[SOLVED] Tnega!MSR Trojan Removed but Not Sure if Safe

meltis · Oct 11, 2023

My Windows Defender all of a sudden told me that it blocked / quarantined the following items:

I have told my windows defender to remove the files for "Threat removed or restored" and I know that for sure too as when I restarted my computer, it gave the popup that it could not locate those scripts.
I've ran a full scan as well as an offline scan using windows defender afterwards as well and it shows that there is nothing wrong now but I'm wondering if I'm safe or not.

DR M · Oct 11, 2023

Hello.

Welcome to Sysnative Forums.

I will be assisting you regarding your computer's issues. Here, we will check your computer for malware.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.

========================

To begin with:

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.

If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe

Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
Press Scan button and wait for a while.
The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
Please attach the content of these two logs in your next reply.

meltis · Oct 11, 2023

Hi, sorry but I also did something else before too.
I was following what this said:
Crackonosh: A New Malware Distributed in Cracked Software - Avast Threat Labs
and when I checked the stuff they had said to delete and such, I only had the ServiceInstaller.msi left in my System32 folder which I then deleted.
My registries didn't have any of the stuff that was listed in that site.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-10-2023
Ran by Meltis (administrator) on MELTISPC (ASUS System Product Name) (11-10-2023 04:19:43)
Running from C:\Users\Meltis\Downloads\FRST64.exe
Loaded Profiles: Meltis & SQLTELEMETRY$TEW_SQLEXPRESS
Platform: Microsoft Windows 10 Home Version 22H2 19045.3448 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe ->) (ASUSTeK COMPUTER INC. -> ) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent\ArmourySwAgent.exe
(C:\Program Files (x86)\Steam\steam.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <6>
(C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe ->) (Skutta, Kristjan -> ) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper64.exe
(C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.UserSessionHelper.exe
(C:\Program Files\Google\Chrome\Application\chrome.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\Meltis\Desktop\MSERT.exe <2>
(C:\Program Files\Google\Drive File Stream\81.0.5.0\GoogleDriveFS.exe ->) (Google LLC -> ) C:\Program Files\Google\Drive File Stream\81.0.5.0\crashpad_handler.exe
(C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe ->) (Siemens Industry Software Inc. -> Mentor Graphics Corporation) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\dispatcher.exe
(C:\Riot Games\Riot Client\RiotClientServices.exe ->) () [File not signed] C:\Riot Games\Riot Client\RiotClientCrashHandler.exe
(Discord Inc. -> Discord Inc.) C:\Users\Meltis\AppData\Local\Discord\app-1.0.9018\Discord.exe <6>
(explorer.exe ->) (Dassault Systemes SolidWorks Corp. -> Dassault Systèmes SolidWorks Corporation) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldworks_fs.exe
(explorer.exe ->) (Firebit OU -> Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <42>
(explorer.exe ->) (Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\81.0.5.0\GoogleDriveFS.exe <7>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe <2>
(explorer.exe ->) (Riot Games, Inc. -> Riot Games, Inc.) C:\Program Files\Riot Vanguard\vgtray.exe
(explorer.exe ->) (Riot Games, Inc. -> Riot Games, Inc.) C:\Riot Games\Riot Client\RiotClientServices.exe
(explorer.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
(Microsoft Corporation -> Sysinternals - www.sysinternals.com) C:\Users\Meltis\Desktop\New folder\Autoruns.exe
(RuntimeBroker.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\regedit.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUS Inc.) C:\Program Files (x86)\ASUS\GameSDK Service\GameSDK.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.) C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\2.03.28\AsusFanControlService.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AXSP\4.02.23\atkexComSvc.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) C:\Program Files (x86)\LightingService\LightingService.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.) C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe
(services.exe ->) (Dassault Systemes SolidWorks Corp. -> ) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\server\EwServer.exe
(services.exe ->) (Dassault Systemes SolidWorks Corp. -> Dassault Systèmes) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Visualize\SWVisualize.Queue.Server.exe
(services.exe ->) (Flexera Software LLC -> Flexera) C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
(services.exe ->) (Flexera Software LLC -> Flexera) C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\SOLIDWORKS Electrical\MSSQL15.TEW_SQLEXPRESS\MSSQL\Binn\sqlceip.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\SOLIDWORKS Electrical\MSSQL15.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_7e5fd280efaa5445\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Siemens Industry Software Inc. -> Mentor Graphics Corporation) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe
(services.exe ->) (Skutta, Kristjan -> ) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe
(services.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\steamservice.exe
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ) C:\Program Files\ASUS\KINGSTON_Aac_DRAM\AacKingstonDramHal_x64.exe
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ) C:\Program Files\ASUS\KINGSTON_Aac_DRAM\AacKingstonDramHal_x86.exe
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\NoiseCancelingEngine.exe
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek Compputer Inc.) C:\Program Files\ASUS\AacMB\Aac3572MbHal_x86.exe <2>
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe <9>
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.) C:\Program Files\ASUS\AacExtCard\extensionCardHal_x86.exe
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.) C:\Program Files\ASUS\ASUS_Aac_DRAM\Aac3572DramHal_x86.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.199.0924.0001\FileCoAuth.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.7272.0_x64__8wekyb3d8bbwe\GameBar.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.7272.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [3022640 2023-09-25] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM-x32\...\Run: [Genshin Impact_launcher_mihoyo_1_0] => [X]
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [142543160 2023-07-06] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [Star Rail_launcher_hoyoverse_PC_1_1] => [X]
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\81.0.5.0\GoogleDriveFS.exe [55259936 2023-09-23] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\81.0.5.0\GoogleDriveFS.exe [55259936 2023-09-23] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2588592 2023-10-06] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\Run: [Discord] => C:\Users\Meltis\AppData\Local\Discord\Update.exe [1525016 2023-07-31] (Discord Inc. -> GitHub)
HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4375912 2023-09-29] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\81.0.5.0\GoogleDriveFS.exe [55259936 2023-09-23] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\Run: [RiotClient] => C:\Riot Games\Riot Client\RiotClientServices.exe [70913464 2023-10-05] (Riot Games, Inc. -> Riot Games, Inc.)
HKU\S-1-5-80-2079297812-3395903788-2019235919-340588434-3960611093\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2588592 2023-10-06] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\81.0.5.0\GoogleDriveFS.exe [55259936 2023-09-23] (Google LLC -> Google, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\117.0.5938.150\Installer\chrmstp.exe [2023-10-09] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS 2022 Fast Start.lnk [2023-09-27]
ShortcutTarget: SOLIDWORKS 2022 Fast Start.lnk -> C:\Windows\Installer\{26EA0056-4BAD-4F9E-BDCE-A72E25C7D06D}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera) [File not signed]
Startup: C:\Users\Meltis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2023-09-10]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Firebit OU -> Rainmeter)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3A69C88A-DCD4-4FCA-9B79-C0802135FDCC} - System32\Tasks\ASUS\AcPowerNotification => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe [313192 2023-07-25] (ASUSTeK COMPUTER INC. -> ASUS)
Task: {051E985B-880C-47D4-8161-F78AE16B4CBD} - System32\Tasks\ASUS\ArmourySocketServer => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe [1898344 2023-07-25] (ASUSTeK COMPUTER INC. -> ASUS)
Task: {B5EAA203-E2E6-48B4-B718-7DE4B0F3D7AC} - System32\Tasks\ASUS\ASUSUpdateTaskMachineCore1d9deb6337d8ca0 => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [165224 2023-09-03] (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.)
Task: {CE0E07EE-9181-47A9-958F-E2E1F0B5C15D} - System32\Tasks\ASUS\ASUSUpdateTaskMachineUA => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [165224 2023-09-03] (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.)
Task: {0AC913CE-1343-410A-BBF3-1A4F738493FB} - System32\Tasks\ASUS\Framework Service => C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe [139091304 2023-07-19] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
Task: {12949E7C-3916-4ADB-BFC1-D72C56254376} - System32\Tasks\ASUS\NoiseCancelingEngine => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\NoiseCancelingEngine.exe [1254760 2023-07-05] (ASUSTeK COMPUTER INC. -> ASUS)
Task: {385248BC-02D8-48D5-9E1A-D0DC33B7CA53} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe (No File)
Task: {08618B9F-380D-42D1-995E-6F6F06B01ABF} - System32\Tasks\GoogleUpdateTaskMachineCore{DB4144DA-7501-4611-A5E6-0EE892CD924F} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162072 2023-09-04] (Google LLC -> Google LLC)
Task: {C4D68E70-F843-4406-86BD-E53335516E2F} - System32\Tasks\GoogleUpdateTaskMachineUA{B6E74B6A-F7EE-446B-96E5-0F2665CFDDF9} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162072 2023-09-04] (Google LLC -> Google LLC)
Task: {8A02745B-4EA0-4436-9E5E-0B963FE93F34} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26974216 2023-10-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {2D9B1AE4-F0DB-4958-ABE4-E4562DA27C9E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26974216 2023-10-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {774D67F1-745C-4A6E-BC3A-A60A05ADC17F} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [160920 2023-10-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {BE4F86F8-6858-4D28-B1EE-9F7458E16098} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [160920 2023-10-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {FF929A4A-FDF0-485A-B87C-7FF6DF1999AD} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [169136 2023-10-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {60EC07EC-54F9-4B42-BB43-E9F84C75AD45} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4413368 2023-10-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {C083F20F-9F39-44C9-84DD-3C7436067A40} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => StartupCheck.vbs (No File)
Task: {05CC55EB-AE0B-4A1B-9C17-2C99D7B382CE} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\DF1A15CC-52D6-49A2-9F15-CF3475ED2B70\OS Edition Upgrade event listener created by enrollment client => C:\Windows\system32\deviceenroller.exe [472576 2023-09-14] (Microsoft Windows -> Microsoft Corporation)
Task: {0AEE80E4-82E0-48E1-A058-C74A3E40C853} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\DF1A15CC-52D6-49A2-9F15-CF3475ED2B70\Passport for Work alert created by enrollment client => C:\Windows\system32\deviceenroller.exe [472576 2023-09-14] (Microsoft Windows -> Microsoft Corporation)
Task: {F1067F44-97F0-45C3-AD00-EF53A06723AE} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\DF1A15CC-52D6-49A2-9F15-CF3475ED2B70\Provisioning initiated session => C:\Windows\system32\deviceenroller.exe [472576 2023-09-14] (Microsoft Windows -> Microsoft Corporation)
Task: {867C7838-43FD-45DC-B99C-1CBE60DCFB46} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\DF1A15CC-52D6-49A2-9F15-CF3475ED2B70\PushLaunch => C:\Windows\system32\deviceenroller.exe [472576 2023-09-14] (Microsoft Windows -> Microsoft Corporation)
Task: {0D146319-BB7B-4935-A979-4381933663CA} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\DF1A15CC-52D6-49A2-9F15-CF3475ED2B70\PushRenewal => C:\Windows\system32\deviceenroller.exe [472576 2023-09-14] (Microsoft Windows -> Microsoft Corporation)
Task: {13836F50-8229-43F5-86CC-A91C4D773BE7} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\DF1A15CC-52D6-49A2-9F15-CF3475ED2B70\Schedule #1 created by enrollment client => C:\Windows\system32\deviceenroller.exe [472576 2023-09-14] (Microsoft Windows -> Microsoft Corporation)
Task: {DC062979-5C80-4C7D-A84C-E47F582798C6} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\DF1A15CC-52D6-49A2-9F15-CF3475ED2B70\Schedule #2 created by enrollment client => C:\Windows\system32\deviceenroller.exe [472576 2023-09-14] (Microsoft Windows -> Microsoft Corporation)
Task: {C68FB8D6-49E1-42D0-8795-70CFD6807E29} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\DF1A15CC-52D6-49A2-9F15-CF3475ED2B70\Schedule #3 created by enrollment client => C:\Windows\system32\deviceenroller.exe [472576 2023-09-14] (Microsoft Windows -> Microsoft Corporation)
Task: {04D8B7CF-CD96-445B-A8EB-74DF529211BD} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\DF1A15CC-52D6-49A2-9F15-CF3475ED2B70\Schedule created by enrollment client for renewal of certificate warning => C:\Windows\system32\deviceenroller.exe [472576 2023-09-14] (Microsoft Windows -> Microsoft Corporation)
Task: {0A979E12-AF51-44AC-BA23-A8B8D6BC65FF} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\DF1A15CC-52D6-49A2-9F15-CF3475ED2B70\Schedule to run OMADMClient by client => C:\Windows\system32\omadmclient.exe [468992 2023-09-14] (Microsoft Windows -> Microsoft Corporation)
Task: {F2BFE3FD-7A05-48A6-89D9-E3323F83F339} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\DF1A15CC-52D6-49A2-9F15-CF3475ED2B70\Schedule to run OMADMClient by server => C:\Windows\system32\omadmclient.exe [468992 2023-09-14] (Microsoft Windows -> Microsoft Corporation)
Task: {56FA615B-3D71-4727-80CF-9FB5E107DA58} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\DF1A15CC-52D6-49A2-9F15-CF3475ED2B70\Win10 S Mode event listener created by enrollment client => C:\Windows\system32\deviceenroller.exe [472576 2023-09-14] (Microsoft Windows -> Microsoft Corporation)
Task: {770CD0BA-2C3E-405A-B345-B90E96420BD9} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\DF1A15CC-52D6-49A2-9F15-CF3475ED2B70\Wsc Startup event listener created by enrollment client => C:\Windows\system32\deviceenroller.exe [472576 2023-09-14] (Microsoft Windows -> Microsoft Corporation)
Task: {3117B4C3-821B-44D3-AC32-F1CB97D20EFE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1C0B8A44-7B72-4135-A17E-0A1150B3AF4B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2DB58DEE-CCB8-48CA-AF5F-7D0FE8002F22} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EC825460-F27D-438A-A1FD-C9B2661E62DA} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [676768 2023-10-11] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {02A48E3A-22EA-47F8-9028-4D6FDFCC3039} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [718240 2023-10-11] (Mozilla Corporation -> Mozilla Foundation)
Task: {C9B75801-4C2D-4A5F-A029-7EA80BCE4DF6} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130720 2023-10-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {B9AC0435-9C4A-4351-8D3F-C545D37107F0} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3320682118-2640290401-2509692745-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130720 2023-10-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {CF616355-33AF-4D2D-9D59-609A6ED80CEC} - System32\Tasks\SOLIDWORKS Electrical Archiver => C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\bin\EwEnvironmentArchiver\ewenvironmentarchiver.exe [278008 2022-06-17] (Dassault Systemes SolidWorks Corp. -> Dassault Systèmes SolidWorks Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\SOLIDWORKS Electrical Archiver.job => C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\bin\EwEnvironmentArchiver\ewenvironmentarchiver.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-30] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{08f3d90a-0e44-4647-aaaa-913869c9aa42}: [DhcpNameServer] 64.59.135.148 64.59.128.114
Tcpip\..\Interfaces\{de892636-0c80-4076-b91c-d94292f428b7}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge Profile: C:\Users\Meltis\AppData\Local\Microsoft\Edge\User Data\Default [2023-09-06]

