Solved Unknown process taking up RAM

[Turkeychopio]

Hello, I recently removed (I believe) a Trojan called ocammy.c38 off my PC via factory resetting (keeping files) and scanning with windows defender.
I'm 99% sure it was allowing someone to control my PC as I woke up at 5am (I don't turn pc off usually) and heard noises similar to using the remote on a Roku and then windows security popup noises. My memory was at 99% and when I restated PC it wouldn't let me sign in and after another restart it had a fake desktop thing.

Although it looks like I'm back to normal now I'm still in a state I was before where my memory is higher than normal at 52% with just browser open (16GB RAM installed on PC).

Would anyone be able to look at my FRST or process explorer to try determine 1) if I still have the Trojan, 2) What is actually using up my memory.
I've attached FRST scan logs as well as images about my memory

 

[Turkeychopio]

If it helps this thread https://www.techspot.com/community/topics/trojan-occamy.253749/ had the same trojan although mine seemed to be removed with windows defender

 

[Broni]

Please observe forum rules. FRST logs have to be pasted not attached.

As for your RAM usage, there is no reason to worry. That's how recent Windows versions work. It'll take as much memory as it can, just to have it ready for any new process, program open.

 

[Turkeychopio]

Ah my bad. I'll paste fresh FRST logs

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-11-2022
Ran by Connor (administrator) on CONNOR-DESKTOP (Micro-Star International Co., Ltd. MS-7C75) (17-11-2022 18:26:01)
Running from F:\Downloads
Loaded Profiles: Connor
Platform: Microsoft Windows 10 Home Version 22H2 19045.2251 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Blizzard Entertainment, Inc. -> Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.exe <3>
(Blizzard Entertainment, Inc. -> Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.8067\Agent.exe
(C:\Program Files\LGHUB\lghub.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_agent.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MpCopyAccelerator.exe
(Discord Inc. -> Discord Inc.) C:\Users\Connor\AppData\Local\Discord\app-1.0.9007\Discord.exe <6>
(explorer.exe ->) (BUREL VINCENT -> VB-AUDIO Software) C:\Program Files (x86)\VB\Voicemeeter\voicemeeter.exe
(explorer.exe ->) (Oracle America, Inc. -> Oracle Corporation) C:\Program Files\Java\jdk-19\bin\javaw.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <20>
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub.exe <3>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\IESettingSync.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe <2>
(Nota, Inc. -> Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Windows\SysWOW64\XtuService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\NisSrv.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_009debfbd2e1619b\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_3dd75df32535321a\RtkAudUService64.exe <2>
(sihost.exe ->) (File-New-Project) C:\Program Files\WindowsApps\40459File-New-Project.EarTrumpet_2.2.1.0_x86__1sdd7yawvg6ne\EarTrumpet\EarTrumpet.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\Connor\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileCoAuth.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(The qBittorrent Project) [File not signed] F:\Programs\qBittorrent\qbittorrent.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_3dd75df32535321a\RtkAudUService64.exe [1361000 2021-09-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKU\S-1-5-21-4236781876-3171122071-1440949848-1001\...\Run: [MicrosoftEdgeAutoLaunch_13A61B3481C91B58676BDDFAAC1D15E5] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3892128 2022-11-10] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-4236781876-3171122071-1440949848-1001\...\Run: [GoogleChromeAutoLaunch_CCDB8FD1E8F45E73D3BAD8AE404EACB5] => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 [3217176 2022-11-08] (Google LLC -> Google LLC)
HKU\S-1-5-21-4236781876-3171122071-1440949848-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [941416 2022-10-11] (Nota, Inc. -> Nota Inc.)
HKU\S-1-5-21-4236781876-3171122071-1440949848-1001\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net.exe [1090168 2022-11-17] (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
HKU\S-1-5-21-4236781876-3171122071-1440949848-1001\...\Run: [Overwolf] => F:\Programs\overwolf\OverwolfLauncher.exe [1802584 2022-11-06] (Overwolf Ltd -> Overwolf Ltd.)
HKU\S-1-5-21-4236781876-3171122071-1440949848-1001\...\Run: [Discord] => C:\Users\Connor\AppData\Local\Discord\Update.exe [1525016 2022-10-21] (Discord Inc. -> GitHub)
HKU\S-1-5-21-4236781876-3171122071-1440949848-1001\...\Run: [EpicGamesLauncher] => F:\Programs\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32696784 2022-11-17] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-4236781876-3171122071-1440949848-1001\...\Run: [LGHUB] => C:\Program Files\LGHUB\lghub.exe [152025856 2022-11-17] (Logitech Inc -> Logitech, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\107.0.5304.107\Installer\chrmstp.exe [2022-11-17] (Google LLC -> Google LLC)
Startup: C:\Users\Connor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Voicemeeter (VB-Audio).LNK [2022-11-17]
ShortcutTarget: Voicemeeter (VB-Audio).LNK -> C:\Program Files (x86)\VB\Voicemeeter\voicemeeter.exe (BUREL VINCENT -> VB-AUDIO Software)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04308604-1542-4FDE-82F2-A3686F7DE338} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649784 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {06611F0C-27B4-4DE6-8894-5F4041FA797A} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [11254608 2022-10-11] (Nota, Inc. -> Nota Inc.)
Task: {0BE6AD6D-EC2C-4D99-B8D1-BA6191BA5BC0} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Connor\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe SCHED (No File)
Task: {10202BAC-4C76-4510-B610-7E980FD4B02E} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655864 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {1AF5A1C4-1DCA-4C05-BD49-DF5B50DC0ADB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2210.6-0\MpCmdRun.exe [1567360 2022-11-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {25C0CA35-E362-4E4C-8905-68DC1DD3339C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908856 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {25F93503-270D-4BB3-B62A-F018F0CB397C} - System32\Tasks\GoogleUpdateTaskMachineUA{68860A9B-AE12-4094-9793-4B40135A2D3C} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-11-17] (Google LLC -> Google LLC)
Task: {46F937AC-000C-4535-A18B-B0D54064836F} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2576728 2022-11-06] (Overwolf Ltd -> Overwolf LTD)
Task: {4A5066A4-18F2-47D6-986D-FB032EDEAFD4} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [11254608 2022-10-11] (Nota, Inc. -> Nota Inc.)
Task: {71C0EFE2-1490-443C-A5FA-A009B23B624F} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655864 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {83CEEC82-1C39-47B2-ABF7-22F09D89A487} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908856 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {8B48F5CA-BACD-4941-A867-18B8CB53BE6A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2210.6-0\MpCmdRun.exe [1567360 2022-11-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8CC5743B-95DD-4C85-86CB-0AD284151F6C} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655864 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {974DADEE-189B-45F3-9E16-153B7D550E52} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2210.6-0\MpCmdRun.exe [1567360 2022-11-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B2B784AA-C8E3-4D58-96D6-17F6602789B3} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Connor\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe LOGON (No File)
Task: {B9B203D0-C997-4A0D-BE81-773EB3915778} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-08-30] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {CF5ED2E9-8B4B-422A-A36A-F1CDD206BA6E} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655864 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {DB57950A-128E-4533-8FFB-6EBDEDE48D08} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342376 2022-10-17] (Nvidia Corporation -> NVIDIA Corporation)
Task: {E7DB0A67-6AB5-4CAE-9423-646292AAEE1A} - System32\Tasks\GoogleUpdateTaskMachineCore{D2683807-6959-4670-8F6B-F5CC01B2EAFF} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-11-17] (Google LLC -> Google LLC)
Task: {F1314886-A210-4028-A67F-93FCB647CB37} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2210.6-0\MpCmdRun.exe [1567360 2022-11-17] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

[Turkeychopio]

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{62d190d1-1c0a-4841-8d78-2b1c1d295cc3}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge Profile: C:\Users\Connor\AppData\Local\Microsoft\Edge\User Data\Default [2022-11-17]

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.351.2 -> C:\Program Files\Java\jre1.8.0_351\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=11.351.2 -> C:\Program Files\Java\jre1.8.0_351\bin\plugin2\npjp2.dll [No File]
FF Plugin: @videolan.org/vlc,version=3.0.17.4 -> F:\Programs\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN)

