TDMoor
Posts: 36 +0
Hello,
For a few days, some kind of script automatically triggers the "Use setup script" option in my Internet proxy settings, which were disabled before. It links to a script address called http:/ / 127.0.0.1:86/ (spaces added so people don't accidentally click it) that downloads a .txt file called "download" which seems to track my browsing behavior on popular websites like Google, Amazon, Ebay, etc. I deleted the .txt file and it hasn't reappeared so far. But every time I delete any mention of 127.0.0.1:86 in my regedit, it returns whenever I use Chrome. The same for the proxy settings: "Use setup script" is triggered with the IP script address every time I use Chrome.
So I ran FRST64. Here is the FRST.txt file:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-01-2021
Ran by Predator (administrator) on PIXELATOR (Acer Predator PH315-52) (24-01-2021 14:31:40)
Running from C:\Users\Predator\Downloads
Loaded Profiles: Predator
Platform: Windows 10 Enterprise Version 20H2 19042.746 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdntwrk.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe <3>
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdtrackersnmh.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
(Cold Turkey Software, Inc. -> ) C:\Program Files\Cold Turkey\ServiceHub.Helper.exe
(Cold Turkey Software, Inc. -> ) C:\Program Files\Cold Turkey\ServiceHub.Power.exe
(Cold Turkey Software, Inc. -> Cold Turkey Software Inc.) C:\Program Files\Cold Turkey\Cold Turkey Blocker.exe
(Cold Turkey Software, Inc. -> Cold Turkey Software Inc.) C:\Program Files\Cold Turkey\CTMsgHostChrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <28>
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Extreme Tuning Utility -> Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvaci.inf_amd64_5691fa6e0332f879\Display.NvContainer\NVDisplay.Container.exe <2>
(Plex, Inc. -> Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1082592 2020-02-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo77ac.inf_amd64_b71853ad38306f1c\WavesSvc64.exe [1597528 2019-12-23] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [Box] => C:\Program Files\Box\Box\Box.exe [6387944 2020-12-21] (Box, Inc. -> Box, Inc.)
HKLM\...\Run: [cfmon] => C:\Windows\System32\ctfmon.exe [11264 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\MountPoints2: {0dafccc4-bf41-11ea-b3a1-50e085ba1633} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-18\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [21233264 2021-01-05] (Plex, Inc. -> Plex, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.104\Installer\chrmstp.exe [2021-01-22] (Google LLC -> Google LLC)
GroupPolicy\User: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {11810E54-6E06-4D99-BACE-B4746BEB1B98} - System32\Tasks\Power_a17007 => C:\Program Files\Cold Turkey\CTServiceInstaller.exe [20224 2021-01-10] (Cold Turkey Software, Inc. -> Cold Turkey Software Inc.)
Task: {4ED77466-76A7-4A21-8142-2B6E739FD744} - System32\Tasks\Optimize Thumbnail Cache => C:\Program Files (x86)\Common Files\installshield\engine\8\intel 32\isupdate.exe [61104 2020-09-26] (Flexera Software LLC -> InstallShield®) [File not signed]
Task: {A6035921-0766-4EC2-908B-95C79185BB4E} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [895080 2020-10-28] (Bitdefender SRL -> Bitdefender)
Task: {AB949040-EA4A-412A-BCF5-736D5E5FDF87} - System32\Tasks\InstallShield® Setup Engine Kernel => C:\Program Files (x86)\Common Files\installshield\engine\8\intel 32\iKernel.exe [72880 2020-10-16] (Flexera Software LLC -> InstallShield Software Corporation) [File not signed]
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\Driver Easy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings)
AutoConfigURL: [HKLM] => hxxp://127.0.0.1:86/
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{90002c76-16bd-4c5f-bf9b-fa5571ee34eb}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{cf3f026a-e4fb-46f4-b342-96e9ddaa1fda}: [DhcpNameServer] 192.168.1.1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Predator\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-21]
Edge Extension: (Outlook) - C:\Users\Predator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2020-10-19]
Edge Extension: (Cold Turkey Blocker) - C:\Users\Predator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jfphahkinplobmabmgjmjgflbhjjddeb [2021-01-19]
Edge Extension: (Excel) - C:\Users\Predator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2020-10-19]
Edge Extension: (PowerPoint) - C:\Users\Predator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2020-10-19]
FireFox:
========
FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi [2020-07-16] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/wallet/updates.json ]
FF HKLM\...\Firefox\Extensions: [bdtbe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi
FF Extension: (Bitdefender Anti-tracker) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi [2020-09-17] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/antitracker/updates.json ]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2020-12-08] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
FF HKLM-x32\...\Firefox\Extensions: [bdtbe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-09-15] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-09-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default [2021-01-24]
CHR Notifications: Default -> hxxps://calendar.google.com
CHR HomePage: Default -> hxxp://www.bbc.co.uk/news/
CHR Extension: (Google Translate) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2021-01-08]
CHR Extension: (Slides) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-05-27]
CHR Extension: (Docs) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-05-27]
CHR Extension: (Google Drive) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-25]
CHR Extension: (ColorZilla) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2020-10-26]
CHR Extension: (Hypothesis - Web & PDF Annotation) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjfhmglciegochdpefhhlphglcehbmek [2021-01-22]
CHR Extension: (James White) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm [2021-01-06]
CHR Extension: (YouTube) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-05-27]
CHR Extension: (Remember The Milk) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\chdiaibgndcpagmnpkjoelgfkommjbni [2020-06-01]
CHR Extension: (Adblock for Youtube™) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2021-01-16]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2020-09-07]
CHR Extension: (Readwise Exporter) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnokljebgljnegkchppjijnhbcjmejdj [2020-11-30]
CHR Extension: (Adobe Acrobat) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-12-15]
CHR Extension: (Readwise) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\egfepjgjabnppmaiadpedbgadkcelcbd [2020-11-30]
CHR Extension: (Sheets) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-05-27]
CHR Extension: (Google Docs Offline) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-17]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2021-01-21]
CHR Extension: (World Time Buddy) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdhpjomiingppeefgnohkiapmnaeakoj [2020-06-01]
CHR Extension: (Grammarly for Chrome) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-01-24]
CHR Extension: (Bitdefender Anti-tracker) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\khndhdhbebhaddchcgnalcjlaekbbeof [2021-01-21]
CHR Extension: (Evernote Web) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2020-06-01]
CHR Extension: (Save to Pocket) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2020-11-10]
CHR Extension: (MetaMask) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2021-01-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-05-27]
CHR Extension: (Buffer) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\noojglkidnpfjbincgijbaiedldjfbhh [2020-11-05]
CHR Extension: (Toggl Track: Productivity & Time Tracker) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejgccbfbmkkpaidnkphaiaecficdnfn [2020-12-03]
CHR Extension: (Cold Turkey Blocker) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pganeibhckoanndahmnfggfoeofncnii [2021-01-19]
CHR Extension: (Gmail) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-24]
CHR Extension: (Writer) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnengefjfhgcceajaepbjhanoojifmog [2020-06-01]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl]
CHR HKLM-x32\...\Chrome\Extension: [khndhdhbebhaddchcgnalcjlaekbbeof]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
R2 BDAuxSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [803576 2020-10-02] (Bitdefender SRL -> Bitdefender)
R2 BDProtSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [803576 2020-10-02] (Bitdefender SRL -> Bitdefender)
R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2195344 2018-03-22] (Bitdefender SRL -> Bitdefender)
S2 BoxUpdateSvc; C:\Program Files\Box\Box\Box.Desktop.UpdateService.exe [98000 2020-12-21] (Box, Inc. -> Box, Inc.)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8960384 2021-01-19] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2020-10-14] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [439880 2021-01-05] (Epic Games Inc. -> Epic Games, Inc.)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [287720 2020-10-19] (NVIDIA Corporation -> NVIDIA)
S2 Killer Network Service; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe [2616424 2019-06-17] (Rivet Networks LLC -> Rivet Networks)
S2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [275200 2020-10-16] (TEFINCOM S.A. -> TEFINCOM S.A.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2533952 2021-01-20] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3479112 2021-01-20] (Electronic Arts, Inc. -> Electronic Arts)
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [1427568 2021-01-05] (Plex, Inc. -> Plex, Inc.)
