Solved Virus?

Knocks · Jun 16, 2020

Hello, it's been a few weeks since my computer started behaving strangely: everytime I press something from the tray bar that opens the Windows settings (for example: right-click on sound -> open sound settings) a SysWOW64/cmd.exe window pops up and the settings don't open.

Thanks for the help

Knocks · Jun 16, 2020

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-06-2020
Ran by Knocks (16-06-2020 21:07:45)
Running from C:\Users\Knocks\Desktop
Windows 10 Pro Version 1909 18363.836 (X64) (2019-07-04 18:22:38)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2075321210-3507446918-3865309842-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2075321210-3507446918-3865309842-503 - Limited - Disabled)
Guest (S-1-5-21-2075321210-3507446918-3865309842-501 - Limited - Disabled)
Knocks (S-1-5-21-2075321210-3507446918-3865309842-1001 - Administrator - Enabled) => C:\Users\Knocks
WDAGUtilityAccount (S-1-5-21-2075321210-3507446918-3865309842-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
ACR122U NFC Reader SDK (HKLM-x32\...\{FAAC71FD-D54F-49A9-AC3A-D018D587C527}) (Version: 1.0.0.0 - Advanced Card Systems Ltd.)
ACS Unified PC/SC Driver 4.2.8.0 (HKLM\...\{F3FFE3CC-6D21-4010-8DD1-D32167EDAA3F}) (Version: 4.2.8.0 - Advanced Card Systems Ltd.)
Adobe Acrobat Reader DC - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AC0F074E4100}) (Version: 20.009.20067 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.23 - Adobe Systems)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.387 - Adobe)
Adobe Lightroom Classic CC (HKLM-x32\...\LTRM_8_2_1) (Version: 8.2.1 - Adobe Systems Incorporated)
Advanced IP Scanner 2.5 (HKLM-x32\...\{816038FA-53B2-4F36-A9F2-8F6B8B81C7B0}) (Version: 2.5.3850 - Famatech)
AI Suite 3 (HKLM-x32\...\{CD36E28B-6023-469A-91E7-049A2874EC13}) (Version: 1.01.57 - ASUSTeK Computer Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 20.5.1 - Advanced Micro Devices, Inc.)
AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 5.4.0 - philandro Software GmbH)
Apple Mobile Device Support (HKLM\...\{C788AE25-3D4E-4D18-811B-3219F778487E}) (Version: 13.5.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Application Verifier x64 External Package (HKLM\...\{B27BC1FC-8474-9E32-73C2-6F7CD58AD1E3}) (Version: 10.1.17763.132 - Microsoft) Hidden
Arduino (HKLM-x32\...\Arduino) (Version: 1.8.10 - Arduino LLC)
Assassin's Creed Unity (HKLM-x32\...\Uplay Install 720) (Version: - Ubisoft)
Assistente aggiornamento Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22807 - Microsoft Corporation)
Asus ApoDispatchConfigurator (HKLM\...\{4FEB3307-A0EF-4385-9C8F-4B4C1503311C}) (Version: 3.6.3401 - ASUSTeK COMPUTER INC) Hidden
Asus AudioCaptureNotificationConfigurator (HKLM\...\{04C5CE55-7F32-4D2D-AEA2-FDC03E8F65CC}) (Version: 3.6.3401 - ASUSTeK COMPUTER INC) Hidden
Asus DeviceRoutingConfigurator (HKLM\...\{AC306567-A1B7-4208-8FED-97CF535050BC}) (Version: 3.6.3401 - ASUSTeK COMPUTER INC) Hidden
Asus NahimicSettingsConfigurator (HKLM\...\{4354E970-FFD1-4354-BB44-A23C4C4DDB28}) (Version: 3.6.3401 - ASUSTeK COMPUTER INC) Hidden
Asus ProductDaemonSetup (HKLM\...\{36606417-B1C4-42C2-B5C1-67972DA63DAB}) (Version: 3.6.3401 - ASUSTeK COMPUTER INC) Hidden
Asus ProfileSwitcherCleanup (HKLM\...\{1C7D230F-66FA-4302-80F7-33EFE7EFED4F}) (Version: 3.6.34.49403 - ASUSTeK COMPUTER INC) Hidden
Asus Sonic Radar 3 (HKLM-x32\...\{379946d7-d0d7-4395-87e8-8097ca734c8a}) (Version: 3.6.34.49403 - ASUSTeK COMPUTER INC)
Asus Sonic Studio 3 (HKLM-x32\...\{13df6180-9a6f-4b9b-bfb8-3741c3af4e01}) (Version: 3.6.34.49403 - ASUSTeK COMPUTER INC)
Asus SonicMapperConfigurator (HKLM\...\{6FD5072F-7FCE-4F73-BAB0-98251FF891CE}) (Version: 3.6.34.49403 - ASUSTeK COMPUTER INC) Hidden
Asus SonicRadar3Setup (HKLM\...\{B938DE12-4F3D-4068-9649-E5A9E3CB464C}) (Version: 3.6.34.49403 - ASUSTeK COMPUTER INC) Hidden
Asus SonicStudio3Setup (HKLM\...\{4F5EDE91-E41F-428B-BE5D-EB185BE9007A}) (Version: 3.6.34.49403 - ASUSTeK COMPUTER INC) Hidden
Atmel Segger USB Drivers (501e) (HKLM-x32\...\{156C0C95-4DDE-4F88-97A0-5EEE22269CE3}) (Version: 7.0.417 - Atmel)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 20.4.2410 - Avast Software)
balenaEtcher 1.5.39 (HKU\S-1-5-21-2075321210-3507446918-3865309842-1001\...\d2f3b6c7-6f49-59e2-b8a5-f72e33900c2b) (Version: 1.5.39 - Balena Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.8.2.48475 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
Blender (HKLM\...\{A6B045E1-6F1C-4FCD-936A-EE272B675EC8}) (Version: 2.81.1 - Blender Foundation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Branding64 (HKLM\...\{856DA29A-EA4A-468B-BBC2-B5F60DD75BFE}) (Version: 1.00.0002 - Advanced Micro Devices, Inc.) Hidden
Cisco Packet Tracer 7.2.1 64Bit (HKLM\...\Cisco Packet Tracer 7.2.1 64Bit_is1) (Version: - Cisco Systems, Inc.)
Composer - Php Dependency Manager (HKLM-x32\...\{7315AF68-E777-496A-A6A2-4763A98ED35A}_is1) (Version: - getcomposer.org)
CPUID HWMonitor 1.41 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.41 - CPUID, Inc.)
CPUID ROG CPU-Z 1.89 (HKLM\...\CPUID ROG CPU-Z_is1) (Version: 1.89 - CPUID, Inc.)
CryEngine(R)2 Sandbox(TM)2 (HKLM-x32\...\{7E4B7FD9-4ECE-4298-A910-3160B7918059}) (Version: 1.00.0000 - Electronic Arts)
Crysis (HKLM-x32\...\{E70E73B2-DABD-40E4-AE50-81B22567F418}) (Version: 1.1.1.6156 - Electronic Arts)
Crysis 2 (HKLM-x32\...\{6033673D-2530-4587-8AD0-EB059FC263F9}) (Version: 1.9.0.0 - Electronic Arts)
Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.0.0.0 - Electronic Arts)
Crysis®3 Digital Deluxe Edition Content (HKLM-x32\...\{2A8C5AE3-2772-4EB1-8206-D5E53D111A61}) (Version: 1.0.0.0 - Electronic Arts)
CrystalDiskInfo 8.3.2 Kurei Kei Edition (64-bit) (HKLM\...\CrystalDiskInfo_is1) (Version: 8.3.2 - Crystal Dew World)
CrystalDiskMark 7.0.0f Shizuku Edition (HKLM\...\CrystalDiskMark7_is1) (Version: 7.0.0f - Crystal Dew World)
DAEMON Tools Pro (HKLM\...\DAEMON Tools Pro) (Version: 8.3.0.0749 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-2075321210-3507446918-3865309842-1001\...\Discord) (Version: 0.0.306 - Discord Inc.)
DOOM Eternal (HKLM-x32\...\DOOM Eternal_is1) (Version: - )
EaseUS Partition Master 11.10 Trial Edition (HKLM-x32\...\EaseUS Partition Master Trial Edition_is1) (Version: - EaseUS)
eMule (HKLM-x32\...\eMule) (Version: - )
Epic Games Launcher (HKLM-x32\...\{FD1AED74-6050-4BC7-B58D-91CB31CB7548}) (Version: 1.1.183.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version: - Pow Tools)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
FileZilla Client 3.48.1 (HKLM-x32\...\FileZilla Client) (Version: 3.48.1 - Tim Kosse)
Fing 1.3.2 (HKLM\...\{ef02f71c-68af-54ab-8061-7d3dda633940}) (Version: 1.3.2 - Fing Ltd)
FTBApp 1.0.8 (HKU\S-1-5-21-2075321210-3507446918-3865309842-1001\...\1726-2696-9539-5278) (Version: 1.0.8 - CreeperHost LTD)
GameFirst IV (HKLM-x32\...\{3A6CC7B3-FD9C-48C1-A1EC-46A5B677E739}) (Version: 1.6.6.0 - ASUSTeK COMPUTER INC.) Hidden
GameFirst IV (HKLM-x32\...\GameFirst IV 1.6.6.0) (Version: 1.6.6.0 - ASUSTeK COMPUTER INC.)
GIMP 2.10.8 (HKLM\...\GIMP-2_is1) (Version: 2.10.8 - The GIMP Team)
Git version 2.27.0 (HKLM\...\Git_is1) (Version: 2.27.0 - The Git Development Community)
GNU Privacy Guard (HKLM-x32\...\GnuPG) (Version: 2.2.16 - The GnuPG Project)
GNU Tools for ARM Embedded Processors 8-2019-q3-update 8 2019 (remove only) (HKLM-x32\...\GNU Tools for ARM Embedded Processors 8-2019-q3-update 8 2019) (Version: 8 2019-q3-update - ARM Holdings)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 83.0.4103.97 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Gpg4win (3.1.9) (HKLM-x32\...\Gpg4win) (Version: 3.1.9 - The Gpg4win Project)
HakuNeko Desktop (HKLM\...\HakuNeko Desktop_is1) (Version: 6.0.7 - Ronny Wegener <wegener.ronny@gmail.com>)
HP Color Laser MFP 178 179 (HKLM-x32\...\HP Color Laser MFP 178 179) (Version: 1.14 (01/11/2019) - HP Inc.)
HP MFP Scan (HKLM-x32\...\HP MFP Scan) (Version: 1.06.67 (18/01/2019) - HP Inc.)
HP Scan OCR Software (HKLM-x32\...\HP Scan OCR Software) (Version: 1.01.20 (09/10/2018) - HP Inc.)
HUB Young versione 3.7 (HKLM-x32\...\{EFADC40D-2E64-4051-A6C8-5F067DACD782}_is1) (Version: 3.7 - )
HxD Hex Editor 2.3 (HKLM\...\HxD_is1) (Version: 2.3 - Maël Hörz)
IDM Crack 6.37 build 14 (HKLM-x32\...\IDM Crack 6.37 build 14) (Version: 6.37 build 14 - Crackingpatching.com Team)
Intel(R) Extreme Tuning Utility (HKLM-x32\...\{92b09894-9d66-465d-97a0-5bcabf264301}) (Version: 6.5.1.321 - Intel Corporation)
Intel(R) Extreme Tuning Utility (HKLM-x32\...\{EC7279C8-6C18-4389-8C21-37884A58C114}) (Version: 6.5.1.321 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1069 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.49.166.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{df682aff-4294-4ad1-aaa7-276931d5781f}) (Version: 1.49.166.0 - Intel Corporation) Hidden
Intel® Hardware Accelerated Execution Manager (HKLM\...\{754CC9DC-3DB4-4FB2-B71E-87331DB9EA17}) (Version: 7.5.4 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
iTunes (HKLM\...\{81D32D2F-1C41-4874-980D-FBFBC359977F}) (Version: 12.10.7.3 - Apple Inc.)
Java 8 Update 241 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180241F0}) (Version: 8.0.2410.7 - Oracle Corporation)
Java SE Development Kit 8 Update 201 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180201}) (Version: 8.0.2010.9 - Oracle Corporation)
Java(TM) SE Development Kit 14.0.1 (64-bit) (HKLM\...\{AF1122ED-203C-5CC1-8249-F85131C61AC4}) (Version: 14.0.1.0 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
JetBrains dotCover 2018.3.4 (HKU\S-1-5-21-2075321210-3507446918-3865309842-1001\...\{d6c6b27d-71fa-5528-91a5-1e49334147c2}) (Version: 2018.3.4 - JetBrains s.r.o.)
JetBrains dotPeek 2018.3.4 (HKU\S-1-5-21-2075321210-3507446918-3865309842-1001\...\{a89bdfc8-00a0-5974-bf67-72d88d314596}) (Version: 2018.3.4 - JetBrains s.r.o.)
JetBrains ETW Service (HKLM-x32\...\{BC3668C6-1990-4363-A6D2-93BE8B670E5E}) (Version: 201.15.18.0 - JetBrains s.r.o) Hidden
JetBrains Toolbox (HKU\S-1-5-21-2075321210-3507446918-3865309842-1001\...\Toolbox) (Version: 1.13.4801 - JetBrains)
KeePass Password Safe 2.45 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.45 - Dominik Reichl)
Kits Configuration Installer (HKLM-x32\...\{6F502640-B753-C101-FFA5-B38C3FA5B29A}) (Version: 10.1.17134.12 - Microsoft) Hidden
K-Lite Codec Pack 9.6.5 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.6.5 - )
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKU\S-1-5-21-2075321210-3507446918-3865309842-1001\...\Riot Game league_of_legends.live) (Version: - Riot Games, Inc)
Link Shell Extension (HKLM\...\HardlinkShellExt) (Version: 3.9.1.3 - Hermann Schinagl)
Logitech Gaming Software 9.02 (HKLM\...\Logitech Gaming Software) (Version: 9.02.65 - Logitech Inc.)
MEmu (HKLM-x32\...\MEmu) (Version: 6.2.7.0 - Microvirt Software Technology Co. Ltd.)
Microsoft .NET Core SDK 2.1.701 (x64) (HKLM-x32\...\{016b678e-a57a-496c-97cb-5d6b7916ed2f}) (Version: 2.1.701 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - en-us (HKLM\...\Proplus2019Retail - en-us) (Version: 16.0.12827.20336 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - it-it (HKLM\...\Proplus2019Retail - it-it) (Version: 16.0.12827.20336 - Microsoft Corporation)
Microsoft Project Professional 2019 - en-us (HKLM\...\ProjectPro2019Retail - en-us) (Version: 16.0.12827.20336 - Microsoft Corporation)
Microsoft Project Professional 2019 - it-it (HKLM\...\ProjectPro2019Retail - it-it) (Version: 16.0.12827.20336 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2075321210-3507446918-3865309842-1001\...\Teams) (Version: 1.3.00.12058 - Microsoft Corporation)
Microsoft Visio - en-us (HKLM\...\VisioPro2019Retail - en-us) (Version: 16.0.12827.20336 - Microsoft Corporation)
Microsoft Visio - it-it (HKLM\...\VisioPro2019Retail - it-it) (Version: 16.0.12827.20336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual Studio 2015 Shell (Isolated) (HKLM-x32\...\{d2981c27-a434-4c9a-96c7-0209e97c4eac}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Visual Studio Code Insiders (HKLM\...\{1287CAD5-7C8D-410D-88B9-0D1EE4A83FF2}_is1) (Version: 1.47.0 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 2.4.1080.1113 - Microsoft Corporation)
Microsoft Web Deploy 4.0 (HKLM\...\{BBCDB523-F5B7-4E53-A911-C85191E3BDF0}) (Version: 10.0.2606 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{E154B2C8-2F3E-4763-B3D5-E7D34AE39C6B}) (Version: 1.0.0.0 - Mojang)
Mozilla Firefox 77.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 77.0.1 (x64 en-US)) (Version: 77.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 73.0 - Mozilla)
MSI Development Tools (HKLM-x32\...\{6C961B30-A670-8A05-3BFE-3947E84DD4E4}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Need for Speed™ Most Wanted (HKLM-x32\...\{FB0127F3-985B-44CE-AE29-378CAF60B361}) (Version: 1.5.0.0 - Electronic Arts)
NieR: Automata (HKLM-x32\...\NieR: Automata_is1) (Version: - )
Nmap 7.80 (HKLM-x32\...\Nmap) (Version: 7.80 - Nmap Project)
Npcap 0.9982 (HKLM-x32\...\NpcapInst) (Version: 0.9982 - Nmap Project)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 23.2.1 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.12827.20160 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.12827.20336 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.12827.20160 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0410-1000-0000000FF1CE}) (Version: 16.0.12827.20160 - Microsoft Corporation) Hidden
OpenVPN 2.4.7-I603 (HKLM\...\OpenVPN) (Version: 2.4.7-I603 - OpenVPN Technologies, Inc.)
Oracle VM VirtualBox 6.0.0 (HKLM\...\{A6A31B11-8084-4A4E-A59F-2A0021F63471}) (Version: 6.0.0 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.72.41482 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{816b9efb-81f8-48b9-a90e-e01a15f52d94}) (Version: latest - ppy Pty Ltd)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Pacchetto driver Windows - Advanced Card Systems Ltd. Unified PC/SC Driver (02/05/2018 4.2.8.0) (HKLM\...\D751E9E82CDBF02B2B89D49FB46F766876BA07E5) (Version: 02/05/2018 4.2.8.0 - Advanced Card Systems Ltd.)
Pacchetto driver Windows - Graphics Tablet (WinUsb) USBDevice (04/10/2014 8.33.30.0) (HKLM\...\142118DF51345EA02D2B1583E102C8FB95FD6D52) (Version: 04/10/2014 8.33.30.0 - Graphics Tablet)
Pearson Test Prep (HKLM-x32\...\Pearson Test Prep_is1) (Version: 1.0.30.1 - Pearson IT Certification)
PL-2303 USB-to-Serial (HKLM-x32\...\{A9111573-EF12-4D80-A5B9-55F620D5BCA1}) (Version: 1.00.000 - Prolific Technology INC)
Plex (HKLM-x32\...\Plex) (Version: 1.5.0 - Plex, Inc.)
Postman-win64-7.26.0 (HKU\S-1-5-21-2075321210-3507446918-3865309842-1001\...\Postman) (Version: 7.26.0 - Postman)
PuTTY release 0.70 (64-bit) (HKLM\...\{45B3032F-22CC-40CD-9E97-4DA7095FA5A2}) (Version: 0.70.0.0 - Simon Tatham)
Python 3.8.2 (64-bit) (HKU\S-1-5-21-2075321210-3507446918-3865309842-1001\...\{0bcac772-c721-42cc-ba18-faafccf12d80}) (Version: 3.8.2150.0 - Python Software Foundation)
Python 3.8.2 Add to Path (64-bit) (HKLM\...\{88AF4D20-BE9D-4CA6-8BD4-5DB380A41CC8}) (Version: 3.8.2150.0 - Python Software Foundation) Hidden
Python 3.8.2 Core Interpreter (64-bit) (HKLM\...\{AD923240-0ACE-45C9-8749-05BF77AAE101}) (Version: 3.8.2150.0 - Python Software Foundation) Hidden
Python 3.8.2 Development Libraries (64-bit) (HKLM\...\{BDFB7011-0AB2-440F-8F00-32AF7A9ED1ED}) (Version: 3.8.2150.0 - Python Software Foundation) Hidden
Python 3.8.2 Documentation (64-bit) (HKLM\...\{65B0F976-5151-427E-95B4-2320DC64F91E}) (Version: 3.8.2150.0 - Python Software Foundation) Hidden
Python 3.8.2 Executables (64-bit) (HKLM\...\{A36C1168-60E6-42E4-93DB-6BE8C6DD9DD6}) (Version: 3.8.2150.0 - Python Software Foundation) Hidden
Python 3.8.2 pip Bootstrap (64-bit) (HKLM\...\{8EEE042B-6EAF-4171-BA6E-01319ED99DA8}) (Version: 3.8.2150.0 - Python Software Foundation) Hidden
Python 3.8.2 Standard Library (64-bit) (HKLM\...\{33F9B46C-EB19-4BB7-ABFA-F8C71B73E9A4}) (Version: 3.8.2150.0 - Python Software Foundation) Hidden
Python 3.8.2 Tcl/Tk Support (64-bit) (HKLM\...\{FCA1EB7D-2F62-4659-AA5F-42C37CE5D3CB}) (Version: 3.8.2150.0 - Python Software Foundation) Hidden
Python 3.8.2 Test Suite (64-bit) (HKLM\...\{F6DA05CF-67B5-47D0-ABD4-371C80BA0717}) (Version: 3.8.2150.0 - Python Software Foundation) Hidden
Python 3.8.2 Utility Scripts (64-bit) (HKLM\...\{52AB506A-EC3C-4060-9EBF-6A975994CB35}) (Version: 3.8.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{AF12A465-EA47-447D-B6BF-2A82CDBE2F0E}) (Version: 3.8.6994.0 - Python Software Foundation)
qBittorrent 4.2.5 (HKLM-x32\...\qBittorrent) (Version: 4.2.5 - The qBittorrent project)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.3.1 r3321 - Rainmeter)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8382 - Realtek Semiconductor Corp.)
Riot Vanguard (HKLM\...\Riot Vanguard) (Version: - Riot Games, Inc.)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.24.258 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.5.6 - Rockstar Games)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.6.5.0 - Samsung Electronics Co., Ltd.)
Sapphire TRIXX 6.8.0 (HKLM-x32\...\{54CE6A44-8553-4B78-9B07-AC88A9D581E8}_is1) (Version: 6.8.0 - Sapphire Technology)
SDK ARM Additions (HKLM-x32\...\{0B5D6FB7-05A5-271B-5B99-82384219A471}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
SDK ARM Redistributables (HKLM-x32\...\{4A5F6E94-7967-A333-8231-CA9AF35E03BD}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.2.19071.4 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.2.19071.4 - Samsung Electronics Co., Ltd.)
SmartPSS 2.002.0000009.0 (HKLM-x32\...\SmartPSS) (Version: 2.002.0000009.0 - )
Spotify (HKU\S-1-5-21-2075321210-3507446918-3865309842-1001\...\Spotify) (Version: 1.1.34.694.gac68a2b3 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
StepMania 5 (HKLM-x32\...\StepMania 5) (Version: 5.0.12 - StepMania)
Supporto applicazioni Apple (32 bit) (HKLM-x32\...\{11C4575B-4B32-44D2-A097-D59A00BA60DE}) (Version: 8.5 - Apple Inc.)
Supporto applicazioni Apple (64 bit) (HKLM\...\{D39B163A-9E12-442C-95E9-33FA5746AB21}) (Version: 8.5 - Apple Inc.)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.3.2 - TeamSpeak Systems GmbH)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
Telegram Desktop version 2.1.10 (HKU\S-1-5-21-2075321210-3507446918-3865309842-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.1.10 - Telegram FZ-LLC)
Twitch (HKU\S-1-5-21-2075321210-3507446918-3865309842-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 8.0.0 - Twitch Interactive, Inc.)
Ultimaker Cura 4.5 (HKLM-x32\...\Ultimaker Cura 4.5) (Version: 4.5.0 - Ultimaker B.V.)
UninstallTabletDeviceDriver (HKLM\...\{39089688-F09E-4DAD-8C80-647D3DF68630}_is1) (Version: 12.4.2 - )
Universal CRT Extension SDK (HKLM-x32\...\{7D225043-6CC5-7B56-11DD-AFF90E4C1C0C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{CB19DBA2-C210-5646-9522-695A1317CD34}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{5F577A45-3C65-352B-061D-D6A57F05402C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{3B588BBE-EB02-D1B2-5CD5-7DB85AD8A3E7}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{D2DC1EDF-EE04-9B5F-BDD7-06645D859EC3}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{CE83D0BD-418A-F3D1-D6CE-687E96D1EBD0}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 85.0 - Ubisoft)
USBPcap 1.3.0.0 (HKLM\...\USBPcap) (Version: 1.3.0.0 - Tomasz Mon)
VALORANT (HKU\S-1-5-21-2075321210-3507446918-3865309842-1001\...\Riot Game valorant.live) (Version: - Riot Games, Inc)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.10 - VideoLAN)
VMware Workstation (HKLM\...\{B7653DE1-40D5-4600-99FE-9A7FD001DB97}) (Version: 15.5.2 - VMware, Inc.)
WATCH_DOGS2 (HKLM-x32\...\Uplay Install 2688) (Version: - Ubisoft)
WhatsApp (HKU\S-1-5-21-2075321210-3507446918-3865309842-1001\...\WhatsApp) (Version: 2.2023.2 - WhatsApp)
Win32DiskImager version 1.0.0 (HKLM-x32\...\{3DFFA293-DF2C-4B23-92E5-3433BDC310E1}}_is1) (Version: 1.0.0 - ImageWriter Developers)
WinAppDeploy (HKLM-x32\...\{716AE8F2-1BE3-7657-DF6B-F23DEEC75AF9}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Windows Mobile Connectivity Tools 10.0.15254.0 - Desktop x86 (HKLM-x32\...\{833F02C5-2C39-49F6-BD64-91D351081274}) (Version: 10.1.15254.1 - Microsoft Corporation)
Windows SDK AddOn (HKLM-x32\...\{1E76DFA7-96F3-4281-8E41-8A226C3E42EE}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.17763.132 (HKLM-x32\...\{5fe95b9d-9219-4d8b-a031-71323ae48a81}) (Version: 10.1.17763.132 - Microsoft Corporation)
Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.83 Build 20 - Windscribe Limited)
WinMerge 2.16.6.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.16.6.0 - Thingamahoochie Software)
WinPcap for Fing 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Domotz, Inc)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{00B12DF9-5428-9406-DE2C-8E8A1A062B05}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{E82A4A6C-C21C-35FE-B805-3E44318F6D63}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{7E898893-9C42-A572-7F57-FDE55CE812F7}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{E8B1CB29-5C24-D882-3CEF-F8A7263BC63D}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense Mobile - en-us (HKLM-x32\...\{F6F11150-93DE-0507-FCA0-F746E0207017}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{8329C3A0-8582-D1C2-67FF-800654BFDF45}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{771C9DEF-7C0B-85DA-6426-7A20F06BEC94}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{B047C746-63E8-41C7-A5C0-7ABD390CF3E6}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{0063AF94-397B-9C64-1C71-D404B27C5D96}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinSCP 5.17.3 (HKLM-x32\...\winscp3_is1) (Version: 5.17.3 - Martin Prikryl)
Wireshark 3.0.3 64-bit (HKLM-x32\...\Wireshark) (Version: 3.0.3 - The Wireshark developer community, hxxps://www.wireshark.org)
XAMPP (HKLM-x32\...\xampp) (Version: 7.3.3-0 - Bitnami)
XnViewMP 0.93.1 (HKLM\...\XnViewMP_is1) (Version: 0.93.1 - Gougelet Pierre-e)

