Need solution to help remove colormania 32bit (GoogleDiagnostics.exe)

So Farrare

Hi, I recently have the same issue with dttarant it show up colormania 32 bit in task manager, I checked the file location an its show up nothing. I hope it can fix the colormania 32 bit without reformat my pc  Thank you !   Scan result of Farbar Recovery Scan Tool (FRST) […]

Hi,
 
I recently have the same issue with dttarant it show up colormania 32 bit in task manager, I checked the file location an its show up nothing.
 
I hope it can fix the colormania 32 bit without reformat my pc 
 
Thank you !

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-07-2021

Ran by chuac (administrator) on DESKTOP-GMLU23E (10-07-2021 01:17:23)

Running from C:UserschuacDownloadsPrograms

Loaded Profiles: chuac

Platform: Windows 10 Pro Version 20H2 19042.1083 (X64) Language: English (United States)

Default browser: Chrome

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AVB Disc Soft, SIA -> Disc Soft Ltd) C:Program FilesDAEMON Tools LiteDiscSoftBusServiceLite.exe

(AVB Disc Soft, SIA -> Disc Soft Ltd) C:Program FilesDAEMON Tools LiteDTShellHlp.exe

(Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.) C:Program Files (x86)SogouInput9.8.0.3746SogouCloud.exe

(Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.) C:WindowsSysWOW64IMESogouPYSogouImeBroker.exe

(Blacksun Software) [File not signed] C:UserschuacAppDataRoamingGoogleGoogleDiagnostics.exe

(Charles Milette -> TranslucentTB Open Source Developers) C:Program Files (x86)TranslucentTBTranslucentTB.exe

(Discord Inc. -> Discord Inc.) C:UserschuacAppDataLocalDiscordapp-1.0.9002Discord.exe <6>

(Garena Online Pte Ltd -> Garena Online) C:Program Files (x86)GarenaGarena2.0.1909.2618gxxsvc.exe

(Garena Online Pte Ltd -> Garena Online) C:Program Files (x86)GarenaGarenaGarena.exe

(Google LLC -> Google LLC) C:Program Files (x86)GoogleUpdate1.3.36.82GoogleCrashHandler.exe

(Google LLC -> Google LLC) C:Program Files (x86)GoogleUpdate1.3.36.82GoogleCrashHandler64.exe

(Google LLC -> Google LLC) C:Program FilesGoogleChromeApplicationchrome.exe <62>

(Microsoft Corporation -> Microsoft Corporation) C:Program FilesCommon Filesmicrosoft sharedClickToRunOfficeClickToRun.exe

(Microsoft Corporation -> Microsoft Corporation) C:UserschuacAppDataLocalMicrosoftOneDriveOneDrive.exe

(Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbweCalculator.exe

(Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.ZuneMusic_10.21061.10121.0_x64__8wekyb3d8bbweMusic.UI.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsImmersiveControlPanelSystemSettings.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32cmd.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32dllhost.exe <3>

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32Taskmgr.exe

(Microsoft Windows Publisher -> Microsoft Corporation) C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2105.5-0MsMpEng.exe

(Microsoft Windows Publisher -> Microsoft Corporation) C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2105.5-0NisSrv.exe

(miHoYo Co.,Ltd. -> miHoYo) C:Program FilesGenshin Impactlauncher.exe

(NVIDIA Corporation -> Node.js) C:Program Files (x86)NVIDIA CorporationNvNodeNVIDIA Web Helper.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe <3>

(NVIDIA Corporation -> NVIDIA Corporation) C:Program FilesNVIDIA CorporationNVIDIA GeForce ExperienceNVIDIA Share.exe <3>

(NVIDIA Corporation -> NVIDIA Corporation) C:Program FilesNVIDIA CorporationShadowPlaynvsphelper64.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:WindowsSystem32DriverStoreFileRepositorynv_dispi.inf_amd64_d71d3f5ea7618cbbDisplay.NvContainerNVDisplay.Container.exe <2>

(Razer USA Ltd. -> ) C:Program Files (x86)RazerSynapse3UserProcessRazer Synapse Service Process.exe

(Razer USA Ltd. -> Razer Inc) C:Program Files (x86)RazerRazer ServicesGMSGameManagerService.exe

(Razer USA Ltd. -> Razer Inc) C:Program Files (x86)RazerRazer_Kraken71Chroma_DriverDriversSysAudioKraken71ChromaHelper.exe

(Razer USA Ltd. -> Razer Inc.) C:Program Files (x86)Razer Chroma SDKbinRzSDKServer.exe

(Razer USA Ltd. -> Razer Inc.) C:Program Files (x86)Razer Chroma SDKbinRzSDKService.exe

(Razer USA Ltd. -> Razer Inc.) C:Program Files (x86)RazerRazer CortexFPSRunner32.exe

(Razer USA Ltd. -> Razer Inc.) C:Program Files (x86)RazerRazer CortexPMRunner32.exe

(Razer USA Ltd. -> Razer Inc.) C:Program Files (x86)RazerRazer CortexRzKLService.exe

(Razer USA Ltd. -> Razer Inc.) C:Program Files (x86)RazerRazer Cortexx64FPSRunner64.exe

(Razer USA Ltd. -> Razer Inc.) C:Program Files (x86)RazerRazer Cortexx64PMRunner64.exe

(Razer USA Ltd. -> Razer Inc.) C:Program Files (x86)RazerRazer ServicesRazer CentralRazer Central.exe

(Razer USA Ltd. -> Razer Inc.) C:Program Files (x86)RazerRazer ServicesRazer CentralRazerCentralService.exe

(Razer USA Ltd. -> Razer Inc.) C:Program Files (x86)RazerSynapseRzSynapse.exe

(Razer USA Ltd. -> Razer Inc.) C:Program Files (x86)RazerSynapse3ServiceRazer Synapse Service.exe

(Razer USA Ltd. -> Razer Inc.) C:Program Files (x86)RazerSynapse3WPFUIFrameworkRazer Synapse 3 HostRazer Synapse 3.exe

(Razer USA Ltd. -> Razer) C:Program Files (x86)RazerRazer CortexRazerCortex.exe

(Razer USA Ltd. -> The CefSharp Authors) C:Program Files (x86)RazerRazer CortexCefCefSharp.BrowserSubprocess.exe

(Razer USA Ltd. -> The CefSharp Authors) C:Program Files (x86)RazerRazer ServicesRazer CentralCefSharp.BrowserSubprocess.exe <2>

(Skutta, Kristjan -> ) D:Steamsteamappscommonwallpaper_enginewallpaper32.exe

(The Qt Company Oy -> The Qt Company Ltd.) C:Program FilesGenshin ImpactQtWebEngineProcess.exe

(Tonec Inc. -> Tonec Inc.) C:Program Files (x86)Internet Download ManagerIDMMsgHost.exe

(Tonec Inc.) [File not signed] C:Program Files (x86)Internet Download ManagerIDMan.exe

(Valve -> Valve Corporation) C:Program Files (x86)Common FilesSteamSteamService.exe

(Valve -> Valve Corporation) D:Steambincefcef.win7x64steamwebhelper.exe <7>

(Valve -> Valve Corporation) D:Steamsteam.exe

 

==================== Registry (Whitelisted) ===================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM…Run: [WindowsDefender] => “%ProgramFiles%Windows DefenderMSASCuiL.exe”

HKLM-x32…Run: [TeamsMachineInstaller] => C:Program Files (x86)Teams InstallerTeams.exe [101284632 2020-09-16] (Microsoft Corporation -> Microsoft Corporation)

HKLM-x32…Run: [RazerCortex] => C:Program Files (x86)RazerRazer CortexCortexLauncher.exe [267072 2021-06-02] (Razer USA Ltd. -> Razer Inc.)

HKLM-x32…Run: [] => [X]

HKLM-x32…Run: [Razer Synapse] => C:Program Files (x86)RazerSynapseRzSynapse.exe [601784 2020-05-13] (Razer USA Ltd. -> Razer Inc.)

HKLM-x32…Run: [Kraken71ChromaHelper] => C:Program Files (x86)RazerRazer_Kraken71Chroma_DriverDriversSysAudioKraken71ChromaHelper.exe [1600096 2017-02-14] (Razer USA Ltd. -> Razer Inc)

HKUS-1-5-21-4131175827-1518476479-2483294511-1001…Run: [IDMan] => C:Program Files (x86)Internet Download ManagerIDMan.exe [5468672 2020-11-28] (Tonec Inc.) [File not signed]

HKUS-1-5-21-4131175827-1518476479-2483294511-1001…Run: [ctfmon] => C:Windowssystem32ctfmon.exe [11264 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

HKUS-1-5-21-4131175827-1518476479-2483294511-1001…Run: [DAEMON Tools Lite Automount] => C:Program FilesDAEMON Tools LiteDTAgent.exe [409280 2020-12-08] (AVB Disc Soft, SIA -> Disc Soft Ltd)

HKUS-1-5-21-4131175827-1518476479-2483294511-1001…Run: [Synapse3] => C:Program Files (x86)RazerSynapse3WPFUIFrameworkRazer Synapse 3 HostRazer Synapse 3.exe [3519096 2021-06-15] (Razer USA Ltd. -> Razer Inc.)

HKUS-1-5-21-4131175827-1518476479-2483294511-1001…Run: [Discord] => C:UserschuacAppDataLocalDiscordUpdate.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)

HKUS-1-5-21-4131175827-1518476479-2483294511-1001…Run: [TranslucentTB] => C:Program Files (x86)TranslucentTBTranslucentTB.exe [450768 2020-12-28] (Charles Milette -> TranslucentTB Open Source Developers)

HKUS-1-5-21-4131175827-1518476479-2483294511-1001…Run: [WallpaperEngine] => D:Steamsteamappscommonwallpaper_enginewallpaper32.exe [2652832 2021-06-26] (Skutta, Kristjan -> )

HKUS-1-5-21-4131175827-1518476479-2483294511-1001…PoliciesExplorer: [NoLowDiskSpaceChecks] 1

HKUS-1-5-18…Run: [Synapse3] => C:Program Files (x86)RazerSynapse3WPFUIFrameworkRazer Synapse 3 HostRazer Synapse 3.exe [3519096 2021-06-15] (Razer USA Ltd. -> Razer Inc.)