R2 Power_a17007; C:\Program Files\Cold Turkey\ServiceHub.Power.exe [111096 2020-11-13] (Cold Turkey Software, Inc. -> )
S2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1355768 2020-10-28] (Bitdefender SRL -> Bitdefender)
S3 PSSvc; C:\Program Files\Acer\PredatorSense Service\PSSvc.exe [979736 2019-10-09] (Acer Incorporated -> Acer Incorporated)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [170840 2020-11-13] (Bitdefender SRL -> Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [803576 2020-10-02] (Bitdefender SRL -> Bitdefender)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 xTendSoftAPService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\xTendSoftAPService.exe [72808 2019-06-17] (Rivet Networks LLC -> Rivet Networks, LLC.)
S2 xTendUtilityService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\xTendUtilityService.exe [72816 2019-06-17] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvaci.inf_amd64_5691fa6e0332f879\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvaci.inf_amd64_5691fa6e0332f879\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AcerAirplaneModeController; C:\WINDOWS\System32\drivers\AcerAirplaneModeController.sys [30168 2020-05-12] (Acer Incorporated -> Acer Incorporated)
R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [2151624 2020-09-16] (Bitdefender SRL -> Bitdefender S.R.L. Bucharest, ROMANIA)
R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [796200 2020-05-26] (Bitdefender SRL -> Bitdefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [22960 2019-03-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
R0 bdprivmon; C:\WINDOWS\System32\DRIVERS\bdprivmon.sys [46056 2020-01-17] (Bitdefender SRL -> © Bitdefender SRL)
R1 cbfsconnect2017; C:\Windows\system32\drivers\cbfsconnect2017.sys [480272 2019-10-07] (Microsoft Windows Hardware Compatibility Publisher -> Callback Technologies, Inc.)
R0 Gemma; C:\WINDOWS\System32\DRIVERS\gemma.sys [473608 2020-09-14] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [195232 2020-09-03] (Bitdefender SRL -> BitDefender LLC)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [57728 2021-01-21] (SurfRight B.V. -> )
R2 Ignis; C:\WINDOWS\system32\DRIVERS\ignis.sys [185312 2020-10-07] (Bitdefender SRL -> Bitdefender)
R3 KfeCoSvc; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KfeCo10X64.sys [162432 2019-06-17] (Rivet Networks LLC -> Rivet Networks, LLC.)
S2 NDivert; C:\WINDOWS\System32\drivers\NDivert.sys [101600 2020-12-29] (TEFINCOM S.A. -> )
R3 nlwt; C:\WINDOWS\System32\drivers\nlwt.sys [39360 2020-10-25] (TEFINCOM S.A. -> WireGuard LLC)
R1 nordlwf; C:\WINDOWS\system32\DRIVERS\nordlwf.sys [38608 2020-07-10] (TEFINCOM S.A. -> TEFINCOM S.A.)
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [640760 2020-06-09] (Bitdefender SRL -> Bitdefender)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
S1 amsdk; \??\C:\WINDOWS\system32\drivers\amsdk.sys [X]
S3 cpuz148; \??\C:\WINDOWS\temp\cpuz148\cpuz148_x64.sys [X]
S3 semav6msr64; \??\C:\WINDOWS\system32\drivers\semav6msr64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-24 13:49 - 2021-01-24 14:32 - 000021805 _____ C:\Users\Predator\Downloads\FRST.txt
2021-01-24 13:48 - 2021-01-24 14:31 - 000000000 ____D C:\FRST
2021-01-24 13:46 - 2021-01-24 13:46 - 002296832 _____ (Farbar) C:\Users\Predator\Downloads\FRST64.exe
2021-01-24 12:54 - 2021-01-24 12:54 - 008457584 _____ (Malwarebytes) C:\Users\Predator\Downloads\adwcleaner_8.0.9.1.exe
2021-01-24 12:53 - 2021-01-24 12:53 - 000003802 _____ C:\WINDOWS\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2021-01-24 12:53 - 2021-01-24 12:53 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-24 12:53 - 2021-01-24 12:53 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-01-24 12:51 - 2021-01-24 12:51 - 000003866 _____ C:\WINDOWS\system32\Tasks\Power_a17007
2021-01-24 12:50 - 2021-01-24 12:50 - 000003430 _____ C:\WINDOWS\system32\Tasks\InstallShield® Setup Engine Kernel
2021-01-21 16:43 - 2021-01-23 12:03 - 000029734 _____ C:\Users\Predator\.babel.json
2021-01-21 16:08 - 2021-01-21 16:08 - 000000000 ____D C:\Users\Predator\AppData\Local\node-gyp
2021-01-21 16:07 - 2021-01-22 16:37 - 000000000 ____D C:\Users\Predator\eth_swap
2021-01-21 15:49 - 2021-01-21 15:49 - 000000290 _____ C:\Users\Predator\.gitconfig
2021-01-21 15:49 - 2021-01-21 15:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
2021-01-21 15:49 - 2021-01-21 15:49 - 000000000 ____D C:\Program Files\Git
2021-01-21 15:38 - 2021-01-23 11:15 - 000000000 ____D C:\Users\Predator\AppData\Roaming\npm-cache
2021-01-21 15:38 - 2021-01-21 15:38 - 000000000 ____D C:\Users\Predator\.config
2021-01-21 15:37 - 2021-01-21 15:37 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Ganache
2021-01-21 15:26 - 2021-01-21 15:26 - 000000000 ____D C:\Users\Predator\AppData\Local\Package Cache
2021-01-21 15:26 - 2021-01-21 15:26 - 000000000 ____D C:\Python39
2021-01-21 15:26 - 2021-01-21 15:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.9
2021-01-21 15:25 - 2021-01-21 15:25 - 000000000 ____D C:\Users\Predator\AppData\Roaming\NuGet
2021-01-21 15:24 - 2021-01-21 15:38 - 000000000 ____D C:\Users\Predator\AppData\Roaming\npm
2021-01-21 15:24 - 2021-01-21 15:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js
2021-01-21 15:24 - 2021-01-21 15:24 - 000000000 ____D C:\Program Files\nodejs
2021-01-21 12:13 - 2021-01-21 12:13 - 000000312 _____ C:\WINDOWS\system32\.crusader
2021-01-21 12:10 - 2021-01-21 12:14 - 000057728 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2021-01-21 11:48 - 2021-01-21 12:30 - 000064959 _____ C:\WINDOWS\ZAM.krnl.trace
2021-01-21 11:48 - 2021-01-21 12:30 - 000000000 ____D C:\Users\Predator\AppData\Local\AMSDK
2021-01-21 11:48 - 2021-01-21 11:48 - 000000000 ____D C:\Users\Predator\AppData\Local\Zemana
2021-01-21 11:10 - 2021-01-21 11:12 - 000000000 ____D C:\AdwCleaner
2021-01-21 10:54 - 2021-01-21 11:04 - 000477624 _____ C:\WINDOWS\ntbtlog.txt
2021-01-21 10:54 - 2021-01-21 10:54 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2021-01-21 10:49 - 2021-01-21 10:49 - 000099608 _____ C:\ProgramData\vpn.uninstall.1611211736.bdinstall.v2.bin
2021-01-21 08:17 - 2021-01-21 08:17 - 000196800 _____ C:\ProgramData\vpn.1611202658.bdinstall.v2.bin
2021-01-21 08:10 - 2021-01-21 08:19 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2021-01-21 08:10 - 2021-01-21 08:10 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\4524E26C.sys
2021-01-21 08:10 - 2021-01-21 08:10 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2021-01-21 08:10 - 2021-01-21 08:10 - 000000000 ____D C:\Program Files (x86)\Malwarebytes
2021-01-21 08:09 - 2021-01-21 08:09 - 000765208 _____ C:\ProgramData\cl.1611201876.bdinstall.v2.bin
2021-01-21 08:09 - 2021-01-21 08:09 - 000102248 _____ C:\ProgramData\cl.kit.1611201875.bdinstall.v2.bin
2021-01-21 08:09 - 2021-01-21 08:09 - 000000000 ____D C:\WINDOWS\system32\elambkup
2021-01-21 08:09 - 2021-01-21 08:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender Security
2021-01-21 08:09 - 2021-01-21 08:09 - 000000000 ____D C:\ProgramData\Gemma
2021-01-21 08:09 - 2021-01-21 08:09 - 000000000 ____D C:\ProgramData\BDLogging
2021-01-21 08:09 - 2020-09-16 13:26 - 002151624 _____ (Bitdefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\atc.sys
2021-01-21 08:09 - 2020-09-14 14:26 - 000473608 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\gemma.sys
2021-01-21 08:09 - 2020-05-26 13:23 - 000796200 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bddci.sys
2021-01-21 08:09 - 2020-01-17 02:03 - 000046056 _____ (© Bitdefender SRL) C:\WINDOWS\system32\Drivers\bdprivmon.sys
2021-01-21 08:09 - 2019-03-21 00:12 - 000022960 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