Knocks · Jun 16, 2020

Packages:
=========
Componente aggiuntivo motore dei supporti Foto -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-06-12] (Microsoft Corporation)
Debian -> C:\Program Files\WindowsApps\TheDebianProject.DebianGNULinux_1.1.8.0_x64__76v4gfsz19hv4 [2020-06-12] (The Debian Project)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_115.1.152.0_x64__v10z8vjag6ke6 [2020-06-16] (HP Inc.)
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2020-06-12] (INTEL CORP)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-06-12] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-06-12] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.5012.0_x64__8wekyb3d8bbwe [2020-06-12] (Microsoft Studios) [MS Ad]
MSN Meteo -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-06-12] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.96.725.0_x64__mcm4njqhnhss8 [2020-06-12] (Netflix, Inc.)
WinDbg Preview -> C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2001.2001.0_neutral__8wekyb3d8bbwe [2020-06-12] (Microsoft Corporation)
Windows Terminal -> C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.0.1401.0_x64__8wekyb3d8bbwe [2020-06-16] (Microsoft Corporation)
Xbox 360 SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxCompanion_1.4.3.0_x64__8wekyb3d8bbwe [2020-06-12] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2075321210-3507446918-3865309842-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Knocks\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20031.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2075321210-3507446918-3865309842-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Knocks\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20031.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2019-05-02] (Tonec Inc. -> Tonec Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2020-06-16] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2019-02-15] (Hermann Schinagl -> Hermann Schinagl) [File not signed]
ShellIconOverlayIdentifiers: [IconOverlayJunction] -> {0A479751-02BC-11d3-A855-0004AC2568FF} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2019-02-15] (Hermann Schinagl -> Hermann Schinagl) [File not signed]
ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2019-02-15] (Hermann Schinagl -> Hermann Schinagl) [File not signed]
ShellIconOverlayIdentifiers-x32: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2019-02-15] (Hermann Schinagl -> Hermann Schinagl) [File not signed]
ShellIconOverlayIdentifiers-x32: [IconOverlayJunction] -> {0A479751-02BC-11d3-A855-0004AC2568FF} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2019-02-15] (Hermann Schinagl -> Hermann Schinagl) [File not signed]
ShellIconOverlayIdentifiers-x32: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2019-02-15] (Hermann Schinagl -> Hermann Schinagl) [File not signed]
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2020-06-16] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [GpgEX] -> -{CCD955E4-5C16-4A33-AFDA-A8947A94946B} => -> No File
ContextMenuHandlers1: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2019-02-15] (Hermann Schinagl -> Hermann Schinagl) [File not signed]
ContextMenuHandlers1: [ModernSharing] -> -{e2bf9676-5f8f-435c-97eb-11607a5bedf7} => -> No File
ContextMenuHandlers1: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2019-10-08] (hxxp://winmerge.org) [File not signed]
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Workstation\vmdkShellExt.dll [2020-03-07] (VMware, Inc. -> VMware, Inc.)
ContextMenuHandlers2: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Workstation\x64\vmdkShellExt64.dll [2020-03-07] (VMware, Inc. -> VMware, Inc.)
ContextMenuHandlers2: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2019-10-08] (hxxp://winmerge.org) [File not signed]
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2020-06-16] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [DeleteFiles] -> {736AF091-C361-49B4-A928-87C586130D33} => C:\Program Files\File Shredder\fsshell.dll [2012-04-01] () [File not signed]
ContextMenuHandlers3-x32: [FAExt] -> {05672D66-9736-42F5-8BEB-FA1DD3CA51C4} => C:\Program Files (x86)\FileASSASSIN\FileASSASSINExt.dll [2007-03-31] (Malwarebytes) [File not signed]
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [GpgEX] -> -{CCD955E4-5C16-4A33-AFDA-A8947A94946B} => -> No File
ContextMenuHandlers4: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2019-10-08] (hxxp://winmerge.org) [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2020-05-25] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2019-02-15] (Hermann Schinagl -> Hermann Schinagl) [File not signed]
ContextMenuHandlers5: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2019-10-08] (hxxp://winmerge.org) [File not signed]
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2020-06-16] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2019-02-15] (Hermann Schinagl -> Hermann Schinagl) [File not signed]