HKLMSoftwareMicrosoftActive SetupInstalled Components: [8A69D345-D564-463c-AFF1-A69D9E530F96] -> C:Program FilesGoogleChromeApplication91.0.4472.124Installerchrmstp.exe [2021-07-02] (Google LLC -> Google LLC)

 

==================== Scheduled Tasks (Whitelisted) ============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: 0592CCD1-24DE-4031-B953-C8B63A4BC6CE – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Scheduled Scan => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2105.5-0MpCmdRun.exe [644888 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: 1C79FD99-C327-42A8-9041-956743E3005A – System32TasksUpdateWindows => C:UserschuacAppDataRoamingWinHostsvchost.exe <==== ATTENTION

Task: 25AADF7F-411D-447A-848C-BDA20620AF10 – System32TasksMicrosoftOfficeOffice Feature Updates Logon => C:Program FilesMicrosoft OfficerootOffice16sdxhelper.exe [147304 2021-07-07] (Microsoft Corporation -> Microsoft Corporation)

Task: 298378EF-7D58-40A1-8BD7-4081BC6D1DA5 – System32TasksNvTmRep_CrashReport4_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8 => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: 31D7E008-58E7-429F-9EAF-62BF65D60D85 – System32TasksNvTmRep_CrashReport3_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8 => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: 47F68CC5-8A1E-45B7-BC96-19899C8F8D2D – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Cache Maintenance => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2105.5-0MpCmdRun.exe [644888 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: 48C03A1C-D05A-499B-9A4F-099F92CB8DD8 – System32TasksDB Bigupgrade Task (One Time) => D:Driver Booster7.2.0dbupgradeg.exe [3984408 2021-04-11] (IObit CO., LTD -> IObit)

Task: 4E6E79A7-A599-413D-A840-5323BC382192 – System32TasksNvBatteryBoostCheckOnLogon_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8 => C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d “C:Program FilesNVIDIA CorporationNvBackendNvBatteryBoostCheck” -l 3 -f C:ProgramDataNVIDIANvContainerBatteryBoostCheck.log

Task: 509198DC-5DBA-4D49-ABF2-4899C5EF97BD – System32TasksDriver Booster Update => D:Driver Booster7.2.0AutoUpdate.exe [2361104 2020-01-13] (IObit Information Technology -> IObit)

Task: 523DC241-9BBC-42FD-B0BB-2C7CD565D844 – System32TasksNvTmRep_CrashReport1_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8 => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: 52AB8DF8-7520-4D58-9C9F-E981BF4BB417 – System32TasksMicrosoftOfficeOffice ClickToRun Service Monitor => C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeC2RClient.exe [23180168 2021-06-28] (Microsoft Corporation -> Microsoft Corporation)

Task: 73195880-04F2-4951-B162-3D2C5F73C035 – System32TasksNVIDIA GeForce Experience SelfUpdate_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8 => C:Program FilesNVIDIA CorporationNVIDIA GeForce ExperienceNVIDIA GeForce Experience.exe [3339120 2021-06-15] (NVIDIA Corporation -> NVIDIA Corporation)

Task: 794E5C2F-FAF7-43C5-94A8-39BCC55E1DE9 – System32TasksGoogleUpdateTaskMachineUA => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [155592 2020-12-08] (Google LLC -> Google LLC)

Task: 7AC69623-6A4F-4990-A90D-B1C43C4FB936 – System32TasksMicrosoftOfficeOffice Automatic Updates 2.0 => C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeC2RClient.exe [23180168 2021-06-28] (Microsoft Corporation -> Microsoft Corporation)

Task: 871BA43B-DFE7-4995-A2FB-AB5BC0E5FB70 – System32TasksMicrosoftOfficeOffice Feature Updates => C:Program FilesMicrosoft OfficerootOffice16sdxhelper.exe [147304 2021-07-07] (Microsoft Corporation -> Microsoft Corporation)

Task: 9475344C-E5C9-4A6E-B5BC-5D47B202732D – System32TasksOptimize Push Notification Data File-S-1-5-21-4131175827-1518476479-2483294511-1001 => 201600D8-6EFF-48CE-B842-E14D37A0682D C:WindowsSystem32wpninprc.dll [24064 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

Task: ACD8FBA8-084A-4F64-A88B-D9E5FAF903DC – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Verification => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2105.5-0MpCmdRun.exe [644888 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: B5B76908-C78E-4869-A4C6-31FAD2B99353 – System32TasksGoogleUpdateTaskMachineCore => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [155592 2020-12-08] (Google LLC -> Google LLC)

Task: B6283FDA-0C72-43B0-A7E5-0AD6A466C8B5 – System32TasksNvProfileUpdaterOnLogon_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8 => C:Program FilesNVIDIA CorporationUpdate CoreNvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: B7B31DE5-7D2E-44EC-AFF5-4E44B2A232EF – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Cleanup => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2105.5-0MpCmdRun.exe [644888 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: D0D87184-60A5-433A-A17A-211C4F74661D – System32Tasksgxx speed launcher => C:Program Files (x86)GarenaGarenaGarena.exe [457600 2019-09-26] (Garena Online Pte Ltd -> Garena Online)

Task: DEE8F372-B935-4C7C-9246-B559B8D324E2 – System32TasksSogouImeMgr => C:Program Files (x86)SogouInputSogouExeSogouExe.exe [412568 2020-06-26] (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.) -> “C:Program Files (x86)SogouInput9.8.0.3746SGTool.exe” –appid=pinyinrepair /t /v

Task: DF3CA9AE-7CED-4E8D-B89D-8B562562CB18 – System32TasksDriver Booster Scheduler => D:Driver Booster7.2.0Scheduler.exe [149776 2020-01-06] (IObit Information Technology -> IObit)

Task: F069932C-07EC-4626-B163-E75F34725D81 – System32TasksNvProfileUpdaterDaily_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8 => C:Program FilesNVIDIA CorporationUpdate CoreNvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: F133EFCF-E73C-4E63-9B6C-16B4B263197E – System32TasksNvTmRep_CrashReport2_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8 => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: F28C3625-7B91-4C62-B519-EA85C41DA272 – System32TasksDriver Booster SkipUAC (chuac) => D:Driver Booster7.2.0DriverBooster.exe [7748880 2020-01-14] (IObit Information Technology -> IObit)

Task: F363FBCA-B4E4-4588-A7E6-CC6BE5184CFE – System32TasksNvDriverUpdateCheckDaily_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8 => C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d “C:Program FilesNVIDIA CorporationNvDriverUpdateCheck” -l 3 -f C:ProgramDataNVIDIANvContainerDriverUpdateCheck.log

Task: FCD13FA4-25C0-4AD4-844E-8E226D2249AE – System32TasksNvNodeLauncher_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8 => C:Program Files (x86)NVIDIA CorporationNvNodenvnodejslauncher.exe [645488 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

TcpipParameters: [DhcpNameServer] 192.168.0.1 192.168.68.1

Tcpip..Interfaces653f205c-51cb-4094-9f97-0731137201c5: [NameServer] 8.8.8.8,8.8.4.4

Tcpip..Interfaces653f205c-51cb-4094-9f97-0731137201c5: [DhcpNameServer] 192.168.0.1 192.168.68.1

 

Edge: 

=======

Edge Profile: C:UserschuacAppDataLocalMicrosoftEdgeUser DataDefault [2021-07-09]

Edge Extension: (IDM Integration Module) – C:UserschuacAppDataLocalMicrosoftEdgeUser DataDefaultExtensionsllbjbkhnmlidjebalopleeepgdfgcpec [2021-05-04]

Edge HKUS-1-5-21-4131175827-1518476479-2483294511-1001SOFTWAREMicrosoftEdgeExtensions…EdgeExtension: [llbjbkhnmlidjebalopleeepgdfgcpec] – C:Program Files (x86)Internet Download ManagerIDMEdgeExt.crx [2020-11-26]

 

FireFox:

========

FF HKUS-1-5-21-4131175827-1518476479-2483294511-1001…SeaMonkeyExtensions: [[email protected]] – C:UserschuacAppDataRoamingIDMidmmzcc5

FF Extension: (IDM CC) – C:UserschuacAppDataRoamingIDMidmmzcc5 [2020-12-08] [Legacy] [not signed]

FF HKUS-1-5-21-4131175827-1518476479-2483294511-1001…SeaMonkeyExtensions: [[email protected]] – C:Program Files (x86)Internet Download Manageridmmzcc2.xpi

FF Extension: (IDM integration) – C:Program Files (x86)Internet Download Manageridmmzcc2.xpi [2017-12-20] [Legacy]

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:Program FilesMicrosoft OfficerootOffice16NPSPWRAP.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16NPSPWRAP.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)

 

Chrome: 

=======

CHR Profile: C:UserschuacAppDataLocalGoogleChromeUser DataDefault [2021-07-10]

CHR StartupUrls: Default -> “chrome://extensions/”,”hxxps://www.google.com/search?q=how+to+remove+safe+finder+from+chrome&rlz=1C1CHBF_enMY788MY788&oq=how+to+remove+safe+finder+&aqs=chrome.2.69i57j69i60j0l4.17401j0j7&sourceid=chrome&ie=UTF-8″,”hxxps://www.youtube.com/watch?v=eIxbPwftPwI”

CHR Extension: (Slides) – C:UserschuacAppDataLocalGoogleChromeUser DataDefaultExtensionsaapocclcgogkmnckokdopfmhonfmgoek [2020-12-08]

CHR Extension: (Docs) – C:UserschuacAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake [2020-12-08]

CHR Extension: (Google Drive) – C:UserschuacAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf [2020-12-08]

CHR Extension: (YouTube) – C:UserschuacAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [2020-12-08]

CHR Extension: (Rearrange Tabs) – C:UserschuacAppDataLocalGoogleChromeUser DataDefaultExtensionsccnnhhnmpoffieppjjkhdakcoejcpbga [2020-12-08]

CHR Extension: (Shopback Button – Cashback & Coupons) – C:UserschuacAppDataLocalGoogleChromeUser DataDefaultExtensionsdjjjmdgomejlopjnccoejdhgjmiappap [2021-07-08]

CHR Extension: (Sheets) – C:UserschuacAppDataLocalGoogleChromeUser DataDefaultExtensionsfelcaaldnbdncclmgdcncolpebgiejap [2020-12-08]

CHR Extension: (Google Docs Offline) – C:UserschuacAppDataLocalGoogleChromeUser DataDefaultExtensionsghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-25]

CHR Extension: (AdBlock — best ad blocker) – C:UserschuacAppDataLocalGoogleChromeUser DataDefaultExtensionsgighmmpiobklfepjocnamgkkbiglidom [2021-06-25]

CHR Extension: (Cookie-Editor) – C:UserschuacAppDataLocalGoogleChromeUser DataDefaultExtensionshlkenndednhfkekhgcdicdfddnkalmdm [2021-06-18]

CHR Extension: (IDM Integration Module) – C:UserschuacAppDataLocalGoogleChromeUser DataDefaultExtensionsngpampappnmepgilojfohadhhmbhlaek [2021-03-10]

CHR Extension: (Chrome Web Store Payments) – C:UserschuacAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]

CHR Extension: (Starry sky) – C:UserschuacAppDataLocalGoogleChromeUser DataDefaultExtensionsoljbicdbjojdloimanbeppncdafgccnl [2020-12-08]

CHR Extension: (Gmail) – C:UserschuacAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia [2020-12-08]

CHR Extension: (Chrome Media Router) – C:UserschuacAppDataLocalGoogleChromeUser DataDefaultExtensionspkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-06]

 

==================== Services (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 ClickToRunSvc; C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeClickToRun.exe [9056656 2021-06-28] (Microsoft Corporation -> Microsoft Corporation)

R3 Disc Soft Lite Bus Service; C:Program FilesDAEMON Tools LiteDiscSoftBusServiceLite.exe [5030592 2020-12-08] (AVB Disc Soft, SIA -> Disc Soft Ltd)

R2 GarenaPlatform; C:Program Files (x86)GarenaGarena2.0.1909.2618gxxsvc.exe [320512 2019-09-26] (Garena Online Pte Ltd -> Garena Online)

R2 Razer Chroma SDK Server; C:Program Files (x86)Razer Chroma SDKbinRzSDKServer.exe [1134616 2021-04-28] (Razer USA Ltd. -> Razer Inc.)

R2 Razer Chroma SDK Service; C:Program Files (x86)Razer Chroma SDKbinRzSDKService.exe [321560 2021-04-13] (Razer USA Ltd. -> Razer Inc.)

R2 Razer Game Manager Service; C:Program Files (x86)RazerRazer ServicesGMSGameManagerService.exe [254224 2021-03-22] (Razer USA Ltd. -> Razer Inc)

R2 Razer Synapse Service; C:Program Files (x86)RazerSynapse3ServiceRazer Synapse Service.exe [294520 2021-06-10] (Razer USA Ltd. -> Razer Inc.)

R2 RzActionSvc; C:Program Files (x86)RazerRazer ServicesRazer CentralRazerCentralService.exe [533808 2021-01-29] (Razer USA Ltd. -> Razer Inc.)

R2 RzKLService; C:Program Files (x86)RazerRazer CortexRzKLService.exe [291320 2021-06-02] (Razer USA Ltd. -> Razer Inc.)

