Solved Checkup

[MrPandaBear]

Hey I'd like to make sure my pc is fully clean and that there aren't any malwares/rootkits/viruses lurking around in the background even though I was using malwabytes all the time,
I would appreciate help regarding this matter and thanks in advance.

 

[MrPandaBear]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-07-2022
Ran by Unknown (administrator) on RAZ (Gigabyte Technology Co., Ltd. Z370P D3) (23-07-2022 15:10:54)
Running from C:\Users\Unknown\Downloads
Loaded Profiles: Unknown
Platform: Microsoft Windows 10 Pro Version 21H2 19044.1826 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Discord Inc. -> Discord Inc.) C:\Users\Unknown\AppData\Local\Discord\app-1.0.9005\Discord.exe <6>
(explorer.exe ->) (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <11>
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(services.exe ->) (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(services.exe ->) (GIGA-BYTE TECHNOLOGY CO., LTD. -> Microsoft) C:\Program Files (x86)\GIGABYTE\GService\GCloud.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_246e95e4066041ad\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_85cff5320735903d\RtkAudUService64.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_85cff5320735903d\RtkAudUService64.exe [3378592 2021-10-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [82992808 2022-03-09] (Discord Inc. -> Discord Inc.)
HKLM-x32\...\RunOnce: [PreRun] => C:\Program Files (x86)\Gigabyte\AppCenter\PreRun.exe [14632 2016-02-26] (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\...\Run: [Discord] => C:\Users\Unknown\AppData\Local\Discord\Update.exe [1512616 2022-02-17] (Discord Inc. -> GitHub)
HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4282328 2022-06-07] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [941416 2022-06-16] (Nota, Inc. -> Nota Inc.)
HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [479632 2022-01-15] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\...\Run: [NGenuity] => C:\Program Files (x86)\HyperX\NGenuity\NGenuity.exe [1834184 2020-10-08] (Kingston Technology Company, Inc. -> HyperX NGenuity Software)
HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\...\Run: [f.lux] => C:\Users\Unknown\AppData\Local\FluxSoftware\Flux\flux.exe [1515848 2021-06-18] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [36976728 2022-06-14] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe /StartMinimized (No File)
HKLM\Software\Microsoft\Active Setup\Installed Components: [OpenVPN_UserSetup] -> reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OPENVPN-GUI /f
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\103.0.5060.134\Installer\chrmstp.exe [2022-07-20] (Google LLC -> Google LLC)
IFEO\osppsvc.exe: [VerifierDlls] SppExtComObjHook.dll
IFEO\SppExtComObj.exe: [VerifierDlls] SppExtComObjHook.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AdsPower.lnk [2022-01-10]
ShortcutTarget: AdsPower.lnk -> C:\Program Files\AdsPower\AdsPower.exe (广州散步去信息科技有限公司 -> AdsPower)
Startup: C:\Users\Unknown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AORUS ENGINE.lnk [2022-07-23]
ShortcutTarget: AORUS ENGINE.lnk -> C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\autorun.exe () [File not signed]
Startup: C:\Users\Unknown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tamriel Trade Centre Client.lnk [2022-05-30]
ShortcutTarget: Tamriel Trade Centre Client.lnk -> C:\Users\Unknown\Documents\Elder Scrolls Online\live\AddOns\TamrielTradeCentre\Client\Client.exe () [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy-Firefox: Restriction <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06854399-2EB6-45A8-A62D-BDF1B97C5EDF} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23378864 2022-07-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {0E3ED632-63F3-46C8-8F0E-63ECFF4330FA} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-9QCU0QU-Unknown => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {102440D0-C204-4D26-9322-8E92EB96E24A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8414664 2022-07-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {1BAB1805-401C-4E07-86F8-08C2BB232C88} - System32\Tasks\EasyTune 1 => C:\Program Files (x86)\GIGABYTE\EasyTune\etocfile.exe [20352 2021-10-11] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
Task: {20F5B379-EFB3-41EF-898E-7AC997BE0099} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906752 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {218746FD-71C5-4F57-A7ED-DB91632422CE} - System32\Tasks\Git for Windows Updater => C:\Program Files\Git\git-bash.exe [137776 2022-07-11] (Johannes Schindelin -> The Git Development Community)
Task: {239456F7-BDD2-426D-8A32-D0026F7D4576} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342080 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {27A43513-F119-465F-A7B5-0FF3AA939D4A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23378864 2022-07-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {2E22DAC4-DE18-4662-A660-D4797A483B9A} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NoUACCheck
Task: {308CDF02-D68E-44D7-B309-C4D6D7760348} - System32\Tasks\QuickCPUx64 => C:\Program Files\QuickCPU\QuickCPU.exe [3735744 2022-04-20] (CoderBag, LLC -> Coderbag)
Task: {35C98E0C-36B5-4606-A074-EFD12C858C0D} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2022-06-20] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {3AA289D6-9401-4343-A9F3-433C318B2BB9} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3635629567-1418942999-3944559301-1002 => C:\Users\Unknown\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)
Task: {45C6024A-EAB3-47B1-B8F4-37921E2784E3} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {4FE850B3-01D9-4C0C-9CD7-A27D785B8C91} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {56EF8172-439D-47D2-A329-577F88A631B7} - System32\Tasks\GraphicsCardEngine => C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\GraphicsCardEngineStarter.exe [234880 2021-04-13] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
Task: {57ECC321-A632-4AE7-8A21-DDB7FB4CC36A} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646344 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {5DD956BD-AB41-4773-9A7F-9E63ACAA4BE9} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\9.4.0\AutoUpdate.exe [2476640 2022-06-06] (IObit CO., LTD -> IObit)
Task: {80330F3C-3B98-4A54-8D5C-E0602CA591AB} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {8E8E8EB9-B100-435D-BB34-CE9CBB15226A} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-03-01] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {8F2A7974-0441-4293-A725-9D769E3D7A8B} - System32\Tasks\Driver Booster SkipUAC (Unknown) => C:\Program Files (x86)\IObit\Driver Booster\9.4.0\DriverBooster.exe [8662112 2022-06-06] (IObit CO., LTD -> IObit)
Task: {92FB0824-0003-4886-BB06-E68E010196AD} - System32\Tasks\CCleanerSkipUAC - Unknown => C:\Program Files\CCleaner\CCleaner.exe [31027800 2022-06-14] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {985DE295-F27F-4272-A296-A84228AE4D88} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [145312 2022-07-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {9D61A42C-BFDA-42E0-A720-1D6D4F67D3F0} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [815 2021-09-09] () [File not signed]
Task: {9EE6EC85-85E9-45C9-A1A2-36BA70C84C5B} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [11254592 2022-06-16] (Nota, Inc. -> Nota Inc.)
Task: {A371B860-E8DA-43B6-8841-A5835A34DC87} - System32\Tasks\EasyTune => C:\Program Files (x86)\GIGABYTE\EasyTune\etinit.exe [17280 2021-04-08] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
Task: {A6E02026-95D2-4858-A8A1-815C60A9AD9C} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [11254592 2022-06-16] (Nota, Inc. -> Nota Inc.)
Task: {A7A67363-3ABA-4A71-8200-0E5E8B2486DF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8414664 2022-07-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {A9FD4265-B4AF-492B-A1E8-6E0FD825048C} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3635629567-1418942999-3944559301-1002 => C:\Users\Unknown\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (No File)
Task: {B95929D2-CEA9-40B2-B580-87D6F7A0DC07} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-01-10] (Google LLC -> Google LLC)
Task: {BD31C126-6598-4223-BD42-771BA068CD2D} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906752 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {BD5E7D8C-391C-498C-AA24-8092ECA54CFC} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [145312 2022-07-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {BF4AC18D-A14D-4D93-A73D-4DD7FEB14E4A} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {C140FF70-2B78-4654-AB7E-71F2DC57A15D} - System32\Tasks\Uninstaller_SkipUac_Unknown => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [7562760 2022-07-07] (IObit CO., LTD -> IObit)
Task: {CEB57680-63E8-4614-9F99-094BAECCD12D} - System32\Tasks\Launcher GIGABYTE AORUS GRAPHICS ENGINE => C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\AORUS.exe [34684784 2022-06-27] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGABYTE Technology Co.,Ltd.)
Task: {D0A417F8-6D53-454E-B9F9-BDF57D37EE81} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {E23BB998-AAAA-47B0-A636-EEC8911D47D9} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [64416 2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {EA6D2AB8-6C0F-4422-A9C0-16A07F4D7C3D} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-3635629567-1418942999-3944559301-1002 => C:\ProgramData\MEGAsync\MEGAupdater.exe [2531504 2022-07-01] (Mega Limited -> )
Task: {F6A7550C-ABE8-43D7-BFE1-FFB591DF2CDA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-01-10] (Google LLC -> Google LLC)
Task: {FAFFD8AB-B2BA-4D39-90FD-D6C4FB5C8EB9} - System32\Tasks\Sump Task (One-Time) => C:\Program Files (x86)\IObit\IObit Uninstaller\sump.exe /sup2 (No File)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{44c37263-83a1-4033-9c29-4f66eeee3d7b}: [NameServer] 10.0.0.138

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Unknown\AppData\Local\Microsoft\Edge\User Data\Default [2022-07-11]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Unknown\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-06-23]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: yfzic9f0.default
FF ProfilePath: C:\Users\Unknown\AppData\Roaming\Mozilla\Firefox\Profiles\yfzic9f0.default [2022-05-03]
FF ProfilePath: C:\Users\Unknown\AppData\Roaming\Mozilla\Firefox\Profiles\9tmybvze.default-release [2022-07-23]
FF NetworkProxy: Mozilla\Firefox\Profiles\9tmybvze.default-release -> type", 0
FF Session Restore: Mozilla\Firefox\Profiles\9tmybvze.default-release -> is enabled.
FF Extension: (Insignia) - C:\Users\Unknown\AppData\Roaming\Mozilla\Firefox\Profiles\9tmybvze.default-release\Extensions\{1676b58d-f91e-4787-b426-9ce9a56187df}.xpi [2022-05-03]
FF Extension: (The Penguins of Madagascar) - C:\Users\Unknown\AppData\Roaming\Mozilla\Firefox\Profiles\9tmybvze.default-release\Extensions\{4baf03a9-744f-44f6-b6a4-47dca3130a6c}.xpi [2022-05-03]
FF Extension: (EPUBReader) - C:\Users\Unknown\AppData\Roaming\Mozilla\Firefox\Profiles\9tmybvze.default-release\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}.xpi [2022-07-22]
FF Extension: (Popup Blocker Ultimate) - C:\Users\Unknown\AppData\Roaming\Mozilla\Firefox\Profiles\9tmybvze.default-release\Extensions\{60B7679C-BED9-11E5-998D-8526BB8E7F8B}.xpi [2022-05-12]
FF Extension: (God of War theme) - C:\Users\Unknown\AppData\Roaming\Mozilla\Firefox\Profiles\9tmybvze.default-release\Extensions\{c6ca019e-0549-4725-b5af-6d0485837b38}.xpi [2022-05-03]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Unknown\AppData\Roaming\Mozilla\Firefox\Profiles\9tmybvze.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2022-07-05]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.16 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems Incorporated -> Adobe Systems)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Unknown\AppData\Local\Google\Chrome\User Data\Default [2022-07-23]
CHR Session Restore: Default -> is enabled.
CHR Extension: (Popup Blocker (strict)) - C:\Users\Unknown\AppData\Local\Google\Chrome\User Data\Default\Extensions\aefkmifgmaafnojlojpnekbpbmjiiogg [2022-05-03]
CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\Unknown\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2022-07-05]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Unknown\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2022-07-05]
CHR Extension: (Google Docs Offline) - C:\Users\Unknown\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-07-21]
CHR Extension: (Similar Sites - Discover Related Websites) - C:\Users\Unknown\AppData\Local\Google\Chrome\User Data\Default\Extensions\necpbmbhhdiplmfhmjicabdeighkndkn [2022-05-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Unknown\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-05-03]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [1843392 2015-08-20] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8885112 2022-05-03] (BattlEye Innovations e.K. -> )
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1081432 2022-06-14] (Piriform Software Ltd -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12111288 2022-07-20] (Microsoft Corporation -> Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4958096 2022-01-15] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1135648 2022-04-20] (EasyAntiCheat Oy -> Epic Games, Inc)
S2 EasyTuneEngineService; C:\Program Files (x86)\Gigabyte\EasyTuneEngineService\EasyTuneEngineService.exe [147840 2022-01-25] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
R2 Gservice; C:\Program Files (x86)\GIGABYTE\GService\GCloud.exe [19888 2016-12-02] (GIGA-BYTE TECHNOLOGY CO., LTD. -> Microsoft)
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [158744 2022-02-10] (IObit CO., LTD -> IObit)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8683336 2022-07-23] (Malwarebytes Inc. -> Malwarebytes)
S2 MyService1; C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe [18944 2021-04-08] () [File not signed]
S3 nordsec-threatprotection-service; C:\Program Files\NordVPN\NordSec ThreatProtection\nordsec-threatprotection-service.exe [310136 2021-06-11] (nordvpn s.a. -> TEFINCOM S.A.)
S2 NordUpdaterService; C:\Program Files\NordUpdater\NordUpdateService.exe [297848 2021-06-07] (nordvpn s.a. -> TEFINCOM S.A.)
S2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [281464 2022-02-18] (nordvpn s.a. -> TEFINCOM S.A.)
S2 OCButtonService; C:\Program Files (x86)\Gigabyte\EasyTuneEngineService\OcButtonService.exe [127360 2021-04-13] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
S3 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [14592472 2022-06-13] (ADLICE -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6232176 2022-07-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 SharedAccess; C:\Windows\System32\svchost.exe [55320 2022-07-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 SharedAccess; C:\Windows\SysWOW64\svchost.exe [46504 2022-07-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 ucldr_battlegrounds_gl; C:\Program Files\Common Files\UNCHEATER\ucldr_battlegrounds_gl.exe [7152880 2022-01-31] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S4 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe [3120992 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe [133544 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 WMIRegistrationService; C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe [538736 2021-07-25] (Intel Corporation -> Intel Corporation)
S3 zksvc; C:\Program Files\Common Files\PUBG\zksvc.exe [8737992 2022-01-31] (PUBG CORPORATION -> PUBG Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_246e95e4066041ad\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_246e95e4066041ad\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdTools64; C:\Windows\System32\drivers\AmdTools64.sys [63392 2020-06-16] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 cbhardwarelink2; C:\Program Files\QuickCPU\hwdlink.sys [26320 2022-07-23] (CoderBag, LLC -> Coderbag)
S3 CsrBtPort; C:\Windows\system32\DRIVERS\CsrBtPort.sys [2784968 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 csrpan; C:\Windows\System32\drivers\csrpan.sys [39616 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 csrserial; C:\Windows\system32\DRIVERS\csrserial.sys [61128 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 csrusb; C:\Windows\System32\Drivers\csrusb.sys [47296 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 csrusbfilter; C:\Windows\System32\Drivers\csrusbfilter.sys [23752 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [42256 2022-01-15] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [63696 2022-01-15] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 gdrv; C:\Windows\gdrv.sys [26192 2022-07-01] (Giga-Byte Technology -> Windows (R) Server 2003 DDK provider)
R3 gdrv3; C:\Windows\System32\drivers\gdrv3.sys [41480 2022-02-24] (GIGA-BYTE Technology Co., Ltd. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
R3 int0800; C:\Windows\System32\drivers\flashud.sys [62984 2019-08-28] (Intel Corporation -> Intel Corporation)
S3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys [43896 2020-07-31] (IObit Information Technology -> IObit)
S3 IUProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUProcessFilter.sys [37112 2020-07-31] (IObit Information Technology -> IObit)
S3 IURegistryFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegistryFilter.sys [51128 2020-07-31] (IObit Information Technology -> IObit)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2022-07-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2022-07-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 NDivert; C:\Program Files\NordVPN\6.47.22.0\Drivers\NDivert.sys [131456 2022-04-20] (nordvpn s.a. -> Nordvpn S.A.)
R1 nordlwf; C:\Windows\system32\DRIVERS\nordlwf.sys [44928 2022-02-22] (nordvpn s.a. -> TEFINCOM S.A.)
R1 npcap; C:\Windows\system32\DRIVERS\npcap.sys [72792 2021-12-01] (Insecure.Com LLC -> Insecure.Com LLC.)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [48552 2021-12-15] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
S3 RzCommon; C:\Windows\System32\drivers\RzCommon.sys [54632 2021-03-30] (Razer USA Ltd. -> Razer Inc)
S3 RzDev_025e; C:\Windows\System32\drivers\RzDev_025e.sys [54160 2020-08-24] (Razer USA Ltd. -> Razer Inc)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [167544 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 tap0901; C:\Windows\System32\drivers\tap0901.sys [37360 2019-04-23] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R3 tapnordvpn; C:\Windows\System32\drivers\tapnordvpn.sys [44896 2020-06-09] (TEFINCOM S.A. -> The OpenVPN Project)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [49576 2022-06-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S4 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [452856 2022-06-23] (Microsoft Windows -> Microsoft Corporation)
S4 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [91384 2022-06-23] (Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\Windows\xhunter1.sys [2522256 2022-01-31] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
U4 napagent; no ImagePath
U4 npcap_wifi; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-07-23 15:10 - 2022-07-23 15:11 - 000030118 _____ C:\Users\Unknown\Downloads\FRST.txt
2022-07-23 15:02 - 2022-07-23 15:02 - 000000000 ____D C:\AdwCleaner
2022-07-23 15:01 - 2022-07-23 15:03 - 000000000 ____D C:\ProgramData\RogueKiller
2022-07-23 15:01 - 2022-07-23 15:01 - 000041920 _____ C:\Windows\system32\Drivers\truesight.sys
2022-07-23 15:00 - 2022-07-23 15:00 - 000005252 _____ C:\Users\Public\Desktop\mbst-fix-results.txt
2022-07-23 14:59 - 2022-07-23 14:59 - 008551608 _____ (Malwarebytes) C:\Users\Unknown\Downloads\adwcleaner.exe
2022-07-23 14:59 - 2022-07-23 14:59 - 000000905 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2022-07-23 14:59 - 2022-07-23 14:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2022-07-23 14:59 - 2022-07-23 14:59 - 000000000 ____D C:\Program Files\RogueKiller
2022-07-23 14:57 - 2022-07-23 14:57 - 043599792 _____ (Adlice Software ) C:\Users\Unknown\Downloads\RogueKiller_setup.exe
2022-07-23 14:50 - 2022-07-23 14:50 - 002369536 _____ (Farbar) C:\Users\Unknown\Downloads\FRST64.exe
2022-07-23 14:49 - 2022-07-23 14:49 - 000294912 _____ C:\Users\Unknown\Desktop\123.wfw
2022-07-23 14:47 - 2022-07-23 14:48 - 298190568 _____ (Malwarebytes) C:\Users\Unknown\Downloads\mb4-setup-consumer-4.5.11.202-1.0.1716-1.0.57206.exe
2022-07-23 14:46 - 2022-07-23 15:11 - 000000000 ____D C:\FRST
2022-07-23 14:39 - 2022-07-23 14:39 - 000239544 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2022-07-23 14:36 - 2022-07-23 14:36 - 000034293 _____ C:\Users\Public\Desktop\mbst-clean-results.txt
2022-07-23 14:35 - 2022-07-23 14:44 - 000002041 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk