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Knocks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Link Shell Extension\Donate.lnk -> hxxp://schinagl.priv.at/nt/hardlinkshellext/linkshellextension.htm
Shortcut: C:\Users\Knocks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JetBrains Toolbox\MPS.lnk -> C:\Users\Knocks\AppData\Local\JetBrains\Toolbox\apps\MPS\ch-0\201.7223.1434\bin\mps.bat ()
ShortcutWithArgument: C:\Users\Knocks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applicazioni Chrome\Mikazuki.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=gpnmlhcphibffncfnaaljocioihcoclo

==================== Loaded Modules (Whitelisted) =============

2019-07-18 11:23 - 2019-07-18 11:23 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 003567616 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2018-03-13 04:47 - 2018-03-13 04:47 - 000912896 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-core.dll
2018-03-13 04:47 - 2018-03-13 04:47 - 003109888 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-s3.dll
2015-02-19 01:13 - 2015-02-19 01:13 - 000817152 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\Device.dll
2015-02-19 01:13 - 2015-02-19 01:13 - 003650560 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\Platform.dll
2019-07-15 12:47 - 2012-04-01 00:06 - 002689536 _____ () [File not signed] C:\Program Files\File Shredder\fsshell.dll
2018-10-05 10:13 - 2018-10-05 10:13 - 000144896 _____ () [File not signed] C:\Program Files\Logitech Gaming Software\LAClient\libssh2.dll
2018-10-05 10:13 - 2018-10-05 10:13 - 000077824 _____ () [File not signed] C:\Program Files\Logitech Gaming Software\LAClient\zlib.dll
2020-06-16 16:02 - 2020-06-16 16:02 - 001179648 ____N () [File not signed] C:\Users\Knocks\AppData\Local\Temp\jna--2042788289\jna3677286785650192040.dll
2019-03-08 23:49 - 2019-03-08 23:49 - 000790528 _____ () [File not signed] C:\Users\Knocks\AppData\Roaming\Rainmeter\Plugins\GPMDPPlugin.DLL
2019-03-08 23:49 - 2019-03-08 23:49 - 001034240 _____ () [File not signed] C:\Users\Knocks\AppData\Roaming\Rainmeter\Plugins\WebNowPlaying.DLL
2012-09-23 20:44 - 2012-09-23 20:44 - 000010240 _____ (Adobe Systems Inc.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\it_it\Acrobat Elements\ContextMenuShim64.ita
2020-05-25 14:06 - 2020-05-25 14:06 - 001562624 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\WVR\OpenVR\bin\win64\driver_amdwvr.dll
2019-10-08 22:16 - 2015-06-05 13:00 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AAHM\1.00.25\ASACPI.DLL
2019-10-08 22:00 - 2017-11-24 08:47 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\asacpi.dll
2019-09-11 13:46 - 2020-06-16 15:59 - 000041768 _____ (ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AXSP\4.00.01\PEbiosinterface32.dll
2019-10-08 22:00 - 2017-11-24 08:47 - 000676864 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\asacpiEx.dll
2019-02-15 17:15 - 2019-02-15 17:15 - 000485808 _____ (Hermann Schinagl -> Hermann Schinagl) [File not signed] C:\Program Files\LinkShellExtension\HardlinkShellExt.dll
2020-04-16 16:31 - 2019-10-08 23:15 - 000203264 _____ (hxxp://winmerge.org) [File not signed] C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll
2019-03-08 19:54 - 2019-02-21 18:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2020-06-16 16:02 - 2020-06-16 16:02 - 000247296 ____N (Java(TM) Native Access (JNA)) [File not signed] C:\Users\Knocks\AppData\Local\Temp\jna--2042788289\jna7197968621693906698.dll
2018-10-05 10:13 - 2018-10-05 10:13 - 000355840 _____ (The cURL library, hxxp://curl.haxx.se/) [File not signed] C:\Program Files\Logitech Gaming Software\LAClient\LIBCURL.dll
2019-09-15 19:12 - 2020-06-06 21:10 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2019-09-15 19:12 - 2020-06-06 21:10 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2018-10-05 10:13 - 2018-10-05 10:13 - 002286747 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Logitech Gaming Software\LAClient\LIBEAY32.dll
2018-10-05 10:13 - 2018-10-05 10:13 - 000416627 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Logitech Gaming Software\LAClient\SSLEAY32.dll
2018-04-06 20:29 - 2018-04-06 20:29 - 002286747 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Logitech Gaming Software\LIBEAY32.dll
2018-04-06 20:29 - 2018-04-06 20:29 - 000416627 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Logitech Gaming Software\ssleay32.dll
2019-09-15 19:12 - 2020-06-06 21:10 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2020-06-15 20:47 - 2020-06-06 21:10 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2020-06-15 20:47 - 2020-06-06 21:10 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2020-06-15 20:47 - 2020-06-06 21:10 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2020-06-15 20:47 - 2020-06-06 21:10 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2020-06-15 20:47 - 2020-06-06 21:10 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2020-06-15 20:47 - 2020-06-06 21:10 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000039424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000413696 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000519168 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 001431040 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 001180672 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000135680 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\styles\qwindowsvistastyle.dll
2020-05-25 14:17 - 2020-05-25 14:17 - 006010880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 006345216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000724992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Multimedia.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000120832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5MultimediaQuick.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 001078272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000313856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 004000256 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 003802624 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000171008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickControls2.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 001083904 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickTemplates2.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000205312 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000329728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000113152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000376320 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 092323328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 005560832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000463360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000188416 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 002888704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000053760 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000260608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtMultimedia\declarative_multimedia.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000017408 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000287232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000329216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000136192 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000089088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000312320 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2019-07-18 11:23 - 2019-07-18 11:23 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2020-05-25 14:17 - 2020-05-25 14:17 - 000085504 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtWebEngine\qtwebengineplugin.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2020-04-28 14:50 - 2020-06-03 20:23 - 000001163 ____R C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 keystone.mwbsys.com

2019-04-07 13:29 - 2020-05-01 18:23 - 000000697 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
192.168.137.1 Anzu.mshome.net # 2025 4 3 30 16 23 50 49
192.168.137.36 Galaxy-S8.mshome.net # 2020 5 5 8 16 23 50 49
92.168.31.248 WIN-DL3DA8SCLGK.mshome.net # 2019 8 4 15 17 17 49 467
1.23 WIN-DL3DA8SCLGK.mshome.net # 2019 8 4 8 18 34 15 165
165
148

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Python38\Scripts\;C:\Program Files\Python38\;C:\Users\Knocks\Desktop\WINDOWS.X64_193000_db_home\bin;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\iCLS\;C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\;C:\Program Files\Python37\Scripts\;C:\Program Files\Python37\;C:\Windows\System32;C:\Windows;C:\Windows\System32\wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\PuTTY\;C:\PHP;C:\Program Files (x86)\GnuPG\bin;C:\Program Files\Microsoft VS Code Insiders\bin;C:\Program Files\dotnet\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\ProgramData\ComposerSetup\bin;C:\Program Files\Java\jre1.8.0_241;C:\Program Files\Git\cmd
HKU\S-1-5-21-2075321210-3507446918-3865309842-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Knocks\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\39219.jpg
DNS Servers: 192.168.1.231 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