FireFox:
========
FF DefaultProfile: vqds55kp.default
FF ProfilePath: C:\Users\Meltis\AppData\Roaming\Mozilla\Firefox\Profiles\vqds55kp.default [2023-10-10]
FF ProfilePath: C:\Users\Meltis\AppData\Roaming\Mozilla\Firefox\Profiles\86fjmt5s.default-release [2023-10-11]
FF Extension: (FastForward) - C:\Users\Meltis\AppData\Roaming\Mozilla\Firefox\Profiles\86fjmt5s.default-release\Extensions\addon@fastforward.team.xpi [2023-10-10]
FF Extension: (uBlock Origin) - C:\Users\Meltis\AppData\Roaming\Mozilla\Firefox\Profiles\86fjmt5s.default-release\Extensions\uBlock0@raymondhill.net.xpi [2023-10-10]
FF Plugin: 3ds.com/ComposerPlayerWebPlugin_x86_64 -> C:\PROGRA~1\SOLIDW~1\SOLIDW~3\Bin\NPCOMP~1.DLL [2022-06-17] (DASSAULT SYSTEMES SE -> Dassault Systemes)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-09-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin-x32: 3ds.com/ComposerPlayerWebPlugin -> C:\PROGRA~1\SOLIDW~1\SOLIDW~3\Bin\x86\NPCOMP~1.DLL [2022-06-17] (DASSAULT SYSTEMES SE -> Dassault Systemes)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2023-09-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-10-03] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Profile 4
CHR Profile: C:\Users\Meltis\AppData\Local\Google\Chrome\User Data\Profile 4 [2023-10-11]
CHR Extension: (Pixiv Toolkit) - C:\Users\Meltis\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ajlcnbbeidbackfknkgknjefhmbngdnj [2023-09-26]
CHR Extension: (h264ify) - C:\Users\Meltis\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aleakchihdccplidncghkekgioiakgal [2023-09-26]
CHR Extension: (Authenticator) - C:\Users\Meltis\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\bhghoamapcdpbohphigoooaddinpkbai [2023-09-26]
CHR Extension: (PayPal Honey: Automatic Coupons & Cash Back) - C:\Users\Meltis\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2023-09-26]
CHR Extension: (uBlock Origin) - C:\Users\Meltis\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2023-09-26]
CHR Extension: (change-language) - C:\Users\Meltis\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\cofdbpoegempjloogbagkncekinflcnj [2023-09-26]
CHR Extension: (User-Agent Switcher for Chrome) - C:\Users\Meltis\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2023-09-26]
CHR Extension: (Return YouTube Dislike) - C:\Users\Meltis\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gebbhagfogifgggkldgodflihgfeippi [2023-09-26]
CHR Extension: (Google Docs Offline) - C:\Users\Meltis\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-26]
CHR Extension: (Screenshot YouTube) - C:\Users\Meltis\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gjoijpfmdhbjkkgnmahganhoinjjpohk [2023-09-26]
CHR Extension: (Violentmonkey) - C:\Users\Meltis\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\jinjaccalgkegednnccohejagnlnfdag [2023-09-26]
CHR Extension: (Image Search Options) - C:\Users\Meltis\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\kljmejbpilkadikecejccebmccagifhl [2023-09-26]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\Meltis\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-09-26]
CHR Extension: (Google Images Restored) - C:\Users\Meltis\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ncndcebmkibkhopclfdjfacgfholcghi [2023-09-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Meltis\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-09-26]
CHR Extension: (The Marvellous Suspender) - C:\Users\Meltis\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\noogafoofpebimajpfpamcfhoaifemoa [2023-09-26]
CHR Extension: (Add to Buyee) - C:\Users\Meltis\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ocjpgibbldacmpedgjgmcdcikjeopnpb [2023-09-26]
CHR Profile: C:\Users\Meltis\AppData\Local\Google\Chrome\User Data\System Profile [2023-09-26]
CHR HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ArmouryCrateService; C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe [399992 2023-08-11] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.02.23\atkexComSvc.exe [896872 2023-05-19] (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.)
S2 asus; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [165224 2023-09-03] (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.)
R2 AsusCertService; C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe [558104 2022-05-19] (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\2.03.28\AsusFanControlService.exe [1735528 2023-07-06] (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.)
S3 asusm; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [165224 2023-09-03] (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.)
S2 AsusROGLSLService; C:\Program Files (x86)\ASUS\AsusROGLSLService\AsusROGLSLService.exe [681832 2023-09-04] (ASUSTeK COMPUTER INC. -> ASUS)
S2 AsusUpdateCheck; C:\Windows\System32\AsusUpdateCheck.exe [840144 2023-10-11] (ASUSTeK COMPUTER INC. -> )
R2 AzureAttestService; C:\Program Files\Microsoft\AzureAttestService\AzureAttestService.dll [151288 2019-07-24] (Microsoft Windows -> Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12859472 2023-10-03] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1135648 2023-09-04] (EasyAntiCheat Oy -> Epic Games, Inc)
R2 ewserver; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\server\EwServer.exe [192504 2022-06-17] (Dassault Systemes SolidWorks Corp. -> )
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.199.0924.0001\FileSyncHelper.exe [3503544 2023-10-06] (Microsoft Corporation -> Microsoft Corporation)
R2 GameSDK Service; C:\Program Files (x86)\ASUS\GameSDK Service\GameSDK.exe [397544 2022-05-31] (ASUSTeK COMPUTER INC. -> ASUS Inc.)
R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [10688256 2023-09-24] (Logitech Inc -> Logitech, Inc.)
R2 LightingService; C:\Program Files (x86)\LightingService\LightingService.exe [4283240 2023-05-31] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
R2 MSSQL$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL15.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe [626280 2019-09-24] (Microsoft Corporation -> Microsoft Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.199.0924.0001\OneDriveUpdaterService.exe [3840432 2023-10-06] (Microsoft Corporation -> Microsoft Corporation)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc)
R2 RemoteSolverDispatcher; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe [250568 2022-06-17] (Siemens Industry Software Inc. -> Mentor Graphics Corporation)
R2 ROG Live Service; C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe [1665648 2023-07-25] (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2023-09-27] (SolidWorks) [File not signed]
S4 SQLAgent$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL15.TEW_SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [695912 2019-09-24] (Microsoft Corporation -> Microsoft Corporation)
R2 SQLTELEMETRY$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL15.TEW_SQLEXPRESS\MSSQL\Binn\sqlceip.exe [290648 2019-09-24] (Microsoft Corporation -> Microsoft Corporation)
R2 SWVisualize2022.Queue.Server; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Visualize\SWVisualize.Queue.Server.exe [32968 2022-06-17] (Dassault Systemes SolidWorks Corp. -> Dassault Systèmes)
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [9402904 2023-09-25] (Riot Games, Inc. -> Riot Games, Inc.)
R2 Wallpaper Engine Service; C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe [134752 2023-09-24] (Skutta, Kristjan -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\NisSrv.exe [3116904 2023-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe [133584 2023-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_7e5fd280efaa5445\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_7e5fd280efaa5445\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACE-BASE; C:\Windows\system32\drivers\ACE-BASE.sys [1869904 2023-10-10] (HIGH MORALE DEVELOPMENTS LIMITED -> ANTICHEATEXPERT.COM)
R1 Asusgio3; C:\Windows\system32\drivers\AsIO3.sys [49256 2022-08-16] (ASUSTeK COMPUTER INC. -> )
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 cpuz154; C:\Windows\temp\cpuz154\cpuz154_x64.sys [40976 2023-10-11] (Microsoft Windows Hardware Compatibility Publisher -> CPUID)
R1 CTIAIO; C:\Windows\system32\drivers\CtiAIo64.sys [32840 2023-09-03] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Innovation Co., LTd.)
R1 googledrivefs31092; C:\Windows\System32\DRIVERS\googledrivefs31092.sys [384600 2023-09-04] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
S3 HoYoProtect; C:\Windows\system32\HoYoKProtect.sys [3716608 2023-09-17] (Microsoft Windows Hardware Compatibility Publisher -> miHoYo)
R3 logi_joy_bus_enum; C:\Windows\system32\drivers\logi_joy_bus_enum.sys [44880 2023-09-10] (Logitech Inc -> Logitech)
S3 logi_joy_vir_hid; C:\Windows\system32\drivers\logi_joy_vir_hid.sys [32080 2023-09-10] (Logitech Inc -> Logitech)
R3 logi_joy_xlcore; C:\Windows\system32\drivers\logi_joy_xlcore.sys [73040 2023-09-10] (Logitech Inc -> Logitech)
R3 MpKsl99a70982; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5579D55F-C988-49E3-8C55-19CE71746913}\MpKslDrv.sys [263560 2023-10-11] (Microsoft Windows -> Microsoft Corporation)
R1 MSIO; C:\Windows\system32\drivers\MsIo64.sys [19000 2023-04-05] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd)
S4 RsFx0600; C:\Windows\System32\DRIVERS\RsFx0600.sys [286976 2019-09-24] (Microsoft Corporation -> Microsoft Corporation)
R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [21460800 2023-09-24] (Riot Games, Inc. -> Riot Games, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [55856 2023-10-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [572712 2023-10-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105872 2023-10-04] (Microsoft Windows -> Microsoft Corporation)
S3 cpuz157; \??\C:\Windows\temp\cpuz157\cpuz157_x64.sys [X]
U2 MVXLDR; no ImagePath
U2 MVXPRO; no ImagePath
U2 PLSLT; no ImagePath
U2 VERSA2; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-10-11 04:19 - 2023-10-11 04:19 - 000036362 _____ C:\Users\Meltis\Downloads\FRST.txt
2023-10-11 04:19 - 2023-10-11 04:19 - 000000000 ____D C:\FRST
2023-10-11 04:18 - 2023-10-11 04:19 - 002383360 _____ (Farbar) C:\Users\Meltis\Downloads\FRST64.exe
2023-10-11 03:17 - 2023-10-11 03:17 - 137625600 _____ C:\Windows\system32\config\SOFTWARE
2023-10-11 03:17 - 2023-10-11 03:17 - 000000000 ____D C:\Windows\Microsoft Antimalware
2023-10-11 01:26 - 2023-10-11 01:26 - 000000000 ____D C:\Users\Meltis\Desktop\New folder
2023-10-11 01:25 - 2023-10-11 01:25 - 002969821 _____ C:\Users\Meltis\Desktop\Autoruns.zip
2023-10-11 01:04 - 2023-10-11 01:04 - 000000000 _____ C:\Windows\system32\setup4.2.6.tmp
2023-10-11 01:01 - 2023-10-11 01:01 - 000000000 ____D C:\Users\Meltis\AppData\Local\Intel
2023-10-10 17:53 - 2023-10-10 17:53 - 000000000 ___HD C:\$WinREAgent
2023-10-10 03:50 - 2023-10-11 03:34 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-10-10 03:50 - 2023-10-11 01:18 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-10-10 03:50 - 2023-10-11 01:18 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-10-10 03:50 - 2023-10-11 01:12 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-10-10 03:50 - 2023-10-10 03:50 - 000002038 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk
2023-10-10 03:50 - 2023-10-10 03:50 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2023-10-10 03:50 - 2023-10-10 03:50 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\Mozilla
2023-10-10 03:50 - 2023-10-10 03:50 - 000000000 ____D C:\Users\Meltis\AppData\Local\Mozilla
2023-10-09 23:25 - 2023-10-09 23:25 - 071250061 _____ C:\Users\Meltis\Downloads\tingyun h.7z
2023-10-09 14:28 - 2023-10-09 14:28 - 000000000 ____D C:\Users\Meltis\AppData\LocalLow\illusion_Koikatu
2023-10-08 17:23 - 2023-10-08 17:24 - 000000000 ____D C:\Users\Meltis\AppData\Local\Roblox
2023-10-08 17:23 - 2023-10-08 17:23 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2023-10-08 02:48 - 2023-10-08 02:48 - 005706790 _____ C:\Users\Meltis\Downloads\barbarasummertimebikinimod_578bc.rar
2023-10-08 01:07 - 2023-10-08 01:07 - 000000000 ____D C:\Users\Meltis\AppData\LocalLow\Adobe
2023-10-08 01:02 - 2023-10-08 01:02 - 000000000 ____D C:\Users\Meltis\AppData\Local\Adobe
2023-10-07 19:30 - 2023-10-07 19:30 - 000000000 ____D C:\Games
2023-10-07 17:49 - 2023-10-07 17:55 - 000000000 ____D C:\Users\Meltis\Downloads\Koikatsu HF Patch v3.22
2023-10-07 17:48 - 2023-10-07 18:28 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\qBittorrent
2023-10-07 17:48 - 2023-10-07 17:49 - 000000000 ____D C:\Users\Meltis\AppData\Local\qBittorrent
2023-10-07 17:48 - 2023-10-07 17:48 - 000000000 ____D C:\Program Files\qBittorrent
2023-10-07 17:31 - 2023-10-07 17:31 - 000000000 ____D C:\Users\Meltis\AppData\Local\https___github.com_Illusi
2023-10-07 16:59 - 2023-10-07 16:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2023-10-07 16:59 - 2023-10-07 16:59 - 000000000 ____D C:\Program Files\7-Zip
2023-10-07 16:49 - 2023-10-07 16:49 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\.mono
2023-10-07 16:36 - 2023-10-07 16:36 - 000000000 ____D C:\Users\Meltis\AppData\LocalLow\illusion__Koikatu
2023-10-07 16:18 - 2023-10-07 16:18 - 000000769 _____ C:\Users\Meltis\AppData\Local\recently-used.xbel
2023-10-07 16:13 - 2023-10-07 16:34 - 000000000 ____D C:\Users\Meltis\Downloads\Koikatsu
2023-10-07 15:27 - 2023-10-09 14:28 - 000000000 ____D C:\Users\Meltis\AppData\Local\CrashDumps
2023-10-07 15:25 - 2023-10-08 03:05 - 000000000 ____D C:\Windows\system32\Tasks\MEGA
2023-10-07 15:25 - 2023-10-07 21:09 - 000000000 ____D C:\Users\Meltis\Documents\MEGAsync Downloads
2023-10-07 15:25 - 2023-10-07 15:25 - 000000000 ____D C:\Users\Meltis\AppData\Local\Mega Limited
2023-10-07 15:23 - 2023-10-07 15:35 - 000000000 ____D C:\ProgramData\ULSMVX
2023-10-07 15:23 - 2023-10-07 15:27 - 000000000 ____D C:\ProgramData\ULSILS
2023-10-07 15:22 - 2023-10-08 03:28 - 000000000 ____D C:\ProgramData\ULSDAT
2023-10-07 15:22 - 2023-10-08 03:28 - 000000000 ____D C:\Program Files (x86)\ulsdb
2023-10-07 15:22 - 2023-10-07 15:22 - 000003120 _____ C:\Windows\SysWOW64\Y7IHIHFC.ocx
2023-10-07 15:22 - 2023-10-07 15:22 - 000003120 _____ C:\Windows\SysWOW64\AJHFCHET.ocx
2023-10-07 15:22 - 2023-10-07 15:22 - 000003120 _____ C:\Windows\9Q487DGI.ocx
2023-10-07 15:22 - 2023-10-07 15:22 - 000003120 _____ C:\Windows\9HVFAI45.ocx
2023-10-07 15:21 - 2023-10-08 03:28 - 000000000 ____D C:\Program Files (x86)\ULS
2023-10-07 15:18 - 2023-10-07 16:18 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\inkscape
2023-10-07 15:18 - 2023-10-07 15:24 - 000000000 ____D C:\Users\Meltis\.dbus-keyrings
2023-10-07 15:18 - 2023-10-07 15:18 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Inkscape
2023-10-07 15:18 - 2023-10-07 15:18 - 000000000 ____D C:\Users\Meltis\AppData\Local\gtk-3.0
2023-10-07 15:18 - 2023-10-07 15:18 - 000000000 ____D C:\Users\Meltis\AppData\Local\fontconfig
2023-10-07 15:17 - 2023-10-07 15:18 - 000000000 ____D C:\Program Files\Inkscape
2023-10-07 14:42 - 2023-10-07 14:42 - 030829469 _____ C:\Users\Meltis\Downloads\2023-September② 信浓_Shinano_しなの(swimsuit).zip
2023-10-06 22:31 - 2023-10-06 22:31 - 000206893 _____ C:\Users\Meltis\Downloads\removetransparencyfilter_44710.zip
2023-10-06 15:07 - 2023-10-06 15:07 - 000000000 ____D C:\Users\Meltis\Documents\My Palettes
2023-10-06 15:07 - 2023-10-06 15:07 - 000000000 ____D C:\Users\Meltis\Documents\Corel
2023-10-06 15:07 - 2023-10-06 15:07 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\Corel
2023-10-06 15:07 - 2023-10-06 15:07 - 000000000 ____D C:\ProgramData\Protexis64
2023-10-06 15:05 - 2023-10-06 15:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X7 (64-bit)
2023-10-06 15:05 - 2023-10-06 15:05 - 000000000 ____D C:\Users\Public\Documents\Corel
2023-10-06 15:05 - 2023-10-06 15:05 - 000000000 ____D C:\Program Files\Corel
2023-10-06 15:05 - 2023-10-06 15:05 - 000000000 ____D C:\Program Files\Common Files\Protexis
2023-10-06 15:01 - 2023-10-06 15:05 - 000000000 ____D C:\ProgramData\Corel
2023-10-06 14:45 - 2023-10-06 15:07 - 000000000 ____D C:\ProgramData\CorelDRAW Graphics Suite X7 x64
2023-10-06 14:45 - 2023-10-06 14:45 - 000000000 ____D C:\Program Files\Common Files\Corel
2023-10-05 22:26 - 2023-10-05 22:26 - 000000000 ____D C:\ProgramData\PLUG
2023-10-05 18:26 - 2023-10-05 18:26 - 000000000 ____D C:\Program Files\RUXIM
2023-10-04 18:46 - 2023-10-04 18:46 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\Goldberg SteamEmu Saves
2023-10-04 18:46 - 2023-10-04 18:46 - 000000000 ____D C:\Users\Meltis\AppData\LocalLow\Dieselmine
2023-10-04 17:57 - 2023-08-14 12:13 - 005334952 _____ (Intel Corporation) C:\Windows\system32\Drivers\Netwtw12.sys
2023-10-04 17:57 - 2023-08-14 12:13 - 001475496 _____ (Intel Corporation) C:\Windows\system32\IntelIHVRouter12.dll
2023-10-03 23:56 - 2023-10-03 23:56 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2023-10-03 02:12 - 2023-10-03 02:13 - 000001866 _____ C:\Users\Meltis\Desktop\GenshinImpact - Shortcut.lnk
2023-10-01 16:36 - 2023-10-10 20:15 - 001869904 _____ (ANTICHEATEXPERT.COM) C:\Windows\system32\Drivers\ACE-BASE.sys
2023-10-01 16:36 - 2023-10-01 16:36 - 000000000 ____D C:\Users\Meltis\AppData\LocalLow\Cognosphere
2023-10-01 15:28 - 2023-10-01 15:28 - 000000000 ____D C:\Users\Meltis\AppData\LocalLow\miHoYo
2023-09-28 01:46 - 2023-09-28 01:46 - 000000000 ____D C:\Users\Meltis\Documents\My Games
2023-09-28 01:26 - 2023-09-28 01:26 - 000000000 ____D C:\Users\Meltis\Documents\Steam Cloud
2023-09-28 01:26 - 2023-09-28 01:26 - 000000000 ____D C:\Users\Meltis\AppData\LocalLow\HoloCure
2023-09-28 01:26 - 2023-09-28 01:26 - 000000000 ____D C:\Users\Meltis\AppData\Local\HoloCure
2023-09-27 22:39 - 2023-10-09 00:29 - 000000000 ____D C:\osu!
2023-09-27 22:39 - 2023-09-27 22:39 - 000000611 _____ C:\Users\Meltis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\osu!.lnk
2023-09-27 22:00 - 2023-09-27 22:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CLIP STUDIO
2023-09-27 22:00 - 2023-09-27 22:00 - 000000000 ____D C:\ProgramData\CELSYS
2023-09-27 22:00 - 2023-09-27 22:00 - 000000000 ____D C:\Program Files\CELSYS
2023-09-27 21:57 - 2023-09-27 21:58 - 000000000 ____D C:\Users\Meltis\AppData\Local\TempSWBackupDirectory
2023-09-27 21:57 - 2023-09-27 21:57 - 000000000 ____D C:\Users\Meltis\Documents\SOLIDWORKSComposer
2023-09-27 21:56 - 2023-09-27 21:57 - 000000000 ____D C:\Users\Meltis\AppData\Local\SolidWorks
2023-09-27 21:56 - 2023-09-27 21:56 - 000000000 ____D C:\ProgramData\FLEXnet
2023-09-27 21:38 - 2023-09-27 21:38 - 000000000 ____D C:\ProgramData\Simpoe
2023-09-27 21:38 - 2023-09-27 21:38 - 000000000 ____D C:\ProgramData\COSMOS Applications
2023-09-27 21:35 - 2023-09-28 17:42 - 000000432 _____ C:\Windows\Tasks\SOLIDWORKS Electrical Archiver.job
2023-09-27 21:35 - 2023-09-27 21:35 - 000003250 _____ C:\Windows\system32\Tasks\SOLIDWORKS Electrical Archiver
2023-09-27 21:35 - 2023-09-27 21:35 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\help_images_otherUI
2023-09-27 21:35 - 2023-09-27 21:35 - 000000000 ____D C:\ProgramData\Dassault Systemes
2023-09-27 21:35 - 2023-09-27 21:35 - 000000000 _____ C:\Windows\eDrawingOfficeAutomator.INI
2023-09-27 21:34 - 2023-09-27 21:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOLIDWORKS Tools 2022
2023-09-27 21:34 - 2023-09-27 21:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOLIDWORKS 2022
2023-09-27 21:33 - 2023-09-27 21:57 - 000000000 ____D C:\ProgramData\SOLIDWORKS
2023-09-27 21:33 - 2023-09-27 21:38 - 000000000 ____D C:\ProgramData\regid.1995-09.com.solidworks
2023-09-27 21:33 - 2023-09-27 21:38 - 000000000 ____D C:\Program Files\SOLIDWORKS Corp
2023-09-27 21:33 - 2023-09-27 21:38 - 000000000 ____D C:\Program Files\Common Files\SOLIDWORKS Shared
2023-09-27 21:33 - 2023-09-27 21:33 - 000000000 ____D C:\Users\Public\Documents\SOLIDWORKS
2023-09-27 21:33 - 2023-09-27 21:33 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2023-09-27 21:32 - 2023-09-27 21:32 - 000000000 ____D C:\Windows\system32\RsFx
2023-09-27 21:32 - 2023-09-27 21:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2023-09-27 21:32 - 2023-09-27 21:32 - 000000000 ____D C:\Program Files\Microsoft Visual Studio 10.0
2023-09-27 21:32 - 2023-09-27 21:32 - 000000000 ____D C:\Program Files\Common Files\Macrovision Shared
2023-09-27 21:32 - 2023-09-27 21:32 - 000000000 ____D C:\Program Files (x86)\Windows Kits
2023-09-27 21:31 - 2023-09-27 21:32 - 000000000 ____D C:\Windows\SysWOW64\1033
2023-09-27 21:31 - 2023-09-27 21:32 - 000000000 ____D C:\Windows\system32\1033
2023-09-27 21:31 - 2023-09-27 21:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2019
2023-09-27 21:31 - 2023-09-27 21:32 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2023-09-27 21:31 - 2023-09-27 21:32 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2023-09-27 21:31 - 2023-09-27 21:31 - 000000000 ____D C:\ProgramData\Apple
2023-09-27 21:31 - 2023-09-27 21:31 - 000000000 ____D C:\Program Files\Bonjour
2023-09-27 21:31 - 2023-09-27 21:31 - 000000000 ____D C:\Program Files (x86)\Bonjour
2023-09-27 21:24 - 2023-09-27 21:35 - 000000000 ____D C:\ProgramData\SOLIDWORKS Electrical
2023-09-27 21:24 - 2023-09-27 21:34 - 000000000 ____D C:\SOLIDWORKS Data
2023-09-26 21:42 - 2023-10-03 17:29 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\SOLIDWORKS
2023-09-26 21:42 - 2023-09-27 21:30 - 000000000 ____D C:\Windows\SolidWorks
2023-09-26 21:42 - 2023-09-27 21:24 - 000000000 ____D C:\Users\Meltis\Documents\SOLIDWORKS Downloads
2023-09-26 20:23 - 2023-09-26 20:23 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2023-09-26 07:29 - 2023-09-26 07:29 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\Microsoft\Web Server Extensions
2023-09-26 01:36 - 2023-09-26 01:36 - 000000000 ____D C:\Users\Meltis\Documents\Custom Office Templates
2023-09-25 17:24 - 2023-09-25 17:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2023-09-25 17:24 - 2023-09-25 17:24 - 000000000 ____D C:\Program Files\LGHUB
2023-09-24 22:54 - 2023-09-24 22:54 - 000000000 ____D C:\Users\Meltis\AppData\Local\VALORANT
2023-09-11 23:20 - 2023-09-11 23:20 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\WinRAR
2023-09-11 21:20 - 2023-10-07 15:23 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2023-09-11 21:20 - 2023-10-06 23:23 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\Microsoft\Teams
2023-09-11 21:20 - 2023-10-06 16:01 - 000002373 _____ C:\Users\Meltis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-10-11 04:18 - 2023-09-04 11:51 - 000000000 ____D C:\Users\Meltis\AppData\Local\Discord
2023-10-11 04:17 - 2023-09-04 11:57 - 000000000 ____D C:\Program Files (x86)\Steam
2023-10-11 04:05 - 2023-09-04 06:32 - 000000000 ___SD C:\Users\Meltis\AppData\Roaming\Microsoft\Credentials
2023-10-11 03:43 - 2023-09-04 07:30 - 000000000 ____D C:\Program Files (x86)\Google
2023-10-11 03:43 - 2023-05-05 06:27 - 000000000 ____D C:\Windows\SystemTemp
2023-10-11 03:20 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-10-11 02:38 - 2023-09-04 06:28 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-10-11 01:30 - 2023-09-04 07:27 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\Microsoft\MMC
2023-10-11 01:25 - 2023-09-10 22:40 - 000576202 _____ C:\Windows\system32\perfh011.dat
2023-10-11 01:25 - 2023-09-10 22:40 - 000173282 _____ C:\Windows\system32\perfc011.dat
2023-10-11 01:25 - 2023-09-04 06:35 - 001706542 _____ C:\Windows\system32\PerfStringBackup.INI
2023-10-11 01:25 - 2019-12-07 03:13 - 000000000 ____D C:\Windows\INF
2023-10-11 01:20 - 2023-09-10 23:38 - 000000001 _____ C:\Windows\vgkbootstatus.dat
2023-10-11 01:18 - 2023-09-04 11:51 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\discord
2023-10-11 01:18 - 2023-09-04 06:35 - 000000000 ___RD C:\Users\Meltis\OneDrive
2023-10-11 01:18 - 2023-09-04 06:28 - 000840144 _____ C:\Windows\system32\AsusUpdateCheck.exe
2023-10-11 01:18 - 2023-09-04 06:28 - 000008192 ___SH C:\DumpStack.log.tmp
2023-10-11 01:18 - 2023-09-04 06:28 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-10-11 01:18 - 2023-09-03 16:34 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\asus_framework
2023-10-11 01:18 - 2023-09-03 16:32 - 000000000 ____D C:\ProgramData\NVIDIA
2023-10-11 01:17 - 2023-09-04 06:28 - 000891752 _____ () C:\Windows\system32\wpbbin.exe
2023-10-11 01:16 - 2019-12-07 03:03 - 000524288 _____ C:\Windows\system32\config\BBI
2023-10-11 00:50 - 2023-09-04 12:05 - 000000000 ____D C:\Users\Meltis\Desktop\Stuff
2023-10-10 18:38 - 2023-09-03 16:30 - 000000000 ____D C:\Program Files\ASUS
2023-10-10 18:14 - 2023-09-10 23:22 - 000000000 ____D C:\Program Files\Star Rail
2023-10-10 17:55 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\AppReadiness
2023-10-10 17:53 - 2023-09-10 23:24 - 000000000 ___RD C:\Users\Meltis\OneDrive - University of Calgary
2023-10-10 04:23 - 2023-09-04 12:09 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\NexonLauncher
2023-10-10 03:35 - 2019-12-07 03:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-10-09 13:50 - 2023-09-10 21:43 - 000000000 ____D C:\Users\Meltis\AppData\Local\HoYoverse
2023-10-09 13:44 - 2023-09-03 16:28 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-10-09 03:15 - 2023-09-10 22:50 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\vlc
2023-10-08 22:42 - 2023-09-04 06:33 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\Microsoft\Spelling
2023-10-08 03:28 - 2019-12-07 03:14 - 000000153 _____ C:\Windows\win.ini
2023-10-08 01:02 - 2023-09-04 06:32 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\Adobe
2023-10-07 23:53 - 2023-09-04 06:28 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-10-07 15:23 - 2023-09-04 06:32 - 000000000 ____D C:\Users\Meltis\AppData\Local\VirtualStore
2023-10-07 15:23 - 2023-09-04 06:28 - 001866688 _____ C:\Windows\system32\FNTCACHE.DAT
2023-10-07 15:18 - 2023-09-04 06:31 - 000000000 ____D C:\Users\Meltis
2023-10-07 13:49 - 2023-09-10 21:46 - 000000000 ____D C:\Users\Meltis\Desktop\School
2023-10-06 15:08 - 2023-09-10 23:06 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2023-10-06 15:08 - 2023-09-10 23:06 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-10-06 15:08 - 2023-09-03 16:39 - 000003596 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3320682118-2640290401-2509692745-1001
2023-10-06 15:06 - 2023-09-03 16:30 - 000000000 ____D C:\ProgramData\Package Cache
2023-10-06 14:49 - 2023-09-10 23:20 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\Microsoft\Word
2023-10-04 18:05 - 2023-09-04 06:28 - 000000000 ____D C:\Windows\system32\Drivers\wd
2023-10-04 17:54 - 2023-09-10 22:21 - 000000000 ____D C:\Program Files\Riot Vanguard
2023-10-03 23:56 - 2023-09-10 23:02 - 000000000 ____D C:\Program Files\Microsoft Office
2023-10-03 02:15 - 2023-09-10 21:42 - 000000000 ____D C:\Program Files\Genshin Impact
2023-10-01 16:40 - 2023-09-03 16:30 - 000000000 ____D C:\Users\Meltis\AppData\Local\D3DSCache
2023-09-27 22:17 - 2023-09-10 23:20 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\Microsoft\Office
2023-09-27 22:00 - 2023-09-03 16:30 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2023-09-27 21:32 - 2023-09-04 06:28 - 000000000 ____D C:\Windows\ServiceProfiles
2023-09-27 21:32 - 2019-12-07 03:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2023-09-26 22:14 - 2023-09-10 22:39 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\Microsoft\InputMethod
2023-09-26 19:56 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\Cursors
2023-09-26 01:36 - 2023-09-10 22:31 - 000000000 ____D C:\Users\Meltis\AppData\Local\LGHUB
2023-09-25 18:32 - 2023-09-10 23:20 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\Microsoft\UProof
2023-09-25 17:32 - 2023-09-10 22:31 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\G HUB
2023-09-25 17:31 - 2023-09-10 22:31 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\lghub
2023-09-24 23:28 - 2023-09-10 23:04 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2023-09-24 23:28 - 2023-09-10 23:04 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2023-09-24 23:28 - 2023-09-10 23:04 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2023-09-24 23:28 - 2023-09-10 23:04 - 000002414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2023-09-24 23:28 - 2023-09-10 23:04 - 000002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2023-09-24 23:28 - 2023-09-10 23:04 - 000002393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2023-09-24 23:28 - 2023-09-10 22:21 - 000000000 ____D C:\ProgramData\Riot Games
2023-09-24 23:28 - 2023-09-10 21:56 - 000001747 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk
2023-09-24 23:28 - 2023-09-06 17:48 - 000000016 _____ C:\ProgramData\mntemp
2023-09-24 23:28 - 2023-09-04 11:58 - 000002166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2023-09-24 22:54 - 2023-09-10 23:04 - 000002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2023-09-24 22:54 - 2023-09-10 22:21 - 000000000 ____D C:\Users\Meltis\AppData\Local\Riot Games
2023-09-24 13:23 - 2023-09-04 06:32 - 000000000 ____D C:\Users\Meltis\AppData\Local\Packages
2023-09-24 13:22 - 2023-09-04 06:32 - 000000000 ____D C:\ProgramData\Packages
2023-09-23 17:40 - 2023-09-04 06:32 - 000000000 __RHD C:\Users\Public\AccountPictures
2023-09-23 17:38 - 2023-09-04 07:30 - 000003790 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{B6E74B6A-F7EE-446B-96E5-0F2665CFDDF9}
2023-09-23 17:38 - 2023-09-04 07:30 - 000003666 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{DB4144DA-7501-4611-A5E6-0EE892CD924F}
2023-09-15 02:25 - 2019-12-07 03:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-09-15 00:18 - 2019-12-07 03:14 - 000000000 ___RD C:\Windows\PrintDialog
2023-09-15 00:18 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2023-09-15 00:18 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\SystemResources
2023-09-15 00:18 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2023-09-15 00:18 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\system32\oobe
2023-09-15 00:18 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\system32\appraiser
2023-09-15 00:18 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\ShellExperiences
2023-09-15 00:18 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2023-09-15 00:18 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\bcastdvr
2023-09-14 22:57 - 2019-12-07 03:03 - 000000000 ____D C:\Windows\CbsTemp
2023-09-14 22:55 - 2023-09-04 06:31 - 003014144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2023-09-14 22:52 - 2023-09-04 11:25 - 000000000 ____D C:\Windows\system32\MRT
2023-09-14 22:51 - 2023-09-04 11:25 - 177941912 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2023-09-11 23:19 - 2023-09-03 16:32 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2023-09-11 21:20 - 2023-09-04 11:51 - 000000000 ____D C:\Users\Meltis\AppData\Local\SquirrelTemp
2023-09-11 21:20 - 2023-09-04 11:36 - 000000000 ____D C:\Program Files (x86)\Razer