Chrome:
=======
CHR Profile: C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default [2022-11-17]
CHR Notifications: Default -> hxxps://www.youtube.com
CHR Extension: (Gumbo: Twitch Companion) - C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aalmjfpohaedoddkobnibokclgeefamn [2022-11-17]
CHR Extension: (Disable keyboard shortcuts) - C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aidbmcboeighgdnilpdljbedbbiocphj [2022-11-17]
CHR Extension: (BetterTTV) - C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2022-11-17]
CHR Extension: (7TV) - C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ammjkodgmmoknidbanneddgankgfejfh [2022-11-17]
CHR Extension: (PayPal Honey: Automatic Coupons & Cash Back) - C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2022-11-17]
CHR Extension: (Reddit Link Opener) - C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpjdjkonibhggbbjchphchlbonaijjme [2022-11-17]
CHR Extension: (Melvor Idle Combat Simulator Reloaded) - C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgggfndkphggbgeimpplooflemnfndok [2022-11-17]
CHR Extension: (uBlock Origin) - C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2022-11-17]
CHR Extension: (Tampermonkey) - C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2022-11-17]
CHR Extension: (Old Reddit Redirect) - C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dneaehbmnbhcippjikoajpoabadpodje [2022-11-17]
CHR Extension: (Minimal Scrollbar) - C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekopmclclddpoipchmcbhifohhbmjafd [2022-11-17]
CHR Extension: (FrankerFaceZ) - C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadndhdgpmmaapbmfcknlfgcflmmmieb [2022-11-17]
CHR Extension: (Free VPN ZenMate-Best VPN for Chrome) - C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2022-11-17]
CHR Extension: (Stylish - Custom themes for any website) - C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2022-11-17]
CHR Extension: (GetThetPic!) - C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkdmnfbeaepmildaolaoicjbfkghpcco [2022-11-17]
CHR Extension: (Google Docs Offline) - C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-11-17]
CHR Extension: (Volume Master) - C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghecgabfgfdldnmbfkhmffcabddioke [2022-11-17]
CHR Extension: (Redirect Shorts) - C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Extensions\lncinpfgcgmphkebnbfpogkgiaadphpi [2022-11-17]
CHR Extension: (Morpheon Dark) - C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2022-11-17]
CHR Extension: (Scripting Engine for Melvor Idle) - C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnjfmmpkdmgfpabgbeoclagnclmpmjgm [2022-11-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-11-17]
CHR Extension: (Bookmarks clean up) - C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Extensions\oncbjlgldmiagjophlhobkogeladjijl [2022-11-17]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dcsvc; C:\WINDOWS\system32\dcsvc.dll [785408 2022-11-17] (Microsoft Windows -> Microsoft Corporation)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2022-07-11] (Epic Games Inc. -> Epic Games, Inc.)
R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [10097408 2022-11-17] (Logitech Inc -> Logitech, Inc.)
S3 OverwolfUpdater; C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2576728 2022-11-06] (Overwolf Ltd -> Overwolf LTD)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2210.6-0\NisSrv.exe [3191272 2022-11-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2210.6-0\MsMpEng.exe [133544 2022-11-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_009debfbd2e1619b\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_009debfbd2e1619b\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AmdTools64; C:\WINDOWS\System32\drivers\AmdTools64.sys [63392 2020-06-16] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [47032 2022-09-21] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
S3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [22968 2022-09-21] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [40976 2022-11-17] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 LGJoyHidFilter; C:\WINDOWS\system32\drivers\LGJoyHidFilter.sys [57368 2018-10-05] (Logitech Inc -> Logitech Inc.)
S3 LGJoyHidLo; C:\WINDOWS\system32\drivers\LGJoyHidLo.sys [47256 2018-10-05] (Logitech Inc -> Logitech Inc.)
S3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2018-10-05] (Logitech Inc -> Logitech Inc.)
S3 LGSHidFilt; C:\WINDOWS\System32\drivers\LGSHidFilt.Sys [64280 2018-10-05] (Logitech -> Logitech Inc.)
S3 LGSUsbFilt; C:\WINDOWS\System32\drivers\LGSUsbFilt.Sys [41752 2018-10-05] (Logitech -> Logitech Inc.)
S3 logi_generic_hid_filter; C:\WINDOWS\system32\drivers\logi_generic_hid_filter.sys [51544 2022-04-16] (WDKTestCert builder,132743893872553407 -> Logitech)
R3 logi_joy_bus_enum; C:\WINDOWS\system32\drivers\logi_joy_bus_enum.sys [44880 2022-11-17] (Logitech Inc -> Logitech)
S3 logi_joy_hid_filter; C:\WINDOWS\system32\drivers\logi_joy_hid_filter.sys [53640 2022-04-16] (WDKTestCert builder,132743893872553407 -> Logitech)
S3 logi_joy_hid_lo; C:\WINDOWS\system32\drivers\logi_joy_hid_lo.sys [41280 2022-04-16] (WDKTestCert builder,132743893872553407 -> Logitech)
R3 logi_joy_vir_hid; C:\WINDOWS\system32\drivers\logi_joy_vir_hid.sys [32080 2022-11-17] (Logitech Inc -> Logitech)
R3 logi_joy_xlcore; C:\WINDOWS\system32\drivers\logi_joy_xlcore.sys [73040 2022-11-17] (Logitech Inc -> Logitech)
R3 MpKslcd629a47; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1B0E149C-7088-48B6-B123-E9A6C0A919D6}\MpKslDrv.sys [214280 2022-11-17] (Microsoft Windows -> Microsoft Corporation)
R3 NvModuleTracker; C:\WINDOWS\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2022-07-13] (Nvidia Corporation -> NVIDIA Corporation)
S3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [65144 2021-10-08] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated)
R1 steamxbox; C:\WINDOWS\System32\drivers\steamxbox.sys [232792 2021-09-05] (Valve Corp. -> Valve Corporation)
R3 VBAudioVMVAIOMME; C:\WINDOWS\System32\drivers\vbaudio_vmvaio64_win10.sys [71712 2020-02-11] (Vincent Burel -> Windows (R) Win 7 DDK provider)
S3 VBoxUSB; C:\WINDOWS\System32\Drivers\VBoxUSB.sys [174536 2020-10-16] (Oracle Corporation -> Oracle Corporation)
R1 ViGEmBus; C:\WINDOWS\System32\drivers\ViGEmBus.sys [165744 2021-08-23] (Microsoft Windows Hardware Compatibility Publisher -> Nefarius Software Solutions e.U.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49616 2022-11-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [469288 2022-11-17] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [95520 2022-11-17] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: DcSvc -> C:\Windows\system32\dcsvc.dll (Microsoft Corporation)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-11-17 18:08 - 2022-11-17 18:09 - 000000000 ____D C:\Users\Connor\AppData\Roaming\vlc
2022-11-17 18:07 - 2022-11-17 18:07 - 000006611 _____ C:\Users\Connor\Desktop\config.txt
2022-11-17 18:02 - 2022-11-17 18:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2022-11-17 18:02 - 2022-11-17 18:02 - 000000000 ____D C:\Program Files\Java
2022-11-17 18:02 - 2022-11-17 18:02 - 000000000 ____D C:\Program Files\Common Files\Oracle
2022-11-17 14:40 - 2022-11-17 14:40 - 000000000 ____D C:\Users\Connor\AppData\Local\CrashDumps
2022-11-17 14:35 - 2022-11-17 14:35 - 000000000 ____D C:\WINDOWS\LastGood
2022-11-17 14:33 - 2022-11-15 05:53 - 002236992 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2022-11-17 14:33 - 2022-11-15 05:53 - 002236992 _____ C:\WINDOWS\system32\vulkaninfo.exe
2022-11-17 14:33 - 2022-11-15 05:53 - 001642560 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2022-11-17 14:33 - 2022-11-15 05:53 - 001642560 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2022-11-17 14:33 - 2022-11-15 05:53 - 001487872 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2022-11-17 14:33 - 2022-11-15 05:53 - 001444408 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2022-11-17 14:33 - 2022-11-15 05:53 - 001444408 _____ C:\WINDOWS\system32\vulkan-1.dll