Network Binding:
=============
Wi-Fi: VMware Bridge Protocol -> vmware_bridge (enabled)
Wi-Fi: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Wi-Fi: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Wi-Fi: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled)
Ethernet 3: VMware Bridge Protocol -> vmware_bridge (enabled)
Ethernet 3: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Ethernet 3: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Ethernet 3: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled)
Ethernet 2: VMware Bridge Protocol -> vmware_bridge (enabled)
Ethernet 2: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Ethernet 2: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled)
Ethernet 2: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Connessione alla rete locale (LAN)* 2: VMware Bridge Protocol -> vmware_bridge (enabled)
Connessione alla rete locale (LAN)* 2: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Connessione alla rete locale (LAN)* 2: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled)
Connessione alla rete locale (LAN)* 2: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
VMware Network Adapter VMnet8: VMware Bridge Protocol -> vmware_bridge (disabled)
VMware Network Adapter VMnet8: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
VMware Network Adapter VMnet8: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled)
Npcap Loopback Adapter: VMware Bridge Protocol -> vmware_bridge (enabled)
Npcap Loopback Adapter: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Npcap Loopback Adapter: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled)
Npcap Loopback Adapter: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Ethernet: VMware Bridge Protocol -> vmware_bridge (enabled)
Ethernet: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Ethernet: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Ethernet: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled)
VMware Network Adapter VMnet1: VMware Bridge Protocol -> vmware_bridge (disabled)
VMware Network Adapter VMnet1: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
VMware Network Adapter VMnet1: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled)
VirtualBox Host-Only Network: VMware Bridge Protocol -> vmware_bridge (enabled)
VirtualBox Host-Only Network: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
VirtualBox Host-Only Network: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
VirtualBox Host-Only Network: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "AnyDesk.lnk"
HKLM\...\StartupApproved\Run: => "TabletDriver"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Sonic Studio 3"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Riot Vanguard"
HKLM\...\StartupApproved\Run32: => "KeePass 2 PreLoad"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKLM\...\StartupApproved\Run32: => "EaseUS Cleanup"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKU\S-1-5-21-2075321210-3507446918-3865309842-1001\...\StartupApproved\Run: => "DAEMON Tools Pro Agent"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{9278F099-B254-4E16-A66D-7D56331839EE}C:\users\knocks\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\knocks\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{F7329F86-D279-4534-87D4-C013C1C5E9F7}C:\users\knocks\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\knocks\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{30B2F352-4A7C-43DD-9A4C-B704CB229FB1}D:\games\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\games\steamlibrary\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [UDP Query User{41559336-AB7E-466E-8DFC-DD2C14992624}D:\games\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\games\steamlibrary\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{3BA5A339-196A-42ED-86B6-90C16F883436}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [UDP Query User{699D6E2F-C860-48B6-802E-01280F84B679}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [TCP Query User{7B1BA54A-B05A-4D37-A947-80A378674E0D}C:\program files\amd\cnext\cnext\radeonsoftware.exe] => (Allow) C:\program files\amd\cnext\cnext\radeonsoftware.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
FirewallRules: [UDP Query User{CD2AB7F4-B49D-4B28-8F2F-C31E9A3B845F}C:\program files\amd\cnext\cnext\radeonsoftware.exe] => (Allow) C:\program files\amd\cnext\cnext\radeonsoftware.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
FirewallRules: [TCP Query User{0BFEC16D-C463-4340-9D4C-FED504F14684}C:\program files\rainmeter\rainmeter.exe] => (Allow) C:\program files\rainmeter\rainmeter.exe (Firebit OU -> Rainmeter)
FirewallRules: [UDP Query User{5564EB14-9D42-4EAF-982C-A7EB7089F91C}C:\program files\rainmeter\rainmeter.exe] => (Allow) C:\program files\rainmeter\rainmeter.exe (Firebit OU -> Rainmeter)
FirewallRules: [{3D9BE526-880F-4005-BE66-ADA960771AEF}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve -> Valve Corporation)
FirewallRules: [{9E2F04E9-FEFE-413E-BD12-276AC0FAA3CC}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve -> Valve Corporation)
FirewallRules: [{46FF3C99-4131-444D-B4BE-CAB5915A83C3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{EFE98BE9-02D4-4668-B9BE-D6F8AC3FE457}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{19592548-EE20-452A-85A0-4A44E39CBDAA}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe (MariaDB Corporation Ab -> )
FirewallRules: [UDP Query User{C37A0AC6-D023-4C5C-BAE4-0B50DF62F31F}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe (MariaDB Corporation Ab -> )
FirewallRules: [TCP Query User{6E9C4877-5662-4150-B4EF-51146965F41A}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [UDP Query User{65AEF86F-551A-4F52-B6A4-4F1EBC725A20}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [{6D4BE8B9-1CC7-45C6-9FAE-D263E3D8922D}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{FC5DEEA1-715E-466B-87B3-9EBF31CF7408}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{F465F506-3F2F-4115-AB6B-E058A7AFA348}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8E85A690-4F33-4664-9C96-E2C573686899}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{BA3FA039-B13F-4836-B7A2-44787C1C7B65}D:\games\steamlibrary\steamapps\common\call of duty ghosts\iw6sp64_ship.exe] => (Allow) D:\games\steamlibrary\steamapps\common\call of duty ghosts\iw6sp64_ship.exe => No File
FirewallRules: [UDP Query User{DACFF7A8-D04F-4F86-AF24-F646B38CAE4C}D:\games\steamlibrary\steamapps\common\call of duty ghosts\iw6sp64_ship.exe] => (Allow) D:\games\steamlibrary\steamapps\common\call of duty ghosts\iw6sp64_ship.exe => No File
FirewallRules: [TCP Query User{87F64358-9B22-4EAB-BF4F-2F18B47E5C59}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [UDP Query User{3E17717F-9C73-4679-9A21-76A2C729B116}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [TCP Query User{91A4B3C0-A07A-40EF-8171-EF18CCE3C81F}C:\program files\cisco packet tracer 7.2.1\bin\packettracer7.exe] => (Allow) C:\program files\cisco packet tracer 7.2.1\bin\packettracer7.exe (CISCO SYSTEMS, INC. -> Cisco Systems, Inc)
FirewallRules: [UDP Query User{1A50F68A-A160-43F9-BD94-3F12D87C311C}C:\program files\cisco packet tracer 7.2.1\bin\packettracer7.exe] => (Allow) C:\program files\cisco packet tracer 7.2.1\bin\packettracer7.exe (CISCO SYSTEMS, INC. -> Cisco Systems, Inc)
FirewallRules: [{08B632E1-57BB-4E7E-8251-FA11E9A891EE}] => (Allow) D:\Games\SteamLibrary\steamapps\common\wallpaper_engine\launcher.exe (Kristjan Skutta -> )
FirewallRules: [{E5F80B24-66FC-40BC-A95F-944CE76F00A9}] => (Allow) D:\Games\SteamLibrary\steamapps\common\wallpaper_engine\launcher.exe (Kristjan Skutta -> )
FirewallRules: [{95CA8124-0FA0-468D-AFCD-A89A4B7A513A}] => (Allow) D:\Games\SteamLibrary\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Kristjan Skutta -> )
FirewallRules: [{9972DB43-0200-4E3C-BDEF-18C119EDE350}] => (Allow) D:\Games\SteamLibrary\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Kristjan Skutta -> )
FirewallRules: [{F07CC650-21BD-42DF-AB42-DCCAA3F8FEEE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{6D22CE60-9538-4431-976A-F7F1DB58EE9A}D:\games\steamlibrary\steamapps\common\call of duty modern warfare 2\iw4sp.exe] => (Allow) D:\games\steamlibrary\steamapps\common\call of duty modern warfare 2\iw4sp.exe (Valve Corp. -> ) [File not signed]
FirewallRules: [UDP Query User{7BE9AFDB-0A66-471F-A1B5-2C1FC3821D34}D:\games\steamlibrary\steamapps\common\call of duty modern warfare 2\iw4sp.exe] => (Allow) D:\games\steamlibrary\steamapps\common\call of duty modern warfare 2\iw4sp.exe (Valve Corp. -> ) [File not signed]
FirewallRules: [{54169ADC-AE81-4B48-88A3-85716B357F8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deceit\bin\win_x64\Deceit.exe (Crytek GmbH) [File not signed]
FirewallRules: [{2B5AEF88-C6A9-419A-86E4-6BF50F9744E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deceit\bin\win_x64\Deceit.exe (Crytek GmbH) [File not signed]
FirewallRules: [TCP Query User{4D9D1564-74CE-4566-A112-626534FB3571}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{C144F32E-3E95-4A35-8310-C513E77B2AEE}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{02347E09-9D31-4F8A-B72E-C9E39BEDF9A2}] => (Allow) D:\Games\SteamLibrary\steamapps\common\3DMark\3DMarkLauncher.exe (FUTUREMARK INC -> Futuremark)
FirewallRules: [{0ED21705-AFCB-45DC-941C-3E82B8A78845}] => (Allow) D:\Games\SteamLibrary\steamapps\common\3DMark\3DMarkLauncher.exe (FUTUREMARK INC -> Futuremark)
FirewallRules: [{4252EB06-EA0A-41C6-B393-AB6D2720DE2A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F8E5C2A3-49F3-446F-800A-759D6EE6082D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D53454D6-1B1E-4DE8-9FA8-77D47534CAB8}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{40308BED-D1CD-447F-85BD-A5D5E1D1B556}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FF5F3BF2-4D3D-4329-AF4E-6D193D89D61F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{78B4CDC3-843D-409B-BA33-CC5AADEE79E6}] => (Allow) D:\Games\SteamLibrary\steamapps\common\3DMark\bin\x86\3DMark.exe (FUTUREMARK INC -> )
FirewallRules: [{DC176964-5E06-4735-9A06-CB5D44C9F47E}] => (Allow) D:\Games\SteamLibrary\steamapps\common\3DMark\bin\x86\3DMark.exe (FUTUREMARK INC -> )
FirewallRules: [{64B7AAC4-C4C4-461E-A917-B31E492C31DE}] => (Allow) D:\Games\SteamLibrary\steamapps\common\3DMark\bin\x64\3DMark.exe (FUTUREMARK INC -> )
FirewallRules: [{1E8B081B-8DEA-4AB5-9ED1-47122AA1AEC8}] => (Allow) D:\Games\SteamLibrary\steamapps\common\3DMark\bin\x64\3DMark.exe (FUTUREMARK INC -> )
FirewallRules: [{CAF1DC4E-B10F-4AD2-9C53-307429542809}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> )
FirewallRules: [{1B235DDC-76A3-47E8-ADEF-3519A57B8E16}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> )
FirewallRules: [{CB0B24E2-7DE0-4A0A-B76F-2A13B4421C4F}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> )
FirewallRules: [{CE86AC25-303D-4D7B-9C3A-A99D2134F1D6}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> )
FirewallRules: [{7D312E11-5335-4D89-8F04-1078037391A8}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> )
FirewallRules: [{26F768C2-DBE0-4CFC-89EB-E0B5F6DD4CA8}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> )
FirewallRules: [{22265E49-415A-4F4B-B8F8-1A6A07D1CF2F}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{29274D8F-6D71-4D97-8530-C0E51260C78E}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{C876CA0C-5848-4BAC-B85E-E3AEDA771EC4}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{6992B16F-BB1B-4E47-842F-AC75952ABFB6}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)

Knocks · Jun 16, 2020

==================== Restore Points =========================

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (06/16/2020 08:56:30 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Il Centro sicurezza PC non è riuscito a convalidare il chiamante con errore %1.

Error: (06/16/2020 08:14:11 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (15824,R,98) TILEREPOSITORYS-1-5-18: Si è verificato l'errore -1023 (0xfffffc01) durante l'apertura del file di log C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (06/16/2020 07:29:37 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (9428,R,98) TILEREPOSITORYS-1-5-18: Si è verificato l'errore -1023 (0xfffffc01) durante l'apertura del file di log C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (06/16/2020 07:20:47 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (9384,R,98) TILEREPOSITORYS-1-5-18: Si è verificato l'errore -1023 (0xfffffc01) durante l'apertura del file di log C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (06/16/2020 06:53:18 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (2876,R,98) TILEREPOSITORYS-1-5-18: Si è verificato l'errore -1023 (0xfffffc01) durante l'apertura del file di log C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (06/16/2020 06:16:59 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (9476,R,98) TILEREPOSITORYS-1-5-18: Si è verificato l'errore -1023 (0xfffffc01) durante l'apertura del file di log C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (06/16/2020 05:25:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Il programma dwm.exe versione 10.0.18362.387 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Sicurezza e manutenzione nel Pannello di controllo.

ID processo: 4cc

Ora di avvio: 01d643e65e358b3d

Ora di chiusura: 4081658

Percorso applicazione: C:\Windows\System32\dwm.exe

ID segnalazione: 3ca77426-6667-4805-95cc-ae0806c863fa

Nome completo pacchetto che ha generato l'errore:

ID applicazione relativo al pacchetto che ha generato l'errore:

Tipo interruzione: Unknown

Error: (06/16/2020 04:14:13 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (11460,R,98) TILEREPOSITORYS-1-5-18: Si è verificato l'errore -1023 (0xfffffc01) durante l'apertura del file di log C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

System errors:
=============
Error: (06/16/2020 09:05:04 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Le copie shadow del volume C: sono state interrotte. Impossibile espandere l'archivio delle copie shadow a causa di un limite imposto da un utente.

Error: (06/16/2020 08:55:55 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Le copie shadow del volume C: sono state interrotte. Impossibile espandere l'archivio delle copie shadow a causa di un limite imposto da un utente.

Error: (06/16/2020 05:37:52 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Le copie shadow del volume C: sono state interrotte. Impossibile espandere l'archivio delle copie shadow a causa di un limite imposto da un utente.

Error: (06/16/2020 05:25:36 PM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: Il driver ha rilevato un errore interno del driver su \Device\VBoxNetLwf.

Error: (06/16/2020 05:25:36 PM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: Il driver ha rilevato un errore interno del driver su \Device\VBoxNetLwf.

Error: (06/16/2020 05:25:36 PM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: Il driver ha rilevato un errore interno del driver su \Device\VBoxNetLwf.

Error: (06/16/2020 04:02:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio Steam Client Service non è stato avviato per il seguente errore:
Il servizio non ha risposto alla richiesta di avvio o controllo nel tempo previsto.

Error: (06/16/2020 04:02:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (180000 millisecondi) durante l'attesa della connessione del servizio Steam Client Service.

Windows Defender:
===================================
Date: 2020-06-03 20:23:25.116
Description:
Windows Defender Antivirus: rilevato malware o altro software potenzialmente indesiderato.
Ulteriori informazioni sono riportate di seguito:

Behavior:Win32/UACBypassExp.T!gen threat description - Microsoft Security Intelligence

Nome: Behavior:Win32/UACBypassExp.T!gen
ID: 2147755449
Gravità: Grave
Categoria: Comportamento sospetto
Percorso: behavior:_pid:13476:94230377339991; process:_pid:13476,ProcessStart:132356822050586715
Origine rilevamento: Sconosciuto
Tipo rilevamento: Concreta
Origine rilevamento: Sconosciuto
Utente:
Nome processo: Unknown
Versione intelligence sulla sicurezza: AV: 1.317.549.0, AS: 1.317.549.0, NIS: 1.317.549.0
Versione motore: AM: 1.1.17100.2, NIS: 1.1.17100.2

Date: 2020-06-03 20:22:49.347
Description:
Windows Defender Antivirus: rilevato malware o altro software potenzialmente indesiderato.
Ulteriori informazioni sono riportate di seguito:

Trojan:Win32/Wacatac.D!ml threat description - Microsoft Security Intelligence

Nome: Trojan:Win32/Wacatac.D!ml
ID: 2147749373
Gravità: Grave
Categoria: Trojan
Percorso: file:_C:\Users\Knocks\Desktop\Malwarebytes Premium 4.1.0.exe
Origine rilevamento: Computer locale
Tipo rilevamento: Percorso rapido
Origine rilevamento: Protezione in tempo reale
Utente: ANZU\Knocks
Nome processo: C:\Windows\explorer.exe
Versione intelligence sulla sicurezza: AV: 1.317.549.0, AS: 1.317.549.0, NIS: 1.317.549.0
Versione motore: AM: 1.1.17100.2, NIS: 1.1.17100.2

Date: 2020-06-03 20:21:26.803
Description:
Windows Defender Antivirus: rilevato malware o altro software potenzialmente indesiderato.
Ulteriori informazioni sono riportate di seguito:

Trojan:Win32/Wacatac.D!ml threat description - Microsoft Security Intelligence

Nome: Trojan:Win32/Wacatac.D!ml
ID: 2147749373
Gravità: Grave
Categoria: Trojan
Percorso: file:_C:\Users\Knocks\Desktop\Malwarebytes Premium 4.1.0.exe
Origine rilevamento: Computer locale
Tipo rilevamento: Percorso rapido
Origine rilevamento: Protezione in tempo reale
Utente: ANZU\Knocks
Nome processo: C:\Windows\explorer.exe
Versione intelligence sulla sicurezza: AV: 1.317.549.0, AS: 1.317.549.0, NIS: 1.317.549.0
Versione motore: AM: 1.1.17100.2, NIS: 1.1.17100.2

Date: 2020-06-02 11:53:00.749
Description:
Windows Defender Antivirus: analisi interrotta prima del completamento.
ID analisi: {31076E88-A844-4010-8FF1-EE185CEACCEC}
Tipo analisi: Antimalware
Parametri analisi: Analisi veloce
Utente: NT AUTHORITY\SYSTEM

Date: 2020-05-23 20:46:43.226
Description:
Windows Defender Antivirus: analisi interrotta prima del completamento.
ID analisi: {F1B0DE8B-257A-424E-8B6D-73B6825AEA3A}
Tipo analisi: Antimalware
Parametri analisi: Analisi veloce
Utente: NT AUTHORITY\SYSTEM

Date: 2020-06-16 20:53:57.455
Description:
Windows Defender Antivirus: errore durante il tentativo di aggiornare l'intelligence sulla sicurezza.
Nuova versione intelligence sulla sicurezza:
Versione intelligence sulla sicurezza precedente: 1.317.549.0
Origine aggiornamento: Microsoft Malware Protection Center
Tipo intelligence sulla sicurezza: Antivirus
Tipo aggiornamento: Completo
Utente: NT AUTHORITY\SERVIZIO DI RETE
Versione motore corrente:
Versione motore precedente: 1.1.17100.2
Codice errore: 0x80070645
Descrizione errore: Azione valida soltanto per I prodotti attualmente installati.

Date: 2020-06-16 20:53:57.455
Description:
Windows Defender Antivirus: errore durante il tentativo di aggiornare l'intelligence sulla sicurezza.
Nuova versione intelligence sulla sicurezza:
Versione intelligence sulla sicurezza precedente: 1.317.549.0
Origine aggiornamento: Microsoft Malware Protection Center
Tipo intelligence sulla sicurezza: Antispyware
Tipo aggiornamento: Completo
Utente: NT AUTHORITY\SERVIZIO DI RETE
Versione motore corrente:
Versione motore precedente: 1.1.17100.2
Codice errore: 0x80070645
Descrizione errore: Azione valida soltanto per I prodotti attualmente installati.

Date: 2020-06-16 20:53:57.455
Description:
Windows Defender Antivirus: errore durante il tentativo di aggiornare l'intelligence sulla sicurezza.
Nuova versione intelligence sulla sicurezza:
Versione intelligence sulla sicurezza precedente: 1.317.549.0
Origine aggiornamento: Microsoft Malware Protection Center
Tipo intelligence sulla sicurezza: Antivirus
Tipo aggiornamento: Completo
Utente: NT AUTHORITY\SERVIZIO DI RETE
Versione motore corrente:
Versione motore precedente: 1.1.17100.2
Codice errore: 0x80070645
Descrizione errore: Azione valida soltanto per I prodotti attualmente installati.

