC-4DF6-97E2-A2EED097F20B}C:userspatrickappdatalocalmicrosoftonedrive21.083.0425.0003filecoauth.exe] => (Allow) C:userspatrickappdatalocalmicrosoftonedrive21.083.0425.0003filecoauth.exe => No File

FirewallRules: [UDP Query User{F9E7E733-4904-4245-99FE-DCAE72CA2C0E}C:userspatrickappdatalocalmicrosoftonedrive21.083.0425.0003filecoauth.exe] => (Allow) C:userspatrickappdatalocalmicrosoftonedrive21.083.0425.0003filecoauth.exe => No File

FirewallRules: [TCP Query User{48CD682C-6501-4F14-A804-765ECA8E091B}C:userspatrickappdatalocalmicrosoftonedrive21.099.0516.0003filecoauth.exe] => (Block) C:userspatrickappdatalocalmicrosoftonedrive21.099.0516.0003filecoauth.exe => No File

FirewallRules: [UDP Query User{A14D423F-3A7F-4F5C-B86A-F672523E95F1}C:userspatrickappdatalocalmicrosoftonedrive21.099.0516.0003filecoauth.exe] => (Block) C:userspatrickappdatalocalmicrosoftonedrive21.099.0516.0003filecoauth.exe => No File

FirewallRules: [TCP Query User{B4B83966-EC72-4594-A62A-852CE1244FCF}C:userspatrickappdatalocalmicrosoftonedrive21.109.0530.0001filecoauth.exe] => (Allow) C:userspatrickappdatalocalmicrosoftonedrive21.109.0530.0001filecoauth.exe => No File

FirewallRules: [UDP Query User{961A5A01-6064-428B-8924-1FFB08443344}C:userspatrickappdatalocalmicrosoftonedrive21.109.0530.0001filecoauth.exe] => (Allow) C:userspatrickappdatalocalmicrosoftonedrive21.109.0530.0001filecoauth.exe => No File

FirewallRules: [{C4325E57-405C-4DA7-BABA-F4FECE34B2C3}] => (Block) C:userspatrickappdatalocalmicrosoftonedrive21.109.0530.0001filecoauth.exe => No File

FirewallRules: [{B8D29416-BA86-4885-8B65-DFEA61B8EF76}] => (Block) C:userspatrickappdatalocalmicrosoftonedrive21.109.0530.0001filecoauth.exe => No File

FirewallRules: [TCP Query User{DBD584A5-3965-4429-A825-A63AC3B84D65}C:windowssystem32sihost.exe] => (Block) C:windowssystem32sihost.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [UDP Query User{57AB6192-74B9-4DE4-BC29-708EF9DF8F4C}C:windowssystem32sihost.exe] => (Block) C:windowssystem32sihost.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [TCP Query User{A427C22E-A410-49CE-B274-F5A9C2488C56}C:windowsexplorer.exe] => (Allow) C:windowsexplorer.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [UDP Query User{F7059D6E-225A-4A20-B980-CD3CCE39F572}C:windowsexplorer.exe] => (Allow) C:windowsexplorer.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [TCP Query User{AA3E329F-AD67-443E-8BDF-5A209E1EB71E}C:windowssystem32dllhost.exe] => (Block) C:windowssystem32dllhost.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [UDP Query User{7297C8C5-50D8-4CFD-B69D-79C1D0BAC651}C:windowssystem32dllhost.exe] => (Block) C:windowssystem32dllhost.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [TCP Query User{F76BF122-0D02-4906-86B5-5719EDB0B238}C:userspatrickappdatalocalmicrosoftonedrive21.119.0613.0001filecoauth.exe] => (Allow) C:userspatrickappdatalocalmicrosoftonedrive21.119.0613.0001filecoauth.exe => No File

FirewallRules: [UDP Query User{A27F498E-8D6F-456C-A7F9-5F4DF3207084}C:userspatrickappdatalocalmicrosoftonedrive21.119.0613.0001filecoauth.exe] => (Allow) C:userspatrickappdatalocalmicrosoftonedrive21.119.0613.0001filecoauth.exe => No File