2021-01-21 08:08 - 2021-01-21 10:54 - 000000000 ____D C:\Program Files\Bitdefender
2021-01-21 08:08 - 2021-01-21 09:14 - 000000000 ____D C:\ProgramData\Bitdefender
2021-01-21 08:08 - 2021-01-21 08:08 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Bitdefender
2021-01-21 08:08 - 2020-10-07 11:30 - 000185312 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\ignis.sys
2021-01-21 08:08 - 2020-09-03 05:20 - 000195232 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2021-01-21 08:08 - 2020-06-09 17:13 - 000640760 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\trufos.sys
2021-01-21 08:04 - 2021-01-21 08:08 - 000000000 ____D C:\Program Files\Common Files\Bitdefender
2021-01-21 07:55 - 2021-01-21 08:14 - 000000000 ____D C:\Program Files\Bitdefender Agent
2021-01-21 07:55 - 2021-01-21 07:55 - 000117564 _____ C:\ProgramData\agent.1611201317.bdinstall.v2.bin
2021-01-21 07:55 - 2021-01-21 07:55 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2021-01-21 07:51 - 2021-01-21 07:51 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000025-000000.txt
2021-01-21 07:48 - 2021-01-21 08:10 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-01-20 22:21 - 2021-01-20 22:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2021-01-20 14:45 - 2021-01-20 14:45 - 000001425 _____ C:\WINDOWS\system32\default_error_stack-000024-000000.txt
2021-01-20 14:45 - 2021-01-20 14:45 - 000000000 ____D C:\WINDOWS\Panther
2021-01-19 08:10 - 2021-01-24 14:33 - 000000000 ____D C:\ProgramData\Cold Turkey
2021-01-19 08:10 - 2021-01-19 08:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cold Turkey Software
2021-01-19 08:10 - 2021-01-19 08:10 - 000000000 ____D C:\Program Files\Cold Turkey
2021-01-18 07:29 - 2021-01-18 07:29 - 000001425 _____ C:\WINDOWS\system32\default_error_stack-000023-000000.txt
2021-01-18 07:08 - 2021-01-18 07:10 - 000000000 ____D C:\Users\Predator\OneDrive\Documents\STAR WARS Battlefront II
2021-01-18 07:08 - 2021-01-18 07:08 - 000000000 ____D C:\Users\Predator\AppData\Local\STAR WARS Battlefront II
2021-01-13 21:23 - 2021-01-21 07:52 - 000000258 __RSH C:\ProgramData\ntuser.pol
2021-01-13 13:25 - 2021-01-13 13:25 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000022-000000.txt
2021-01-13 12:53 - 2021-01-13 12:53 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 001162240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-01-13 12:53 - 2021-01-13 12:53 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-13 12:53 - 2021-01-13 12:53 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-13 12:53 - 2021-01-13 12:53 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-13 12:53 - 2021-01-13 12:53 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-13 12:53 - 2021-01-13 12:53 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000467968 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-13 12:53 - 2021-01-13 12:53 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-13 12:53 - 2021-01-13 12:53 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-13 12:53 - 2021-01-13 12:53 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-13 12:53 - 2021-01-13 12:53 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-01-13 12:53 - 2021-01-13 12:53 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-01-13 12:53 - 2021-01-13 12:53 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-13 12:53 - 2021-01-13 12:53 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-13 12:53 - 2021-01-13 12:53 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-13 12:53 - 2021-01-13 12:53 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000010894 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-01-13 12:52 - 2021-01-13 12:52 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-13 12:52 - 2021-01-13 12:52 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-01-13 12:52 - 2021-01-13 12:52 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-01-13 12:52 - 2021-01-13 12:52 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-01-08 20:11 - 2021-01-04 18:49 - 001855192 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-01-08 20:11 - 2021-01-04 18:49 - 001855192 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-01-08 20:11 - 2021-01-04 18:49 - 001435864 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-01-08 20:11 - 2021-01-04 18:49 - 001435864 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-01-08 20:11 - 2021-01-04 18:49 - 000948952 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-01-08 20:11 - 2021-01-04 18:49 - 000948952 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-01-08 20:11 - 2021-01-04 18:48 - 001454488 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-01-08 20:11 - 2021-01-04 18:48 - 001193880 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-01-08 20:11 - 2021-01-04 18:48 - 001094880 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-01-08 20:11 - 2021-01-04 18:48 - 001094880 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 001512856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 001165720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 000690072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2021-01-08 20:11 - 2021-01-04 18:46 - 000680856 _____ C:\WINDOWS\system32\nvofapi64.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 000673688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 000610712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 000559000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 000548248 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 008262552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 007393176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 004612504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 002731928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 002104216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 001589144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 000813976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 000657816 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 000447384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2021-01-08 20:11 - 2021-01-04 18:44 - 000850840 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2021-01-08 20:11 - 2021-01-04 18:43 - 006071032 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2021-01-08 20:11 - 2020-12-31 18:01 - 000084159 _____ C:\WINDOWS\system32\nvinfo.pb
2021-01-08 15:16 - 2021-01-08 15:16 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000021-000000.txt
2021-01-08 14:53 - 2021-01-19 07:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-Link
2021-01-08 14:53 - 2021-01-19 07:51 - 000000000 ____D C:\Program Files (x86)\TP-Link
2021-01-08 14:53 - 2021-01-08 15:29 - 000000000 ____D C:\Users\Predator\AppData\Roaming\tpPLC
2021-01-08 14:53 - 2021-01-08 14:53 - 000000000 ____D C:\Users\Predator\AppData\Local\Downloaded Installations
2021-01-07 10:41 - 2020-12-29 17:02 - 000101600 _____ C:\WINDOWS\system32\Drivers\NDivert.sys
2021-01-05 15:55 - 2021-01-05 15:55 - 000000000 ____D C:\Users\Predator\AppData\LocalLow\Team Cherry
2020-12-29 08:57 - 2020-12-29 08:57 - 000001781 _____ C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MaxxAudio by Waves – Speaker Audio Control and Nx 3D Sound.lnk
2020-12-29 08:50 - 2020-12-29 08:50 - 000000000 ____D C:\WINDOWS\Firmware
2020-12-27 19:47 - 2021-01-13 20:29 - 000000000 ____D C:\Users\Predator\AppData\Local\ElevatedDiagnostics
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-24 14:07 - 2020-05-29 00:50 - 000000000 ____D C:\ProgramData\NVIDIA