Date: 2020-06-16 20:53:55.204
Description:
Windows Defender Antivirus: errore durante il tentativo di aggiornare l'intelligence sulla sicurezza.
Nuova versione intelligence sulla sicurezza:
Versione intelligence sulla sicurezza precedente: 1.317.549.0
Origine aggiornamento: Microsoft Malware Protection Center
Tipo intelligence sulla sicurezza: Antivirus
Tipo aggiornamento: Completo
Utente: NT AUTHORITY\SERVIZIO DI RETE
Versione motore corrente:
Versione motore precedente: 1.1.17100.2
Codice errore: 0x80070645
Descrizione errore: Azione valida soltanto per I prodotti attualmente installati.

Date: 2020-06-16 20:53:55.204
Description:
Windows Defender Antivirus: errore durante il tentativo di aggiornare l'intelligence sulla sicurezza.
Nuova versione intelligence sulla sicurezza:
Versione intelligence sulla sicurezza precedente: 1.317.549.0
Origine aggiornamento: Microsoft Malware Protection Center
Tipo intelligence sulla sicurezza: Antispyware
Tipo aggiornamento: Completo
Utente: NT AUTHORITY\SERVIZIO DI RETE
Versione motore corrente:
Versione motore precedente: 1.1.17100.2
Codice errore: 0x80070645
Descrizione errore: Azione valida soltanto per I prodotti attualmente installati.

CodeIntegrity:
===================================

Date: 2020-06-16 15:59:40.797
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SSPORT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-06-16 10:51:21.268
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SSPORT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-06-15 19:46:08.368
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SSPORT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-06-15 13:38:02.926
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SSPORT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-06-15 12:30:23.626
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SSPORT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-06-15 09:58:37.526
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SSPORT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-06-14 20:49:18.320
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SSPORT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-06-14 17:05:01.653
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SSPORT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 1205 05/11/2018
Motherboard: ASUSTeK COMPUTER INC. STRIX H270F GAMING
Processor: Intel(R) Core(TM) i5-7600K CPU @ 3.80GHz
Percentage of memory in use: 78%
Total physical RAM: 8134.35 MB
Available physical RAM: 1740.46 MB
Total Virtual: 16268.7 MB
Available Virtual: 5320.38 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:237.84 GB) (Free:7.72 GB) NTFS
Drive d: () (Fixed) (Total:1863.01 GB) (Free:373.46 GB) NTFS
Drive y: (admin) (Network) (Total:912.79 GB) (Free:105.26 GB) NTFS

\\?\Volume{300be9a0-5f11-4a56-ae82-606aa413cd83}\ () (Fixed) (Total:0.53 GB) (Free:0.08 GB) NTFS
\\?\Volume{95cea520-2710-0000-5dd1-806e6f6e6963}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 02DF55BE)

Partition: GPT.

==========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 7065575C)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)

==========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: B0BBB9CC)
Partition 1: (Active) - (Size=487 MB) - (Type=83)
Partition 2: (Not Active) - (Size=465.3 GB) - (Type=05)

==================== End of Addition.txt =======================

Knocks · Jun 16, 2020

FRST.TXT:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-06-2020
Ran by Knocks (administrator) on ANZU (16-06-2020 21:05:18)
Running from C:\Users\Knocks\Desktop
Loaded Profiles: Knocks
Platform: Windows 10 Pro Version 1909 18363.836 (X64) Language: Italiano (Italia)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSSrcExt.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPUF.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0355166.inf_amd64_b850e0f0c3bce936\B355483\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0355166.inf_amd64_b850e0f0c3bce936\B355483\atiesrxx.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.25\aaHMSvc.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.33\AsusFanControlService.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AXSP\4.00.01\atkexComSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <2>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrB.exe
(Firebit OU -> Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe
(Intel Corporation -> Intel(R) Corporation) C:\Windows\SysWOW64\XtuService.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(JetBrains s.r.o. -> ) C:\Users\Knocks\AppData\Local\JetBrains\Toolbox\bin\jetbrains-toolbox-helper.exe <3>
(JetBrains s.r.o. -> JetBrains s.r.o) C:\Program Files (x86)\JetBrains\ETW Host\JetBrains.Etw.Collector.Host.exe
(JetBrains s.r.o. -> JetBrains) C:\Users\Knocks\AppData\Local\JetBrains\Toolbox\bin\jetbrains-toolbox.exe
(Kristjan Skutta -> ) D:\Games\SteamLibrary\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe
(Kristjan Skutta -> ) D:\Games\SteamLibrary\steamapps\common\wallpaper_engine\wallpaper32.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech Gaming Software\LAClient\laclient.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12006.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.220.4292.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.220.4292.0_x64__8wekyb3d8bbwe\GameBarFT.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CastSrv.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\usocoreworker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.18362.892_none_5efe5b5a590f76dc\TiWorker.exe
(Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdlogsr.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2004.6-0\MsMpEng.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <10>
(philandro Software GmbH -> ) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Spotify AB -> Spotify Ltd) C:\Users\Knocks\AppData\Roaming\Spotify\Spotify.exe <5>
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
(VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Windscribe Limited -> Windscribe Limited) C:\Program Files (x86)\Windscribe\WindscribeService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [18727048 2018-10-05] (Logitech Inc -> Logitech Inc.)
HKLM\...\Run: [TabletDriver] => C:\Program Files (x86)\PenTabletDriver\TabletDriver.exe [3160448 2018-11-12] (Shenzhen Huion Animation Technology Co.,LTD -> Graphic Tablet Company Shenzhen)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9268680 2018-02-28] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Sonic Studio 3] => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3svc32.exe [1234432 2018-02-22] (ASUSTeK COMPUTER INC.) [File not signed]
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3325520 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [353776 2020-06-13] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302392 2020-05-20] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [108136 2020-06-16] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [117720 2020-03-07] (VMware, Inc. -> VMware, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3500056 2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3074752 2020-05-07] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKLM\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2075321210-3507446918-3865309842-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3375904 2020-06-15] (Valve -> Valve Corporation)
HKU\S-1-5-21-2075321210-3507446918-3865309842-1001\...\Run: [JetBrains Toolbox] => C:\Users\Knocks\AppData\Local\JetBrains\Toolbox\bin\jetbrains-toolbox.exe [7174176 2020-06-02] (JetBrains s.r.o. -> JetBrains)
HKU\S-1-5-21-2075321210-3507446918-3865309842-1001\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files\DAEMON Tools Pro\DTAgent.exe [4765040 2019-06-07] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-2075321210-3507446918-3865309842-1001\...\MountPoints2: {5e5a02f2-a1b1-11ea-93d5-6045cba7e93c} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-18\...\Run: [Plex Media Server] => "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
HKLM\...\Windows x64\Print Processors\sht13cPC: C:\Windows\System32\spool\prtprocs\x64\sht13cpc.dll [82856 2019-07-21] (联想图像(天津)科技有限公司 -> Windows (R) Codename Longhorn DDK provider)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\System32\AdobePDF.dll [55432 2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc)
HKLM\...\Print\Monitors\sht13c Langmon: C:\Windows\System32\sht13clm.dll [61840 2019-07-21] (联想图像(天津)科技有限公司 -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.97\Installer\chrmstp.exe [2020-06-09] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2019-03-10]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> )
Startup: C:\Users\Knocks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2019-09-23]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Firebit OU -> Rainmeter)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {12CEB0B3-CD60-408B-B980-F55645306C69} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23756168 2020-06-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {191B0D6E-BB0D-429D-AA1B-F3870C6A6589} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [171368 2020-06-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {1D78A4E9-B366-4D33-AC3C-10E11782B506} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [3314272 2020-06-16] (Avast Software s.r.o. -> AVAST Software)
Task: {1F560BB9-FE41-493A-84B2-CF1EE6FD9340} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_387_pepper.exe [1454648 2020-06-13] (Adobe Inc. -> Adobe)
Task: {2A65ACDA-C54D-4FD3-BD2D-E6F99143680B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems)
Task: {2AFEE26A-F151-4E8C-907B-0ED6B9EE4C58} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [1652536 2018-11-05] (Intel(R) Software -> Intel Corporation)
Task: {2FA58DB3-1C1D-4B95-9005-0396917F678A} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [1448408 2017-11-24] (ASUSTeK Computer Inc. -> )
Task: {352F82CF-8CAB-4C42-986B-49747DFB26AA} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1627648 2020-05-25] (Advanced Micro Devices, Inc.) [File not signed]
Task: {38EF36B8-8550-458F-B22A-200090B32A5E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-10-06] (Google Inc -> Google LLC)
Task: {42EFC076-387A-4CB9-845D-86F9C207F16B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MpCmdRun.exe [485944 2020-05-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {48FA7314-4C3D-4668-8C55-A880C1A5140B} - System32\Tasks\SS3svc32Run => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3svc32.exe [1234432 2018-02-22] (ASUSTeK COMPUTER INC.) [File not signed]
Task: {49610A5F-3A80-480B-BCFB-012F6263C117} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [862 2019-04-30] () [File not signed]
Task: {4A6C24CA-AF28-4BBF-9D09-F066586153FA} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [69304 2020-05-25] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {4D164DA1-6541-4575-8FB8-C6D9C5C7848F} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [124624 2020-06-04] (Mozilla Corporation -> Mozilla Foundation)
Task: {520943F2-07B1-447C-A2E3-4BBE6907314F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-10-06] (Google Inc -> Google LLC)
Task: {5B4EE437-C9D1-4AD1-89F9-8D17692829BD} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1627648 2020-05-25] (Advanced Micro Devices, Inc.) [File not signed]
Task: {73337CCE-8400-4794-842B-310E10716082} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1627648 2020-05-25] (Advanced Micro Devices, Inc.) [File not signed]
Task: {7423DEB5-09AB-4731-86F2-C27D479A2ABE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6058928 2020-06-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {770892B2-2050-4887-86D0-E3AA869BDBB4} - System32\Tasks\ASUS\GpuFanHelper => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\GpuFanHelper.exe [4417496 2017-11-24] (ASUSTeK Computer Inc. -> TODO: <Company name>)
Task: {830AEC49-E694-49FD-AD22-2EDF5529297E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {84B89D08-51DB-4567-A685-7FC1FCE8AD00} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MpCmdRun.exe [485944 2020-05-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8929E446-2DCB-412D-B315-3AED959B4090} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MpCmdRun.exe [485944 2020-05-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8D10DD26-A064-4A36-B6E7-D85FAAEF1641} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1660520 2020-06-16] (Avast Software s.r.o. -> Avast Software)
Task: {9770931D-FCA4-42F6-AB8C-1E8C88AB8B9F} - System32\Tasks\StartCNBM => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-05-25] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {A7411A61-DC03-4B7E-8AE7-8FEB2622D4E5} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3325520 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {AA95E510-FBBA-4173-B64A-71A4D380EE1D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6058928 2020-06-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {AD99E4FE-4C82-4AF2-9044-90AAACDBB137} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MpCmdRun.exe [485944 2020-05-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B882C484-48D9-4255-9053-D1D887F0EDA0} - System32\Tasks\AMD ThankingURL => C:\Program Files\AMD\CIM\Bin64\Setup.exe [1124536 2020-05-25] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {BD8C344A-8E4C-4AFC-BF15-BA4CF1F773BC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23756168 2020-06-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {D57D97BC-8B02-4F5A-A143-E210C53672BB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-06-13] (Adobe Inc. -> Adobe)
Task: {D8A9844D-C235-4C3B-A4BD-234C34ECCECA} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\IntelPTTEKRecertification.exe [814872 2018-03-02] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {DB491862-F92B-4B65-A81C-F18098D4AC34} - System32\Tasks\Git for Windows Updater => C:\Program Files\Git\git-bash.exe [151120 2020-06-01] (Johannes Schindelin -> The Git Development Community)
Task: {E5E28522-08DD-4FD7-AF76-E073F6FCF316} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [2096088 2018-01-04] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {EF8020EB-61C5-462C-BEE2-60EA4F7E793E} - System32\Tasks\SS3svc64Run => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3svc64.exe [811520 2018-02-22] (ASUSTeK COMPUTER INC.) [File not signed]
Task: {F829FF6B-048A-42D1-814A-E841ABAB2264} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-05-25] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {FD9872E7-F626-4E14-B845-4B67B59118C1} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [171368 2020-06-15] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 15 C:\WINDOWS\SysWOW64\vsocklib.dll [42296 2019-08-14] (VMware, Inc. -> VMware, Inc.)
Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\vsocklib.dll [42296 2019-08-14] (VMware, Inc. -> VMware, Inc.)
Winsock: Catalog9-x64 15 C:\Windows\system32\vsocklib.dll [46392 2019-08-14] (VMware, Inc. -> VMware, Inc.)
Winsock: Catalog9-x64 16 C:\Windows\system32\vsocklib.dll [46392 2019-08-14] (VMware, Inc. -> VMware, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{43088a0e-9f0a-4aa7-9eeb-110cc444f23e}: [NameServer] 192.168.1.231,8.8.8.8
Tcpip\..\Interfaces\{e6f0be72-d956-4383-823b-d81f0fa7c822}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2075321210-3507446918-3865309842-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.it/
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2020-01-21] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2020-01-10] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_241\bin\ssv.dll [2020-01-17] (Oracle America, Inc. -> Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_241\bin\jp2ssv.dll [2020-01-17] (Oracle America, Inc. -> Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2020-01-21] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-01-10] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-06-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-06-15] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-06-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-06-15] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-06-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-06-15] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-06-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-06-15] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: mgnivxi8.default
FF ProfilePath: C:\Users\Knocks\AppData\Roaming\Mozilla\Firefox\Profiles\mgnivxi8.default [2020-02-11]
FF ProfilePath: C:\Users\Knocks\AppData\Roaming\Mozilla\Firefox\Profiles\e9w0eoj6.default-release [2020-06-16]
FF DownloadDir: C:\Users\Knocks\Desktop
FF Extension: (Firefox Multi-Account Containers) - C:\Users\Knocks\AppData\Roaming\Mozilla\Firefox\Profiles\e9w0eoj6.default-release\Extensions\@testpilot-containers.xpi [2020-04-24]
FF Extension: (MyJDownloader Browser Extension) - C:\Users\Knocks\AppData\Roaming\Mozilla\Firefox\Profiles\e9w0eoj6.default-release\Extensions\jid1-OY8Xu5BsKZQa6A@jetpack.xpi [2020-02-11] [UpdateUrl:hxxps://my.jdownloader.org/extensions/firefox.json]
FF Extension: (Snooze Tabs) - C:\Users\Knocks\AppData\Roaming\Mozilla\Firefox\Profiles\e9w0eoj6.default-release\Extensions\snoozetabs@mozilla.com.xpi [2020-02-11]
FF Extension: (Bulk Media Downloader) - C:\Users\Knocks\AppData\Roaming\Mozilla\Firefox\Profiles\e9w0eoj6.default-release\Extensions\{72b2e02b-3a71-4895-886c-fd12ebe36ba3}.xpi [2020-02-11]
FF Extension: (NoScript) - C:\Users\Knocks\AppData\Roaming\Mozilla\Firefox\Profiles\e9w0eoj6.default-release\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2020-06-09]
FF Extension: (JetBrains Toolbox Extension) - C:\Users\Knocks\AppData\Roaming\Mozilla\Firefox\Profiles\e9w0eoj6.default-release\Extensions\{bf9e77ee-c405-4dd7-9bed-2f55e448d19a}.xpi [2020-06-16]
FF Extension: (Google Meet Grid View) - C:\Users\Knocks\AppData\Roaming\Mozilla\Firefox\Profiles\e9w0eoj6.default-release\Extensions\{c972dc04-3d8e-4455-8316-6030a823a7e6}.xpi [2020-06-15]
FF Extension: (No Name) - C:\Users\Knocks\AppData\Roaming\Mozilla\Firefox\Profiles\e9w0eoj6.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2020-04-01]
FF Extension: (Greasemonkey) - C:\Users\Knocks\AppData\Roaming\Mozilla\Firefox\Profiles\e9w0eoj6.default-release\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2020-02-11]
FF Extension: (ModHeader) - C:\Users\Knocks\AppData\Roaming\Mozilla\Firefox\Profiles\e9w0eoj6.default-release\Extensions\{ed630365-1261-4ba9-a676-99963d2b4f54}.xpi [2020-06-14]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2017-11-01]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF HKU\S-1-5-21-2075321210-3507446918-3865309842-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Knocks\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Knocks\AppData\Roaming\IDM\idmmzcc5 [2020-05-07] [Legacy] [not signed]
FF HKU\S-1-5-21-2075321210-3507446918-3865309842-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]
FF Plugin: @java.com/DTPlugin,version=11.241.2 -> C:\Program Files\Java\jre1.8.0_241\bin\dtplugin\npDeployJava1.dll [2020-01-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.241.2 -> C:\Program Files\Java\jre1.8.0_241\bin\plugin2\npjp2.dll [2020-01-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-01-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (Electronic Sports Network I Sverige AB -> ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB) [File not signed]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-12-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-01-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @USE44/npIPCamera -> C:\Program Files\NetIPCamera\npIPCamera.dll [No File]
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-05-04] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Knocks\AppData\Local\Google\Chrome\User Data\Default [2020-06-16]
CHR DefaultSearchURL: Default -> hxxps://www.mikazuki.moe/application/img/icons/android-chrome-192x192.png
CHR Extension: (Presentazioni) - C:\Users\Knocks\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-10-06]
CHR Extension: (Documenti) - C:\Users\Knocks\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-10-06]
CHR Extension: (Google Drive) - C:\Users\Knocks\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-10-06]
CHR Extension: (YouTube) - C:\Users\Knocks\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-10-06]
CHR Extension: (Adobe Acrobat) - C:\Users\Knocks\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-04-01]
CHR Extension: (Fogli) - C:\Users\Knocks\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-10-06]
CHR Extension: (Documenti Google offline) - C:\Users\Knocks\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-05-29]
CHR Extension: (Mikazuki) - C:\Users\Knocks\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpnmlhcphibffncfnaaljocioihcoclo [2020-03-25]
CHR Extension: (Cross Domain - CORS) - C:\Users\Knocks\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjhpgnbimicffchbodmgfnemoghjakai [2020-06-11]
CHR Extension: (IDM Integration Module) - C:\Users\Knocks\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2020-05-07]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Knocks\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-06]
CHR Extension: (Gmail) - C:\Users\Knocks\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-10-06]
CHR Extension: (Chrome Media Router) - C:\Users\Knocks\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-05-20]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2020-05-02]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2017-11-01]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2020-05-02]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3673680 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3406416 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\u0355166.inf_amd64_b850e0f0c3bce936\B355483\atiesrxx.exe [529624 2020-05-27] (Advanced Micro Devices, Inc. -> AMD)
R2 AMD Log Utility; C:\WINDOWS\System32\amdlogsr.exe [483248 2020-05-05] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [3025872 2019-12-07] (philandro Software GmbH -> )
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-05-20] (Apple Inc. -> Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.00.01\atkexComSvc.exe [382424 2018-02-06] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.25\aaHMSvc.exe [963544 2016-08-05] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-04-24] (ASUSTeK Computer Inc. -> ) [File not signed]
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.33\AsusFanControlService.exe [1340376 2017-12-05] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [6392728 2020-06-16] (Avast Software s.r.o. -> AVAST Software)
R2 AUEPLauncher; C:\Program Files\AMD\CIM\..\Performance Profile Client\AUEPLauncher.exe [60600 2020-05-25] (Advanced Micro Devices, Inc. -> AMD)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [348968 2020-06-16] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [58048 2020-06-16] (Avast Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [10634632 2020-06-05] (Microsoft Corporation -> Microsoft Corporation)
S3 Disc Soft Pro Bus Service; C:\Program Files\DAEMON Tools Pro\DiscSoftBusServicePro.exe [2856304 2019-06-07] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [781440 2018-12-09] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 JetBrainsEtwHost; C:\Program Files (x86)\JetBrains\ETW Host\JetBrains.Etw.Collector.Host.exe [1681968 2020-04-28] (JetBrains s.r.o. -> JetBrains s.r.o)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [205968 2017-12-03] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [206472 2018-10-05] (Logitech Inc -> Logitech Inc.)
S3 MEmuSVC; C:\Program Files (x86)\Microvirt\MEmu\MemuService.exe [85304 2019-07-02] (Shanghai Microvirt Software Technology Co., Ltd. -> )
S3 mracsvc; C:\WINDOWS\System32\mracsvc.exe [18997912 2020-01-30] (Mail.Ru LLC -> LLC Mail.Ru)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv2.exe [24192 2018-03-06] (OpenVPN Technologies, Inc. -> )
S3 OpenVPNServiceInteractive; C:\Program Files\OpenVPN\bin\openvpnserv.exe [74712 2019-02-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 OpenVPNServiceLegacy; C:\Program Files\OpenVPN\bin\openvpnserv.exe [74712 2019-02-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2508592 2020-06-10] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3460400 2020-06-10] (Electronic Arts, Inc. -> Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2019-11-17] (Even Balance, Inc. -> )
R2 PnkBstrB; C:\WINDOWS\SysWOW64\PnkBstrB.exe [189248 2019-11-17] (Even Balance, Inc. -> )
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1776768 2020-06-11] (Rockstar Games, Inc. -> Rockstar Games)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5930136 2020-04-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2018-12-12] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [689912 2018-12-18] (Oracle Corporation -> Oracle Corporation)
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [9875416 2020-06-13] (Riot Games, Inc. -> Riot Games, Inc.)
S4 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [15477208 2020-03-07] (VMware, Inc. -> )
R2 Wallpaper Engine Service; D:\Games\SteamLibrary\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe [350712 2020-02-14] (Kristjan Skutta -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\NisSrv.exe [3304992 2020-05-01] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MsMpEng.exe [103376 2020-05-01] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [493232 2019-01-19] (Windscribe Limited -> Windscribe Limited)
R2 XTU3SERVICE; C:\WINDOWS\SysWOW64\XtuService.exe [26200 2019-03-26] (Intel Corporation -> Intel(R) Corporation)
S3 Fing.Agent; C:\Program Files\Fing\resources\extraResources\fingagent.exe --servicemode Fing.Agent --agentroot "C:\Users\Knocks\AppData\Roaming"