S3 Sense; C:Program FilesWindows Defender Advanced Threat ProtectionMsSense.exe [5394864 2021-07-07] (Microsoft Windows Publisher -> Microsoft Corporation)

S2 SogouSvc; C:Program Files (x86)SogouInputSogouExeSogouSvc.exe [469912 2020-06-26] (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)

R3 WdNisSvc; C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2105.5-0NisSrv.exe [2644776 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 WinDefend; C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2105.5-0MsMpEng.exe [136656 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 NVDisplay.ContainerLocalSystem; C:WindowsSystem32DriverStoreFileRepositorynv_dispi.inf_amd64_d71d3f5ea7618cbbDisplay.NvContainerNVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%NVIDIANVDisplay.ContainerLocalSystem.log -l 3 -d C:WindowsSystem32DriverStoreFileRepositorynv_dispi.inf_amd64_d71d3f5ea7618cbbDisplay.NvContainerpluginsLocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystemLocalSystem

 

===================== Drivers (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 AsrDrv103; C:WindowsSysWOW64DriversAsrDrv103.sys [34568 2020-12-08] (ASROCK Incorporation -> ASRock Incorporation) [File not signed]

S3 AsrDrv104n; C:WindowsSysWOW64DriversAsrDrv104n.sys [33000 2021-02-15] (ASROCK Incorporation -> ASRock Incorporation) [File not signed]

S3 BthA2dp; C:WindowsSystem32driversBthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]

R3 dtlitescsibus; C:WindowsSystem32driversdtlitescsibus.sys [42256 2020-12-08] (AVB Disc Soft, SIA -> Disc Soft Ltd)

R3 dtliteusbbus; C:WindowsSystem32driversdtliteusbbus.sys [59360 2020-12-08] (AVB Disc Soft, SIA -> Disc Soft Ltd)

R1 EneTechIo; C:Windowssystem32driversene.sys [20992 2020-05-12] (Microsoft Windows Hardware Compatibility Publisher -> )

R1 GLCKIO2; C:Windowssystem32driversGLCKIO2.sys [19392 2018-04-23] (ASUSTeK Computer Inc. -> )

R1 HWiNFO32; C:WindowsSysWOW64driversHWiNFO64A.SYS [27552 2020-12-15] (Martin Malik – REALiX -> REALiX™)

S3 MSIO; C:Program Files (x86)ASRock UtilityASRRGBLEDBinmsio64.sys [17424 2020-01-19] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd)

R3 RzCommon; C:WindowsSystem32driversRzCommon.sys [54632 2021-03-31] (Razer USA Ltd. -> Razer Inc)

R3 RzDev_0046; C:WindowsSystem32driversRzDev_0046.sys [54168 2020-08-24] (Razer USA Ltd. -> Razer Inc)

S0 WdBoot; C:WindowsSystem32driverswdWdBoot.sys [49568 2021-06-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

R0 WdFilter; C:WindowsSystem32driverswdWdFilter.sys [425184 2021-06-12] (Microsoft Windows -> Microsoft Corporation)

R3 WdNisDrv; C:WindowsSystem32driverswdWdNisDrv.sys [76000 2021-06-12] (Microsoft Windows -> Microsoft Corporation)

R1 YSDrv; C:Program Files (x86)BignoxBigNoxVMRTYSDrv.sys [312776 2021-06-02] (Microsoft Windows Hardware Compatibility Publisher -> Nox Limited Corporation)

R1 YSDrvA; C:Program Files (x86)BignoxABigNoxVMRTYSDrvA.sys [331456 2021-06-08] (Nox Limited -> Nox Limited Corporation)

U4 napagent; no ImagePath

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One month (created) (Whitelisted) =========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2021-07-10 01:17 – 2021-07-10 01:17 – 000000000 ____D C:FRST

2021-07-10 00:59 – 2021-07-10 00:59 – 000000000 ____D C:Program FilesMalwarebytes

2021-07-09 18:27 – 2021-07-09 18:27 – 2147483648 _____ C:UserschuacDownloads(New)Yume to Iro de Dekiteiru CHS.part1.rar

2021-07-09 13:59 – 2021-07-09 16:26 – 000000407 _____ C:UserschuacDesktopcomtrick.txt

2021-07-09 13:10 – 2021-07-09 16:55 – 000386875 _____ C:UserschuacDesktopCOM1121_J19031450_Individual.pptx

2021-07-09 12:38 – 2021-07-09 12:38 – 002512995 _____ C:UserschuacDownloadsLanguage School Newsletter by Slidesgo.pptx

2021-07-08 12:48 – 2021-07-08 12:48 – 000000000 ____D C:Windowssystem32TasksAgent Activation Runtime

2021-07-08 11:49 – 2021-07-08 11:49 – 000206468 _____ C:UserschuacDownloadsCHAPTER 9 HOMEWORK – MUST DO.pptx

2021-07-08 02:27 – 2021-07-09 12:46 – 000000000 ____D C:UserschuacDownloadsschool

2021-07-07 22:21 – 2021-07-07 22:21 – 002371072 _____ C:Windowssystem32rdpnano.dll

2021-07-07 22:21 – 2021-07-07 22:21 – 002260992 _____ C:Windowssystem32TextInputMethodFormatter.dll

2021-07-07 22:21 – 2021-07-07 22:21 – 001823304 _____ (Microsoft Corporation) C:Windowssystem32winload.efi

2021-07-07 22:21 – 2021-07-07 22:21 – 001393504 _____ (Microsoft Corporation) C:Windowssystem32winresume.efi

2021-07-07 22:21 – 2021-07-07 22:21 – 001314128 _____ (Microsoft Corporation) C:Windowssystem32SecConfig.efi

2021-07-07 22:21 – 2021-07-07 22:21 – 000570880 _____ (Microsoft Corporation) C:Windowssystem32inetcpl.cpl

2021-07-07 22:21 – 2021-07-07 22:21 – 000452608 _____ (Microsoft Corporation) C:WindowsSysWOW64inetcpl.cpl

2021-07-07 22:21 – 2021-07-07 22:21 – 000097792 _____ C:Windowssystem32Driverscimfs.sys

2021-07-07 22:21 – 2021-07-07 22:21 – 000084992 _____ (Microsoft Corporation) C:Windowssystem32wscui.cpl

2021-07-07 22:21 – 2021-07-07 22:21 – 000067584 _____ (Microsoft Corporation) C:WindowsSysWOW64wscui.cpl

2021-07-07 22:21 – 2021-07-07 22:21 – 000060928 _____ C:Windowssystem32runexehelper.exe

2021-07-07 22:21 – 2021-07-07 22:21 – 000011351 _____ C:Windowssystem32DrtmAuthTxt.wim

2021-07-06 08:18 – 2021-07-06 08:18 – 000003168 _____ C:Windowssystem32TasksDB Bigupgrade Task (One Time)

2021-07-06 02:45 – 2021-07-06 02:45 – 001151992 _____ (Realtek ) C:Windowssystem32Driversrt640x64.sys

2021-07-06 02:45 – 2021-07-06 02:45 – 000443088 _____ (Advanced Micro Devices, Inc. ) C:Windowssystem32amdtee_api.dll

2021-07-06 02:45 – 2021-07-06 02:45 – 000356560 _____ (Advanced Micro Devices, Inc. ) C:WindowsSysWOW64amdtee_api.dll

2021-07-06 02:45 – 2021-07-06 02:45 – 000137424 _____ (Advanced Micro Devices, Inc. ) C:Windowssystem32Driversamdpsp.sys

2021-07-04 01:51 – 2021-07-04 01:51 – 000004308 _____ C:Windowssystem32TasksNvDriverUpdateCheckDaily_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8

2021-07-04 01:51 – 2021-07-04 01:51 – 000004106 _____ C:Windowssystem32TasksNvBatteryBoostCheckOnLogon_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8

2021-07-04 01:51 – 2021-07-04 01:51 – 000003976 _____ C:Windowssystem32TasksNVIDIA GeForce Experience SelfUpdate_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8

2021-07-04 01:51 – 2021-07-04 01:51 – 000003940 _____ C:Windowssystem32TasksNvNodeLauncher_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8

2021-07-04 01:51 – 2021-07-04 01:51 – 000003894 _____ C:Windowssystem32TasksNvProfileUpdaterDaily_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8

2021-07-04 01:51 – 2021-07-04 01:51 – 000003858 _____ C:Windowssystem32TasksNvTmRep_CrashReport4_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8

2021-07-04 01:51 – 2021-07-04 01:51 – 000003858 _____ C:Windowssystem32TasksNvTmRep_CrashReport3_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8

2021-07-04 01:51 – 2021-07-04 01:51 – 000003858 _____ C:Windowssystem32TasksNvTmRep_CrashReport2_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8

2021-07-04 01:51 – 2021-07-04 01:51 – 000003858 _____ C:Windowssystem32TasksNvTmRep_CrashReport1_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8

2021-07-04 01:51 – 2021-07-04 01:51 – 000003654 _____ C:Windowssystem32TasksNvProfileUpdaterOnLogon_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8

2021-07-04 01:51 – 2021-06-09 22:17 – 002838384 _____ (NVIDIA Corporation) C:Windowssystem32nvspcap64.dll

2021-07-04 01:51 – 2021-06-09 22:17 – 002186608 _____ (NVIDIA Corporation) C:WindowsSysWOW64nvspcap.dll

2021-07-04 01:51 – 2021-06-02 22:03 – 000067464 _____ (NVIDIA Corporation) C:Windowssystem32Driversnvvhci.sys

2021-07-03 20:28 – 2021-07-03 20:28 – 000003380 _____ C:Windowssystem32TasksOneDrive Standalone Update Task-S-1-5-21-4131175827-1518476479-2483294511-1001

2021-07-03 20:28 – 2021-07-03 20:28 – 000002397 _____ C:UserschuacAppDataRoamingMicrosoftWindowsStart MenuProgramsOneDrive.lnk

2021-07-03 19:02 – 2021-07-03 19:02 – 000000000 ____D C:UserschuacAppDataLocalLownvgames

2021-07-02 21:45 – 2021-07-07 11:25 – 004795419 _____ C:UserschuacDesktopBUS1100_Group8 .pptx

2021-07-02 00:25 – 2021-07-02 00:25 – 195606109 _____ C:UserschuacDesktop202107020004.mp4

2021-06-23 16:46 – 2021-06-23 18:08 – 000000000 ____D C:UserschuacAppDataRoamingZoom

2021-06-21 06:47 – 2021-06-21 06:47 – 000000000 ____D C:ProgramDataOracle

2021-06-20 11:15 – 2021-07-07 23:43 – 000008192 ___SH C:DumpStack.log.tmp

2021-06-20 07:14 – 2021-06-20 07:14 – 000000000 ____D C:UserschuacAppDataRoamingorg.sakuradite.reader

2021-06-20 07:11 – 2021-06-20 07:11 – 000000000 ____D C:UserschuacAppDataRoamingBlack LILITH

2021-06-20 07:11 – 2021-06-20 07:11 – 000000000 ____D C:UserschuacAppDataLocalTurbo.net

2021-06-17 01:49 – 2021-07-02 16:49 – 227852831 _____ C:UserschuacDesktopcom1121_GROUP PRESENTATION 5 – LIFE HACK.pptx

2021-06-14 21:01 – 2021-06-14 21:01 – 000000638 _____ C:UserschuacDesktop剪映专业版.lnk

2021-06-14 21:01 – 2021-06-14 21:01 – 000000000 ____D C:UserschuacAppDataRoamingMicrosoftWindowsStart MenuPrograms剪映专业版

2021-06-14 17:15 – 2021-06-14 20:55 – 002079612 _____ C:UserschuacDesktopChuah Chung Han J19031450 Does smart home system make us lazier.pptx

2021-06-13 14:02 – 2021-06-13 14:02 – 000000000 ____D C:UserschuacAppDataRoamingま~まれぇど

2021-06-13 05:04 – 2021-06-13 05:04 – 000000000 ____D C:UserschuacAppDataRoamingsonora

 

==================== One month (modified) ==================

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2021-07-10 01:16 – 2019-12-07 17:14 – 000000000 ____D C:WindowsAppReadiness

