Solved Automatic Proxy Setup Script on Chrome

TDMoor

Posts: 36   +0
Hello,

For a few days, some kind of script automatically triggers the "Use setup script" option in my Internet proxy settings, which were disabled before. It links to a script address called http:/ / 127.0.0.1:86/ (spaces added so people don't accidentally click it) that downloads a .txt file called "download" which seems to track my browsing behavior on popular websites like Google, Amazon, Ebay, etc. I deleted the .txt file and it hasn't reappeared so far. But every time I delete any mention of 127.0.0.1:86 in my regedit, it returns whenever I use Chrome. The same for the proxy settings: "Use setup script" is triggered with the IP script address every time I use Chrome.

So I ran FRST64. Here is the FRST.txt file:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-01-2021
Ran by Predator (administrator) on PIXELATOR (Acer Predator PH315-52) (24-01-2021 14:31:40)
Running from C:\Users\Predator\Downloads
Loaded Profiles: Predator
Platform: Windows 10 Enterprise Version 20H2 19042.746 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdntwrk.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe <3>
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdtrackersnmh.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
(Cold Turkey Software, Inc. -> ) C:\Program Files\Cold Turkey\ServiceHub.Helper.exe
(Cold Turkey Software, Inc. -> ) C:\Program Files\Cold Turkey\ServiceHub.Power.exe
(Cold Turkey Software, Inc. -> Cold Turkey Software Inc.) C:\Program Files\Cold Turkey\Cold Turkey Blocker.exe
(Cold Turkey Software, Inc. -> Cold Turkey Software Inc.) C:\Program Files\Cold Turkey\CTMsgHostChrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <28>
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Extreme Tuning Utility -> Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvaci.inf_amd64_5691fa6e0332f879\Display.NvContainer\NVDisplay.Container.exe <2>
(Plex, Inc. -> Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1082592 2020-02-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo77ac.inf_amd64_b71853ad38306f1c\WavesSvc64.exe [1597528 2019-12-23] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [Box] => C:\Program Files\Box\Box\Box.exe [6387944 2020-12-21] (Box, Inc. -> Box, Inc.)
HKLM\...\Run: [cfmon] => C:\Windows\System32\ctfmon.exe [11264 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\MountPoints2: {0dafccc4-bf41-11ea-b3a1-50e085ba1633} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-18\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [21233264 2021-01-05] (Plex, Inc. -> Plex, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.104\Installer\chrmstp.exe [2021-01-22] (Google LLC -> Google LLC)
GroupPolicy\User: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {11810E54-6E06-4D99-BACE-B4746BEB1B98} - System32\Tasks\Power_a17007 => C:\Program Files\Cold Turkey\CTServiceInstaller.exe [20224 2021-01-10] (Cold Turkey Software, Inc. -> Cold Turkey Software Inc.)
Task: {4ED77466-76A7-4A21-8142-2B6E739FD744} - System32\Tasks\Optimize Thumbnail Cache => C:\Program Files (x86)\Common Files\installshield\engine\8\intel 32\isupdate.exe [61104 2020-09-26] (Flexera Software LLC -> InstallShield®) [File not signed]
Task: {A6035921-0766-4EC2-908B-95C79185BB4E} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [895080 2020-10-28] (Bitdefender SRL -> Bitdefender)
Task: {AB949040-EA4A-412A-BCF5-736D5E5FDF87} - System32\Tasks\InstallShield® Setup Engine Kernel => C:\Program Files (x86)\Common Files\installshield\engine\8\intel 32\iKernel.exe [72880 2020-10-16] (Flexera Software LLC -> InstallShield Software Corporation) [File not signed]

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\Driver Easy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings)
AutoConfigURL: [HKLM] => hxxp://127.0.0.1:86/
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{90002c76-16bd-4c5f-bf9b-fa5571ee34eb}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{cf3f026a-e4fb-46f4-b342-96e9ddaa1fda}: [DhcpNameServer] 192.168.1.1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Predator\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-21]
Edge Extension: (Outlook) - C:\Users\Predator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2020-10-19]
Edge Extension: (Cold Turkey Blocker) - C:\Users\Predator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jfphahkinplobmabmgjmjgflbhjjddeb [2021-01-19]
Edge Extension: (Excel) - C:\Users\Predator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2020-10-19]
Edge Extension: (PowerPoint) - C:\Users\Predator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2020-10-19]

FireFox:
========
FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi [2020-07-16] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/wallet/updates.json ]
FF HKLM\...\Firefox\Extensions: [bdtbe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi
FF Extension: (Bitdefender Anti-tracker) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi [2020-09-17] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/antitracker/updates.json ]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2020-12-08] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
FF HKLM-x32\...\Firefox\Extensions: [bdtbe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-09-15] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-09-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default [2021-01-24]
CHR Notifications: Default -> hxxps://calendar.google.com
CHR HomePage: Default -> hxxp://www.bbc.co.uk/news/
CHR Extension: (Google Translate) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2021-01-08]
CHR Extension: (Slides) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-05-27]
CHR Extension: (Docs) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-05-27]
CHR Extension: (Google Drive) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-25]
CHR Extension: (ColorZilla) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2020-10-26]
CHR Extension: (Hypothesis - Web & PDF Annotation) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjfhmglciegochdpefhhlphglcehbmek [2021-01-22]
CHR Extension: (James White) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm [2021-01-06]