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACR122U; C:\WINDOWS\system32\DRIVERS\acr122.sys [79840 2018-03-20] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Card Systems Ltd.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\u0355166.inf_amd64_b850e0f0c3bce936\B355483\amdkmdag.sys [71066320 2020-05-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [104808 2020-05-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdlog; C:\WINDOWS\System32\drivers\amdlog.sys [89200 2020-05-05] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [60216 2020-03-31] (Advanced Micro Devices, Inc. -> )
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2015-05-08] (ASUSTeK Computer Inc. -> )
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-02-24] (ASUSTeK Computer Inc. -> )
S0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37152 2020-06-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [205896 2020-06-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [235088 2020-06-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [178768 2020-06-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [60496 2020-06-16] (Avast Software s.r.o. -> AVAST Software)
S0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16304 2020-06-16] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42784 2020-06-16] (Avast Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [175208 2020-06-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [109280 2020-06-16] (Avast Software s.r.o. -> AVAST Software)
S0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84856 2020-06-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [851608 2020-06-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [462592 2020-06-16] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [216824 2020-06-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [322256 2020-06-16] (Avast Software s.r.o. -> AVAST Software)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [108152 2019-07-24] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
S3 CH341SER_A64; C:\WINDOWS\System32\Drivers\CH341S64.SYS [69016 2019-03-04] (Microsoft Windows Hardware Compatibility Publisher -> www.winchiphead.com)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131904 2018-12-12] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 dtproscsibus; C:\WINDOWS\System32\drivers\dtproscsibus.sys [42472 2019-11-26] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [33448 2016-12-07] (CHENGDU YIWO Tech Development Co., Ltd. -> )
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2016-07-11] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
S3 FTDIBUS; C:\WINDOWS\system32\drivers\ftdibus.sys [129448 2017-09-19] (Future Technology Devices International Ltd -> Future Technology Devices International Ltd.)
S3 FTSER2K; C:\WINDOWS\system32\drivers\ftser2k.sys [89792 2017-09-19] (Future Technology Devices International Ltd -> Future Technology Devices International Ltd.)
R4 IOMap; C:\WINDOWS\system32\drivers\IOMap64.sys [34064 2017-12-26] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R3 kmloop; C:\WINDOWS\System32\drivers\loop.sys [17408 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2018-10-05] (Logitech Inc -> Logitech Inc.)
R1 MEmuDrv; C:\WINDOWS\system32\DRIVERS\MEmuDrv.sys [319448 2019-04-15] (Shanghai Microvirt Software Technology Co., Ltd. -> Maiwei Corporation)
S3 mracdrv; C:\WINDOWS\System32\drivers\mracdrv.sys [18234792 2020-01-30] (Mail.Ru LLC -> LLC Mail.Ru)
R1 netfilter2; C:\WINDOWS\System32\drivers\netfilter2.sys [79504 2017-03-12] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [80192 2019-07-31] (Insecure.Com LLC -> Insecure.Com LLC.)
S4 npcap_wifi; C:\WINDOWS\system32\DRIVERS\npcap.sys [80192 2019-07-31] (Insecure.Com LLC -> Insecure.Com LLC.)
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [36600 2016-11-09] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [297984 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S3 Ser2pl; C:\WINDOWS\system32\DRIVERS\ser2pl64.sys [92160 2008-10-27] (Microsoft Windows Hardware Compatibility Publisher -> Prolific Technology Inc.)
S2 SSPORT; C:\WINDOWS\system32\Drivers\SSPORT.sys [19016 2019-05-31] (HP Inc. -> )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167232 2018-12-12] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2017-07-28] (Valve Corp. -> )
R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2017-07-21] (Valve Corp. -> )
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2018-07-06] (Windscribe Limited -> The OpenVPN Project)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2019-04-03] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R3 USBPcap; C:\WINDOWS\system32\DRIVERS\USBPcap.sys [58160 2019-04-01] (Tomasz Moń -> USBPcap)
R3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [236048 2018-12-18] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [247432 2018-12-18] (Oracle Corporation -> Oracle Corporation)
R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [6335912 2020-06-13] (Riot Games, Inc. -> Riot Games, Inc.)
R1 vmkbd3; C:\WINDOWS\system32\DRIVERS\vmkbd.sys [52288 2018-11-21] (VMware, Inc. -> VMware, Inc.)
R3 vmulti; C:\WINDOWS\System32\drivers\vmulti.sys [10752 2014-09-17] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R0 vsock; C:\WINDOWS\System32\DRIVERS\vsock.sys [103224 2019-08-14] (VMware, Inc. -> VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-x64.sys [52576 2018-02-28] (VMware, Inc. -> VMware, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45960 2020-05-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [394680 2020-05-01] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [64944 2020-05-01] (Microsoft Windows -> Microsoft Corporation)
R3 XTUComponent; C:\WINDOWS\System32\drivers\iocbios2.sys [38064 2019-03-26] (Intel Corporation -> Intel Corporation)
S2 MBAMChameleon; \SystemRoot\System32\Drivers\MbamChameleon.sys [X]
S3 NAL; \??\C:\WINDOWS\system32\Drivers\iqvw64e.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Knocks · Jun 16, 2020