2021-07-10 01:10 – 2020-12-08 16:50 – 000000000 ____D C:UserschuacAppDataLocalPackages

2021-07-10 01:10 – 2020-12-08 00:52 – 000000000 ____D C:UserschuacAppDataLocalPlaceholderTileLogoFolder

2021-07-10 01:10 – 2019-12-07 17:14 – 000000000 ___HD C:WindowsELAMBKUP

2021-07-10 01:07 – 2019-12-07 17:14 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft

2021-07-10 01:03 – 2020-12-08 10:09 – 000000000 ____D C:UserschuacAppDataRoamingdiscord

2021-07-10 01:03 – 2020-12-08 10:09 – 000000000 ____D C:UserschuacAppDataLocalDiscord

2021-07-10 01:01 – 2020-12-08 09:42 – 000000000 ____D C:UserschuacAppDataLocalLowSogouPY

2021-07-10 01:00 – 2020-12-08 01:04 – 000000000 ____D C:UserschuacAppDataLocalD3DSCache

2021-07-09 19:20 – 2020-12-08 09:10 – 000000000 ____D C:ProgramDataNVIDIA

2021-07-09 19:00 – 2020-12-08 16:54 – 000000000 ____D C:ProgramDataRiot Games

2021-07-09 17:46 – 2020-12-08 09:32 – 000000000 ____D C:UserschuacAppDataLocalCrashDumps

2021-07-09 14:45 – 2020-09-27 22:50 – 000000000 ____D C:Windowssystem32SleepStudy

2021-07-08 17:34 – 2020-12-08 12:48 – 000000000 ____D C:Program FilesGenshin Impact

2021-07-08 13:05 – 2019-12-07 17:03 – 000000000 ____D C:WindowsCbsTemp

2021-07-08 11:03 – 2020-12-08 00:51 – 000000000 ___RD C:UserschuacOneDrive

2021-07-08 03:07 – 2020-12-08 08:43 – 000000000 ____D C:UserschuacAppDataRoamingDMCache

2021-07-08 00:43 – 2020-12-08 08:43 – 000000000 ____D C:UserschuacDownloadsCompressed

2021-07-08 00:43 – 2019-12-07 17:13 – 000000000 ____D C:WindowsINF

2021-07-07 23:50 – 2020-12-08 16:50 – 000795742 _____ C:Windowssystem32PerfStringBackup.INI

2021-07-07 23:48 – 2020-12-08 11:53 – 000000000 ____D C:ProgramDataboost_interprocess

2021-07-07 23:43 – 2020-09-27 22:50 – 000462792 _____ C:Windowssystem32FNTCACHE.DAT

2021-07-07 23:43 – 2020-09-27 22:50 – 000000006 ____H C:WindowsTasksSA.DAT

2021-07-07 23:43 – 2019-12-07 17:14 – 000000000 ____D C:WindowsServiceState

2021-07-07 23:42 – 2020-12-13 13:28 – 000000000 ____D C:Program FilesWindows Defender Advanced Threat Protection

2021-07-07 23:42 – 2019-12-07 17:14 – 000000000 ___RD C:WindowsImmersiveControlPanel

2021-07-07 23:42 – 2019-12-07 17:14 – 000000000 ____D C:WindowsSysWOW64setup

2021-07-07 23:42 – 2019-12-07 17:14 – 000000000 ____D C:WindowsSysWOW64oobe

2021-07-07 23:42 – 2019-12-07 17:14 – 000000000 ____D C:WindowsSysWOW64Dism

2021-07-07 23:42 – 2019-12-07 17:14 – 000000000 ____D C:WindowsSystemResources

2021-07-07 23:42 – 2019-12-07 17:14 – 000000000 ____D C:Windowssystem32setup

2021-07-07 23:42 – 2019-12-07 17:14 – 000000000 ____D C:Windowssystem32oobe

2021-07-07 23:42 – 2019-12-07 17:14 – 000000000 ____D C:Windowssystem32Dism

2021-07-07 23:42 – 2019-12-07 17:14 – 000000000 ____D C:WindowsProvisioning

2021-07-07 23:42 – 2019-12-07 17:14 – 000000000 ____D C:WindowsPolicyDefinitions

2021-07-07 23:42 – 2019-12-07 17:14 – 000000000 ____D C:Windowsbcastdvr

2021-07-07 23:42 – 2019-12-07 17:03 – 000524288 _____ C:Windowssystem32configBBI

2021-07-07 20:14 – 2020-12-08 08:43 – 000000000 ____D C:UserschuacAppDataRoamingIDM

2021-07-07 16:00 – 2020-12-08 09:49 – 000000000 ____D C:Program FilesMicrosoft Office

2021-07-07 14:02 – 2019-12-07 17:14 – 000000000 ___HD C:Program FilesWindowsApps

2021-07-06 16:11 – 2020-12-08 11:48 – 000000000 ____D C:UserschuacAppDataLocalSpotify

2021-07-06 15:27 – 2021-04-07 19:10 – 000000000 ____D C:UserschuacAppDataRoamingSpotify

2021-07-06 02:45 – 2020-12-15 18:56 – 000000000 ____D C:ProgramDataProductData

2021-07-04 01:51 – 2020-12-08 09:12 – 000001461 _____ C:UsersPublicDesktopGeForce Experience.lnk

2021-07-04 01:51 – 2020-12-08 09:12 – 000001461 _____ C:ProgramDataDesktopGeForce Experience.lnk

2021-07-04 01:51 – 2020-12-08 09:10 – 000000000 ____D C:ProgramDataNVIDIA Corporation

2021-07-04 01:51 – 2020-12-08 09:10 – 000000000 ____D C:Program Files (x86)NVIDIA Corporation

2021-07-04 01:51 – 2020-12-08 09:02 – 000000000 ____D C:Program FilesNVIDIA Corporation

2021-07-03 19:55 – 2020-12-08 08:43 – 000000000 ____D C:UserschuacDownloadsVideo

2021-07-03 13:25 – 2020-09-27 22:53 – 000002452 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Edge.lnk

2021-07-03 13:25 – 2020-09-27 22:53 – 000002290 _____ C:UsersPublicDesktopMicrosoft Edge.lnk

2021-07-03 13:25 – 2020-09-27 22:53 – 000002290 _____ C:ProgramDataDesktopMicrosoft Edge.lnk

2021-07-02 20:44 – 2020-12-08 01:21 – 000002261 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk

2021-07-02 20:44 – 2020-12-08 01:21 – 000002220 _____ C:UsersPublicDesktopGoogle Chrome.lnk

2021-07-02 20:44 – 2020-12-08 01:21 – 000002220 _____ C:ProgramDataDesktopGoogle Chrome.lnk

2021-07-02 12:25 – 2020-09-27 22:53 – 000003480 _____ C:Windowssystem32TasksMicrosoftEdgeUpdateTaskMachineUA

2021-07-02 12:25 – 2020-09-27 22:53 – 000003356 _____ C:Windowssystem32TasksMicrosoftEdgeUpdateTaskMachineCore

2021-07-01 10:22 – 2020-12-08 08:31 – 000000000 ____D C:UserschuacAppDataRoaminguTorrent

2021-06-26 14:46 – 2020-12-08 10:02 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsRazer

2021-06-25 03:47 – 2020-12-08 08:40 – 000000000 ____D C:UserschuacAppDataLocalBitTorrentHelper

2021-06-24 18:43 – 2020-12-12 15:45 – 000000000 ____D C:WindowsMinidump

2021-06-20 07:15 – 2021-03-19 02:42 – 000000000 ____D C:UserschuacAppDataRoamingasaproject

2021-06-17 04:55 – 2020-12-08 16:48 – 000000000 ____D C:Userschuac

2021-06-15 08:12 – 2019-12-07 17:14 – 000000000 ____D C:WindowsLiveKernelReports

2021-06-12 16:32 – 2020-09-27 22:51 – 000000000 ____D C:Windowssystem32Driverswd

2021-06-10 00:06 – 2020-12-08 10:01 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsRazer Cortex

2021-06-10 00:02 – 2019-12-07 17:14 – 000000000 ___RD C:WindowsPrintDialog

2021-06-10 00:02 – 2019-12-07 17:14 – 000000000 ____D C:WindowsSysWOW64lv-LV

2021-06-10 00:02 – 2019-12-07 17:14 – 000000000 ____D C:WindowsSysWOW64et-EE

2021-06-10 00:02 – 2019-12-07 17:14 – 000000000 ____D C:Windowssystem32migwiz

2021-06-10 00:02 – 2019-12-07 17:14 – 000000000 ____D C:Windowssystem32lv-LV

2021-06-10 00:02 – 2019-12-07 17:14 – 000000000 ____D C:Windowssystem32et-EE

 

==================== Files in the root of some directories ========

 

2020-12-15 17:05 – 2020-12-15 17:05 – 000000000 ____H () C:UserschuacAppDataLocalBIT4783.tmp

2021-04-03 16:41 – 2021-04-03 16:41 – 000000017 _____ () C:UserschuacAppDataLocalresmon.resmoncfg

 

==================== SigCheck ============================

 

(There is no automatic fix for files that do not pass verification.)

 

==================== End of FRST.txt ========================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-07-2021

Ran by chuac (10-07-2021 01:18:13)

Running from C:UserschuacDownloadsPrograms

Windows 10 Pro Version 20H2 19042.1083 (X64) (2020-12-08 08:46:46)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

 

(If an entry is included in the fixlist, it will be removed.)

 

Administrator (S-1-5-21-4131175827-1518476479-2483294511-500 – Administrator – Disabled)

chuac (S-1-5-21-4131175827-1518476479-2483294511-1001 – Administrator – Enabled) => C:Userschuac

DefaultAccount (S-1-5-21-4131175827-1518476479-2483294511-503 – Limited – Disabled)

Guest (S-1-5-21-4131175827-1518476479-2483294511-501 – Limited – Disabled)

WDAGUtilityAccount (S-1-5-21-4131175827-1518476479-2483294511-504 – Limited – Disabled)

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Enabled – Up to date) D68DDC3A-831F-4fae-9E44-DA132C1ACF46

 

==================== Installed Programs ======================

 

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

µTorrent (HKUS-1-5-21-4131175827-1518476479-2483294511-1001…uTorrent) (Version: 3.5.5.46010 – BitTorrent Inc.)

ASRRGBLED v1.0.82 (HKLM-x32…ASRock RGB LED_is1) (Version: 1.0.82 – ASRock Inc.)

ASUS GLCKIO2 Driver (HKLM-x32…548dd834-70c5-4426-8065-fbeabdd2bb5d) (Version: 1.0.10 – ASUSTeK Computer Inc.) Hidden

ASUS GLCKIO2 Driver (HKLM-x32…5960FD0F-BB3B-49AF-B175-F77DC91E995A) (Version: 1.0.10 – ASUSTeK Computer Inc.) Hidden

CrystalDiskInfo 8.8.9 (HKLM…CrystalDiskInfo_is1) (Version: 8.8.9 – Crystal Dew World)

DAEMON Tools Lite (HKLM…DAEMON Tools Lite) (Version: 10.14.0.1567 – Disc Soft Ltd)

Discord (HKUS-1-5-21-4131175827-1518476479-2483294511-1001…Discord) (Version: 0.0.309 – Discord Inc.)