CHR Extension: (YouTube) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-05-27]
CHR Extension: (Remember The Milk) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\chdiaibgndcpagmnpkjoelgfkommjbni [2020-06-01]
CHR Extension: (Adblock for Youtube™) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2021-01-16]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2020-09-07]
CHR Extension: (Readwise Exporter) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnokljebgljnegkchppjijnhbcjmejdj [2020-11-30]
CHR Extension: (Adobe Acrobat) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-12-15]
CHR Extension: (Readwise) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\egfepjgjabnppmaiadpedbgadkcelcbd [2020-11-30]
CHR Extension: (Sheets) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-05-27]
CHR Extension: (Google Docs Offline) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-17]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2021-01-21]
CHR Extension: (World Time Buddy) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdhpjomiingppeefgnohkiapmnaeakoj [2020-06-01]
CHR Extension: (Grammarly for Chrome) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-01-24]
CHR Extension: (Bitdefender Anti-tracker) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\khndhdhbebhaddchcgnalcjlaekbbeof [2021-01-21]
CHR Extension: (Evernote Web) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2020-06-01]
CHR Extension: (Save to Pocket) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2020-11-10]
CHR Extension: (MetaMask) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2021-01-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-05-27]
CHR Extension: (Buffer) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\noojglkidnpfjbincgijbaiedldjfbhh [2020-11-05]
CHR Extension: (Toggl Track: Productivity & Time Tracker) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejgccbfbmkkpaidnkphaiaecficdnfn [2020-12-03]
CHR Extension: (Cold Turkey Blocker) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pganeibhckoanndahmnfggfoeofncnii [2021-01-19]
CHR Extension: (Gmail) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-24]
CHR Extension: (Writer) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnengefjfhgcceajaepbjhanoojifmog [2020-06-01]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl]
CHR HKLM-x32\...\Chrome\Extension: [khndhdhbebhaddchcgnalcjlaekbbeof]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
R2 BDAuxSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [803576 2020-10-02] (Bitdefender SRL -> Bitdefender)
R2 BDProtSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [803576 2020-10-02] (Bitdefender SRL -> Bitdefender)
R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2195344 2018-03-22] (Bitdefender SRL -> Bitdefender)
S2 BoxUpdateSvc; C:\Program Files\Box\Box\Box.Desktop.UpdateService.exe [98000 2020-12-21] (Box, Inc. -> Box, Inc.)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8960384 2021-01-19] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2020-10-14] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [439880 2021-01-05] (Epic Games Inc. -> Epic Games, Inc.)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [287720 2020-10-19] (NVIDIA Corporation -> NVIDIA)
S2 Killer Network Service; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe [2616424 2019-06-17] (Rivet Networks LLC -> Rivet Networks)
S2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [275200 2020-10-16] (TEFINCOM S.A. -> TEFINCOM S.A.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2533952 2021-01-20] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3479112 2021-01-20] (Electronic Arts, Inc. -> Electronic Arts)
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [1427568 2021-01-05] (Plex, Inc. -> Plex, Inc.)
R2 Power_a17007; C:\Program Files\Cold Turkey\ServiceHub.Power.exe [111096 2020-11-13] (Cold Turkey Software, Inc. -> )
S2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1355768 2020-10-28] (Bitdefender SRL -> Bitdefender)
S3 PSSvc; C:\Program Files\Acer\PredatorSense Service\PSSvc.exe [979736 2019-10-09] (Acer Incorporated -> Acer Incorporated)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [170840 2020-11-13] (Bitdefender SRL -> Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [803576 2020-10-02] (Bitdefender SRL -> Bitdefender)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 xTendSoftAPService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\xTendSoftAPService.exe [72808 2019-06-17] (Rivet Networks LLC -> Rivet Networks, LLC.)
S2 xTendUtilityService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\xTendUtilityService.exe [72816 2019-06-17] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvaci.inf_amd64_5691fa6e0332f879\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvaci.inf_amd64_5691fa6e0332f879\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AcerAirplaneModeController; C:\WINDOWS\System32\drivers\AcerAirplaneModeController.sys [30168 2020-05-12] (Acer Incorporated -> Acer Incorporated)
R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [2151624 2020-09-16] (Bitdefender SRL -> Bitdefender S.R.L. Bucharest, ROMANIA)
R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [796200 2020-05-26] (Bitdefender SRL -> Bitdefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [22960 2019-03-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
R0 bdprivmon; C:\WINDOWS\System32\DRIVERS\bdprivmon.sys [46056 2020-01-17] (Bitdefender SRL -> © Bitdefender SRL)
R1 cbfsconnect2017; C:\Windows\system32\drivers\cbfsconnect2017.sys [480272 2019-10-07] (Microsoft Windows Hardware Compatibility Publisher -> Callback Technologies, Inc.)
R0 Gemma; C:\WINDOWS\System32\DRIVERS\gemma.sys [473608 2020-09-14] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [195232 2020-09-03] (Bitdefender SRL -> BitDefender LLC)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [57728 2021-01-21] (SurfRight B.V. -> )
R2 Ignis; C:\WINDOWS\system32\DRIVERS\ignis.sys [185312 2020-10-07] (Bitdefender SRL -> Bitdefender)
R3 KfeCoSvc; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KfeCo10X64.sys [162432 2019-06-17] (Rivet Networks LLC -> Rivet Networks, LLC.)