==================== Files in the root of some directories ========

2023-10-07 16:18 - 2023-10-07 16:18 - 000000769 _____ () C:\Users\Meltis\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2023
Ran by Meltis (11-10-2023 04:20:06)
Running from C:\Users\Meltis\Downloads
Microsoft Windows 10 Home Version 22H2 19045.3448 (X64) (2023-09-04 12:29:25)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3320682118-2640290401-2509692745-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3320682118-2640290401-2509692745-503 - Limited - Disabled)
Guest (S-1-5-21-3320682118-2640290401-2509692745-501 - Limited - Disabled)
Meltis (S-1-5-21-3320682118-2640290401-2509692745-1001 - Administrator - Enabled) => C:\Users\Meltis
WDAGUtilityAccount (S-1-5-21-3320682118-2640290401-2509692745-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DEXPERIENCE Marketplace for SOLIDWORKS (HKLM\...\{0060450C-5B44-424B-BD42-559F2A5D820A}) (Version: 6.31.4016 - Dassault Systemes SolidWorks Corp)
7-Zip 23.01 (x64) (HKLM\...\7-Zip) (Version: 23.01 - Igor Pavlov)
AniMe Matrix MB EN (HKLM\...\{399B6DA7-B609-426E-95F8-B9A83FB7D06E}) (Version: 1.0.1 - ASUS)
ARMOURY CRATE Lite Service (HKLM\...\{EF3944FF-2501-4568-B15C-5701E726719E}) (Version: 5.6.10 - ASUS)
ASUS AIOFan HAL (HKLM\...\{EAE80DED-1A39-41C5-9F60-87CC947F6454}) (Version: 1.2.7.0 - ASUSTek COMPUTER INC.) Hidden
ASUS AIOFan HAL (HKLM-x32\...\{3ffa1d70-3db5-45b0-b2f5-a03caabf1f59}) (Version: 1.2.7.0 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA Extension Card HAL (HKLM\...\{237E1CAC-1708-4940-AC34-DF15C079AB70}) (Version: 1.1.0.20 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Extension Card HAL (HKLM-x32\...\{49c4358d-054e-4cf1-9ec1-dca3487f304a}) (Version: 1.1.0.20 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Motherboard HAL (HKLM\...\{4EBEAC95-76BC-46A8-8644-6E2F1C87CF70}) (Version: 1.3.9.5 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Motherboard HAL (HKLM-x32\...\{a51a52ef-375e-4963-8736-c98fae7373c4}) (Version: 1.3.9.5 - ASUSTeK COMPUTER INC.) Hidden
ASUS Aura SDK (HKLM\...\{CF8E6E00-9C03-4440-81C0-21FACB921A6B}) (Version: 3.04.32 - ASUSTek COMPUTER INC.) Hidden
ASUS Framework Service (HKLM-x32\...\{339A6383-7862-46DA-8A9D-E84180EF9424}) (Version: 4.0.1.3 - ASUSTeK Computer Inc.)
ASUS Motherboard (HKLM-x32\...\{93795eb8-bd86-4d4d-ab27-ff80f9467b37}) (Version: 4.01.16 - ASUSTek Computer Inc.)
ASUS Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.107.103 - ASUSTeK Computer Inc.) Hidden
AURA DRAM Component (HKLM\...\{6FB66775-BB93-4D0A-9871-4CC9B2E87BF3}) (Version: 1.1.23 - ASUS) Hidden
AURA DRAM Component (HKLM-x32\...\{179f415f-2ff3-4db1-bcc1-d5730f746db8}) (Version: 1.1.23 - ASUS) Hidden
AURA lighting effect add-on (HKLM-x32\...\{1E2EA04B-FCA7-457E-B6F4-F33E1858E859}) (Version: 0.0.36 - ASUS)
AURA lighting effect add-on x64 (HKLM\...\{C5A4A164-4428-4931-B728-96EEF0FA3C44}) (Version: 0.0.36 - ASUS)
AURA Service (HKLM-x32\...\{56EEEF7D-0AE3-401A-898B-581719D005AE}) (Version: 3.07.17 - ASUSTeK Computer Inc.) Hidden
AURA Service (HKLM-x32\...\{be345e17-83f7-4b5f-b533-6f975b9a8180}) (Version: 3.07.17 - ASUSTeK Computer Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Browser for SQL Server 2019 (HKLM-x32\...\{5E366957-8D78-4BB5-A790-96F97A9766BD}) (Version: 15.0.2000.5 - Microsoft Corporation)
CLIP STUDIO 2.0.6 (HKLM-x32\...\{49274EB8-4598-47E6-8039-9BB7CE07627E}) (Version: 2.0.6 - CELSYS)
CLIP STUDIO PAINT 2.0.6 (HKLM-x32\...\{1E4572D2-28BC-4BC9-B743-13DC6CFD71DB}) (Version: 2.0.6 - CELSYS)
Corel Graphics - Windows Shell Extension (HKLM\...\_{4DC318F5-1640-4417-A218-912ED9905FAA}) (Version: 17.1.0.572 - Corel Corporation)
Corel Graphics - Windows Shell Extension (HKLM\...\{4DC318F5-1640-4417-A218-912ED9905FAA}) (Version: 17.1.572 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (HKLM\...\{3B4AE1A9-C026-4D08-8004-DA9A85A411A4}) (Version: 17.1.572 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (x64) (HKLM\...\{EF44BCCD-13F9-4974-862C-CCFAF43EE082}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM T (x64) (HKLM\...\{13179AB2-69FD-459B-800F-81865A501AD4}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (x64) (HKLM\...\{D63404AC-C2F1-4B3D-96EA-9727AC9D994C}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.1.0.572 - Corel Corporation)
Discord (HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\Discord) (Version: 1.0.9016 - Discord Inc.)
Docs (HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\0466baf74d06619d400b14f5a47a2666) (Version: 1.0 - Google\Chrome)
Docs (HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\c12bd7c3b812fcf14e8b345ea6b7eb14) (Version: 1.0 - Google\Chrome)
Docs (HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\e9dc0c2bac37cca7a7f9b1cfddd1fefb) (Version: 1.0 - Google\Chrome)
ENE RGB HAL (HKLM\...\{E050E98C-5524-4AFB-9E53-97700BEF2C02}) (Version: 1.1.43.1 - Ene Tech.) Hidden
ENE RGB HAL (HKLM-x32\...\{eb2aaa1d-e416-485a-b3a3-312289fbb33d}) (Version: 1.1.43.1 - Ene Tech.) Hidden
ENE_EHD_M2_HAL (HKLM\...\{37A48B7F-D4EA-4863-844E-A284E2AA3C5D}) (Version: 1.0.10.3 - ENE TECHNOLOGY INC.) Hidden
ENE_EHD_M2_HAL (HKLM-x32\...\{79e8502b-eaf7-4831-b53d-2da128540d16}) (Version: 1.0.10.3 - ENE TECHNOLOGY INC.) Hidden
Equalizer APO (HKLM\...\EqualizerAPO) (Version: 1.3 - )
GameSDK Service (HKLM-x32\...\{021d69c3-d686-4a94-8fb5-fd1ee782fb14}) (Version: 1.0.5.0 - ASUSTek COMPUTER INC.)
GameSDK Service (HKLM-x32\...\{7160DA8D-3F25-4F6E-ABC8-F693551D82FA}) (Version: 1.0.5.0 - ASUSTek COMPUTER INC.) Hidden
Genshin Impact (HKLM\...\Genshin Impact) (Version: 2.29.0.1 - COGNOSPHERE PTE. LTD.)
Gmail (HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\33ccc2a829a5135751f02db5d5a2651d) (Version: 1.0 - Google\Chrome)
Gmail (HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\4da2a2a59d63f4e919596d123b83840b) (Version: 1.0 - Google\Chrome)
Gmail (HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\56b68f2530fd56e806d8aec415d9736d) (Version: 1.0 - Google\Chrome)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 117.0.5938.150 - Google LLC)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 81.0.5.0 - Google LLC)
Google Drive (HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\4a30e48e747a2b2dfc9355ae73f6109e) (Version: 1.0 - Google\Chrome)
Google Drive (HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\4beab8c92841602ed485b55ea5153bc2) (Version: 1.0 - Google\Chrome)
Google Drive (HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\eafed3534a9e7930f3055bf7a93b005d) (Version: 1.0 - Google\Chrome)
Inkscape (HKLM\...\{2C69A8D5-2E44-4F99-BD5E-08536B52F1DA}) (Version: 1.3.0 - Inkscape)
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Kingston AURA DRAM Component (HKLM\...\{965CDF5F-901C-476F-B3A8-7396701B1129}) (Version: 1.1.19 - KINGSTON COMPONENTS INC.) Hidden
Kingston AURA DRAM Component (HKLM-x32\...\{33f6b854-2612-4216-ac10-ab6bf158ce06}) (Version: 1.1.19 - KINGSTON COMPONENTS INC.) Hidden
Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: 2023.8.459147 - Logitech)
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.16827.20130 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 117.0.2045.60 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 117.0.2045.60 - Microsoft Corporation)
Microsoft ODBC Driver 17 for SQL Server (HKLM\...\{787F8536-654C-4DD4-AD3F-22B529F8F339}) (Version: 17.4.0.1 - Microsoft Corporation)
Microsoft OLE DB Driver for SQL Server (HKLM\...\{9AA0AFFA-EDB6-4B66-9FD7-BBC828D88B47}) (Version: 18.2.3.0 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 23.199.0924.0001 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{9D93D367-A2CC-4378-BD63-79EF3FE76C78}) (Version: 11.4.7462.6 - Microsoft Corporation)
Microsoft SQL Server 2019 (64-bit) (HKLM\...\Microsoft SQL Server SQL2019) (Version: - Microsoft Corporation)
Microsoft SQL Server 2019 RsFx Driver (HKLM\...\{5825CDC4-4E99-4CF9-91FE-DB60C0E2F5EA}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
Microsoft SQL Server 2019 Setup (English) (HKLM\...\{17DCED0E-5B27-453A-B2B4-E487B869B28A}) (Version: 15.0.4013.40 - Microsoft Corporation)
Microsoft SQL Server 2019 T-SQL Language Service (HKLM\...\{31D27B41-A051-49D8-907A-62E0F4A2188C}) (Version: 15.0.2000.5 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\Teams) (Version: 1.6.00.26474 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{2953E19B-9F91-4A49-A23B-7E25970A1951}) (Version: 3.73.0.0 - Microsoft Corporation)
Microsoft Visual Basic for Applications 7.1 (x64) (HKLM\...\{07C0BFE1-3291-409C-B96A-797340719C8F}) (Version: 7.1.10.96 - Microsoft Corporation) Hidden
Microsoft Visual Basic for Applications 7.1 (x64) English (HKLM\...\{826216B1-0F04-409B-A33E-C6A004AA1097}) (Version: 7.1.10.96 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.30.30704 (HKLM-x32\...\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}) (Version: 14.30.30704.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.30.30704 (HKLM-x32\...\{4d8dcf8c-a72a-43e1-9833-c12724db736e}) (Version: 14.30.30704.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.30.30704 (HKLM\...\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}) (Version: 14.30.30704 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.30.30704 (HKLM\...\{662A0088-6FCD-45DD-9EA7-68674058AED5}) (Version: 14.30.30704 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.30.30704 (HKLM-x32\...\{BF08E976-B92E-4336-B56F-2171179476C4}) (Version: 14.30.30704 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.30.30704 (HKLM-x32\...\{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}) (Version: 14.30.30704 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 Finalizer (HKLM-x32\...\{5950473A-825B-3019-AF86-55F2F9A95FCB}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - Module linguistique Français (HKLM\...\{BA14C6F7-A633-3E88-831B-FCC197A5A17D}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - DEU-Sprachpaket (HKLM\...\{36B98E65-CA52-348C-9ED7-77B926A16C2D}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - Language Pack ITA (HKLM\...\{73A36613-1F8F-3D94-B28A-4CC0E3CAECB5}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - Paquete de idioma ESN (HKLM\...\{DDDF762A-2D1D-36A3-9B70-70BD62B4EDCF}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - 한국어 언어 팩 (HKLM\...\{2F884A17-E051-3DB7-B093-6274C98740F6}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - 日本語 Language Pack (HKLM\...\{73A64813-E631-3807-8E78-BA679EDA09A8}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support (HKLM\...\{5707EC26-AA9F-32C6-B7C1-347A3482CEC0}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 主控支援 - 繁體中文語言套件 (HKLM\...\{FB501A6E-CA6D-36DA-8860-17F0E6D89155}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 托管支持 - 简体中文语言包 (HKLM\...\{CD56C9B9-FB98-372B-8BC7-FDA312CD2511}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - DEU-Sprachpaket (HKLM-x32\...\{CAAC553D-EE02-32D2-9F7E-FBC5C22E4C08}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - Language Pack ITA (HKLM-x32\...\{B8FD8F53-7E58-3DE5-A8FC-CB2B5CCF38CE}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - Module linguistique Français (HKLM-x32\...\{3371699A-C1EF-3AC3-B094-D338191FA6E9}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - Paquete de idioma ESN (HKLM-x32\...\{A3EB1DE3-9D3F-34C2-BDE6-5A8A4B98CC37}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - 한국어 언어 팩 (HKLM-x32\...\{955E1388-E1F1-320A-A018-24616ED60F95}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - 日本語 Language Pack (HKLM-x32\...\{859C7535-6862-3867-B97E-816795E8AB65}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support (HKLM-x32\...\{CF06B8C4-F6FC-3A4B-ADD0-04A1CAC3DD86}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 主控支援 - 繁體中文語言套件 (HKLM-x32\...\{0FE6DE07-8CBA-3F73-86B4-51B91E506D24}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 托管支持 - 简体中文语言包 (HKLM-x32\...\{7259BDDA-D888-309D-ADE1-84AA0CB24FE9}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{ab213ab7-4792-4c6f-a3fa-8485d06c3475}) (Version: 14.0.23829 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 Finalizer (HKLM-x32\...\{F93E37BD-4053-37CA-A7BB-A5B74508006C}) (Version: 14.0.23829 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2015 x64 Hosting Support (HKLM\...\{A8C30947-7C1B-3A31-8FD8-CEC6D3357D34}) (Version: 14.0.23829 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2015 x86 Hosting Support (HKLM-x32\...\{11A9EF3E-6616-31B1-82BC-1080366FA34D}) (Version: 14.0.23829 - Microsoft Corporation) Hidden
Microsoft VSS Writer for SQL Server 2019 (HKLM\...\{2C33F4D4-E9A5-4DE1-ACFE-3A13464E6703}) (Version: 15.0.2000.5 - Microsoft Corporation)
Mozilla Firefox (x64 en-CA) (HKLM\...\Mozilla Firefox 118.0.2 (x64 en-CA)) (Version: 118.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 118.0.1 - Mozilla)
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 2.1.0 - Nexon)
NVIDIA Graphics Driver 536.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 536.23 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16827.20130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16827.20130 - Microsoft Corporation) Hidden
osu! (HKLM-x32\...\{c708e25e-b165-4f68-8a83-12a3bfbbc79b}) (Version: latest - ppy Pty Ltd)
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (HKLM\...\{E237254B-36A1-3D27-815E-B37C13BE0796}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM-x32\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Patriot Viper DRAM RGB (HKLM\...\{1F9C282E-CCB4-4D8E-A5CB-7B74DFCD8C95}) (Version: 1.0.9.7 - Patriot Memory) Hidden
Patriot Viper DRAM RGB (HKLM-x32\...\{1d74a898-7a92-484d-8f3b-e3b68dfb1264}) (Version: 1.0.9.7 - Patriot Memory) Hidden
Patriot Viper M2 SSD RGB (HKLM\...\{8B4C0A3D-C135-4E1F-98D8-3926494B4D61}) (Version: 1.1.0.3 - Patriot Memory) Hidden
Patriot Viper M2 SSD RGB (HKLM-x32\...\{6e0eff60-c502-43bb-8f56-360ca07e73d9}) (Version: 1.1.0.3 - Patriot Memory) Hidden
PHISON HAL (HKLM\...\{966E33F0-6786-4B38-AA29-C1B3F6C1955D}) (Version: 1.0.9.0 - PHISON Electronics Corp.) Hidden
PHISON HAL (HKLM-x32\...\{549da357-1b81-456b-83f2-dcc47c41dfff}) (Version: 1.0.9.0 - PHISON Electronics Corp.) Hidden
qBittorrent (HKLM-x32\...\qBittorrent) (Version: 4.5.5 - The qBittorrent project)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.5.18 - Rainmeter)
Riot Client (HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\Riot Game Riot_Client.) (Version: - Riot Games, Inc)
Riot Vanguard (HKLM\...\Riot Vanguard) (Version: - Riot Games, Inc.)
Roblox Player for Meltis (HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\roblox-player) (Version: - Roblox Corporation)
ROG FAN XPERT 4 (HKLM-x32\...\{2dfe216d-3481-4684-ad4d-2566bd7cfe4f}) (Version: 4.01.10 - ASUSTek Computer Inc.)
ROG Live Service (HKLM\...\{2D87BFB6-C184-4A59-9BBE-3E20CE797631}) (Version: 2.1.5.0 - ASUSTek COMPUTER INC.)
ROGFontInstaller (HKLM\...\{605108C1-153E-43D8-8A67-7CE326B00ECA}) (Version: 1.0.0 - ASUS)
Sheets (HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\2d4bb304b2557e752a27ff26deb2e090) (Version: 1.0 - Google\Chrome)
Sheets (HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\6d6a52a80125537a865af9f393d0c833) (Version: 1.0 - Google\Chrome)
Sheets (HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\796796b7f19b16ce88becb6800a103fe) (Version: 1.0 - Google\Chrome)
Slides (HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\215d2d7718f391979e46ec64e7ff6efe) (Version: 1.0 - Google\Chrome)
Slides (HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\3dc1b461e1dcb8b5af90a269ae4a6152) (Version: 1.0 - Google\Chrome)
Slides (HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\ef4f2b6261b56f8ea99fde1d6c5772de) (Version: 1.0 - Google\Chrome)
SOLIDWORKS 2022 SP03.1 (HKLM\...\{26EA0056-4BAD-4F9E-BDCE-A72E25C7D06D}) (Version: 30.131.0002 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS 2022 SP03.1 (HKLM-x32\...\SolidWorks Installation Manager 20220-40301-1100-100) (Version: 30.3.1.2 - SolidWorks Corporation)
SOLIDWORKS CAM 2022 SP03.1 (HKLM\...\{46053718-2931-47EA-B678-6DF08370F2D4}) (Version: 30.31.0002 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS Composer 2022 SP03.1 (HKLM\...\{273E0863-61E6-4E82-A2FF-D28DB44D6471}) (Version: 30.31.0002 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS eDrawings 2022 SP03.1 (HKLM\...\{08A73D4E-3FD0-4242-B08F-A41D8969C5B4}) (Version: 30.30.0022 - Dassault Systèmes SolidWorks Corp) Hidden
SOLIDWORKS Electrical 2022 SP03.1 (HKLM\...\{6D7DBADA-7845-419A-BC99-6E5EE8DB01ED}) (Version: 30.31.0002 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS Flow Simulation 2022 SP03.1 (HKLM\...\{A9F14961-697D-455C-B48B-FCE9E22664A5}) (Version: 30.31.0003 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS Plastics 2022 SP03.1 (HKLM\...\{770F37F3-8897-4C37-B7F2-B1AA5FC825C7}) (Version: 30.31.0002 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS Visualize 2022 SP03.1 (HKLM\...\{54DF002F-CDCE-40B2-8E2A-E294333EE6EB}) (Version: 30.31.0002 - Dassault Systemes SolidWorks Corp) Hidden
SQL Server 2019 Batch Parser (HKLM\...\{D459615B-83B0-408F-8F39-6CC07C277BA6}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 Common Files (HKLM\...\{0FB552DD-543E-48E7-A6F4-2F8D82723C6A}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 Common Files (HKLM\...\{5E4344C9-8B97-4ED9-8760-57E221C240F4}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 Connection Info (HKLM\...\{99B940D5-1A49-4B6C-B26C-6A88B2C061CA}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 Connection Info (HKLM\...\{FD730873-33D1-4D1F-9AE0-E259586F8827}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 Database Engine Services (HKLM\...\{A60B3D8E-5311-4BF1-AF7A-D1AC15F9152E}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 Database Engine Services (HKLM\...\{E3E84B2C-FCF6-469F-9FE7-5E8934DB69AD}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 Database Engine Shared (HKLM\...\{619F0B6C-C802-422A-B4E5-294E61F68473}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 Database Engine Shared (HKLM\...\{DE5B7937-D5B5-4157-BC30-BB87F021CFF0}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 DMF (HKLM\...\{814D5077-C93F-42E2-B875-717007C186B9}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 DMF (HKLM\...\{FC8DC283-4A85-467F-8D0E-2FE4606DCCA1}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 Shared Management Objects (HKLM\...\{6213D6CB-D258-47A3-B1A0-EE1E5C080DCF}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 Shared Management Objects (HKLM\...\{A8581199-F913-443B-B058-8E8BF317E71C}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 Shared Management Objects Extensions (HKLM\...\{8DDAEBCA-4267-4E16-9FE0-D87F21D36891}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 Shared Management Objects Extensions (HKLM\...\{C7E6D4B7-CB10-4239-BA04-D9339B39D0BD}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 SQL Diagnostics (HKLM\...\{28ED6838-D8E5-454C-A813-12C5EB447CAB}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 XEvent (HKLM\...\{2129312E-5204-4F3A-9039-B6D34DBB00FB}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 XEvent (HKLM\...\{228C3DC2-695E-4FC7-87E4-6A9CE905DA9B}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
Star Rail (HKLM\...\Star Rail) (Version: 2.29.1.0 - COGNOSPHERE PTE. LTD.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.6.0.18681 - Microsoft Corporation)
Universal Holtek RGB DRAM (HKLM\...\{826388E4-E31F-4514-948B-3BB954FB3EAF}) (Version: 1.0.0.6 - PD) Hidden
Universal Holtek RGB DRAM (HKLM-x32\...\{82f9b0cd-20fe-4ed6-a632-ef6daefb3c0d}) (Version: 1.0.0.6 - PD) Hidden
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation)
VALORANT (HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\Riot Game valorant.live) (Version: - Riot Games, Inc)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.18 - VideoLAN)
WD_BLACK AN1500 (HKLM\...\{085E2365-0A70-4230-B664-02D5E4FE7E9C}) (Version: 1.0.14.0 - ENE TECHNOLOGY INC.) Hidden
WD_BLACK AN1500 (HKLM-x32\...\{e42c5874-37b0-4977-9e8d-70bf006e1f76}) (Version: 1.0.14.0 - ENE TECHNOLOGY INC.) Hidden
WinRAR 6.23 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.23.0 - win.rar GmbH)
WPTx64 (HKLM-x32\...\{0B2C58EB-67A2-225B-60B2-D1990E55DD33}) (Version: 8.100.26866 - Microsoft)
YouTube (HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\05b5eb0b1aaf7c60ba6e0b35697c226f) (Version: 1.0 - Google\Chrome)
YouTube (HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\81fc5300d37886d25f1a18a2fa4b12ab) (Version: 1.0 - Google\Chrome)
YouTube (HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\dbaef59c09478828575b963221f503a5) (Version: 1.0 - Google\Chrome)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (HKLM\...\{25FB53C5-BE4C-3B6C-A0C9-D49A39227E1E}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden

Packages:
=========
ARMOURY CRATE -> C:\Program Files\WindowsApps\B9ECED6F.ArmouryCrate_5.6.10.0_x64__qmba6cd70vzyy [2023-09-03] (ASUSTeK COMPUTER INC.)
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-09-06] (Microsoft Corporation)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-09-03] (NVIDIA Corp.)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.17.10050.0_x64__8wekyb3d8bbwe [2023-10-10] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0 [2023-09-30] (Spotify AB) [Startup Task]
Windows Package Manager Source (winget) -> C:\Program Files\WindowsApps\Microsoft.Winget.Source_2023.930.722.582_neutral__8wekyb3d8bbwe [2023-09-30] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3320682118-2640290401-2509692745-1001_Classes\CLSID\{04271989-C4D2-ECB1-D5D0-4110DBD6A6A3} -> [OneDrive - University of Calgary] => C:\Users\Meltis\OneDrive - University of Calgary [2023-09-10 23:24]
CustomCLSID: HKU\S-1-5-21-3320682118-2640290401-2509692745-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Meltis\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.23241.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3320682118-2640290401-2509692745-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\Meltis\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Meltis\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Meltis\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Meltis\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.199.0924.0001\FileSyncShell64.dll [2023-10-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.199.0924.0001\FileSyncShell64.dll [2023-10-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.199.0924.0001\FileSyncShell64.dll [2023-10-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.199.0924.0001\FileSyncShell64.dll [2023-10-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.199.0924.0001\FileSyncShell64.dll [2023-10-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.199.0924.0001\FileSyncShell64.dll [2023-10-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.199.0924.0001\FileSyncShell64.dll [2023-10-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\81.0.5.0\drivefsext.dll [2023-09-23] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\81.0.5.0\drivefsext.dll [2023-09-23] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\81.0.5.0\drivefsext.dll [2023-09-23] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\81.0.5.0\drivefsext.dll [2023-09-23] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.199.0924.0001\FileSyncShell64.dll [2023-10-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.199.0924.0001\FileSyncShell64.dll [2023-10-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.199.0924.0001\FileSyncShell64.dll [2023-10-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.199.0924.0001\FileSyncShell64.dll [2023-10-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.199.0924.0001\FileSyncShell64.dll [2023-10-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.199.0924.0001\FileSyncShell64.dll [2023-10-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.199.0924.0001\FileSyncShell64.dll [2023-10-06] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.199.0924.0001\FileSyncShell64.dll [2023-10-06] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\81.0.5.0\drivefsext.dll [2023-09-23] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Meltis\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2023-08-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2023-08-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Meltis\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Meltis\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.199.0924.0001\FileSyncShell64.dll [2023-10-06] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\81.0.5.0\drivefsext.dll [2023-09-23] (Google LLC -> Google, Inc.)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Meltis\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.199.0924.0001\FileSyncShell64.dll [2023-10-06] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\81.0.5.0\drivefsext.dll [2023-09-23] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_7e5fd280efaa5445\nvshext.dll [2023-06-21] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2023-08-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2023-08-01] (win.rar GmbH -> Alexander Roshal)
FolderExtensions: [] -> {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} => C:\Users\Meltis\Desktop\Stuff\OldNewExplorer\OldNewExplorer64.dll [2023-09-04] (www.startisback.com) [File not signed]

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Meltis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 4" --app-id=mpnpojknpmmopombnjdcgaaiekajbnjb
ShortcutWithArgument: C:\Users\Meltis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 4" --app-id=fmgjjmmmlfnkbppncabfkddbjimcfncm
ShortcutWithArgument: C:\Users\Meltis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 4" --app-id=aghbiahbpaijignceidepookljebhfak
ShortcutWithArgument: C:\Users\Meltis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 4" --app-id=fhihpiojkbmbpdjeoajapmgkhlnakfjf
ShortcutWithArgument: C:\Users\Meltis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 4" --app-id=kefjledonklijopmnomlcbpllchaibag
ShortcutWithArgument: C:\Users\Meltis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 4" --app-id=agimnkijcaahngcdmfeangaknmldooml
ShortcutWithArgument: C:\Users\Meltis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\48499db33039e897\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 4"