2022-11-17 14:33 - 2022-11-15 05:53 - 001226736 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2022-11-17 14:33 - 2022-11-15 05:53 - 001168960 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2022-11-17 14:33 - 2022-11-15 05:53 - 001168960 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2022-11-17 14:33 - 2022-11-15 05:49 - 001532424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2022-11-17 14:33 - 2022-11-15 05:49 - 001191936 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2022-11-17 14:33 - 2022-11-15 05:49 - 000851480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2022-11-17 14:33 - 2022-11-15 05:49 - 000671792 _____ C:\WINDOWS\system32\nvofapi64.dll
2022-11-17 14:33 - 2022-11-15 05:49 - 000507432 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2022-11-17 14:33 - 2022-11-15 05:48 - 002162688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2022-11-17 14:33 - 2022-11-15 05:48 - 001618936 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2022-11-17 14:33 - 2022-11-15 05:48 - 000950280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2022-11-17 14:33 - 2022-11-15 05:48 - 000738312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2022-11-17 14:33 - 2022-11-15 05:47 - 012453896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2022-11-17 14:33 - 2022-11-15 05:47 - 010220552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2022-11-17 14:33 - 2022-11-15 05:47 - 005891080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2022-11-17 14:33 - 2022-11-15 05:47 - 005857280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcudadebugger.dll
2022-11-17 14:33 - 2022-11-15 05:47 - 005817336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2022-11-17 14:33 - 2022-11-15 05:47 - 003334664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2022-11-17 14:33 - 2022-11-15 05:47 - 000458240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2022-11-17 14:33 - 2022-11-15 05:46 - 000853016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2022-11-17 14:33 - 2022-11-13 12:23 - 000100633 _____ C:\WINDOWS\system32\nvinfo.pb
2022-11-17 13:06 - 2022-11-17 13:06 - 000000000 ____D C:\Users\Connor\AppData\Local\OneDrive
2022-11-17 13:03 - 2022-11-17 13:03 - 000000651 _____ C:\Users\Public\Desktop\VLC media player.lnk
2022-11-17 13:03 - 2022-11-17 13:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2022-11-17 12:53 - 2022-11-17 18:09 - 000008102 _____ C:\Users\Connor\AppData\Roaming\VoiceMeeterDefault.xml
2022-11-17 12:53 - 2022-11-17 12:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VB Audio
2022-11-17 12:53 - 2022-11-17 12:53 - 000000000 ____D C:\Program Files\VB
2022-11-17 12:53 - 2022-11-17 12:53 - 000000000 ____D C:\Program Files (x86)\VB
2022-11-17 12:43 - 2022-11-17 18:25 - 000000000 ____D C:\Users\Connor\AppData\Roaming\qBittorrent
2022-11-17 12:43 - 2022-11-17 12:43 - 000000000 ____D C:\Users\Connor\AppData\Local\qBittorrent
2022-11-17 12:43 - 2022-11-17 12:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2022-11-17 12:41 - 2022-11-17 12:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TradeSkillMaster Application
2022-11-17 12:38 - 2022-11-17 12:38 - 000000711 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2022-11-17 12:36 - 2022-11-17 12:40 - 000000000 ____D C:\Users\Connor\AppData\Local\paint.net
2022-11-17 12:30 - 2022-11-17 16:28 - 000000000 ____D C:\Users\Connor\AppData\Local\LGHUB
2022-11-17 12:30 - 2022-11-17 14:49 - 000000000 ____D C:\Users\Connor\AppData\Roaming\LGHUB
2022-11-17 12:30 - 2022-11-17 12:30 - 000073040 _____ (Logitech) C:\WINDOWS\system32\Drivers\logi_joy_xlcore.sys
2022-11-17 12:30 - 2022-11-17 12:30 - 000044880 _____ (Logitech) C:\WINDOWS\system32\Drivers\logi_joy_bus_enum.sys
2022-11-17 12:30 - 2022-11-17 12:30 - 000032080 _____ (Logitech) C:\WINDOWS\system32\Drivers\logi_joy_vir_hid.sys
2022-11-17 12:30 - 2022-11-17 12:30 - 000000726 _____ C:\Users\Public\Desktop\Logitech G HUB.lnk
2022-11-17 12:30 - 2022-11-17 12:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2022-11-17 12:30 - 2022-11-17 12:30 - 000000000 ____D C:\ProgramData\Logishrd
2022-11-17 12:30 - 2022-11-17 12:30 - 000000000 ____D C:\Program Files\Logitech
2022-11-17 12:30 - 2022-11-17 12:30 - 000000000 ____D C:\Program Files\LGHUB
2022-11-17 12:29 - 2022-11-17 12:30 - 000000000 ____D C:\ProgramData\LGHUB
2022-11-17 12:26 - 2022-11-17 18:26 - 000004168 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{B351F856-19E0-42EA-91F4-8477E2E89B0E}
2022-11-17 12:24 - 2022-11-17 12:24 - 000000000 ___HD C:\OneDriveTemp
2022-11-17 12:23 - 2022-11-17 12:23 - 000000031 _____ C:\Users\Connor\Desktop\to download.txt
2022-11-17 12:15 - 2022-11-17 18:02 - 000072856 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2022-11-17 12:15 - 2022-11-17 12:15 - 000000000 ____D C:\Users\Connor\AppData\Roaming\Sun
2022-11-17 12:10 - 2022-11-17 12:10 - 000000000 _____ C:\Users\Connor\for
2022-11-17 12:05 - 2022-11-17 12:05 - 033087500 _____ C:\Users\Connor\Desktop\JMusicBot-0.3.8.jar
2022-11-17 09:56 - 2022-11-17 09:56 - 000000000 ____D C:\Users\Connor\AppData\Roaming\Gyazo
2022-11-17 09:54 - 2022-11-17 09:54 - 000000304 _____ C:\WINDOWS\system32\.crusader
2022-11-17 09:53 - 2022-11-17 12:23 - 000040976 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2022-11-17 09:44 - 2022-11-17 09:44 - 000000562 _____ C:\TDSSKiller.3.1.0.28_17.11.2022_09.44.14_log.txt
2022-11-17 09:42 - 2022-11-17 09:42 - 000003860 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2022-11-17 09:42 - 2022-11-17 09:42 - 000003418 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2022-11-17 09:40 - 2022-11-17 09:41 - 000317110 _____ C:\TDSSKiller.3.1.0.28_17.11.2022_09.40.26_log.txt
2022-11-17 09:32 - 2022-11-17 09:32 - 000001383 _____ C:\Users\Connor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2022-11-17 09:27 - 2022-11-17 09:29 - 000000000 ____D C:\ProgramData\Sophos
2022-11-17 09:18 - 2022-11-17 18:26 - 000000000 ____D C:\FRST
2022-11-17 09:11 - 2022-11-17 09:11 - 000000000 ____D C:\Users\Connor\AppData\Local\UnrealEngineLauncher
2022-11-17 09:11 - 2022-11-17 09:11 - 000000000 ____D C:\Users\Connor\AppData\Local\UnrealEngine
2022-11-17 09:11 - 2022-11-17 09:11 - 000000000 ____D C:\Users\Connor\AppData\Local\EpicGamesLauncher
2022-11-17 09:11 - 2022-11-17 09:11 - 000000000 ____D C:\Users\Connor\AppData\Local\Epic Games
2022-11-17 09:11 - 2022-11-17 09:11 - 000000000 ____D C:\Program Files (x86)\Epic Games
2022-11-17 09:10 - 2022-11-17 09:13 - 000000000 ____D C:\ProgramData\Epic
2022-11-17 09:10 - 2022-11-17 09:10 - 000000897 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2022-11-17 09:03 - 2022-11-17 09:03 - 000000727 _____ C:\Users\Public\Desktop\Easy Smart Configuration Utility.lnk
2022-11-17 09:03 - 2022-11-17 09:03 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2022-11-17 09:03 - 2022-11-17 09:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TPLINK
2022-11-17 09:01 - 2022-11-17 09:01 - 000000000 ____D C:\Users\Connor\AppData\Roaming\WinRAR
2022-11-17 09:01 - 2022-11-17 09:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2022-11-17 09:00 - 2022-11-17 09:01 - 000000000 ____D C:\Program Files\WinRAR
2022-11-17 08:55 - 2022-11-17 18:27 - 000000000 ____D C:\Users\Connor\AppData\Roaming\discord
2022-11-17 08:55 - 2022-11-17 18:24 - 000000000 ____D C:\Users\Connor\AppData\Local\Discord
2022-11-17 08:55 - 2022-11-17 08:55 - 000004386 _____ C:\WINDOWS\system32\Tasks\Overwolf Updater Task
2022-11-17 08:55 - 2022-11-17 08:55 - 000000000 ____D C:\Users\Connor\AppData\Local\SquirrelTemp
2022-11-17 08:55 - 2022-11-17 08:55 - 000000000 ____D C:\ProgramData\Overwolf
2022-11-17 08:54 - 2022-11-17 14:51 - 000000000 ____D C:\Users\Connor\AppData\Local\Overwolf
2022-11-17 08:52 - 2022-11-17 08:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2022-11-17 08:49 - 2022-11-17 08:49 - 000000000 ____D C:\Users\Connor\AppData\Roaming\sqldeveloper
2022-11-17 08:49 - 2022-11-17 08:49 - 000000000 ____D C:\Users\Connor\AppData\Roaming\SQL Developer
2022-11-17 08:49 - 2022-11-17 08:49 - 000000000 ____D C:\Users\Connor\AppData\Roaming\java
2022-11-17 08:49 - 2022-11-17 08:49 - 000000000 ____D C:\ProgramData\Oracle
2022-11-17 08:48 - 2022-11-17 08:48 - 000000000 ____D C:\Users\Connor\AppData\Roaming\NVIDIA
2022-11-17 08:48 - 2022-11-17 08:48 - 000000000 ____D C:\Users\Connor\AppData\Local\Adobe
2022-11-17 08:44 - 2022-11-17 08:44 - 000000000 ____D C:\ProgramData\Blizzard Entertainment
2022-11-17 08:43 - 2022-11-17 18:26 - 000000000 ____D C:\Users\Connor\AppData\Local\Battle.net
2022-11-17 08:43 - 2022-11-17 08:44 - 000000000 ____D C:\Users\Connor\AppData\Roaming\Battle.net