S2 NDivert; C:\WINDOWS\System32\drivers\NDivert.sys [101600 2020-12-29] (TEFINCOM S.A. -> )
R3 nlwt; C:\WINDOWS\System32\drivers\nlwt.sys [39360 2020-10-25] (TEFINCOM S.A. -> WireGuard LLC)
R1 nordlwf; C:\WINDOWS\system32\DRIVERS\nordlwf.sys [38608 2020-07-10] (TEFINCOM S.A. -> TEFINCOM S.A.)
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [640760 2020-06-09] (Bitdefender SRL -> Bitdefender)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
S1 amsdk; \??\C:\WINDOWS\system32\drivers\amsdk.sys [X]
S3 cpuz148; \??\C:\WINDOWS\temp\cpuz148\cpuz148_x64.sys [X]
S3 semav6msr64; \??\C:\WINDOWS\system32\drivers\semav6msr64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-24 13:49 - 2021-01-24 14:32 - 000021805 _____ C:\Users\Predator\Downloads\FRST.txt
2021-01-24 13:48 - 2021-01-24 14:31 - 000000000 ____D C:\FRST
2021-01-24 13:46 - 2021-01-24 13:46 - 002296832 _____ (Farbar) C:\Users\Predator\Downloads\FRST64.exe
2021-01-24 12:54 - 2021-01-24 12:54 - 008457584 _____ (Malwarebytes) C:\Users\Predator\Downloads\adwcleaner_8.0.9.1.exe
2021-01-24 12:53 - 2021-01-24 12:53 - 000003802 _____ C:\WINDOWS\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2021-01-24 12:53 - 2021-01-24 12:53 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-24 12:53 - 2021-01-24 12:53 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-01-24 12:51 - 2021-01-24 12:51 - 000003866 _____ C:\WINDOWS\system32\Tasks\Power_a17007
2021-01-24 12:50 - 2021-01-24 12:50 - 000003430 _____ C:\WINDOWS\system32\Tasks\InstallShield® Setup Engine Kernel
2021-01-21 16:43 - 2021-01-23 12:03 - 000029734 _____ C:\Users\Predator\.babel.json
2021-01-21 16:08 - 2021-01-21 16:08 - 000000000 ____D C:\Users\Predator\AppData\Local\node-gyp
2021-01-21 16:07 - 2021-01-22 16:37 - 000000000 ____D C:\Users\Predator\eth_swap
2021-01-21 15:49 - 2021-01-21 15:49 - 000000290 _____ C:\Users\Predator\.gitconfig
2021-01-21 15:49 - 2021-01-21 15:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
2021-01-21 15:49 - 2021-01-21 15:49 - 000000000 ____D C:\Program Files\Git
2021-01-21 15:38 - 2021-01-23 11:15 - 000000000 ____D C:\Users\Predator\AppData\Roaming\npm-cache
2021-01-21 15:38 - 2021-01-21 15:38 - 000000000 ____D C:\Users\Predator\.config
2021-01-21 15:37 - 2021-01-21 15:37 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Ganache
2021-01-21 15:26 - 2021-01-21 15:26 - 000000000 ____D C:\Users\Predator\AppData\Local\Package Cache
2021-01-21 15:26 - 2021-01-21 15:26 - 000000000 ____D C:\Python39
2021-01-21 15:26 - 2021-01-21 15:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.9
2021-01-21 15:25 - 2021-01-21 15:25 - 000000000 ____D C:\Users\Predator\AppData\Roaming\NuGet
2021-01-21 15:24 - 2021-01-21 15:38 - 000000000 ____D C:\Users\Predator\AppData\Roaming\npm
2021-01-21 15:24 - 2021-01-21 15:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js
2021-01-21 15:24 - 2021-01-21 15:24 - 000000000 ____D C:\Program Files\nodejs
2021-01-21 12:13 - 2021-01-21 12:13 - 000000312 _____ C:\WINDOWS\system32\.crusader
2021-01-21 12:10 - 2021-01-21 12:14 - 000057728 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2021-01-21 11:48 - 2021-01-21 12:30 - 000064959 _____ C:\WINDOWS\ZAM.krnl.trace
2021-01-21 11:48 - 2021-01-21 12:30 - 000000000 ____D C:\Users\Predator\AppData\Local\AMSDK
2021-01-21 11:48 - 2021-01-21 11:48 - 000000000 ____D C:\Users\Predator\AppData\Local\Zemana
2021-01-21 11:10 - 2021-01-21 11:12 - 000000000 ____D C:\AdwCleaner
2021-01-21 10:54 - 2021-01-21 11:04 - 000477624 _____ C:\WINDOWS\ntbtlog.txt
2021-01-21 10:54 - 2021-01-21 10:54 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2021-01-21 10:49 - 2021-01-21 10:49 - 000099608 _____ C:\ProgramData\vpn.uninstall.1611211736.bdinstall.v2.bin
2021-01-21 08:17 - 2021-01-21 08:17 - 000196800 _____ C:\ProgramData\vpn.1611202658.bdinstall.v2.bin
2021-01-21 08:10 - 2021-01-21 08:19 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2021-01-21 08:10 - 2021-01-21 08:10 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\4524E26C.sys
2021-01-21 08:10 - 2021-01-21 08:10 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2021-01-21 08:10 - 2021-01-21 08:10 - 000000000 ____D C:\Program Files (x86)\Malwarebytes
2021-01-21 08:09 - 2021-01-21 08:09 - 000765208 _____ C:\ProgramData\cl.1611201876.bdinstall.v2.bin
2021-01-21 08:09 - 2021-01-21 08:09 - 000102248 _____ C:\ProgramData\cl.kit.1611201875.bdinstall.v2.bin
2021-01-21 08:09 - 2021-01-21 08:09 - 000000000 ____D C:\WINDOWS\system32\elambkup
2021-01-21 08:09 - 2021-01-21 08:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender Security
2021-01-21 08:09 - 2021-01-21 08:09 - 000000000 ____D C:\ProgramData\Gemma
2021-01-21 08:09 - 2021-01-21 08:09 - 000000000 ____D C:\ProgramData\BDLogging
2021-01-21 08:09 - 2020-09-16 13:26 - 002151624 _____ (Bitdefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\atc.sys
2021-01-21 08:09 - 2020-09-14 14:26 - 000473608 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\gemma.sys
2021-01-21 08:09 - 2020-05-26 13:23 - 000796200 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bddci.sys
2021-01-21 08:09 - 2020-01-17 02:03 - 000046056 _____ (© Bitdefender SRL) C:\WINDOWS\system32\Drivers\bdprivmon.sys
2021-01-21 08:09 - 2019-03-21 00:12 - 000022960 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