==================== Loaded Modules (Whitelisted) =============

2023-09-03 16:30 - 2023-07-19 19:31 - 000322048 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\resources\app.asar.unpacked\node_modules\ac_node_addon\build\Release\ac_node_addon.node
2023-09-03 16:30 - 2023-07-17 16:37 - 000175616 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\resources\app.asar.unpacked\node_modules\ffi-napi\build\Release\ffi_bindings.node
2023-09-03 16:30 - 2023-04-14 14:18 - 000159744 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\resources\app.asar.unpacked\node_modules\ref-napi\prebuilds\win32-ia32\electron.napi.node
2023-09-03 16:30 - 2023-04-14 14:18 - 000319488 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\resources\app.asar.unpacked\node_modules\sharp\build\Release\sharp-win32-ia32.node
2023-09-03 16:30 - 2023-04-26 16:06 - 000541696 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\resources\app.asar.unpacked\node_modules\usb\prebuilds\win32-ia32\node.napi.node
2022-05-22 12:57 - 2022-05-22 12:57 - 000613376 _____ () [File not signed] C:\Program Files\EqualizerAPO\EqualizerAPO.dll
2016-07-30 15:42 - 2016-07-30 15:42 - 002772692 _____ () [File not signed] C:\Program Files\EqualizerAPO\libfftw3f-3.dll
2017-04-02 11:01 - 2017-04-02 11:01 - 001748992 _____ () [File not signed] C:\Program Files\EqualizerAPO\libsndfile-1.dll
2023-10-07 16:59 - 2023-06-20 02:00 - 000101376 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2019-09-23 23:51 - 2023-09-04 12:05 - 000255488 _____ (www.startisback.com) [File not signed] C:\Users\Meltis\Desktop\Stuff\OldNewExplorer\OldNewExplorer32.dll
2019-09-23 23:51 - 2023-09-04 12:05 - 000261632 _____ (www.startisback.com) [File not signed] C:\Users\Meltis\Desktop\Stuff\OldNewExplorer\OldNewExplorer64.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\mntemp:8EAD8B3507 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk:A1B76439FE [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk:B96E9B8455 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk:E076B612B9 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk:60EC9648C0 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk:1DC1525F34 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk:104946E0EA [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk:1219A9EFD8 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk:7D9589121D [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk:7AD7FA8AB1 [3442]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: No Name -> {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} -> C:\Users\Meltis\Desktop\Stuff\OldNewExplorer\OldNewExplorer64.dll [2023-09-04] (www.startisback.com) [File not signed]
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2023-10-03] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: No Name -> {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} -> C:\Users\Meltis\Desktop\Stuff\OldNewExplorer\OldNewExplorer32.dll [2023-09-04] (www.startisback.com) [File not signed]
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-10-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-10-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-10-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-10-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-10-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-10-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-10-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-10-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-10-03] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\sharepoint.com -> hxxps://uofc-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 03:14 - 2019-12-07 03:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %C_EM64T_REDIST11%bin\Intel64;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\170\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\150\Tools\Binn\;C:\Program Files\Microsoft SQL Server\150\Tools\Binn\;C:\Program Files\Microsoft SQL Server\150\DTS\Binn\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\
HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\Control Panel\Desktop\\Wallpaper -> c:\users\meltis\pictures\anime style\vtubers\hololive\nakiri ayame\membership\2023_0519.png
HKU\S-1-5-80-2079297812-3395903788-2019235919-340588434-3960611093\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C0F3A669-B24B-488A-ADED-33645BC965B0}] => (Allow) C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
FirewallRules: [{7062EBAC-CF6C-46F1-B561-5D08BD88DAD9}] => (Allow) C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
FirewallRules: [{91288F00-0D4B-4188-AAA2-D495586B4343}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
FirewallRules: [{EE4318E9-BBBF-44CF-9634-67473DF393D4}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe (ASUSTeK COMPUTER INC. -> ASUS)
FirewallRules: [{B65BD5C3-2B31-4630-8CDE-56F936ED73B7}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmouryHtmlDebugServer.exe (ASUSTeK COMPUTER INC. -> ASUS)
FirewallRules: [{DC46CEC8-118E-4E4B-8D8B-07B1F201471E}] => (Allow) C:\Users\Meltis\AppData\Local\Packages\B9ECED6F.ArmouryCrate_qmba6cd70vzyy\LocalState\GridUpdateFile\ASUSGCDriverUpdateClient.exe (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.)
FirewallRules: [{5C00F3AB-24FF-4502-8733-F0B90969BEF8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{DBB8D2FA-2A13-4258-A2A0-667780B02C46}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{31E8E6D0-D810-4E70-98C5-4ED3E6D7107A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{5505AB19-6C1C-4A34-BF15-E766F343E1E3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{5E3CAC6D-9906-451E-8441-A4D85FAF977E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed]
FirewallRules: [{73AB2B2D-3EE9-4B18-A729-B4D8FB908B1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed]
FirewallRules: [{2BA4C6D5-BE6D-4C66-90B5-6DD324A54894}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dungeon Defenders 2\DunDef2\Binaries\Win64\DunDefGame.exe (Trendy Entertainment LLC) [File not signed]
FirewallRules: [{854E1545-4F94-4C31-8CAB-B0A8DFA077F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dungeon Defenders 2\DunDef2\Binaries\Win64\DunDefGame.exe (Trendy Entertainment LLC) [File not signed]
FirewallRules: [{4C66638C-1C04-46B6-A665-69A086161D7F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{627FDCF6-2933-4173-8165-7353C5A6587D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{27A9EF4D-6A08-42B4-B5E1-8D7C6C05BC9C}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{07AA5715-CE93-4EE2-B915-6AC4D4289EF3}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3B09BD80-B8A1-41CA-80DD-890B14D51100}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7F9599E3-80D6-40E1-BC9A-89CC2933E84A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{71510C03-1734-4C53-9375-2334A9B5D04F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{12BD1567-7626-4C0A-A64E-C15A9BBE42A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan -> )
FirewallRules: [{6EEDEB58-B04F-4BE0-939D-51F80706FE96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan -> )
FirewallRules: [TCP Query User{F255177B-5D0B-44CF-808B-C26505640564}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{D41FB1EA-BCAD-4CE2-96A3-091CA5003A17}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{E4E510E8-48DC-4B99-AE4A-3B3C7F9AA177}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CC226945-2BCB-4FFC-93D1-CC85F15BD170}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DAE8D39E-6E3F-48B6-B173-1E13C2734216}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DEA3E15D-7EA1-4EF4-9F87-24D1D58573ED}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B0846F16-E750-4E29-860C-859D1F4C0451}] => (Allow) LPort=8030
FirewallRules: [{2A20E798-C431-4927-96FE-15C28986D044}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HoloCure\HoloCure.exe () [File not signed]
FirewallRules: [{10AA87C8-77A9-430B-8781-E64F0D2E28D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HoloCure\HoloCure.exe () [File not signed]
FirewallRules: [{6FAA2B1E-498C-4741-B2F7-B2D1DC08AF90}] => (Allow) LPort=8030
FirewallRules: [{1C8EA57A-7A91-4B16-A938-B14EC4B39BD4}] => (Allow) LPort=8030
FirewallRules: [TCP Query User{D5256636-F4C7-4BAC-AD69-891446B2DA61}C:\users\meltis\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\meltis\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{DFF85CC0-9BA3-4A8D-A314-B40D7D4CFBBD}C:\users\meltis\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\meltis\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A85B89B1-D000-4CF1-B090-33F4460998AA}] => (Allow) LPort=8030
FirewallRules: [{8AFEF52D-64B9-4CB3-A082-C23E69CA85ED}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{61F09F1E-B319-4540-90DA-FD25BD7F52D7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{664A0446-BC06-47F6-9B71-037A363208CF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{F4F16A36-80D4-4F6A-8495-183FCD7802B8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{81C18414-652B-429A-9BF9-3520D9E7F9CF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{9F9EF9A3-D369-4F98-9F08-A45B2431AE71}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{EB7A8B2B-FFDE-4437-8AAD-796C7977FE58}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{0A030F64-6249-4DC8-BFA5-59920864A821}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{4226130B-7B6D-483E-B08D-F3D0E9DC5D3B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{729C6F92-2629-4E82-80A6-3F141BC07574}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{B4E121E5-39F2-4605-A8AB-084093E50521}] => (Allow) LPort=8030
FirewallRules: [{F8DA988C-10BC-4EB2-BDDA-14111E443E02}] => (Allow) LPort=8030
FirewallRules: [{AB7BB464-C1F1-42A3-B2C1-E90265864FAD}] => (Allow) LPort=8030
FirewallRules: [TCP Query User{FB98E7D9-3719-463E-84AB-D46781C62211}C:\users\meltis\desktop\stuff\games\mage kanade's futanari dungeon quest\mage kanades futanari dungeon quest.exe] => (Allow) C:\users\meltis\desktop\stuff\games\mage kanade's futanari dungeon quest\mage kanades futanari dungeon quest.exe => No File
FirewallRules: [UDP Query User{B47A71D9-2571-4DF7-BA9F-A7C5C48B98F6}C:\users\meltis\desktop\stuff\games\mage kanade's futanari dungeon quest\mage kanades futanari dungeon quest.exe] => (Allow) C:\users\meltis\desktop\stuff\games\mage kanade's futanari dungeon quest\mage kanades futanari dungeon quest.exe => No File
FirewallRules: [TCP Query User{B029142A-C652-4E95-86B9-97610FDF3EB1}C:\users\meltis\desktop\stuff\games\mage kanade's futanari dungeon quest 1\mage kanades futanari dungeon quest.exe] => (Allow) C:\users\meltis\desktop\stuff\games\mage kanade's futanari dungeon quest 1\mage kanades futanari dungeon quest.exe () [File not signed]
FirewallRules: [UDP Query User{DA759ED1-706C-4598-98D4-43B0FECD361C}C:\users\meltis\desktop\stuff\games\mage kanade's futanari dungeon quest 1\mage kanades futanari dungeon quest.exe] => (Allow) C:\users\meltis\desktop\stuff\games\mage kanade's futanari dungeon quest 1\mage kanades futanari dungeon quest.exe () [File not signed]
FirewallRules: [TCP Query User{C4AC2191-859E-4FBB-8670-7978CFE85589}C:\users\meltis\desktop\stuff\games\league mods\mage kanade's futanari dungeon quest\mage kanades futanari dungeon quest.exe] => (Allow) C:\users\meltis\desktop\stuff\games\league mods\mage kanade's futanari dungeon quest\mage kanades futanari dungeon quest.exe => No File
FirewallRules: [UDP Query User{53F8F696-1CB0-4273-B1CF-BD6774E50390}C:\users\meltis\desktop\stuff\games\league mods\mage kanade's futanari dungeon quest\mage kanades futanari dungeon quest.exe] => (Allow) C:\users\meltis\desktop\stuff\games\league mods\mage kanade's futanari dungeon quest\mage kanades futanari dungeon quest.exe => No File
FirewallRules: [{A4E55D46-12B8-42D9-8B84-168AAF884451}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDrw.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{6AB796DB-527B-4647-AE38-C7E810B823C3}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelPP.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{8B917C4E-9D0F-4FE4-BF94-8D3A1E88ECEE}] => (Allow) C:\Program Files (x86)\ULS\UCP\IP2LIB32\OpenLf.exe => No File
FirewallRules: [{3C9D6A11-003A-471D-90F6-A4BB0EAE112D}] => (Allow) C:\Program Files (x86)\ULS\UCP\IP2LIB32\OpenLf.exe => No File
FirewallRules: [{950DE061-B338-4F10-96A3-DA3709D20A44}] => (Allow) LPort=8030
FirewallRules: [TCP Query User{945E7DCD-DCC7-4E3D-A0F4-5282FB51653A}C:\users\meltis\desktop\stuff\games\koikatsu\[utility] kkmanager\kkmanager.exe] => (Allow) C:\users\meltis\desktop\stuff\games\koikatsu\[utility] kkmanager\kkmanager.exe => No File
FirewallRules: [UDP Query User{04F8DF34-9785-403D-8435-C213EF5A1295}C:\users\meltis\desktop\stuff\games\koikatsu\[utility] kkmanager\kkmanager.exe] => (Allow) C:\users\meltis\desktop\stuff\games\koikatsu\[utility] kkmanager\kkmanager.exe => No File
FirewallRules: [{D074C9CD-2895-4EBA-AC39-BD67EE24A5C7}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{7A5A0DA5-B365-4C05-9855-EBABB39F1D95}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [TCP Query User{CD3A7BE3-6496-4645-8B25-D09B21402EBB}C:\program files (x86)\steam\steamapps\common\wallpaper_engine\bin\ui32.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\wallpaper_engine\bin\ui32.exe (Skutta, Kristjan -> )
FirewallRules: [UDP Query User{691C0831-E3CA-4C2C-999E-C9C3784EFB04}C:\program files (x86)\steam\steamapps\common\wallpaper_engine\bin\ui32.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\wallpaper_engine\bin\ui32.exe (Skutta, Kristjan -> )
FirewallRules: [{91BAA658-78C1-4736-92BD-F9D9B848A431}] => (Allow) LPort=8030
FirewallRules: [{189BFE27-F6F4-4D40-8D5A-E37076BD3B2B}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.60\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{736788D0-00F5-49EC-ADDA-FBDC13226729}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{46206964-80D5-448C-AE16-740A1D98E6A5}C:\program files\star rail\games\starrail_data\plugins\x86_64\zfgamebrowser.exe] => (Allow) C:\program files\star rail\games\starrail_data\plugins\x86_64\zfgamebrowser.exe (COGNOSPHERE PTE. LTD. -> )
FirewallRules: [UDP Query User{F24633F8-966D-4345-AC31-3A6DA6E92D5E}C:\program files\star rail\games\starrail_data\plugins\x86_64\zfgamebrowser.exe] => (Allow) C:\program files\star rail\games\starrail_data\plugins\x86_64\zfgamebrowser.exe (COGNOSPHERE PTE. LTD. -> )
FirewallRules: [{4FD1669F-8B1C-4962-9116-80FFDD942ADA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.105.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F3894134-9AB5-443A-902A-4745D2BDCD62}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.105.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{203F2AFC-5983-44E0-AF27-C9DABC515916}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.105.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8F5E8866-B366-47F4-8EC8-3C81076CB5C0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.105.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{AB773B93-7A90-4FB9-AA3C-48AA852A1934}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{84153B1A-0825-4D43-A2FE-7AC1CAB49A26}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{FFB3ECA6-7082-4E2B-87D0-6093783CDBB9}] => (Allow) LPort=8030

==================== Restore Points =========================

==================== Faulty Device Manager Devices ============

Name: PCI Device
Description: PCI Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Device
Description: PCI Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Device
Description: PCI Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: RAID Controller
Description: RAID Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Data Acquisition and Signal Processing Controller
Description: PCI Data Acquisition and Signal Processing Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Device
Description: PCI Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: ========================

Application errors:
==================
Error: (10/11/2023 04:05:42 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\Meltis\Desktop\New folder\Autoruns.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e.manifest.

Error: (10/11/2023 01:26:57 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\Meltis\Desktop\New folder\Autoruns.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e.manifest.

Error: (10/11/2023 01:26:47 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\Meltis\Desktop\New folder\Autoruns.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e.manifest.

Error: (10/11/2023 01:12:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsMpEng.exe, version: 4.18.23090.2008, time stamp: 0xf185cec2
Faulting module name: mpengine.dll, version: 1.1.23090.2007, time stamp: 0xd9a34d43
Exception code: 0xc0000005
Fault offset: 0x0000000000064b86
Faulting process id: 0x13f0
Faulting application start time: 0x01d9f9c9fd7f703b
Faulting application path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe
Faulting module path: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8CC0E314-69C9-46B2-AF23-C979575FD67D}\mpengine.dll
Report Id: c405e412-3865-4220-bab6-6055d8048784
Faulting package full name:
Faulting package-relative application ID:

Error: (10/10/2023 09:58:51 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Seagate 2TB (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (10/09/2023 02:41:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Koikatu.exe version 5.6.2.37180 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 4f6c

Start Time: 01d9faf0943b8c9e

Termination Time: 6

Application Path: C:\Games\Koikatsu\Koikatu.exe

Report Id: 9efaf879-573e-4a1c-b268-a61a62eba6f1

Faulting package full name:

Faulting package-relative application ID:

Hang type: Cross-thread

Error: (10/09/2023 02:28:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CharaStudio.exe, version: 5.6.2.37180, time stamp: 0x59462b08
Faulting module name: KERNELBASE.dll, version: 10.0.19041.3393, time stamp: 0x6b4de7c9
Exception code: 0xc0000005
Fault offset: 0x000000000002cf19
Faulting process id: 0x164
Faulting application start time: 0x01d9faef30601ebe
Faulting application path: C:\Games\Koikatsu\CharaStudio.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: 78986b6d-0529-4d91-8324-f513ece70a1e
Faulting package full name:
Faulting package-relative application ID:

Error: (10/07/2023 04:17:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.19041.3448 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 21ac

Start Time: 01d9f9647edca8d6

Termination Time: 0

Application Path: C:\Windows\explorer.exe

Report Id: d0a51ea6-1c53-4ea9-b79f-4fcce6665584

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown

System errors:
=============
Error: (10/11/2023 01:16:39 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The SOLIDWORKS Electrical Collaborative Server service has reported an invalid current state 0.

Error: (10/11/2023 01:12:16 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Defender Antivirus Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (10/09/2023 01:43:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Bluetooth User Support Service_80d60d service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 500 milliseconds: Restart the service.

Error: (10/09/2023 03:48:22 AM) (Source: DCOM) (EventID: 10010) (User: MELTISPC)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (10/09/2023 03:48:22 AM) (Source: DCOM) (EventID: 10010) (User: MELTISPC)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (10/09/2023 03:48:21 AM) (Source: DCOM) (EventID: 10010) (User: MELTISPC)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (10/09/2023 03:48:21 AM) (Source: DCOM) (EventID: 10010) (User: MELTISPC)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (10/09/2023 03:48:19 AM) (Source: DCOM) (EventID: 10010) (User: MELTISPC)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Windows Defender:
================
Date: 2023-10-11 01:04:11
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Threat description search results - Microsoft Security Intelligence
Name: Trojan:Win64/Tnega!MSR
Severity: Severe
Category: Trojan
Path: file:_C:\Windows\System32\ServiceInstaller.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: Unknown
Security intelligence Version: AV: 1.399.384.0, AS: 1.399.384.0, NIS: 1.399.384.0
Engine Version: AM: 1.1.23090.2007, NIS: 1.1.23090.2007

Date: 2023-10-11 01:04:10
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Microsoft Security Intelligence
Name: Trojan:VBS/Valyria!MSR
Severity: Severe
Category: Trojan
Path: file:_C:\Windows\System32\StartupCheck.vbs
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: Unknown
Security intelligence Version: AV: 1.399.384.0, AS: 1.399.384.0, NIS: 1.399.384.0
Engine Version: AM: 1.1.23090.2007, NIS: 1.1.23090.2007

Date: 2023-10-11 01:04:09
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Microsoft Security Intelligence
Name: Trojan:Win32/CoinMiner!MSR
Severity: Severe
Category: Trojan
Path: file:_C:\Windows\System32\7B296FC0-376B-497d-B013-58F4D9633A22-5P-1.B5841A4C-A289-439d-8115-50AB69CD450B
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: Unknown
Security intelligence Version: AV: 1.399.384.0, AS: 1.399.384.0, NIS: 1.399.384.0
Engine Version: AM: 1.1.23090.2007, NIS: 1.1.23090.2007

Date: 2023-10-11 01:04:09
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...BS/Tnega!MSR&threatid=2147754826&enterprise=1
Name: Trojan:VBS/Tnega!MSR
Severity: Severe
Category: Trojan
Path: file:_C:\Windows\System32\Maintenance.vbs
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: Unknown
Security intelligence Version: AV: 1.399.384.0, AS: 1.399.384.0, NIS: 1.399.384.0
Engine Version: AM: 1.1.23090.2007, NIS: 1.1.23090.2007

Date: 2023-10-07 17:45:00
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...in32/QBitTorrent&threatid=311352&enterprise=1
Name: PUATorrent:Win32/QBitTorrent
Severity: Severe
Category: Potentially Unwanted Software
Path: file:_C:\Users\Meltis\Downloads\qbittorrent_4.5.5_x64_setup.exe; webfile:_C:\Users\Meltis\Downloads\qbittorrent_4.5.5_x64_setup.exe|https://download.fosshub.com/Protec...exe|pid:25384,ProcessStart:133411958992025175
Detection Origin: Internet
Detection Type: Concrete
Detection Source: Downloads and attachments
Process Name: Unknown
Security intelligence Version: AV: 1.399.213.0, AS: 1.399.213.0, NIS: 1.399.213.0
Engine Version: AM: 1.1.23090.2007, NIS: 1.1.23090.2007
Event[0]:

Date: 2023-10-11 01:12:14
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80070006
Error description: The handle is invalid.
Reason: The filter driver was unloaded unexpectedly.

Date: 2023-10-11 01:12:14
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80070006
Error description: The handle is invalid.
Reason: The filter driver was unloaded unexpectedly.

Date: 2023-10-11 01:12:14
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80070006
Error description: The handle is invalid.
Reason: The filter driver was unloaded unexpectedly.

Date: 2023-10-11 01:12:13
Description:
Microsoft Defender Antivirus engine has been terminated due to an unexpected error.
Failure Type: Crash
Exception code: 0xc0000005
Resource:
Engine Code: 0

Date: 2023-09-10 23:38:26
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80501102
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Security intelligence Version: 1.397.753.0;1.397.753.0
Engine Version: 1.1.23080.2005

CodeIntegrity:
===============
Date: 2023-10-11 04:18:57
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2023-10-11 04:09:12
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 1220 07/28/2023
Motherboard: ASUSTeK COMPUTER INC. PRIME Z790-P WIFI
Processor: 13th Gen Intel(R) Core(TM) i7-13700KF
Percentage of memory in use: 41%
Total physical RAM: 32581.3 MB
Available physical RAM: 19161.94 MB
Total Virtual: 37445.3 MB
Available Virtual: 20269.44 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1907.1 GB) (Free:1225.37 GB) (Model: AGAMMIXS70B-2T-CS) NTFS
Drive d: (Seagate 2TB) (Fixed) (Total:1863.01 GB) (Free:1501.57 GB) (Model: Seagate BUP Slim RD SCSI Disk Device) NTFS
Drive g: (***@gmail.com - Google...) (Fixed) (Total:15 GB) (Free:3.4 GB) (Model: AGAMMIXS70B-2T-CS) FAT32
Drive h: (***@gmail.com - Googl...) (Fixed) (Total:15 GB) (Free:4.23 GB) (Model: AGAMMIXS70B-2T-CS) FAT32
Drive i: (***@gmail.com - G...) (Fixed) (Total:15 GB) (Free:8.82 GB) (Model: AGAMMIXS70B-2T-CS) FAT32
Drive j: (***@gmail.com - G...) (Fixed) (Total:15 GB) (Free:5.46 GB) (Model: AGAMMIXS70B-2T-CS) FAT32

\\?\Volume{a69bf79e-e698-4f9d-90f6-8a2bbc7df8f3}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS
\\?\Volume{05027a06-3ef7-42af-be6b-2f7f0a35d84f}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 1907.7 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: A68D8888)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Edit: email adresses removed from addition.txt

DR M · Oct 11, 2023

Hello.

Please don't follow any other instruction from elsewhere, while we are working here. This can make the job difficult and complicated, and the assistance not as effective as it should be.

These are my first comments/instructions regarding your logs:

1. P2P program

You have qBittorrent installed in your computer. This is a P2P program. P2P programs form a direct conduit on to a computer. They have always been a target of malware writers and are increasingly so of late. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program. If you don't uninstall it, your computer will probably get infected again, as soon as you use it again. But it is your computer and of course your decision.

If you decide to keep it, DON'T use it during the cleaning procedure.
If you decide to uninstall it, uninstall it now.

2. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.

Code:

Start::
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [Genshin Impact_launcher_mihoyo_1_0] => [X]
HKLM-x32\...\Run: [Star Rail_launcher_hoyoverse_PC_1_1] => [X]
Task: {385248BC-02D8-48D5-9E1A-D0DC33B7CA53} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe (No File)
Task: {C083F20F-9F39-44C9-84DD-3C7436067A40} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => StartupCheck.vbs (No File)
S3 cpuz157; \??\C:\Windows\temp\cpuz157\cpuz157_x64.sys [X]
U2 MVXLDR; no ImagePath
U2 MVXPRO; no ImagePath
U2 PLSLT; no ImagePath
U2 VERSA2; no ImagePath
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Meltis\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Meltis\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Meltis\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Meltis\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Meltis\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
AlternateDataStreams: C:\ProgramData\mntemp:8EAD8B3507 [3442]
BHO: No Name -> {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} -> C:\Users\Meltis\Desktop\Stuff\OldNewExplorer\OldNewExplorer64.dll [2023-09-04] (www.startisback.com) [File not signed]
BHO-x32: No Name -> {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} -> C:\Users\Meltis\Desktop\Stuff\OldNewExplorer\OldNewExplorer32.dll [2023-09-04] (www.startisback.com) [File not signed]
FirewallRules: [TCP Query User{FB98E7D9-3719-463E-84AB-D46781C62211}C:\users\meltis\desktop\stuff\games\mage kanade's futanari dungeon quest\mage kanades futanari dungeon quest.exe] => (Allow) C:\users\meltis\desktop\stuff\games\mage kanade's futanari dungeon quest\mage kanades futanari dungeon quest.exe => No File
FirewallRules: [UDP Query User{B47A71D9-2571-4DF7-BA9F-A7C5C48B98F6}C:\users\meltis\desktop\stuff\games\mage kanade's futanari dungeon quest\mage kanades futanari dungeon quest.exe] => (Allow) C:\users\meltis\desktop\stuff\games\mage kanade's futanari dungeon quest\mage kanades futanari dungeon quest.exe => No File
FirewallRules: [TCP Query User{C4AC2191-859E-4FBB-8670-7978CFE85589}C:\users\meltis\desktop\stuff\games\league mods\mage kanade's futanari dungeon quest\mage kanades futanari dungeon quest.exe] => (Allow) C:\users\meltis\desktop\stuff\games\league mods\mage kanade's futanari dungeon quest\mage kanades futanari dungeon quest.exe => No File
FirewallRules: [UDP Query User{53F8F696-1CB0-4273-B1CF-BD6774E50390}C:\users\meltis\desktop\stuff\games\league mods\mage kanade's futanari dungeon quest\mage kanades futanari dungeon quest.exe] => (Allow) C:\users\meltis\desktop\stuff\games\league mods\mage kanade's futanari dungeon quest\mage kanades futanari dungeon quest.exe => No File
FirewallRules: [{8B917C4E-9D0F-4FE4-BF94-8D3A1E88ECEE}] => (Allow) C:\Program Files (x86)\ULS\UCP\IP2LIB32\OpenLf.exe => No File
FirewallRules: [{3C9D6A11-003A-471D-90F6-A4BB0EAE112D}] => (Allow) C:\Program Files (x86)\ULS\UCP\IP2LIB32\OpenLf.exe => No File
FirewallRules: [TCP Query User{945E7DCD-DCC7-4E3D-A0F4-5282FB51653A}C:\users\meltis\desktop\stuff\games\koikatsu\[utility] kkmanager\kkmanager.exe] => (Allow) C:\users\meltis\desktop\stuff\games\koikatsu\[utility] kkmanager\kkmanager.exe => No File
FirewallRules: [UDP Query User{04F8DF34-9785-403D-8435-C213EF5A1295}C:\users\meltis\desktop\stuff\games\koikatsu\[utility] kkmanager\kkmanager.exe] => (Allow) C:\users\meltis\desktop\stuff\games\koikatsu\[utility] kkmanager\kkmanager.exe => No File
cmd: netsh winsock reset
RemoveProxy:
EmptyTemp:
End::

Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.[/*]
Press the Fix button once and wait.
FRST will process fixlist.txt
When finished, it will produce a log fixlog.txt on your Desktop.
Post the log in your next reply.

In your next reply please post:

What did you decide/do with the qBittorrent
The fixlog.txt

meltis · Oct 11, 2023

I uninstalled qBittorent with the provided uninstall in its own folder.

Fix result of Farbar Recovery Scan Tool (x64) Version: 06-10-2023
Ran by Meltis (11-10-2023 07:33:15) Run:1
Running from C:\Users\Meltis\Downloads
Loaded Profiles: Meltis & SQLTELEMETRY$TEW_SQLEXPRESS
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [Genshin Impact_launcher_mihoyo_1_0] => [X]
HKLM-x32\...\Run: [Star Rail_launcher_hoyoverse_PC_1_1] => [X]
Task: {385248BC-02D8-48D5-9E1A-D0DC33B7CA53} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe (No File)
Task: {C083F20F-9F39-44C9-84DD-3C7436067A40} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => StartupCheck.vbs (No File)
S3 cpuz157; \??\C:\Windows\temp\cpuz157\cpuz157_x64.sys [X]
U2 MVXLDR; no ImagePath
U2 MVXPRO; no ImagePath
U2 PLSLT; no ImagePath
U2 VERSA2; no ImagePath
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Meltis\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Meltis\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Meltis\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Meltis\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Meltis\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
AlternateDataStreams: C:\ProgramData\mntemp:8EAD8B3507 [3442]
BHO: No Name -> {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} -> C:\Users\Meltis\Desktop\Stuff\OldNewExplorer\OldNewExplorer64.dll [2023-09-04] (www.startisback.com) [File not signed]
BHO-x32: No Name -> {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} -> C:\Users\Meltis\Desktop\Stuff\OldNewExplorer\OldNewExplorer32.dll [2023-09-04] (www.startisback.com) [File not signed]
FirewallRules: [TCP Query User{FB98E7D9-3719-463E-84AB-D46781C62211}C:\users\meltis\desktop\stuff\games\mage kanade's futanari dungeon quest\mage kanades futanari dungeon quest.exe] => (Allow) C:\users\meltis\desktop\stuff\games\mage kanade's futanari dungeon quest\mage kanades futanari dungeon quest.exe => No File
FirewallRules: [UDP Query User{B47A71D9-2571-4DF7-BA9F-A7C5C48B98F6}C:\users\meltis\desktop\stuff\games\mage kanade's futanari dungeon quest\mage kanades futanari dungeon quest.exe] => (Allow) C:\users\meltis\desktop\stuff\games\mage kanade's futanari dungeon quest\mage kanades futanari dungeon quest.exe => No File
FirewallRules: [TCP Query User{C4AC2191-859E-4FBB-8670-7978CFE85589}C:\users\meltis\desktop\stuff\games\league mods\mage kanade's futanari dungeon quest\mage kanades futanari dungeon quest.exe] => (Allow) C:\users\meltis\desktop\stuff\games\league mods\mage kanade's futanari dungeon quest\mage kanades futanari dungeon quest.exe => No File
FirewallRules: [UDP Query User{53F8F696-1CB0-4273-B1CF-BD6774E50390}C:\users\meltis\desktop\stuff\games\league mods\mage kanade's futanari dungeon quest\mage kanades futanari dungeon quest.exe] => (Allow) C:\users\meltis\desktop\stuff\games\league mods\mage kanade's futanari dungeon quest\mage kanades futanari dungeon quest.exe => No File
FirewallRules: [{8B917C4E-9D0F-4FE4-BF94-8D3A1E88ECEE}] => (Allow) C:\Program Files (x86)\ULS\UCP\IP2LIB32\OpenLf.exe => No File
FirewallRules: [{3C9D6A11-003A-471D-90F6-A4BB0EAE112D}] => (Allow) C:\Program Files (x86)\ULS\UCP\IP2LIB32\OpenLf.exe => No File
FirewallRules: [TCP Query User{945E7DCD-DCC7-4E3D-A0F4-5282FB51653A}C:\users\meltis\desktop\stuff\games\koikatsu\[utility] kkmanager\kkmanager.exe] => (Allow) C:\users\meltis\desktop\stuff\games\koikatsu\[utility] kkmanager\kkmanager.exe => No File
FirewallRules: [UDP Query User{04F8DF34-9785-403D-8435-C213EF5A1295}C:\users\meltis\desktop\stuff\games\koikatsu\[utility] kkmanager\kkmanager.exe] => (Allow) C:\users\meltis\desktop\stuff\games\koikatsu\[utility] kkmanager\kkmanager.exe => No File
cmd: netsh winsock reset
RemoveProxy:
EmptyTemp:
End::
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Genshin Impact_launcher_mihoyo_1_0" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Star Rail_launcher_hoyoverse_PC_1_1" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{385248BC-02D8-48D5-9E1A-D0DC33B7CA53}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{385248BC-02D8-48D5-9E1A-D0DC33B7CA53}" => removed successfully
C:\Windows\System32\Tasks\ASUS\P508PowerAgent_sdk => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS\P508PowerAgent_sdk" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C083F20F-9F39-44C9-84DD-3C7436067A40}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C083F20F-9F39-44C9-84DD-3C7436067A40}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\StartupCheckLibrary" => removed successfully
HKLM\System\CurrentControlSet\Services\cpuz157 => removed successfully
cpuz157 => service removed successfully
HKLM\System\CurrentControlSet\Services\MVXLDR => removed successfully
MVXLDR => service removed successfully
HKLM\System\CurrentControlSet\Services\MVXPRO => removed successfully
MVXPRO => service removed successfully
HKLM\System\CurrentControlSet\Services\PLSLT => removed successfully
PLSLT => service removed successfully
HKLM\System\CurrentControlSet\Services\VERSA2 => removed successfully
VERSA2 => service removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => subkey with invalid name -> removed successfully
HKLM\Software\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => subkey with invalid name -> removed successfully
HKLM\Software\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => subkey with invalid name -> removed successfully
HKLM\Software\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
C:\ProgramData\mntemp => ":8EAD8B3507" ADS removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} => removed successfully
HKLM\Software\Classes\CLSID\{27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{FB98E7D9-3719-463E-84AB-D46781C62211}C:\users\meltis\desktop\stuff\games\mage kanade's futanari dungeon quest\mage kanades futanari dungeon quest.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B47A71D9-2571-4DF7-BA9F-A7C5C48B98F6}C:\users\meltis\desktop\stuff\games\mage kanade's futanari dungeon quest\mage kanades futanari dungeon quest.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C4AC2191-859E-4FBB-8670-7978CFE85589}C:\users\meltis\desktop\stuff\games\league mods\mage kanade's futanari dungeon quest\mage kanades futanari dungeon quest.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{53F8F696-1CB0-4273-B1CF-BD6774E50390}C:\users\meltis\desktop\stuff\games\league mods\mage kanade's futanari dungeon quest\mage kanades futanari dungeon quest.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8B917C4E-9D0F-4FE4-BF94-8D3A1E88ECEE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3C9D6A11-003A-471D-90F6-A4BB0EAE112D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{945E7DCD-DCC7-4E3D-A0F4-5282FB51653A}C:\users\meltis\desktop\stuff\games\koikatsu\[utility] kkmanager\kkmanager.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{04F8DF34-9785-403D-8435-C213EF5A1295}C:\users\meltis\desktop\stuff\games\koikatsu\[utility] kkmanager\kkmanager.exe" => removed successfully

========= netsh winsock reset =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully

========= End of RemoveProxy: =========

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 272015535 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 788019688 B
Windows/system/drivers => 210854661 B
Edge => 0 B
Chrome => 1064510192 B
Firefox => 134705801 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 65140418 B
systemprofile32 => 65142000 B
LocalService => 65142000 B
NetworkService => 65165144 B
Meltis => 1317409763 B
SQLTELEMETRY$TEW_SQLEXPRESS => 1317409763 B

RecycleBin => 58307957378 B
EmptyTemp: => 59.3 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 07:33:54 ====

DR M · Oct 11, 2023

Very good.