FirewallRules: [TCP Query User{4E67A07A-C379-4D47-B1EB-56160DA7F719}C:userspatrickappdatalocalmicrosoftonedrive21.129.0627.0002filecoauth.exe] => (Allow) C:userspatrickappdatalocalmicrosoftonedrive21.129.0627.0002filecoauth.exe => No File

FirewallRules: [UDP Query User{671E54DE-EB38-4096-A4CB-21877996C8ED}C:userspatrickappdatalocalmicrosoftonedrive21.129.0627.0002filecoauth.exe] => (Allow) C:userspatrickappdatalocalmicrosoftonedrive21.129.0627.0002filecoauth.exe => No File

FirewallRules: [TCP Query User{A81FF5FC-D152-4C39-84FE-97D46785A15A}C:program filesvideolanvlcvlc.exe] => (Block) C:program filesvideolanvlcvlc.exe (VideoLAN -> VideoLAN)

FirewallRules: [UDP Query User{1ACBFB33-466F-42E0-AAA9-8C20E35458B7}C:program filesvideolanvlcvlc.exe] => (Block) C:program filesvideolanvlcvlc.exe (VideoLAN -> VideoLAN)

FirewallRules: [TCP Query User{BAA6D5F4-1C88-4795-98E3-0DA1A1DC63FF}C:userspatrickappdatalocalmicrosoftonedrive21.139.0711.0001filecoauth.exe] => (Allow) C:userspatrickappdatalocalmicrosoftonedrive21.139.0711.0001filecoauth.exe => No File

FirewallRules: [UDP Query User{E404038D-5B91-43A7-B7EF-6D139FA6D5AD}C:userspatrickappdatalocalmicrosoftonedrive21.139.0711.0001filecoauth.exe] => (Allow) C:userspatrickappdatalocalmicrosoftonedrive21.139.0711.0001filecoauth.exe => No File

FirewallRules: [{FB1A61EF-5F33-4CAC-BBC1-9144AC22D924}] => (Block) C:userspatrickappdatalocalmicrosoftonedrive21.139.0711.0001filecoauth.exe => No File

FirewallRules: [{43484F5F-A186-472A-BA45-FE2BB0CBC01E}] => (Block) C:userspatrickappdatalocalmicrosoftonedrive21.139.0711.0001filecoauth.exe => No File

FirewallRules: [TCP Query User{78208AD5-3ECF-4D7E-A71D-BDDF4B8A7646}C:userspatrickappdatalocalmicrosoftonedrive21.150.0725.0001filecoauth.exe] => (Allow) C:userspatrickappdatalocalmicrosoftonedrive21.150.0725.0001filecoauth.exe => No File

FirewallRules: [UDP Query User{66E32B06-3382-4A4C-943D-63088B927779}C:userspatrickappdatalocalmicrosoftonedrive21.150.0725.0001filecoauth.exe] => (Allow) C:userspatrickappdatalocalmicrosoftonedrive21.150.0725.0001filecoauth.exe => No File

FirewallRules: [{8BFBEB56-C1C6-45B7-9986-829B19D47013}] => (Block) C:userspatrickappdatalocalmicrosoftonedrive21.150.0725.0001filecoauth.exe => No File

FirewallRules: [{34EB7443-4A14-4C54-8AC0-432284E5488C}] => (Block) C:userspatrickappdatalocalmicrosoftonedrive21.150.0725.0001filecoauth.exe => No File

FirewallRules: [{2C582927-9CE9-47B2-B814-1FF88BB586D6}] => (Allow) C:Program Files (x86)TeamViewerTeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

FirewallRules: [{DE2B1D2F-A3A3-4B19-99B2-4E83C2BDB06F}] => (Allow) C:Program Files (x86)TeamViewerTeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

FirewallRules: [{C86A0F04-301E-4274-9DC8-EFBEED56AE47}] => (Allow) C:Program Files (x86)TeamViewerTeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

FirewallRules: [{FA7A4022-659A-4878-B680-0C22B110868A}] => (Allow) C:Program Files (x86)TeamViewerTeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

FirewallRules: [{2DE00CD2-5B36-475B-A931-1866F523F50C}] => (Allow) C:Program FilesMicrosoft OfficerootOffice16outlook.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{4B2CEF2E-C049-4CEA-B463-4DB98B0291E0}] => (Allow) C:Program Files (x86)TeamViewerTeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