2021-01-21 08:08 - 2021-01-21 10:54 - 000000000 ____D C:\Program Files\Bitdefender
2021-01-21 08:08 - 2021-01-21 09:14 - 000000000 ____D C:\ProgramData\Bitdefender
2021-01-21 08:08 - 2021-01-21 08:08 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Bitdefender
2021-01-21 08:08 - 2020-10-07 11:30 - 000185312 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\ignis.sys
2021-01-21 08:08 - 2020-09-03 05:20 - 000195232 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2021-01-21 08:08 - 2020-06-09 17:13 - 000640760 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\trufos.sys
2021-01-21 08:04 - 2021-01-21 08:08 - 000000000 ____D C:\Program Files\Common Files\Bitdefender
2021-01-21 07:55 - 2021-01-21 08:14 - 000000000 ____D C:\Program Files\Bitdefender Agent
2021-01-21 07:55 - 2021-01-21 07:55 - 000117564 _____ C:\ProgramData\agent.1611201317.bdinstall.v2.bin
2021-01-21 07:55 - 2021-01-21 07:55 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2021-01-21 07:51 - 2021-01-21 07:51 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000025-000000.txt
2021-01-21 07:48 - 2021-01-21 08:10 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-01-20 22:21 - 2021-01-20 22:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2021-01-20 14:45 - 2021-01-20 14:45 - 000001425 _____ C:\WINDOWS\system32\default_error_stack-000024-000000.txt
2021-01-20 14:45 - 2021-01-20 14:45 - 000000000 ____D C:\WINDOWS\Panther
2021-01-19 08:10 - 2021-01-24 14:33 - 000000000 ____D C:\ProgramData\Cold Turkey
2021-01-19 08:10 - 2021-01-19 08:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cold Turkey Software
2021-01-19 08:10 - 2021-01-19 08:10 - 000000000 ____D C:\Program Files\Cold Turkey
2021-01-18 07:29 - 2021-01-18 07:29 - 000001425 _____ C:\WINDOWS\system32\default_error_stack-000023-000000.txt
2021-01-18 07:08 - 2021-01-18 07:10 - 000000000 ____D C:\Users\Predator\OneDrive\Documents\STAR WARS Battlefront II
2021-01-18 07:08 - 2021-01-18 07:08 - 000000000 ____D C:\Users\Predator\AppData\Local\STAR WARS Battlefront II
2021-01-13 21:23 - 2021-01-21 07:52 - 000000258 __RSH C:\ProgramData\ntuser.pol
2021-01-13 13:25 - 2021-01-13 13:25 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000022-000000.txt
2021-01-13 12:53 - 2021-01-13 12:53 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 001162240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-01-13 12:53 - 2021-01-13 12:53 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-13 12:53 - 2021-01-13 12:53 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-13 12:53 - 2021-01-13 12:53 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-13 12:53 - 2021-01-13 12:53 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-13 12:53 - 2021-01-13 12:53 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000467968 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-13 12:53 - 2021-01-13 12:53 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-13 12:53 - 2021-01-13 12:53 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-13 12:53 - 2021-01-13 12:53 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-13 12:53 - 2021-01-13 12:53 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-01-13 12:53 - 2021-01-13 12:53 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-01-13 12:53 - 2021-01-13 12:53 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-13 12:53 - 2021-01-13 12:53 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-13 12:53 - 2021-01-13 12:53 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-13 12:53 - 2021-01-13 12:53 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000010894 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-01-13 12:52 - 2021-01-13 12:52 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-13 12:52 - 2021-01-13 12:52 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-01-13 12:52 - 2021-01-13 12:52 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-01-13 12:52 - 2021-01-13 12:52 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-01-08 20:11 - 2021-01-04 18:49 - 001855192 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-01-08 20:11 - 2021-01-04 18:49 - 001855192 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-01-08 20:11 - 2021-01-04 18:49 - 001435864 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-01-08 20:11 - 2021-01-04 18:49 - 001435864 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-01-08 20:11 - 2021-01-04 18:49 - 000948952 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-01-08 20:11 - 2021-01-04 18:49 - 000948952 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-01-08 20:11 - 2021-01-04 18:48 - 001454488 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-01-08 20:11 - 2021-01-04 18:48 - 001193880 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-01-08 20:11 - 2021-01-04 18:48 - 001094880 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-01-08 20:11 - 2021-01-04 18:48 - 001094880 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 001512856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 001165720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 000690072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2021-01-08 20:11 - 2021-01-04 18:46 - 000680856 _____ C:\WINDOWS\system32\nvofapi64.