2022-11-17 08:43 - 2022-11-17 08:44 - 000000000 ____D C:\Program Files (x86)\Battle.net
2022-11-17 08:43 - 2022-11-17 08:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2022-11-17 08:41 - 2022-11-17 08:41 - 000000000 ____D C:\Users\Connor\AppData\Local\Blizzard Entertainment
2022-11-17 08:41 - 2022-11-17 08:41 - 000000000 ____D C:\ProgramData\Battle.net
2022-11-17 08:40 - 2022-11-17 08:40 - 000000000 ____D C:\Users\Connor\AppData\Roaming\HandBrake
2022-11-17 08:40 - 2022-11-17 08:40 - 000000000 ____D C:\Users\Connor\AppData\Local\ToastNotificationManagerCompat
2022-11-17 08:27 - 2022-11-17 14:35 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2022-11-17 08:27 - 2022-11-17 12:25 - 000000000 ____D C:\Users\Connor\AppData\Local\NVIDIA Corporation
2022-11-17 08:27 - 2022-11-17 08:27 - 000004308 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-11-17 08:27 - 2022-11-17 08:27 - 000003976 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-11-17 08:27 - 2022-11-17 08:27 - 000003940 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-11-17 08:27 - 2022-11-17 08:27 - 000003894 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-11-17 08:27 - 2022-11-17 08:27 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-11-17 08:27 - 2022-11-17 08:27 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-11-17 08:27 - 2022-11-17 08:27 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-11-17 08:27 - 2022-11-17 08:27 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-11-17 08:27 - 2022-11-17 08:27 - 000003654 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-11-17 08:27 - 2022-11-17 08:27 - 000000000 ____D C:\Users\Connor\AppData\Local\CEF
2022-11-17 08:27 - 2022-11-17 08:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2022-11-17 08:27 - 2022-10-17 06:25 - 002890296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2022-11-17 08:27 - 2022-10-17 06:25 - 002224696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2022-11-17 08:27 - 2022-10-17 06:25 - 001297464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2022-11-17 08:27 - 2022-09-07 14:56 - 000086568 _____ C:\WINDOWS\system32\FvSDK_x64.dll
2022-11-17 08:27 - 2022-09-07 14:56 - 000075304 _____ C:\WINDOWS\SysWOW64\FvSDK_x86.dll
2022-11-17 08:27 - 2022-08-30 10:43 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2022-11-17 08:27 - 2022-07-23 03:17 - 000169512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2022-11-17 08:27 - 2022-07-23 03:17 - 000148520 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2022-11-17 08:26 - 2022-11-17 12:29 - 000000000 ____D C:\ProgramData\Package Cache
2022-11-17 08:26 - 2022-11-17 08:26 - 000000000 ____D C:\Program Files\dotnet
2022-11-17 08:26 - 2022-07-13 23:32 - 000060112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2022-11-17 08:25 - 2022-11-17 08:27 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2022-11-17 08:22 - 2022-11-17 12:43 - 000000000 ____D C:\Program Files (x86)\Gyazo
2022-11-17 08:22 - 2022-11-17 08:22 - 000003544 _____ C:\WINDOWS\system32\Tasks\GyazoUpdateTaskMachineDaily
2022-11-17 08:22 - 2022-11-17 08:22 - 000003408 _____ C:\WINDOWS\system32\Tasks\GyazoUpdateTaskMachine
2022-11-17 08:22 - 2022-11-17 08:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2022-11-17 08:13 - 2022-11-17 08:13 - 000000000 ____D C:\Users\Connor\AppData\Roaming\MPC-HC
2022-11-17 08:12 - 2022-11-17 08:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
2022-11-17 08:04 - 2022-11-17 18:09 - 000000000 ____D C:\Program Files (x86)\Google
2022-11-17 08:04 - 2022-11-17 08:10 - 000000000 ____D C:\Users\Connor\AppData\Local\Google
2022-11-17 08:04 - 2022-11-17 08:04 - 000003496 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{68860A9B-AE12-4094-9793-4B40135A2D3C}
2022-11-17 08:04 - 2022-11-17 08:04 - 000003372 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{D2683807-6959-4670-8F6B-F5CC01B2EAFF}
2022-11-17 08:04 - 2022-11-17 08:04 - 000002323 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-11-17 08:04 - 2022-11-17 08:04 - 000000000 ____D C:\Program Files\Google
2022-11-17 08:00 - 2022-11-17 09:27 - 000000000 ____D C:\Users\Connor\AppData\Local\Comms
2022-11-17 07:58 - 2022-11-17 17:49 - 000000000 ____D C:\Users\Connor\AppData\Local\PlaceholderTileLogoFolder
2022-11-17 07:58 - 2022-11-17 14:53 - 000000000 ____D C:\Users\Connor\AppData\Local\D3DSCache
2022-11-17 07:58 - 2022-11-17 07:58 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-4236781876-3171122071-1440949848-1001
2022-11-17 07:57 - 2022-11-17 07:58 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4236781876-3171122071-1440949848-1001
2022-11-17 07:57 - 2022-11-17 07:57 - 000000000 ____D C:\Users\Connor\AppData\Local\DBG
2022-11-17 07:57 - 2022-11-17 07:57 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2022-11-17 07:56 - 2022-11-17 14:35 - 000000000 ____D C:\Users\Connor\AppData\Local\NVIDIA
2022-11-17 07:56 - 2022-11-17 13:08 - 000000000 ____D C:\Users\Connor\AppData\Local\Packages
2022-11-17 07:56 - 2022-11-17 13:05 - 000000000 ____D C:\ProgramData\Packages
2022-11-17 07:56 - 2022-11-17 12:30 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-11-17 07:56 - 2022-11-17 12:23 - 000000000 ____D C:\Users\Connor\AppData\Local\ConnectedDevicesPlatform
2022-11-17 07:56 - 2022-11-17 12:17 - 000000000 ____D C:\Users\Connor\AppData\Local\Publishers
2022-11-17 07:56 - 2022-11-17 08:48 - 000000000 ____D C:\Users\Connor\AppData\Roaming\Adobe
2022-11-17 07:56 - 2022-11-17 07:56 - 000000020 ___SH C:\Users\Connor\ntuser.ini
2022-11-17 07:56 - 2022-11-17 07:56 - 000000000 ____D C:\Users\Connor\AppData\Local\VirtualStore
2022-11-17 07:51 - 2022-11-17 07:51 - 000074412 _____ C:\Users\Connor\Desktop\Removed Apps.html
2022-11-17 07:49 - 2022-11-17 07:49 - 000000000 ____D C:\ProgramData\Intel
2022-11-17 07:47 - 2022-11-17 12:10 - 000000000 ____D C:\Users\Connor
2022-11-17 07:47 - 2022-11-17 07:58 - 000002370 _____ C:\Users\Connor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-11-17 07:46 - 2022-11-17 14:53 - 000000000 ____D C:\ProgramData\NVIDIA
2022-11-17 07:46 - 2022-11-17 14:33 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2022-11-17 07:46 - 2022-11-17 12:34 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-11-17 07:46 - 2022-11-17 07:51 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-11-17 07:46 - 2022-11-17 07:51 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-11-17 07:46 - 2022-11-17 07:46 - 000000000 ____D C:\WINDOWS\system32\lxss
2022-11-17 07:46 - 2022-11-17 07:46 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2022-11-17 07:46 - 2022-11-17 07:46 - 000000000 ____D C:\ProgramData\Realtek
2022-11-17 07:45 - 2022-11-17 16:28 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-11-17 07:45 - 2022-11-17 12:23 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-11-17 07:45 - 2022-11-17 07:45 - 000257824 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-11-17 07:44 - 2022-11-17 07:55 - 000000000 ____D C:\WINDOWS\Panther
2022-11-17 07:43 - 2022-11-17 07:55 - 000000000 ____D C:\Windows.old
2022-11-17 07:43 - 2022-11-17 07:43 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2022-11-17 07:42 - 2022-11-17 07:42 - 000000000 ____D C:\WINDOWS\SystemTemp
2022-11-17 07:42 - 2022-11-17 07:42 - 000000000 ____D C:\ProgramData\ssh
2022-11-17 07:40 - 2022-11-17 07:40 - 004898144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2022-11-17 07:40 - 2022-11-17 07:40 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll
2022-11-17 07:40 - 2022-11-17 07:40 - 002371072 _____ C:\WINDOWS\system32\rdpnano.dll
2022-11-17 07:40 - 2022-11-17 07:40 - 002295296 _____ (Digimarc) C:\WINDOWS\system32\DMRCDecoder.dll
2022-11-17 07:40 - 2022-11-17 07:40 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-11-17 07:40 - 2022-11-17 07:40 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2022-11-17 07:40 - 2022-11-17 07:40 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2022-11-17 07:40 - 2022-11-17 07:40 - 002111488 _____ (Digimarc) C:\WINDOWS\SysWOW64\DMRCDecoder.dll
2022-11-17 07:40 - 2022-11-17 07:40 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2022-11-17 07:40 - 2022-11-17 07:40 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll
2022-11-17 07:40 - 2022-11-17 07:40 - 001354080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2022-11-17 07:40 - 2022-11-17 07:40 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2022-11-17 07:40 - 2022-11-17 07:40 - 001164288 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2022-11-17 07:40 - 2022-11-17 07:40 - 001091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2022-11-17 07:40 - 2022-11-17 07:40 - 001032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2022-11-17 07:40 - 2022-11-17 07:40 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll
2022-11-17 07:40 - 2022-11-17 07:40 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll
2022-11-17 07:40 - 2022-11-17 07:40 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll
2022-11-17 07:40 - 2022-11-17 07:40 - 000706536 _____ C:\WINDOWS\system32\TextShaping.dll
2022-11-17 07:40 - 2022-11-17 07:40 - 000688128 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2022-11-17 07:40 - 2022-11-17 07:40 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2022-11-17 07:40 - 2022-11-17 07:40 - 000611960 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2022-11-17 07:40 - 2022-11-17 07:40 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2022-11-17 07:40 - 2022-11-17 07:40 - 000530944 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-11-17 07:40 - 2022-11-17 07:40 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2022-11-17 07:40 - 2022-11-17 07:40 - 000470528 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-11-17 07:40 - 2022-11-17 07:40 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2022-11-17 07:40 - 2022-11-17 07:40 - 000413696 _____ C:\WINDOWS\system32\AzureCheck.dll
2022-11-17 07:40 - 2022-11-17 07:40 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2022-11-17 07:40 - 2022-11-17 07:40 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2022-11-17 07:40 - 2022-11-17 07:40 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2022-11-17 07:40 - 2022-11-17 07:40 - 000270848 _____ C:\WINDOWS\system32\EsclScan.dll
2022-11-17 07:40 - 2022-11-17 07:40 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2022-11-17 07:40 - 2022-11-17 07:40 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2022-11-17 07:40 - 2022-11-17 07:40 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2022-11-17 07:40 - 2022-11-17 07:40 - 000232288 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2022-11-17 07:40 - 2022-11-17 07:40 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2022-11-17 07:40 - 2022-11-17 07:40 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2022-11-17 07:40 - 2022-11-17 07:40 - 000152064 _____ C:\WINDOWS\system32\EsclProtocol.dll
2022-11-17 07:40 - 2022-11-17 07:40 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2022-11-17 07:40 - 2022-11-17 07:40 - 000098816 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2022-11-17 07:40 - 2022-11-17 07:40 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2022-11-17 07:40 - 2022-11-17 07:40 - 000073216 _____ C:\WINDOWS\system32\nettraceex.dll
2022-11-17 07:40 - 2022-11-17 07:40 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2022-11-17 07:40 - 2022-11-17 07:40 - 000061952 _____ C:\WINDOWS\system32\printticketvalidation.dll
2022-11-17 07:40 - 2022-11-17 07:40 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2022-11-17 07:40 - 2022-11-17 07:40 - 000057344 _____ C:\WINDOWS\system32\APMonUI.dll
2022-11-17 07:40 - 2022-11-17 07:40 - 000056672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2022-11-17 07:40 - 2022-11-17 07:40 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll
2022-11-17 07:40 - 2022-11-17 07:40 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2022-11-17 07:40 - 2022-11-17 07:40 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2022-11-17 07:40 - 2022-11-17 07:40 - 000047472 _____ C:\WINDOWS\SysWOW64\umpdc.dll
2022-11-17 07:40 - 2022-11-17 07:40 - 000045880 _____ C:\WINDOWS\system32\HvSocket.dll
2022-11-17 07:40 - 2022-11-17 07:40 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2022-11-17 07:40 - 2022-11-17 07:40 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mode.com
2022-11-17 07:40 - 2022-11-17 07:40 - 000029696 _____ (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2022-11-17 07:40 - 2022-11-17 07:40 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mode.com
2022-11-17 07:40 - 2022-11-17 07:40 - 000025088 _____ (The ICU Project) C:\WINDOWS\system32\icuin.dll
2022-11-17 07:40 - 2022-11-17 07:40 - 000024576 _____ C:\WINDOWS\system32\WsdProviderUtil.dll
2022-11-17 07:40 - 2022-11-17 07:40 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tree.com
2022-11-17 07:40 - 2022-11-17 07:40 - 000018944 _____ C:\WINDOWS\SysWOW64\WsdProviderUtil.dll
2022-11-17 07:40 - 2022-11-17 07:40 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tree.com
2022-11-17 07:40 - 2022-11-17 07:40 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\chcp.com
2022-11-17 07:40 - 2022-11-17 07:40 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chcp.com
2022-11-17 07:40 - 2022-11-17 07:40 - 000012253 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-11-17 07:40 - 2022-11-17 07:40 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2022-11-17 07:39 - 2022-11-17 07:39 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin
2022-11-17 07:39 - 2022-11-17 07:39 - 000640512 _____ C:\WINDOWS\system32\SettingSyncDownloadHelper.dll
2022-11-17 07:39 - 2022-11-17 07:39 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2022-11-17 07:39 - 2022-11-17 07:39 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-11-17 07:39 - 2022-11-17 07:39 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2022-11-17 07:39 - 2022-11-17 07:39 - 000272896 _____ C:\WINDOWS\system32\TpmTool.exe
2022-11-17 07:39 - 2022-11-17 07:39 - 000197632 _____ C:\WINDOWS\system32\IHDS.dll
2022-11-17 07:39 - 2022-11-17 07:39 - 000162304 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2022-11-17 07:39 - 2022-11-17 07:39 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2022-11-17 07:39 - 2022-11-17 07:39 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2022-11-17 07:39 - 2022-11-17 07:39 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2022-11-17 07:39 - 2022-11-17 07:39 - 000064552 _____ C:\WINDOWS\system32\umpdc.dll
2022-11-17 07:39 - 2022-11-17 07:39 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2022-11-17 07:39 - 2022-11-17 07:39 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2022-11-17 07:36 - 2022-11-17 07:36 - 000000000 ____D C:\Program Files\Reference Assemblies
2022-11-17 07:36 - 2022-11-17 07:36 - 000000000 ____D C:\Program Files\MSBuild
2022-11-17 07:36 - 2022-11-17 07:36 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2022-11-17 07:36 - 2022-11-17 07:36 - 000000000 ____D C:\Program Files (x86)\Razer
2022-11-17 07:36 - 2022-11-17 07:36 - 000000000 ____D C:\Program Files (x86)\MSBuild
2022-11-17 07:35 - 2022-11-17 07:35 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2022-11-11 07:38 - 2022-11-11 07:38 - 000000000 ___HD C:\$WinREAgent
2022-11-06 14:24 - 2022-07-15 16:59 - 000059368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2022-10-28 23:19 - 2022-10-28 23:19 - 000000000 ____D C:\Users\Connor\AppData\LocalLow\Connection
2022-10-27 18:21 - 2022-10-26 00:15 - 000129000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2022-10-27 18:21 - 2022-10-26 00:15 - 000041984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhdap64.dll
2022-10-27 18:13 - 2022-11-15 05:48 - 000734720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2022-10-27 18:13 - 2022-11-15 05:45 - 007643384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2022-10-27 18:13 - 2022-11-15 05:45 - 006511856 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2022-10-27 18:13 - 2022-10-26 22:24 - 000734720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\SET7D3D.tmp
2022-10-27 18:13 - 2022-10-26 22:21 - 007642784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\SET7BA8.tmp
2022-10-27 18:13 - 2022-10-26 22:21 - 006512336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\SET7D7E.tmp
2022-10-25 13:44 - 2022-11-04 14:14 - 000001394 _____ C:\Users\Connor\Desktop\Angel Beats 1st Beat.lnk
2022-10-22 15:50 - 2022-10-22 15:50 - 000000000 ____D C:\Users\Connor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UiPath Assistant Automations
2022-10-18 19:16 - 2022-10-18 19:16 - 205252935 _____ C:\Users\Connor\Desktop\Desktop 2022.10.18 - 20.16.01.02.DVR.mp4