Another check please:

ESET Online Scan

Download ESET Online Scanner and save it to your desktop.

Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
When the tool opens, click Get Started.
Read and accept the license agreement.
At the Welcome to ESET Online Scanner window, click Get Started.
Select whether you would like to send anonymous data to ESET.
Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
Click on the Full Scan option.
Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
ESET will now begin scanning your computer. This may take some time.
When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

meltis · Oct 11, 2023

Sorry for the late response on this.
Had no viruses according to it :)

2023-10-11 17:49:23 PM
Files scanned: 1115016
Detected files: 0
Cleaned files: 0
Total scan time: 01:25:13
Scan status: Finished

DR M · Oct 12, 2023

Good.

Are you getting any warning errors now?

Let's see fresh FRST logs now, please, Addition and FRST.

meltis · Oct 12, 2023

I don't see any errors now.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-10-2023
Ran by Meltis (administrator) on MELTISPC (ASUS System Product Name) (12-10-2023 19:25:41)
Running from C:\Users\Meltis\Downloads\FRST64.exe
Loaded Profiles: Meltis & SQLTELEMETRY$TEW_SQLEXPRESS
Platform: Microsoft Windows 10 Home Version 22H2 19045.3448 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe ->) (ASUSTeK COMPUTER INC. -> ) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent\ArmourySwAgent.exe
(C:\Program Files (x86)\Steam\steam.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <6>
(C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe ->) (Skutta, Kristjan -> ) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper64.exe
(C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.UserSessionHelper.exe
(C:\Program Files\Google\Drive File Stream\82.0.1.0\GoogleDriveFS.exe ->) (Google LLC -> ) C:\Program Files\Google\Drive File Stream\82.0.1.0\crashpad_handler.exe
(C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe ->) (Siemens Industry Software Inc. -> Mentor Graphics Corporation) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\dispatcher.exe
(C:\Riot Games\Riot Client\RiotClientServices.exe ->) () [File not signed] C:\Riot Games\Riot Client\RiotClientCrashHandler.exe
(Discord Inc. -> Discord Inc.) C:\Users\Meltis\AppData\Local\Discord\app-1.0.9019\Discord.exe <6>
(explorer.exe ->) (Dassault Systemes SolidWorks Corp. -> Dassault Systèmes SolidWorks Corporation) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldworks_fs.exe
(explorer.exe ->) (Firebit OU -> Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <25>
(explorer.exe ->) (Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\82.0.1.0\GoogleDriveFS.exe <7>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe <2>
(explorer.exe ->) (Riot Games, Inc. -> Riot Games, Inc.) C:\Program Files\Riot Vanguard\vgtray.exe
(explorer.exe ->) (Riot Games, Inc. -> Riot Games, Inc.) C:\Riot Games\Riot Client\RiotClientServices.exe
(explorer.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUS Inc.) C:\Program Files (x86)\ASUS\GameSDK Service\GameSDK.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.) C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\2.03.28\AsusFanControlService.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AXSP\4.02.23\atkexComSvc.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) C:\Program Files (x86)\LightingService\LightingService.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.) C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe
(services.exe ->) (Dassault Systemes SolidWorks Corp. -> ) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\server\EwServer.exe
(services.exe ->) (Dassault Systemes SolidWorks Corp. -> Dassault Systèmes) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Visualize\SWVisualize.Queue.Server.exe
(services.exe ->) (Flexera Software LLC -> Flexera) C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
(services.exe ->) (Flexera Software LLC -> Flexera) C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\SOLIDWORKS Electrical\MSSQL15.TEW_SQLEXPRESS\MSSQL\Binn\sqlceip.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\SOLIDWORKS Electrical\MSSQL15.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_7e5fd280efaa5445\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Siemens Industry Software Inc. -> Mentor Graphics Corporation) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe
(services.exe ->) (Skutta, Kristjan -> ) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe
(services.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\steamservice.exe
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ) C:\Program Files\ASUS\KINGSTON_Aac_DRAM\AacKingstonDramHal_x64.exe
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ) C:\Program Files\ASUS\KINGSTON_Aac_DRAM\AacKingstonDramHal_x86.exe
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\NoiseCancelingEngine.exe
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek Compputer Inc.) C:\Program Files\ASUS\AacMB\Aac3572MbHal_x86.exe <2>
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe <9>
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.) C:\Program Files\ASUS\AacExtCard\extensionCardHal_x86.exe
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.) C:\Program Files\ASUS\ASUS_Aac_DRAM\Aac3572DramHal_x86.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.199.0924.0001\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [3022640 2023-09-25] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [142543160 2023-07-06] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\82.0.1.0\GoogleDriveFS.exe [55189280 2023-10-11] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\82.0.1.0\GoogleDriveFS.exe [55189280 2023-10-11] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2588592 2023-10-06] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\Run: [Discord] => C:\Users\Meltis\AppData\Local\Discord\Update.exe [1525016 2023-07-31] (Discord Inc. -> GitHub)
HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4375912 2023-09-29] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\82.0.1.0\GoogleDriveFS.exe [55189280 2023-10-11] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\Run: [RiotClient] => C:\Riot Games\Riot Client\RiotClientServices.exe [70913464 2023-10-05] (Riot Games, Inc. -> Riot Games, Inc.)
HKU\S-1-5-80-2079297812-3395903788-2019235919-340588434-3960611093\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\82.0.1.0\GoogleDriveFS.exe [55189280 2023-10-11] (Google LLC -> Google, Inc.)
HKU\S-1-5-80-2079297812-3395903788-2019235919-340588434-3960611093\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2588592 2023-10-06] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\82.0.1.0\GoogleDriveFS.exe [55189280 2023-10-11] (Google LLC -> Google, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\117.0.5938.150\Installer\chrmstp.exe [2023-10-09] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS 2022 Fast Start.lnk [2023-09-27]
ShortcutTarget: SOLIDWORKS 2022 Fast Start.lnk -> C:\Windows\Installer\{26EA0056-4BAD-4F9E-BDCE-A72E25C7D06D}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera) [File not signed]
Startup: C:\Users\Meltis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2023-09-10]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Firebit OU -> Rainmeter)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3A69C88A-DCD4-4FCA-9B79-C0802135FDCC} - System32\Tasks\ASUS\AcPowerNotification => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe [313192 2023-07-25] (ASUSTeK COMPUTER INC. -> ASUS)
Task: {051E985B-880C-47D4-8161-F78AE16B4CBD} - System32\Tasks\ASUS\ArmourySocketServer => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe [1898344 2023-07-25] (ASUSTeK COMPUTER INC. -> ASUS)
Task: {B5EAA203-E2E6-48B4-B718-7DE4B0F3D7AC} - System32\Tasks\ASUS\ASUSUpdateTaskMachineCore1d9deb6337d8ca0 => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [165224 2023-09-03] (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.)
Task: {CE0E07EE-9181-47A9-958F-E2E1F0B5C15D} - System32\Tasks\ASUS\ASUSUpdateTaskMachineUA => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [165224 2023-09-03] (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.)
Task: {0AC913CE-1343-410A-BBF3-1A4F738493FB} - System32\Tasks\ASUS\Framework Service => C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe [139091304 2023-07-19] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
Task: {12949E7C-3916-4ADB-BFC1-D72C56254376} - System32\Tasks\ASUS\NoiseCancelingEngine => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\NoiseCancelingEngine.exe [1254760 2023-07-05] (ASUSTeK COMPUTER INC. -> ASUS)
Task: {08618B9F-380D-42D1-995E-6F6F06B01ABF} - System32\Tasks\GoogleUpdateTaskMachineCore{DB4144DA-7501-4611-A5E6-0EE892CD924F} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162072 2023-09-04] (Google LLC -> Google LLC)
Task: {C4D68E70-F843-4406-86BD-E53335516E2F} - System32\Tasks\GoogleUpdateTaskMachineUA{B6E74B6A-F7EE-446B-96E5-0F2665CFDDF9} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162072 2023-09-04] (Google LLC -> Google LLC)
Task: {8A02745B-4EA0-4436-9E5E-0B963FE93F34} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26974216 2023-10-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {2D9B1AE4-F0DB-4958-ABE4-E4562DA27C9E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26974216 2023-10-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {774D67F1-745C-4A6E-BC3A-A60A05ADC17F} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [160920 2023-10-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {BE4F86F8-6858-4D28-B1EE-9F7458E16098} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [160920 2023-10-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {FF929A4A-FDF0-485A-B87C-7FF6DF1999AD} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [169136 2023-10-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {D8F4CD9B-2424-4D8D-8993-2E0474C6CAA7} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4413368 2023-10-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {05CC55EB-AE0B-4A1B-9C17-2C99D7B382CE} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\DF1A15CC-52D6-49A2-9F15-CF3475ED2B70\OS Edition Upgrade event listener created by enrollment client => C:\Windows\system32\deviceenroller.exe [472576 2023-09-14] (Microsoft Windows -> Microsoft Corporation)
Task: {0AEE80E4-82E0-48E1-A058-C74A3E40C853} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\DF1A15CC-52D6-49A2-9F15-CF3475ED2B70\Passport for Work alert created by enrollment client => C:\Windows\system32\deviceenroller.exe [472576 2023-09-14] (Microsoft Windows -> Microsoft Corporation)
Task: {F1067F44-97F0-45C3-AD00-EF53A06723AE} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\DF1A15CC-52D6-49A2-9F15-CF3475ED2B70\Provisioning initiated session => C:\Windows\system32\deviceenroller.exe [472576 2023-09-14] (Microsoft Windows -> Microsoft Corporation)
Task: {867C7838-43FD-45DC-B99C-1CBE60DCFB46} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\DF1A15CC-52D6-49A2-9F15-CF3475ED2B70\PushLaunch => C:\Windows\system32\deviceenroller.exe [472576 2023-09-14] (Microsoft Windows -> Microsoft Corporation)
Task: {0D146319-BB7B-4935-A979-4381933663CA} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\DF1A15CC-52D6-49A2-9F15-CF3475ED2B70\PushRenewal => C:\Windows\system32\deviceenroller.exe [472576 2023-09-14] (Microsoft Windows -> Microsoft Corporation)
Task: {13836F50-8229-43F5-86CC-A91C4D773BE7} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\DF1A15CC-52D6-49A2-9F15-CF3475ED2B70\Schedule #1 created by enrollment client => C:\Windows\system32\deviceenroller.exe [472576 2023-09-14] (Microsoft Windows -> Microsoft Corporation)
Task: {DC062979-5C80-4C7D-A84C-E47F582798C6} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\DF1A15CC-52D6-49A2-9F15-CF3475ED2B70\Schedule #2 created by enrollment client => C:\Windows\system32\deviceenroller.exe [472576 2023-09-14] (Microsoft Windows -> Microsoft Corporation)
Task: {C68FB8D6-49E1-42D0-8795-70CFD6807E29} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\DF1A15CC-52D6-49A2-9F15-CF3475ED2B70\Schedule #3 created by enrollment client => C:\Windows\system32\deviceenroller.exe [472576 2023-09-14] (Microsoft Windows -> Microsoft Corporation)
Task: {04D8B7CF-CD96-445B-A8EB-74DF529211BD} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\DF1A15CC-52D6-49A2-9F15-CF3475ED2B70\Schedule created by enrollment client for renewal of certificate warning => C:\Windows\system32\deviceenroller.exe [472576 2023-09-14] (Microsoft Windows -> Microsoft Corporation)
Task: {0A979E12-AF51-44AC-BA23-A8B8D6BC65FF} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\DF1A15CC-52D6-49A2-9F15-CF3475ED2B70\Schedule to run OMADMClient by client => C:\Windows\system32\omadmclient.exe [468992 2023-09-14] (Microsoft Windows -> Microsoft Corporation)
Task: {F2BFE3FD-7A05-48A6-89D9-E3323F83F339} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\DF1A15CC-52D6-49A2-9F15-CF3475ED2B70\Schedule to run OMADMClient by server => C:\Windows\system32\omadmclient.exe [468992 2023-09-14] (Microsoft Windows -> Microsoft Corporation)
Task: {56FA615B-3D71-4727-80CF-9FB5E107DA58} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\DF1A15CC-52D6-49A2-9F15-CF3475ED2B70\Win10 S Mode event listener created by enrollment client => C:\Windows\system32\deviceenroller.exe [472576 2023-09-14] (Microsoft Windows -> Microsoft Corporation)
Task: {770CD0BA-2C3E-405A-B345-B90E96420BD9} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\DF1A15CC-52D6-49A2-9F15-CF3475ED2B70\Wsc Startup event listener created by enrollment client => C:\Windows\system32\deviceenroller.exe [472576 2023-09-14] (Microsoft Windows -> Microsoft Corporation)
Task: {3117B4C3-821B-44D3-AC32-F1CB97D20EFE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1C0B8A44-7B72-4135-A17E-0A1150B3AF4B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2DB58DEE-CCB8-48CA-AF5F-7D0FE8002F22} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EC825460-F27D-438A-A1FD-C9B2661E62DA} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [676768 2023-10-11] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {02A48E3A-22EA-47F8-9028-4D6FDFCC3039} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [718240 2023-10-11] (Mozilla Corporation -> Mozilla Foundation)
Task: {C9B75801-4C2D-4A5F-A029-7EA80BCE4DF6} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130720 2023-10-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {B9AC0435-9C4A-4351-8D3F-C545D37107F0} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3320682118-2640290401-2509692745-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130720 2023-10-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {CF616355-33AF-4D2D-9D59-609A6ED80CEC} - System32\Tasks\SOLIDWORKS Electrical Archiver => C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\bin\EwEnvironmentArchiver\ewenvironmentarchiver.exe [278008 2022-06-17] (Dassault Systemes SolidWorks Corp. -> Dassault Systèmes SolidWorks Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\SOLIDWORKS Electrical Archiver.job => C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\bin\EwEnvironmentArchiver\ewenvironmentarchiver.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-30] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{08f3d90a-0e44-4647-aaaa-913869c9aa42}: [DhcpNameServer] 64.59.135.148 64.59.128.114
Tcpip\..\Interfaces\{de892636-0c80-4076-b91c-d94292f428b7}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge Profile: C:\Users\Meltis\AppData\Local\Microsoft\Edge\User Data\Default [2023-09-06]