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 000673688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 000610712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 000559000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 000548248 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 008262552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 007393176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 004612504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 002731928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 002104216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 001589144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 000813976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 000657816 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 000447384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2021-01-08 20:11 - 2021-01-04 18:44 - 000850840 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2021-01-08 20:11 - 2021-01-04 18:43 - 006071032 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2021-01-08 20:11 - 2020-12-31 18:01 - 000084159 _____ C:\WINDOWS\system32\nvinfo.pb
2021-01-08 15:16 - 2021-01-08 15:16 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000021-000000.txt
2021-01-08 14:53 - 2021-01-19 07:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-Link
2021-01-08 14:53 - 2021-01-19 07:51 - 000000000 ____D C:\Program Files (x86)\TP-Link
2021-01-08 14:53 - 2021-01-08 15:29 - 000000000 ____D C:\Users\Predator\AppData\Roaming\tpPLC
2021-01-08 14:53 - 2021-01-08 14:53 - 000000000 ____D C:\Users\Predator\AppData\Local\Downloaded Installations
2021-01-07 10:41 - 2020-12-29 17:02 - 000101600 _____ C:\WINDOWS\system32\Drivers\NDivert.sys
2021-01-05 15:55 - 2021-01-05 15:55 - 000000000 ____D C:\Users\Predator\AppData\LocalLow\Team Cherry
2020-12-29 08:57 - 2020-12-29 08:57 - 000001781 _____ C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MaxxAudio by Waves – Speaker Audio Control and Nx 3D Sound.lnk
2020-12-29 08:50 - 2020-12-29 08:50 - 000000000 ____D C:\WINDOWS\Firmware
2020-12-27 19:47 - 2021-01-13 20:29 - 000000000 ____D C:\Users\Predator\AppData\Local\ElevatedDiagnostics

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-24 14:07 - 2020-05-29 00:50 - 000000000 ____D C:\ProgramData\NVIDIA
2021-01-24 13:51 - 2019-12-07 13:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-24 13:38 - 2020-06-25 16:43 - 001755600 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-01-24 13:38 - 2020-06-25 15:29 - 000778836 _____ C:\WINDOWS\system32\perfh019.dat
2021-01-24 13:38 - 2020-06-25 15:29 - 000157542 _____ C:\WINDOWS\system32\perfc019.dat
2021-01-24 13:38 - 2019-12-07 13:13 - 000000000 ____D C:\WINDOWS\INF
2021-01-24 13:34 - 2020-06-25 15:38 - 000000000 ____D C:\Users\Predator
2021-01-24 13:34 - 2020-06-06 08:03 - 000001302 _____ C:\Users\Predator\Desktop\Box.lnk
2021-01-24 13:33 - 2020-06-25 16:43 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-24 13:33 - 2020-06-25 16:39 - 000008192 ___SH C:\DumpStack.log.tmp
2021-01-24 13:33 - 2020-05-27 22:23 - 000000000 __SHD C:\Users\Predator\IntelGraphicsProfiles
2021-01-24 13:33 - 2020-05-27 22:23 - 000000000 ____D C:\Intel
2021-01-24 13:33 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-01-24 13:33 - 2019-12-07 13:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-01-24 13:04 - 2020-08-16 15:48 - 000000000 ____D C:\Users\Predator\AppData\Local\BitTorrentHelper
2021-01-24 13:04 - 2020-08-16 15:47 - 000000000 ____D C:\Users\Predator\AppData\Roaming\uTorrent Web
2021-01-24 12:50 - 2020-12-23 20:14 - 000003790 _____ C:\WINDOWS\system32\Tasks\Optimize Thumbnail Cache
2021-01-24 12:50 - 2020-06-01 11:27 - 000000000 ____D C:\Program Files (x86)\Steam
2021-01-24 12:18 - 2020-06-01 10:12 - 000000000 ____D C:\Program Files\Microsoft Office
2021-01-24 11:56 - 2020-06-25 16:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-01-24 10:06 - 2020-08-25 16:45 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Dabble
2021-01-24 07:33 - 2020-06-01 11:23 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Slack
2021-01-24 07:12 - 2019-12-07 13:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-24 07:12 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-01-24 07:06 - 2020-09-03 22:16 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-24 07:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-01-23 12:04 - 2020-06-23 15:07 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Code
2021-01-22 19:16 - 2020-06-08 07:24 - 000000000 ____D C:\Users\Predator\AppData\Local\CrashDumps
2021-01-22 15:16 - 2019-12-07 13:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-01-22 08:33 - 2020-11-08 18:30 - 000000000 ____D C:\Program Files (x86)\Origin
2021-01-22 07:29 - 2020-05-27 22:20 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-22 07:12 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-01-21 20:55 - 2020-11-08 18:28 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Origin
2021-01-21 20:55 - 2020-11-08 18:28 - 000000000 ____D C:\ProgramData\Origin
2021-01-21 20:40 - 2020-11-09 21:11 - 000000000 ____D C:\Program Files (x86)\Origin Games
2021-01-21 20:40 - 2020-11-08 18:28 - 000000000 ____D C:\Users\Predator\AppData\Local\Origin
2021-01-21 20:18 - 2020-07-30 21:11 - 000007586 _____ C:\Users\Predator\AppData\Local\Resmon.ResmonCfg