FirewallRules: [{F04373E5-6DD8-4F05-87A9-B844F1F025D7}] => (Allow) C:Program Files (x86)TeamViewerTeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

FirewallRules: [{E9FD665B-ED85-486B-8379-F61B587D1E90}] => (Allow) C:Program Files (x86)TeamViewerTeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

FirewallRules: [{E54699A0-F9C7-4584-B564-E912881684DC}] => (Allow) C:Program Files (x86)TeamViewerTeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

FirewallRules: [{DF6AA54D-0486-4BC4-9DE3-307060FCC033}] => (Allow) C:Program FilesOpera79.0.4143.72opera.exe (Opera Software AS -> Opera Software)

FirewallRules: [{04B542C7-6300-487C-B465-592E736FDCDC}] => (Allow) C:Program Files (x86)Remote MouseRemoteMouse.exe (remotemouse.net) [File not signed]

FirewallRules: [{F012C979-DBA1-4357-B64C-5F76E234D811}] => (Allow) C:Program Files (x86)Remote MouseRemoteMouse.exe (remotemouse.net) [File not signed]

FirewallRules: [{1697B4C9-7BF5-46F5-9D2A-DEEC0070B54A}] => (Allow) C:Program Files (x86)Remote MouseRemoteMouseCore.exe (RemoteMouse.net) [File not signed]

FirewallRules: [{210663C7-83DE-4399-80A2-10EE1A220AED}] => (Allow) C:Program Files (x86)Remote MouseRemoteMouseCore.exe (RemoteMouse.net) [File not signed]

FirewallRules: [TCP Query User{5CACCE86-BF97-4EE2-923D-813682F00068}C:program filesoperaopera.exe] => (Allow) C:program filesoperaopera.exe (Opera Software AS -> Opera Software)

FirewallRules: [UDP Query User{1EF6E2A1-785F-4FF9-B7CA-EE070D3537EB}C:program filesoperaopera.exe] => (Allow) C:program filesoperaopera.exe (Opera Software AS -> Opera Software)

FirewallRules: [{965C1E2F-15EC-4BAA-9CAF-4C0144EE7BE4}] => (Block) C:program filesoperaopera.exe (Opera Software AS -> Opera Software)

FirewallRules: [{33FDC051-C127-41B2-9E79-ACFE9031502B}] => (Block) C:program filesoperaopera.exe (Opera Software AS -> Opera Software)

FirewallRules: [{9FBF3DED-5F0D-4C03-8F5F-91DB8207C139}] => (Allow) C:Program FilesOpera80.0.4170.63opera.exe (Opera Software AS -> Opera Software)

FirewallRules: [TCP Query User{96EBCAFF-4C71-4447-B466-27588A2B54B2}C:userspatrickappdataroamingspotifyspotify.exe] => (Allow) C:userspatrickappdataroamingspotifyspotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [UDP Query User{BF2EDAC5-FD9F-408F-85CF-158C95A0FBB5}C:userspatrickappdataroamingspotifyspotify.exe] => (Allow) C:userspatrickappdataroamingspotifyspotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{6E530044-FD44-4AF4-AEBF-F8C9F18B2922}] => (Block) C:userspatrickappdataroamingspotifyspotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{56A970A7-66B8-4223-9D0C-ECC7A104D18F}] => (Block) C:userspatrickappdataroamingspotifyspotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{C29A9408-EEF4-4741-B0DC-70AB41E5B408}] => (Allow) C:Program Files (x86)DropboxClientDropbox.exe (Dropbox, Inc -> Dropbox, Inc.)

FirewallRules: [{A02FCC81-D3EE-44DD-B6A7-D0EE050B74A5}] => (Allow) C:Program FilesBraveSoftwareBrave-BrowserApplicationbrave.exe (Brave Software, Inc. -> Brave Software, Inc.)

==================== Restore Points =========================

05-11-2021 22:41:57 Removed Windows PC Health Check

==================== Faulty Device Manager Devices ============

Name: Android ADB Interface

Description: Android ADB Interface

Class Guid: {3f966bd9-fa04-4ec5-991c-d326973b5128}

Manufacturer: Google, Inc.