 

[MrPandaBear]

2022-07-23 14:35 - 2022-07-23 14:44 - 000002029 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-07-23 14:35 - 2022-07-23 14:35 - 000158640 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2022-07-23 14:35 - 2022-07-23 14:35 - 000000000 ____D C:\Users\Unknown\AppData\Local\mbam
2022-07-23 14:35 - 2022-07-23 14:34 - 000021480 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2022-07-23 14:34 - 2022-07-23 14:43 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-07-23 14:34 - 2022-07-23 14:43 - 000000000 ____D C:\Program Files\Malwarebytes
2022-07-23 14:32 - 2022-07-23 14:43 - 002369536 _____ (Farbar) C:\Users\Unknown\Downloads\FRSTEnglish.exe
2022-07-23 14:32 - 2022-07-23 14:32 - 013471344 _____ C:\Users\Unknown\Downloads\mb-support-1.8.7.918.exe
2022-07-23 14:29 - 2022-07-23 14:29 - 002556344 _____ (Malwarebytes) C:\Users\Unknown\Downloads\MBSetup-AD870978-37335.37335.exe
2022-07-23 14:28 - 2022-07-23 14:28 - 000003424 _____ C:\Windows\system32\Tasks\Launcher GIGABYTE AORUS GRAPHICS ENGINE
2022-07-23 14:23 - 2022-07-23 14:23 - 000003156 _____ C:\Windows\system32\Tasks\Uninstaller_SkipUac_Unknown
2022-07-23 14:23 - 2022-07-23 14:23 - 000001434 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
2022-07-23 14:23 - 2022-07-23 14:23 - 000001422 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2022-07-23 14:21 - 2022-07-23 14:21 - 000003352 _____ C:\Windows\system32\Tasks\Sump Task (One-Time)
2022-07-23 14:19 - 2022-07-23 14:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2022-07-23 13:59 - 2022-07-23 13:59 - 000000232 _____ C:\Users\Unknown\Desktop\discord_backup_codes.txt
2022-07-23 13:41 - 2022-07-23 13:41 - 000000000 ____D C:\ProgramData\boost_interprocess
2022-07-23 13:40 - 2022-07-23 13:40 - 000006881 _____ C:\Users\Unknown\-1.14-windows.xml
2022-07-23 13:39 - 2022-07-23 13:39 - 000000000 ____D C:\Users\Public\BlueStacks
2022-07-23 13:38 - 2022-07-23 13:49 - 000000000 ____D C:\Users\Unknown\AppData\Local\BlueStacks
2022-07-22 15:48 - 2022-07-22 15:48 - 000000711 _____ C:\Users\Unknown\Desktop\Stray.lnk
2022-07-22 15:48 - 2022-07-22 15:48 - 000000000 ____D C:\Users\Unknown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stray
2022-07-22 15:47 - 2022-07-22 15:47 - 000000000 ____D C:\Games
2022-07-21 12:58 - 2022-07-21 12:58 - 000000000 ____D C:\ProgramData\Steam
2022-07-21 11:44 - 2022-07-21 11:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games
2022-07-19 21:10 - 2022-07-21 20:20 - 000000000 ____D C:\Users\Unknown\AppData\Roaming\DarknessII
2022-07-15 09:42 - 2022-07-15 09:42 - 002260480 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2022-07-15 09:42 - 2022-07-15 09:42 - 000693248 _____ C:\Windows\system32\FsNVSDeviceSource.dll
2022-07-15 09:42 - 2022-07-15 09:42 - 000640512 _____ C:\Windows\system32\SettingSyncDownloadHelper.dll
2022-07-15 09:42 - 2022-07-15 09:42 - 000530944 _____ (curl, hxxps://curl.se/) C:\Windows\system32\curl.exe
2022-07-15 09:42 - 2022-07-15 09:42 - 000470528 _____ (curl, hxxps://curl.se/) C:\Windows\SysWOW64\curl.exe
2022-07-15 09:42 - 2022-07-15 09:42 - 000288768 _____ C:\Windows\system32\Windows.Management.InprocObjects.dll
2022-07-15 09:42 - 2022-07-15 09:42 - 000270848 _____ C:\Windows\system32\EsclScan.dll
2022-07-15 09:42 - 2022-07-15 09:42 - 000152064 _____ C:\Windows\system32\EsclProtocol.dll
2022-07-15 09:42 - 2022-07-15 09:42 - 000061952 _____ C:\Windows\system32\printticketvalidation.dll
2022-07-15 09:42 - 2022-07-15 09:42 - 000057344 _____ C:\Windows\system32\APMonUI.dll
2022-07-15 09:42 - 2022-07-15 09:42 - 000033280 _____ (Microsoft Corporation) C:\Windows\system32\mode.com
2022-07-15 09:42 - 2022-07-15 09:42 - 000026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mode.com
2022-07-15 09:42 - 2022-07-15 09:42 - 000024576 _____ C:\Windows\system32\WsdProviderUtil.dll
2022-07-15 09:42 - 2022-07-15 09:42 - 000020992 _____ (Microsoft Corporation) C:\Windows\system32\tree.com
2022-07-15 09:42 - 2022-07-15 09:42 - 000018944 _____ C:\Windows\SysWOW64\WsdProviderUtil.dll
2022-07-15 09:42 - 2022-07-15 09:42 - 000017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tree.com
2022-07-15 09:42 - 2022-07-15 09:42 - 000014848 _____ (Microsoft Corporation) C:\Windows\system32\chcp.com
2022-07-15 09:42 - 2022-07-15 09:42 - 000012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chcp.com
2022-07-15 09:42 - 2022-07-15 09:42 - 000011811 _____ C:\Windows\system32\DrtmAuthTxt.wim
2022-07-15 09:37 - 2022-07-15 09:37 - 000000000 ___HD C:\$WinREAgent
2022-07-14 11:52 - 2022-07-14 11:52 - 000000000 ____D C:\Users\Unknown\Documents\AutomaticSolution Software
2022-07-14 00:43 - 2022-07-14 00:43 - 000000053 _____ C:\Users\Unknown\.git-for-windows-updater
2022-07-13 12:38 - 2022-07-13 12:38 - 000000000 ____D C:\Users\Unknown\AppData\Local\ARKBreedingStats
2022-07-13 12:37 - 2022-07-19 15:21 - 000000000 ____D C:\Users\Unknown\AppData\Local\ARK Smart Breeding
2022-07-13 12:37 - 2022-07-13 12:37 - 000001220 _____ C:\Users\Public\Desktop\ARK Smart Breeding.lnk
2022-07-13 12:37 - 2022-07-13 12:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ARK Smart Breeding
2022-07-13 12:37 - 2022-07-13 12:37 - 000000000 ____D C:\Program Files (x86)\ARK Smart Breeding
2022-07-13 00:43 - 2022-07-13 00:43 - 000002594 _____ C:\Windows\system32\Tasks\Git for Windows Updater
2022-07-13 00:43 - 2022-07-13 00:43 - 000001764 _____ C:\Users\Public\Desktop\Git Bash.lnk
2022-07-13 00:43 - 2022-07-13 00:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
2022-07-13 00:24 - 2022-07-13 00:24 - 000001362 _____ C:\Users\Unknown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Git for Windows.lnk
2022-07-11 00:37 - 2022-07-11 00:37 - 000000000 ____D C:\Users\Unknown\AppData\Local\pip
2022-07-11 00:35 - 2022-07-11 00:35 - 000000000 ____D C:\Users\Unknown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.10
2022-07-11 00:35 - 2022-07-11 00:35 - 000000000 ____D C:\Users\Unknown\AppData\Local\Package Cache
2022-07-11 00:28 - 2022-07-11 00:28 - 000000047 _____ C:\Users\Unknown\.bash_history
2022-07-11 00:24 - 2022-07-13 00:43 - 000000000 ____D C:\Program Files\Git
2022-07-11 00:15 - 2022-07-11 00:38 - 000000000 ____D C:\Users\Unknown\Desktop\MHDDoS
2022-07-11 00:13 - 2022-07-23 13:31 - 000000000 ____D C:\Users\Unknown\AppData\Local\PlaceholderTileLogoFolder
2022-07-10 23:54 - 2022-07-11 00:17 - 000007614 _____ C:\Users\Unknown\AppData\Local\Resmon.ResmonCfg
2022-07-10 22:24 - 2022-07-10 22:25 - 000000000 ____D C:\Users\Unknown\AppData\Roaming\Wireshark
2022-07-10 22:17 - 2022-07-10 22:17 - 000003460 _____ C:\Windows\system32\Tasks\npcapwatchdog
2022-07-10 22:17 - 2022-07-10 22:17 - 000001827 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2022-07-10 22:17 - 2022-07-10 22:17 - 000001815 _____ C:\Users\Public\Desktop\Wireshark.lnk
2022-07-10 22:17 - 2022-07-10 22:17 - 000000000 ____D C:\Windows\SysWOW64\Npcap
2022-07-10 22:17 - 2022-07-10 22:17 - 000000000 ____D C:\Windows\system32\Npcap
2022-07-10 22:16 - 2022-07-10 22:17 - 000000000 ____D C:\Program Files\Wireshark
2022-07-10 22:12 - 2022-07-10 22:12 - 000000000 ____D C:\Users\Unknown\AppData\Local\ae841a71-2787-4e53-a40b-7001fcf0e853
2022-07-10 22:01 - 2022-07-10 22:01 - 000000000 ____D C:\TFTP-Root
2022-07-10 22:00 - 2022-07-10 22:12 - 000000031 _____ C:\ProgramData\swi500b08e4-f553-418c-941d-d523edc3e2a0.txt
2022-07-10 22:00 - 2022-07-10 22:01 - 000000000 ____D C:\Users\Unknown\AppData\Local\SolarWinds
2022-07-10 22:00 - 2022-07-10 22:00 - 000000000 ____D C:\Users\Unknown\AppData\Local\Solarwinds Toolset Installs
2022-07-10 21:59 - 2022-07-10 22:15 - 000000000 ____D C:\ProgramData\SolarWinds
2022-07-10 21:59 - 2022-07-10 21:59 - 000000000 ____D C:\Users\Unknown\AppData\Local\f9027c8f-f115-4617-b716-19de7ec5e9d6
2022-07-10 21:59 - 2022-07-10 21:59 - 000000000 ____D C:\Users\Unknown\AppData\Local\Applications
2022-07-10 21:59 - 2022-07-10 21:59 - 000000000 ____D C:\ProgramData\Applications
2022-07-10 21:59 - 2022-07-10 21:59 - 000000000 ____D C:\Program Files (x86)\Microsoft Corporation
2022-07-10 21:54 - 2022-07-10 21:54 - 000000218 _____ C:\Users\Unknown\AppData\Local\recently-used.xbel
2022-07-10 21:17 - 2022-07-10 21:54 - 000000000 ____D C:\Users\Unknown\.zenmap
2022-07-10 21:15 - 2022-07-10 21:15 - 000001036 _____ C:\Users\Unknown\Desktop\Nmap - Zenmap GUI.lnk
2022-07-10 21:15 - 2022-07-10 21:15 - 000000000 ____D C:\Users\Unknown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nmap
2022-07-10 21:14 - 2022-07-10 22:17 - 000000000 ____D C:\Program Files\Npcap
2022-07-10 21:14 - 2022-07-10 21:15 - 000000000 ____D C:\Program Files (x86)\Nmap
2022-07-10 19:57 - 2022-07-10 19:57 - 000136192 _____ C:\Users\Unknown\Desktop\LOIC.exe
2022-07-07 21:04 - 2022-07-07 21:04 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2022-07-07 14:47 - 2022-07-09 10:02 - 000000000 ____D C:\Users\Unknown\Desktop\dControl
2022-07-07 14:47 - 2022-07-07 14:47 - 000000410 __RSH C:\ProgramData\ntuser.pol
2022-07-07 11:01 - 2022-07-07 11:01 - 000007131 _____ C:\Windows\Simple Static IP Setup Log.txt
2022-07-07 11:01 - 2022-07-07 11:01 - 000002078 _____ C:\Users\Unknown\Desktop\Simple Static IP.lnk
2022-07-07 11:01 - 2022-07-07 11:01 - 000000000 ____D C:\Windows\Simple Static IP
2022-07-07 11:01 - 2022-07-07 11:01 - 000000000 ____D C:\Users\Unknown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Simple Static IP
2022-07-07 11:01 - 2022-07-07 11:01 - 000000000 ____D C:\Program Files (x86)\Simple Static IP
2022-07-06 00:31 - 2022-07-06 00:31 - 000000000 ____D C:\Users\Unknown\AppData\Local\ZIsland
2022-07-06 00:31 - 2022-07-06 00:31 - 000000000 ____D C:\Users\Unknown\AppData\Local\UnrealEngine
2022-07-04 20:55 - 2022-07-04 20:55 - 000000000 ____D C:\Users\Unknown\AppData\Roaming\iolo technologies
2022-07-04 20:53 - 2022-07-04 20:53 - 000000000 ____D C:\Users\Unknown\AppData\Roaming\iolo
2022-07-03 09:47 - 2022-07-03 09:47 - 000003344 _____ C:\Windows\system32\Tasks\QuickCPUx64
2022-07-02 13:10 - 2022-07-02 13:10 - 000000000 ____D C:\Users\Unknown\AppData\LocalLow\MogWomp Games
2022-07-01 21:34 - 2022-07-23 15:01 - 000008192 ___SH C:\DumpStack.log.tmp
2022-07-01 21:34 - 2022-07-01 21:34 - 000000000 ____D C:\Windows\Minidump
2022-07-01 17:55 - 2022-07-01 17:55 - 000000000 ____D C:\Users\Unknown\AppData\LocalLow\RiezOn
2022-07-01 17:42 - 2022-07-01 17:42 - 000000000 ____D C:\Users\Unknown\AppData\LocalLow\Team Nimbus
2022-07-01 14:45 - 2022-07-01 14:45 - 000001243 _____ C:\Users\Public\Desktop\AORUS ENGINE.lnk
2022-07-01 14:32 - 2022-07-01 14:32 - 000001199 _____ C:\Users\Public\Desktop\HyperX NGenuity.lnk
2022-07-01 14:31 - 2022-07-01 14:31 - 001215199 _____ C:\Windows\unins000.exe
2022-07-01 14:12 - 2022-07-23 15:02 - 000000000 ____D C:\Program Files\QuickCPU
2022-07-01 14:12 - 2022-07-01 14:22 - 000000000 ____D C:\Users\Unknown\AppData\Local\Coderbag
2022-07-01 14:12 - 2022-07-01 14:12 - 000000990 _____ C:\Users\Public\Desktop\QuickCPU.lnk
2022-07-01 14:12 - 2022-07-01 14:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickCPU64
2022-07-01 14:12 - 2019-10-19 00:12 - 000897728 _____ (CoderBag) C:\Users\Unknown\Desktop\UnparkCpu.exe
2022-07-01 14:07 - 2019-09-03 10:35 - 000000020 _____ C:\Users\Unknown\Desktop\autoexec.bat
2022-07-01 14:07 - 2019-08-13 11:09 - 016777216 _____ C:\Users\Unknown\Desktop\Z370PD3.F14
2022-07-01 14:07 - 2019-04-09 10:09 - 000085804 ____R C:\Users\Unknown\Desktop\Efiflash.exe
2022-06-29 00:01 - 2022-07-23 14:40 - 000000000 ____D C:\Users\Unknown\AppData\Roaming\qBittorrent
2022-06-29 00:01 - 2022-06-29 00:01 - 000000893 _____ C:\Users\Public\Desktop\qBittorrent.lnk
2022-06-29 00:01 - 2022-06-29 00:01 - 000000000 ____D C:\Users\Unknown\AppData\Local\qBittorrent
2022-06-29 00:01 - 2022-06-29 00:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2022-06-29 00:01 - 2022-06-29 00:01 - 000000000 ____D C:\Program Files\qBittorrent
2022-06-28 16:39 - 2022-06-28 16:39 - 000000000 ____D C:\Users\Unknown\AppData\Local\DBG
2022-06-28 16:35 - 2022-06-24 06:05 - 000129032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2022-06-28 16:35 - 2022-06-24 06:05 - 000041984 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhdap64.dll
2022-06-28 16:33 - 2022-06-24 20:23 - 001905928 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2022-06-28 16:33 - 2022-06-24 20:23 - 001905928 _____ C:\Windows\system32\vulkaninfo.exe
2022-06-28 16:33 - 2022-06-24 20:23 - 001478416 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2022-06-28 16:33 - 2022-06-24 20:23 - 001478416 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2022-06-28 16:33 - 2022-06-24 20:23 - 001472552 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2022-06-28 16:33 - 2022-06-24 20:23 - 001432336 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2022-06-28 16:33 - 2022-06-24 20:23 - 001432336 _____ C:\Windows\system32\vulkan-1.dll
2022-06-28 16:33 - 2022-06-24 20:23 - 001213424 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2022-06-28 16:33 - 2022-06-24 20:23 - 001145616 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2022-06-28 16:33 - 2022-06-24 20:23 - 001145616 _____ C:\Windows\SysWOW64\vulkan-1.dll
2022-06-28 16:33 - 2022-06-24 20:20 - 000866344 _____ C:\Windows\system32\nvofapi64.dll
2022-06-28 16:33 - 2022-06-24 20:20 - 000687592 _____ C:\Windows\SysWOW64\nvofapi.dll
2022-06-28 16:33 - 2022-06-24 20:19 - 002127848 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2022-06-28 16:33 - 2022-06-24 20:19 - 001537072 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2022-06-28 16:33 - 2022-06-24 20:19 - 001182712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2022-06-28 16:33 - 2022-06-24 20:19 - 000771576 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2022-06-28 16:33 - 2022-06-24 20:19 - 000715304 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2022-06-28 16:33 - 2022-06-24 20:18 - 010270272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2022-06-28 16:33 - 2022-06-24 20:18 - 008804416 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2022-06-28 16:33 - 2022-06-24 20:18 - 003067456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2022-06-28 16:33 - 2022-06-24 20:18 - 001608232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2022-06-28 16:33 - 2022-06-24 20:18 - 001059880 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2022-06-28 16:33 - 2022-06-24 20:18 - 000845296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2022-06-28 16:33 - 2022-06-24 20:18 - 000456200 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2022-06-28 16:33 - 2022-06-24 20:17 - 005734408 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2022-06-28 16:33 - 2022-06-24 20:17 - 005363264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2022-06-28 16:33 - 2022-06-24 20:17 - 000853568 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2022-06-28 16:33 - 2022-06-24 20:15 - 007483928 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2022-06-28 16:33 - 2022-06-24 20:15 - 006366912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2022-06-28 16:33 - 2022-06-24 06:05 - 000093241 _____ C:\Windows\system32\nvinfo.pb
2022-06-27 16:26 - 2022-06-27 16:26 - 000000000 ____D C:\Users\Unknown\AppData\Local\IsolatedStorage
2022-06-23 17:10 - 2022-06-23 17:10 - 000000000 ____D C:\Users\Unknown\.swt