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-11-17 18:23 - 2019-12-07 09:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-11-17 14:35 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-11-17 14:35 - 2019-12-07 09:13 - 000000000 ____D C:\WINDOWS\INF
2022-11-17 13:05 - 2019-12-07 09:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-11-17 12:36 - 2018-12-01 15:23 - 000000822 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2022-11-17 12:24 - 2018-11-14 22:25 - 000000000 ___RD C:\Users\Connor\OneDrive
2022-11-17 12:23 - 2020-12-03 05:28 - 000008192 ___SH C:\DumpStack.log.tmp
2022-11-17 12:23 - 2019-12-07 09:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-11-17 10:13 - 2022-01-19 11:39 - 000000000 ____D C:\.jagex_cache_32
2022-11-17 10:13 - 2019-05-26 12:14 - 000000000 ____D C:\Users\Connor\.android
2022-11-17 09:57 - 2019-12-07 09:14 - 000000000 ____D C:\Program Files\Windows Defender
2022-11-17 09:05 - 2018-12-09 02:10 - 000000000 ____D C:\Users\Connor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2022-11-17 09:01 - 2018-11-29 16:33 - 000000000 ____D C:\Users\Connor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2022-11-17 08:55 - 2020-11-18 18:55 - 000000000 ____D C:\Users\Connor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2022-11-17 08:55 - 2018-11-15 15:43 - 000000000 ____D C:\Users\Connor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2022-11-17 08:47 - 2019-12-07 09:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2022-11-17 08:12 - 2019-12-07 09:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2022-11-17 08:12 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-11-17 07:56 - 2019-12-07 14:46 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2022-11-17 07:56 - 2019-12-07 09:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-11-17 07:56 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\spool
2022-11-17 07:56 - 2019-12-07 09:14 - 000000000 ____D C:\ProgramData\USOPrivate
2022-11-17 07:56 - 2019-12-07 09:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-11-17 07:56 - 2018-11-14 22:24 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-11-17 07:56 - 2018-11-14 22:24 - 000000000 ___RD C:\Users\Connor\3D Objects
2022-11-17 07:55 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-11-17 07:52 - 2021-10-03 03:56 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-11-17 07:51 - 2022-10-17 11:42 - 000000000 ____D C:\Users\Connor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NOW TV
2022-11-17 07:51 - 2022-10-07 23:26 - 000000000 ____D C:\Users\Connor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Topaz Labs LLC
2022-11-17 07:51 - 2022-05-02 21:07 - 000000000 ____D C:\Users\Connor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eclipse
2022-11-17 07:51 - 2022-01-19 11:38 - 000000000 ____D C:\Users\Connor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OldSchool RuneScape
2022-11-17 07:51 - 2021-11-06 09:11 - 000000000 ____D C:\Users\Connor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Thonny
2022-11-17 07:51 - 2021-10-13 07:27 - 000000000 ____D C:\Users\Connor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2022-11-17 07:51 - 2021-10-05 18:14 - 000000000 ____D C:\Users\Connor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Geekbench 5
2022-11-17 07:51 - 2019-06-10 21:22 - 000000000 ____D C:\Users\Connor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2022-11-17 07:51 - 2019-02-26 17:43 - 000000000 ____D C:\Users\Connor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2022-11-17 07:51 - 2019-01-15 20:06 - 000000000 ____D C:\Users\Connor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VB Audio
2022-11-17 07:46 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\appcompat
2022-11-17 07:46 - 2019-12-07 09:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2022-11-17 07:44 - 2019-12-07 09:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2022-11-17 07:44 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2022-11-17 07:43 - 2019-12-07 09:14 - 000000000 __RHD C:\Users\Public\Libraries
2022-11-17 07:42 - 2019-12-07 14:48 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2022-11-17 07:42 - 2019-12-07 14:48 - 000020908 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2022-11-17 07:42 - 2019-12-07 14:48 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2022-11-17 07:42 - 2019-12-07 14:48 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2022-11-17 07:42 - 2019-12-07 14:46 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2022-11-17 07:42 - 2019-12-07 14:44 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB
2022-11-17 07:42 - 2019-12-07 14:44 - 000000000 ____D C:\WINDOWS\en-GB
2022-11-17 07:42 - 2019-12-07 09:15 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2022-11-17 07:42 - 2019-12-07 09:14 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2022-11-17 07:42 - 2019-12-07 09:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2022-11-17 07:42 - 2019-12-07 09:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2022-11-17 07:42 - 2019-12-07 09:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2022-11-17 07:42 - 2019-12-07 09:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2022-11-17 07:42 - 2019-12-07 09:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2022-11-17 07:42 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2022-11-17 07:42 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2022-11-17 07:42 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2022-11-17 07:42 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2022-11-17 07:42 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2022-11-17 07:42 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2022-11-17 07:42 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2022-11-17 07:42 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2022-11-17 07:42 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2022-11-17 07:42 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2022-11-17 07:42 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-11-17 07:42 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2022-11-17 07:42 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2022-11-17 07:42 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-11-17 07:42 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2022-11-17 07:42 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2022-11-17 07:42 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2022-11-17 07:42 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2022-11-17 07:42 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2022-11-17 07:42 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\setup
2022-11-17 07:42 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2022-11-17 07:42 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2022-11-17 07:42 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2022-11-17 07:42 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2022-11-17 07:42 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2022-11-17 07:42 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2022-11-17 07:42 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-11-17 07:42 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-11-17 07:42 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2022-11-17 07:42 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\Com
2022-11-17 07:42 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2022-11-17 07:42 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2022-11-17 07:42 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-11-17 07:42 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2022-11-17 07:42 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\Provisioning
2022-11-17 07:42 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-11-17 07:42 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\IME
2022-11-17 07:42 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2022-11-17 07:42 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-11-17 07:42 - 2019-12-07 09:14 - 000000000 ____D C:\Program Files\Common Files\System
2022-11-17 07:42 - 2019-12-07 09:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2022-11-17 07:42 - 2019-12-07 09:03 - 000000000 ____D C:\WINDOWS\servicing
2022-11-17 07:37 - 2019-12-07 14:47 - 000000000 ____D C:\WINDOWS\OCR
2022-11-17 07:13 - 2021-06-21 20:02 - 000000000 ____D C:\Intel
2022-11-12 00:53 - 2022-02-17 16:04 - 000000000 ____D C:\Users\Connor\.p2