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-06-16 21:05 - 2020-06-16 21:07 - 000048940 _____ C:\Users\Knocks\Desktop\FRST.txt
2020-06-16 21:04 - 2020-06-16 21:06 - 000000000 ____D C:\FRST
2020-06-16 21:04 - 2020-06-16 21:05 - 000000000 ____D C:\Users\Knocks\Desktop\FRST-OlderVersion
2020-06-16 21:04 - 2020-06-16 21:04 - 000000000 ___HD C:\$AV_ASW
2020-06-16 20:59 - 2020-06-16 20:59 - 000002164 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2020-06-16 20:59 - 2020-06-16 20:59 - 000000000 ____D C:\Users\Knocks\AppData\Roaming\Avast Software
2020-06-16 20:58 - 2020-06-16 20:58 - 000851608 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2020-06-16 20:58 - 2020-06-16 20:58 - 000462592 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2020-06-16 20:58 - 2020-06-16 20:58 - 000335976 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2020-06-16 20:58 - 2020-06-16 20:58 - 000322256 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2020-06-16 20:58 - 2020-06-16 20:58 - 000235088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2020-06-16 20:58 - 2020-06-16 20:58 - 000216824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2020-06-16 20:58 - 2020-06-16 20:58 - 000205896 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2020-06-16 20:58 - 2020-06-16 20:58 - 000178768 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2020-06-16 20:58 - 2020-06-16 20:58 - 000175208 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2020-06-16 20:58 - 2020-06-16 20:58 - 000109280 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2020-06-16 20:58 - 2020-06-16 20:58 - 000084856 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2020-06-16 20:58 - 2020-06-16 20:58 - 000060496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2020-06-16 20:58 - 2020-06-16 20:58 - 000042784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2020-06-16 20:58 - 2020-06-16 20:58 - 000037152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2020-06-16 20:58 - 2020-06-16 20:58 - 000016304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2020-06-16 20:58 - 2020-06-16 20:58 - 000003990 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2020-06-16 20:58 - 2020-06-16 20:58 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2020-06-16 20:58 - 2020-06-16 20:58 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2020-06-16 20:58 - 2020-06-16 20:58 - 000000000 ____D C:\Program Files\Avast Software
2020-06-16 20:57 - 2020-06-16 20:58 - 000000000 ____D C:\ProgramData\Avast Software
2020-06-16 20:55 - 2020-06-16 20:55 - 000001069 _____ C:\Users\Knocks\Desktop\a.txt
2020-06-16 20:54 - 2020-06-16 20:54 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-06-16 20:54 - 2020-06-16 20:54 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2020-06-16 20:52 - 2020-06-16 21:04 - 002289152 _____ (Farbar) C:\Users\Knocks\Desktop\FRST64.exe
2020-06-16 20:43 - 2020-06-16 20:55 - 000000000 ____D C:\Users\Knocks\Desktop\mbar
2020-06-16 20:43 - 2020-06-16 20:55 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2020-06-16 20:43 - 2020-06-16 20:43 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\6521338E.sys
2020-06-16 20:13 - 2020-06-16 20:29 - 000000000 ____D C:\ProgramData\RogueKiller
2020-06-16 20:12 - 2020-06-16 20:13 - 030689848 _____ C:\Users\Knocks\Desktop\RogueKiller_portable64.exe
2020-06-16 20:12 - 2020-06-16 20:12 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Knocks\Desktop\mbar-1.10.3.1001.exe
2020-06-15 14:23 - 2020-06-15 14:23 - 000000000 ____D C:\Users\Knocks\Desktop\Steam Token Dumper
2020-06-13 14:28 - 2020-06-14 19:10 - 000000081 _____ C:\Users\Knocks\Desktop\Nuovo documento di testo.txt
2020-06-12 22:05 - 2020-06-12 22:05 - 000462244 _____ C:\WINDOWS\Minidump\061220-24000-01.dmp
2020-06-12 21:38 - 2020-06-12 21:38 - 000000000 ____D C:\Users\Public\Logi
2020-06-12 18:55 - 2020-06-12 23:04 - 000000000 ____D C:\Users\Knocks\Desktop\CCleaner
2020-06-12 12:52 - 2020-06-12 23:04 - 000000000 ____D C:\Users\Knocks\AppData\Roaming\RetroArch
2020-06-09 14:34 - 2020-06-09 14:34 - 000002092 _____ C:\Users\Knocks\Desktop\Cartel1.CSV
2020-06-09 13:24 - 2020-06-09 13:24 - 000003304 _____ C:\WINDOWS\system32\Tasks\StartCNBM
2020-06-09 13:21 - 2020-06-09 13:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Software
2020-06-07 17:58 - 2020-05-27 14:20 - 001784536 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2020-06-07 17:58 - 2020-05-27 14:20 - 001784536 _____ C:\WINDOWS\system32\vulkaninfo.exe
2020-06-07 17:58 - 2020-05-27 14:20 - 001374936 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2020-06-07 17:58 - 2020-05-27 14:20 - 001374936 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2020-06-07 17:58 - 2020-05-27 14:20 - 001085976 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2020-06-07 17:58 - 2020-05-27 14:20 - 001085976 _____ C:\WINDOWS\system32\vulkan-1.dll
2020-06-07 17:58 - 2020-05-27 14:20 - 000944824 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2020-06-07 17:58 - 2020-05-27 14:20 - 000944824 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2020-06-07 17:58 - 2020-05-27 14:20 - 000737496 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Rapidfire64.dll
2020-06-07 17:58 - 2020-05-27 14:20 - 000621784 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\Rapidfire.dll
2020-06-07 17:58 - 2020-05-27 14:20 - 000497360 _____ C:\WINDOWS\system32\GameManager64.dll
2020-06-07 17:58 - 2020-05-27 14:20 - 000493776 _____ C:\WINDOWS\system32\dgtrayicon.exe
2020-06-07 17:58 - 2020-05-27 14:20 - 000433360 _____ C:\WINDOWS\system32\EEURestart.exe
2020-06-07 17:58 - 2020-05-27 14:20 - 000340176 _____ C:\WINDOWS\system32\clinfo.exe
2020-06-07 17:58 - 2020-05-27 14:20 - 000187600 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
2020-06-07 17:58 - 2020-05-27 14:20 - 000167128 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2020-06-07 17:58 - 2020-05-27 14:20 - 000157408 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2020-06-07 17:58 - 2020-05-27 14:20 - 000143056 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2020-06-07 17:58 - 2020-05-27 14:20 - 000091352 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mcl64.dll
2020-06-07 17:58 - 2020-05-27 14:20 - 000075984 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mcl32.dll
2020-06-07 17:58 - 2020-05-27 14:20 - 000047320 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\RapidFireServer64.dll
2020-06-07 17:58 - 2020-05-27 14:20 - 000044248 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\RapidFireServer.dll
2020-06-07 17:58 - 2020-05-27 14:20 - 000020392 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
2020-06-07 17:58 - 2020-05-05 14:49 - 000483248 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlogsr.exe
2020-06-07 17:58 - 2020-05-05 14:49 - 000089200 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\amdlog.sys
2020-06-07 17:58 - 2020-03-31 13:49 - 000060216 _____ C:\WINDOWS\system32\Drivers\amdxe.sys
2020-06-07 17:57 - 2020-05-27 14:20 - 064809688 _____ C:\WINDOWS\system32\amd_comgr.dll
2020-06-07 17:57 - 2020-05-27 14:20 - 053685456 _____ C:\WINDOWS\SysWOW64\amd_comgr32.dll
2020-06-07 17:57 - 2020-05-27 14:20 - 004631248 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amfrt64.dll
2020-06-07 17:57 - 2020-05-27 14:20 - 001342168 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2020-06-07 17:57 - 2020-05-27 14:20 - 001342168 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2020-06-07 17:57 - 2020-05-27 14:20 - 000761040 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2020-06-07 17:57 - 2020-05-27 14:20 - 000469200 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2020-06-07 17:57 - 2020-05-27 14:20 - 000456920 _____ C:\WINDOWS\system32\atieah64.exe
2020-06-07 17:57 - 2020-05-27 14:20 - 000352464 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2020-06-07 17:57 - 2020-05-27 14:20 - 000245976 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2020-06-07 17:57 - 2020-05-27 14:20 - 000213712 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2020-06-07 17:57 - 2020-05-27 14:20 - 000183008 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2020-06-07 17:57 - 2020-05-27 14:20 - 000167632 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2020-06-07 17:57 - 2020-05-27 14:20 - 000159264 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2020-06-07 17:57 - 2020-05-27 14:20 - 000141528 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2020-06-07 17:57 - 2020-05-27 14:20 - 000136400 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2020-06-07 17:57 - 2020-05-27 14:20 - 000135384 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2020-06-07 17:57 - 2020-05-27 14:20 - 000126160 _____ C:\WINDOWS\system32\atidxx64.dll
2020-06-07 17:57 - 2020-05-27 14:20 - 000123088 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
2020-06-07 17:57 - 2020-05-27 14:20 - 000121048 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2020-06-07 17:57 - 2020-05-27 14:20 - 000108240 _____ C:\WINDOWS\SysWOW64\atidxx32.dll
2020-06-07 17:57 - 2020-05-27 14:20 - 000107728 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
2020-06-07 17:57 - 2020-05-27 14:20 - 000070872 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ati2erec.dll
2020-06-07 17:57 - 2020-05-27 14:19 - 071473360 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdhip64.dll
2020-06-07 17:57 - 2020-05-27 14:19 - 001686624 _____ (AMD) C:\WINDOWS\system32\amf-mft-mjpeg-decoder64.dll
2020-06-07 17:57 - 2020-05-27 14:19 - 001365984 _____ (AMD) C:\WINDOWS\SysWOW64\amf-mft-mjpeg-decoder32.dll
2020-06-07 17:57 - 2020-05-27 14:19 - 000941776 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
2020-06-07 17:57 - 2020-05-27 14:19 - 000769232 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
2020-06-07 17:57 - 2020-05-27 14:19 - 000554192 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmcl64.dll
2020-06-07 17:57 - 2020-05-27 14:19 - 000547424 _____ C:\WINDOWS\system32\amdmiracast.dll
2020-06-07 17:57 - 2020-05-27 14:19 - 000490192 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2020-06-07 17:57 - 2020-05-27 14:19 - 000467152 _____ C:\WINDOWS\system32\amdlogum.exe
2020-06-07 17:57 - 2020-05-27 14:19 - 000384208 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmcl32.dll
2020-06-07 17:57 - 2020-05-27 14:19 - 000380624 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2020-06-07 17:57 - 2020-05-27 14:19 - 000130864 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2020-06-07 17:57 - 2020-05-27 14:19 - 000130864 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2020-06-07 17:57 - 2020-05-27 14:19 - 000108880 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2020-06-07 17:57 - 2020-05-27 14:19 - 000108864 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2020-06-07 17:57 - 2020-05-27 14:18 - 000136544 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2020-06-07 17:57 - 2020-05-27 14:18 - 000120896 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2020-06-07 17:57 - 2020-05-25 20:28 - 003471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap
2020-06-07 17:57 - 2020-05-25 20:28 - 003437632 _____ C:\WINDOWS\system32\atiumd6a.cap
2020-06-07 17:57 - 2020-05-25 20:01 - 000543400 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb
2020-06-07 17:57 - 2020-05-25 20:01 - 000543400 _____ C:\WINDOWS\system32\atiapfxx.blb
2020-06-07 14:02 - 2020-06-07 14:02 - 000000584 _____ C:\Users\Knocks\advanced_ip_scanner_MAC.bin
2020-06-07 14:02 - 2020-06-07 14:02 - 000000015 _____ C:\Users\Knocks\advanced_ip_scanner_Comments.bin
2020-06-07 14:02 - 2020-06-07 14:02 - 000000015 _____ C:\Users\Knocks\advanced_ip_scanner_Aliases.bin
2020-06-07 13:10 - 2020-06-07 13:10 - 000000178 _____ C:\Users\Knocks\.packettracer
2020-06-04 22:20 - 2020-06-04 22:20 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2020-06-04 21:05 - 2020-06-05 08:55 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-06-04 19:46 - 2020-06-04 19:46 - 000001532 _____ C:\Users\Knocks\AppData\Local\recently-used.xbel
2020-06-04 18:22 - 2020-06-04 18:22 - 000000053 _____ C:\Users\Knocks\.git-for-windows-updater
2020-06-03 20:25 - 2020-06-03 20:25 - 000000000 ____D C:\Users\Knocks\AppData\Local\mbam
2020-06-03 20:24 - 2020-06-03 20:24 - 000000000 ____D C:\Program Files\Malwarebytes
2020-06-03 20:23 - 2020-06-16 20:43 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-06-03 20:23 - 2020-06-03 20:23 - 000000000 ____D C:\Users\Knocks\AppData\Local\mbamtray
2020-06-03 18:22 - 2020-06-03 18:22 - 000002570 _____ C:\WINDOWS\system32\Tasks\Git for Windows Updater
2020-06-03 18:21 - 2020-06-03 18:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
2020-06-03 11:20 - 2020-06-03 11:20 - 000000000 ____D C:\Users\Knocks\AppData\Local\VALORANT
2020-05-27 17:57 - 2020-05-27 17:57 - 000000000 ____D C:\Users\Knocks\Documents\Zoom
2020-05-27 17:56 - 2020-05-28 09:56 - 000000000 ____D C:\Users\Knocks\AppData\Roaming\Zoom
2020-05-27 09:16 - 2020-05-27 09:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2020-05-27 09:16 - 2020-05-27 09:16 - 000000000 ____D C:\Program Files\iTunes
2020-05-27 09:16 - 2020-05-27 09:16 - 000000000 ____D C:\Program Files\iPod
2020-05-26 11:21 - 2020-05-26 11:21 - 000000056 _____ C:\Users\Knocks\.gitconfig
2020-05-26 10:25 - 2020-05-26 10:25 - 000000016 _____ C:\Users\Knocks\.emulator_console_auth_token
2020-05-26 10:18 - 2020-06-12 19:17 - 000003504 _____ C:\Users\Knocks\.bash_history
2020-05-26 10:18 - 2020-05-26 10:18 - 000000000 ____D C:\Users\Knocks\.AndroidStudio3.6
2020-05-22 09:28 - 2020-05-22 09:28 - 000000000 ____D C:\Users\Knocks\AppData\Roaming\FiraxisLive
2020-05-22 09:28 - 2020-05-22 09:28 - 000000000 ____D C:\Users\Knocks\AppData\Roaming\2K
2020-05-22 09:28 - 2020-05-22 09:28 - 000000000 ____D C:\Users\Knocks\AppData\Local\2K
2020-05-22 09:08 - 2020-05-22 09:08 - 000000000 ____D C:\Users\Knocks\Documents\Shadow Warrior DX11
2020-05-21 10:41 - 2020-05-21 10:41 - 008145400 _____ (Tim Kosse) C:\Users\Knocks\Downloads\FileZilla_3.48.1_win64-setup.exe
2020-05-20 09:26 - 2020-05-20 09:26 - 000000000 ____D C:\Users\Knocks\AppData\Local\ShooterGame
2020-05-19 21:53 - 2020-06-16 16:02 - 000000001 _____ C:\WINDOWS\vgkbootstatus.dat
2020-05-19 19:35 - 2020-06-16 15:59 - 000000000 ____D C:\Program Files\Riot Vanguard
2020-05-18 09:10 - 2020-05-18 09:10 - 000000000 ____D C:\Users\Knocks\AppData\Local\ChimeraGUI