2021-01-24 13:51 - 2019-12-07 13:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-24 13:38 - 2020-06-25 16:43 - 001755600 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-01-24 13:38 - 2020-06-25 15:29 - 000778836 _____ C:\WINDOWS\system32\perfh019.dat
2021-01-24 13:38 - 2020-06-25 15:29 - 000157542 _____ C:\WINDOWS\system32\perfc019.dat
2021-01-24 13:38 - 2019-12-07 13:13 - 000000000 ____D C:\WINDOWS\INF
2021-01-24 13:34 - 2020-06-25 15:38 - 000000000 ____D C:\Users\Predator
2021-01-24 13:34 - 2020-06-06 08:03 - 000001302 _____ C:\Users\Predator\Desktop\Box.lnk
2021-01-24 13:33 - 2020-06-25 16:43 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-24 13:33 - 2020-06-25 16:39 - 000008192 ___SH C:\DumpStack.log.tmp
2021-01-24 13:33 - 2020-05-27 22:23 - 000000000 __SHD C:\Users\Predator\IntelGraphicsProfiles
2021-01-24 13:33 - 2020-05-27 22:23 - 000000000 ____D C:\Intel
2021-01-24 13:33 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-01-24 13:33 - 2019-12-07 13:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-01-24 13:04 - 2020-08-16 15:48 - 000000000 ____D C:\Users\Predator\AppData\Local\BitTorrentHelper
2021-01-24 13:04 - 2020-08-16 15:47 - 000000000 ____D C:\Users\Predator\AppData\Roaming\uTorrent Web
2021-01-24 12:50 - 2020-12-23 20:14 - 000003790 _____ C:\WINDOWS\system32\Tasks\Optimize Thumbnail Cache
2021-01-24 12:50 - 2020-06-01 11:27 - 000000000 ____D C:\Program Files (x86)\Steam
2021-01-24 12:18 - 2020-06-01 10:12 - 000000000 ____D C:\Program Files\Microsoft Office
2021-01-24 11:56 - 2020-06-25 16:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-01-24 10:06 - 2020-08-25 16:45 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Dabble
2021-01-24 07:33 - 2020-06-01 11:23 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Slack
2021-01-24 07:12 - 2019-12-07 13:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-24 07:12 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-01-24 07:06 - 2020-09-03 22:16 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-24 07:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-01-23 12:04 - 2020-06-23 15:07 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Code
2021-01-22 19:16 - 2020-06-08 07:24 - 000000000 ____D C:\Users\Predator\AppData\Local\CrashDumps
2021-01-22 15:16 - 2019-12-07 13:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-01-22 08:33 - 2020-11-08 18:30 - 000000000 ____D C:\Program Files (x86)\Origin
2021-01-22 07:29 - 2020-05-27 22:20 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-22 07:12 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-01-21 20:55 - 2020-11-08 18:28 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Origin
2021-01-21 20:55 - 2020-11-08 18:28 - 000000000 ____D C:\ProgramData\Origin
2021-01-21 20:40 - 2020-11-09 21:11 - 000000000 ____D C:\Program Files (x86)\Origin Games
2021-01-21 20:40 - 2020-11-08 18:28 - 000000000 ____D C:\Users\Predator\AppData\Local\Origin
2021-01-21 20:18 - 2020-07-30 21:11 - 000007586 _____ C:\Users\Predator\AppData\Local\Resmon.ResmonCfg
2021-01-21 19:26 - 2020-07-09 08:40 - 000000000 ____D C:\Users\Predator\AppData\Roaming\obs-studio
2021-01-21 17:50 - 2020-11-02 17:19 - 000000000 ____D C:\Users\Predator\AppData\Local\Plex Media Server
2021-01-21 15:43 - 2020-06-23 15:07 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Studio Code
2021-01-21 15:39 - 2020-08-24 13:26 - 000000000 ____D C:\ProgramData\chocolatey
2021-01-21 15:37 - 2020-05-28 00:18 - 000000000 ____D C:\Users\Predator\AppData\Local\Packages
2021-01-21 15:37 - 2020-05-27 22:25 - 000000000 ____D C:\ProgramData\Packages
2021-01-21 15:26 - 2020-05-29 00:31 - 000000000 ____D C:\ProgramData\Package Cache
2021-01-21 11:12 - 2020-05-29 00:44 - 000000000 ____D C:\ProgramData\Acer
2021-01-21 10:48 - 2020-06-25 16:39 - 000312784 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-01-21 08:20 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2021-01-21 08:20 - 2019-12-07 13:14 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2021-01-21 08:05 - 2020-06-25 15:27 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-01-21 08:05 - 2019-12-07 13:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-01-21 08:00 - 2020-05-27 22:24 - 000000000 ____D C:\Users\Predator\AppData\Local\D3DSCache
2021-01-20 22:16 - 2020-08-16 15:47 - 000001919 _____ C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent Web.lnk
2021-01-19 08:15 - 2020-06-23 10:15 - 000000000 ____D C:\Users\Predator\AppData\Roaming\immutable-launcher
2021-01-18 08:19 - 2020-12-15 07:13 - 000000000 ____D C:\Program Files (x86)\Epic Games
2021-01-18 08:15 - 2020-05-29 00:33 - 000000000 ____D C:\Program Files (x86)\Intel
2021-01-17 21:59 - 2020-11-09 23:31 - 000000000 ___HD C:\Program Files\Common Files\EAInstaller
2021-01-14 16:58 - 2020-05-27 22:20 - 000000000 ____D C:\Users\Predator\AppData\Local\PlaceholderTileLogoFolder
2021-01-13 21:23 - 2019-03-19 08:52 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-01-13 13:25 - 2020-06-25 21:29 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-01-13 13:25 - 2019-12-07 18:48 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-13 13:25 - 2019-12-07 18:48 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-13 13:25 - 2019-12-07 18:44 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\IME
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-13 12:55 - 2019-12-07 13:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-01-13 12:52 - 2020-06-25 16:43 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-01-13 07:09 - 2020-05-27 22:38 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-01-13 07:08 - 2020-05-27 22:38 - 135062968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-01-12 20:58 - 2020-07-09 09:41 - 000000000 ____D C:\Users\Predator\AppData\Roaming\vlc
2021-01-12 07:25 - 2020-06-01 11:23 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies Inc
2021-01-12 07:25 - 2020-06-01 11:23 - 000000000 ____D C:\Users\Predator\AppData\Local\slack
2021-01-12 07:24 - 2020-05-27 22:41 - 000000000 ____D C:\Users\Predator\AppData\Local\SquirrelTemp
2021-01-09 08:49 - 2020-06-01 10:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-01-08 15:17 - 2020-06-06 08:00 - 000002509 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Box Drive.lnk
2021-01-07 10:42 - 2020-06-01 11:23 - 000000000 ____D C:\Users\Predator\AppData\Local\NordVPN
2021-01-07 10:41 - 2020-10-15 10:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordSec
2021-01-07 10:41 - 2020-08-13 13:05 - 000000000 ____D C:\ProgramData\NordVPN
2021-01-07 10:41 - 2020-08-13 13:05 - 000000000 ____D C:\Program Files\NordVPN
2021-01-04 18:43 - 2020-06-26 15:40 - 007115280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2021-01-03 09:18 - 2020-08-30 16:20 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Anki2
2021-01-02 21:44 - 2020-07-09 14:51 - 000000000 ____D C:\Users\Predator\OneDrive\Documents\The Witcher 3
==================== Files in the root of some directories ========
2020-07-30 21:11 - 2021-01-21 20:18 - 000007586 _____ () C:\Users\Predator\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
For a few days, some kind of script automatically triggers the "Use setup script" option in my Internet proxy settings, which were disabled before. It links to a script address called http:/ / 127.0.0.1:86/ (spaces added so people don't accidentally click it) that downloads a .txt file called "download" which seems to track my browsing behavior on popular websites like Google, Amazon, Ebay, etc. I deleted the .txt file and it hasn't reappeared so far. But every time I delete any mention of 127.0.0.1:86 in my regedit, it returns whenever I use Chrome. The same for the proxy settings: "Use setup script" is triggered with the IP script address every time I use Chrome.