==================== Files in the root of some directories ========

2022-11-17 12:53 - 2022-11-17 18:09 - 000008102 _____ () C:\Users\Connor\AppData\Roaming\VoiceMeeterDefault.xml

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

[Turkeychopio]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-11-2022
Ran by Connor (17-11-2022 18:27:27)
Running from F:\Downloads
Microsoft Windows 10 Home Version 22H2 19045.2251 (X64) (2022-11-17 07:55:59)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-4236781876-3171122071-1440949848-500 - Administrator - Disabled)
Connor (S-1-5-21-4236781876-3171122071-1440949848-1001 - Administrator - Enabled) => C:\Users\Connor
DefaultAccount (S-1-5-21-4236781876-3171122071-1440949848-503 - Limited - Disabled)
Guest (S-1-5-21-4236781876-3171122071-1440949848-501 - Limited - Disabled)
Turke (S-1-5-21-4236781876-3171122071-1440949848-1002 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-4236781876-3171122071-1440949848-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
CurseForge (HKU\S-1-5-21-4236781876-3171122071-1440949848-1001\...\Overwolf_cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj) (Version: 0.212.3.7035 - Overwolf app)
Discord (HKU\S-1-5-21-4236781876-3171122071-1440949848-1001\...\Discord) (Version: 1.0.9007 - Discord Inc.)
EasySmartConfigurationUtility (HKLM-x32\...\{2E6F915E-1948-49D0-B660-0F17C768E511}) (Version: 1.3.10.0 - TPLINK)
Epic Games Launcher (HKLM-x32\...\{20235E2B-1E9F-473D-A215-B2467F1F06E3}) (Version: 1.3.51.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{19695986-25CE-41AC-9C6F-54794653EDBA}) (Version: 2.0.36.0 - Epic Games, Inc.)
FileZilla 3.62.0 (HKU\S-1-5-21-4236781876-3171122071-1440949848-1001\...\FileZilla Client) (Version: 3.62.0 - Tim Kosse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 107.0.5304.107 - Google LLC)
Gyazo 4.3.4.0 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
Java(TM) SE Development Kit 19.0.1 (64-bit) (HKLM\...\{E4838A94-3448-5F9E-B1FE-696C1DC1F772}) (Version: 19.0.1.0 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: 2022.10.326382 - Logitech)
Microsoft .NET Host - 6.0.11 (x64) (HKLM\...\{B92B890A-04F2-4880-BA20-20D4364FB263}) (Version: 48.47.50420 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.11 (x64) (HKLM\...\{5E63E49B-C88C-46C5-855C-A7B07C11CDC8}) (Version: 48.47.50420 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.11 (x64) (HKLM\...\{C3DD1448-513A-4DB8-978D-6991562EA63D}) (Version: 48.47.50420 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 107.0.1418.42 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 107.0.1418.42 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4236781876-3171122071-1440949848-1001\...\OneDriveSetup.exe) (Version: 21.220.1024.0005 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.34.31931 (HKLM-x32\...\{d4cecf3b-b68f-4995-8840-52ea0fab646e}) (Version: 14.34.31931.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.24.28127 (HKLM-x32\...\{EAC73207-74BD-4B13-AACF-8C0E751FA4E8}) (Version: 14.24.28127 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.24.28127 (HKLM-x32\...\{2E72FA1F-BADB-4337-B8AE-F7C17EC57D1D}) (Version: 14.24.28127 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.34.31931 (HKLM\...\{EAE242B1-0A26-485A-BFEB-0292EE9F03CB}) (Version: 14.34.31931 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.34.31931 (HKLM\...\{CF4C347D-954E-4543-88D2-EC17F07F466F}) (Version: 14.34.31931 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.11 (x64) (HKLM\...\{A39D4115-3A27-4245-AE92-3214B8B21932}) (Version: 48.47.50419 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.11 (x64) (HKLM-x32\...\{c4846f79-a633-4ae4-92a3-92fdbeb33da2}) (Version: 6.0.11.31823 - Microsoft Corporation)
MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.4.7 - Notepad++ Team)
NVIDIA FrameView SDK 1.3.8107.31782123 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8107.31782123 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.26.0.154 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.26.0.154 - NVIDIA Corporation)
NVIDIA Graphics Driver 526.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 526.98 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.39.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.39.16 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.208.1.2 - Overwolf Ltd.)
paint.net (HKLM\...\{E91052A0-E7C9-4462-B7B5-2C7279F7203B}) (Version: 4.3.12 - dotPDN LLC)
qBittorrent 4.4.5 (HKLM-x32\...\qBittorrent) (Version: 4.4.5 - The qBittorrent project)
TradeSkillMaster Application version 1.0 (HKLM-x32\...\{c44da794-b956-4d50-8733-346d56ae63c7}_is1) (Version: 1.0 - TradeSkillMaster)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.17.4 - VideoLAN)
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version: - VB-Audio Software)
Warcraft Logs Companion (HKU\S-1-5-21-4236781876-3171122071-1440949848-1001\...\Overwolf_ecboebafnpgnolnpgppohegbpjbhffiahodgijdp) (Version: 2.2.5 - Overwolf app)
WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)

Packages:
=========
EarTrumpet -> C:\Program Files\WindowsApps\40459File-New-Project.EarTrumpet_2.2.1.0_x86__1sdd7yawvg6ne [2022-11-17] (File-New-Project) [Startup Task]
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt [2022-11-17] (INTEL CORP) [Startup Task]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2022-11-17] (Microsoft Studios) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\nvidiacorp.nvidiacontrolpanel_8.1.963.0_x64__56jybvy8sckqj [2022-11-17] (NVIDIA Corp.)
One Calendar -> C:\Program Files\WindowsApps\64885BlueEdge.OneCalendar_2022.1021.1.0_x64__8kea50m9krsh2 [2022-11-17] (Code Spark)
Windows Package Manager Source (winget) -> C:\Program Files\WindowsApps\Microsoft.Winget.Source_2022.1117.1250.556_neutral__8wekyb3d8bbwe [2022-11-17] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4236781876-3171122071-1440949848-1001_Classes\CLSID\{429b5ad2-84ad-69c7-183b-1ea42518b203}\localserver32 -> F:\Programs\HandBrake\HandBrake.exe (HandBrake Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-4236781876-3171122071-1440949848-1001_Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.8.0_351\bin\jp2iexp.dll => No File
CustomCLSID: HKU\S-1-5-21-4236781876-3171122071-1440949848-1001_Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.8.0_351\bin\jp2iexp.dll => No File
CustomCLSID: HKU\S-1-5-21-4236781876-3171122071-1440949848-1001_Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.8.0_351\bin\jp2iexp.dll => No File

====Literally like 3.5 thousand lines of this message, the java one, I've been having a ton of issues downloading it, I guess it's related====

CustomCLSID: HKU\S-1-5-21-4236781876-3171122071-1440949848-1001_Classes\CLSID\{CAFEEFAC-0018-0000-FFFF-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.8.0_351\bin\jp2iexp.dll => No File
CustomCLSID: HKU\S-1-5-21-4236781876-3171122071-1440949848-1001_Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}\InprocServer32 -> C:\Program Files\Java\jre1.8.0_351\bin\jp2iexp.dll => No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => F:\Programs\Notepad++\NppShell_06.dll [2022-11-08] (Notepad++ -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_009debfbd2e1619b\nvshext.dll [2022-11-15] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2022-11-17 08:43 - 2022-11-17 08:43 - 104871424 _____ () [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13835\libcef.dll
2022-11-17 08:43 - 2022-11-17 08:43 - 000112128 _____ () [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13835\libegl.dll
2022-11-17 08:43 - 2022-11-17 08:43 - 006227456 _____ () [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13835\libglesv2.dll
2022-11-17 12:30 - 2022-11-17 12:29 - 000156160 _____ () [File not signed] C:\Program Files\LGHUB\resources\app.asar.unpacked\keytar.node
2022-11-17 08:43 - 2022-11-17 08:43 - 000810496 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13835\chrome_elf.dll
2022-11-17 08:43 - 2022-11-17 08:43 - 000047104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13835\audio\qtaudio_windows.dll
2022-11-17 08:43 - 2022-11-17 08:43 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13835\imageformats\qgif.dll
2022-11-17 08:43 - 2022-11-17 08:43 - 000027136 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13835\imageformats\qico.dll
2022-11-17 08:43 - 2022-11-17 08:43 - 000243712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13835\imageformats\qjpeg.dll
2022-11-17 08:43 - 2022-11-17 08:43 - 000223744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13835\imageformats\qmng.dll
2022-11-17 08:43 - 2022-11-17 08:43 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13835\imageformats\qsvg.dll
2022-11-17 08:43 - 2022-11-17 08:43 - 000332288 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13835\imageformats\qtiff.dll
2022-11-17 08:43 - 2022-11-17 08:43 - 001140224 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13835\platforms\qwindows.dll
2022-11-17 08:43 - 2022-11-17 08:43 - 004943360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13835\Qt5Core.dll
2022-11-17 08:43 - 2022-11-17 08:43 - 005022208 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13835\Qt5Gui.dll
2022-11-17 08:43 - 2022-11-17 08:43 - 000626176 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13835\Qt5Multimedia.dll
2022-11-17 08:43 - 2022-11-17 08:43 - 000877056 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13835\Qt5Network.dll
2022-11-17 08:43 - 2022-11-17 08:43 - 002908672 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13835\Qt5Qml.dll
2022-11-17 08:43 - 2022-11-17 08:43 - 003078656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13835\Qt5Quick.dll
2022-11-17 08:43 - 2022-11-17 08:43 - 000259072 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13835\Qt5Svg.dll
2022-11-17 08:43 - 2022-11-17 08:43 - 004718080 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13835\Qt5Widgets.dll
2022-11-17 08:43 - 2022-11-17 08:43 - 000439296 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13835\Qt5WinExtras.dll
2022-11-17 08:43 - 2022-11-17 08:43 - 000159232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13835\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_351\bin\ssv.dll => No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_351\bin\jp2ssv.dll => No File