Service: WinUSB

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click “Update Driver” to update the drivers for this device.

On the “General Properties” tab of the device, click “Troubleshoot” to start the troubleshooting wizard.

Name: Bluetooth Device (Personal Area Network)

Description: Bluetooth Device (Personal Area Network)

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: BthPan

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click “Action”, and then click “Enable Device”. This starts the Enable Device wizard. Follow the instructions.

Name: Intel® Wi-Fi 6 AX200 160MHz

Description: Intel® Wi-Fi 6 AX200 160MHz

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Intel Corporation

Service: Netwtw10

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click “Action”, and then click “Enable Device”. This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: ========================

Application errors:

==================

Error: (11/05/2021 09:40:12 PM) (Source: RasClient) (EventID: 20227) (User: )

Description: CoId={C13CE025-CC1C-4029-A654-7E99A956A7C7}: The user CRUSTY-LAPTOPPatrick dialed a connection named IPVanish which has failed. The error code returned on failure is 0.

Error: (11/05/2021 09:40:11 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: CRUSTY-LAPTOP)

Description: Skipping: Eap method DLL path validation failed. Error: typeId=55, authorId=311, vendorId=0, vendorType=0

Error: (11/05/2021 09:40:11 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: CRUSTY-LAPTOP)

Description: Skipping: Eap method DLL path validation failed. Error: typeId=254, authorId=311, vendorId=14122, vendorType=1

Error: (11/05/2021 09:40:11 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: CRUSTY-LAPTOP)

Description: Skipping: Eap method DLL path validation failed. Error: typeId=55, authorId=311, vendorId=0, vendorType=0

Error: (11/05/2021 09:40:11 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: CRUSTY-LAPTOP)

Description: Skipping: Eap method DLL path validation failed. Error: typeId=254, authorId=311, vendorId=14122, vendorType=1

Error: (11/05/2021 09:40:11 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: CRUSTY-LAPTOP)

Description: Skipping: Eap method DLL path validation failed. Error: typeId=55, authorId=311, vendorId=0, vendorType=0

Error: (11/05/2021 09:40:11 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: CRUSTY-LAPTOP)

Description: Skipping: Eap method DLL path validation failed. Error: typeId=254, authorId=311, vendorId=14122, vendorType=1

Error: (11/05/2021 08:48:54 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)

Description: SCEP Certificate enrollment initialization for WORKGROUPCRUSTY-LAPTOP$ via https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

GetCACaps: Not Found

{“Message”:”The authority “amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net” does not exist.”}

HTTP/1.1 404 Not Found

Date: Sat, 06 Nov 2021 01:48:54 GMT

Content-Length: 121

Content-Type: application/json; charset=utf-8

X-Content-Type-Options: nosniff

Strict-Transport-Security: max-age=31536000;includeSubDomains

x-ms-request-id: d45456e6-2d41-46ed-bade-226d04b84907

Method: GET(250ms)

Stage: GetCACaps

Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

System errors:

=============

Error: (11/05/2021 08:14:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Connected Devices Platform User Service_14ac9f service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 3000 milliseconds: Restart the service.

Error: (11/05/2021 08:14:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The User Data Access_14ac9f service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (11/05/2021 08:14:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The User Data Storage_14ac9f service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (11/05/2021 08:14:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Contact Data_14ac9f service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (11/05/2021 08:14:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Sync Host_14ac9f service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (11/05/2021 08:14:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Clipboard User Service_14ac9f service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 3000 milliseconds: Restart the service.

Error: (11/05/2021 08:14:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Push Notifications User Service_14ac9f service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (11/05/2021 08:14:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Bluetooth User Support Service_14ac9f service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 500 milliseconds: Restart the service.