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-07-23 15:10 - 2022-05-24 14:33 - 000000000 ____D C:\Users\Unknown\AppData\Roaming\WhatsApp
2022-07-23 15:10 - 2022-05-03 20:33 - 000000000 ____D C:\Users\Unknown\AppData\Roaming\discord
2022-07-23 15:05 - 2021-12-21 04:32 - 000840878 _____ C:\Windows\system32\PerfStringBackup.INI
2022-07-23 15:05 - 2019-12-07 12:13 - 000000000 ____D C:\Windows\INF
2022-07-23 15:03 - 2022-06-20 16:16 - 000000000 ____D C:\Program Files\CCleaner
2022-07-23 15:03 - 2022-05-03 21:17 - 000000000 ____D C:\Users\Unknown\AppData\LocalLow\Mozilla
2022-07-23 15:03 - 2022-05-03 20:32 - 000000000 ____D C:\Users\Unknown\AppData\Local\Discord
2022-07-23 15:03 - 2022-01-10 20:09 - 000000000 ____D C:\ProgramData\NVIDIA
2022-07-23 15:03 - 2022-01-10 19:57 - 000000000 ____D C:\Program Files (x86)\Google
2022-07-23 15:02 - 2022-05-03 19:13 - 000000000 ____D C:\Users\Unknown\AppData\Roaming\IObit
2022-07-23 15:02 - 2022-01-10 19:59 - 000000000 ____D C:\Program Files (x86)\IObit
2022-07-23 15:01 - 2021-12-21 13:23 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-07-23 15:01 - 2019-12-07 12:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-07-23 15:01 - 2019-12-07 12:03 - 000524288 _____ C:\Windows\system32\config\BBI
2022-07-23 15:00 - 2019-12-07 12:03 - 000000000 ____D C:\Windows\CbsTemp
2022-07-23 14:55 - 2022-02-22 14:59 - 000840878 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2022-07-23 14:40 - 2022-05-18 13:24 - 000000000 ____D C:\Users\Unknown\AppData\Local\CrashDumps
2022-07-23 14:35 - 2019-12-07 12:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2022-07-23 14:33 - 2022-05-27 22:01 - 000000000 ____D C:\Users\Unknown\AppData\Roaming\Notepad++
2022-07-23 14:33 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\AppReadiness
2022-07-23 14:25 - 2022-01-10 20:11 - 000000000 ____D C:\Program Files (x86)\Steam
2022-07-23 14:19 - 2022-05-09 10:28 - 000000000 ____D C:\Users\Unknown\AppData\LocalLow\IObit
2022-07-23 14:19 - 2022-01-10 19:59 - 000000000 ____D C:\ProgramData\ProductData
2022-07-23 13:41 - 2022-01-10 19:53 - 000000000 ____D C:\Users\Unknown
2022-07-23 13:31 - 2022-01-10 19:53 - 000000000 ____D C:\Users\Unknown\AppData\Local\Packages
2022-07-23 13:31 - 2019-12-07 12:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-07-23 09:06 - 2022-01-11 13:18 - 000000000 ____D C:\Users\Unknown\AppData\Local\Adobe
2022-07-22 15:55 - 2022-06-04 00:52 - 000000000 ____D C:\Users\Unknown\AppData\Local\Disc_Soft_Ltd
2022-07-21 20:01 - 2022-02-11 16:41 - 000000000 ____D C:\Program Files\Cheat Engine 7.4
2022-07-21 18:50 - 2022-05-03 19:15 - 000000000 ____D C:\Users\Unknown\AppData\Roaming\RenPy
2022-07-21 18:21 - 2021-12-21 13:23 - 000000000 ____D C:\Windows\system32\SleepStudy
2022-07-21 08:59 - 2021-12-21 13:23 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-07-21 08:59 - 2021-12-21 13:23 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-07-20 15:50 - 2021-12-21 04:38 - 000000000 ____D C:\Program Files\Microsoft Office
2022-07-20 10:54 - 2021-12-21 13:23 - 000463888 _____ C:\Windows\system32\FNTCACHE.DAT
2022-07-20 10:54 - 2019-12-07 12:52 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-07-20 10:54 - 2019-12-07 12:14 - 000000000 ___RD C:\Windows\PrintDialog
2022-07-20 10:54 - 2019-12-07 12:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2022-07-20 10:54 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2022-07-20 10:54 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\SystemResources
2022-07-20 10:54 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2022-07-20 10:54 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\system32\setup
2022-07-20 10:54 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\system32\oobe
2022-07-20 10:54 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\system32\es-MX
2022-07-20 10:54 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\system32\DDFs
2022-07-20 10:54 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\ShellExperiences
2022-07-20 10:54 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\ShellComponents
2022-07-20 10:54 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2022-07-20 10:54 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\bcastdvr
2022-07-20 00:44 - 2022-01-10 19:58 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-07-20 00:44 - 2022-01-10 19:58 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-07-19 23:23 - 2022-05-24 14:33 - 000000000 ____D C:\Users\Unknown\AppData\Local\WhatsApp
2022-07-16 20:04 - 2022-05-04 00:15 - 000000000 ____D C:\Users\Unknown\AppData\Roaming\vlc
2022-07-16 16:03 - 2021-12-21 13:23 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-07-15 09:42 - 2021-12-21 04:25 - 003010560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2022-07-14 09:46 - 2022-01-10 19:56 - 000000000 ____D C:\Windows\system32\MRT
2022-07-14 09:44 - 2022-01-10 19:55 - 146546848 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2022-07-11 00:19 - 2022-01-10 20:09 - 000000000 ____D C:\ProgramData\Package Cache
2022-07-11 00:14 - 2021-12-21 04:25 - 000000000 ____D C:\ProgramData\Packages
2022-07-07 21:04 - 2022-06-10 09:18 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-07-07 21:04 - 2022-01-10 19:57 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-07-07 21:04 - 2022-01-10 19:57 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-07-07 14:30 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\system32\NDF
2022-07-07 09:39 - 2019-12-07 12:14 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2022-07-07 08:25 - 2022-02-21 13:08 - 000000000 ____D C:\Users\Unknown\.junique
2022-07-06 14:20 - 2022-05-03 19:37 - 000000000 ____D C:\Users\Unknown\AppData\Local\D3DSCache
2022-07-05 18:04 - 2022-06-22 13:15 - 000000000 ____D C:\Users\Unknown\AppData\Local\NordVPN
2022-07-04 20:50 - 2022-06-20 16:06 - 000002758 _____ C:\Windows\system32\Tasks\Driver Booster SkipUAC (Unknown)
2022-07-04 20:50 - 2022-06-20 16:06 - 000002562 _____ C:\Windows\system32\Tasks\Driver Booster Update
2022-07-04 20:50 - 2022-01-11 13:20 - 000002778 _____ C:\Windows\system32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-9QCU0QU-Unknown
2022-07-01 21:34 - 2022-01-10 19:48 - 1878568852 _____ C:\Windows\MEMORY.DMP
2022-07-01 16:51 - 2022-02-01 17:05 - 000000000 ____D C:\ProgramData\MEGAsync
2022-07-01 14:42 - 2022-01-11 18:39 - 000000000 ____D C:\Program Files (x86)\Razer
2022-07-01 14:32 - 2022-05-03 21:10 - 000000000 ____D C:\Users\Unknown\AppData\Roaming\HyperX
2022-07-01 14:32 - 2022-01-10 20:31 - 006606103 _____ C:\Windows\unins000.dat
2022-07-01 14:21 - 2022-01-11 18:46 - 000000000 ____D C:\Users\Unknown\AppData\Local\Razer
2022-07-01 14:21 - 2022-01-11 18:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2022-07-01 14:21 - 2022-01-11 18:45 - 000000000 ____D C:\Program Files\Razer
2022-07-01 14:21 - 2022-01-11 18:39 - 000000000 ____D C:\ProgramData\Razer
2022-07-01 14:04 - 2022-01-15 13:34 - 000026192 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2022-07-01 14:00 - 2022-01-11 21:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
2022-06-29 19:22 - 2022-06-22 13:15 - 000000000 ____D C:\Program Files\NordVPN
2022-06-29 19:22 - 2022-01-30 20:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordSec
2022-06-28 23:59 - 2022-01-10 19:58 - 000000000 ____D C:\ProgramData\IObit
2022-06-28 16:38 - 2022-01-10 20:09 - 000000000 ____D C:\Users\Unknown\AppData\Local\NVIDIA
2022-06-27 16:26 - 2022-06-22 13:20 - 000000000 ____D C:\ProgramData\NordVPN
2022-06-25 18:16 - 2022-06-16 01:39 - 000009704 _____ C:\Users\Unknown\Desktop\lw.ahk
2022-06-23 19:56 - 2022-01-10 20:03 - 000000548 _____ C:\Users\Unknown\Desktop\NordVpnACcounts.txt
2022-06-23 19:42 - 2022-06-22 13:15 - 000001961 _____ C:\Users\Unknown\Desktop\NordVPN.lnk
2022-06-23 08:37 - 2021-12-21 13:23 - 000000000 ____D C:\Windows\system32\Drivers\wd

==================== Files in the root of some directories ========

2022-07-10 21:54 - 2022-07-10 21:54 - 000000218 _____ () C:\Users\Unknown\AppData\Local\recently-used.xbel
2022-07-10 23:54 - 2022-07-11 00:17 - 000007614 _____ () C:\Users\Unknown\AppData\Local\Resmon.ResmonCfg
2022-07-10 21:17 - 2022-07-10 21:17 - 000000000 _____ () C:\Users\Unknown\AppData\Local\zenmap.exe.log

==================== FCheck ================================

(If an entry is included in the fixlist, the file/folder will be moved.)

FCheck: C:\Windows\SysWOW64\version_IObitDel.dll [2022-01-10] <==== ATTENTION (zero byte File/Folder)

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

[MrPandaBear]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2022
Ran by Unknown (23-07-2022 15:11:49)
Running from C:\Users\Unknown\Downloads
Microsoft Windows 10 Pro Version 21H2 19044.1826 (X64) (2022-01-10 16:51:33)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3635629567-1418942999-3944559301-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3635629567-1418942999-3944559301-503 - Limited - Disabled)
Guest (S-1-5-21-3635629567-1418942999-3944559301-501 - Limited - Disabled)
Unknown (S-1-5-21-3635629567-1418942999-3944559301-1002 - Administrator - Enabled) => C:\Users\Unknown
WDAGUtilityAccount (S-1-5-21-3635629567-1418942999-3944559301-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@Bios (HKLM-x32\...\{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 4.22.0510.1 - GIGABYTE) Hidden
@Bios (HKLM-x32\...\InstallShield_{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 4.22.0510.1 - GIGABYTE)
7-Zip 22.00 (x64) (HKLM\...\7-Zip) (Version: 22.00 - Igor Pavlov)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
AdsPower 4.1.6 (HKLM\...\95791158-c00d-5eca-96af-dfe20f567b3a) (Version: 4.1.6 - AdsPower)
AORUS ENGINE (HKLM-x32\...\AORUS ENGINE_is1) (Version: 2.1.7.0 - GIGABYTE Technology Co.,Inc.)
APP Center (HKLM-x32\...\{D50BEE9A-0EC6-4A58-BF90-35BDC6D6495D}) (Version: 3.22.0623.1 - Gigabyte) Hidden
APP Center (HKLM-x32\...\InstallShield_{D50BEE9A-0EC6-4A58-BF90-35BDC6D6495D}) (Version: 3.22.0623.1 - Gigabyte)
ARK Smart Breeding version 0.50.0.0 (HKLM-x32\...\{8DDA440C-714D-4BE6-AD7B-F549ABB1BB02}_is1) (Version: 0.50.0.0 - cadon & friends)
AutoHotkey 1.1.34.03 (HKLM\...\AutoHotkey) (Version: 1.1.34.03 - Lexikos)
BIOS Setup (HKLM-x32\...\{9D48202D-C767-40E7-8A4E-C14BD7328168}) (Version: 1.17.0621.1 - GIGABYTE) Hidden
BIOS Setup (HKLM-x32\...\InstallShield_{9D48202D-C767-40E7-8A4E-C14BD7328168}) (Version: 1.17.0621.1 - GIGABYTE)
CCleaner (HKLM\...\CCleaner) (Version: 6.01 - Piriform)
Cheat Engine 7.4 (HKLM\...\Cheat Engine_is1) (Version: - Cheat Engine)
CPUID CPU-Z 2.01 (HKLM\...\CPUID CPU-Z_is1) (Version: 2.01 - CPUID, Inc.)
Crucial Storage Executive (HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\...\Crucial Storage Executive 7.07.072021.00) (Version: 7.12.122021.04 - Crucial)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 11.0.0.1946 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\...\Discord) (Version: 1.0.9004 - Discord Inc.)
Driver Booster 9 (HKLM-x32\...\Driver Booster_is1) (Version: 9.4.0 - IObit)
EasyTune (HKLM-x32\...\{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}) (Version: 1.22.0309 - GIGABYTE) Hidden
EasyTune (HKLM-x32\...\InstallShield_{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}) (Version: 1.22.0309 - GIGABYTE)
EasyTuneEngineService (HKLM-x32\...\{964575C3-5820-4642-A89A-754255B5EFE1}) (Version: 1.22.0504 - GIGABYTE) Hidden
EasyTuneEngineService (HKLM-x32\...\InstallShield_{964575C3-5820-4642-A89A-754255B5EFE1}) (Version: 1.22.0504 - GIGABYTE)
f.lux (HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\...\Flux) (Version: - f.lux Software LLC)
Far Cry 6 (HKLM-x32\...\Far Cry 6_is1) (Version: - )
FastBoot (HKLM-x32\...\{FA8FB4F2-F524-48E1-A06C-45602FBF26CD}) (Version: 1.21.1214 - GIGABYTE) Hidden
FastBoot (HKLM-x32\...\InstallShield_{FA8FB4F2-F524-48E1-A06C-45602FBF26CD}) (Version: 1.21.1214 - GIGABYTE)
Game Boost (HKLM-x32\...\{644B5310-D2AA-42A8-9F3B-7B92C856C8D7}) (Version: 1.00.0007 - Gigabyte) Hidden
Game Boost (HKLM-x32\...\InstallShield_{644B5310-D2AA-42A8-9F3B-7B92C856C8D7}) (Version: 1.00.0007 - Gigabyte)
Git (HKLM\...\Git_is1) (Version: 2.37.1 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 103.0.5060.134 - Google LLC)
GService (HKLM-x32\...\{D9CB4282-7B2A-4840-AD1D-9DA72B973DD9}) (Version: 1.16.1202.1 - GIGABYTE)
Gyazo 4.3.2.0 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
HyperX NGenuity Software (HKLM-x32\...\{28211B6A-65EE-4713-8677-E8D41349A122}_is1) (Version: 5.2.8.1 - HyperX)
Intel(R) Chipset Device Software (HKLM\...\{89D00C61-DC40-4846-B938-E2E6158EDAAA}) (Version: 10.1.18836.8283 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{9b79ab4c-1596-44ee-84e2-a2001f7af089}) (Version: 10.1.18836.8283 - Intel(R) Corporation)
Intel(R) Management Engine Components (HKLM\...\{09DAB6B6-FBEF-4AC5-AE93-BFF01A0B796D}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1846.12.0.1177 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{B557A9A1-D64B-43D7-B598-F7BAAE897CF3}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Driver (HKLM\...\{3479FCE3-F7D2-4980-819A-767941440932}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.50.638.1 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.50.638.1 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{99ee3c29-c7cd-450f-8db9-d43cc49de1c7}) (Version: 1.50.638.1 - Intel Corporation) Hidden
IObit Uninstaller 11 (HKLM-x32\...\IObitUninstall) (Version: 11.6.0.7 - IObit)
Malwarebytes version 4.5.11.202 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.11.202 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 103.0.1264.62 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 103.0.1264.62 - Microsoft Corporation)
Microsoft Interop Forms Redistributable Package 2.0a (HKLM-x32\...\{76D1AA2B-A434-4D63-BE2C-80286F23C223}) (Version: 2.0.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2021 - en-us (HKLM\...\ProPlus2021Retail - en-us) (Version: 16.0.15330.20264 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\...\Teams) (Version: 1.4.00.32771 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{B81577B2-3AD0-4AFD-A19C-87F673C09D0C}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{62678770-F459-4903-83E3-A2968F6CC242}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{3994d355-238a-4612-af93-26d13deddef1}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 (HKLM\...\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660 (HKLM\...\{CB0836EC-B072-368D-82B2-D3470BF95707}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM-x32\...\{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM-x32\...\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.31.31103 (HKLM-x32\...\{2aaf1df0-eb13-4099-9992-962bb4e596d1}) (Version: 14.31.31103.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.30.30704 (HKLM-x32\...\{4d8dcf8c-a72a-43e1-9833-c12724db736e}) (Version: 14.30.30704.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.31.31103 (HKLM\...\{A977984B-9244-49E3-BD24-43F0A8009667}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.31.31103 (HKLM\...\{A181A302-3F6D-4BAD-97A8-A426A6499D78}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.30.30704 (HKLM-x32\...\{BF08E976-B92E-4336-B56F-2171179476C4}) (Version: 14.30.30704 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.30.30704 (HKLM-x32\...\{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}) (Version: 14.30.30704 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minion (HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\...\{Minion}}_is1) (Version: 3.0 - Good Game Mods LLC)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 102.0.1 (x64 en-US)) (Version: 102.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 95.0.2 - Mozilla)
Nmap 7.92 (HKLM-x32\...\Nmap) (Version: 7.92 - Nmap Project)
NordUpdater (HKLM\...\{6E35DB82-3D19-4DD6-B8CB-F082815FDE18}_is1) (Version: 1.2.2.116 - Nord Security)
NordVPN (HKLM\...\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 6.47.22.0 - Nord Security)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.4.2 - Notepad++ Team)
Npcap (HKLM-x32\...\NpcapInst) (Version: 1.60 - Nmap Project)
NVIDIA FrameView SDK 1.2.7521.31103277 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.2.7521.31103277 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.25.1.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.25.1.27 - NVIDIA Corporation)
NVIDIA Graphics Driver 516.59 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 516.59 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.39.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.39.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15330.20230 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15330.20230 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OptaneDowngradeGuard (HKLM\...\{86B0E6C1-32E0-42CC-BC4F-BF3C0730CECB}) (Version: 18.0.0.0 - Intel Corporation) Hidden
PlatformPowerManagement (HKLM-x32\...\{7A6EB543-522C-4784-9DB5-4FC87522EBDF}) (Version: 1.19.0226.1 - GIGABYTE) Hidden
PlatformPowerManagement (HKLM-x32\...\InstallShield_{7A6EB543-522C-4784-9DB5-4FC87522EBDF}) (Version: 1.19.0226.1 - GIGABYTE)
Port Forward Network Utilities version 3.3.0.0 (HKLM-x32\...\{532683E3-230C-49B0-9609-10A5228F1445}_is1) (Version: 3.3.0.0 - Portforward, LLC)
Python 3.10.5 (64-bit) (HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\...\{e15803b8-d809-47f3-8818-73f0d155cf58}) (Version: 3.10.5150.0 - Python Software Foundation)
Python 3.10.5 Add to Path (64-bit) (HKLM\...\{514A924A-361B-4BF4-8FD0-1A431CE7C56E}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Core Interpreter (64-bit) (HKLM\...\{496B2CAE-CF79-440A-82F1-7587559ABA00}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Development Libraries (64-bit) (HKLM\...\{7B0F6EAD-C8A1-4496-8492-801EDE1A6323}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Documentation (64-bit) (HKLM\...\{3BC23B98-3D25-4A74-98FD-A1BE957A1340}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Executables (64-bit) (HKLM\...\{0FE1250F-6DD6-4948-B211-741B7CDBB335}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 pip Bootstrap (64-bit) (HKLM\...\{C3B084B6-D193-4633-BBB4-E890AAB946A2}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Standard Library (64-bit) (HKLM\...\{67F90672-C696-4DBB-8F33-95CCCFA21DCE}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Tcl/Tk Support (64-bit) (HKLM\...\{7F7E3C5D-2A37-4F1D-8E8C-3BB073D36BFE}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Test Suite (64-bit) (HKLM\...\{269FCA5D-D0CF-43B2-B656-24DF6DAA0D4E}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Utility Scripts (64-bit) (HKLM\...\{BBD9CCC0-981B-4976-91EC-4C1E637BCF85}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{25196DA8-29BD-4383-B7B5-B36C3BAF43F3}) (Version: 3.10.7826.0 - Python Software Foundation)
qBittorrent 4.4.3.1 (HKLM-x32\...\qBittorrent) (Version: 4.4.3.1 - The qBittorrent project)
Quick CPU x64 (HKLM\...\{B7CFC907-C4BD-45E9-9E23-A3D0FDBC98CC}) (Version: 4.3.2.0 - CoderBag)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9257.1 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.050.0511.2021 - Realtek)
RogueKiller version 15.5.3.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.5.3.0 - Adlice Software)
RstDowngradeGuard (HKLM\...\{13C2A26E-7AD4-4D82-BB4F-DEA6E871B958}) (Version: 18.0.0.0 - Intel Corporation) Hidden
SGX Install (HKLM-x32\...\{3EC52501-2CDF-46D9-AA54-9205C96A5EFE}) (Version: 2.3.100.49777 - GIGABYTE)
Simple Static IP (HKLM-x32\...\Simple Static IP) (Version: 1.3.0 - PcWinTech.com)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Technitium MAC Address Changer v6.0 (HKLM-x32\...\TMACv6.0) (Version: 6.0 - Technitium)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 2.6.3.0 - Zenimax Online Studios)
UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.16 - VideoLAN)
Warframe (HKLM-x32\...\{556A0B3C-56CB-40C2-BA13-E72C2601DC47}) (Version: 1.0.0 - Digital Extremes)
WhatsApp (HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\...\WhatsApp) (Version: 2.2222.12 - WhatsApp)
WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH)
Wireshark 3.6.6 64-bit (HKLM-x32\...\Wireshark) (Version: 3.6.6 - The Wireshark developer community, hxxps://www.wireshark.org)