Driver Booster 7 (HKLM-x32…Driver Booster_is1) (Version: 7.2.0 – IObit)

ENE_DRAM_RGB_AIO (HKLM…1745D314-9077-46C9-8562-1C62BAE189B7) (Version: 1.0.0.10 – Ene Tech.) Hidden

ENE_DRAM_RGB_AIO (HKLM-x32…52d1d7de-19c3-4f83-97bb-f9435dc84c5b) (Version: 1.0.0.10 – Ene Tech.) Hidden

ENE_EHD_M2_HAL (HKLM…37A48B7F-D4EA-4863-844E-A284E2AA3C5D) (Version: 1.0.7.11 – ENE TECHNOLOGY INC.) Hidden

ENE_EHD_M2_HAL (HKLM-x32…fd812556-e0bb-4961-ac2b-cf5643484519) (Version: 1.0.7.11 – ENE TECHNOLOGY INC.) Hidden

ENE_EHD_SSS_HAL (HKLM…CF703694-01C6-4062-B797-84DB215662BC) (Version: 1.00.00 – ENE TECHNOLOGY INC.) Hidden

ENE_EHD_SSS_HAL (HKLM-x32…b00e47a4-d642-402c-a060-8d959a0537db) (Version: 1.00.00 – ENE TECHNOLOGY INC.) Hidden

Garena (remove only) (HKLM-x32…gxx) (Version: 2.0.1909.2618 – Garena)

Genshin Impact (HKLM…Genshin Impact) (Version: 2.9.1.0 – miHoYo Co.,Ltd)

Google Chrome (HKLM-x32…Google Chrome) (Version: 91.0.4472.124 – Google LLC)

IDM 6.38 build 14 6.38.14 (HKLM-x32…IDM 6.38 build 14 6.38.14) (Version: 6.38.14 – CrackingPatching)

Internet Download Manager (HKLM-x32…Internet Download Manager) (Version: 6.38.14 – Tonec Inc.)

Microsoft Edge (HKLM-x32…Microsoft Edge) (Version: 91.0.864.64 – Microsoft Corporation)

Microsoft Office Home and Student 2016 – en-us (HKLM…HomeStudentRetail – en-us) (Version: 16.0.14131.20278 – Microsoft Corporation)

Microsoft OneDrive (HKUS-1-5-21-4131175827-1518476479-2483294511-1001…OneDriveSetup.exe) (Version: 21.119.0613.0001 – Microsoft Corporation)

Microsoft Teams (HKUS-1-5-21-4131175827-1518476479-2483294511-1001…Teams) (Version: 1.3.00.26064 – Microsoft Corporation)

Microsoft Update Health Tools (HKLM…E5A95BC5-81DF-4F0C-B910-B59DD012F037) (Version: 2.81.0.0 – Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable – x64 9.0.30729.17 (HKLM…8220EEFE-38CD-377E-8595-13398D740ACE) (Version: 9.0.30729 – Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable – x64 9.0.30729.4148 (HKLM…4B6C7001-C7D6-3710-913E-5BC23FCE91E6) (Version: 9.0.30729.4148 – Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.30501 (HKLM-x32…50d4fc8-5d48-4b8f-8972-47c82c46020f) (Version: 12.0.30501.0 – Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.40660 (HKLM-x32…ef6b00ec-13e1-4c25-9064-b2f383cb8412) (Version: 12.0.40660.0 – Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x64) – 14.22.27821 (HKLM-x32…6361b579-2795-4886-b2a8-53d5239b6452) (Version: 14.22.27821.0 – Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x86) – 14.22.27821 (HKLM-x32…5bfc1380-fd35-4b85-9715-7351535d077e) (Version: 14.22.27821.0 – Microsoft Corporation)

MPC-HC 1.7.9 (HKLM-x32…2624B969-7135-4EB1-B0F6-2D8C397B45F7_is1) (Version: 1.7.9 – MPC-HC Team)

NARUTO SHIPPUDEN Ultimate Ninja STORM 4 Road to Boruto Next Generations (HKLM-x32…NARUTO SHIPPUDEN Ultimate Ninja STORM 4 Road to ~629813CA_is1) (Version:  – )

NoxPlayer(64-bit) (HKLM-x32…Nox64) (Version: 9.0.0.0 – Duodian Technology Co. Ltd.)

NVIDIA FrameView SDK 1.1.4923.29968894 (HKLM…B2FE1952-0186-46C3-BAEC-A80AA35AC5B8_FrameViewSdk) (Version: 1.1.4923.29968894 – NVIDIA Corporation)

NVIDIA GeForce Experience 3.23.0.74 (HKLM…B2FE1952-0186-46C3-BAEC-A80AA35AC5B8_Display.GFExperience) (Version: 3.23.0.74 – NVIDIA Corporation)

NVIDIA Graphics Driver 466.27 (HKLM…B2FE1952-0186-46C3-BAEC-A80AA35AC5B8_Display.Driver) (Version: 466.27 – NVIDIA Corporation)

NVIDIA PhysX System Software 9.19.0218 (HKLM…B2FE1952-0186-46C3-BAEC-A80AA35AC5B8_Display.PhysX) (Version: 9.19.0218 – NVIDIA Corporation)

Office 16 Click-to-Run Extensibility Component (HKLM…90160000-008C-0000-1000-0000000FF1CE) (Version: 16.0.14131.20278 – Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (HKLM…90160000-007E-0000-1000-0000000FF1CE) (Version: 16.0.14131.20278 – Microsoft Corporation) Hidden

Office 16 Click-to-Run Localization Component (HKLM…90160000-008C-0409-1000-0000000FF1CE) (Version: 16.0.14131.20278 – Microsoft Corporation) Hidden

Patriot Viper M2 SSD RGB (HKLM…8B4C0A3D-C135-4E1F-98D8-3926494B4D61) (Version: 1.0.6.2 – Patriot Memory) Hidden

Patriot Viper M2 SSD RGB (HKLM-x32…1122cfaf-aa52-4ba0-af2e-1e252b647b5b) (Version: 1.0.6.2 – Patriot Memory)

Razer Cortex (HKLM-x32…Razer Cortex_is1) (Version: 9.15.19.1412 – Razer Inc.)

Razer Synapse (HKLM-x32…D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6) (Version: 2.21.24.34 – Razer Inc.)

Razer Synapse (HKLM-x32…Razer Synapse) (Version: 3.6.0624.061513 – Razer Inc.)

Spotify (HKUS-1-5-21-4131175827-1518476479-2483294511-1001…Spotify) (Version: 1.1.56.595.g2d2da0de – Spotify AB)

Steam (HKLM-x32…Steam) (Version: 2.10.91.91 – Valve Corporation)

Streamlabs OBS 0.26.0 (HKLM…29c4619-0385-5543-9426-46f9987161d9) (Version: 0.26.0 – General Workings, Inc.)

Teams Machine-Wide Installer (HKLM-x32…731F6BAA-A986-45A4-8936-7C3AAAAA760B) (Version: 1.3.0.26064 – Microsoft Corporation)

TranslucentTB (HKLM-x32…TranslucentTB_is1) (Version: 9.0.0.0 – TranslucentTB Open Source Developers)

WinRAR 6.00 (64-bit) (HKLM…WinRAR archiver) (Version: 6.00.0 – win.rar GmbH)

スタディ§ステディ (HKLM-x32…スタディ§ステディ) (Version: 1.02 – ま~まれぇど)

催眠奪女~全てが僕の自由になる世界へようこそ~ 朝霧架純編 (HKLM-x32…saimin_kasumi) (Version:  – )

剪映专业版 (HKUS-1-5-21-4131175827-1518476479-2483294511-1001…JianyingPro) (Version: 1.3.6.1323 – Shenzhen Lianmeng Technology)

搜狗输入法 9.8正式版 (HKLM-x32…Sogou Input) (Version: 9.8.0.3746 – Sogou.com)

 

Packages:

=========

Microsoft Solitaire Collection -> C:Program FilesWindowsAppsMicrosoft.MicrosoftSolitaireCollection_4.9.6151.0_x64__8wekyb3d8bbwe [2021-06-20] (Microsoft Studios) [MS Ad]

NVIDIA Control Panel -> C:Program FilesWindowsAppsNVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-05-27] (NVIDIA Corp.)

照片媒体引擎加载项 -> C:Program FilesWindowsAppsMicrosoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-07-10] (Microsoft Corporation)

 

==================== Custom CLSID (Whitelisted): ==============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKUS-1-5-21-4131175827-1518476479-2483294511-1001_ClassesCLSID0020420-0000-0000-C000-000000000046InprocServer32 -> C:Windowssystem32oleaut32.dll (Microsoft Windows -> Microsoft Corporation)

CustomCLSID: HKUS-1-5-21-4131175827-1518476479-2483294511-1001_ClassesCLSID0020421-0000-0000-C000-000000000046InprocServer32 -> C:Windowssystem32oleaut32.dll (Microsoft Windows -> Microsoft Corporation)

CustomCLSID: HKUS-1-5-21-4131175827-1518476479-2483294511-1001_ClassesCLSID0020422-0000-0000-C000-000000000046InprocServer32 -> C:Windowssystem32oleaut32.dll (Microsoft Windows -> Microsoft Corporation)

CustomCLSID: HKUS-1-5-21-4131175827-1518476479-2483294511-1001_ClassesCLSID0020423-0000-0000-C000-000000000046InprocServer32 -> C:Windowssystem32oleaut32.dll (Microsoft Windows -> Microsoft Corporation)

CustomCLSID: HKUS-1-5-21-4131175827-1518476479-2483294511-1001_ClassesCLSID0020424-0000-0000-C000-000000000046InprocServer32 -> C:Windowssystem32oleaut32.dll (Microsoft Windows -> Microsoft Corporation)

CustomCLSID: HKUS-1-5-21-4131175827-1518476479-2483294511-1001_ClassesCLSID0020425-0000-0000-C000-000000000046InprocServer32 -> C:Windowssystem32oleaut32.dll (Microsoft Windows -> Microsoft Corporation)

CustomCLSID: HKUS-1-5-21-4131175827-1518476479-2483294511-1001_ClassesCLSID19A6E644-14E6-4A60-B8D7-DD20610A871DInprocServer32 -> C:UserschuacAppDataLocalMicrosoftTeamsMeetingAddin1.0.20244.4x64Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)

CustomCLSID: HKUS-1-5-21-4131175827-1518476479-2483294511-1001_ClassesCLSIDC52B9871-E5E9-41FD-B84D-C5ACADBEC7AEInprocServer32 -> D:Locale.Emulator.2.4.1.0LEContextMenuHandler.DLL (Paddy Xu) [File not signed] [File is in use]

CustomCLSID: HKUS-1-5-21-4131175827-1518476479-2483294511-1001_ClassesCLSIDCB965DF1-B8EA-49C7-BDAD-5457FDC1BF92InprocServer32 -> C:UserschuacAppDataLocalMicrosoftTeamsMeetingAddin1.0.20244.4x64Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> CDC95B92-E27C-4745-A8C5-64A52A78855D => C:Program Files (x86)Internet Download ManagerIDMShellExt64.dll [2019-05-02] (Tonec Inc. -> Tonec Inc.)