Windows Defender:

================

Date: 2021-11-05 22:52:55

Description:

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

https://go.microsoft.com/fwlink/?linkid=37020&name=SettingsModifier:Win32/PossibleHostsFileHijack&threatid=14994&enterprise=0

Name: SettingsModifier:Win32/PossibleHostsFileHijack

Severity: Medium

Category: Settings Modifier

Path: file:_C:WindowsSystem32driversetchosts

Detection Origin: Local machine

Detection Type: Concrete

Detection Source: System

Process Name: C:UsersPatrickOneDriveDesktopFRST64.exe

Security intelligence Version: AV: 1.353.506.0, AS: 1.353.506.0, NIS: 1.353.506.0

Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4

Date: 2021-11-05 22:14:26

Description:

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

https://go.microsoft.com/fwlink/?linkid=37020&name=SettingsModifier:Win32/PossibleHostsFileHijack&threatid=14994&enterprise=0

Name: SettingsModifier:Win32/PossibleHostsFileHijack

Severity: Medium

Category: Settings Modifier

Path: file:_C:WindowsSystem32driversetchosts

Detection Origin: Local machine

Detection Type: Concrete

Detection Source: System

Process Name: C:UsersPatrickDownloadschrome-winchrome.exe

Security intelligence Version: AV: 1.353.506.0, AS: 1.353.506.0, NIS: 1.353.506.0

Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4

Date: 2021-11-05 22:13:22

Description:

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

https://go.microsoft.com/fwlink/?linkid=37020&name=SettingsModifier:Win32/PossibleHostsFileHijack&threatid=14994&enterprise=0

Name: SettingsModifier:Win32/PossibleHostsFileHijack

Severity: Medium

Category: Settings Modifier

Path: file:_C:WindowsSystem32driversetchosts

Detection Origin: Local machine

Detection Type: Concrete

Detection Source: System

Process Name: C:UsersPatrickDownloadschrome-winchrome.exe

Security intelligence Version: AV: 1.353.506.0, AS: 1.353.506.0, NIS: 1.353.506.0

Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4

Date: 2021-11-05 22:13:21

Description:

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

https://go.microsoft.com/fwlink/?linkid=37020&name=SettingsModifier:Win32/PossibleHostsFileHijack&threatid=14994&enterprise=0

Name: SettingsModifier:Win32/PossibleHostsFileHijack

Severity: Medium

Category: Settings Modifier

Path: file:_C:WindowsSystem32driversetchosts

Detection Origin: Local machine

Detection Type: Concrete

Detection Source: System

Process Name: C:UsersPatrickDownloadschrome-winchrome.exe

Security intelligence Version: AV: 1.353.506.0, AS: 1.353.506.0, NIS: 1.353.506.0

Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4

Date: 2021-11-05 20:49:06

Description:

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

https://go.microsoft.com/fwlink/?linkid=37020&name=SettingsModifier:Win32/PossibleHostsFileHijack&threatid=14994&enterprise=0

Name: SettingsModifier:Win32/PossibleHostsFileHijack

Severity: Medium

Category: Settings Modifier

Path: file:_C:WindowsSystem32driversetchosts

Detection Origin: Local machine

Detection Type: Concrete

Detection Source: System

Process Name: Unknown

Security intelligence Version: AV: 1.353.506.0, AS: 1.353.506.0, NIS: 1.353.506.0

Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4



CodeIntegrity:

===============

Date: 2021-11-05 20:48:37

Description:

Windows is unable to verify the image integrity of the file DeviceHarddiskVolume3WindowsSystem32driversGUBootStartup.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: Insyde Corp. V1.03 04/07/2020

Motherboard: RO Kona_RN

Processor: AMD Ryzen 5 4500U with Radeon Graphics

Percentage of memory in use: 63%

Total physical RAM: 7549.3 MB

Available physical RAM: 2768.75 MB

Total Virtual: 15463.05 MB

Available Virtual: 9331.57 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:237.36 GB) (Free:21.66 GB) NTFS

\?Volume{169a7512-51a6-4012-a0c0-a8d0151289be} (Recovery) (Fixed) (Total:1 GB) (Free:0.49 GB) NTFS

\?Volume{34effd79-55db-439c-8d9d-366de0594cd5} (ESP) (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================

Disk: 0 (Size: 238.5 GB) (Disk ID: 1E1988B2)

Partition: GPT.

==================== End of Addition.txt =======================

Edited by wardr, Yesterday, 11:03 PM.

Leave a Comment