Packages:
=========
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1026.0_x64__8j3eq9eme6ctt [2022-04-03] (INTEL CORP)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.13.7040.0_x64__8wekyb3d8bbwe [2022-07-14] (Microsoft Studios) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.962.0_x64__56jybvy8sckqj [2022-06-28] (NVIDIA Corp.)
QR Code for Windows 10 -> C:\Program Files\WindowsApps\17036IYIA.QRCodeforWindows10_8.0.2.0_x64__dggz0n4pnn0ge [2022-07-23] (IYIA)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.30.258.0_x64__dt26b99r8h8gj [2022-04-09] (Realtek Semiconductor Corp)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2022-07-01] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2022-07-01] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2022-07-01] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Windows\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_1efab149a3626196\OptaneShellExt.dll [2021-02-25] (Intel(R) Rapid Storage Technology -> )
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-06-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2022-02-27] (Notepad++ -> )
ContextMenuHandlers1: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2021-12-14] (IObit CO., LTD -> IObit)
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2021-12-14] (IObit CO., LTD -> IObit)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2022-07-01] (Mega Limited -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2022-01-15] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2022-07-01] (Mega Limited -> )
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2022-01-15] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-07-23] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2022-07-01] (Mega Limited -> )
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Windows\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_1efab149a3626196\OptaneShellExt.dll [2021-02-25] (Intel(R) Rapid Storage Technology -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-06-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2021-12-14] (IObit CO., LTD -> IObit)
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2021-12-14] (IObit CO., LTD -> IObit)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2022-07-01] (Mega Limited -> )
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_246e95e4066041ad\nvshext.dll [2022-06-24] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-06-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2021-12-14] (IObit CO., LTD -> IObit)
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2021-12-14] (IObit CO., LTD -> IObit)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-07-23] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2022-02-26 23:23 - 2022-06-15 16:00 - 000094720 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:FB6A21E3 [152]
AlternateDataStreams: C:\Users\Unknown\Application Data:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\Unknown\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2020-01-31] (IObit Information Technology -> IObit)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2022-07-23 14:56 - 2022-07-23 15:03 - 000000852 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Razer Chroma SDK\bin;C:\Program Files\Razer Chroma SDK\bin;C:\Program Files (x86)\Razer\ChromaBroadcast\bin;C:\Program Files\Razer\ChromaBroadcast\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files\Crucial\Crucial Storage Executive;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Git\cmd
HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Unknown\Downloads\thumb-1920-1047154.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
Ethernet 2: NordVPN LightWeight Firewall -> NordLwf (enabled)
Ethernet 2: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Ethernet: NordVPN LightWeight Firewall -> NordLwf (enabled)
Ethernet: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "AdsPower.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "vksts"
HKLM\...\StartupApproved\Run: => "TrayApplication"
HKLM\...\StartupApproved\Run: => "HarmonyUserStartup"
HKLM\...\StartupApproved\Run: => "CsrHCRPServer"
HKLM\...\StartupApproved\Run: => "CsrAudioguiCtrl"
HKLM\...\StartupApproved\Run: => "CsrSyncMLServer"
HKLM\...\StartupApproved\Run: => "CSRHarmonySkypePlugin"
HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller"
HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\...\StartupApproved\Run: => "OneDriveSetup"
HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\...\StartupApproved\Run: => "qBittorrent"
HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\...\StartupApproved\Run: => "Gyazo"
HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\...\StartupApproved\Run: => "NordVPN"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7F5C9785-DC1F-4772-96BA-EDCBBF148D40}] => (Allow) LPort=9009

==================== Restore Points =========================

10-07-2022 09:45:45 Scheduled Checkpoint
10-07-2022 21:59:25 Installed SolarWinds Toolset v2020.2.6
15-07-2022 09:36:56 Windows Modules Installer
15-07-2022 09:38:12 Windows Modules Installer

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (07/23/2022 03:01:15 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (07/23/2022 03:01:15 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (07/23/2022 03:01:15 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (07/23/2022 03:01:15 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (07/23/2022 02:40:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.19041.1806, time stamp: 0xa02987c8
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000000000dab0fd8
Faulting process id: 0x1c1c
Faulting application start time: 0x01d89e881c36b90b
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: unknown
Report Id: ddcac4fa-50b9-4d08-860d-a3de83d769d8
Faulting package full name:
Faulting package-relative application ID:

Error: (07/23/2022 02:40:14 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Explorer.EXE
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 000000000DAB0FD8

Error: (07/23/2022 02:32:41 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (07/23/2022 02:24:28 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.


System errors:
=============
Error: (07/23/2022 03:03:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.

Error: (07/23/2022 03:03:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (07/23/2022 03:03:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Display Container LS service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.

Error: (07/23/2022 03:03:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Realtek Audio Universal Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (07/23/2022 03:02:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The IObit Uninstaller Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/23/2022 03:02:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.

Error: (07/23/2022 03:02:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (07/23/2022 03:02:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Disc Soft Lite Bus Service service terminated unexpectedly. It has done this 1 time(s).


Windows Defender:
================
Date: 2022-07-07 09:41:34
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-07-06 10:18:45
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-07-05 10:30:24
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-07-04 10:46:49
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-07-03 10:15:24
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===============
Date: 2022-07-23 13:59:25
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. F15 11/13/2021
Motherboard: Gigabyte Technology Co., Ltd. Z370P D3-CF
Processor: Intel(R) Core(TM) i5-8400 CPU @ 2.80GHz
Percentage of memory in use: 14%
Total physical RAM: 32694.3 MB
Available physical RAM: 28016.13 MB
Total Virtual: 37558.3 MB
Available Virtual: 31104.62 MB

==================== Drives ================================

Drive b: (New Volume) (Fixed) (Total:931.51 GB) (Free:276.58 GB) (Model: ST1000DM010-2EP102) NTFS
Drive c: () (Fixed) (Total:255.56 GB) (Free:73.06 GB) (Model: Crucial_CT275MX300SSD1) NTFS

\\?\Volume{7fba0e57-fe27-4886-beaf-75ab9901aa88}\ () (Fixed) (Total:0.5 GB) (Free:0.06 GB) NTFS
\\?\Volume{390f0bf9-ebf6-4818-889a-30c6105c0689}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 256.2 GB) (Disk ID: C0396CFD)

Partition: GPT.

==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: A96E7EC1)

Partition: GPT.

==================== End of Addition.txt =======================

 

[MrPandaBear]

Program : RogueKiller Anti-Malware
Version : 15.5.3.0
x64 : Yes
Program Date : Jun 13 2022
Location : C:\Program Files\RogueKiller\RogueKiller64.exe
Premium : No
Company : Adlice Software
Website : https://www.adlice.com/
Contact : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19044) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : Unknown
User is Admin : Yes
Date : 2022/07/23 12:30:11
Type : Scan
Aborted : No
Scan Mode : Standard
Duration : 298
Found items : 0
Total scanned : 68247
Signatures Version : 20220711_090857
Truesight Driver : Yes
Updates Count : 4

************************* Warnings *************************

************************* Updates *************************
7-Zip 22.00 (x64) (64-bit), version 22.00
[+] Available Version : 22.01
[+] Size : 5.44 MB
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\7-Zip\

CCleaner (64-bit), version 6.01
[+] Available Version : 6.02
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\CCleaner

Notepad++ (64-bit x64) (64-bit), version 8.4.2
[+] Available Version : 8.4.4
[+] Size : 19.9 MB
[+] Wow6432 : No
[+] Portable : No

VLC media player (32-bit), version 3.0.16
[+] Available Version : 3.0.17.4
[+] Wow6432 : Yes
[+] Portable : No
[+] update_location : C:\Program Files (x86)\VideoLAN\VLC


************************* Processes *************************

************************* Modules *************************

************************* Services *************************

************************* Scheduled Tasks *************************

************************* Registry *************************

************************* WMI *************************

************************* Hosts File *************************
is_too_big : No
hosts_file_path : C:\Windows\System32\drivers\etc\hosts


************************* Filesystem *************************

************************* Web Browsers *************************

************************* Antirootkit *************************

 

[MrPandaBear]

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/23/22
Scan Time: 3:30 PM
Log File: 2dff52fe-0a83-11ed-951b-e0d55e490a81.json

-Software Information-
Version: 4.5.11.202
Components Version: 1.0.1716
Update Package Version: 1.0.57630
License: Free

-System Information-
OS: Windows 10 (Build 19044.1826)
CPU: x64
File System: NTFS
User: Raz\Unknown

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 304090
Threats Detected: 2
Threats Quarantined: 2
Time Elapsed: 2 min, 53 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 2
HackTool.LOIC, C:\USERS\UNKNOWN\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\User Pinned\TaskBar\Low Orbit Ion Cannon.lnk, Quarantined, 10188, 875890, , , , , 7E7F40C6799D5ADC1D916091EA37EF60, 8DE30354AC85BB2C4AB0F69F47C0F88F9F38FFF3A49765E9636131A518B49A43
HackTool.LOIC, C:\USERS\UNKNOWN\DESKTOP\LOIC.EXE, Quarantined, 10188, 875890, 1.0.57630, 6F6B24E907FD3BA934049F7B, dds, 01871183, E6FA3028CD03318496852718143D256F, F60A52512773B52DEF9BA9CE8AAD61144D2CF351F6BC04D1C5A13ABEF8F3B89B

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

[MrPandaBear]

# -------------------------------
# Malwarebytes AdwCleaner 8.3.2.0
# -------------------------------
# Build: 03-23-2022
# Database: 2022-06-24.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 07-23-2022
# Duration: 00:00:05
# OS: Windows 10 Pro
# Cleaned: 3
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted C:\Windows\System32\Tasks\DRIVER BOOSTER SCHEDULER

***** [ Registry ] *****

Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E192120F-7622-41AC-B15E-61B97AB9ED96}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scheduler

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete IFEO
[+] Delete Prefetch
[+] Delete Tracing Keys
[+] Reset BITS
[+] Reset Windows Firewall
[+] Reset Hosts File
[+] Reset IPSec
[+] Reset Chromium Policies
[+] Reset IE Policies
[+] Reset Proxy Settings
[+] Reset TCP/IP
[+] Reset Winsock
[+] Reset Windows Installer

*************************

AdwCleaner[S00].txt - [2548 octets] - [23/07/2022 15:02:22]
AdwCleaner[C00].txt - [2506 octets] - [23/07/2022 15:02:43]
AdwCleaner[S01].txt - [1527 octets] - [23/07/2022 15:03:15]
AdwCleaner[C01].txt - [1963 octets] - [23/07/2022 15:03:31]
AdwCleaner[S02].txt - [1948 octets] - [23/07/2022 15:33:59]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########

 

[Broni]

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

• Double click to run it.
• Press Scan button.
• Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

 

[MrPandaBear]