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 09:14 - 2019-12-07 09:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\dotnet\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-21-4236781876-3171122071-1440949848-1001\Control Panel\Desktop\\Wallpaper -> D:\Pictures\Backgrounds\zClip\Finished PNG\81.2.png
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-4236781876-3171122071-1440949848-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-4236781876-3171122071-1440949848-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_13A61B3481C91B58676BDDFAAC1D15E5"
HKU\S-1-5-21-4236781876-3171122071-1440949848-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-4236781876-3171122071-1440949848-1001\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-4236781876-3171122071-1440949848-1001\...\StartupApproved\Run: => "Discord"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E3F82450-00C6-41AC-89C5-448613D33946}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\107.0.1418.42\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{933727B0-BB29-487E-BC36-3BD0D29ABC96}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{B8C4FA8A-B137-4089-B210-B6675BCDE2CA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{4BEDCAF5-E6C4-48D7-9AF1-7DE1F328FD27}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{ECF1604D-EF77-4D35-A4A4-39324678E7D7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{8DA00A26-F005-4E83-9C72-1DA5D75C90A5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{EDBF41E1-104B-4D73-8B5E-31179ED679B6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{FE279136-6DE1-4F20-AFBB-51C30A80DBA5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{29F44E73-F767-485E-829F-F646ADCA5389}] => (Allow) F:\Programs\overwolf\0.208.1.2\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{7E52011B-6F65-4CAF-88E6-2CA1768381BD}] => (Allow) F:\Programs\overwolf\0.208.1.2\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{94EF6430-5206-4B8B-9A2D-8555F69F5274}] => (Block) F:\Programs\overwolf\0.208.1.2\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{F7A06F8B-43F1-4861-AADF-FA0C1820595C}] => (Block) F:\Programs\overwolf\0.208.1.2\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{71DD1B5E-26F9-47CB-A9B7-AE9822CA6CB6}] => (Allow) F:\Programs\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{AFB2594D-4BA0-461C-9353-786EE6205480}] => (Allow) F:\Programs\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]

==================== Restore Points =========================

17-11-2022 08:27:18 Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821
17-11-2022 08:27:24 Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.22.27821

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (11/17/2022 02:40:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EpicGamesLauncher.exe, version: 14.3.2.0, time stamp: 0x63728f7b
Faulting module name: KERNELBASE.dll, version: 10.0.19041.2193, time stamp: 0x7f7062e1
Exception code: 0xc000041d
Fault offset: 0x000000000002cd29
Faulting process ID: 0x3794
Faulting application start time: 0x01d8fa7f829ea04c
Faulting application path: F:\Programs\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report ID: 54f2617b-c1f4-45d8-a44a-5a6de64e1a1f
Faulting package full name:
Faulting package-relative application ID:

Error: (11/17/2022 02:40:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EpicGamesLauncher.exe, version: 14.3.2.0, time stamp: 0x63728f7b
Faulting module name: KERNELBASE.dll, version: 10.0.19041.2193, time stamp: 0x7f7062e1
Exception code: 0x00004000
Fault offset: 0x000000000002cd29
Faulting process ID: 0x3794
Faulting application start time: 0x01d8fa7f829ea04c
Faulting application path: F:\Programs\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report ID: c5e79957-a50d-4900-828e-8ef4a171a6b4
Faulting package full name:
Faulting package-relative application ID:

Error: (11/17/2022 02:35:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dwm.exe, version: 10.0.19041.746, time stamp: 0x6be51595
Faulting module name: nvwgf2umx.dll, version: 31.0.15.2647, time stamp: 0x63583522
Exception code: 0xc0000005
Fault offset: 0x00000000002a1de6
Faulting process ID: 0x548
Faulting application start time: 0x01d8fa7f74b18f5d
Faulting application path: C:\WINDOWS\system32\dwm.exe
Faulting module path: C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ade64cd54ec2f9ed\nvwgf2umx.dll
Report ID: 53c73cc2-d2b0-4f26-ad74-40b789a7e2cc
Faulting package full name:
Faulting package-relative application ID:

Error: (11/17/2022 12:19:43 PM) (Source: MsiInstaller) (EventID: 11722) (User: CONNOR-DESKTOP)
Description: Product: Java 8 Update 351 (64-bit) -- Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action installexe, location: C:\Program Files\Java\jre1.8.0_351\installer.exe, command: /s INSTALLDIR="C:\Program Files\Java\jre1.8.0_351\\" INSTALL_SILENT=1 REPAIRMODE=0 ProductCode={26A24AE4-039D-4CA4-87B4-2F64180351F0}

Error: (11/17/2022 12:15:13 PM) (Source: MsiInstaller) (EventID: 11722) (User: CONNOR-DESKTOP)
Description: Product: Java 8 Update 351 (64-bit) -- Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action installexe, location: C:\Program Files\Java\jre1.8.0_351\installer.exe, command: /s INSTALLDIR="C:\Program Files\Java\jre1.8.0_351\\" INSTALL_SILENT=1 REPAIRMODE=0 ProductCode={26A24AE4-039D-4CA4-87B4-2F64180351F0}

Error: (11/17/2022 10:01:57 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002f0,SYSTEM\CurrentControlSet\Services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5},0,REG_BINARY,000000734637E200.72). hr = 0x80070005, Access is denied.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (11/17/2022 10:01:57 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002f0,SYSTEM\CurrentControlSet\Services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5},0,REG_BINARY,000000734637E200.72). hr = 0x80070005, Access is denied.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (11/17/2022 10:01:57 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002f0,SYSTEM\CurrentControlSet\Services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5},0,REG_BINARY,000000734637E200.72). hr = 0x80070005, Access is denied.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet


System errors:
=============
Error: (11/17/2022 02:35:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.

Error: (11/17/2022 02:35:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The NVIDIA LocalSystem Container service terminated with the following error:
A generic command executable returned a result that indicates failure.

Error: (11/17/2022 12:23:54 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HitmanPro38CrusaderBoot service terminated with the following service-specific error:
The operation completed successfully.

Error: (11/17/2022 12:22:47 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Type with the following error:
Access is denied.

Error: (11/17/2022 12:20:47 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Type with the following error:
Access is denied.

Error: (11/17/2022 12:20:10 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Update for Microsoft Defender Antivirus antimalware platform - KB4052623 (Version 4.18.2210.6).

Error: (11/17/2022 12:18:17 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Type with the following error:
Access is denied.

Error: (11/17/2022 12:18:17 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Type with the following error:
Access is denied.


Windows Defender:
================
Date: 2022-11-17 09:11:19
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:

Trojan:Win32/Occamy.C38 threat description - Microsoft Security Intelligence

Name: Trojan:Win32/Occamy.C38
Severity: Severe
Category: Trojan
Path: containerfile:_F:\Games\Crazy Machines 3\rld-crma3le.iso; file:_F:\Games\Crazy Machines 3\rld-crma3le.iso->\Crack\steam_api64.dll
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: User
Process Name: Unknown
Security intelligence Version: AV: 1.379.491.0, AS: 1.379.491.0, NIS: 1.379.491.0
Engine Version: AM: 1.1.19800.4, NIS: 1.1.19800.4

==================== Memory info ===========================

BIOS: American Megatrends Inc. A.60 01/30/2021
Motherboard: Micro-Star International Co., Ltd. MPG Z490 GAMING PLUS (MS-7C75)
Processor: Intel(R) Core(TM) i7-10700K CPU @ 3.80GHz
Percentage of memory in use: 60%
Total physical RAM: 16305.69 MB
Available physical RAM: 6414.17 MB
Total Virtual: 24931.47 MB
Available Virtual: 3259.98 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.29 GB) (Free:117.77 GB) (Model: Samsung SSD 970 EVO 250GB) NTFS
Drive d: (New Volume) (Fixed) (Total:931.5 GB) (Free:347.2 GB) (Model: WDC WD10EZEX-08WN4A0) NTFS
Drive e: (New Volume) (Fixed) (Total:2794.5 GB) (Free:727.25 GB) (Model: TOSHIBA HDWD130) NTFS
Drive f: (SSD 2) (Fixed) (Total:931.5 GB) (Free:275.33 GB) (Model: WDC WDS100T2B0C-00PXH0) NTFS

\\?\Volume{62adf89f-d184-4a71-9738-56be4931f768}\ () (Fixed) (Total:0.49 GB) (Free:0.05 GB) NTFS
\\?\Volume{7e8fbd3c-fad5-4075-8d09-9016376848ba}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 2794.5 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 2 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 3 (Protective MBR) (Size: 232.9 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

 

[Broni]

I don't see anything malicious. You should be good to go

 

[Turkeychopio]

I don't see anything malicious. You should be good to go

Cool, thanks very much for looking over it

If a mod could mark as solved I'd appreciate it, not sure how myself

 

[Broni]

You're welcome