2021-01-21 19:26 - 2020-07-09 08:40 - 000000000 ____D C:\Users\Predator\AppData\Roaming\obs-studio
2021-01-21 17:50 - 2020-11-02 17:19 - 000000000 ____D C:\Users\Predator\AppData\Local\Plex Media Server
2021-01-21 15:43 - 2020-06-23 15:07 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Studio Code
2021-01-21 15:39 - 2020-08-24 13:26 - 000000000 ____D C:\ProgramData\chocolatey
2021-01-21 15:37 - 2020-05-28 00:18 - 000000000 ____D C:\Users\Predator\AppData\Local\Packages
2021-01-21 15:37 - 2020-05-27 22:25 - 000000000 ____D C:\ProgramData\Packages
2021-01-21 15:26 - 2020-05-29 00:31 - 000000000 ____D C:\ProgramData\Package Cache
2021-01-21 11:12 - 2020-05-29 00:44 - 000000000 ____D C:\ProgramData\Acer
2021-01-21 10:48 - 2020-06-25 16:39 - 000312784 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-01-21 08:20 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2021-01-21 08:20 - 2019-12-07 13:14 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2021-01-21 08:05 - 2020-06-25 15:27 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-01-21 08:05 - 2019-12-07 13:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-01-21 08:00 - 2020-05-27 22:24 - 000000000 ____D C:\Users\Predator\AppData\Local\D3DSCache
2021-01-20 22:16 - 2020-08-16 15:47 - 000001919 _____ C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent Web.lnk
2021-01-19 08:15 - 2020-06-23 10:15 - 000000000 ____D C:\Users\Predator\AppData\Roaming\immutable-launcher
2021-01-18 08:19 - 2020-12-15 07:13 - 000000000 ____D C:\Program Files (x86)\Epic Games
2021-01-18 08:15 - 2020-05-29 00:33 - 000000000 ____D C:\Program Files (x86)\Intel
2021-01-17 21:59 - 2020-11-09 23:31 - 000000000 ___HD C:\Program Files\Common Files\EAInstaller
2021-01-14 16:58 - 2020-05-27 22:20 - 000000000 ____D C:\Users\Predator\AppData\Local\PlaceholderTileLogoFolder
2021-01-13 21:23 - 2019-03-19 08:52 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-01-13 13:25 - 2020-06-25 21:29 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-01-13 13:25 - 2019-12-07 18:48 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-13 13:25 - 2019-12-07 18:48 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-13 13:25 - 2019-12-07 18:44 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\IME
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-13 12:55 - 2019-12-07 13:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-01-13 12:52 - 2020-06-25 16:43 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-01-13 07:09 - 2020-05-27 22:38 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-01-13 07:08 - 2020-05-27 22:38 - 135062968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-01-12 20:58 - 2020-07-09 09:41 - 000000000 ____D C:\Users\Predator\AppData\Roaming\vlc
2021-01-12 07:25 - 2020-06-01 11:23 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies Inc
2021-01-12 07:25 - 2020-06-01 11:23 - 000000000 ____D C:\Users\Predator\AppData\Local\slack
2021-01-12 07:24 - 2020-05-27 22:41 - 000000000 ____D C:\Users\Predator\AppData\Local\SquirrelTemp
2021-01-09 08:49 - 2020-06-01 10:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-01-08 15:17 - 2020-06-06 08:00 - 000002509 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Box Drive.lnk
2021-01-07 10:42 - 2020-06-01 11:23 - 000000000 ____D C:\Users\Predator\AppData\Local\NordVPN
2021-01-07 10:41 - 2020-10-15 10:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordSec
2021-01-07 10:41 - 2020-08-13 13:05 - 000000000 ____D C:\ProgramData\NordVPN
2021-01-07 10:41 - 2020-08-13 13:05 - 000000000 ____D C:\Program Files\NordVPN
2021-01-04 18:43 - 2020-06-26 15:40 - 007115280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2021-01-03 09:18 - 2020-08-30 16:20 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Anki2
2021-01-02 21:44 - 2020-07-09 14:51 - 000000000 ____D C:\Users\Predator\OneDrive\Documents\The Witcher 3

==================== Files in the root of some directories ========

2020-07-30 21:11 - 2021-01-21 20:18 - 000007586 _____ () C:\Users\Predator\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 

TDMoor

Posts: 36   +0
Here is the 1/2 of the addition.text file (over 50K characters):

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-01-2021
Ran by Predator (24-01-2021 14:33:20)
Running from C:\Users\Predator\Downloads
Windows 10 Enterprise Version 20H2 19042.746 (X64) (2020-06-25 12:43:14)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1889391155-3959138193-832358570-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1889391155-3959138193-832358570-503 - Limited - Disabled)
Guest (S-1-5-21-1889391155-3959138193-832358570-501 - Limited - Disabled)
Predator (S-1-5-21-1889391155-3959138193-832358570-1001 - Administrator - Enabled) => C:\Users\Predator
WDAGUtilityAccount (S-1-5-21-1889391155-3959138193-832358570-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: Bitdefender Antivirus (Enabled - Up to date) {0E17DB7D-A20F-62CE-B95B-17DB0CDFE318}
FW: Bitdefender Firewall (Enabled) {362C5A58-E860-6396-9204-BEEEF20CA463}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
Anki (HKLM-x32\...\Anki) (Version: 2.1.35 - )
Apex Legends (HKLM-x32\...\{D7FBF176-382D-484E-863A-DFD1124A2A1C}) (Version: 1.0.5.0 - Electronic Arts, Inc.)