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

• Double click to run it.
• Press Scan button.
• Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-07-2022
Ran by Unknown (administrator) on RAZ (Gigabyte Technology Co., Ltd. Z370P D3) (23-07-2022 18:49:51)
Running from C:\Users\Unknown\Downloads
Loaded Profiles: Unknown
Platform: Microsoft Windows 10 Pro Version 21H2 19044.1826 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\Steam\steam.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Discord Inc. -> Discord Inc.) C:\Users\Unknown\AppData\Local\Discord\app-1.0.9005\Discord.exe <6>
(explorer.exe ->) (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(explorer.exe ->) (F.lux Software LLC -> f.lux Software LLC) C:\Users\Unknown\AppData\Local\FluxSoftware\Flux\flux.exe
(explorer.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
(explorer.exe ->) (VS Revo Group Ltd. -> VS Revo Group) C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe
(GIGA-BYTE TECHNOLOGY CO., LTD. -> ) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe
(GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\GraphicsCardEngine.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe
(IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(services.exe ->) () [File not signed] C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe
(services.exe ->) (Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(services.exe ->) (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(services.exe ->) (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\EasyTuneEngineService.exe
(services.exe ->) (GIGA-BYTE TECHNOLOGY CO., LTD. -> Microsoft) C:\Program Files (x86)\GIGABYTE\GService\GCloud.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_ba273d0ffb93e225\RstMwService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService_IObitDel_IObitDel.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (nordvpn s.a. -> TEFINCOM S.A.) C:\Program Files\NordUpdater\NordUpdateService.exe
(services.exe ->) (nordvpn s.a. -> TEFINCOM S.A.) C:\Program Files\NordVPN\nordvpn-service.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_246e95e4066041ad\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_85cff5320735903d\RtkAudUService64.exe <2>
(services.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\steamservice.exe
(svchost.exe ->) (CoderBag, LLC -> Coderbag) C:\Program Files\QuickCPU\QuickCPU.exe
(svchost.exe ->) (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGABYTE Technology Co.,Ltd.) C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\AORUS.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_85cff5320735903d\RtkAudUService64.exe [3378592 2021-10-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [82992808 2022-03-09] (Discord Inc. -> Discord Inc.)
HKLM-x32\...\RunOnce: [PreRun] => C:\Program Files (x86)\Gigabyte\AppCenter\PreRun.exe [14632 2016-02-26] (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\...\Run: [Discord] => C:\Users\Unknown\AppData\Local\Discord\Update.exe [1522176 2022-06-08] (Discord Inc. -> GitHub)
HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4282328 2022-06-07] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [941416 2022-06-16] (Nota, Inc. -> Nota Inc.)
HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [479632 2022-01-15] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\...\Run: [NGenuity] => C:\Program Files (x86)\HyperX\NGenuity\NGenuity.exe [1834184 2020-10-08] (Kingston Technology Company, Inc. -> HyperX NGenuity Software)
HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\...\Run: [f.lux] => C:\Users\Unknown\AppData\Local\FluxSoftware\Flux\flux.exe [1515848 2021-06-18] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [37054552 2022-07-18] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\Software\Microsoft\Active Setup\Installed Components: [OpenVPN_UserSetup] -> reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OPENVPN-GUI /f
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\103.0.5060.134\Installer\chrmstp.exe [2022-07-20] (Google LLC -> Google LLC)
IFEO\osppsvc.exe: [VerifierDlls] SppExtComObjHook.dll
IFEO\SppExtComObj.exe: [VerifierDlls] SppExtComObjHook.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AdsPower.lnk [2022-01-10]
ShortcutTarget: AdsPower.lnk -> C:\Program Files\AdsPower\AdsPower.exe (广州散步去信息科技有限公司 -> AdsPower)
Startup: C:\Users\Unknown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AORUS ENGINE.lnk [2022-07-23]
ShortcutTarget: AORUS ENGINE.lnk -> C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\autorun.exe () [File not signed]
Startup: C:\Users\Unknown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tamriel Trade Centre Client.lnk [2022-05-30]
ShortcutTarget: Tamriel Trade Centre Client.lnk -> C:\Users\Unknown\Documents\Elder Scrolls Online\live\AddOns\TamrielTradeCentre\Client\Client.exe () [File not signed]

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06854399-2EB6-45A8-A62D-BDF1B97C5EDF} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23378864 2022-07-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {0E3ED632-63F3-46C8-8F0E-63ECFF4330FA} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-9QCU0QU-Unknown => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {102440D0-C204-4D26-9322-8E92EB96E24A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8414664 2022-07-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {1BAB1805-401C-4E07-86F8-08C2BB232C88} - System32\Tasks\EasyTune 1 => C:\Program Files (x86)\GIGABYTE\EasyTune\etocfile.exe [20352 2021-10-11] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
Task: {20F5B379-EFB3-41EF-898E-7AC997BE0099} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906752 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {218746FD-71C5-4F57-A7ED-DB91632422CE} - System32\Tasks\Git for Windows Updater => C:\Program Files\Git\git-bash.exe [137776 2022-07-11] (Johannes Schindelin -> The Git Development Community)
Task: {239456F7-BDD2-426D-8A32-D0026F7D4576} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342080 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {27A43513-F119-465F-A7B5-0FF3AA939D4A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23378864 2022-07-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {2E22DAC4-DE18-4662-A660-D4797A483B9A} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NoUACCheck
Task: {308CDF02-D68E-44D7-B309-C4D6D7760348} - System32\Tasks\QuickCPUx64 => C:\Program Files\QuickCPU\QuickCPU.exe [3735744 2022-04-20] (CoderBag, LLC -> Coderbag)
Task: {45C6024A-EAB3-47B1-B8F4-37921E2784E3} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {4FE850B3-01D9-4C0C-9CD7-A27D785B8C91} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {56EF8172-439D-47D2-A329-577F88A631B7} - System32\Tasks\GraphicsCardEngine => C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\GraphicsCardEngineStarter.exe [234880 2021-04-13] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
Task: {57ECC321-A632-4AE7-8A21-DDB7FB4CC36A} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646344 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {5DD956BD-AB41-4773-9A7F-9E63ACAA4BE9} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\9.4.0\AutoUpdate.exe [2476640 2022-06-06] (IObit CO., LTD -> IObit)
Task: {80330F3C-3B98-4A54-8D5C-E0602CA591AB} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {8E8E8EB9-B100-435D-BB34-CE9CBB15226A} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-03-01] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {8F2A7974-0441-4293-A725-9D769E3D7A8B} - System32\Tasks\Driver Booster SkipUAC (Unknown) => C:\Program Files (x86)\IObit\Driver Booster\9.4.0\DriverBooster.exe [8662112 2022-06-06] (IObit CO., LTD -> IObit)
Task: {92FB0824-0003-4886-BB06-E68E010196AD} - System32\Tasks\CCleanerSkipUAC - Unknown => C:\Program Files\CCleaner\CCleaner.exe [31101528 2022-07-18] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {985DE295-F27F-4272-A296-A84228AE4D88} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [145312 2022-07-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {9EE6EC85-85E9-45C9-A1A2-36BA70C84C5B} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [11254592 2022-06-16] (Nota, Inc. -> Nota Inc.)
Task: {A371B860-E8DA-43B6-8841-A5835A34DC87} - System32\Tasks\EasyTune => C:\Program Files (x86)\GIGABYTE\EasyTune\etinit.exe [17280 2021-04-08] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
Task: {A6E02026-95D2-4858-A8A1-815C60A9AD9C} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [11254592 2022-06-16] (Nota, Inc. -> Nota Inc.)
Task: {A7A67363-3ABA-4A71-8200-0E5E8B2486DF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8414664 2022-07-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {B95929D2-CEA9-40B2-B580-87D6F7A0DC07} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-01-10] (Google LLC -> Google LLC)
Task: {BD31C126-6598-4223-BD42-771BA068CD2D} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906752 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {BD5E7D8C-391C-498C-AA24-8092ECA54CFC} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [145312 2022-07-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {BF4AC18D-A14D-4D93-A73D-4DD7FEB14E4A} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {C140FF70-2B78-4654-AB7E-71F2DC57A15D} - System32\Tasks\Uninstaller_SkipUac_Unknown => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [7562760 2022-07-07] (IObit CO., LTD -> IObit)
Task: {CEB57680-63E8-4614-9F99-094BAECCD12D} - System32\Tasks\Launcher GIGABYTE AORUS GRAPHICS ENGINE => C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\AORUS.exe [34684784 2022-06-27] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGABYTE Technology Co.,Ltd.)
Task: {D0A417F8-6D53-454E-B9F9-BDF57D37EE81} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {E23BB998-AAAA-47B0-A636-EEC8911D47D9} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [64416 2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {EA6D2AB8-6C0F-4422-A9C0-16A07F4D7C3D} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-3635629567-1418942999-3944559301-1002 => C:\ProgramData\MEGAsync\MEGAupdater.exe [2531504 2022-07-01] (Mega Limited -> )
Task: {F6A7550C-ABE8-43D7-BFE1-FFB591DF2CDA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-01-10] (Google LLC -> Google LLC)
Task: {F996A570-241B-4E8F-980A-EE4396AD71A2} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-07-18] (Piriform Software Ltd -> Piriform)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Unknown\AppData\Local\Microsoft\Edge\User Data\Default [2022-07-23]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Unknown\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-06-23]