FireFox:
========
FF DefaultProfile: vqds55kp.default
FF ProfilePath: C:\Users\Meltis\AppData\Roaming\Mozilla\Firefox\Profiles\vqds55kp.default [2023-10-11]
FF ProfilePath: C:\Users\Meltis\AppData\Roaming\Mozilla\Firefox\Profiles\86fjmt5s.default-release [2023-10-11]
FF Extension: (FastForward) - C:\Users\Meltis\AppData\Roaming\Mozilla\Firefox\Profiles\86fjmt5s.default-release\Extensions\addon@fastforward.team.xpi [2023-10-10]
FF Extension: (uBlock Origin) - C:\Users\Meltis\AppData\Roaming\Mozilla\Firefox\Profiles\86fjmt5s.default-release\Extensions\uBlock0@raymondhill.net.xpi [2023-10-10]
FF Plugin: 3ds.com/ComposerPlayerWebPlugin_x86_64 -> C:\PROGRA~1\SOLIDW~1\SOLIDW~3\Bin\NPCOMP~1.DLL [2022-06-17] (DASSAULT SYSTEMES SE -> Dassault Systemes)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-09-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin-x32: 3ds.com/ComposerPlayerWebPlugin -> C:\PROGRA~1\SOLIDW~1\SOLIDW~3\Bin\x86\NPCOMP~1.DLL [2022-06-17] (DASSAULT SYSTEMES SE -> Dassault Systemes)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2023-09-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-10-03] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Profile 4
CHR Profile: C:\Users\Meltis\AppData\Local\Google\Chrome\User Data\Profile 4 [2023-10-12]
CHR Extension: (Pixiv Toolkit) - C:\Users\Meltis\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ajlcnbbeidbackfknkgknjefhmbngdnj [2023-09-26]
CHR Extension: (h264ify) - C:\Users\Meltis\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aleakchihdccplidncghkekgioiakgal [2023-09-26]
CHR Extension: (Authenticator) - C:\Users\Meltis\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\bhghoamapcdpbohphigoooaddinpkbai [2023-09-26]
CHR Extension: (PayPal Honey: Automatic Coupons & Cash Back) - C:\Users\Meltis\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2023-09-26]
CHR Extension: (uBlock Origin) - C:\Users\Meltis\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2023-09-26]
CHR Extension: (change-language) - C:\Users\Meltis\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\cofdbpoegempjloogbagkncekinflcnj [2023-09-26]
CHR Extension: (User-Agent Switcher for Chrome) - C:\Users\Meltis\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2023-09-26]
CHR Extension: (Return YouTube Dislike) - C:\Users\Meltis\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gebbhagfogifgggkldgodflihgfeippi [2023-09-26]
CHR Extension: (Google Docs Offline) - C:\Users\Meltis\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-26]
CHR Extension: (Screenshot YouTube) - C:\Users\Meltis\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gjoijpfmdhbjkkgnmahganhoinjjpohk [2023-09-26]
CHR Extension: (Violentmonkey) - C:\Users\Meltis\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\jinjaccalgkegednnccohejagnlnfdag [2023-09-26]
CHR Extension: (Image Search Options) - C:\Users\Meltis\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\kljmejbpilkadikecejccebmccagifhl [2023-09-26]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\Meltis\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-09-26]
CHR Extension: (Google Images Restored) - C:\Users\Meltis\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ncndcebmkibkhopclfdjfacgfholcghi [2023-09-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Meltis\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-09-26]
CHR Extension: (The Marvellous Suspender) - C:\Users\Meltis\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\noogafoofpebimajpfpamcfhoaifemoa [2023-09-26]
CHR Extension: (Add to Buyee) - C:\Users\Meltis\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ocjpgibbldacmpedgjgmcdcikjeopnpb [2023-09-26]
CHR Profile: C:\Users\Meltis\AppData\Local\Google\Chrome\User Data\System Profile [2023-09-26]
CHR HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ArmouryCrateService; C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe [399992 2023-08-11] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.02.23\atkexComSvc.exe [896872 2023-05-19] (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.)
S2 asus; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [165224 2023-09-03] (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.)
R2 AsusCertService; C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe [558104 2022-05-19] (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\2.03.28\AsusFanControlService.exe [1735528 2023-07-06] (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.)
S3 asusm; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [165224 2023-09-03] (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.)
S2 AsusROGLSLService; C:\Program Files (x86)\ASUS\AsusROGLSLService\AsusROGLSLService.exe [681832 2023-09-04] (ASUSTeK COMPUTER INC. -> ASUS)
S2 AsusUpdateCheck; C:\Windows\System32\AsusUpdateCheck.exe [840144 2023-10-12] (ASUSTeK COMPUTER INC. -> )
R2 AzureAttestService; C:\Program Files\Microsoft\AzureAttestService\AzureAttestService.dll [151288 2019-07-24] (Microsoft Windows -> Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12859472 2023-10-03] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1135648 2023-09-04] (EasyAntiCheat Oy -> Epic Games, Inc)
R2 ewserver; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\server\EwServer.exe [192504 2022-06-17] (Dassault Systemes SolidWorks Corp. -> )
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.199.0924.0001\FileSyncHelper.exe [3503544 2023-10-06] (Microsoft Corporation -> Microsoft Corporation)
R2 GameSDK Service; C:\Program Files (x86)\ASUS\GameSDK Service\GameSDK.exe [397544 2022-05-31] (ASUSTeK COMPUTER INC. -> ASUS Inc.)
R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [10688256 2023-09-24] (Logitech Inc -> Logitech, Inc.)
R2 LightingService; C:\Program Files (x86)\LightingService\LightingService.exe [4283240 2023-05-31] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
R2 MSSQL$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL15.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe [626280 2019-09-24] (Microsoft Corporation -> Microsoft Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.199.0924.0001\OneDriveUpdaterService.exe [3840432 2023-10-06] (Microsoft Corporation -> Microsoft Corporation)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc)
R2 RemoteSolverDispatcher; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe [250568 2022-06-17] (Siemens Industry Software Inc. -> Mentor Graphics Corporation)
R2 ROG Live Service; C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe [1665648 2023-07-25] (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2023-09-27] (SolidWorks) [File not signed]
S4 SQLAgent$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL15.TEW_SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [695912 2019-09-24] (Microsoft Corporation -> Microsoft Corporation)
R2 SQLTELEMETRY$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL15.TEW_SQLEXPRESS\MSSQL\Binn\sqlceip.exe [290648 2019-09-24] (Microsoft Corporation -> Microsoft Corporation)
R2 SWVisualize2022.Queue.Server; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Visualize\SWVisualize.Queue.Server.exe [32968 2022-06-17] (Dassault Systemes SolidWorks Corp. -> Dassault Systèmes)
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [9402904 2023-09-25] (Riot Games, Inc. -> Riot Games, Inc.)
R2 Wallpaper Engine Service; C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe [134752 2023-09-24] (Skutta, Kristjan -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\NisSrv.exe [3116904 2023-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe [133584 2023-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_7e5fd280efaa5445\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_7e5fd280efaa5445\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACE-BASE; C:\Windows\system32\drivers\ACE-BASE.sys [1869904 2023-10-11] (HIGH MORALE DEVELOPMENTS LIMITED -> ANTICHEATEXPERT.COM)
R1 Asusgio3; C:\Windows\system32\drivers\AsIO3.sys [49256 2022-08-16] (ASUSTeK COMPUTER INC. -> )
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 cpuz154; C:\Windows\temp\cpuz154\cpuz154_x64.sys [40976 2023-10-12] (Microsoft Windows Hardware Compatibility Publisher -> CPUID)
R1 CTIAIO; C:\Windows\system32\drivers\CtiAIo64.sys [32840 2023-09-03] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Innovation Co., LTd.)
R1 googledrivefs31092; C:\Windows\System32\DRIVERS\googledrivefs31092.sys [384600 2023-09-04] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
S3 HoYoProtect; C:\Windows\system32\HoYoKProtect.sys [3716608 2023-09-17] (Microsoft Windows Hardware Compatibility Publisher -> miHoYo)
R3 logi_joy_bus_enum; C:\Windows\system32\drivers\logi_joy_bus_enum.sys [44880 2023-09-10] (Logitech Inc -> Logitech)
S3 logi_joy_vir_hid; C:\Windows\system32\drivers\logi_joy_vir_hid.sys [32080 2023-09-10] (Logitech Inc -> Logitech)
R3 logi_joy_xlcore; C:\Windows\system32\drivers\logi_joy_xlcore.sys [73040 2023-09-10] (Logitech Inc -> Logitech)
R1 MSIO; C:\Windows\system32\drivers\MsIo64.sys [19000 2023-04-05] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd)
S4 RsFx0600; C:\Windows\System32\DRIVERS\RsFx0600.sys [286976 2019-09-24] (Microsoft Corporation -> Microsoft Corporation)
R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [21460800 2023-09-24] (Riot Games, Inc. -> Riot Games, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [55856 2023-10-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [572712 2023-10-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105872 2023-10-04] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-10-12 19:25 - 2023-10-12 19:25 - 000035138 _____ C:\Users\Meltis\Downloads\FRST.txt
2023-10-12 04:27 - 2023-10-12 04:27 - 022518409 _____ C:\Users\Meltis\Downloads\jingliualt_3e6f6.rar
2023-10-11 19:18 - 2023-10-11 19:18 - 150669300 _____ C:\Users\Meltis\Downloads\succubus3.rar
2023-10-11 17:49 - 2023-10-11 17:49 - 000000270 _____ C:\Users\Meltis\Desktop\eset.txt
2023-10-11 08:01 - 2023-10-12 19:23 - 000000000 ____D C:\Users\Meltis\AppData\Local\ESET
2023-10-11 08:01 - 2023-10-11 08:01 - 000001383 _____ C:\Users\Meltis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2023-10-11 08:01 - 2023-10-11 08:01 - 000001277 _____ C:\Users\Meltis\Desktop\ESET Online Scanner.lnk
2023-10-11 08:00 - 2023-10-11 08:00 - 015274968 _____ (ESET) C:\Users\Meltis\Desktop\esetonlinescanner.exe
2023-10-11 07:32 - 2023-10-11 07:32 - 002383360 _____ (Farbar) C:\Users\Meltis\Downloads\FRST64.exe
2023-10-11 04:19 - 2023-10-12 19:25 - 000000000 ____D C:\FRST
2023-10-11 03:17 - 2023-10-11 07:33 - 137625600 _____ C:\Windows\system32\config\SOFTWARE
2023-10-11 03:17 - 2023-10-11 03:17 - 000000000 ____D C:\Windows\Microsoft Antimalware
2023-10-11 01:26 - 2023-10-11 01:26 - 000000000 ____D C:\Users\Meltis\Desktop\New folder
2023-10-11 01:25 - 2023-10-11 01:25 - 002969821 _____ C:\Users\Meltis\Desktop\Autoruns.zip
2023-10-11 01:04 - 2023-10-11 01:04 - 000000000 _____ C:\Windows\system32\setup4.2.6.tmp
2023-10-11 01:01 - 2023-10-11 01:01 - 000000000 ____D C:\Users\Meltis\AppData\Local\Intel
2023-10-10 17:53 - 2023-10-10 17:53 - 000000000 ___HD C:\$WinREAgent
2023-10-10 03:50 - 2023-10-11 03:34 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-10-10 03:50 - 2023-10-11 01:18 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-10-10 03:50 - 2023-10-11 01:18 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-10-10 03:50 - 2023-10-11 01:12 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-10-10 03:50 - 2023-10-10 03:50 - 000002038 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk
2023-10-10 03:50 - 2023-10-10 03:50 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2023-10-10 03:50 - 2023-10-10 03:50 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\Mozilla
2023-10-10 03:50 - 2023-10-10 03:50 - 000000000 ____D C:\Users\Meltis\AppData\Local\Mozilla
2023-10-09 23:25 - 2023-10-09 23:25 - 071250061 _____ C:\Users\Meltis\Downloads\tingyun h.7z
2023-10-09 14:28 - 2023-10-09 14:28 - 000000000 ____D C:\Users\Meltis\AppData\LocalLow\illusion_Koikatu
2023-10-08 17:23 - 2023-10-08 17:24 - 000000000 ____D C:\Users\Meltis\AppData\Local\Roblox
2023-10-08 17:23 - 2023-10-08 17:23 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2023-10-08 02:48 - 2023-10-08 02:48 - 005706790 _____ C:\Users\Meltis\Downloads\barbarasummertimebikinimod_578bc.rar
2023-10-08 01:07 - 2023-10-08 01:07 - 000000000 ____D C:\Users\Meltis\AppData\LocalLow\Adobe
2023-10-08 01:02 - 2023-10-08 01:02 - 000000000 ____D C:\Users\Meltis\AppData\Local\Adobe
2023-10-07 19:30 - 2023-10-07 19:30 - 000000000 ____D C:\Games
2023-10-07 17:49 - 2023-10-07 17:55 - 000000000 ____D C:\Users\Meltis\Downloads\Koikatsu HF Patch v3.22
2023-10-07 17:31 - 2023-10-07 17:31 - 000000000 ____D C:\Users\Meltis\AppData\Local\https___github.com_Illusi
2023-10-07 16:59 - 2023-10-07 16:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2023-10-07 16:59 - 2023-10-07 16:59 - 000000000 ____D C:\Program Files\7-Zip
2023-10-07 16:49 - 2023-10-07 16:49 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\.mono
2023-10-07 16:36 - 2023-10-07 16:36 - 000000000 ____D C:\Users\Meltis\AppData\LocalLow\illusion__Koikatu
2023-10-07 16:18 - 2023-10-07 16:18 - 000000769 _____ C:\Users\Meltis\AppData\Local\recently-used.xbel
2023-10-07 16:13 - 2023-10-07 16:34 - 000000000 ____D C:\Users\Meltis\Downloads\Koikatsu
2023-10-07 15:27 - 2023-10-11 20:58 - 000000000 ____D C:\Users\Meltis\AppData\Local\CrashDumps
2023-10-07 15:25 - 2023-10-08 03:05 - 000000000 ____D C:\Windows\system32\Tasks\MEGA
2023-10-07 15:25 - 2023-10-07 21:09 - 000000000 ____D C:\Users\Meltis\Documents\MEGAsync Downloads
2023-10-07 15:25 - 2023-10-07 15:25 - 000000000 ____D C:\Users\Meltis\AppData\Local\Mega Limited
2023-10-07 15:23 - 2023-10-07 15:35 - 000000000 ____D C:\ProgramData\ULSMVX
2023-10-07 15:23 - 2023-10-07 15:27 - 000000000 ____D C:\ProgramData\ULSILS
2023-10-07 15:22 - 2023-10-08 03:28 - 000000000 ____D C:\ProgramData\ULSDAT
2023-10-07 15:22 - 2023-10-08 03:28 - 000000000 ____D C:\Program Files (x86)\ulsdb
2023-10-07 15:22 - 2023-10-07 15:22 - 000003120 _____ C:\Windows\SysWOW64\Y7IHIHFC.ocx
2023-10-07 15:22 - 2023-10-07 15:22 - 000003120 _____ C:\Windows\SysWOW64\AJHFCHET.ocx
2023-10-07 15:22 - 2023-10-07 15:22 - 000003120 _____ C:\Windows\9Q487DGI.ocx
2023-10-07 15:22 - 2023-10-07 15:22 - 000003120 _____ C:\Windows\9HVFAI45.ocx
2023-10-07 15:21 - 2023-10-08 03:28 - 000000000 ____D C:\Program Files (x86)\ULS
2023-10-07 15:18 - 2023-10-07 16:18 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\inkscape
2023-10-07 15:18 - 2023-10-07 15:24 - 000000000 ____D C:\Users\Meltis\.dbus-keyrings
2023-10-07 15:18 - 2023-10-07 15:18 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Inkscape
2023-10-07 15:18 - 2023-10-07 15:18 - 000000000 ____D C:\Users\Meltis\AppData\Local\gtk-3.0
2023-10-07 15:18 - 2023-10-07 15:18 - 000000000 ____D C:\Users\Meltis\AppData\Local\fontconfig
2023-10-07 15:17 - 2023-10-07 15:18 - 000000000 ____D C:\Program Files\Inkscape
2023-10-07 14:42 - 2023-10-07 14:42 - 030829469 _____ C:\Users\Meltis\Downloads\2023-September② 信浓_Shinano_しなの(swimsuit).zip
2023-10-06 15:07 - 2023-10-06 15:07 - 000000000 ____D C:\Users\Meltis\Documents\My Palettes
2023-10-06 15:07 - 2023-10-06 15:07 - 000000000 ____D C:\Users\Meltis\Documents\Corel
2023-10-06 15:07 - 2023-10-06 15:07 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\Corel
2023-10-06 15:07 - 2023-10-06 15:07 - 000000000 ____D C:\ProgramData\Protexis64
2023-10-06 15:05 - 2023-10-06 15:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X7 (64-bit)
2023-10-06 15:05 - 2023-10-06 15:05 - 000000000 ____D C:\Users\Public\Documents\Corel
2023-10-06 15:05 - 2023-10-06 15:05 - 000000000 ____D C:\Program Files\Corel
2023-10-06 15:05 - 2023-10-06 15:05 - 000000000 ____D C:\Program Files\Common Files\Protexis
2023-10-06 15:01 - 2023-10-06 15:05 - 000000000 ____D C:\ProgramData\Corel
2023-10-06 14:45 - 2023-10-06 15:07 - 000000000 ____D C:\ProgramData\CorelDRAW Graphics Suite X7 x64
2023-10-06 14:45 - 2023-10-06 14:45 - 000000000 ____D C:\Program Files\Common Files\Corel
2023-10-05 22:26 - 2023-10-05 22:26 - 000000000 ____D C:\ProgramData\PLUG
2023-10-05 18:26 - 2023-10-05 18:26 - 000000000 ____D C:\Program Files\RUXIM
2023-10-04 18:46 - 2023-10-04 18:46 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\Goldberg SteamEmu Saves
2023-10-04 18:46 - 2023-10-04 18:46 - 000000000 ____D C:\Users\Meltis\AppData\LocalLow\Dieselmine
2023-10-04 17:57 - 2023-08-14 12:13 - 005334952 _____ (Intel Corporation) C:\Windows\system32\Drivers\Netwtw12.sys
2023-10-04 17:57 - 2023-08-14 12:13 - 001475496 _____ (Intel Corporation) C:\Windows\system32\IntelIHVRouter12.dll
2023-10-03 23:56 - 2023-10-03 23:56 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2023-10-03 02:12 - 2023-10-03 02:13 - 000001866 _____ C:\Users\Meltis\Desktop\GenshinImpact - Shortcut.lnk
2023-10-01 16:36 - 2023-10-11 21:05 - 001869904 _____ (ANTICHEATEXPERT.COM) C:\Windows\system32\Drivers\ACE-BASE.sys
2023-10-01 16:36 - 2023-10-01 16:36 - 000000000 ____D C:\Users\Meltis\AppData\LocalLow\Cognosphere
2023-10-01 15:28 - 2023-10-01 15:28 - 000000000 ____D C:\Users\Meltis\AppData\LocalLow\miHoYo
2023-09-28 01:46 - 2023-09-28 01:46 - 000000000 ____D C:\Users\Meltis\Documents\My Games
2023-09-28 01:26 - 2023-09-28 01:26 - 000000000 ____D C:\Users\Meltis\Documents\Steam Cloud
2023-09-28 01:26 - 2023-09-28 01:26 - 000000000 ____D C:\Users\Meltis\AppData\LocalLow\HoloCure
2023-09-28 01:26 - 2023-09-28 01:26 - 000000000 ____D C:\Users\Meltis\AppData\Local\HoloCure
2023-09-27 22:39 - 2023-10-09 00:29 - 000000000 ____D C:\osu!
2023-09-27 22:39 - 2023-09-27 22:39 - 000000611 _____ C:\Users\Meltis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\osu!.lnk
2023-09-27 22:00 - 2023-09-27 22:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CLIP STUDIO
2023-09-27 22:00 - 2023-09-27 22:00 - 000000000 ____D C:\ProgramData\CELSYS
2023-09-27 22:00 - 2023-09-27 22:00 - 000000000 ____D C:\Program Files\CELSYS
2023-09-27 21:57 - 2023-09-27 21:58 - 000000000 ____D C:\Users\Meltis\AppData\Local\TempSWBackupDirectory
2023-09-27 21:57 - 2023-09-27 21:57 - 000000000 ____D C:\Users\Meltis\Documents\SOLIDWORKSComposer
2023-09-27 21:56 - 2023-09-27 21:57 - 000000000 ____D C:\Users\Meltis\AppData\Local\SolidWorks
2023-09-27 21:56 - 2023-09-27 21:56 - 000000000 ____D C:\ProgramData\FLEXnet
2023-09-27 21:38 - 2023-09-27 21:38 - 000000000 ____D C:\ProgramData\Simpoe
2023-09-27 21:38 - 2023-09-27 21:38 - 000000000 ____D C:\ProgramData\COSMOS Applications
2023-09-27 21:35 - 2023-09-28 17:42 - 000000432 _____ C:\Windows\Tasks\SOLIDWORKS Electrical Archiver.job
2023-09-27 21:35 - 2023-09-27 21:35 - 000003250 _____ C:\Windows\system32\Tasks\SOLIDWORKS Electrical Archiver
2023-09-27 21:35 - 2023-09-27 21:35 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\help_images_otherUI
2023-09-27 21:35 - 2023-09-27 21:35 - 000000000 ____D C:\ProgramData\Dassault Systemes
2023-09-27 21:35 - 2023-09-27 21:35 - 000000000 _____ C:\Windows\eDrawingOfficeAutomator.INI
2023-09-27 21:34 - 2023-09-27 21:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOLIDWORKS Tools 2022
2023-09-27 21:34 - 2023-09-27 21:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOLIDWORKS 2022
2023-09-27 21:33 - 2023-09-27 21:57 - 000000000 ____D C:\ProgramData\SOLIDWORKS
2023-09-27 21:33 - 2023-09-27 21:38 - 000000000 ____D C:\ProgramData\regid.1995-09.com.solidworks
2023-09-27 21:33 - 2023-09-27 21:38 - 000000000 ____D C:\Program Files\SOLIDWORKS Corp
2023-09-27 21:33 - 2023-09-27 21:38 - 000000000 ____D C:\Program Files\Common Files\SOLIDWORKS Shared
2023-09-27 21:33 - 2023-09-27 21:33 - 000000000 ____D C:\Users\Public\Documents\SOLIDWORKS
2023-09-27 21:33 - 2023-09-27 21:33 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2023-09-27 21:32 - 2023-09-27 21:32 - 000000000 ____D C:\Windows\system32\RsFx
2023-09-27 21:32 - 2023-09-27 21:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2023-09-27 21:32 - 2023-09-27 21:32 - 000000000 ____D C:\Program Files\Microsoft Visual Studio 10.0
2023-09-27 21:32 - 2023-09-27 21:32 - 000000000 ____D C:\Program Files\Common Files\Macrovision Shared
2023-09-27 21:32 - 2023-09-27 21:32 - 000000000 ____D C:\Program Files (x86)\Windows Kits
2023-09-27 21:31 - 2023-09-27 21:32 - 000000000 ____D C:\Windows\SysWOW64\1033
2023-09-27 21:31 - 2023-09-27 21:32 - 000000000 ____D C:\Windows\system32\1033
2023-09-27 21:31 - 2023-09-27 21:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2019
2023-09-27 21:31 - 2023-09-27 21:32 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2023-09-27 21:31 - 2023-09-27 21:32 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2023-09-27 21:31 - 2023-09-27 21:31 - 000000000 ____D C:\ProgramData\Apple
2023-09-27 21:31 - 2023-09-27 21:31 - 000000000 ____D C:\Program Files\Bonjour
2023-09-27 21:31 - 2023-09-27 21:31 - 000000000 ____D C:\Program Files (x86)\Bonjour
2023-09-27 21:24 - 2023-09-27 21:35 - 000000000 ____D C:\ProgramData\SOLIDWORKS Electrical
2023-09-27 21:24 - 2023-09-27 21:34 - 000000000 ____D C:\SOLIDWORKS Data
2023-09-26 21:42 - 2023-10-03 17:29 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\SOLIDWORKS
2023-09-26 21:42 - 2023-09-27 21:30 - 000000000 ____D C:\Windows\SolidWorks
2023-09-26 21:42 - 2023-09-27 21:24 - 000000000 ____D C:\Users\Meltis\Documents\SOLIDWORKS Downloads
2023-09-26 20:23 - 2023-09-26 20:23 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2023-09-26 07:29 - 2023-09-26 07:29 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\Microsoft\Web Server Extensions
2023-09-26 01:36 - 2023-09-26 01:36 - 000000000 ____D C:\Users\Meltis\Documents\Custom Office Templates
2023-09-25 17:24 - 2023-09-25 17:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2023-09-25 17:24 - 2023-09-25 17:24 - 000000000 ____D C:\Program Files\LGHUB
2023-09-24 22:54 - 2023-09-24 22:54 - 000000000 ____D C:\Users\Meltis\AppData\Local\VALORANT

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-10-12 19:25 - 2023-09-04 11:57 - 000000000 ____D C:\Program Files (x86)\Steam
2023-10-12 19:25 - 2023-09-04 11:25 - 181553176 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2023-10-12 19:25 - 2023-09-04 11:25 - 000000000 ____D C:\Windows\system32\MRT
2023-10-12 19:25 - 2023-09-04 07:30 - 000000000 ____D C:\Program Files (x86)\Google
2023-10-12 19:25 - 2023-09-03 16:30 - 000000000 ____D C:\Program Files\ASUS
2023-10-12 19:25 - 2023-05-05 06:27 - 000000000 ____D C:\Windows\SystemTemp
2023-10-12 19:24 - 2023-09-10 23:24 - 000000000 ___RD C:\Users\Meltis\OneDrive - University of Calgary
2023-10-12 19:24 - 2023-09-04 11:51 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\discord
2023-10-12 19:24 - 2023-09-04 11:51 - 000000000 ____D C:\Users\Meltis\AppData\Local\Discord
2023-10-12 19:24 - 2023-09-04 06:32 - 000000000 ___SD C:\Users\Meltis\AppData\Roaming\Microsoft\Credentials
2023-10-12 19:23 - 2023-09-10 23:38 - 000000001 _____ C:\Windows\vgkbootstatus.dat
2023-10-12 19:23 - 2023-09-04 06:35 - 000000000 ___RD C:\Users\Meltis\OneDrive
2023-10-12 19:23 - 2023-09-04 06:28 - 000891752 _____ () C:\Windows\system32\wpbbin.exe
2023-10-12 19:23 - 2023-09-04 06:28 - 000840144 _____ C:\Windows\system32\AsusUpdateCheck.exe
2023-10-12 19:23 - 2023-09-04 06:28 - 000008192 ___SH C:\DumpStack.log.tmp
2023-10-12 19:23 - 2023-09-04 06:28 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-10-12 19:23 - 2023-09-04 06:28 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-10-12 19:23 - 2023-09-03 16:34 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\asus_framework
2023-10-12 19:23 - 2023-09-03 16:32 - 000000000 ____D C:\ProgramData\NVIDIA
2023-10-12 19:23 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-10-12 04:56 - 2023-09-11 21:20 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\Microsoft\Teams
2023-10-12 02:49 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\AppReadiness
2023-10-11 21:04 - 2023-09-10 23:22 - 000000000 ____D C:\Program Files\Star Rail
2023-10-11 19:56 - 2023-09-10 23:20 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\Microsoft\Word
2023-10-11 19:55 - 2023-09-04 06:32 - 000000000 __RHD C:\Users\Public\AccountPictures
2023-10-11 15:44 - 2023-09-04 11:58 - 000002166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2023-10-11 08:06 - 2023-09-10 22:40 - 000576202 _____ C:\Windows\system32\perfh011.dat
2023-10-11 08:06 - 2023-09-10 22:40 - 000173282 _____ C:\Windows\system32\perfc011.dat
2023-10-11 08:06 - 2023-09-04 06:35 - 001706542 _____ C:\Windows\system32\PerfStringBackup.INI
2023-10-11 08:06 - 2019-12-07 03:13 - 000000000 ____D C:\Windows\INF
2023-10-11 07:47 - 2023-09-10 21:42 - 000000000 ____D C:\Program Files\Genshin Impact
2023-10-11 07:45 - 2023-09-04 12:05 - 000000000 ____D C:\Users\Meltis\Desktop\Stuff
2023-10-11 07:33 - 2023-09-03 16:30 - 000000000 ____D C:\Windows\system32\Tasks\ASUS
2023-10-11 07:33 - 2019-12-07 03:03 - 000524288 _____ C:\Windows\system32\config\BBI
2023-10-11 01:30 - 2023-09-04 07:27 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\Microsoft\MMC
2023-10-10 04:23 - 2023-09-04 12:09 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\NexonLauncher
2023-10-10 03:35 - 2019-12-07 03:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-10-09 13:50 - 2023-09-10 21:43 - 000000000 ____D C:\Users\Meltis\AppData\Local\HoYoverse
2023-10-09 13:44 - 2023-09-03 16:28 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-10-09 03:15 - 2023-09-10 22:50 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\vlc
2023-10-08 22:42 - 2023-09-04 06:33 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\Microsoft\Spelling
2023-10-08 03:28 - 2019-12-07 03:14 - 000000153 _____ C:\Windows\win.ini
2023-10-08 01:02 - 2023-09-04 06:32 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\Adobe
2023-10-07 23:53 - 2023-09-04 06:28 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-10-07 15:23 - 2023-09-11 21:20 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2023-10-07 15:23 - 2023-09-04 06:32 - 000000000 ____D C:\Users\Meltis\AppData\Local\VirtualStore
2023-10-07 15:23 - 2023-09-04 06:28 - 001866688 _____ C:\Windows\system32\FNTCACHE.DAT
2023-10-07 15:18 - 2023-09-04 06:31 - 000000000 ____D C:\Users\Meltis
2023-10-07 13:49 - 2023-09-10 21:46 - 000000000 ____D C:\Users\Meltis\Desktop\School
2023-10-06 16:01 - 2023-09-11 21:20 - 000002373 _____ C:\Users\Meltis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2023-10-06 15:08 - 2023-09-10 23:06 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2023-10-06 15:08 - 2023-09-10 23:06 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-10-06 15:08 - 2023-09-03 16:39 - 000003596 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3320682118-2640290401-2509692745-1001
2023-10-06 15:06 - 2023-09-03 16:30 - 000000000 ____D C:\ProgramData\Package Cache
2023-10-04 18:05 - 2023-09-04 06:28 - 000000000 ____D C:\Windows\system32\Drivers\wd
2023-10-04 17:54 - 2023-09-10 22:21 - 000000000 ____D C:\Program Files\Riot Vanguard
2023-10-03 23:56 - 2023-09-10 23:02 - 000000000 ____D C:\Program Files\Microsoft Office
2023-10-01 16:40 - 2023-09-03 16:30 - 000000000 ____D C:\Users\Meltis\AppData\Local\D3DSCache
2023-09-27 22:17 - 2023-09-10 23:20 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\Microsoft\Office
2023-09-27 22:00 - 2023-09-03 16:30 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2023-09-27 21:32 - 2023-09-04 06:28 - 000000000 ____D C:\Windows\ServiceProfiles
2023-09-27 21:32 - 2019-12-07 03:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2023-09-26 22:14 - 2023-09-10 22:39 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\Microsoft\InputMethod
2023-09-26 19:56 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\Cursors
2023-09-26 01:36 - 2023-09-10 22:31 - 000000000 ____D C:\Users\Meltis\AppData\Local\LGHUB
2023-09-25 18:32 - 2023-09-10 23:20 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\Microsoft\UProof
2023-09-25 17:32 - 2023-09-10 22:31 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\G HUB
2023-09-25 17:31 - 2023-09-10 22:31 - 000000000 ____D C:\Users\Meltis\AppData\Roaming\lghub
2023-09-24 23:28 - 2023-09-10 23:04 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2023-09-24 23:28 - 2023-09-10 23:04 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2023-09-24 23:28 - 2023-09-10 23:04 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2023-09-24 23:28 - 2023-09-10 23:04 - 000002414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2023-09-24 23:28 - 2023-09-10 23:04 - 000002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2023-09-24 23:28 - 2023-09-10 23:04 - 000002393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2023-09-24 23:28 - 2023-09-10 22:21 - 000000000 ____D C:\ProgramData\Riot Games
2023-09-24 23:28 - 2023-09-10 21:56 - 000001747 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk
2023-09-24 23:28 - 2023-09-06 17:48 - 000000016 _____ C:\ProgramData\mntemp
2023-09-24 22:54 - 2023-09-10 23:04 - 000002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2023-09-24 22:54 - 2023-09-10 22:21 - 000000000 ____D C:\Users\Meltis\AppData\Local\Riot Games
2023-09-24 13:23 - 2023-09-04 06:32 - 000000000 ____D C:\Users\Meltis\AppData\Local\Packages
2023-09-24 13:22 - 2023-09-04 06:32 - 000000000 ____D C:\ProgramData\Packages
2023-09-23 17:38 - 2023-09-04 07:30 - 000003790 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{B6E74B6A-F7EE-446B-96E5-0F2665CFDDF9}
2023-09-23 17:38 - 2023-09-04 07:30 - 000003666 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{DB4144DA-7501-4611-A5E6-0EE892CD924F}
2023-09-15 02:25 - 2019-12-07 03:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-09-15 00:18 - 2019-12-07 03:14 - 000000000 ___RD C:\Windows\PrintDialog
2023-09-15 00:18 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2023-09-15 00:18 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\SystemResources
2023-09-15 00:18 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2023-09-15 00:18 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\system32\oobe
2023-09-15 00:18 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\system32\appraiser
2023-09-15 00:18 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\ShellExperiences
2023-09-15 00:18 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2023-09-15 00:18 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\bcastdvr
2023-09-14 22:57 - 2019-12-07 03:03 - 000000000 ____D C:\Windows\CbsTemp
2023-09-14 22:55 - 2023-09-04 06:31 - 003014144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll

==================== Files in the root of some directories ========

2023-10-07 16:18 - 2023-10-07 16:18 - 000000769 _____ () C:\Users\Meltis\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2023
Ran by Meltis (12-10-2023 19:26:08)
Running from C:\Users\Meltis\Downloads
Microsoft Windows 10 Home Version 22H2 19045.3448 (X64) (2023-09-04 12:29:25)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3320682118-2640290401-2509692745-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3320682118-2640290401-2509692745-503 - Limited - Disabled)
Guest (S-1-5-21-3320682118-2640290401-2509692745-501 - Limited - Disabled)
Meltis (S-1-5-21-3320682118-2640290401-2509692745-1001 - Administrator - Enabled) => C:\Users\Meltis
WDAGUtilityAccount (S-1-5-21-3320682118-2640290401-2509692745-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DEXPERIENCE Marketplace for SOLIDWORKS (HKLM\...\{0060450C-5B44-424B-BD42-559F2A5D820A}) (Version: 6.31.4016 - Dassault Systemes SolidWorks Corp)
7-Zip 23.01 (x64) (HKLM\...\7-Zip) (Version: 23.01 - Igor Pavlov)
AniMe Matrix MB EN (HKLM\...\{399B6DA7-B609-426E-95F8-B9A83FB7D06E}) (Version: 1.0.1 - ASUS)
ARMOURY CRATE Lite Service (HKLM\...\{EF3944FF-2501-4568-B15C-5701E726719E}) (Version: 5.6.10 - ASUS)
ASUS AIOFan HAL (HKLM\...\{EAE80DED-1A39-41C5-9F60-87CC947F6454}) (Version: 1.2.7.0 - ASUSTek COMPUTER INC.) Hidden
ASUS AIOFan HAL (HKLM-x32\...\{3ffa1d70-3db5-45b0-b2f5-a03caabf1f59}) (Version: 1.2.7.0 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA Extension Card HAL (HKLM\...\{237E1CAC-1708-4940-AC34-DF15C079AB70}) (Version: 1.1.0.20 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Extension Card HAL (HKLM-x32\...\{49c4358d-054e-4cf1-9ec1-dca3487f304a}) (Version: 1.1.0.20 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Motherboard HAL (HKLM\...\{4EBEAC95-76BC-46A8-8644-6E2F1C87CF70}) (Version: 1.3.9.5 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Motherboard HAL (HKLM-x32\...\{a51a52ef-375e-4963-8736-c98fae7373c4}) (Version: 1.3.9.5 - ASUSTeK COMPUTER INC.) Hidden
ASUS Aura SDK (HKLM\...\{CF8E6E00-9C03-4440-81C0-21FACB921A6B}) (Version: 3.04.32 - ASUSTek COMPUTER INC.) Hidden
ASUS Framework Service (HKLM-x32\...\{339A6383-7862-46DA-8A9D-E84180EF9424}) (Version: 4.0.1.3 - ASUSTeK Computer Inc.)
ASUS Motherboard (HKLM-x32\...\{93795eb8-bd86-4d4d-ab27-ff80f9467b37}) (Version: 4.01.16 - ASUSTek Computer Inc.)
ASUS Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.107.103 - ASUSTeK Computer Inc.) Hidden
AURA DRAM Component (HKLM\...\{6FB66775-BB93-4D0A-9871-4CC9B2E87BF3}) (Version: 1.1.23 - ASUS) Hidden
AURA DRAM Component (HKLM-x32\...\{179f415f-2ff3-4db1-bcc1-d5730f746db8}) (Version: 1.1.23 - ASUS) Hidden
AURA lighting effect add-on (HKLM-x32\...\{1E2EA04B-FCA7-457E-B6F4-F33E1858E859}) (Version: 0.0.36 - ASUS)
AURA lighting effect add-on x64 (HKLM\...\{C5A4A164-4428-4931-B728-96EEF0FA3C44}) (Version: 0.0.36 - ASUS)
AURA Service (HKLM-x32\...\{56EEEF7D-0AE3-401A-898B-581719D005AE}) (Version: 3.07.17 - ASUSTeK Computer Inc.) Hidden
AURA Service (HKLM-x32\...\{be345e17-83f7-4b5f-b533-6f975b9a8180}) (Version: 3.07.17 - ASUSTeK Computer Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Browser for SQL Server 2019 (HKLM-x32\...\{5E366957-8D78-4BB5-A790-96F97A9766BD}) (Version: 15.0.2000.5 - Microsoft Corporation)
CLIP STUDIO 2.0.6 (HKLM-x32\...\{49274EB8-4598-47E6-8039-9BB7CE07627E}) (Version: 2.0.6 - CELSYS)
CLIP STUDIO PAINT 2.0.6 (HKLM-x32\...\{1E4572D2-28BC-4BC9-B743-13DC6CFD71DB}) (Version: 2.0.6 - CELSYS)
Corel Graphics - Windows Shell Extension (HKLM\...\_{4DC318F5-1640-4417-A218-912ED9905FAA}) (Version: 17.1.0.572 - Corel Corporation)
Corel Graphics - Windows Shell Extension (HKLM\...\{4DC318F5-1640-4417-A218-912ED9905FAA}) (Version: 17.1.572 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (HKLM\...\{3B4AE1A9-C026-4D08-8004-DA9A85A411A4}) (Version: 17.1.572 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (x64) (HKLM\...\{EF44BCCD-13F9-4974-862C-CCFAF43EE082}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM T (x64) (HKLM\...\{13179AB2-69FD-459B-800F-81865A501AD4}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (x64) (HKLM\...\{D63404AC-C2F1-4B3D-96EA-9727AC9D994C}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.1.0.572 - Corel Corporation)
Discord (HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\Discord) (Version: 1.0.9016 - Discord Inc.)
Docs (HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\0466baf74d06619d400b14f5a47a2666) (Version: 1.0 - Google\Chrome)
Docs (HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\c12bd7c3b812fcf14e8b345ea6b7eb14) (Version: 1.0 - Google\Chrome)
Docs (HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\e9dc0c2bac37cca7a7f9b1cfddd1fefb) (Version: 1.0 - Google\Chrome)
ENE RGB HAL (HKLM\...\{E050E98C-5524-4AFB-9E53-97700BEF2C02}) (Version: 1.1.43.1 - Ene Tech.) Hidden
ENE RGB HAL (HKLM-x32\...\{eb2aaa1d-e416-485a-b3a3-312289fbb33d}) (Version: 1.1.43.1 - Ene Tech.) Hidden
ENE_EHD_M2_HAL (HKLM\...\{37A48B7F-D4EA-4863-844E-A284E2AA3C5D}) (Version: 1.0.10.3 - ENE TECHNOLOGY INC.) Hidden
ENE_EHD_M2_HAL (HKLM-x32\...\{79e8502b-eaf7-4831-b53d-2da128540d16}) (Version: 1.0.10.3 - ENE TECHNOLOGY INC.) Hidden
Equalizer APO (HKLM\...\EqualizerAPO) (Version: 1.3 - )
GameSDK Service (HKLM-x32\...\{021d69c3-d686-4a94-8fb5-fd1ee782fb14}) (Version: 1.0.5.0 - ASUSTek COMPUTER INC.)
GameSDK Service (HKLM-x32\...\{7160DA8D-3F25-4F6E-ABC8-F693551D82FA}) (Version: 1.0.5.0 - ASUSTek COMPUTER INC.) Hidden
Genshin Impact (HKLM\...\Genshin Impact) (Version: 2.29.0.1 - COGNOSPHERE PTE. LTD.)
Gmail (HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\33ccc2a829a5135751f02db5d5a2651d) (Version: 1.0 - Google\Chrome)
Gmail (HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\4da2a2a59d63f4e919596d123b83840b) (Version: 1.0 - Google\Chrome)
Gmail (HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\56b68f2530fd56e806d8aec415d9736d) (Version: 1.0 - Google\Chrome)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 117.0.5938.150 - Google LLC)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 82.0.1.0 - Google LLC)
Google Drive (HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\4a30e48e747a2b2dfc9355ae73f6109e) (Version: 1.0 - Google\Chrome)
Google Drive (HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\4beab8c92841602ed485b55ea5153bc2) (Version: 1.0 - Google\Chrome)
Google Drive (HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\eafed3534a9e7930f3055bf7a93b005d) (Version: 1.0 - Google\Chrome)
Inkscape (HKLM\...\{2C69A8D5-2E44-4F99-BD5E-08536B52F1DA}) (Version: 1.3.0 - Inkscape)
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Kingston AURA DRAM Component (HKLM\...\{965CDF5F-901C-476F-B3A8-7396701B1129}) (Version: 1.1.19 - KINGSTON COMPONENTS INC.) Hidden
Kingston AURA DRAM Component (HKLM-x32\...\{33f6b854-2612-4216-ac10-ab6bf158ce06}) (Version: 1.1.19 - KINGSTON COMPONENTS INC.) Hidden
Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: 2023.8.459147 - Logitech)
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.16827.20130 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 117.0.2045.60 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 117.0.2045.60 - Microsoft Corporation)
Microsoft ODBC Driver 17 for SQL Server (HKLM\...\{787F8536-654C-4DD4-AD3F-22B529F8F339}) (Version: 17.4.0.1 - Microsoft Corporation)
Microsoft OLE DB Driver for SQL Server (HKLM\...\{9AA0AFFA-EDB6-4B66-9FD7-BBC828D88B47}) (Version: 18.2.3.0 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 23.199.0924.0001 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{9D93D367-A2CC-4378-BD63-79EF3FE76C78}) (Version: 11.4.7462.6 - Microsoft Corporation)
Microsoft SQL Server 2019 (64-bit) (HKLM\...\Microsoft SQL Server SQL2019) (Version: - Microsoft Corporation)
Microsoft SQL Server 2019 RsFx Driver (HKLM\...\{5825CDC4-4E99-4CF9-91FE-DB60C0E2F5EA}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
Microsoft SQL Server 2019 Setup (English) (HKLM\...\{17DCED0E-5B27-453A-B2B4-E487B869B28A}) (Version: 15.0.4013.40 - Microsoft Corporation)
Microsoft SQL Server 2019 T-SQL Language Service (HKLM\...\{31D27B41-A051-49D8-907A-62E0F4A2188C}) (Version: 15.0.2000.5 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\Teams) (Version: 1.6.00.26474 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{2953E19B-9F91-4A49-A23B-7E25970A1951}) (Version: 3.73.0.0 - Microsoft Corporation)
Microsoft Visual Basic for Applications 7.1 (x64) (HKLM\...\{07C0BFE1-3291-409C-B96A-797340719C8F}) (Version: 7.1.10.96 - Microsoft Corporation) Hidden
Microsoft Visual Basic for Applications 7.1 (x64) English (HKLM\...\{826216B1-0F04-409B-A33E-C6A004AA1097}) (Version: 7.1.10.96 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.30.30704 (HKLM-x32\...\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}) (Version: 14.30.30704.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.30.30704 (HKLM-x32\...\{4d8dcf8c-a72a-43e1-9833-c12724db736e}) (Version: 14.30.30704.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.30.30704 (HKLM\...\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}) (Version: 14.30.30704 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.30.30704 (HKLM\...\{662A0088-6FCD-45DD-9EA7-68674058AED5}) (Version: 14.30.30704 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.30.30704 (HKLM-x32\...\{BF08E976-B92E-4336-B56F-2171179476C4}) (Version: 14.30.30704 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.30.30704 (HKLM-x32\...\{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}) (Version: 14.30.30704 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 Finalizer (HKLM-x32\...\{5950473A-825B-3019-AF86-55F2F9A95FCB}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - Module linguistique Français (HKLM\...\{BA14C6F7-A633-3E88-831B-FCC197A5A17D}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - DEU-Sprachpaket (HKLM\...\{36B98E65-CA52-348C-9ED7-77B926A16C2D}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - Language Pack ITA (HKLM\...\{73A36613-1F8F-3D94-B28A-4CC0E3CAECB5}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - Paquete de idioma ESN (HKLM\...\{DDDF762A-2D1D-36A3-9B70-70BD62B4EDCF}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - 한국어 언어 팩 (HKLM\...\{2F884A17-E051-3DB7-B093-6274C98740F6}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - 日本語 Language Pack (HKLM\...\{73A64813-E631-3807-8E78-BA679EDA09A8}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support (HKLM\...\{5707EC26-AA9F-32C6-B7C1-347A3482CEC0}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 主控支援 - 繁體中文語言套件 (HKLM\...\{FB501A6E-CA6D-36DA-8860-17F0E6D89155}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 托管支持 - 简体中文语言包 (HKLM\...\{CD56C9B9-FB98-372B-8BC7-FDA312CD2511}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - DEU-Sprachpaket (HKLM-x32\...\{CAAC553D-EE02-32D2-9F7E-FBC5C22E4C08}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - Language Pack ITA (HKLM-x32\...\{B8FD8F53-7E58-3DE5-A8FC-CB2B5CCF38CE}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - Module linguistique Français (HKLM-x32\...\{3371699A-C1EF-3AC3-B094-D338191FA6E9}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - Paquete de idioma ESN (HKLM-x32\...\{A3EB1DE3-9D3F-34C2-BDE6-5A8A4B98CC37}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - 한국어 언어 팩 (HKLM-x32\...\{955E1388-E1F1-320A-A018-24616ED60F95}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - 日本語 Language Pack (HKLM-x32\...\{859C7535-6862-3867-B97E-816795E8AB65}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support (HKLM-x32\...\{CF06B8C4-F6FC-3A4B-ADD0-04A1CAC3DD86}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 主控支援 - 繁體中文語言套件 (HKLM-x32\...\{0FE6DE07-8CBA-3F73-86B4-51B91E506D24}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 托管支持 - 简体中文语言包 (HKLM-x32\...\{7259BDDA-D888-309D-ADE1-84AA0CB24FE9}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{ab213ab7-4792-4c6f-a3fa-8485d06c3475}) (Version: 14.0.23829 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 Finalizer (HKLM-x32\...\{F93E37BD-4053-37CA-A7BB-A5B74508006C}) (Version: 14.0.23829 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2015 x64 Hosting Support (HKLM\...\{A8C30947-7C1B-3A31-8FD8-CEC6D3357D34}) (Version: 14.0.23829 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2015 x86 Hosting Support (HKLM-x32\...\{11A9EF3E-6616-31B1-82BC-1080366FA34D}) (Version: 14.0.23829 - Microsoft Corporation) Hidden
Microsoft VSS Writer for SQL Server 2019 (HKLM\...\{2C33F4D4-E9A5-4DE1-ACFE-3A13464E6703}) (Version: 15.0.2000.5 - Microsoft Corporation)
Mozilla Firefox (x64 en-CA) (HKLM\...\Mozilla Firefox 118.0.2 (x64 en-CA)) (Version: 118.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 118.0.1 - Mozilla)
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 2.1.0 - Nexon)
NVIDIA Graphics Driver 536.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 536.23 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16827.20130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16827.20130 - Microsoft Corporation) Hidden
osu! (HKLM-x32\...\{c708e25e-b165-4f68-8a83-12a3bfbbc79b}) (Version: latest - ppy Pty Ltd)
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (HKLM\...\{E237254B-36A1-3D27-815E-B37C13BE0796}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM-x32\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Patriot Viper DRAM RGB (HKLM\...\{1F9C282E-CCB4-4D8E-A5CB-7B74DFCD8C95}) (Version: 1.0.9.7 - Patriot Memory) Hidden
Patriot Viper DRAM RGB (HKLM-x32\...\{1d74a898-7a92-484d-8f3b-e3b68dfb1264}) (Version: 1.0.9.7 - Patriot Memory) Hidden
Patriot Viper M2 SSD RGB (HKLM\...\{8B4C0A3D-C135-4E1F-98D8-3926494B4D61}) (Version: 1.1.0.3 - Patriot Memory) Hidden
Patriot Viper M2 SSD RGB (HKLM-x32\...\{6e0eff60-c502-43bb-8f56-360ca07e73d9}) (Version: 1.1.0.3 - Patriot Memory) Hidden
PHISON HAL (HKLM\...\{966E33F0-6786-4B38-AA29-C1B3F6C1955D}) (Version: 1.0.9.0 - PHISON Electronics Corp.) Hidden
PHISON HAL (HKLM-x32\...\{549da357-1b81-456b-83f2-dcc47c41dfff}) (Version: 1.0.9.0 - PHISON Electronics Corp.) Hidden
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.5.18 - Rainmeter)
Riot Client (HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\Riot Game Riot_Client.) (Version: - Riot Games, Inc)
Riot Vanguard (HKLM\...\Riot Vanguard) (Version: - Riot Games, Inc.)
Roblox Player for Meltis (HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\roblox-player) (Version: - Roblox Corporation)
ROG FAN XPERT 4 (HKLM-x32\...\{2dfe216d-3481-4684-ad4d-2566bd7cfe4f}) (Version: 4.01.10 - ASUSTek Computer Inc.)
ROG Live Service (HKLM\...\{2D87BFB6-C184-4A59-9BBE-3E20CE797631}) (Version: 2.1.5.0 - ASUSTek COMPUTER INC.)
ROGFontInstaller (HKLM\...\{605108C1-153E-43D8-8A67-7CE326B00ECA}) (Version: 1.0.0 - ASUS)
Sheets (HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\2d4bb304b2557e752a27ff26deb2e090) (Version: 1.0 - Google\Chrome)
Sheets (HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\6d6a52a80125537a865af9f393d0c833) (Version: 1.0 - Google\Chrome)
Sheets (HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\796796b7f19b16ce88becb6800a103fe) (Version: 1.0 - Google\Chrome)
Slides (HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\215d2d7718f391979e46ec64e7ff6efe) (Version: 1.0 - Google\Chrome)
Slides (HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\3dc1b461e1dcb8b5af90a269ae4a6152) (Version: 1.0 - Google\Chrome)
Slides (HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\ef4f2b6261b56f8ea99fde1d6c5772de) (Version: 1.0 - Google\Chrome)
SOLIDWORKS 2022 SP03.1 (HKLM\...\{26EA0056-4BAD-4F9E-BDCE-A72E25C7D06D}) (Version: 30.131.0002 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS 2022 SP03.1 (HKLM-x32\...\SolidWorks Installation Manager 20220-40301-1100-100) (Version: 30.3.1.2 - SolidWorks Corporation)
SOLIDWORKS CAM 2022 SP03.1 (HKLM\...\{46053718-2931-47EA-B678-6DF08370F2D4}) (Version: 30.31.0002 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS Composer 2022 SP03.1 (HKLM\...\{273E0863-61E6-4E82-A2FF-D28DB44D6471}) (Version: 30.31.0002 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS eDrawings 2022 SP03.1 (HKLM\...\{08A73D4E-3FD0-4242-B08F-A41D8969C5B4}) (Version: 30.30.0022 - Dassault Systèmes SolidWorks Corp) Hidden
SOLIDWORKS Electrical 2022 SP03.1 (HKLM\...\{6D7DBADA-7845-419A-BC99-6E5EE8DB01ED}) (Version: 30.31.0002 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS Flow Simulation 2022 SP03.1 (HKLM\...\{A9F14961-697D-455C-B48B-FCE9E22664A5}) (Version: 30.31.0003 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS Plastics 2022 SP03.1 (HKLM\...\{770F37F3-8897-4C37-B7F2-B1AA5FC825C7}) (Version: 30.31.0002 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS Visualize 2022 SP03.1 (HKLM\...\{54DF002F-CDCE-40B2-8E2A-E294333EE6EB}) (Version: 30.31.0002 - Dassault Systemes SolidWorks Corp) Hidden
SQL Server 2019 Batch Parser (HKLM\...\{D459615B-83B0-408F-8F39-6CC07C277BA6}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 Common Files (HKLM\...\{0FB552DD-543E-48E7-A6F4-2F8D82723C6A}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 Common Files (HKLM\...\{5E4344C9-8B97-4ED9-8760-57E221C240F4}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 Connection Info (HKLM\...\{99B940D5-1A49-4B6C-B26C-6A88B2C061CA}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 Connection Info (HKLM\...\{FD730873-33D1-4D1F-9AE0-E259586F8827}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 Database Engine Services (HKLM\...\{A60B3D8E-5311-4BF1-AF7A-D1AC15F9152E}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 Database Engine Services (HKLM\...\{E3E84B2C-FCF6-469F-9FE7-5E8934DB69AD}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 Database Engine Shared (HKLM\...\{619F0B6C-C802-422A-B4E5-294E61F68473}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 Database Engine Shared (HKLM\...\{DE5B7937-D5B5-4157-BC30-BB87F021CFF0}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 DMF (HKLM\...\{814D5077-C93F-42E2-B875-717007C186B9}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 DMF (HKLM\...\{FC8DC283-4A85-467F-8D0E-2FE4606DCCA1}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 Shared Management Objects (HKLM\...\{6213D6CB-D258-47A3-B1A0-EE1E5C080DCF}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 Shared Management Objects (HKLM\...\{A8581199-F913-443B-B058-8E8BF317E71C}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 Shared Management Objects Extensions (HKLM\...\{8DDAEBCA-4267-4E16-9FE0-D87F21D36891}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 Shared Management Objects Extensions (HKLM\...\{C7E6D4B7-CB10-4239-BA04-D9339B39D0BD}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 SQL Diagnostics (HKLM\...\{28ED6838-D8E5-454C-A813-12C5EB447CAB}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 XEvent (HKLM\...\{2129312E-5204-4F3A-9039-B6D34DBB00FB}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 XEvent (HKLM\...\{228C3DC2-695E-4FC7-87E4-6A9CE905DA9B}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
Star Rail (HKLM\...\Star Rail) (Version: 2.29.1.0 - COGNOSPHERE PTE. LTD.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.6.0.18681 - Microsoft Corporation)
Universal Holtek RGB DRAM (HKLM\...\{826388E4-E31F-4514-948B-3BB954FB3EAF}) (Version: 1.0.0.6 - PD) Hidden
Universal Holtek RGB DRAM (HKLM-x32\...\{82f9b0cd-20fe-4ed6-a632-ef6daefb3c0d}) (Version: 1.0.0.6 - PD) Hidden
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation)
VALORANT (HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\Riot Game valorant.live) (Version: - Riot Games, Inc)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.18 - VideoLAN)
WD_BLACK AN1500 (HKLM\...\{085E2365-0A70-4230-B664-02D5E4FE7E9C}) (Version: 1.0.14.0 - ENE TECHNOLOGY INC.) Hidden
WD_BLACK AN1500 (HKLM-x32\...\{e42c5874-37b0-4977-9e8d-70bf006e1f76}) (Version: 1.0.14.0 - ENE TECHNOLOGY INC.) Hidden
WinRAR 6.23 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.23.0 - win.rar GmbH)
WPTx64 (HKLM-x32\...\{0B2C58EB-67A2-225B-60B2-D1990E55DD33}) (Version: 8.100.26866 - Microsoft)
YouTube (HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\05b5eb0b1aaf7c60ba6e0b35697c226f) (Version: 1.0 - Google\Chrome)
YouTube (HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\81fc5300d37886d25f1a18a2fa4b12ab) (Version: 1.0 - Google\Chrome)
YouTube (HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\dbaef59c09478828575b963221f503a5) (Version: 1.0 - Google\Chrome)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (HKLM\...\{25FB53C5-BE4C-3B6C-A0C9-D49A39227E1E}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden

Packages:
=========
ARMOURY CRATE -> C:\Program Files\WindowsApps\B9ECED6F.ArmouryCrate_5.6.10.0_x64__qmba6cd70vzyy [2023-09-03] (ASUSTeK COMPUTER INC.)
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-09-06] (Microsoft Corporation)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-09-03] (NVIDIA Corp.)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.17.10050.0_x64__8wekyb3d8bbwe [2023-10-10] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0 [2023-09-30] (Spotify AB) [Startup Task]
Windows Package Manager Source (winget) -> C:\Program Files\WindowsApps\Microsoft.Winget.Source_2023.930.722.582_neutral__8wekyb3d8bbwe [2023-09-30] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3320682118-2640290401-2509692745-1001_Classes\CLSID\{04271989-C4D2-ECB1-D5D0-4110DBD6A6A3} -> [OneDrive - University of Calgary] => C:\Users\Meltis\OneDrive - University of Calgary [2023-09-10 23:24]
CustomCLSID: HKU\S-1-5-21-3320682118-2640290401-2509692745-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Meltis\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.23241.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3320682118-2640290401-2509692745-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\Meltis\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.199.0924.0001\FileSyncShell64.dll [2023-10-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.199.0924.0001\FileSyncShell64.dll [2023-10-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.199.0924.0001\FileSyncShell64.dll [2023-10-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.199.0924.0001\FileSyncShell64.dll [2023-10-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.199.0924.0001\FileSyncShell64.dll [2023-10-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.199.0924.0001\FileSyncShell64.dll [2023-10-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.199.0924.0001\FileSyncShell64.dll [2023-10-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\82.0.1.0\drivefsext.dll [2023-10-11] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\82.0.1.0\drivefsext.dll [2023-10-11] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\82.0.1.0\drivefsext.dll [2023-10-11] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\82.0.1.0\drivefsext.dll [2023-10-11] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.199.0924.0001\FileSyncShell64.dll [2023-10-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.199.0924.0001\FileSyncShell64.dll [2023-10-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.199.0924.0001\FileSyncShell64.dll [2023-10-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.199.0924.0001\FileSyncShell64.dll [2023-10-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.199.0924.0001\FileSyncShell64.dll [2023-10-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.199.0924.0001\FileSyncShell64.dll [2023-10-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.199.0924.0001\FileSyncShell64.dll [2023-10-06] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.199.0924.0001\FileSyncShell64.dll [2023-10-06] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\82.0.1.0\drivefsext.dll [2023-10-11] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2023-08-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2023-08-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.199.0924.0001\FileSyncShell64.dll [2023-10-06] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\82.0.1.0\drivefsext.dll [2023-10-11] (Google LLC -> Google, Inc.)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.199.0924.0001\FileSyncShell64.dll [2023-10-06] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\82.0.1.0\drivefsext.dll [2023-10-11] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_7e5fd280efaa5445\nvshext.dll [2023-06-21] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2023-08-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2023-08-01] (win.rar GmbH -> Alexander Roshal)
FolderExtensions: [] -> {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} =>

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Meltis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 4" --app-id=mpnpojknpmmopombnjdcgaaiekajbnjb
ShortcutWithArgument: C:\Users\Meltis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 4" --app-id=fmgjjmmmlfnkbppncabfkddbjimcfncm
ShortcutWithArgument: C:\Users\Meltis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 4" --app-id=aghbiahbpaijignceidepookljebhfak
ShortcutWithArgument: C:\Users\Meltis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 4" --app-id=fhihpiojkbmbpdjeoajapmgkhlnakfjf
ShortcutWithArgument: C:\Users\Meltis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 4" --app-id=kefjledonklijopmnomlcbpllchaibag
ShortcutWithArgument: C:\Users\Meltis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 4" --app-id=agimnkijcaahngcdmfeangaknmldooml
ShortcutWithArgument: C:\Users\Meltis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\48499db33039e897\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 4"