ContextMenuHandlers1: [WinRAR] -> B41DB860-64E4-11D2-9906-E49FADC173CA => C:Program FilesWinRARrarext.dll [2020-12-02] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers1-x32: [WinRAR32] -> B41DB860-8EE4-11D2-9906-E49FADC173CA => C:Program FilesWinRARrarext32.dll [2020-12-02] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers2: [DaemonShellExtDriveLite] -> C06369D6-E77D-4626-9656-1256312BD576 => C:Program FilesDAEMON Tools Litedtshl64.dll [2020-12-08] (AVB Disc Soft, SIA -> Disc Soft Ltd)

ContextMenuHandlers3: [DaemonShellExtImageLite] -> 1D1B5D7B-0FC9-452E-902C-12BACD4FBC20 => C:Program FilesDAEMON Tools Litedtshl64.dll [2020-12-08] (AVB Disc Soft, SIA -> Disc Soft Ltd)

ContextMenuHandlers5: [NvCplDesktopContext] -> 3D1975AF-48C6-4f8e-A182-BE0E08FA86A9 => C:WindowsSystem32DriverStoreFileRepositorynv_dispi.inf_amd64_d71d3f5ea7618cbbnvshext.dll [2021-05-28] (NVIDIA Corporation -> NVIDIA Corporation)

ContextMenuHandlers6: [WinRAR] -> B41DB860-64E4-11D2-9906-E49FADC173CA => C:Program FilesWinRARrarext.dll [2020-12-02] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers6-x32: [WinRAR32] -> B41DB860-8EE4-11D2-9906-E49FADC173CA => C:Program FilesWinRARrarext32.dll [2020-12-02] (win.rar GmbH -> Alexander Roshal)

 

==================== Codecs (Whitelisted) ====================

 

==================== Shortcuts & WMI ========================

 

==================== Loaded Modules (Whitelisted) =============

 

2018-12-02 12:13 – 2018-12-02 12:13 – 047517184 _____ () [File not signed] C:Program Files (x86)GarenaGarena2.0.1909.2618ceflibcef.dll

2021-03-12 11:28 – 2021-03-12 11:28 – 001230336 _____ (Applied Informatics Software Engineering GmbH) [File not signed] C:Program Files (x86)Razer Chroma SDKbinPocoFoundation.dll

2021-03-12 11:28 – 2021-03-12 11:28 – 000207872 _____ (Applied Informatics Software Engineering GmbH) [File not signed] C:Program Files (x86)Razer Chroma SDKbinPocoJSON.dll

2021-03-12 11:28 – 2021-03-12 11:28 – 000810496 _____ (Applied Informatics Software Engineering GmbH) [File not signed] C:Program Files (x86)Razer Chroma SDKbinPocoNet.dll

2021-03-12 11:28 – 2021-03-12 11:28 – 000238592 _____ (Applied Informatics Software Engineering GmbH) [File not signed] C:Program Files (x86)Razer Chroma SDKbinPocoNetSSLWin.dll

2021-03-12 11:28 – 2021-03-12 11:28 – 000335360 _____ (Applied Informatics Software Engineering GmbH) [File not signed] C:Program Files (x86)Razer Chroma SDKbinPocoUtil.dll

2021-03-12 11:28 – 2021-03-12 11:28 – 000455168 _____ (Applied Informatics Software Engineering GmbH) [File not signed] C:Program Files (x86)Razer Chroma SDKbinPocoXML.dll

2020-12-21 16:58 – 2020-12-11 16:29 – 006159480 _____ (The Qt Company Oy -> The Qt Company Ltd.) [File not signed] C:Program FilesGenshin ImpactQt5Core.dll

 

==================== Alternate Data Streams (Whitelisted) ========

 

==================== Safe Mode (Whitelisted) ==================

 

==================== Association (Whitelisted) =================

 

==================== Internet Explorer (Whitelisted) ==========

 

HKUS-1-5-21-4131175827-1518476479-2483294511-1001SoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank

BHO: IDM integration (IDMIEHlprObj Class) -> 0055C089-8582-441B-A0BF-17B458C2A3A8 -> C:Program Files (x86)Internet Download ManagerIDMIECC64.dll [2020-07-31] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)

BHO-x32: IDM integration (IDMIEHlprObj Class) -> 0055C089-8582-441B-A0BF-17B458C2A3A8 -> C:Program Files (x86)Internet Download ManagerIDMIECC.dll [2020-07-31] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)

BHO-x32: Skype for Business Browser Helper -> 31D09BA0-12F5-4CCE-BE8A-2923E76605DA -> C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16OCHelper.dll [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)

Handler: mso-minsb-roaming.16 – 83C25742-A9F7-49FB-9138-434302C88D07 – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-07-07] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb-roaming.16 – 83C25742-A9F7-49FB-9138-434302C88D07 – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-07-07] (Microsoft Corporation -> Microsoft Corporation)

Handler: mso-minsb.16 – 42089D2D-912D-4018-9087-2B87803E93FB – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-07-07] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb.16 – 42089D2D-912D-4018-9087-2B87803E93FB – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-07-07] (Microsoft Corporation -> Microsoft Corporation)

Handler: osf-roaming.16 – 42089D2D-912D-4018-9087-2B87803E93FB – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-07-07] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf-roaming.16 – 42089D2D-912D-4018-9087-2B87803E93FB – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-07-07] (Microsoft Corporation -> Microsoft Corporation)

Handler: osf.16 – 5504BE45-A83B-4808-900A-3A5C36E7F77A – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-07-07] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf.16 – 5504BE45-A83B-4808-900A-3A5C36E7F77A – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-07-07] (Microsoft Corporation -> Microsoft Corporation)

 

==================== Hosts content: =========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2019-12-07 17:14 – 2020-12-17 18:20 – 000001174 _____ C:Windowssystem32driversetchosts

 

==================== Other Areas ===========================

 

(Currently there is no automatic fix for this section.)

 

HKLMSystemCurrentControlSetControlSession ManagerEnvironment\Path -> C:Program Files (x86)RazerChromaBroadcastbin;C:Program FilesRazerChromaBroadcastbin;C:Program Files (x86)Razer Chroma SDKbin;C:Program FilesRazer Chroma SDKbin;C:Windowssystem32;C:Windows;C:WindowsSystem32Wbem;C:WindowsSystem32WindowsPowerShellv1.0;C:WindowsSystem32OpenSSH;C:Program Files (x86)NVIDIA CorporationPhysXCommon;C:Program FilesNVIDIA CorporationNVIDIA NvDLISR;C:Windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsApps;C:UserschuacAppDataLocalMicrosoftWindowsApps

HKUS-1-5-21-4131175827-1518476479-2483294511-1001Control PanelDesktop\Wallpaper -> C:UserschuacAppDataLocalMicrosoftWindowsThemesRoamedThemeFilesDesktopBackground40clthesh2qvjzdqvot2ymikfrngsaetn0u049m4bvo.jpg

DNS Servers: 8.8.8.8 – 8.8.4.4

HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: )

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

==================== FirewallRules (Whitelisted) ================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [C4AB2B39-A72B-4700-919F-FE8AED87287F] => (Allow) C:UserschuacAppDataRoaminguTorrentuTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)

FirewallRules: [EDC93498-A5D6-4A44-89B3-AE5C4CCC2DA5] => (Allow) C:UserschuacAppDataRoaminguTorrentuTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)

FirewallRules: [F2CD4BBA-4D47-417F-A604-E385C2766E33] => (Allow) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [B4FF6661-84E4-4503-A566-608F451D1D19] => (Allow) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [0C724CFA-3A50-4775-BF83-E83B7501D656] => (Allow) C:Program Files (x86)SogouInput9.8.0.3746SGTool.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)

FirewallRules: [85E387DF-18AF-4414-8F4A-162FF0BD14DC] => (Allow) C:Program Files (x86)SogouInput9.8.0.3746SGTool.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)

FirewallRules: [5F494D5F-A0EF-4FEC-AB69-2A39DEEFB212] => (Allow) C:Program Files (x86)SogouInput9.8.0.3746SGTool.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)

FirewallRules: [0075F228-722F-4E31-8400-F0761737BD14] => (Allow) C:Program Files (x86)SogouInput9.8.0.3746SGTool.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)

FirewallRules: [6D0B7248-3AFA-4650-9566-288CEBDBC80D] => (Allow) C:Program Files (x86)SogouInput9.8.0.3746SGTool.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)

FirewallRules: [A455A182-32CD-4F04-B765-07206ACD8A51] => (Allow) C:Program Files (x86)SogouInput9.8.0.3746SGTool.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)

FirewallRules: [8EDE68D3-10E0-4BDC-ABA7-605207E63E91] => (Allow) C:Program Files (x86)SogouInput9.8.0.3746PinyinUp.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)

FirewallRules: [12D66969-38CF-4ADE-8A91-2B92896078B2] => (Allow) C:Program Files (x86)SogouInput9.8.0.3746PinyinUp.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)

FirewallRules: [822ADC93-4CFB-494A-9CF7-AA7BDC5306C5] => (Allow) C:Program Files (x86)SogouInput9.8.0.3746PinyinUp.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)

FirewallRules: [4B88B710-664F-4B1E-8E90-B6B866AE6E12] => (Allow) C:Program Files (x86)SogouInput9.8.0.3746PinyinUp.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)

FirewallRules: [F8216798-47FB-491F-86DB-56E768E0E8DB] => (Allow) C:Program Files (x86)SogouInput9.8.0.3746PinyinUp.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)

FirewallRules: [E91FAAFD-E2AF-4FE9-9C04-7DFA17BCACC9] => (Allow) C:Program Files (x86)SogouInput9.8.0.3746PinyinUp.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)

FirewallRules: [C155F280-56CB-494B-B16F-6F8DAD6F70E8] => (Allow) C:Program Files (x86)SogouInput9.8.0.3746SGDownload.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)

FirewallRules: [39E050D0-C0BE-4DD9-824D-D756EF0BD67A] => (Allow) C:Program Files (x86)SogouInput9.8.0.3746SGDownload.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)

FirewallRules: [FB3A2A6B-EA22-4ABD-8988-9CFCAD2EE67B] => (Allow) C:Program Files (x86)SogouInput9.8.0.3746SGDownload.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)

FirewallRules: [B357D3DF-2ED0-4671-B577-35FEF30283EC] => (Allow) C:Program Files (x86)SogouInput9.8.0.3746SGDownload.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)

FirewallRules: [35F8199D-6FB4-4D7B-ABB5-5B3AB98C3FC1] => (Allow) C:Program Files (x86)SogouInput9.8.0.3746SGDownload.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)

FirewallRules: [3252C076-E03C-46CF-8642-CE735018A9EB] => (Allow) C:Program Files (x86)SogouInput9.8.0.3746SGDownload.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)

FirewallRules: [1A046043-524F-48D1-8B14-573F308AABEF] => (Allow) C:Program Files (x86)SogouInput9.8.0.3746SogouCloud.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)

FirewallRules: [D51CFA72-5F91-493E-BB6C-F8B0C36943C4] => (Allow) C:Program Files (x86)SogouInput9.8.0.3746SogouCloud.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)

FirewallRules: [8E96F610-B3D2-43E2-9D33-4B5B82C99D9E] => (Allow) C:Program Files (x86)SogouInput9.8.0.3746SogouCloud.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)

FirewallRules: [CE22CE55-D177-437B-8B64-A2DF2782DA65] => (Allow) C:Program Files (x86)SogouInput9.8.0.3746SogouCloud.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)

FirewallRules: [61B27D19-6C16-41EA-BFAF-02443876B945] => (Allow) C:Program Files (x86)SogouInput9.8.0.3746SogouCloud.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)

FirewallRules: [C146F799-9568-42EB-8E75-806995D7491E] => (Allow) C:Program Files (x86)SogouInput9.8.0.3746SogouCloud.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)

FirewallRules: [E0AC2E76-8FE4-4911-8B7C-EE074BAF77C7] => (Allow) C:Program Files (x86)SogouInputComponentsSogouComMgr.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)

FirewallRules: [5F403EB7-5644-49F7-AC32-F6C841CFA80E] => (Allow) C:Program Files (x86)SogouInputComponentsSogouComMgr.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)

FirewallRules: [F966CC79-DF2D-4073-AA12-6F5ADB8D1674] => (Allow) C:Program Files (x86)SogouInputComponentsSogouComMgr.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)

FirewallRules: [339D9678-D77E-4438-8CE9-EE33946E4BB8] => (Allow) C:Program Files (x86)SogouInputComponentsSogouComMgr.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)

FirewallRules: [EEDDD6D4-2E2A-4222-845C-760F79152610] => (Allow) C:Program Files (x86)SogouInputComponentsSogouComMgr.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)

FirewallRules: [DD2376C3-490F-4565-B516-65A8C7C561CD] => (Allow) C:Program Files (x86)SogouInputComponentsSogouComMgr.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)

FirewallRules: [DC6AB671-A90C-4A79-BEFB-F5F1DDF6F0EF] => (Allow) C:Program Files (x86)SogouInput9.8.0.3746userNetSchedule.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)