FireFox:
========
FF DefaultProfile: yfzic9f0.default
FF ProfilePath: C:\Users\Unknown\AppData\Roaming\Mozilla\Firefox\Profiles\yfzic9f0.default [2022-05-03]
FF ProfilePath: C:\Users\Unknown\AppData\Roaming\Mozilla\Firefox\Profiles\9tmybvze.default-release [2022-07-23]
FF NetworkProxy: Mozilla\Firefox\Profiles\9tmybvze.default-release -> type", 0
FF Session Restore: Mozilla\Firefox\Profiles\9tmybvze.default-release -> is enabled.
FF Extension: (EPUBReader) - C:\Users\Unknown\AppData\Roaming\Mozilla\Firefox\Profiles\9tmybvze.default-release\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}.xpi [2022-07-22]
FF Extension: (Popup Blocker Ultimate) - C:\Users\Unknown\AppData\Roaming\Mozilla\Firefox\Profiles\9tmybvze.default-release\Extensions\{60B7679C-BED9-11E5-998D-8526BB8E7F8B}.xpi [2022-05-12]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Unknown\AppData\Roaming\Mozilla\Firefox\Profiles\9tmybvze.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2022-07-05]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.16 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.17.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems Incorporated -> Adobe Systems)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Unknown\AppData\Local\Google\Chrome\User Data\Default [2022-07-23]
CHR Session Restore: Default -> is enabled.
CHR Extension: (Popup Blocker (strict)) - C:\Users\Unknown\AppData\Local\Google\Chrome\User Data\Default\Extensions\aefkmifgmaafnojlojpnekbpbmjiiogg [2022-05-03]
CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\Unknown\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2022-07-05]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Unknown\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2022-07-05]
CHR Extension: (Google Docs Offline) - C:\Users\Unknown\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-07-21]
CHR Extension: (Similar Sites - Discover Related Websites) - C:\Users\Unknown\AppData\Local\Google\Chrome\User Data\Default\Extensions\necpbmbhhdiplmfhmjicabdeighkndkn [2022-05-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Unknown\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-05-03]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [1843392 2015-08-20] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8885112 2022-05-03] (BattlEye Innovations e.K. -> )
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1081432 2022-07-18] (Piriform Software Ltd -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12111288 2022-07-20] (Microsoft Corporation -> Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4958096 2022-01-15] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1135648 2022-04-20] (EasyAntiCheat Oy -> Epic Games, Inc)
R2 EasyTuneEngineService; C:\Program Files (x86)\Gigabyte\EasyTuneEngineService\EasyTuneEngineService.exe [147840 2022-01-25] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
R2 Gservice; C:\Program Files (x86)\GIGABYTE\GService\GCloud.exe [19888 2016-12-02] (GIGA-BYTE TECHNOLOGY CO., LTD. -> Microsoft)
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [158744 2022-02-10] (IObit CO., LTD -> IObit)
R2 MyService1; C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe [18944 2021-04-08] () [File not signed]
S3 nordsec-threatprotection-service; C:\Program Files\NordVPN\NordSec ThreatProtection\nordsec-threatprotection-service.exe [310136 2021-06-11] (nordvpn s.a. -> TEFINCOM S.A.)
R2 NordUpdaterService; C:\Program Files\NordUpdater\NordUpdateService.exe [297848 2021-06-07] (nordvpn s.a. -> TEFINCOM S.A.)
R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [281464 2022-02-18] (nordvpn s.a. -> TEFINCOM S.A.)
S2 OCButtonService; C:\Program Files (x86)\Gigabyte\EasyTuneEngineService\OcButtonService.exe [127360 2021-04-13] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
S3 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [14592472 2022-06-13] (ADLICE -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6232176 2022-07-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 ucldr_battlegrounds_gl; C:\Program Files\Common Files\UNCHEATER\ucldr_battlegrounds_gl.exe [7152880 2022-01-31] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S4 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe [3120992 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe [133544 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WMIRegistrationService; C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe [538736 2021-07-25] (Intel Corporation -> Intel Corporation)
S3 zksvc; C:\Program Files\Common Files\PUBG\zksvc.exe [8737992 2022-01-31] (PUBG CORPORATION -> PUBG Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_246e95e4066041ad\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_246e95e4066041ad\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdTools64; C:\Windows\System32\drivers\AmdTools64.sys [63392 2020-06-16] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 cbhardwarelink2; C:\Program Files\QuickCPU\hwdlink.sys [26320 2022-07-23] (CoderBag, LLC -> Coderbag)
S3 CsrBtPort; C:\Windows\system32\DRIVERS\CsrBtPort.sys [2784968 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 csrpan; C:\Windows\System32\drivers\csrpan.sys [39616 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 csrserial; C:\Windows\system32\DRIVERS\csrserial.sys [61128 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 csrusb; C:\Windows\System32\Drivers\csrusb.sys [47296 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 csrusbfilter; C:\Windows\System32\Drivers\csrusbfilter.sys [23752 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [42256 2022-01-15] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [63696 2022-01-15] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 gdrv; C:\Windows\gdrv.sys [26192 2022-07-01] (Giga-Byte Technology -> Windows (R) Server 2003 DDK provider)
R3 gdrv3; C:\Windows\System32\drivers\gdrv3.sys [41480 2022-02-24] (GIGA-BYTE Technology Co., Ltd. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
R3 int0800; C:\Windows\System32\drivers\flashud.sys [62984 2019-08-28] (Intel Corporation -> Intel Corporation)
R3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys [43896 2020-07-31] (IObit Information Technology -> IObit)
R3 IUProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUProcessFilter.sys [37112 2020-07-31] (IObit Information Technology -> IObit)
R3 IURegistryFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegistryFilter.sys [51128 2020-07-31] (IObit Information Technology -> IObit)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223176 2022-07-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2022-07-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2022-07-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 NDivert; C:\Program Files\NordVPN\6.47.22.0\Drivers\NDivert.sys [131456 2022-04-20] (nordvpn s.a. -> Nordvpn S.A.)
R1 nordlwf; C:\Windows\system32\DRIVERS\nordlwf.sys [44928 2022-02-22] (nordvpn s.a. -> TEFINCOM S.A.)
R1 npcap; C:\Windows\system32\DRIVERS\npcap.sys [72792 2021-12-01] (Insecure.Com LLC -> Insecure.Com LLC.)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [48552 2021-12-15] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
S3 Revoflt; C:\Windows\System32\DRIVERS\revoflt.sys [38400 2021-11-17] (Microsoft Windows Hardware Compatibility Publisher -> VS Revo Group)
S3 RzCommon; C:\Windows\System32\drivers\RzCommon.sys [54632 2021-03-30] (Razer USA Ltd. -> Razer Inc)
S3 RzDev_025e; C:\Windows\System32\drivers\RzDev_025e.sys [54160 2020-08-24] (Razer USA Ltd. -> Razer Inc)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [167544 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 tap0901; C:\Windows\System32\drivers\tap0901.sys [37360 2019-04-23] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R3 tapnordvpn; C:\Windows\System32\drivers\tapnordvpn.sys [44896 2020-06-09] (TEFINCOM S.A. -> The OpenVPN Project)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [49576 2022-06-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S4 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [452856 2022-06-23] (Microsoft Windows -> Microsoft Corporation)
S4 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [91384 2022-06-23] (Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\Windows\xhunter1.sys [2522256 2022-01-31] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
U4 napagent; no ImagePath
U4 npcap_wifi; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-07-23 18:49 - 2022-07-23 18:50 - 000030228 _____ C:\Users\Unknown\Downloads\FRST.txt
2022-07-23 16:53 - 2022-07-23 16:53 - 000223176 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2022-07-23 16:51 - 2022-07-23 16:51 - 000001136 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2022-07-23 16:51 - 2022-07-23 16:51 - 000000000 ____D C:\Users\Unknown\AppData\Local\VS Revo Group
2022-07-23 16:51 - 2022-07-23 16:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2022-07-23 16:51 - 2021-11-17 14:50 - 000038400 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2022-07-23 15:41 - 2022-07-23 15:41 - 000000008 __RSH C:\ProgramData\ntuser.pol
2022-07-23 15:27 - 2022-07-23 15:27 - 000000837 _____ C:\Users\Public\Desktop\UCheck.lnk
2022-07-23 15:27 - 2022-07-23 15:27 - 000000000 ____D C:\ProgramData\UCheck
2022-07-23 15:27 - 2022-07-23 15:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UCheck
2022-07-23 15:27 - 2022-07-23 15:27 - 000000000 ____D C:\Program Files\UCheck
2022-07-23 15:26 - 2022-07-23 15:26 - 028808536 _____ (Adlice Software ) C:\Users\Unknown\Downloads\UCheck_setup.exe
2022-07-23 15:26 - 2022-07-23 15:26 - 000003936 _____ C:\Windows\system32\Tasks\CCleaner Update
2022-07-23 15:19 - 2022-07-23 18:10 - 000000000 ____D C:\Users\Unknown\AppData\Local\Discord
2022-07-23 15:19 - 2022-07-23 15:19 - 000002243 _____ C:\Users\Unknown\Desktop\Discord.lnk
2022-07-23 15:18 - 2022-07-23 15:18 - 083112448 _____ (Discord Inc.) C:\Users\Unknown\Downloads\DiscordSetup.exe
2022-07-23 15:02 - 2022-07-23 15:02 - 000000000 ____D C:\AdwCleaner
2022-07-23 15:01 - 2022-07-23 15:23 - 000000000 ____D C:\ProgramData\RogueKiller
2022-07-23 15:00 - 2022-07-23 15:00 - 000005252 _____ C:\Users\Public\Desktop\mbst-fix-results.txt
2022-07-23 14:59 - 2022-07-23 14:59 - 008551608 _____ (Malwarebytes) C:\Users\Unknown\Downloads\adwcleaner.exe
2022-07-23 14:59 - 2022-07-23 14:59 - 000000905 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2022-07-23 14:59 - 2022-07-23 14:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2022-07-23 14:59 - 2022-07-23 14:59 - 000000000 ____D C:\Program Files\RogueKiller
2022-07-23 14:57 - 2022-07-23 14:57 - 043599792 _____ (Adlice Software ) C:\Users\Unknown\Downloads\RogueKiller_setup.exe
2022-07-23 14:50 - 2022-07-23 14:50 - 002369536 _____ (Farbar) C:\Users\Unknown\Downloads\FRST64.exe
2022-07-23 14:49 - 2022-07-23 14:49 - 000294912 _____ C:\Users\Unknown\Desktop\123.wfw
2022-07-23 14:47 - 2022-07-23 14:48 - 298190568 _____ (Malwarebytes) C:\Users\Unknown\Downloads\mb4-setup-consumer-4.5.11.202-1.0.1716-1.0.57206.exe
2022-07-23 14:46 - 2022-07-23 18:50 - 000000000 ____D C:\FRST
2022-07-23 14:39 - 2022-07-23 14:39 - 000239544 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2022-07-23 14:36 - 2022-07-23 14:36 - 000034293 _____ C:\Users\Public\Desktop\mbst-clean-results.txt
2022-07-23 14:35 - 2022-07-23 14:44 - 000002041 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-07-23 14:35 - 2022-07-23 14:35 - 000158640 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2022-07-23 14:35 - 2022-07-23 14:34 - 000021480 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2022-07-23 14:34 - 2022-07-23 14:43 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-07-23 14:34 - 2022-07-23 14:43 - 000000000 ____D C:\Program Files\Malwarebytes
2022-07-23 14:32 - 2022-07-23 14:32 - 013471344 _____ C:\Users\Unknown\Downloads\mb-support-1.8.7.918.exe
2022-07-23 14:29 - 2022-07-23 14:29 - 002556344 _____ (Malwarebytes) C:\Users\Unknown\Downloads\MBSetup-AD870978-37335.37335.exe
2022-07-23 14:28 - 2022-07-23 14:28 - 000003424 _____ C:\Windows\system32\Tasks\Launcher GIGABYTE AORUS GRAPHICS ENGINE
2022-07-23 14:23 - 2022-07-23 14:23 - 000003156 _____ C:\Windows\system32\Tasks\Uninstaller_SkipUac_Unknown
2022-07-23 14:23 - 2022-07-23 14:23 - 000001434 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
2022-07-23 14:23 - 2022-07-23 14:23 - 000001422 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2022-07-23 14:19 - 2022-07-23 14:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2022-07-23 13:59 - 2022-07-23 13:59 - 000000232 _____ C:\Users\Unknown\Desktop\discord_backup_codes.txt
2022-07-23 13:41 - 2022-07-23 13:41 - 000000000 ____D C:\ProgramData\boost_interprocess
2022-07-23 13:40 - 2022-07-23 13:40 - 000006881 _____ C:\Users\Unknown\-1.14-windows.xml
2022-07-23 13:39 - 2022-07-23 13:39 - 000000000 ____D C:\Users\Public\BlueStacks
2022-07-23 13:38 - 2022-07-23 13:49 - 000000000 ____D C:\Users\Unknown\AppData\Local\BlueStacks
2022-07-22 15:48 - 2022-07-22 15:48 - 000000711 _____ C:\Users\Unknown\Desktop\Stray.lnk
2022-07-22 15:48 - 2022-07-22 15:48 - 000000000 ____D C:\Users\Unknown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stray
2022-07-22 15:47 - 2022-07-22 15:47 - 000000000 ____D C:\Games
2022-07-21 12:58 - 2022-07-21 12:58 - 000000000 ____D C:\ProgramData\Steam
2022-07-21 11:44 - 2022-07-21 11:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games
2022-07-19 21:10 - 2022-07-21 20:20 - 000000000 ____D C:\Users\Unknown\AppData\Roaming\DarknessII
2022-07-15 09:42 - 2022-07-15 09:42 - 002260480 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2022-07-15 09:42 - 2022-07-15 09:42 - 000693248 _____ C:\Windows\system32\FsNVSDeviceSource.dll
2022-07-15 09:42 - 2022-07-15 09:42 - 000640512 _____ C:\Windows\system32\SettingSyncDownloadHelper.dll
2022-07-15 09:42 - 2022-07-15 09:42 - 000530944 _____ (curl, hxxps://curl.se/) C:\Windows\system32\curl.exe
2022-07-15 09:42 - 2022-07-15 09:42 - 000470528 _____ (curl, hxxps://curl.se/) C:\Windows\SysWOW64\curl.exe
2022-07-15 09:42 - 2022-07-15 09:42 - 000288768 _____ C:\Windows\system32\Windows.Management.InprocObjects.dll
2022-07-15 09:42 - 2022-07-15 09:42 - 000270848 _____ C:\Windows\system32\EsclScan.dll
2022-07-15 09:42 - 2022-07-15 09:42 - 000152064 _____ C:\Windows\system32\EsclProtocol.dll
2022-07-15 09:42 - 2022-07-15 09:42 - 000061952 _____ C:\Windows\system32\printticketvalidation.dll
2022-07-15 09:42 - 2022-07-15 09:42 - 000057344 _____ C:\Windows\system32\APMonUI.dll
2022-07-15 09:42 - 2022-07-15 09:42 - 000033280 _____ (Microsoft Corporation) C:\Windows\system32\mode.com
2022-07-15 09:42 - 2022-07-15 09:42 - 000026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mode.com
2022-07-15 09:42 - 2022-07-15 09:42 - 000024576 _____ C:\Windows\system32\WsdProviderUtil.dll
2022-07-15 09:42 - 2022-07-15 09:42 - 000020992 _____ (Microsoft Corporation) C:\Windows\system32\tree.com
2022-07-15 09:42 - 2022-07-15 09:42 - 000018944 _____ C:\Windows\SysWOW64\WsdProviderUtil.dll
2022-07-15 09:42 - 2022-07-15 09:42 - 000017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tree.com
2022-07-15 09:42 - 2022-07-15 09:42 - 000014848 _____ (Microsoft Corporation) C:\Windows\system32\chcp.com
2022-07-15 09:42 - 2022-07-15 09:42 - 000012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chcp.com
2022-07-15 09:42 - 2022-07-15 09:42 - 000011811 _____ C:\Windows\system32\DrtmAuthTxt.wim
2022-07-15 09:37 - 2022-07-15 09:37 - 000000000 ___HD C:\$WinREAgent
2022-07-14 11:52 - 2022-07-14 11:52 - 000000000 ____D C:\Users\Unknown\Documents\AutomaticSolution Software
2022-07-14 00:43 - 2022-07-14 00:43 - 000000053 _____ C:\Users\Unknown\.git-for-windows-updater
2022-07-13 12:38 - 2022-07-13 12:38 - 000000000 ____D C:\Users\Unknown\AppData\Local\ARKBreedingStats
2022-07-13 12:37 - 2022-07-19 15:21 - 000000000 ____D C:\Users\Unknown\AppData\Local\ARK Smart Breeding
2022-07-13 12:37 - 2022-07-13 12:37 - 000001220 _____ C:\Users\Public\Desktop\ARK Smart Breeding.lnk
2022-07-13 12:37 - 2022-07-13 12:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ARK Smart Breeding
2022-07-13 12:37 - 2022-07-13 12:37 - 000000000 ____D C:\Program Files (x86)\ARK Smart Breeding
2022-07-13 00:43 - 2022-07-13 00:43 - 000002594 _____ C:\Windows\system32\Tasks\Git for Windows Updater
2022-07-13 00:43 - 2022-07-13 00:43 - 000001764 _____ C:\Users\Public\Desktop\Git Bash.lnk
2022-07-13 00:43 - 2022-07-13 00:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
2022-07-13 00:24 - 2022-07-13 00:24 - 000001362 _____ C:\Users\Unknown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Git for Windows.lnk
2022-07-11 00:37 - 2022-07-11 00:37 - 000000000 ____D C:\Users\Unknown\AppData\Local\pip
2022-07-11 00:35 - 2022-07-11 00:35 - 000000000 ____D C:\Users\Unknown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.10
2022-07-11 00:35 - 2022-07-11 00:35 - 000000000 ____D C:\Users\Unknown\AppData\Local\Package Cache
2022-07-11 00:28 - 2022-07-11 00:28 - 000000047 _____ C:\Users\Unknown\.bash_history
2022-07-11 00:24 - 2022-07-13 00:43 - 000000000 ____D C:\Program Files\Git
2022-07-11 00:15 - 2022-07-11 00:38 - 000000000 ____D C:\Users\Unknown\Desktop\MHDDoS
2022-07-11 00:13 - 2022-07-23 13:31 - 000000000 ____D C:\Users\Unknown\AppData\Local\PlaceholderTileLogoFolder
2022-07-10 23:54 - 2022-07-11 00:17 - 000007614 _____ C:\Users\Unknown\AppData\Local\Resmon.ResmonCfg
2022-07-10 22:24 - 2022-07-10 22:25 - 000000000 ____D C:\Users\Unknown\AppData\Roaming\Wireshark
2022-07-10 22:17 - 2022-07-10 22:17 - 000001827 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2022-07-10 22:17 - 2022-07-10 22:17 - 000001815 _____ C:\Users\Public\Desktop\Wireshark.lnk
2022-07-10 22:17 - 2022-07-10 22:17 - 000000000 ____D C:\Windows\SysWOW64\Npcap
2022-07-10 22:17 - 2022-07-10 22:17 - 000000000 ____D C:\Windows\system32\Npcap
2022-07-10 22:16 - 2022-07-10 22:17 - 000000000 ____D C:\Program Files\Wireshark
2022-07-10 22:01 - 2022-07-10 22:01 - 000000000 ____D C:\TFTP-Root
2022-07-10 22:00 - 2022-07-10 22:12 - 000000031 _____ C:\ProgramData\swi500b08e4-f553-418c-941d-d523edc3e2a0.txt
2022-07-10 22:00 - 2022-07-10 22:01 - 000000000 ____D C:\Users\Unknown\AppData\Local\SolarWinds
2022-07-10 22:00 - 2022-07-10 22:00 - 000000000 ____D C:\Users\Unknown\AppData\Local\Solarwinds Toolset Installs
2022-07-10 21:59 - 2022-07-10 22:15 - 000000000 ____D C:\ProgramData\SolarWinds
2022-07-10 21:59 - 2022-07-10 21:59 - 000000000 ____D C:\Users\Unknown\AppData\Local\f9027c8f-f115-4617-b716-19de7ec5e9d6
2022-07-10 21:59 - 2022-07-10 21:59 - 000000000 ____D C:\Users\Unknown\AppData\Local\Applications
2022-07-10 21:59 - 2022-07-10 21:59 - 000000000 ____D C:\ProgramData\Applications
2022-07-10 21:59 - 2022-07-10 21:59 - 000000000 ____D C:\Program Files (x86)\Microsoft Corporation
2022-07-10 21:54 - 2022-07-10 21:54 - 000000218 _____ C:\Users\Unknown\AppData\Local\recently-used.xbel
2022-07-10 21:17 - 2022-07-10 21:54 - 000000000 ____D C:\Users\Unknown\.zenmap
2022-07-10 21:15 - 2022-07-10 21:15 - 000001036 _____ C:\Users\Unknown\Desktop\Nmap - Zenmap GUI.lnk
2022-07-10 21:15 - 2022-07-10 21:15 - 000000000 ____D C:\Users\Unknown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nmap
2022-07-10 21:14 - 2022-07-10 22:17 - 000000000 ____D C:\Program Files\Npcap
2022-07-10 21:14 - 2022-07-10 21:15 - 000000000 ____D C:\Program Files (x86)\Nmap
2022-07-07 21:04 - 2022-07-07 21:04 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2022-07-07 14:47 - 2022-07-09 10:02 - 000000000 ____D C:\Users\Unknown\Desktop\dControl
2022-07-07 11:01 - 2022-07-07 11:01 - 000007131 _____ C:\Windows\Simple Static IP Setup Log.txt
2022-07-07 11:01 - 2022-07-07 11:01 - 000002078 _____ C:\Users\Unknown\Desktop\Simple Static IP.lnk
2022-07-07 11:01 - 2022-07-07 11:01 - 000000000 ____D C:\Windows\Simple Static IP
2022-07-07 11:01 - 2022-07-07 11:01 - 000000000 ____D C:\Users\Unknown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Simple Static IP
2022-07-07 11:01 - 2022-07-07 11:01 - 000000000 ____D C:\Program Files (x86)\Simple Static IP
2022-07-06 00:31 - 2022-07-06 00:31 - 000000000 ____D C:\Users\Unknown\AppData\Local\ZIsland
2022-07-06 00:31 - 2022-07-06 00:31 - 000000000 ____D C:\Users\Unknown\AppData\Local\UnrealEngine
2022-07-03 09:47 - 2022-07-03 09:47 - 000003344 _____ C:\Windows\system32\Tasks\QuickCPUx64
2022-07-02 13:10 - 2022-07-02 13:10 - 000000000 ____D C:\Users\Unknown\AppData\LocalLow\MogWomp Games
2022-07-01 21:34 - 2022-07-23 15:41 - 000008192 ___SH C:\DumpStack.log.tmp
2022-07-01 21:34 - 2022-07-01 21:34 - 000000000 ____D C:\Windows\Minidump
2022-07-01 17:55 - 2022-07-01 17:55 - 000000000 ____D C:\Users\Unknown\AppData\LocalLow\RiezOn
2022-07-01 17:42 - 2022-07-01 17:42 - 000000000 ____D C:\Users\Unknown\AppData\LocalLow\Team Nimbus
2022-07-01 14:45 - 2022-07-01 14:45 - 000001243 _____ C:\Users\Public\Desktop\AORUS ENGINE.lnk
2022-07-01 14:32 - 2022-07-01 14:32 - 000001199 _____ C:\Users\Public\Desktop\HyperX NGenuity.lnk
2022-07-01 14:31 - 2022-07-01 14:31 - 001215199 _____ C:\Windows\unins000.exe
2022-07-01 14:12 - 2022-07-23 15:02 - 000000000 ____D C:\Program Files\QuickCPU
2022-07-01 14:12 - 2022-07-01 14:22 - 000000000 ____D C:\Users\Unknown\AppData\Local\Coderbag
2022-07-01 14:12 - 2022-07-01 14:12 - 000000990 _____ C:\Users\Public\Desktop\QuickCPU.lnk
2022-07-01 14:12 - 2022-07-01 14:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickCPU64
2022-07-01 14:12 - 2019-10-19 00:12 - 000897728 _____ (CoderBag) C:\Users\Unknown\Desktop\UnparkCpu.exe
2022-07-01 14:07 - 2019-09-03 10:35 - 000000020 _____ C:\Users\Unknown\Desktop\autoexec.bat
2022-07-01 14:07 - 2019-08-13 11:09 - 016777216 _____ C:\Users\Unknown\Desktop\Z370PD3.F14

 

[MrPandaBear]

2022-07-01 14:07 - 2019-04-09 10:09 - 000085804 ____R C:\Users\Unknown\Desktop\Efiflash.exe
2022-06-29 00:01 - 2022-07-23 14:40 - 000000000 ____D C:\Users\Unknown\AppData\Roaming\qBittorrent
2022-06-29 00:01 - 2022-06-29 00:01 - 000000893 _____ C:\Users\Public\Desktop\qBittorrent.lnk
2022-06-29 00:01 - 2022-06-29 00:01 - 000000000 ____D C:\Users\Unknown\AppData\Local\qBittorrent
2022-06-29 00:01 - 2022-06-29 00:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2022-06-29 00:01 - 2022-06-29 00:01 - 000000000 ____D C:\Program Files\qBittorrent
2022-06-28 16:39 - 2022-06-28 16:39 - 000000000 ____D C:\Users\Unknown\AppData\Local\DBG
2022-06-28 16:35 - 2022-06-24 06:05 - 000129032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2022-06-28 16:35 - 2022-06-24 06:05 - 000041984 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhdap64.dll
2022-06-28 16:33 - 2022-06-24 20:23 - 001905928 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2022-06-28 16:33 - 2022-06-24 20:23 - 001905928 _____ C:\Windows\system32\vulkaninfo.exe
2022-06-28 16:33 - 2022-06-24 20:23 - 001478416 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2022-06-28 16:33 - 2022-06-24 20:23 - 001478416 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2022-06-28 16:33 - 2022-06-24 20:23 - 001472552 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2022-06-28 16:33 - 2022-06-24 20:23 - 001432336 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2022-06-28 16:33 - 2022-06-24 20:23 - 001432336 _____ C:\Windows\system32\vulkan-1.dll
2022-06-28 16:33 - 2022-06-24 20:23 - 001213424 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2022-06-28 16:33 - 2022-06-24 20:23 - 001145616 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2022-06-28 16:33 - 2022-06-24 20:23 - 001145616 _____ C:\Windows\SysWOW64\vulkan-1.dll
2022-06-28 16:33 - 2022-06-24 20:20 - 000866344 _____ C:\Windows\system32\nvofapi64.dll
2022-06-28 16:33 - 2022-06-24 20:20 - 000687592 _____ C:\Windows\SysWOW64\nvofapi.dll
2022-06-28 16:33 - 2022-06-24 20:19 - 002127848 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2022-06-28 16:33 - 2022-06-24 20:19 - 001537072 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2022-06-28 16:33 - 2022-06-24 20:19 - 001182712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2022-06-28 16:33 - 2022-06-24 20:19 - 000771576 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2022-06-28 16:33 - 2022-06-24 20:19 - 000715304 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2022-06-28 16:33 - 2022-06-24 20:18 - 010270272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2022-06-28 16:33 - 2022-06-24 20:18 - 008804416 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2022-06-28 16:33 - 2022-06-24 20:18 - 003067456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2022-06-28 16:33 - 2022-06-24 20:18 - 001608232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2022-06-28 16:33 - 2022-06-24 20:18 - 001059880 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2022-06-28 16:33 - 2022-06-24 20:18 - 000845296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2022-06-28 16:33 - 2022-06-24 20:18 - 000456200 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2022-06-28 16:33 - 2022-06-24 20:17 - 005734408 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2022-06-28 16:33 - 2022-06-24 20:17 - 005363264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2022-06-28 16:33 - 2022-06-24 20:17 - 000853568 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2022-06-28 16:33 - 2022-06-24 20:15 - 007483928 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2022-06-28 16:33 - 2022-06-24 20:15 - 006366912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2022-06-28 16:33 - 2022-06-24 06:05 - 000093241 _____ C:\Windows\system32\nvinfo.pb
2022-06-27 16:26 - 2022-06-27 16:26 - 000000000 ____D C:\Users\Unknown\AppData\Local\IsolatedStorage
2022-06-23 17:10 - 2022-06-23 17:10 - 000000000 ____D C:\Users\Unknown\.swt