Belgium e-ID middleware 4.4.27 (build 4277) (HKLM\...\{DB942AEA-93D6-4FE4-8862-180D35A74277}) (Version: 4.4.4277 - Belgian Government)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 25.0.1.177 - Bitdefender)
Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 25.0.10.52 - Bitdefender)
Box (HKLM\...\{C1A6C984-4C0F-4C47-8DAD-5745EA8BC101}) (Version: 2.19.294 - Box, Inc.)
Cold Turkey Blocker (HKLM\...\{6498E673-B9C2-4544-A722-1E854B5B573E}_is1) (Version: 4.1 - Cold Turkey Software, Inc.)
Dabble 1.6.3 (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\544dca61-9865-5e8b-812f-c37d8d6689f2) (Version: 1.6.3 - Jacob Wright)
Epic Games Launcher (HKLM-x32\...\{FEF3A9BA-A962-4469-AD62-04839D4BB847}) (Version: 1.1.298.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{6D70A161-C29B-441B-9AA5-2ABBAB3B4B4D}) (Version: 1.1.1.0 - Epic Games, Inc.)
Excel (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
Git version 2.30.0.2 (HKLM\...\Git_is1) (Version: 2.30.0.2 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.104 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Immutable 0.13.2 (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\{6ae4b193-3f11-53fc-9cc5-14b1f1a73184}) (Version: 0.13.2 - Immutable)
Intel(R) Chipset Device Software (HKLM-x32\...\{70281077-96c3-4f75-938c-dc4746110c00}) (Version: 10.1.17903.8106 - Intel(R) Corporation)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.5.10103.7263 - Intel Corporation)
Intel(R) Graphics Driver Software (HKLM-x32\...\{2e312ef6-e0d3-4dc4-bce3-1fc8264ddb12}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{7cd4cd84-8203-4ef3-92b4-ed60c8210241}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{8a13c1a0-15ca-4939-92ea-9a745169ba28}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{b0307f85-280a-491f-8f69-4678e4100558}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{bd73e01d-c055-4533-8bc3-1f9489e66168}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{fb198756-7be7-4730-8f2e-282d5e71e412}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 17.2.0.1009 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000020-0220-1033-84C8-B8D95FA3C8C3}) (Version: 22.20.0.3 - Intel Corporation)
Killer Drivers (HKLM\...\{79D3BD20-5240-45E8-A367-2082C0DE299F}) (Version: 2.2.1460 - Rivet Networks)
Killer Ethernet Performance Driver Suite UWD (HKLM\...\{2BC138AD-0144-4B09-998B-77D25B26B1FA}) (Version: 2.0.1159 - Rivet Networks)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft Access 2016 - en-us (HKLM\...\AccessRetail - en-us) (Version: 16.0.13530.20440 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.50 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.71 - )
Microsoft Excel 2016 - en-us (HKLM\...\ExcelRetail - en-us) (Version: 16.0.13530.20440 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 12.181.137.0 - Microsoft Corporation)
Microsoft Outlook 2016 - en-us (HKLM\...\OutlookRetail - en-us) (Version: 16.0.13530.20440 - Microsoft Corporation)
Microsoft PowerPoint 2016 - en-us (HKLM\...\PowerPointRetail - en-us) (Version: 16.0.13530.20440 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.26.28720 (HKLM-x32\...\{7d607fb4-7e28-4c7a-a92f-3fcdaf555faf}) (Version: 14.26.28720.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.26.28720 (HKLM-x32\...\{86380aef-fd23-4fc3-8723-a98ccad8f2c6}) (Version: 14.26.28720.3 - Microsoft Corporation)
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.52.1 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.18.1111.805 - Microsoft Corporation)
Microsoft Word 2016 - en-us (HKLM\...\WordRetail - en-us) (Version: 16.0.13530.20440 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Node.js (HKLM\...\{70453304-793B-4FAB-A673-FB14AF816C9B}) (Version: 14.15.4 - Node.js Foundation)
NordVPN (HKLM\...\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 6.33.10.0 - TEFINCOM S.A.)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
NordVPN network TUN (HKLM\...\{BD0E4F38-D3F6-452D-A32E-B14D721839AC}) (Version: 1.0.1 - NordVPN)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden
NVIDIA FrameView SDK 1.1.4923.29214634 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29214634 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.20.5.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.5.70 - NVIDIA Corporation)
NVIDIA Graphics Driver 461.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 461.09 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NVIDIA USBC Driver 1.46.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.46.831.832 - NVIDIA Corporation)
NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 25.0.8 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13530.20440 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13530.20440 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13530.20440 - Microsoft Corporation) Hidden
OptaneDowngradeGuard (HKLM\...\{86B0E6C1-32E0-42CC-BC4F-BF3C0730CECB}) (Version: 18.0.0.0 - Intel Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.5.90.46284 - Electronic Arts, Inc.)