FirewallRules: [973B1E3D-BFF9-476F-86C8-01BA05111E2C] => (Allow) C:Program Files (x86)SogouInput9.8.0.3746userNetSchedule.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)

FirewallRules: [3D29354C-CF1A-4089-AF49-67B64BF2DBC4] => (Allow) C:Program Files (x86)SogouInput9.8.0.3746userNetSchedule.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)

FirewallRules: [FA696F63-5A83-47C5-9209-4532CA4B1B55] => (Allow) C:Program Files (x86)SogouInput9.8.0.3746userNetSchedule.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)

FirewallRules: [B5C3DB43-4971-469F-8367-018A09787CB4] => (Allow) C:Program Files (x86)SogouInput9.8.0.3746userNetSchedule.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)

FirewallRules: [61B81268-A2A8-48BC-AF11-0595AF0F6E14] => (Allow) C:Program Files (x86)SogouInput9.8.0.3746userNetSchedule.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)

FirewallRules: [FBD4B71B-3A5F-45F3-BEB0-564335F6B8FF] => (Allow) C:Program Files (x86)SogouInput9.8.0.3746SGMedalLoader.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)

FirewallRules: [1E2B6741-FD2F-4CF1-B9A9-E8D8E107EFDF] => (Allow) C:Program Files (x86)SogouInput9.8.0.3746SGMedalLoader.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)

FirewallRules: [B5149CAC-F090-48F9-A3A5-5C1D924F7FAF] => (Allow) C:Program Files (x86)SogouInput9.8.0.3746SGMedalLoader.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)

FirewallRules: [60145351-00EB-493F-8060-E6C6D8174A17] => (Allow) C:Program Files (x86)SogouInput9.8.0.3746SGMedalLoader.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)

FirewallRules: [8FE170EE-7356-4F77-A0F8-38BA13F08F80] => (Allow) C:Program Files (x86)SogouInput9.8.0.3746SGMedalLoader.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)

FirewallRules: [EE85374F-82EC-40A4-9906-4A95BBB35B3B] => (Allow) C:Program Files (x86)SogouInput9.8.0.3746SGMedalLoader.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)

FirewallRules: [C89D7E3E-EF3F-4EBE-A781-FEC4F3F392C3] => (Allow) C:UsersPublicSogouInputUSBDTOctopusDownloader.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)

FirewallRules: [93C676DE-2C18-4AD7-986D-EFD367BB54EB] => (Allow) C:UsersPublicSogouInputUSBDTOctopusDownloader.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)

FirewallRules: [2FB2DF87-6C0B-44F9-899F-5486F8D13AC1] => (Allow) C:UsersPublicSogouInputUSBDTOctopusDownloader.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)

FirewallRules: [6C1C677B-6996-479D-A7B0-3F17E2B06B26] => (Allow) C:UsersPublicSogouInputUSBDTOctopusDownloader.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)

FirewallRules: [B6827218-8114-4965-9356-EDEB7AF14BBE] => (Allow) C:UsersPublicSogouInputUSBDTOctopusDownloader.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)

FirewallRules: [88C78D35-F7A9-4530-9549-F8618D8A0314] => (Allow) C:UsersPublicSogouInputUSBDTOctopusDownloader.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)

FirewallRules: [7AA04A4C-D786-4AD1-ACE2-761268340371] => (Allow) C:Program FilesDAEMON Tools LiteDiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)

FirewallRules: [E9FE7B7F-A3A3-4ADC-A689-B99DC7FC786B] => (Allow) C:Program FilesDAEMON Tools LiteDiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)

FirewallRules: [B99194AF-3D0C-4A0E-9568-D87BAC22C5CF] => (Allow) C:Program FilesMicrosoft OfficerootOffice16Lync.exe => No File

FirewallRules: [15604497-7634-45B9-8283-1EE1045467EA] => (Allow) C:Program FilesMicrosoft OfficerootOffice16UcMapi.exe => No File

FirewallRules: [D2CB0BB2-CC3B-4706-96C3-313685E9ED0F] => (Allow) C:Program Files (x86)GarenaGarena2.0.1909.2618gxxsvc.exe (Garena Online Pte Ltd -> Garena Online)

FirewallRules: [6EA9959C-025B-4628-9CE9-1AE0BBF01AA3] => (Allow) D:SteamSteam.exe (Valve -> Valve Corporation)

FirewallRules: [90D10F8D-9063-491A-A5C6-673315D4EA20] => (Allow) D:SteamSteam.exe (Valve -> Valve Corporation)

FirewallRules: [4C427548-5A89-42E2-925A-F76082F4FCAD] => (Allow) D:Steambincefcef.win7steamwebhelper.exe (Valve -> Valve Corporation)

FirewallRules: [41EA5004-F534-4FA2-B706-09E94290804C] => (Allow) D:Steambincefcef.win7steamwebhelper.exe (Valve -> Valve Corporation)

FirewallRules: [4452D37E-9F9F-4E0B-AB18-B882BA87D3C2] => (Allow) D:Steamsteamappscommonwallpaper_enginelauncher.exe (Skutta, Kristjan -> )

FirewallRules: [C32B1960-2775-4B46-BB7D-5C9B82B1FF1B] => (Allow) D:Steamsteamappscommonwallpaper_enginelauncher.exe (Skutta, Kristjan -> )

FirewallRules: [TCP Query User85435223-B20A-4C3F-932C-DFEA9258EF9AC:userschuacappdataroamingspotifyspotify.exe] => (Allow) C:userschuacappdataroamingspotifyspotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [UDP Query User0ADC87D0-9B57-40DD-A44F-CC651634800FC:userschuacappdataroamingspotifyspotify.exe] => (Allow) C:userschuacappdataroamingspotifyspotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [76982765-6D1F-4086-81AA-48914524A08A] => (Allow) D:Steambincefcef.win7x64steamwebhelper.exe (Valve -> Valve Corporation)

FirewallRules: [063E8BB1-BF0F-4063-9DDF-649DE7AB763E] => (Allow) D:Steambincefcef.win7x64steamwebhelper.exe (Valve -> Valve Corporation)

FirewallRules: [TCP Query User28822F2D-8287-4FB4-8B9D-BE3B2FAE9E69D:gamespersona.4.goldendayp4g.exe] => (Allow) D:gamespersona.4.goldendayp4g.exe => No File

FirewallRules: [UDP Query User730A6238-4B03-4E56-A456-B639DC1236BCD:gamespersona.4.goldendayp4g.exe] => (Allow) D:gamespersona.4.goldendayp4g.exe => No File

FirewallRules: [TCP Query User9D05DD91-BE0E-4DCF-BE0A-FEDDC132B594D:streamlabs obsstreamlabs obs.exe] => (Allow) D:streamlabs obsstreamlabs obs.exe (Streamlabs (General Workings, Inc.) -> General Workings, Inc.)

FirewallRules: [UDP Query User3B9EA2BE-D684-4B78-A719-11C3E6F9CC1ED:streamlabs obsstreamlabs obs.exe] => (Allow) D:streamlabs obsstreamlabs obs.exe (Streamlabs (General Workings, Inc.) -> General Workings, Inc.)

FirewallRules: [TCP Query UserF9BB21FB-391D-4B68-96B8-DFC210022717D:gamespersona 5 strikersgame.exe] => (Allow) D:gamespersona 5 strikersgame.exe (SEGA) [File not signed]

FirewallRules: [UDP Query User08FBB1AA-BA84-42C3-B12E-2E580D4ED43DD:gamespersona 5 strikersgame.exe] => (Allow) D:gamespersona 5 strikersgame.exe (SEGA) [File not signed]

FirewallRules: [85974C45-4449-462A-A786-3156C5DD8F9C] => (Allow) D:SteamsteamappscommonHelltakerHelltaker.exe () [File not signed]

FirewallRules: [F6DB221F-39D1-41A0-821D-0840ED1EE5DA] => (Allow) D:SteamsteamappscommonHelltakerHelltaker.exe () [File not signed]

FirewallRules: [0AF37191-AFC6-4FC8-BB99-3215B30275D8] => (Allow) C:Program Files (x86)BignoxBigNoxVMRTNoxVMHandle.exe (Nox Limited -> Nox Limited Corporation)

FirewallRules: [DCF9BB2E-F035-4EDC-AAAA-3C585367E987] => (Allow) D:\Nox64binNox.exe (Nox Limited -> Duodian Technology Co. Ltd.)

FirewallRules: [A7173FA6-9944-41FC-A036-876FF2D9B181] => (Allow) C:Program Files (x86)BignoxABigNoxVMRTNoxVBoxHandle.exe (Nox Limited -> Nox Limited Corporation)

FirewallRules: [TCP Query User24A63E35-BCC1-4C2C-95FE-E767FB7F607FC:program filesgenshin impactgenshin impact gamegenshinimpact.exe] => (Allow) C:program filesgenshin impactgenshin impact gamegenshinimpact.exe (miHoYo Co.,Ltd. -> )

FirewallRules: [UDP Query User57C12FEE-E654-41E6-B19F-CDB36F5F5B05C:program filesgenshin impactgenshin impact gamegenshinimpact.exe] => (Allow) C:program filesgenshin impactgenshin impact gamegenshinimpact.exe (miHoYo Co.,Ltd. -> )

FirewallRules: [2906CD2A-FCBC-4957-AE67-E36A4C602039] => (Block) C:program filesgenshin impactgenshin impact gamegenshinimpact.exe (miHoYo Co.,Ltd. -> )

FirewallRules: [481E130E-84AE-45AC-8BC3-61909CFE3F79] => (Block) C:program filesgenshin impactgenshin impact gamegenshinimpact.exe (miHoYo Co.,Ltd. -> )

FirewallRules: [5130D628-0352-43C9-B6F6-63B84F48947B] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [216E53DE-F605-4896-A978-30539F192E23] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [E903DD7C-7341-42B7-A444-0AA64858CDB0] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [8E13DB87-E72D-4B02-A986-CD505C945FC8] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [09C3D7B5-5F60-4C37-B862-4DD31507B324] => (Allow) C:UserschuacAppDataRoamingZoombinZoom.exe => No File

FirewallRules: [5D242EF0-AA26-46BA-927B-A7508D681951] => (Allow) C:UserschuacAppDataRoamingZoombinairhost.exe => No File

FirewallRules: [110BE418-DFAC-4F24-8566-415C6848039A] => (Allow) C:UserschuacAppDataRoamingZoombinairhost.exe => No File

FirewallRules: [2F701CE0-ACFA-4296-BAB3-E94318D4ECB8] => (Allow) C:Program FilesGoogleChromeApplicationchrome.exe (Google LLC -> Google LLC)

FirewallRules: [CBECD868-F79C-49C2-A037-B0E71A8394DB] => (Allow) D:SteamsteamappscommonBro Falls Ultimate ShowdownRun.exe () [File not signed]

FirewallRules: [A7775A48-C3F3-4190-B0F4-7E3A30DF484E] => (Allow) D:SteamsteamappscommonBro Falls Ultimate ShowdownRun.exe () [File not signed]

FirewallRules: [1F4F87A8-5A7D-4D39-AD85-7D5AF34C2AB5] => (Allow) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [DF9D0537-1AAA-4B46-8227-3CE579E85758] => (Allow) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [CEE1E43A-8A84-4CFD-B323-7AB2E2D65AB0] => (Allow) C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [CD68D615-A8DE-42D3-B5B5-DBCE88C3D3BF] => (Allow) C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [EFE8B7A4-EE33-47C0-ACC2-75F8EE182918] => (Allow) D:Steamsteamappscommonwallpaper_enginebindiagnostics32.exe (Skutta, Kristjan -> )

FirewallRules: [5B487A85-D4EC-4187-B2EE-1B04FA292A6C] => (Allow) D:Steamsteamappscommonwallpaper_enginebindiagnostics32.exe (Skutta, Kristjan -> )

 

==================== Restore Points =========================

 

25-06-2021 23:17:12 Scheduled Checkpoint

04-07-2021 23:59:47 Scheduled Checkpoint

06-07-2021 02:45:24 Driver Booster : Realtek PCIe GbE Family Controller

07-07-2021 22:17:32 Windows Modules Installer

 

==================== Faulty Device Manager Devices ============

 

 

==================== Event log errors: ========================

 

Application errors:

==================

Error: (07/10/2021 01:01:24 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for “D:JianyingProJianyingPro.exe”.Error in manifest or policy file “” on line .