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-07-23 18:43 - 2021-12-21 13:23 - 000000000 ____D C:\Windows\system32\SleepStudy
2022-07-23 18:43 - 2019-12-07 12:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-07-23 18:42 - 2022-01-10 20:11 - 000000000 ____D C:\Program Files (x86)\Steam
2022-07-23 18:41 - 2022-01-10 19:57 - 000000000 ____D C:\Program Files (x86)\Google
2022-07-23 18:12 - 2022-05-03 20:33 - 000000000 ____D C:\Users\Unknown\AppData\Roaming\discord
2022-07-23 16:56 - 2022-05-03 19:37 - 000000000 ____D C:\Users\Unknown\AppData\Local\D3DSCache
2022-07-23 16:51 - 2022-01-30 21:20 - 000000000 ____D C:\ProgramData\VS Revo Group
2022-07-23 16:51 - 2022-01-30 21:20 - 000000000 ____D C:\Program Files\VS Revo Group
2022-07-23 16:30 - 2022-05-03 21:17 - 000000000 ____D C:\Users\Unknown\AppData\LocalLow\Mozilla
2022-07-23 16:11 - 2022-01-10 20:09 - 000000000 ____D C:\ProgramData\NVIDIA
2022-07-23 15:45 - 2021-12-21 04:32 - 000840878 _____ C:\Windows\system32\PerfStringBackup.INI
2022-07-23 15:45 - 2019-12-07 12:13 - 000000000 ____D C:\Windows\INF
2022-07-23 15:43 - 2022-06-20 16:16 - 000000000 ____D C:\Program Files\CCleaner
2022-07-23 15:41 - 2022-02-26 23:23 - 000000000 ____D C:\Program Files\7-Zip
2022-07-23 15:41 - 2021-12-21 13:23 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-07-23 15:40 - 2019-12-07 12:14 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2022-07-23 15:40 - 2019-12-07 12:03 - 000524288 _____ C:\Windows\system32\config\BBI
2022-07-23 15:28 - 2022-01-31 08:33 - 000001143 _____ C:\Users\Public\Desktop\VLC media player.lnk
2022-07-23 15:28 - 2022-01-11 13:22 - 000000877 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2022-07-23 15:26 - 2022-06-20 16:06 - 000003292 _____ C:\Windows\system32\Tasks\Driver Booster SkipUAC (Unknown)
2022-07-23 15:26 - 2022-06-20 16:06 - 000003162 _____ C:\Windows\system32\Tasks\Driver Booster Update
2022-07-23 15:19 - 2022-05-03 20:32 - 000000000 ____D C:\Users\Unknown\AppData\Local\SquirrelTemp
2022-07-23 15:19 - 2022-01-10 19:57 - 000000000 ____D C:\Users\Unknown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2022-07-23 15:10 - 2022-05-24 14:33 - 000000000 ____D C:\Users\Unknown\AppData\Roaming\WhatsApp
2022-07-23 15:02 - 2022-05-03 19:13 - 000000000 ____D C:\Users\Unknown\AppData\Roaming\IObit
2022-07-23 15:02 - 2022-01-10 19:59 - 000000000 ____D C:\Program Files (x86)\IObit
2022-07-23 15:00 - 2019-12-07 12:03 - 000000000 ____D C:\Windows\CbsTemp
2022-07-23 14:55 - 2022-02-22 14:59 - 000840878 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2022-07-23 14:40 - 2022-05-18 13:24 - 000000000 ____D C:\Users\Unknown\AppData\Local\CrashDumps
2022-07-23 14:35 - 2019-12-07 12:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2022-07-23 14:33 - 2022-05-27 22:01 - 000000000 ____D C:\Users\Unknown\AppData\Roaming\Notepad++
2022-07-23 14:33 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\AppReadiness
2022-07-23 14:19 - 2022-05-09 10:28 - 000000000 ____D C:\Users\Unknown\AppData\LocalLow\IObit
2022-07-23 14:19 - 2022-01-10 19:59 - 000000000 ____D C:\ProgramData\ProductData
2022-07-23 13:41 - 2022-01-10 19:53 - 000000000 ____D C:\Users\Unknown
2022-07-23 13:31 - 2022-01-10 19:53 - 000000000 ____D C:\Users\Unknown\AppData\Local\Packages
2022-07-23 13:31 - 2019-12-07 12:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-07-23 09:06 - 2022-01-11 13:18 - 000000000 ____D C:\Users\Unknown\AppData\Local\Adobe
2022-07-22 15:55 - 2022-06-04 00:52 - 000000000 ____D C:\Users\Unknown\AppData\Local\Disc_Soft_Ltd
2022-07-21 20:01 - 2022-02-11 16:41 - 000000000 ____D C:\Program Files\Cheat Engine 7.4
2022-07-21 18:50 - 2022-05-03 19:15 - 000000000 ____D C:\Users\Unknown\AppData\Roaming\RenPy
2022-07-21 08:59 - 2021-12-21 13:23 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-07-21 08:59 - 2021-12-21 13:23 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-07-20 15:50 - 2021-12-21 04:38 - 000000000 ____D C:\Program Files\Microsoft Office
2022-07-20 10:54 - 2021-12-21 13:23 - 000463888 _____ C:\Windows\system32\FNTCACHE.DAT
2022-07-20 10:54 - 2019-12-07 12:52 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-07-20 10:54 - 2019-12-07 12:14 - 000000000 ___RD C:\Windows\PrintDialog
2022-07-20 10:54 - 2019-12-07 12:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2022-07-20 10:54 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2022-07-20 10:54 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\SystemResources
2022-07-20 10:54 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2022-07-20 10:54 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\system32\setup
2022-07-20 10:54 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\system32\oobe
2022-07-20 10:54 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\system32\es-MX
2022-07-20 10:54 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\system32\DDFs
2022-07-20 10:54 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\ShellExperiences
2022-07-20 10:54 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\ShellComponents
2022-07-20 10:54 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2022-07-20 10:54 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\bcastdvr
2022-07-20 00:44 - 2022-01-10 19:58 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-07-20 00:44 - 2022-01-10 19:58 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-07-19 23:23 - 2022-05-24 14:33 - 000000000 ____D C:\Users\Unknown\AppData\Local\WhatsApp
2022-07-16 20:04 - 2022-05-04 00:15 - 000000000 ____D C:\Users\Unknown\AppData\Roaming\vlc
2022-07-16 16:03 - 2021-12-21 13:23 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-07-15 09:42 - 2021-12-21 04:25 - 003010560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2022-07-14 09:46 - 2022-01-10 19:56 - 000000000 ____D C:\Windows\system32\MRT
2022-07-14 09:44 - 2022-01-10 19:55 - 146546848 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2022-07-11 00:19 - 2022-01-10 20:09 - 000000000 ____D C:\ProgramData\Package Cache
2022-07-11 00:14 - 2021-12-21 04:25 - 000000000 ____D C:\ProgramData\Packages
2022-07-07 21:04 - 2022-06-10 09:18 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-07-07 21:04 - 2022-01-10 19:57 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-07-07 21:04 - 2022-01-10 19:57 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-07-07 14:30 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\system32\NDF
2022-07-07 08:25 - 2022-02-21 13:08 - 000000000 ____D C:\Users\Unknown\.junique
2022-07-05 18:04 - 2022-06-22 13:15 - 000000000 ____D C:\Users\Unknown\AppData\Local\NordVPN
2022-07-04 20:50 - 2022-01-11 13:20 - 000002778 _____ C:\Windows\system32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-9QCU0QU-Unknown
2022-07-01 16:51 - 2022-02-01 17:05 - 000000000 ____D C:\ProgramData\MEGAsync
2022-07-01 14:42 - 2022-01-11 18:39 - 000000000 ____D C:\Program Files (x86)\Razer
2022-07-01 14:32 - 2022-05-03 21:10 - 000000000 ____D C:\Users\Unknown\AppData\Roaming\HyperX
2022-07-01 14:32 - 2022-01-10 20:31 - 006606103 _____ C:\Windows\unins000.dat
2022-07-01 14:21 - 2022-01-11 18:46 - 000000000 ____D C:\Users\Unknown\AppData\Local\Razer
2022-07-01 14:21 - 2022-01-11 18:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2022-07-01 14:21 - 2022-01-11 18:45 - 000000000 ____D C:\Program Files\Razer
2022-07-01 14:21 - 2022-01-11 18:39 - 000000000 ____D C:\ProgramData\Razer
2022-07-01 14:04 - 2022-01-15 13:34 - 000026192 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2022-07-01 14:00 - 2022-01-11 21:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
2022-06-29 19:22 - 2022-06-22 13:15 - 000000000 ____D C:\Program Files\NordVPN
2022-06-29 19:22 - 2022-01-30 20:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordSec
2022-06-28 23:59 - 2022-01-10 19:58 - 000000000 ____D C:\ProgramData\IObit
2022-06-28 16:38 - 2022-01-10 20:09 - 000000000 ____D C:\Users\Unknown\AppData\Local\NVIDIA
2022-06-27 16:26 - 2022-06-22 13:20 - 000000000 ____D C:\ProgramData\NordVPN
2022-06-25 18:16 - 2022-06-16 01:39 - 000009704 _____ C:\Users\Unknown\Desktop\lw.ahk
2022-06-23 19:56 - 2022-01-10 20:03 - 000000548 _____ C:\Users\Unknown\Desktop\NordVpnACcounts.txt
2022-06-23 19:42 - 2022-06-22 13:15 - 000001961 _____ C:\Users\Unknown\Desktop\NordVPN.lnk
2022-06-23 08:37 - 2021-12-21 13:23 - 000000000 ____D C:\Windows\system32\Drivers\wd

==================== Files in the root of some directories ========

2022-07-10 21:54 - 2022-07-10 21:54 - 000000218 _____ () C:\Users\Unknown\AppData\Local\recently-used.xbel
2022-07-10 23:54 - 2022-07-11 00:17 - 000007614 _____ () C:\Users\Unknown\AppData\Local\Resmon.ResmonCfg
2022-07-10 21:17 - 2022-07-10 21:17 - 000000000 _____ () C:\Users\Unknown\AppData\Local\zenmap.exe.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

[MrPandaBear]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2022
Ran by Unknown (23-07-2022 18:50:45)
Running from C:\Users\Unknown\Downloads
Microsoft Windows 10 Pro Version 21H2 19044.1826 (X64) (2022-01-10 16:51:33)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3635629567-1418942999-3944559301-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3635629567-1418942999-3944559301-503 - Limited - Disabled)
Guest (S-1-5-21-3635629567-1418942999-3944559301-501 - Limited - Disabled)
Unknown (S-1-5-21-3635629567-1418942999-3944559301-1002 - Administrator - Enabled) => C:\Users\Unknown
WDAGUtilityAccount (S-1-5-21-3635629567-1418942999-3944559301-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@Bios (HKLM-x32\...\{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 4.22.0510.1 - GIGABYTE) Hidden
@Bios (HKLM-x32\...\InstallShield_{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 4.22.0510.1 - GIGABYTE)
7-Zip 22.01 (x64) (HKLM\...\7-Zip) (Version: 22.01 - Igor Pavlov)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
AdsPower 4.1.6 (HKLM\...\95791158-c00d-5eca-96af-dfe20f567b3a) (Version: 4.1.6 - AdsPower)
AORUS ENGINE (HKLM-x32\...\AORUS ENGINE_is1) (Version: 2.1.7.0 - GIGABYTE Technology Co.,Inc.)
APP Center (HKLM-x32\...\{D50BEE9A-0EC6-4A58-BF90-35BDC6D6495D}) (Version: 3.22.0623.1 - Gigabyte) Hidden
APP Center (HKLM-x32\...\InstallShield_{D50BEE9A-0EC6-4A58-BF90-35BDC6D6495D}) (Version: 3.22.0623.1 - Gigabyte)
ARK Smart Breeding version 0.50.0.0 (HKLM-x32\...\{8DDA440C-714D-4BE6-AD7B-F549ABB1BB02}_is1) (Version: 0.50.0.0 - cadon & friends)
AutoHotkey 1.1.34.03 (HKLM\...\AutoHotkey) (Version: 1.1.34.03 - Lexikos)
BIOS Setup (HKLM-x32\...\{9D48202D-C767-40E7-8A4E-C14BD7328168}) (Version: 1.17.0621.1 - GIGABYTE) Hidden
BIOS Setup (HKLM-x32\...\InstallShield_{9D48202D-C767-40E7-8A4E-C14BD7328168}) (Version: 1.17.0621.1 - GIGABYTE)
CCleaner (HKLM\...\CCleaner) (Version: 6.02 - Piriform)
Cheat Engine 7.4 (HKLM\...\Cheat Engine_is1) (Version: - Cheat Engine)
CPUID CPU-Z 2.01 (HKLM\...\CPUID CPU-Z_is1) (Version: 2.01 - CPUID, Inc.)
Crucial Storage Executive (HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\...\Crucial Storage Executive 7.07.072021.00) (Version: 7.12.122021.04 - Crucial)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 11.0.0.1946 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\...\Discord) (Version: 1.0.9005 - Discord Inc.)
Driver Booster 9 (HKLM-x32\...\Driver Booster_is1) (Version: 9.4.0 - IObit)
EasyTune (HKLM-x32\...\{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}) (Version: 1.22.0309 - GIGABYTE) Hidden
EasyTune (HKLM-x32\...\InstallShield_{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}) (Version: 1.22.0309 - GIGABYTE)
EasyTuneEngineService (HKLM-x32\...\{964575C3-5820-4642-A89A-754255B5EFE1}) (Version: 1.22.0504 - GIGABYTE) Hidden
EasyTuneEngineService (HKLM-x32\...\InstallShield_{964575C3-5820-4642-A89A-754255B5EFE1}) (Version: 1.22.0504 - GIGABYTE)
f.lux (HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\...\Flux) (Version: - f.lux Software LLC)
Far Cry 6 (HKLM-x32\...\Far Cry 6_is1) (Version: - )
FastBoot (HKLM-x32\...\{FA8FB4F2-F524-48E1-A06C-45602FBF26CD}) (Version: 1.21.1214 - GIGABYTE) Hidden
FastBoot (HKLM-x32\...\InstallShield_{FA8FB4F2-F524-48E1-A06C-45602FBF26CD}) (Version: 1.21.1214 - GIGABYTE)
Game Boost (HKLM-x32\...\{644B5310-D2AA-42A8-9F3B-7B92C856C8D7}) (Version: 1.00.0007 - Gigabyte) Hidden
Game Boost (HKLM-x32\...\InstallShield_{644B5310-D2AA-42A8-9F3B-7B92C856C8D7}) (Version: 1.00.0007 - Gigabyte)
Git (HKLM\...\Git_is1) (Version: 2.37.1 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 103.0.5060.134 - Google LLC)
GService (HKLM-x32\...\{D9CB4282-7B2A-4840-AD1D-9DA72B973DD9}) (Version: 1.16.1202.1 - GIGABYTE)
Gyazo 4.3.2.0 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
HyperX NGenuity Software (HKLM-x32\...\{28211B6A-65EE-4713-8677-E8D41349A122}_is1) (Version: 5.2.8.1 - HyperX)
Intel(R) Chipset Device Software (HKLM\...\{89D00C61-DC40-4846-B938-E2E6158EDAAA}) (Version: 10.1.18836.8283 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{9b79ab4c-1596-44ee-84e2-a2001f7af089}) (Version: 10.1.18836.8283 - Intel(R) Corporation)
Intel(R) Management Engine Components (HKLM\...\{09DAB6B6-FBEF-4AC5-AE93-BFF01A0B796D}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1846.12.0.1177 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{B557A9A1-D64B-43D7-B598-F7BAAE897CF3}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Driver (HKLM\...\{3479FCE3-F7D2-4980-819A-767941440932}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.50.638.1 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.50.638.1 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{99ee3c29-c7cd-450f-8db9-d43cc49de1c7}) (Version: 1.50.638.1 - Intel Corporation) Hidden
IObit Uninstaller 11 (HKLM-x32\...\IObitUninstall) (Version: 11.6.0.7 - IObit)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 103.0.1264.62 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 103.0.1264.62 - Microsoft Corporation)
Microsoft Interop Forms Redistributable Package 2.0a (HKLM-x32\...\{76D1AA2B-A434-4D63-BE2C-80286F23C223}) (Version: 2.0.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2021 - en-us (HKLM\...\ProPlus2021Retail - en-us) (Version: 16.0.15330.20264 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\...\Teams) (Version: 1.4.00.32771 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{B81577B2-3AD0-4AFD-A19C-87F673C09D0C}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{62678770-F459-4903-83E3-A2968F6CC242}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{3994d355-238a-4612-af93-26d13deddef1}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 (HKLM\...\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660 (HKLM\...\{CB0836EC-B072-368D-82B2-D3470BF95707}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM-x32\...\{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM-x32\...\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.31.31103 (HKLM-x32\...\{2aaf1df0-eb13-4099-9992-962bb4e596d1}) (Version: 14.31.31103.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.30.30704 (HKLM-x32\...\{4d8dcf8c-a72a-43e1-9833-c12724db736e}) (Version: 14.30.30704.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.31.31103 (HKLM\...\{A977984B-9244-49E3-BD24-43F0A8009667}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.31.31103 (HKLM\...\{A181A302-3F6D-4BAD-97A8-A426A6499D78}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.30.30704 (HKLM-x32\...\{BF08E976-B92E-4336-B56F-2171179476C4}) (Version: 14.30.30704 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.30.30704 (HKLM-x32\...\{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}) (Version: 14.30.30704 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minion (HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\...\{Minion}}_is1) (Version: 3.0 - Good Game Mods LLC)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 102.0.1 (x64 en-US)) (Version: 102.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 95.0.2 - Mozilla)
Nmap 7.92 (HKLM-x32\...\Nmap) (Version: 7.92 - Nmap Project)
NordUpdater (HKLM\...\{6E35DB82-3D19-4DD6-B8CB-F082815FDE18}_is1) (Version: 1.2.2.116 - Nord Security)
NordVPN (HKLM\...\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 6.47.22.0 - Nord Security)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.4.4 - Notepad++ Team)
Npcap (HKLM-x32\...\NpcapInst) (Version: 1.60 - Nmap Project)
NVIDIA FrameView SDK 1.2.7521.31103277 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.2.7521.31103277 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.25.1.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.25.1.27 - NVIDIA Corporation)
NVIDIA Graphics Driver 516.59 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 516.59 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.39.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.39.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15330.20230 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15330.20230 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OptaneDowngradeGuard (HKLM\...\{86B0E6C1-32E0-42CC-BC4F-BF3C0730CECB}) (Version: 18.0.0.0 - Intel Corporation) Hidden
PlatformPowerManagement (HKLM-x32\...\{7A6EB543-522C-4784-9DB5-4FC87522EBDF}) (Version: 1.19.0226.1 - GIGABYTE) Hidden
PlatformPowerManagement (HKLM-x32\...\InstallShield_{7A6EB543-522C-4784-9DB5-4FC87522EBDF}) (Version: 1.19.0226.1 - GIGABYTE)
Port Forward Network Utilities version 3.3.0.0 (HKLM-x32\...\{532683E3-230C-49B0-9609-10A5228F1445}_is1) (Version: 3.3.0.0 - Portforward, LLC)
Python 3.10.5 (64-bit) (HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\...\{e15803b8-d809-47f3-8818-73f0d155cf58}) (Version: 3.10.5150.0 - Python Software Foundation)
Python 3.10.5 Add to Path (64-bit) (HKLM\...\{514A924A-361B-4BF4-8FD0-1A431CE7C56E}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Core Interpreter (64-bit) (HKLM\...\{496B2CAE-CF79-440A-82F1-7587559ABA00}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Development Libraries (64-bit) (HKLM\...\{7B0F6EAD-C8A1-4496-8492-801EDE1A6323}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Documentation (64-bit) (HKLM\...\{3BC23B98-3D25-4A74-98FD-A1BE957A1340}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Executables (64-bit) (HKLM\...\{0FE1250F-6DD6-4948-B211-741B7CDBB335}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 pip Bootstrap (64-bit) (HKLM\...\{C3B084B6-D193-4633-BBB4-E890AAB946A2}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Standard Library (64-bit) (HKLM\...\{67F90672-C696-4DBB-8F33-95CCCFA21DCE}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Tcl/Tk Support (64-bit) (HKLM\...\{7F7E3C5D-2A37-4F1D-8E8C-3BB073D36BFE}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Test Suite (64-bit) (HKLM\...\{269FCA5D-D0CF-43B2-B656-24DF6DAA0D4E}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Utility Scripts (64-bit) (HKLM\...\{BBD9CCC0-981B-4976-91EC-4C1E637BCF85}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{25196DA8-29BD-4383-B7B5-B36C3BAF43F3}) (Version: 3.10.7826.0 - Python Software Foundation)
qBittorrent 4.4.3.1 (HKLM-x32\...\qBittorrent) (Version: 4.4.3.1 - The qBittorrent project)
Quick CPU x64 (HKLM\...\{B7CFC907-C4BD-45E9-9E23-A3D0FDBC98CC}) (Version: 4.3.2.0 - CoderBag)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9257.1 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.050.0511.2021 - Realtek)
Revo Uninstaller Pro 5.0.3 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 5.0.3 - VS Revo Group, Ltd.)
RogueKiller version 15.5.3.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.5.3.0 - Adlice Software)
RstDowngradeGuard (HKLM\...\{13C2A26E-7AD4-4D82-BB4F-DEA6E871B958}) (Version: 18.0.0.0 - Intel Corporation) Hidden
SGX Install (HKLM-x32\...\{3EC52501-2CDF-46D9-AA54-9205C96A5EFE}) (Version: 2.3.100.49777 - GIGABYTE)
Simple Static IP (HKLM-x32\...\Simple Static IP) (Version: 1.3.0 - PcWinTech.com)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Technitium MAC Address Changer v6.0 (HKLM-x32\...\TMACv6.0) (Version: 6.0 - Technitium)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 2.6.3.0 - Zenimax Online Studios)
UCheck version 4.4.2.0 (HKLM\...\C4E7EE54-826F-41C4-BE3C-375CC70DC1D8_is1) (Version: 4.4.2.0 - Adlice Software)
UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.17.4 - VideoLAN)
Warframe (HKLM-x32\...\{556A0B3C-56CB-40C2-BA13-E72C2601DC47}) (Version: 1.0.0 - Digital Extremes)
WhatsApp (HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\...\WhatsApp) (Version: 2.2222.12 - WhatsApp)
WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH)
Wireshark 3.6.6 64-bit (HKLM-x32\...\Wireshark) (Version: 3.6.6 - The Wireshark developer community, hxxps://www.wireshark.org)