So I ran FRST64. Here is the FRST.txt file:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-01-2021
Ran by Predator (administrator) on PIXELATOR (Acer Predator PH315-52) (24-01-2021 14:31:40)
Running from C:\Users\Predator\Downloads
Loaded Profiles: Predator
Platform: Windows 10 Enterprise Version 20H2 19042.746 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdntwrk.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe <3>
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdtrackersnmh.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
(Cold Turkey Software, Inc. -> ) C:\Program Files\Cold Turkey\ServiceHub.Helper.exe
(Cold Turkey Software, Inc. -> ) C:\Program Files\Cold Turkey\ServiceHub.Power.exe
(Cold Turkey Software, Inc. -> Cold Turkey Software Inc.) C:\Program Files\Cold Turkey\Cold Turkey Blocker.exe
(Cold Turkey Software, Inc. -> Cold Turkey Software Inc.) C:\Program Files\Cold Turkey\CTMsgHostChrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <28>
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Extreme Tuning Utility -> Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvaci.inf_amd64_5691fa6e0332f879\Display.NvContainer\NVDisplay.Container.exe <2>
(Plex, Inc. -> Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1082592 2020-02-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo77ac.inf_amd64_b71853ad38306f1c\WavesSvc64.exe [1597528 2019-12-23] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [Box] => C:\Program Files\Box\Box\Box.exe [6387944 2020-12-21] (Box, Inc. -> Box, Inc.)
HKLM\...\Run: [cfmon] => C:\Windows\System32\ctfmon.exe [11264 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\MountPoints2: {0dafccc4-bf41-11ea-b3a1-50e085ba1633} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-18\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [21233264 2021-01-05] (Plex, Inc. -> Plex, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.104\Installer\chrmstp.exe [2021-01-22] (Google LLC -> Google LLC)
GroupPolicy\User: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {11810E54-6E06-4D99-BACE-B4746BEB1B98} - System32\Tasks\Power_a17007 => C:\Program Files\Cold Turkey\CTServiceInstaller.exe [20224 2021-01-10] (Cold Turkey Software, Inc. -> Cold Turkey Software Inc.)
Task: {4ED77466-76A7-4A21-8142-2B6E739FD744} - System32\Tasks\Optimize Thumbnail Cache => C:\Program Files (x86)\Common Files\installshield\engine\8\intel 32\isupdate.exe [61104 2020-09-26] (Flexera Software LLC -> InstallShield®) [File not signed]
Task: {A6035921-0766-4EC2-908B-95C79185BB4E} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [895080 2020-10-28] (Bitdefender SRL -> Bitdefender)
Task: {AB949040-EA4A-412A-BCF5-736D5E5FDF87} - System32\Tasks\InstallShield® Setup Engine Kernel => C:\Program Files (x86)\Common Files\installshield\engine\8\intel 32\iKernel.exe [72880 2020-10-16] (Flexera Software LLC -> InstallShield Software Corporation) [File not signed]
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\Driver Easy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings)
AutoConfigURL: [HKLM] => hxxp://127.0.0.1:86/
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{90002c76-16bd-4c5f-bf9b-fa5571ee34eb}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{cf3f026a-e4fb-46f4-b342-96e9ddaa1fda}: [DhcpNameServer] 192.168.1.1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Predator\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-21]
Edge Extension: (Outlook) - C:\Users\Predator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2020-10-19]
Edge Extension: (Cold Turkey Blocker) - C:\Users\Predator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jfphahkinplobmabmgjmjgflbhjjddeb [2021-01-19]
Edge Extension: (Excel) - C:\Users\Predator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2020-10-19]
Edge Extension: (PowerPoint) - C:\Users\Predator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2020-10-19]
FireFox:
========
FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi [2020-07-16] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/wallet/updates.json ]
FF HKLM\...\Firefox\Extensions: [bdtbe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi
FF Extension: (Bitdefender Anti-tracker) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi [2020-09-17] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/antitracker/updates.json ]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2020-12-08] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
FF HKLM-x32\...\Firefox\Extensions: [bdtbe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-09-15] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-09-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default [2021-01-24]
CHR Notifications: Default -> hxxps://calendar.google.com
CHR HomePage: Default -> hxxp://www.bbc.co.uk/news/
CHR Extension: (Google Translate) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2021-01-08]
CHR Extension: (Slides) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-05-27]
CHR Extension: (Docs) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-05-27]
CHR Extension: (Google Drive) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-25]
CHR Extension: (ColorZilla) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2020-10-26]
CHR Extension: (Hypothesis - Web & PDF Annotation) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjfhmglciegochdpefhhlphglcehbmek [2021-01-22]
CHR Extension: (James White) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm [2021-01-06]
CHR Extension: (YouTube) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-05-27]
CHR Extension: (Remember The Milk) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\chdiaibgndcpagmnpkjoelgfkommjbni [2020-06-01]
CHR Extension: (Adblock for Youtube™) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2021-01-16]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2020-09-07]
CHR Extension: (Readwise Exporter) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnokljebgljnegkchppjijnhbcjmejdj [2020-11-30]
CHR Extension: (Adobe Acrobat) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-12-15]
CHR Extension: (Readwise) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\egfepjgjabnppmaiadpedbgadkcelcbd [2020-11-30]
CHR Extension: (Sheets) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-05-27]
CHR Extension: (Google Docs Offline) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-17]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2021-01-21]
CHR Extension: (World Time Buddy) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdhpjomiingppeefgnohkiapmnaeakoj [2020-06-01]
CHR Extension: (Grammarly for Chrome) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-01-24]
CHR Extension: (Bitdefender Anti-tracker) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\khndhdhbebhaddchcgnalcjlaekbbeof [2021-01-21]
CHR Extension: (Evernote Web) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2020-06-01]
CHR Extension: (Save to Pocket) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2020-11-10]
CHR Extension: (MetaMask) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2021-01-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-05-27]
CHR Extension: (Buffer) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\noojglkidnpfjbincgijbaiedldjfbhh [2020-11-05]
CHR Extension: (Toggl Track: Productivity & Time Tracker) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejgccbfbmkkpaidnkphaiaecficdnfn [2020-12-03]
CHR Extension: (Cold Turkey Blocker) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pganeibhckoanndahmnfggfoeofncnii [2021-01-19]
CHR Extension: (Gmail) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-24]
CHR Extension: (Writer) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnengefjfhgcceajaepbjhanoojifmog [2020-06-01]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl]
CHR HKLM-x32\...\Chrome\Extension: [khndhdhbebhaddchcgnalcjlaekbbeof]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
R2 BDAuxSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [803576 2020-10-02] (Bitdefender SRL -> Bitdefender)
R2 BDProtSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [803576 2020-10-02] (Bitdefender SRL -> Bitdefender)
R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2195344 2018-03-22] (Bitdefender SRL -> Bitdefender)
S2 BoxUpdateSvc; C:\Program Files\Box\Box\Box.Desktop.UpdateService.exe [98000 2020-12-21] (Box, Inc. -> Box, Inc.)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8960384 2021-01-19] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2020-10-14] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [439880 2021-01-05] (Epic Games Inc. -> Epic Games, Inc.)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [287720 2020-10-19] (NVIDIA Corporation -> NVIDIA)
S2 Killer Network Service; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe [2616424 2019-06-17] (Rivet Networks LLC -> Rivet Networks)
S2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [275200 2020-10-16] (TEFINCOM S.A. -> TEFINCOM S.A.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2533952 2021-01-20] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3479112 2021-01-20] (Electronic Arts, Inc. -> Electronic Arts)
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [1427568 2021-01-05] (Plex, Inc. -> Plex, Inc.)