==================== Loaded Modules (Whitelisted) =============

2023-09-03 16:30 - 2023-07-19 19:31 - 000322048 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\resources\app.asar.unpacked\node_modules\ac_node_addon\build\Release\ac_node_addon.node
2023-09-03 16:30 - 2023-07-17 16:37 - 000175616 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\resources\app.asar.unpacked\node_modules\ffi-napi\build\Release\ffi_bindings.node
2023-09-03 16:30 - 2023-04-14 14:18 - 000159744 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\resources\app.asar.unpacked\node_modules\ref-napi\prebuilds\win32-ia32\electron.napi.node
2023-09-03 16:30 - 2023-04-14 14:18 - 000319488 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\resources\app.asar.unpacked\node_modules\sharp\build\Release\sharp-win32-ia32.node
2023-09-03 16:30 - 2023-04-26 16:06 - 000541696 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\resources\app.asar.unpacked\node_modules\usb\prebuilds\win32-ia32\node.napi.node
2022-05-22 12:57 - 2022-05-22 12:57 - 000613376 _____ () [File not signed] C:\Program Files\EqualizerAPO\EqualizerAPO.dll
2016-07-30 15:42 - 2016-07-30 15:42 - 002772692 _____ () [File not signed] C:\Program Files\EqualizerAPO\libfftw3f-3.dll
2017-04-02 11:01 - 2017-04-02 11:01 - 001748992 _____ () [File not signed] C:\Program Files\EqualizerAPO\libsndfile-1.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk:A1B76439FE [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk:B96E9B8455 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk:60EC9648C0 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk:1DC1525F34 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk:104946E0EA [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk:1219A9EFD8 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk:7D9589121D [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk:7AD7FA8AB1 [3442]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2023-10-03] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-10-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-10-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-10-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-10-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-10-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-10-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-10-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-10-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-10-03] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\...\sharepoint.com -> hxxps://uofc-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 03:14 - 2019-12-07 03:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %C_EM64T_REDIST11%bin\Intel64;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\170\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\150\Tools\Binn\;C:\Program Files\Microsoft SQL Server\150\Tools\Binn\;C:\Program Files\Microsoft SQL Server\150\DTS\Binn\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\
HKU\S-1-5-21-3320682118-2640290401-2509692745-1001\Control Panel\Desktop\\Wallpaper -> c:\users\meltis\pictures\anime style\vtubers\hololive\nakiri ayame\membership\2023_0519.png
HKU\S-1-5-80-2079297812-3395903788-2019235919-340588434-3960611093\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C0F3A669-B24B-488A-ADED-33645BC965B0}] => (Allow) C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
FirewallRules: [{7062EBAC-CF6C-46F1-B561-5D08BD88DAD9}] => (Allow) C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
FirewallRules: [{91288F00-0D4B-4188-AAA2-D495586B4343}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
FirewallRules: [{EE4318E9-BBBF-44CF-9634-67473DF393D4}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe (ASUSTeK COMPUTER INC. -> ASUS)
FirewallRules: [{B65BD5C3-2B31-4630-8CDE-56F936ED73B7}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmouryHtmlDebugServer.exe (ASUSTeK COMPUTER INC. -> ASUS)
FirewallRules: [{DC46CEC8-118E-4E4B-8D8B-07B1F201471E}] => (Allow) C:\Users\Meltis\AppData\Local\Packages\B9ECED6F.ArmouryCrate_qmba6cd70vzyy\LocalState\GridUpdateFile\ASUSGCDriverUpdateClient.exe (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.)
FirewallRules: [{5C00F3AB-24FF-4502-8733-F0B90969BEF8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{DBB8D2FA-2A13-4258-A2A0-667780B02C46}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{31E8E6D0-D810-4E70-98C5-4ED3E6D7107A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{5505AB19-6C1C-4A34-BF15-E766F343E1E3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{5E3CAC6D-9906-451E-8441-A4D85FAF977E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed]
FirewallRules: [{73AB2B2D-3EE9-4B18-A729-B4D8FB908B1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed]
FirewallRules: [{2BA4C6D5-BE6D-4C66-90B5-6DD324A54894}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dungeon Defenders 2\DunDef2\Binaries\Win64\DunDefGame.exe (Trendy Entertainment LLC) [File not signed]
FirewallRules: [{854E1545-4F94-4C31-8CAB-B0A8DFA077F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dungeon Defenders 2\DunDef2\Binaries\Win64\DunDefGame.exe (Trendy Entertainment LLC) [File not signed]
FirewallRules: [{4C66638C-1C04-46B6-A665-69A086161D7F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{627FDCF6-2933-4173-8165-7353C5A6587D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{27A9EF4D-6A08-42B4-B5E1-8D7C6C05BC9C}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{07AA5715-CE93-4EE2-B915-6AC4D4289EF3}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3B09BD80-B8A1-41CA-80DD-890B14D51100}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7F9599E3-80D6-40E1-BC9A-89CC2933E84A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{71510C03-1734-4C53-9375-2334A9B5D04F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{12BD1567-7626-4C0A-A64E-C15A9BBE42A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan -> )
FirewallRules: [{6EEDEB58-B04F-4BE0-939D-51F80706FE96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan -> )
FirewallRules: [TCP Query User{F255177B-5D0B-44CF-808B-C26505640564}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{D41FB1EA-BCAD-4CE2-96A3-091CA5003A17}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{E4E510E8-48DC-4B99-AE4A-3B3C7F9AA177}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CC226945-2BCB-4FFC-93D1-CC85F15BD170}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DAE8D39E-6E3F-48B6-B173-1E13C2734216}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DEA3E15D-7EA1-4EF4-9F87-24D1D58573ED}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B0846F16-E750-4E29-860C-859D1F4C0451}] => (Allow) LPort=8030
FirewallRules: [{2A20E798-C431-4927-96FE-15C28986D044}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HoloCure\HoloCure.exe () [File not signed]
FirewallRules: [{10AA87C8-77A9-430B-8781-E64F0D2E28D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HoloCure\HoloCure.exe () [File not signed]
FirewallRules: [{6FAA2B1E-498C-4741-B2F7-B2D1DC08AF90}] => (Allow) LPort=8030
FirewallRules: [{1C8EA57A-7A91-4B16-A938-B14EC4B39BD4}] => (Allow) LPort=8030
FirewallRules: [TCP Query User{D5256636-F4C7-4BAC-AD69-891446B2DA61}C:\users\meltis\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\meltis\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{DFF85CC0-9BA3-4A8D-A314-B40D7D4CFBBD}C:\users\meltis\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\meltis\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A85B89B1-D000-4CF1-B090-33F4460998AA}] => (Allow) LPort=8030
FirewallRules: [{8AFEF52D-64B9-4CB3-A082-C23E69CA85ED}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{61F09F1E-B319-4540-90DA-FD25BD7F52D7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{664A0446-BC06-47F6-9B71-037A363208CF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{F4F16A36-80D4-4F6A-8495-183FCD7802B8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{81C18414-652B-429A-9BF9-3520D9E7F9CF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{9F9EF9A3-D369-4F98-9F08-A45B2431AE71}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{EB7A8B2B-FFDE-4437-8AAD-796C7977FE58}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{0A030F64-6249-4DC8-BFA5-59920864A821}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{4226130B-7B6D-483E-B08D-F3D0E9DC5D3B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{729C6F92-2629-4E82-80A6-3F141BC07574}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{B4E121E5-39F2-4605-A8AB-084093E50521}] => (Allow) LPort=8030
FirewallRules: [{F8DA988C-10BC-4EB2-BDDA-14111E443E02}] => (Allow) LPort=8030
FirewallRules: [{AB7BB464-C1F1-42A3-B2C1-E90265864FAD}] => (Allow) LPort=8030
FirewallRules: [TCP Query User{B029142A-C652-4E95-86B9-97610FDF3EB1}C:\users\meltis\desktop\stuff\games\mage kanade's futanari dungeon quest 1\mage kanades futanari dungeon quest.exe] => (Allow) C:\users\meltis\desktop\stuff\games\mage kanade's futanari dungeon quest 1\mage kanades futanari dungeon quest.exe () [File not signed]
FirewallRules: [UDP Query User{DA759ED1-706C-4598-98D4-43B0FECD361C}C:\users\meltis\desktop\stuff\games\mage kanade's futanari dungeon quest 1\mage kanades futanari dungeon quest.exe] => (Allow) C:\users\meltis\desktop\stuff\games\mage kanade's futanari dungeon quest 1\mage kanades futanari dungeon quest.exe () [File not signed]
FirewallRules: [{A4E55D46-12B8-42D9-8B84-168AAF884451}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDrw.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{6AB796DB-527B-4647-AE38-C7E810B823C3}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelPP.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{950DE061-B338-4F10-96A3-DA3709D20A44}] => (Allow) LPort=8030
FirewallRules: [TCP Query User{CD3A7BE3-6496-4645-8B25-D09B21402EBB}C:\program files (x86)\steam\steamapps\common\wallpaper_engine\bin\ui32.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\wallpaper_engine\bin\ui32.exe (Skutta, Kristjan -> )
FirewallRules: [UDP Query User{691C0831-E3CA-4C2C-999E-C9C3784EFB04}C:\program files (x86)\steam\steamapps\common\wallpaper_engine\bin\ui32.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\wallpaper_engine\bin\ui32.exe (Skutta, Kristjan -> )
FirewallRules: [{91BAA658-78C1-4736-92BD-F9D9B848A431}] => (Allow) LPort=8030
FirewallRules: [{189BFE27-F6F4-4D40-8D5A-E37076BD3B2B}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.60\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{736788D0-00F5-49EC-ADDA-FBDC13226729}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{46206964-80D5-448C-AE16-740A1D98E6A5}C:\program files\star rail\games\starrail_data\plugins\x86_64\zfgamebrowser.exe] => (Allow) C:\program files\star rail\games\starrail_data\plugins\x86_64\zfgamebrowser.exe (COGNOSPHERE PTE. LTD. -> )
FirewallRules: [UDP Query User{F24633F8-966D-4345-AC31-3A6DA6E92D5E}C:\program files\star rail\games\starrail_data\plugins\x86_64\zfgamebrowser.exe] => (Allow) C:\program files\star rail\games\starrail_data\plugins\x86_64\zfgamebrowser.exe (COGNOSPHERE PTE. LTD. -> )
FirewallRules: [{4FD1669F-8B1C-4962-9116-80FFDD942ADA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.105.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F3894134-9AB5-443A-902A-4745D2BDCD62}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.105.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{203F2AFC-5983-44E0-AF27-C9DABC515916}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.105.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8F5E8866-B366-47F4-8EC8-3C81076CB5C0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.105.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{AB773B93-7A90-4FB9-AA3C-48AA852A1934}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{84153B1A-0825-4D43-A2FE-7AC1CAB49A26}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{FFB3ECA6-7082-4E2B-87D0-6093783CDBB9}] => (Allow) LPort=8030
FirewallRules: [{2AA2480A-1187-478C-82DE-543EC4507BC0}] => (Allow) LPort=8030
FirewallRules: [{886A8CDF-8A5C-4312-BAFA-1B241976061C}] => (Allow) LPort=8030
FirewallRules: [{EF6997CE-8433-4B67-BDC4-30A36B00E604}] => (Allow) LPort=8030

==================== Restore Points =========================

11-10-2023 07:33:15 Restore Point Created by FRST

==================== Faulty Device Manager Devices ============

Name: PCI Device
Description: PCI Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Device
Description: PCI Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Device
Description: PCI Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: RAID Controller
Description: RAID Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Data Acquisition and Signal Processing Controller
Description: PCI Data Acquisition and Signal Processing Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Device
Description: PCI Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: ========================

Application errors:
==================
Error: (10/11/2023 08:58:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: StarRail.exe, version: 2019.4.34.62239, time stamp: 0x64fed23d
Faulting module name: unityplayer.dll, version: 2019.4.34.62239, time stamp: 0x64fed254
Exception code: 0xc0000005
Fault offset: 0x000000000125623f
Faulting process id: 0x3e50
Faulting application start time: 0x01d9fca96e58cecf
Faulting application path: C:\Program Files\Star Rail\Games\StarRail.exe
Faulting module path: C:\Program Files\Star Rail\Games\unityplayer.dll
Report Id: 778e0570-0e55-4a53-88b3-e70308d87ce7
Faulting package full name:
Faulting package-relative application ID:

Error: (10/11/2023 07:59:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname MeltisPC.local already in use; will try MeltisPC-2.local instead

Error: (10/11/2023 07:59:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 0; will deregister 4 MeltisPC.local. Addr 192.168.0.41

Error: (10/11/2023 07:59:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.41:5353 16 MeltisPC.local. AAAA FD00:1CAB:C069:3BB2:2454:2E41:B4C8:9CE3

Error: (10/11/2023 07:49:31 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\Meltis\Desktop\New folder\Autoruns.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e.manifest.

Error: (10/11/2023 07:33:15 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {bbd3c3f2-2fcf-4aaf-9a42-07f7518f4650}

Error: (10/11/2023 04:33:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchApp.exe, version: 10.0.19041.3393, time stamp: 0x81c6e58e
Faulting module name: KERNELBASE.dll, version: 10.0.19041.3393, time stamp: 0x6b4de7c9
Exception code: 0xc0000409
Fault offset: 0x000000000012d9b2
Faulting process id: 0x2f8c
Faulting application start time: 0x01d9fc2b53e0c734
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: d4aa4d23-986a-47ae-b420-776c5d06c3d1
Faulting package full name: Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (10/11/2023 04:33:12 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.19041.3448 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2184

Start Time: 01d9fc1314f86c65

Termination Time: 0

Application Path: C:\Windows\explorer.exe

Report Id: cc5dff3d-8f7f-46aa-9399-9321c24187b5

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown

System errors:
=============
Error: (10/12/2023 07:23:40 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:39:48 AM on ‎2023-‎10-‎12 was unexpected.

Error: (10/12/2023 07:23:30 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 3221225684A fatal error occurred processing the restoration data.

Error: (10/11/2023 08:04:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (10/11/2023 08:04:08 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Meltis\AppData\Local\Temp\ehdrv.sys

Error: (10/11/2023 08:04:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (10/11/2023 08:04:07 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Meltis\AppData\Local\Temp\ehdrv.sys

Error: (10/11/2023 08:04:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (10/11/2023 08:04:07 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Meltis\AppData\Local\Temp\ehdrv.sys

Windows Defender:
================
Date: 2023-10-11 01:04:11
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Microsoft Security Intelligence
Name: Trojan:Win64/Tnega!MSR
Severity: Severe
Category: Trojan
Path: file:_C:\Windows\System32\ServiceInstaller.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: Unknown
Security intelligence Version: AV: 1.399.384.0, AS: 1.399.384.0, NIS: 1.399.384.0
Engine Version: AM: 1.1.23090.2007, NIS: 1.1.23090.2007

Date: 2023-10-11 01:04:10
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li.../Valyria!MSR&threatid=2147744494&enterprise=1
Name: Trojan:VBS/Valyria!MSR
Severity: Severe
Category: Trojan
Path: file:_C:\Windows\System32\StartupCheck.vbs
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: Unknown
Security intelligence Version: AV: 1.399.384.0, AS: 1.399.384.0, NIS: 1.399.384.0
Engine Version: AM: 1.1.23090.2007, NIS: 1.1.23090.2007

Date: 2023-10-11 01:04:09
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...oinMiner!MSR&threatid=2147743972&enterprise=1
Name: Trojan:Win32/CoinMiner!MSR
Severity: Severe
Category: Trojan
Path: file:_C:\Windows\System32\7B296FC0-376B-497d-B013-58F4D9633A22-5P-1.B5841A4C-A289-439d-8115-50AB69CD450B
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: Unknown
Security intelligence Version: AV: 1.399.384.0, AS: 1.399.384.0, NIS: 1.399.384.0
Engine Version: AM: 1.1.23090.2007, NIS: 1.1.23090.2007

Date: 2023-10-11 01:04:09
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...BS/Tnega!MSR&threatid=2147754826&enterprise=1
Name: Trojan:VBS/Tnega!MSR
Severity: Severe
Category: Trojan
Path: file:_C:\Windows\System32\Maintenance.vbs
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: Unknown
Security intelligence Version: AV: 1.399.384.0, AS: 1.399.384.0, NIS: 1.399.384.0
Engine Version: AM: 1.1.23090.2007, NIS: 1.1.23090.2007

Date: 2023-10-07 17:45:00
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...in32/QBitTorrent&threatid=311352&enterprise=1
Name: PUATorrent:Win32/QBitTorrent
Severity: Severe
Category: Potentially Unwanted Software
Path: file:_C:\Users\Meltis\Downloads\qbittorrent_4.5.5_x64_setup.exe; webfile:_C:\Users\Meltis\Downloads\qbittorrent_4.5.5_x64_setup.exe|https://download.fosshub.com/Protec...exe|pid:25384,ProcessStart:133411958992025175
Detection Origin: Internet
Detection Type: Concrete
Detection Source: Downloads and attachments
Process Name: Unknown
Security intelligence Version: AV: 1.399.213.0, AS: 1.399.213.0, NIS: 1.399.213.0
Engine Version: AM: 1.1.23090.2007, NIS: 1.1.23090.2007
Event[0]:

Date: 2023-10-11 04:50:25
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.

Date: 2023-10-11 04:37:02
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.

Date: 2023-10-11 01:12:14
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80070006
Error description: The handle is invalid.
Reason: The filter driver was unloaded unexpectedly.

Date: 2023-10-11 01:12:14
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80070006
Error description: The handle is invalid.
Reason: The filter driver was unloaded unexpectedly.

Date: 2023-10-11 01:12:14
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80070006
Error description: The handle is invalid.
Reason: The filter driver was unloaded unexpectedly.

CodeIntegrity:
===============
Date: 2023-10-12 19:26:00
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 1220 07/28/2023
Motherboard: ASUSTeK COMPUTER INC. PRIME Z790-P WIFI
Processor: 13th Gen Intel(R) Core(TM) i7-13700KF
Percentage of memory in use: 29%
Total physical RAM: 32581.3 MB
Available physical RAM: 22837.57 MB
Total Virtual: 37445.3 MB
Available Virtual: 24666.94 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1907.1 GB) (Free:1252.86 GB) (Model: AGAMMIXS70B-2T-CS) NTFS
Drive d: (Seagate 2TB) (Fixed) (Total:1863.01 GB) (Free:1501.57 GB) (Model: Seagate BUP Slim RD SCSI Disk Device) NTFS
Drive g: (***@gmail.com - Google...) (Fixed) (Total:15 GB) (Free:3.4 GB) (Model: AGAMMIXS70B-2T-CS) FAT32
Drive h: (***@gmail.com - Googl...) (Fixed) (Total:15 GB) (Free:4.23 GB) (Model: AGAMMIXS70B-2T-CS) FAT32
Drive i: (***@gmail.com - G...) (Fixed) (Total:15 GB) (Free:8.82 GB) (Model: AGAMMIXS70B-2T-CS) FAT32
Drive j: (***@gmail.com - G...) (Fixed) (Total:15 GB) (Free:5.46 GB) (Model: AGAMMIXS70B-2T-CS) FAT32

\\?\Volume{a69bf79e-e698-4f9d-90f6-8a2bbc7df8f3}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS
\\?\Volume{05027a06-3ef7-42af-be6b-2f7f0a35d84f}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 1907.7 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: A68D8888)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

DR M · Oct 13, 2023

Hello.

Another small fix:

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.

Code:

Start::
CreateRestorePoint:
CloseProcesses:
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
FolderExtensions: [] -> {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} =>
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-30] (Apple Inc. -> Apple Inc.)
EmptyTemp:
End::

Right-click on FRST64 tool, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
Press the Fix button once and wait.
FRST will process fixlist.txt
When finished, it will produce a log fixlog.txt at the same location with the FRST tool.
Post the log in your next reply.

Let me know if there is any remaining issue/question/concern regarding this computer.

meltis · Oct 13, 2023

Just curious, what is the purpose of this fix? It also didn't have access to this one specific thing.

Fix result of Farbar Recovery Scan Tool (x64) Version: 06-10-2023
Ran by Meltis (13-10-2023 01:09:25) Run:2
Running from C:\Users\Meltis\Downloads
Loaded Profiles: Meltis & SQLTELEMETRY$TEW_SQLEXPRESS
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
FolderExtensions: [] -> {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} =>
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-30] (Apple Inc. -> Apple Inc.)
EmptyTemp:
End::
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} => removed successfully

========= wevtutil el | Foreach-Object {wevtutil cl "$_"} =========

wevtutil : Failed to clear log Microsoft-Windows-LiveId/Analytic.
At C:\FRST\tmp.ps1:1 char:31
+ wevtutil el | Foreach-Object {wevtutil cl "$_"}
+ ~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (Failed to clear...iveId/Analytic.:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError

Access is denied.
wevtutil : Failed to clear log Microsoft-Windows-LiveId/Operational.
At C:\FRST\tmp.ps1:1 char:31
+ wevtutil el | Foreach-Object {wevtutil cl "$_"}
+ ~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (Failed to clear...Id/Operational.:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError

Access is denied.

========= End of Powershell: =========

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008 => removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000008 => removed successfully

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12759871 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 194586750 B
Windows/system/drivers => 4174152 B
Edge => 0 B
Chrome => 562303276 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 1176 B
Meltis => 8508815 B
SQLTELEMETRY$TEW_SQLEXPRESS => 8508815 B

RecycleBin => 600386615 B
EmptyTemp: => 1.3 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 01:09:57 ====

DR M · Oct 13, 2023

The fix has nothing to do with the error you got.

When did you get it? When the computer restarted?

meltis · Oct 13, 2023

I only got it when I performed the FRST fix. Nothing actually pops up when I turn on / about to turn off anything.

DR M · Oct 13, 2023

A system check wouldn't hurt now:

Run Deployment Image Servicing and Management (DISM)

Click on the Start button and in the search box, type Command Prompt
When you see Command Prompt on the list, right-click on it and select Run as administrator
Enter the command below and press on Enter;

Code:

DISM /Online /Cleanup-Image /RestoreHealth

Let the scan run until the end (100%). Depending on your system, it can take some time.
Please post here the result you got (a screenshot).

When DISM finishes, you can then run SFC from the same command prompt window, but full instructions as if starting fresh:

Click on the Start button and in the search box, type Command Prompt
When you see Command Prompt on the list, right-click on it and select Run as administrator
Enter the command below and press on Enter

Code:

sfc /scannow

Let the scan finish.

You will normally get one of the following results:

Code:

Windows Resource Protection did not find any integrity violations
Windows Resource Protection found corrupt files and successfully repaired them
Windows Resource Protection found corrupt files but was unable to fix some of them
Windows Resource Protection could not perform the requested operation

Please post the result you got (a screenshot).

Restart the computer after the above, and let me know if you get anything weird.

meltis · Oct 13, 2023

Nothing weird popped up after restarting which was the usual before as well. The scan did say that it fixed some corrupt files though.

Also, my previous question regarding on what the purpose of the fix was just a curiosity thing on what specific thing you were trying to target after reading the previous stuff.

DR M · Oct 13, 2023

Also, my previous question regarding on what the purpose of the fix was just a curiosity thing on what specific thing you were trying to target after reading the previous stuff.

Mainly removed some remnants and cleaned Defender's history.

Nothing weird popped up after restarting which was the usual before as well. The scan did say that it fixed some corrupt files though.

Good!

If the computer is running fine now, please move on to the next final step.

The following tool will remove the tools we used as well as reset system restore points:

Download KpRm by kernel-panik and save it to your desktop.

Right-click kprm_(version).exe and select Run as Administrator.
Read and accept the disclaimer.
When the tool opens, ensure all boxes under Actions are checked.
Under Delete Quarantines select Delete Now, then click Run.
Once complete, click OK.
A log will open in Notepad titled kprm-(date).txt.
Please copy and paste its contents in your next reply.

meltis · Oct 13, 2023

# Run at 2023-10-13 2:26:30 AM
# KpRm (Kernel-panik) version 2.15.0
# Website https://kernel-panik.me/tool/kprm/
# Run by Meltis from C:\Users\Meltis\Downloads
# Computer Name: MELTISPC
# OS: Windows 10 X64 (19045) (10.0.19045.3570)
# Number of passes: 1

- Checked options -

~ Registry Backup
~ Delete Tools
~ Restore System Settings
~ UAC Restore
~ Delete Restore Points
~ Create Restore Point
~ Delete Quarantines

- Create Registry Backup -

~ [OK] Hive C:\Windows\System32\config\SOFTWARE backed up
~ [OK] Hive C:\Users\Meltis\NTUSER.dat backed up

[OK] Registry Backup: C:\KPRM\backup\2023-10-13-02-26-30

- Delete Tools -

## ESET Online Scanner
[OK] C:\Users\Meltis\Desktop\ESET Online Scanner.lnk deleted
[OK] C:\Users\Meltis\Desktop\esetonlinescanner.exe deleted
[OK] C:\Users\Meltis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk deleted

## FRST
[OK] C:\Users\Meltis\Downloads\Addition.txt deleted
[OK] C:\Users\Meltis\Downloads\Fixlog.txt deleted
[OK] C:\Users\Meltis\Downloads\FRST.txt deleted
[OK] C:\Users\Meltis\Downloads\FRST64.exe deleted
[OK] C:\FRST deleted

## Microsoft Safety Scanner
[OK] C:\Users\Meltis\Desktop\MSERT.exe deleted

- Restore System Settings -

[OK] Reset WinSock
[OK] FLUSHDNS
[OK] Hide Hidden file.
[OK] Show Extensions for known file types
[OK] Hide protected operating system files

- Restore UAC -

[OK] Set EnableLUA with default (1) value
[OK] Set ConsentPromptBehaviorAdmin with default (5) value
[OK] Set ConsentPromptBehaviorUser with default (3) value
[OK] Set EnableInstallerDetection with default (0) value
[OK] Set EnableSecureUIAPaths with default (1) value
[OK] Set EnableUIADesktopToggle with default (0) value
[OK] Set EnableVirtualization with default (1) value
[OK] Set FilterAdministratorToken with default (0) value
[OK] Set PromptOnSecureDesktop with default (1) value
[OK] Set ValidateAdminCodeSignatures with default (0) value

- Clear Restore Points -

~ [OK] RP named Restore Point Created by FRST created at 10/11/2023 13:33:15 deleted
~ [OK] RP named Windows Modules Installer created at 10/13/2023 01:27:01 deleted
~ [OK] RP named Windows Modules Installer created at 10/13/2023 01:27:35 deleted
~ [OK] RP named Windows Modules Installer created at 10/13/2023 01:28:14 deleted
[OK] All system restore points have been successfully deleted

- Create Restore Point -

[OK] System Restore Point created

- Display System Restore Point -

~ RP named KpRm created at 10/13/2023 08:26:39

-- KPRM finished in 17.84s --

DR M · Oct 13, 2023

Excellent!

Now your computer is clean, here are some final tips about your computer's security from now on:

Some of the following, are from Klein's (2005) article, So how did I get infected in the first place. Since then, the article has been reproduced or linked to in dozens of locations. As a result, many malware experts have continued updating it, to include current operating systems and software program information. My source is Security Garden, and I marked for you the following:

1. Keep your Windows updated!
It is important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer.

2. Update 3rd Party Software Programs
Third Party software programs have long been targets for malware creators. It has been stated that "Adobe’s Reader and Flash and all versions of Java are together responsible for a total of 66 percent of the vulnerabilities in Windows systems exploited by malware.'' It's important to keep everything updated.

3. Update the browsers you use
Many malware infections install themselves by exploiting security holes in the Internet browser that you use. So... Keep them updated.

4. Be careful about what you download and what you open!

Many "freeware" programs come with an enormous amount of bundled spyware that will slow down your system, spawn pop-up advertisements, or just plain crash your browser or even Windows itself. Watch for pre-checked options such as toolbars that are not essential to the operation of the installed software.
Peer-to-peer (P2P) programs like Kazaa, qBittorrent, Imesh, Warez P2P, and others, allow the creation of a network enabling people to connect with other users and upload or download material in a fast efficient manner. BUT even if the P2P software you are using is "clean", a large percentage of the files served on the P2P network are likely to be infected.
Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Have this in mind.
Do not open any files without being certain of what they are!

5. Avoid questionable web sites!
Visit web sites that are trustworthy and reputable. Many disreputable sites will attempt to install malware on your system through "drive-by" exploits just by visiting the site in your browser. Lyrics sites, free software sites (especially ones that target young children), cracked software sites, and pornography sites are some of the worst offenders. Also, never give out personal information of any sort online or click "OK" to a pop-up unless it is signed by a reputable company and you know what it is.

6. Registry cleaners/driver boosters/system optimizers
I do not recommend registry cleaners, system optimizers, driver boosters and the like. It is your computer and certainly your choice. However, please consider that modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. With registry cleaner and system optimization software programs, the potential is ever present to cause more problems than they claim to fix. Do note, however, that Microsoft does not support the use of registry cleaners. See Microsoft support policy for the use of registry cleaning utilities.

7. PC means personal computer!
Don't give access to your computer to friends or family who appear to be clueless about what they are doing.

8. Back-up your work!
Make back-ups of your personal files frequently. You never know when you'll have to reformat and start from scratch. You can always reformat and reinstall programs, but you cannot replace your data if you haven't made backups.

9. Must-Have Software
An anti-virus and an anti-spyware program is a necessity for the security of your computer. Be sure that you keep them updated, and that real time protection is enabled. You have now the built-in Windows antivirus, Windows Defender. You can try Malwarebytes free as an antimalware solution. If you run it occasionally, depending on how often you use your computer, can keep you safe.

Happy safe computing.

I'm glad I was able to help you.

meltis · Oct 13, 2023

Thanks for the amazing and especially quick responses on my situation!
I'll be more wary now as I never got hit in the past like this so I guess I got a bit complacent with my security.

DR M · Oct 13, 2023

You are very welcome, meltis.

[SOLVED] Tnega!MSR Trojan Removed but Not Sure if Safe

Member

Sysnative Staff, Security Analyst

Member

Sysnative Staff, Security Analyst

Member

Sysnative Staff, Security Analyst

Member

Sysnative Staff, Security Analyst

Member

Sysnative Staff, Security Analyst

Member

Sysnative Staff, Security Analyst

Member

Sysnative Staff, Security Analyst

Member

Attachments

Sysnative Staff, Security Analyst

Member

Sysnative Staff, Security Analyst

Member

Sysnative Staff, Security Analyst