Packages:
=========
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1026.0_x64__8j3eq9eme6ctt [2022-04-03] (INTEL CORP)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.13.7040.0_x64__8wekyb3d8bbwe [2022-07-14] (Microsoft Studios) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.962.0_x64__56jybvy8sckqj [2022-06-28] (NVIDIA Corp.)
QR Code for Windows 10 -> C:\Program Files\WindowsApps\17036IYIA.QRCodeforWindows10_8.0.2.0_x64__dggz0n4pnn0ge [2022-07-23] (IYIA)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.30.258.0_x64__dt26b99r8h8gj [2022-04-09] (Realtek Semiconductor Corp)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2022-07-01] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2022-07-01] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2022-07-01] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Windows\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_1efab149a3626196\OptaneShellExt.dll [2021-02-25] (Intel(R) Rapid Storage Technology -> )
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2022-07-15] (Notepad++ -> )
ContextMenuHandlers1: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2021-12-14] (IObit CO., LTD -> IObit)
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2021-12-14] (IObit CO., LTD -> IObit)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2022-07-01] (Mega Limited -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2022-01-15] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2022-07-01] (Mega Limited -> )
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2022-01-15] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2022-07-01] (Mega Limited -> )
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Windows\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_1efab149a3626196\OptaneShellExt.dll [2021-02-25] (Intel(R) Rapid Storage Technology -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2021-12-14] (IObit CO., LTD -> IObit)
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2021-12-14] (IObit CO., LTD -> IObit)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2022-07-01] (Mega Limited -> )
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_246e95e4066041ad\nvshext.dll [2022-06-24] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2021-12-14] (IObit CO., LTD -> IObit)
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2021-12-14] (IObit CO., LTD -> IObit)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2022-04-04] (VS Revo Group Ltd. -> VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2022-07-01 14:45 - 2019-08-05 13:26 - 000025088 _____ () [File not signed] C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\BSL430.dll
2022-07-01 14:45 - 2019-08-05 13:26 - 000225792 _____ () [File not signed] C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\GvFireware.dll
2022-07-01 14:45 - 2022-04-01 15:48 - 000045056 _____ () [File not signed] C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\GvIntelI2C.dll
2022-07-01 14:45 - 2021-05-04 11:39 - 000185344 _____ () [File not signed] C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\ITEDriver.dll
2022-06-23 12:45 - 2022-06-23 12:45 - 001868288 _____ () [File not signed] C:\Program Files (x86)\GIGABYTE\AppCenter\BDR_info.dll
2022-05-13 20:11 - 2022-03-04 05:23 - 126965248 _____ () [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libcef.dll
2022-03-05 09:40 - 2021-11-17 14:38 - 000384000 _____ () [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libegl.dll
2022-03-05 09:40 - 2021-11-17 14:38 - 008006656 _____ () [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libglesv2.dll
2022-07-23 14:24 - 1831-01-23 03:50 - 005563392 _____ (ActVer©®™) [File not signed] C:\Program Files (x86)\IObit\IObit Uninstaller\version.dll
2022-07-01 14:45 - 2021-08-24 10:16 - 001975296 _____ (GIGA-BYTE TECHNOLOGY CO., LTD.) [File not signed] C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\GbtCpuLib.dll
2022-07-01 14:45 - 2021-05-25 23:45 - 000205824 _____ (GIGA-BYTE TECHNOLOGY CO., LTD.) [File not signed] C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\yccV3.dll
2021-11-05 17:07 - 2021-11-05 17:07 - 000236544 _____ (GIGA-BYTE TECHNOLOGY CO., LTD.) [File not signed] C:\Program Files (x86)\GIGABYTE\AppCenter\yccV3.dll
2021-11-05 17:07 - 2021-11-05 17:07 - 000236544 _____ (GIGA-BYTE TECHNOLOGY CO., LTD.) [File not signed] C:\Program Files (x86)\Gigabyte\EasyTuneEngineService\yccV3.dll
2022-07-01 14:45 - 2021-12-22 15:15 - 000732672 _____ (GIGABYTE Technology Co.,Ltd.) [File not signed] C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\GvComW.dll
2022-07-01 14:45 - 2019-08-05 13:26 - 000013312 _____ (GIGABYTE Technology Co.,Ltd.) [File not signed] C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\GvCrypt.dll
2022-07-01 14:45 - 2022-06-23 10:13 - 000524800 _____ (GIGABYTE Technology Co.,Ltd.) [File not signed] C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\GVDisplay.dll
2022-07-01 14:45 - 2020-11-05 14:16 - 000268800 _____ (GIGABYTE Technology Co.,Ltd.) [File not signed] C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\GvIllumLib.dll
2022-07-01 14:45 - 2019-08-05 13:26 - 000218112 _____ (GIGABYTE Technology Co.,Ltd.) [File not signed] C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\GvOrderLib.dll
2022-03-14 22:59 - 2022-03-14 22:59 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
2022-03-14 22:59 - 2022-03-14 22:59 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL
2021-12-21 04:38 - 2021-12-21 04:38 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2021-12-21 04:38 - 2021-12-21 04:38 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll
2020-05-30 16:04 - 2020-05-30 16:04 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\QuickCPU\x64\SQLite.Interop.dll
2022-05-13 20:11 - 2022-03-04 05:23 - 000983552 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\chrome_elf.dll
2022-07-01 14:45 - 2019-08-27 13:22 - 000224256 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\GvAutoUpdate.dll
2015-10-14 01:15 - 2015-10-14 01:15 - 002042368 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\GIGABYTE\AppCenter\osvi.dll
2021-06-22 15:45 - 2021-06-22 15:45 - 009127424 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\GbtNvGpuLib.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2020-01-31] (IObit Information Technology -> IObit)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Razer Chroma SDK\bin;C:\Program Files\Razer Chroma SDK\bin;C:\Program Files (x86)\Razer\ChromaBroadcast\bin;C:\Program Files\Razer\ChromaBroadcast\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files\Crucial\Crucial Storage Executive;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Git\cmd
HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Unknown\Downloads\thumb-1920-1047154.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )

Network Binding:
=============
Ethernet 2: NordVPN LightWeight Firewall -> NordLwf (enabled)
Ethernet 2: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Ethernet: NordVPN LightWeight Firewall -> NordLwf (enabled)
Ethernet: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "AdsPower.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "vksts"
HKLM\...\StartupApproved\Run: => "TrayApplication"
HKLM\...\StartupApproved\Run: => "HarmonyUserStartup"
HKLM\...\StartupApproved\Run: => "CsrHCRPServer"
HKLM\...\StartupApproved\Run: => "CsrAudioguiCtrl"
HKLM\...\StartupApproved\Run: => "CsrSyncMLServer"
HKLM\...\StartupApproved\Run: => "CSRHarmonySkypePlugin"
HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller"
HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\...\StartupApproved\Run: => "OneDriveSetup"
HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\...\StartupApproved\Run: => "qBittorrent"
HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\...\StartupApproved\Run: => "Gyazo"
HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-3635629567-1418942999-3944559301-1002\...\StartupApproved\Run: => "NordVPN"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

15-07-2022 09:36:56 Windows Modules Installer
15-07-2022 09:38:12 Windows Modules Installer
23-07-2022 15:51:44 Scheduled Checkpoint
23-07-2022 16:53:03 Revo Uninstaller Pro's restore point - Malwarebytes version 4.5.11.202

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (07/23/2022 04:53:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Internet Connection Sharing (ICS) since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (07/23/2022 04:53:03 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {f73ff785-eb2a-4086-89f5-58b079a6717c}

Error: (07/23/2022 03:01:15 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (07/23/2022 03:01:15 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (07/23/2022 03:01:15 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (07/23/2022 03:01:15 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (07/23/2022 02:40:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.19041.1806, time stamp: 0xa02987c8
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000000000dab0fd8
Faulting process id: 0x1c1c
Faulting application start time: 0x01d89e881c36b90b
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: unknown
Report Id: ddcac4fa-50b9-4d08-860d-a3de83d769d8
Faulting package full name:
Faulting package-relative application ID:

Error: (07/23/2022 02:40:14 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Explorer.EXE
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address

 

[MrPandaBear]

000000000DAB0FD8


System errors:
=============
Error: (07/23/2022 06:49:41 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/23/2022 03:40:57 PM) (Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv) (EventID: 10) (User: NT AUTHORITY)
Description: A TCG Command has returned an error.
Desc: AuthenticateSession
Param1: 0x1
Param2: 0x60000001c
Param3: 0x900000006
Param4: 0x0
Status: 0x12

Error: (07/23/2022 03:34:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Disc Soft Lite Bus Service service terminated unexpectedly. It has done this 2 time(s).

Error: (07/23/2022 03:34:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.

Error: (07/23/2022 03:34:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Gservice service terminated unexpectedly. It has done this 1 time(s).

Error: (07/23/2022 03:34:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/23/2022 03:34:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 3 time(s).

Error: (07/23/2022 03:34:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Realtek Audio Universal Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.


Windows Defender:
================
Date: 2022-07-07 09:41:34
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-07-06 10:18:45
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-07-05 10:30:24
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-07-04 10:46:49
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-07-03 10:15:24
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
CodeIntegrity:
===============
Date: 2022-07-23 15:32:41
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. F15 11/13/2021
Motherboard: Gigabyte Technology Co., Ltd. Z370P D3-CF
Processor: Intel(R) Core(TM) i5-8400 CPU @ 2.80GHz
Percentage of memory in use: 26%
Total physical RAM: 32694.3 MB
Available physical RAM: 24149.39 MB
Total Virtual: 37558.3 MB
Available Virtual: 26655.93 MB

==================== Drives ================================

Drive b: (New Volume) (Fixed) (Total:931.51 GB) (Free:67.75 GB) (Model: ST1000DM010-2EP102) NTFS
Drive c: () (Fixed) (Total:255.56 GB) (Free:74.88 GB) (Model: Crucial_CT275MX300SSD1) NTFS

\\?\Volume{7fba0e57-fe27-4886-beaf-75ab9901aa88}\ () (Fixed) (Total:0.5 GB) (Free:0.06 GB) NTFS
\\?\Volume{390f0bf9-ebf6-4818-889a-30c6105c0689}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 256.2 GB) (Disk ID: C0396CFD)

Partition: GPT.

==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: A96E7EC1)

Partition: GPT.

==================== End of Addition.txt =======================

 

[MrPandaBear]

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

• Double click to run it.
• Press Scan button.
• Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

Done!.

 

[Broni]

Those look good

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

• Internet Services
• Windows Firewall
• System Restore
• Security Center
• Windows Update
• Windows Defender
• Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

 

[MrPandaBear]

Those look good

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

• Internet Services
• Windows Firewall
• System Restore
• Security Center
• Windows Update
• Windows Defender
• Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

Farbar Service Scanner Version: 21-07-2022
Ran by Unknown (administrator) on 23-07-2022 at 20:11:10
Running from "C:\Users\Unknown\Downloads"
Windows 10 Pro (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============


Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============


Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" registry key does not exist.


System Restore:
============


System Restore Policy:
========================


Windows Security:
============


Windows Update:
============


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK (ImagePath="C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe").


Windows Defender Disabled Policy:
==========================


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Parameters\FirewallPolicy\FirewallRules" registry key. The key does not exist.



File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\Drivers\netbt.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\SecurityHealthService.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Windows\System32\usosvc.dll => File is digitally signed
C:\Windows\System32\WaaSMedicSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

[MrPandaBear]

Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

 

[MrPandaBear]

Those look good

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

• Internet Services
• Windows Firewall
• System Restore
• Security Center
• Windows Update
• Windows Defender
• Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

Sophos Scan & Clean
www.sophos.com

   Computer name . . . . : RAZ
   Windows . . . . . . . : 10.0.0.19044.X64/6
   User name . . . . . . : RAZ\Unknown
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2022-07-23 20:29:59
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 1m 13s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 2

   Objects scanned . . . : 2,428,215
   Files scanned . . . . : 73,740
   Remnants scanned  . . : 832,248 files / 1,522,227 keys

Suspicious files ____________________________________________________________

   C:\Users\Unknown\Downloads\SecurityCheck.exe
      Size . . . . . . . : 852,798 bytes
      Age  . . . . . . . : 0.0 days (2022-07-23 20:00:44)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : CFBC237E844408E5CE742A68E49A90BB3F0EE8F16AB531C399FC71AFE7126927
      Parent Name  . . . : C:\Windows\explorer.exe
      Running processes  : 17940
      Fuzzy  . . . . . . : 22.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Program is running but currently exposes no human-computer interface (GUI).
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
         The file is in use by one or more active processes.

I believe this should all of the stuff you requested.

 

[MrPandaBear]

Those look good

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

• Internet Services
• Windows Firewall
• System Restore
• Security Center
• Windows Update
• Windows Defender
• Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

DONE! : )

 

[Broni]

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
[COLOR=#ff0000][B]This is a very crucial step so make sure you don't skip it.[/B][/COLOR]
Download [IMG]http://www.imgdumper.nl/uploads6/51a5ce45267c1/51a5ce45263de-delfix.pngDelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

• Activate UAC (optional; some users prefer to keep it off)
• Remove disinfection tools
• Create registry backup
• Purge System Restore
• Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC) and AdwCleaner weekly (you need to redownload these tools since they were removed by DelFix).

7. (optional) If you want to keep all your programs up to date, download and install FileHippo App Manager.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

9. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

10. Please, let me know, how your computer is doing.

 

[MrPandaBear]

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download http://www.imgdumper.nl/uploads6/51a5ce45267c1/51a5ce45263de-delfix.pngDelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

• Activate UAC (optional; some users prefer to keep it off)
• Remove disinfection tools
• Create registry backup
• Purge System Restore
• Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC) and AdwCleaner weekly (you need to redownload these tools since they were removed by DelFix).

7. (optional) If you want to keep all your programs up to date, download and install FileHippo App Manager.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

9. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

10. Please, let me know, how your computer is doing.

Aight thanks it was clean ISH but I removed some stuff my self with fixlist it wasn't that hard to figure out
Thanks again : )

 

[Broni]

Good luck