R2 Power_a17007; C:\Program Files\Cold Turkey\ServiceHub.Power.exe [111096 2020-11-13] (Cold Turkey Software, Inc. -> )
S2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1355768 2020-10-28] (Bitdefender SRL -> Bitdefender)
S3 PSSvc; C:\Program Files\Acer\PredatorSense Service\PSSvc.exe [979736 2019-10-09] (Acer Incorporated -> Acer Incorporated)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [170840 2020-11-13] (Bitdefender SRL -> Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [803576 2020-10-02] (Bitdefender SRL -> Bitdefender)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 xTendSoftAPService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\xTendSoftAPService.exe [72808 2019-06-17] (Rivet Networks LLC -> Rivet Networks, LLC.)
S2 xTendUtilityService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\xTendUtilityService.exe [72816 2019-06-17] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvaci.inf_amd64_5691fa6e0332f879\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvaci.inf_amd64_5691fa6e0332f879\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AcerAirplaneModeController; C:\WINDOWS\System32\drivers\AcerAirplaneModeController.sys [30168 2020-05-12] (Acer Incorporated -> Acer Incorporated)
R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [2151624 2020-09-16] (Bitdefender SRL -> Bitdefender S.R.L. Bucharest, ROMANIA)
R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [796200 2020-05-26] (Bitdefender SRL -> Bitdefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [22960 2019-03-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
R0 bdprivmon; C:\WINDOWS\System32\DRIVERS\bdprivmon.sys [46056 2020-01-17] (Bitdefender SRL -> © Bitdefender SRL)
R1 cbfsconnect2017; C:\Windows\system32\drivers\cbfsconnect2017.sys [480272 2019-10-07] (Microsoft Windows Hardware Compatibility Publisher -> Callback Technologies, Inc.)
R0 Gemma; C:\WINDOWS\System32\DRIVERS\gemma.sys [473608 2020-09-14] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [195232 2020-09-03] (Bitdefender SRL -> BitDefender LLC)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [57728 2021-01-21] (SurfRight B.V. -> )
R2 Ignis; C:\WINDOWS\system32\DRIVERS\ignis.sys [185312 2020-10-07] (Bitdefender SRL -> Bitdefender)
R3 KfeCoSvc; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KfeCo10X64.sys [162432 2019-06-17] (Rivet Networks LLC -> Rivet Networks, LLC.)
S2 NDivert; C:\WINDOWS\System32\drivers\NDivert.sys [101600 2020-12-29] (TEFINCOM S.A. -> )
R3 nlwt; C:\WINDOWS\System32\drivers\nlwt.sys [39360 2020-10-25] (TEFINCOM S.A. -> WireGuard LLC)
R1 nordlwf; C:\WINDOWS\system32\DRIVERS\nordlwf.sys [38608 2020-07-10] (TEFINCOM S.A. -> TEFINCOM S.A.)
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [640760 2020-06-09] (Bitdefender SRL -> Bitdefender)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
S1 amsdk; \??\C:\WINDOWS\system32\drivers\amsdk.sys [X]
S3 cpuz148; \??\C:\WINDOWS\temp\cpuz148\cpuz148_x64.sys [X]
S3 semav6msr64; \??\C:\WINDOWS\system32\drivers\semav6msr64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-24 13:49 - 2021-01-24 14:32 - 000021805 _____ C:\Users\Predator\Downloads\FRST.txt
2021-01-24 13:48 - 2021-01-24 14:31 - 000000000 ____D C:\FRST
2021-01-24 13:46 - 2021-01-24 13:46 - 002296832 _____ (Farbar) C:\Users\Predator\Downloads\FRST64.exe
2021-01-24 12:54 - 2021-01-24 12:54 - 008457584 _____ (Malwarebytes) C:\Users\Predator\Downloads\adwcleaner_8.0.9.1.exe
2021-01-24 12:53 - 2021-01-24 12:53 - 000003802 _____ C:\WINDOWS\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2021-01-24 12:53 - 2021-01-24 12:53 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-24 12:53 - 2021-01-24 12:53 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-01-24 12:51 - 2021-01-24 12:51 - 000003866 _____ C:\WINDOWS\system32\Tasks\Power_a17007
2021-01-24 12:50 - 2021-01-24 12:50 - 000003430 _____ C:\WINDOWS\system32\Tasks\InstallShield® Setup Engine Kernel
2021-01-21 16:43 - 2021-01-23 12:03 - 000029734 _____ C:\Users\Predator\.babel.json
2021-01-21 16:08 - 2021-01-21 16:08 - 000000000 ____D C:\Users\Predator\AppData\Local\node-gyp
2021-01-21 16:07 - 2021-01-22 16:37 - 000000000 ____D C:\Users\Predator\eth_swap
2021-01-21 15:49 - 2021-01-21 15:49 - 000000290 _____ C:\Users\Predator\.gitconfig
2021-01-21 15:49 - 2021-01-21 15:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
2021-01-21 15:49 - 2021-01-21 15:49 - 000000000 ____D C:\Program Files\Git
2021-01-21 15:38 - 2021-01-23 11:15 - 000000000 ____D C:\Users\Predator\AppData\Roaming\npm-cache
2021-01-21 15:38 - 2021-01-21 15:38 - 000000000 ____D C:\Users\Predator\.config
2021-01-21 15:37 - 2021-01-21 15:37 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Ganache
2021-01-21 15:26 - 2021-01-21 15:26 - 000000000 ____D C:\Users\Predator\AppData\Local\Package Cache
2021-01-21 15:26 - 2021-01-21 15:26 - 000000000 ____D C:\Python39
2021-01-21 15:26 - 2021-01-21 15:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.9
2021-01-21 15:25 - 2021-01-21 15:25 - 000000000 ____D C:\Users\Predator\AppData\Roaming\NuGet
2021-01-21 15:24 - 2021-01-21 15:38 - 000000000 ____D C:\Users\Predator\AppData\Roaming\npm
2021-01-21 15:24 - 2021-01-21 15:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js
2021-01-21 15:24 - 2021-01-21 15:24 - 000000000 ____D C:\Program Files\nodejs
2021-01-21 12:13 - 2021-01-21 12:13 - 000000312 _____ C:\WINDOWS\system32\.crusader
2021-01-21 12:10 - 2021-01-21 12:14 - 000057728 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2021-01-21 11:48 - 2021-01-21 12:30 - 000064959 _____ C:\WINDOWS\ZAM.krnl.trace
2021-01-21 11:48 - 2021-01-21 12:30 - 000000000 ____D C:\Users\Predator\AppData\Local\AMSDK
2021-01-21 11:48 - 2021-01-21 11:48 - 000000000 ____D C:\Users\Predator\AppData\Local\Zemana
2021-01-21 11:10 - 2021-01-21 11:12 - 000000000 ____D C:\AdwCleaner
2021-01-21 10:54 - 2021-01-21 11:04 - 000477624 _____ C:\WINDOWS\ntbtlog.txt
2021-01-21 10:54 - 2021-01-21 10:54 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2021-01-21 10:49 - 2021-01-21 10:49 - 000099608 _____ C:\ProgramData\vpn.uninstall.1611211736.bdinstall.v2.bin
2021-01-21 08:17 - 2021-01-21 08:17 - 000196800 _____ C:\ProgramData\vpn.1611202658.bdinstall.v2.bin
2021-01-21 08:10 - 2021-01-21 08:19 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2021-01-21 08:10 - 2021-01-21 08:10 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\4524E26C.sys
2021-01-21 08:10 - 2021-01-21 08:10 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2021-01-21 08:10 - 2021-01-21 08:10 - 000000000 ____D C:\Program Files (x86)\Malwarebytes
2021-01-21 08:09 - 2021-01-21 08:09 - 000765208 _____ C:\ProgramData\cl.1611201876.bdinstall.v2.bin
2021-01-21 08:09 - 2021-01-21 08:09 - 000102248 _____ C:\ProgramData\cl.kit.1611201875.bdinstall.v2.bin
2021-01-21 08:09 - 2021-01-21 08:09 - 000000000 ____D C:\WINDOWS\system32\elambkup
2021-01-21 08:09 - 2021-01-21 08:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender Security
2021-01-21 08:09 - 2021-01-21 08:09 - 000000000 ____D C:\ProgramData\Gemma
2021-01-21 08:09 - 2021-01-21 08:09 - 000000000 ____D C:\ProgramData\BDLogging
2021-01-21 08:09 - 2020-09-16 13:26 - 002151624 _____ (Bitdefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\atc.sys
2021-01-21 08:09 - 2020-09-14 14:26 - 000473608 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\gemma.sys
2021-01-21 08:09 - 2020-05-26 13:23 - 000796200 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bddci.sys