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-06-16 21:05 - 2019-03-19 06:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-06-16 21:05 - 2019-03-19 06:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-06-16 21:00 - 2019-11-23 20:40 - 000000000 ____D C:\WINDOWS\system32\AMD
2020-06-16 20:59 - 2019-03-08 16:48 - 000000000 ____D C:\Users\Knocks\AppData\Roaming\Spotify
2020-06-16 20:58 - 2019-03-19 06:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-06-16 20:56 - 2019-06-23 20:26 - 000000000 ____D C:\Users\Knocks\AppData\Roaming\Code - Insiders
2020-06-16 20:49 - 2019-03-08 16:51 - 000000000 ____D C:\Users\Knocks\AppData\Local\Spotify
2020-06-16 20:49 - 2019-03-08 16:43 - 000000000 ____D C:\Users\Knocks\AppData\Roaming\KeePass
2020-06-16 20:41 - 2019-07-04 20:15 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-06-16 20:12 - 2019-03-08 20:05 - 000000000 ____D C:\Users\Knocks\AppData\Roaming\vlc
2020-06-16 20:09 - 2020-04-18 21:17 - 000007608 _____ C:\Users\Knocks\AppData\Local\Resmon.ResmonCfg
2020-06-16 20:09 - 2019-07-23 15:33 - 000000000 ____D C:\Users\Knocks\AppData\Roaming\XnViewMP
2020-06-16 20:09 - 2019-05-22 16:30 - 000000000 ____D C:\Users\Knocks\AppData\LocalLow\Mozilla
2020-06-16 20:09 - 2019-03-08 16:51 - 000000000 ____D C:\Program Files (x86)\Steam
2020-06-16 19:55 - 2019-03-11 20:21 - 000000000 ____D C:\Users\Knocks\AppData\Roaming\Discord
2020-06-16 19:44 - 2019-03-11 14:06 - 000000000 ____D C:\Users\Knocks\AppData\Roaming\WhatsApp
2020-06-16 18:08 - 2019-03-11 19:36 - 000000000 ____D C:\Users\Knocks\AppData\Roaming\Telegram Desktop
2020-06-16 18:05 - 2019-03-11 19:37 - 000000000 ____D C:\Users\Knocks\Downloads\Telegram Desktop
2020-06-16 18:03 - 2020-02-01 13:58 - 000000000 ____D C:\Users\Knocks\AppData\Roaming\obs-studio
2020-06-16 17:54 - 2019-03-08 16:14 - 000000000 ____D C:\Users\Knocks\AppData\Local\Packages
2020-06-16 16:04 - 2019-07-04 20:21 - 001764682 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-06-16 16:04 - 2019-03-19 14:33 - 000782828 _____ C:\WINDOWS\system32\perfh010.dat
2020-06-16 16:04 - 2019-03-19 14:33 - 000147564 _____ C:\WINDOWS\system32\perfc010.dat
2020-06-16 16:04 - 2019-03-19 06:50 - 000000000 ____D C:\WINDOWS\INF
2020-06-16 16:01 - 2019-12-11 17:57 - 000003106 _____ C:\WINDOWS\system32\Tasks\AMDInstallLauncher
2020-06-16 16:01 - 2019-07-04 20:22 - 000003092 _____ C:\WINDOWS\system32\Tasks\AMDLinkUpdate
2020-06-16 15:59 - 2019-07-04 20:22 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-06-16 15:59 - 2019-03-08 21:28 - 000000000 ____D C:\ProgramData\VMware
2020-06-16 15:45 - 2019-03-19 06:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-06-16 15:45 - 2019-03-08 16:23 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2020-06-16 10:59 - 2019-03-19 06:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-06-16 10:59 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-06-16 10:54 - 2020-04-01 14:44 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2020-06-16 10:54 - 2020-04-01 14:44 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2020-06-16 10:54 - 2019-06-18 19:34 - 000000000 ____D C:\Program Files\UNP
2020-06-15 20:47 - 2019-03-08 18:39 - 000000000 ____D C:\Program Files (x86)\Origin
2020-06-15 19:59 - 2019-03-19 06:52 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2020-06-15 19:58 - 2019-03-08 17:58 - 000000000 ____D C:\Program Files\Microsoft Office
2020-06-15 19:50 - 2019-07-04 19:55 - 000000000 ____D C:\Users\Knocks
2020-06-15 14:22 - 2019-03-09 17:50 - 000000600 _____ C:\Users\Knocks\AppData\Local\PUTTY.RND
2020-06-15 14:17 - 2019-03-08 20:16 - 000000000 ____D C:\Users\Knocks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2020-06-15 13:54 - 2019-06-23 18:14 - 000000000 ____D C:\Users\Knocks\AppData\Roaming\gnupg
2020-06-14 20:51 - 2020-04-01 14:45 - 000003522 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2020-06-14 17:26 - 2019-09-07 16:38 - 000000000 ____D C:\Users\Knocks\AppData\Local\ElevatedDiagnostics
2020-06-14 17:26 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-06-14 17:17 - 2019-03-08 16:25 - 000000000 ____D C:\Users\Knocks\AppData\Local\AMD
2020-06-13 13:58 - 2019-03-10 11:17 - 000000000 ____D C:\Users\Knocks\AppData\Local\Adobe
2020-06-13 13:57 - 2019-07-04 20:22 - 000004686 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
2020-06-13 13:57 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-06-13 13:57 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-06-12 23:04 - 2019-03-20 18:38 - 000000000 ____D C:\xampp
2020-06-12 23:04 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2020-06-12 23:04 - 2019-03-08 23:44 - 000000000 ____D C:\Users\Knocks\AppData\Roaming\Rainmeter
2020-06-12 23:04 - 2019-03-08 17:46 - 000000000 ____D C:\ProgramData\Origin
2020-06-12 23:00 - 2020-05-14 11:46 - 000000000 ____D C:\Users\Knocks\AppData\Roaming\Postman
2020-06-12 23:00 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\registration
2020-06-12 22:05 - 2019-07-09 17:03 - 000000000 ____D C:\WINDOWS\Minidump
2020-06-12 20:40 - 2020-04-16 16:47 - 000000000 ____D C:\Users\Knocks\AppData\Roaming\FileZilla
2020-06-12 19:17 - 2019-06-23 20:27 - 000000000 ____D C:\Users\Knocks\.gnupg
2020-06-12 18:56 - 2020-04-17 13:06 - 000000000 ____D C:\Users\Knocks\AppData\Local\CrashDumps
2020-06-11 14:47 - 2019-06-23 20:25 - 000000000 ____D C:\Program Files\Microsoft VS Code Insiders
2020-06-11 14:44 - 2019-06-23 20:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Code - Insiders
2020-06-10 09:48 - 2019-07-04 20:15 - 000437896 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-06-09 22:42 - 2019-03-11 14:06 - 000000000 ____D C:\Users\Knocks\AppData\Local\WhatsApp
2020-06-09 13:24 - 2019-03-08 16:21 - 000000000 ____D C:\Program Files\AMD
2020-06-09 13:21 - 2019-07-04 20:22 - 000003194 _____ C:\WINDOWS\system32\Tasks\ModifyLinkUpdate
2020-06-09 12:30 - 2019-03-09 17:44 - 000000000 ____D C:\Users\Knocks\AppData\Roaming\VMware
2020-06-09 12:30 - 2019-03-09 17:44 - 000000000 ____D C:\Users\Knocks\AppData\Local\VMware
2020-06-09 11:52 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2020-06-09 10:05 - 2019-10-06 15:54 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-06-08 21:13 - 2020-05-14 11:46 - 000000000 ____D C:\Users\Knocks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Postman
2020-06-08 19:14 - 2020-05-14 11:46 - 000000000 ____D C:\Users\Knocks\AppData\Local\Postman
2020-06-08 19:13 - 2019-03-11 14:06 - 000000000 ____D C:\Users\Knocks\AppData\Local\SquirrelTemp
2020-06-07 17:58 - 2019-03-08 16:20 - 000000000 ____D C:\AMD
2020-06-07 13:10 - 2019-05-04 18:38 - 000000000 ____D C:\Users\Knocks\AppData\Local\PacketTracer7
2020-06-06 21:49 - 2019-03-08 17:46 - 000000000 ____D C:\Users\Knocks\AppData\Roaming\Origin
2020-06-06 21:10 - 2019-03-08 17:46 - 000000000 ____D C:\Users\Knocks\AppData\Local\Origin
2020-06-05 19:27 - 2019-03-12 18:07 - 000000000 ____D C:\Users\Knocks\AppData\Roaming\qBittorrent
2020-06-05 10:45 - 2019-07-30 20:02 - 000000000 ____D C:\Users\Knocks\AppData\Local\cache
2020-06-05 08:55 - 2020-02-11 22:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-06-04 22:20 - 2020-01-24 18:04 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-06-04 20:14 - 2019-05-11 12:51 - 000000000 ____D C:\Users\Knocks\AppData\Local\babl-0.1
2020-06-04 19:44 - 2019-11-12 19:29 - 000000000 ____D C:\Users\Knocks\AppData\Local\gtk-2.0
2020-06-03 21:04 - 2019-07-23 20:12 - 000000000 ____D C:\Program Files\Rockstar Games
2020-06-03 21:04 - 2019-07-23 20:12 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2020-06-03 20:33 - 2019-03-10 11:22 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-06-03 18:22 - 2019-03-11 16:58 - 000000000 ____D C:\Program Files\Git
2020-05-31 19:48 - 2019-09-20 21:40 - 000000000 ____D C:\Users\Knocks\AppData\Local\Plex
2020-05-31 19:44 - 2020-05-13 18:20 - 000000128 _____ C:\Users\Knocks\AppData\Roaming\PUTTY.RND
2020-05-27 14:20 - 2020-04-08 14:21 - 004141776 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amfrt32.dll
2020-05-27 14:20 - 2019-03-06 12:19 - 001775320 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2020-05-27 14:20 - 2019-03-06 12:19 - 000380624 _____ C:\WINDOWS\SysWOW64\GameManager32.dll
2020-05-27 14:20 - 2019-03-06 12:19 - 000020392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
2020-05-27 14:19 - 2019-12-11 17:51 - 000168016 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdihk32.dll
2020-05-27 14:19 - 2019-06-12 10:15 - 000198928 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdihk64.dll
2020-05-27 14:19 - 2019-03-08 16:23 - 000104808 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\amdkmpfd.sys
2020-05-26 10:25 - 2019-03-08 21:03 - 000000000 ____D C:\Users\Knocks\.android
2020-05-26 10:22 - 2019-07-22 12:04 - 000000000 ____D C:\Users\Knocks\.gradle
2020-05-22 12:07 - 2019-03-08 20:01 - 000000000 ____D C:\Users\Knocks\AppData\Local\JDownloader v2.0
2020-05-22 09:28 - 2019-03-08 17:05 - 000000000 ____D C:\Users\Knocks\Documents\My games
2020-05-22 09:28 - 2019-03-08 16:25 - 000000000 ____D C:\Users\Knocks\AppData\Local\D3DSCache
2020-05-21 10:42 - 2020-04-16 16:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2020-05-21 10:42 - 2020-04-16 16:47 - 000000000 ____D C:\Program Files\FileZilla FTP Client

==================== Files in the root of some directories ========

2019-11-15 17:24 - 2019-11-15 17:24 - 000012879 _____ () C:\Users\Knocks\AppData\Roaming\alsoft.ini
2020-05-13 18:20 - 2020-05-31 19:44 - 000000128 _____ () C:\Users\Knocks\AppData\Roaming\PUTTY.RND
2019-03-09 18:06 - 2020-04-16 17:03 - 000000128 _____ () C:\Users\Knocks\AppData\Roaming\winscp.rnd
2020-03-13 14:54 - 2020-03-13 15:00 - 000007168 _____ () C:\Users\Knocks\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2020-02-27 17:05 - 2020-02-27 17:05 - 000000466 _____ () C:\Users\Knocks\AppData\Local\meld.log
2020-04-02 08:47 - 2020-04-02 08:47 - 000000000 _____ () C:\Users\Knocks\AppData\Local\oobelibMkey.log
2019-03-09 17:50 - 2020-06-15 14:22 - 000000600 _____ () C:\Users\Knocks\AppData\Local\PUTTY.RND
2020-06-04 19:46 - 2020-06-04 19:46 - 000001532 _____ () C:\Users\Knocks\AppData\Local\recently-used.xbel
2020-04-18 21:17 - 2020-06-16 20:09 - 000007608 _____ () C:\Users\Knocks\AppData\Local\Resmon.ResmonCfg
2020-03-09 20:11 - 2020-03-09 20:11 - 000000000 _____ () C:\Users\Knocks\AppData\Local\zenmap.exe.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Broni · Jun 16, 2020

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================

So far I don't see much, but...

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Double click on downloaded setup.exe file to install the program.
Click on Start Scan button.
Click on another Start Scan button.
Wait until the Status box shows Scan Finished
Click on Remove Selected.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
Then click Finish.
Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
Restart your computer when prompted to do so.
The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8/10 users right-click and select Run As Administrator
The tool will start to update the database if one is required.
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Logfile button.
A window will open which lists the logs of your scans.
Click on the Scan tab.
Double-click the most recent scan which will be at the top of the list....the log will appear.
Review the results...see note below
After reviewing the log, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

Knocks · Jun 17, 2020

Broni said:
Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================

So far I don't see much, but...

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs

Double click on downloaded setup.exe file to install the program.

Click on Start Scan button.

Click on another Start Scan button.

Wait until the Status box shows Scan Finished

Click on Remove Selected.

Wait until the Status box shows Deleting Finished.

Click on Report and copy/paste the content of the Notepad into your next reply.

RKreport.txt could also be found on your desktop.

If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.

Then click Finish.

Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.

If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.

When the scan is complete, make sure that all Threats are selected, and click Remove Selected.

Restart your computer when prompted to do so.

The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8/10 users right-click and select Run As Administrator

The tool will start to update the database if one is required.

Click on the Scan button.

AdwCleaner will begin...be patient as the scan may take some time to complete.

After the scan has finished, click on the Logfile button.

A window will open which lists the logs of your scans.

Click on the Scan tab.

Double-click the most recent scan which will be at the top of the list....the log will appear.

Review the results...see note below

After reviewing the log, click on the Clean button.

Press OK when asked to close all programs and follow the onscreen prompts.

Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).

To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.

Copy and paste the contents of AdwCleaner[CX].txt in your next reply.

A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

As strange as it may sound, the "bug?" fixed itself. Windows updated to the 2004 version, and now it works no problem. Could it be that my last ccleaner cleanup (or the registry fix) corrupted something? Or do you think I should keep on with the scans?

Broni · Jun 17, 2020

If everything works fine you should be good to go. I didn't see anything malicious in your logs anyway.
Good luck and stay safe

Knocks · Jun 17, 2020

Thanks then, have a good day!

Broni · Jun 17, 2020

Solved Virus?

Knocks

Posts: 8 +0

Knocks

Posts: 8 +0

Knocks

Posts: 8 +0

Knocks

Posts: 8 +0

Knocks

Posts: 8 +0

Knocks

Posts: 8 +0

Broni

Posts: 56,041 +516

Knocks

Posts: 8 +0

Broni

Posts: 56,041 +516

Knocks

Posts: 8 +0

Broni

Posts: 56,041 +516

Similar threads

Latest posts