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:WindowsWinSxSmanifestsx86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1083_none_a86919ea866f7777.manifest.

Component 2: C:WindowsWinSxSmanifestsamd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1083_none_60bbe31371f34e71.manifest.

 

Error: (07/09/2021 05:46:06 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: GoogleDiagnostics.exe, version: 12.1.7631.39347, time stamp: 0x60af054b

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x0076c298

Faulting process id: 0x6968

Faulting application start time: 0x01d774a73cb2bac2

Faulting application path: C:UserschuacAppDataRoamingGoogleGoogleDiagnostics.exe

Faulting module path: unknown

Report Id: d10c3e02-9d50-4c10-857c-bae1f7a133e4

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (07/09/2021 05:45:09 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: GoogleDiagnostics.exe, version: 12.1.7631.39347, time stamp: 0x60af054b

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x0076c298

Faulting process id: 0xfa0

Faulting application start time: 0x01d774a71afd7555

Faulting application path: C:UserschuacAppDataRoamingGoogleGoogleDiagnostics.exe

Faulting module path: unknown

Report Id: 897d3142-6428-4bfb-9d90-38e0f34bde11

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (07/09/2021 05:01:16 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: GoogleDiagnostics.exe, version: 12.1.7631.39347, time stamp: 0x60af054b

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x0076c298

Faulting process id: 0x7b04

Faulting application start time: 0x01d774a0f99c9969

Faulting application path: C:UserschuacAppDataRoamingGoogleGoogleDiagnostics.exe

Faulting module path: unknown

Report Id: 08a9cc3e-e735-4446-b65a-809c11d92434

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (07/09/2021 12:54:07 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)

Description: Windows cannot load the extensible counter DLL “C:Windowssystem32sysmain.dll” (Win32 error code 126).

 

Error: (07/09/2021 11:57:01 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)

Description: Windows cannot load the extensible counter DLL “C:Windowssystem32sysmain.dll” (Win32 error code 126).

 

Error: (07/09/2021 10:42:51 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Razer Synapse Service.exe, version: 1.0.0.0, time stamp: 0x60c1d3ab

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x0fb194e0

Faulting process id: 0x1508

Faulting application start time: 0x01d77346d14073ae

Faulting application path: C:Program Files (x86)RazerSynapse3ServiceRazer Synapse Service.exe

Faulting module path: unknown

Report Id: acddbf65-9748-476a-9f4b-74ac314fc3c6

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (07/09/2021 10:42:51 AM) (Source: .NET Runtime) (EventID: 1026) (User: )

Description: Application: Razer Synapse Service.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.NullReferenceException

   at <Module>.CEffectEngineWrapper.HasDevice(CEffectEngineWrapper*, CLightingDevice*, _ledid)

   at Resolver.LightingEffectsResolver.EnableActiveEngine(System.String)

   at Resolver.LightingEffectsResolver.OnOnChromaSDKUpdateEvent()

   at Common.ChromaSDKWrapperLib.ChromaSDKWrapper.raise_OnChromaSDKUpdateEvent()

   at Common.ChromaSDKWrapperLib.ChromaSDKWrapper.ChromaCallback(UInt32, Void*)

 

 

System errors:

=============

Error: (07/09/2021 07:34:02 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-GMLU23E)

Description: The server Windows.Media.Capture.Internal.AppCaptureShell did not register with DCOM within the required timeout.

 

Error: (07/09/2021 10:42:55 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Razer Synapse Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Run the configured recovery program.

 

Error: (07/07/2021 04:00:30 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-GMLU23E)

Description: DCOM got error “1053” attempting to start the service WSearch with arguments “Unavailable” in order to run the server:

B52D54BB-4818-4EB9-AA80-F9EACD371DF8

 

Error: (07/07/2021 04:00:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Windows Search service failed to start due to the following error: 

The service did not respond to the start or control request in a timely fashion.

 

Error: (07/07/2021 04:00:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

 

Error: (07/07/2021 10:01:39 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9WZDNCRFJBH4-Microsoft.Windows.Photos.

 

Error: (07/07/2021 08:12:22 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Razer Synapse Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Run the configured recovery program.

 

Error: (07/05/2021 06:17:58 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-GMLU23E)

Description: The server Windows.Media.Capture.Internal.AppCaptureShell did not register with DCOM within the required timeout.

 

 

Windows Defender:

================

Date: 2021-07-09 11:00:44

Description: 

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

 

Date: 2021-07-08 02:36:21

Description: 

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

Name: Trojan:Win32/Occamy.C7F

Severity: Severe

Category: Trojan

Path: file:_D:GamesGalgamenight夜晚,徘徊在我们的辅导教室_全线汉化.exe

Detection Origin: Local machine

Detection Type: FastPath

Detection Source: Real-Time Protection

Process Name: C:Windowsexplorer.exe

Security intelligence Version: AV: 1.343.573.0, AS: 1.343.573.0, NIS: 1.343.573.0

Engine Version: AM: 1.1.18300.4, NIS: 1.1.18300.4

 

Date: 2021-07-08 02:36:11

Description: 

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

Name: Trojan:Win32/Occamy.C7F

Severity: Severe

Category: Trojan

Path: file:_D:GamesGalgamenight夜晚,徘徊在我们的辅导教室_全线汉化.exe

Detection Origin: Local machine

Detection Type: FastPath

Detection Source: Real-Time Protection

Process Name: C:Windowsexplorer.exe

Security intelligence Version: AV: 1.343.573.0, AS: 1.343.573.0, NIS: 1.343.573.0

Engine Version: AM: 1.1.18300.4, NIS: 1.1.18300.4

 

Date: 2021-07-08 02:36:02

Description: 

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

Name: Trojan:Win32/Occamy.C7F

Severity: Severe

Category: Trojan

Path: file:_D:GamesGalgamenight夜晚,徘徊在我们的辅导教室_全线汉化.exe

Detection Origin: Local machine

Detection Type: FastPath

Detection Source: Real-Time Protection

Process Name: C:Windowsexplorer.exe

Security intelligence Version: AV: 1.343.573.0, AS: 1.343.573.0, NIS: 1.343.573.0

Engine Version: AM: 1.1.18300.4, NIS: 1.1.18300.4

 

Date: 2021-07-08 00:36:48

Description: 

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

Name: Trojan:Win32/Glupteba!ml

Severity: Severe

Category: Trojan

Path: file:_D:GamesGalgame夜晚,徘徊在我们的辅导教室夜晚,徘徊在我们的辅导教室_全线汉化.exe

Detection Origin: Local machine

Detection Type: FastPath

Detection Source: Real-Time Protection

Process Name: C:Windowsexplorer.exe

Security intelligence Version: AV: 1.343.568.0, AS: 1.343.568.0, NIS: 1.343.568.0

Engine Version: AM: 1.1.18300.4, NIS: 1.1.18300.4

 

Date: 2021-06-30 20:19:27

Description: 

Microsoft Defender Antivirus has encountered an error trying to update security intelligence.

New security intelligence Version: 1.343.92.0

Previous security intelligence Version: 1.341.1630.0

Update Source: User

Security intelligence Type: AntiSpyware

Update Type: Delta

Current Engine Version: 1.1.18300.4

Previous Engine Version: 1.1.18200.4

Error code: 0x80070666

Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 

 

Date: 2021-06-30 20:19:27

Description: 

Microsoft Defender Antivirus has encountered an error trying to update security intelligence.

New security intelligence Version: 1.343.92.0

Previous security intelligence Version: 1.341.1630.0

Update Source: User

Security intelligence Type: AntiVirus

Update Type: Delta

Current Engine Version: 1.1.18300.4

Previous Engine Version: 1.1.18200.4

Error code: 0x80070666

Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 

 

Date: 2021-06-30 20:19:27

Description: 

Microsoft Defender Antivirus has encountered an error trying to update the engine.

New Engine Version: 1.1.18300.4

Previous Engine Version: 1.1.18200.4

Error Code: 0x80070666

Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 

 

Date: 2021-06-30 12:50:51

Description: 

Microsoft Defender Antivirus has encountered an error trying to update security intelligence.

New security intelligence Version: 1.343.92.0

Previous security intelligence Version: 1.341.1630.0

Update Source: User

Security intelligence Type: AntiSpyware

Update Type: Delta

Current Engine Version: 1.1.18300.4

Previous Engine Version: 1.1.18200.4

Error code: 0x80070666

Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 

 

Date: 2021-06-30 12:50:51

Description: 

Microsoft Defender Antivirus has encountered an error trying to update security intelligence.

New security intelligence Version: 1.343.92.0

Previous security intelligence Version: 1.341.1630.0

Update Source: User

Security intelligence Type: AntiVirus

Update Type: Delta

Current Engine Version: 1.1.18300.4

Previous Engine Version: 1.1.18200.4

Error code: 0x80070666

Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 

 

CodeIntegrity:

===============

Date: 2021-06-24 16:49:51

Description: 

Code Integrity determined that a process (DeviceHarddiskVolume3WindowsSystemAppsMicrosoft.Windows.Search_cw5n1h2txyewySearchApp.exe) attempted to load DeviceHarddiskVolume3Program Files (x86)SogouInput9.8.0.3746PinyinUp.exe that did not meet the Microsoft signing level requirements.

 

Date: 2021-05-08 16:48:30

Description: 

Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume3WindowsSystem32aepic.dll because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

BIOS: American Megatrends Inc. P3.90 12/09/2019

Motherboard: ASRock B450M Pro4

Processor: AMD Ryzen 3 3100 4-Core Processor 

Percentage of memory in use: 56%

Total physical RAM: 16313.83 MB

Available physical RAM: 7027.16 MB

Total Virtual: 23737.83 MB

Available Virtual: 7549.29 MB

 

==================== Drives ================================

 

Drive c: (KINGSTON A2000) (Fixed) (Total:232.28 GB) (Free:105.69 GB) NTFS

Drive d: (TOSHIBA 1TB) (Fixed) (Total:931.51 GB) (Free:522.75 GB) NTFS ==>[system with boot components (obtained from drive)]

Drive e: (WD 1TB(EXTERNAL)) (Fixed) (Total:930.93 GB) (Free:493 GB) NTFS

 

\?Volumed88c8e6a-efe2-4977-a7b3-73ac18ba24ad () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS

\?Volume99e18658-c3a1-4b96-9e32-102d7f674fe4 (Recovery) (Fixed) (Total:0.49 GB) (Free:0.47 GB) NTFS

\?Volume8ed4e7f7-9819-497e-9aaa-c2408df8a7ad () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

\?Volume83ca935d-d07c-4b63-a7da-4da102961d00 () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

 

==================== MBR & Partition Table ====================

 

==========================================================

Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: B31F84D8)

Partition 1: (Active) – (Size=931.5 GB) – (Type=07 NTFS)

 

==========================================================

Disk: 1 (Size: 232.9 GB) (Disk ID: B31F84D0)

 

Partition: GPT.

 

==========================================================

Disk: 2 (Size: 931.5 GB) (Disk ID: 0C8C79E9)

 

Partition: GPT.

 

==================== End of Addition.txt =======================

 

Next Post

Tech Trio Earns ABCA All-Location Awards

LUBBOCK, Texas – Texas Tech baseball’s Jace Jung, Cal Conley and Dru Baker have been named to the 2021 American Baseball Coaches Affiliation (ABCA)/Rawlings All-Central Region groups, it was announced currently.   Jung and Conley had been positioned on the Central All-Region Initially Staff, even though Baker garnered 2nd workforce […]