2021-01-21 08:09 - 2020-01-17 02:03 - 000046056 _____ (© Bitdefender SRL) C:\WINDOWS\system32\Drivers\bdprivmon.sys
2021-01-21 08:09 - 2019-03-21 00:12 - 000022960 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
2021-01-21 08:08 - 2021-01-21 10:54 - 000000000 ____D C:\Program Files\Bitdefender
2021-01-21 08:08 - 2021-01-21 09:14 - 000000000 ____D C:\ProgramData\Bitdefender
2021-01-21 08:08 - 2021-01-21 08:08 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Bitdefender
2021-01-21 08:08 - 2020-10-07 11:30 - 000185312 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\ignis.sys
2021-01-21 08:08 - 2020-09-03 05:20 - 000195232 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2021-01-21 08:08 - 2020-06-09 17:13 - 000640760 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\trufos.sys
2021-01-21 08:04 - 2021-01-21 08:08 - 000000000 ____D C:\Program Files\Common Files\Bitdefender
2021-01-21 07:55 - 2021-01-21 08:14 - 000000000 ____D C:\Program Files\Bitdefender Agent
2021-01-21 07:55 - 2021-01-21 07:55 - 000117564 _____ C:\ProgramData\agent.1611201317.bdinstall.v2.bin
2021-01-21 07:55 - 2021-01-21 07:55 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2021-01-21 07:51 - 2021-01-21 07:51 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000025-000000.txt
2021-01-21 07:48 - 2021-01-21 08:10 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-01-20 22:21 - 2021-01-20 22:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2021-01-20 14:45 - 2021-01-20 14:45 - 000001425 _____ C:\WINDOWS\system32\default_error_stack-000024-000000.txt
2021-01-20 14:45 - 2021-01-20 14:45 - 000000000 ____D C:\WINDOWS\Panther
2021-01-19 08:10 - 2021-01-24 14:33 - 000000000 ____D C:\ProgramData\Cold Turkey
2021-01-19 08:10 - 2021-01-19 08:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cold Turkey Software
2021-01-19 08:10 - 2021-01-19 08:10 - 000000000 ____D C:\Program Files\Cold Turkey
2021-01-18 07:29 - 2021-01-18 07:29 - 000001425 _____ C:\WINDOWS\system32\default_error_stack-000023-000000.txt
2021-01-18 07:08 - 2021-01-18 07:10 - 000000000 ____D C:\Users\Predator\OneDrive\Documents\STAR WARS Battlefront II
2021-01-18 07:08 - 2021-01-18 07:08 - 000000000 ____D C:\Users\Predator\AppData\Local\STAR WARS Battlefront II
2021-01-13 21:23 - 2021-01-21 07:52 - 000000258 __RSH C:\ProgramData\ntuser.pol
2021-01-13 13:25 - 2021-01-13 13:25 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000022-000000.txt
2021-01-13 12:53 - 2021-01-13 12:53 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 001162240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-01-13 12:53 - 2021-01-13 12:53 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-13 12:53 - 2021-01-13 12:53 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-13 12:53 - 2021-01-13 12:53 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-13 12:53 - 2021-01-13 12:53 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-13 12:53 - 2021-01-13 12:53 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000467968 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-13 12:53 - 2021-01-13 12:53 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-13 12:53 - 2021-01-13 12:53 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-13 12:53 - 2021-01-13 12:53 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-13 12:53 - 2021-01-13 12:53 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-01-13 12:53 - 2021-01-13 12:53 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-01-13 12:53 - 2021-01-13 12:53 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-13 12:53 - 2021-01-13 12:53 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-13 12:53 - 2021-01-13 12:53 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-13 12:53 - 2021-01-13 12:53 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000010894 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-01-13 12:52 - 2021-01-13 12:52 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-13 12:52 - 2021-01-13 12:52 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-01-13 12:52 - 2021-01-13 12:52 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-01-13 12:52 - 2021-01-13 12:52 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-01-08 20:11 - 2021-01-04 18:49 - 001855192 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-01-08 20:11 - 2021-01-04 18:49 - 001855192 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-01-08 20:11 - 2021-01-04 18:49 - 001435864 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-01-08 20:11 - 2021-01-04 18:49 - 001435864 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-01-08 20:11 - 2021-01-04 18:49 - 000948952 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-01-08 20:11 - 2021-01-04 18:49 - 000948952 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-01-08 20:11 - 2021-01-04 18:48 - 001454488 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-01-08 20:11 - 2021-01-04 18:48 - 001193880 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-01-08 20:11 - 2021-01-04 18:48 - 001094880 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-01-08 20:11 - 2021-01-04 18:48 - 001094880 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 001512856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 001165720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 000690072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2021-01-08 20:11 - 2021-01-04 18:46 - 000680856 _____ C:\WINDOWS\system32\nvofapi64.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 000673688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 000610712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 000559000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 000548248 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 008262552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 007393176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 004612504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 002731928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 002104216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 001589144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 000813976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 000657816 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 000447384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2021-01-08 20:11 - 2021-01-04 18:44 - 000850840 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2021-01-08 20:11 - 2021-01-04 18:43 - 006071032 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2021-01-08 20:11 - 2020-12-31 18:01 - 000084159 _____ C:\WINDOWS\system32\nvinfo.pb
2021-01-08 15:16 - 2021-01-08 15:16 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000021-000000.txt
2021-01-08 14:53 - 2021-01-19 07:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-Link
2021-01-08 14:53 - 2021-01-19 07:51 - 000000000 ____D C:\Program Files (x86)\TP-Link
2021-01-08 14:53 - 2021-01-08 15:29 - 000000000 ____D C:\Users\Predator\AppData\Roaming\tpPLC
2021-01-08 14:53 - 2021-01-08 14:53 - 000000000 ____D C:\Users\Predator\AppData\Local\Downloaded Installations
2021-01-07 10:41 - 2020-12-29 17:02 - 000101600 _____ C:\WINDOWS\system32\Drivers\NDivert.sys
2021-01-05 15:55 - 2021-01-05 15:55 - 000000000 ____D C:\Users\Predator\AppData\LocalLow\Team Cherry
2020-12-29 08:57 - 2020-12-29 08:57 - 000001781 _____ C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MaxxAudio by Waves – Speaker Audio Control and Nx 3D Sound.lnk
2020-12-29 08:50 - 2020-12-29 08:50 - 000000000 ____D C:\WINDOWS\Firmware
2020-12-27 19:47 - 2021-01-13 20:29 - 000000000 ____D C:\Users\Predator\AppData\Local\ElevatedDiagnostics
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-24 14:07 - 2020-05-29 00:50 - 000000000 ____D C:\ProgramData\NVIDIA
2021-01-24 13:51 - 2019-12-07 13:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-24 13:38 - 2020-06-25 16:43 - 001755600 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-01-24 13:38 - 2020-06-25 15:29 - 000778836 _____ C:\WINDOWS\system32\perfh019.dat
2021-01-24 13:38 - 2020-06-25 15:29 - 000157542 _____ C:\WINDOWS\system32\perfc019.dat
2021-01-24 13:38 - 2019-12-07 13:13 - 000000000 ____D C:\WINDOWS\INF
2021-01-24 13:34 - 2020-06-25 15:38 - 000000000 ____D C:\Users\Predator
2021-01-24 13:34 - 2020-06-06 08:03 - 000001302 _____ C:\Users\Predator\Desktop\Box.lnk
2021-01-24 13:33 - 2020-06-25 16:43 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-24 13:33 - 2020-06-25 16:39 - 000008192 ___SH C:\DumpStack.log.tmp
2021-01-24 13:33 - 2020-05-27 22:23 - 000000000 __SHD C:\Users\Predator\IntelGraphicsProfiles
2021-01-24 13:33 - 2020-05-27 22:23 - 000000000 ____D C:\Intel
2021-01-24 13:33 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-01-24 13:33 - 2019-12-07 13:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-01-24 13:04 - 2020-08-16 15:48 - 000000000 ____D C:\Users\Predator\AppData\Local\BitTorrentHelper
2021-01-24 13:04 - 2020-08-16 15:47 - 000000000 ____D C:\Users\Predator\AppData\Roaming\uTorrent Web
2021-01-24 12:50 - 2020-12-23 20:14 - 000003790 _____ C:\WINDOWS\system32\Tasks\Optimize Thumbnail Cache
2021-01-24 12:50 - 2020-06-01 11:27 - 000000000 ____D C:\Program Files (x86)\Steam
2021-01-24 12:18 - 2020-06-01 10:12 - 000000000 ____D C:\Program Files\Microsoft Office
2021-01-24 11:56 - 2020-06-25 16:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-01-24 10:06 - 2020-08-25 16:45 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Dabble
2021-01-24 07:33 - 2020-06-01 11:23 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Slack
2021-01-24 07:12 - 2019-12-07 13:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-24 07:12 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-01-24 07:06 - 2020-09-03 22:16 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-24 07:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-01-23 12:04 - 2020-06-23 15:07 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Code
2021-01-22 19:16 - 2020-06-08 07:24 - 000000000 ____D C:\Users\Predator\AppData\Local\CrashDumps
2021-01-22 15:16 - 2019-12-07 13:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-01-22 08:33 - 2020-11-08 18:30 - 000000000 ____D C:\Program Files (x86)\Origin
2021-01-22 07:29 - 2020-05-27 22:20 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-22 07:12 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-01-21 20:55 - 2020-11-08 18:28 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Origin
2021-01-21 20:55 - 2020-11-08 18:28 - 000000000 ____D C:\ProgramData\Origin
2021-01-21 20:40 - 2020-11-09 21:11 - 000000000 ____D C:\Program Files (x86)\Origin Games
2021-01-21 20:40 - 2020-11-08 18:28 - 000000000 ____D C:\Users\Predator\AppData\Local\Origin
2021-01-21 20:18 - 2020-07-30 21:11 - 000007586 _____ C:\Users\Predator\AppData\Local\Resmon.ResmonCfg
2021-01-21 19:26 - 2020-07-09 08:40 - 000000000 ____D C:\Users\Predator\AppData\Roaming\obs-studio
2021-01-21 17:50 - 2020-11-02 17:19 - 000000000 ____D C:\Users\Predator\AppData\Local\Plex Media Server
2021-01-21 15:43 - 2020-06-23 15:07 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Studio Code
2021-01-21 15:39 - 2020-08-24 13:26 - 000000000 ____D C:\ProgramData\chocolatey
2021-01-21 15:37 - 2020-05-28 00:18 - 000000000 ____D C:\Users\Predator\AppData\Local\Packages
2021-01-21 15:37 - 2020-05-27 22:25 - 000000000 ____D C:\ProgramData\Packages
2021-01-21 15:26 - 2020-05-29 00:31 - 000000000 ____D C:\ProgramData\Package Cache
2021-01-21 11:12 - 2020-05-29 00:44 - 000000000 ____D C:\ProgramData\Acer
2021-01-21 10:48 - 2020-06-25 16:39 - 000312784 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-01-21 08:20 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2021-01-21 08:20 - 2019-12-07 13:14 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2021-01-21 08:05 - 2020-06-25 15:27 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-01-21 08:05 - 2019-12-07 13:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-01-21 08:00 - 2020-05-27 22:24 - 000000000 ____D C:\Users\Predator\AppData\Local\D3DSCache
2021-01-20 22:16 - 2020-08-16 15:47 - 000001919 _____ C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent Web.lnk
2021-01-19 08:15 - 2020-06-23 10:15 - 000000000 ____D C:\Users\Predator\AppData\Roaming\immutable-launcher
2021-01-18 08:19 - 2020-12-15 07:13 - 000000000 ____D C:\Program Files (x86)\Epic Games
2021-01-18 08:15 - 2020-05-29 00:33 - 000000000 ____D C:\Program Files (x86)\Intel
2021-01-17 21:59 - 2020-11-09 23:31 - 000000000 ___HD C:\Program Files\Common Files\EAInstaller
2021-01-14 16:58 - 2020-05-27 22:20 - 000000000 ____D C:\Users\Predator\AppData\Local\PlaceholderTileLogoFolder
2021-01-13 21:23 - 2019-03-19 08:52 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-01-13 13:25 - 2020-06-25 21:29 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-01-13 13:25 - 2019-12-07 18:48 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-13 13:25 - 2019-12-07 18:48 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-13 13:25 - 2019-12-07 18:44 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\IME
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-13 12:55 - 2019-12-07 13:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-01-13 12:52 - 2020-06-25 16:43 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-01-13 07:09 - 2020-05-27 22:38 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-01-13 07:08 - 2020-05-27 22:38 - 135062968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-01-12 20:58 - 2020-07-09 09:41 - 000000000 ____D C:\Users\Predator\AppData\Roaming\vlc
2021-01-12 07:25 - 2020-06-01 11:23 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies Inc
2021-01-12 07:25 - 2020-06-01 11:23 - 000000000 ____D C:\Users\Predator\AppData\Local\slack
2021-01-12 07:24 - 2020-05-27 22:41 - 000000000 ____D C:\Users\Predator\AppData\Local\SquirrelTemp
2021-01-09 08:49 - 2020-06-01 10:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-01-08 15:17 - 2020-06-06 08:00 - 000002509 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Box Drive.lnk
2021-01-07 10:42 - 2020-06-01 11:23 - 000000000 ____D C:\Users\Predator\AppData\Local\NordVPN
2021-01-07 10:41 - 2020-10-15 10:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordSec
2021-01-07 10:41 - 2020-08-13 13:05 - 000000000 ____D C:\ProgramData\NordVPN
2021-01-07 10:41 - 2020-08-13 13:05 - 000000000 ____D C:\Program Files\NordVPN
2021-01-04 18:43 - 2020-06-26 15:40 - 007115280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2021-01-03 09:18 - 2020-08-30 16:20 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Anki2
2021-01-02 21:44 - 2020-07-09 14:51 - 000000000 ____D C:\Users\Predator\OneDrive\Documents\The Witcher 3
==================== Files in the root of some directories ========
2020-07-30 21:11 - 2021-01-21 20:18 - 000007586 _____ () C:\Users\Predator\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================