Outlook (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)
Paradox Launcher v2 (HKLM\...\{A92DB5D9-A24D-4678-9F91-B4FA6D895718}) (Version: 2.0.4.0 - Paradox Interactive)
Plex Media Server (HKLM-x32\...\{4a5565be-c707-413a-baa1-d5eccde17706}) (Version: 1.21.1.3876 - Plex, Inc.)
Plex Media Server (HKLM-x32\...\{83F0AA15-A6F5-499C-B5D1-34F7780DE904}) (Version: 1.21.1876 - Plex, Inc.) Hidden
PowerPoint (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
PredatorSense Service (HKLM\...\{8D399C7A-8693-4BDE-9D22-D43CBB8BBF62}) (Version: 3.00.3136 - Acer Incorporated)
Python 3.9.1 (64-bit) (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\{b2be55ad-3177-42aa-a6c2-53004684e4ea}) (Version: 3.9.1150.0 - Python Software Foundation)
Python 3.9.1 Add to Path (64-bit) (HKLM\...\{5AD5ED9C-14D1-4CFA-B4B1-A02CE8916D9F}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Core Interpreter (64-bit) (HKLM\...\{1C00F581-D5BF-491E-B1BB-72AA3A2250E5}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Development Libraries (64-bit) (HKLM\...\{27AD952D-DD9D-4AAC-B486-8AA601BFA064}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Documentation (64-bit) (HKLM\...\{5CB3AEED-BB03-47E2-BFF1-0CA58C236895}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Executables (64-bit) (HKLM\...\{71A9F41D-A865-46D4-A650-B210150DEF2A}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 pip Bootstrap (64-bit) (HKLM\...\{EF2B9385-6453-4702-9584-21BA8288D157}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Standard Library (64-bit) (HKLM\...\{5DD5C023-790B-4F1B-9B1B-8D1BC48F3057}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Tcl/Tk Support (64-bit) (HKLM\...\{414B5372-24FD-4302-8090-B9CE5564A6DD}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Test Suite (64-bit) (HKLM\...\{A7EC4DEB-8ABD-471D-BB5B-E579EBC9B043}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Utility Scripts (64-bit) (HKLM\...\{47A9647A-A576-4751-9C37-D32EB70285A3}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{FFC95928-6A14-4FB3-8D73-7A62382F66AC}) (Version: 3.9.7280.0 - Python Software Foundation)
REDlauncher (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\{7258BA11-600C-430E-A759-27E2C691A335}-REDlauncher_is1) (Version: - GOG.com)
RstDowngradeGuard (HKLM\...\{13C2A26E-7AD4-4D82-BB4F-DEA6E871B958}) (Version: 18.0.0.0 - Intel Corporation) Hidden
Slack (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\slack) (Version: 4.12.2 - Slack Technologies Inc.)
STAR WARS™ Battlefront™ II (HKLM-x32\...\{8a882ce0-0c0b-4eb2-850c-28ebadab4f50}) (Version: 1.1.8.16162 - Electronic Arts)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stopping Plex (HKLM-x32\...\{2DEE500C-6080-45ED-90B0-17C666DB4B6C}) (Version: 1.21.1876 - Plex, Inc.) Hidden
uTorrent Web (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\utweb) (Version: 1.1.3 - BitTorrent, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Windows SDK AddOn (HKLM-x32\...\{1E76DFA7-96F3-4281-8E41-8A226C3E42EE}) (Version: 10.1.0.0 - Microsoft Corporation)
WinRAR 5.90 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.90.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\ZoomUMX) (Version: 5.2.0 (42619.0804) - Zoom Video Communications, Inc.)

Packages:
=========
Ganache -> C:\Program Files\WindowsApps\GanacheUI_2.5.4.0_x64__5dg5pnz03psnj [2021-01-21] (Truffle)
Killer Control Center -> C:\Program Files\WindowsApps\RivetNetworks.KillerControlCenter_2.1.2925.0_x64__rh07ty8m5nkag [2020-05-27] (Rivet Networks LLC) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-05-28] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-05-28] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.959.0_x64__56jybvy8sckqj [2021-01-08] (NVIDIA Corp.)
PredatorSense_V30 -> C:\Program Files\WindowsApps\AcerIncorporated.PredatorSenseV30_3.0.3136.0_x64__48frkmn4z8aw4 [2020-05-29] (Acer Incorporated)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.9.214.0_x64__dt26b99r8h8gj [2020-05-27] (Realtek Semiconductor Corp)
Waves MaxxAudio For Acer -> C:\Program Files\WindowsApps\WavesAudio.20761030F5EAC_1.0.67.0_x64__fh4rh281wavaa [2020-05-27] (Waves Audio)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1889391155-3959138193-832358570-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Predator\AppData\Local\Microsoft\OneDrive\20.064.0329.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1889391155-3959138193-832358570-1001_Classes\CLSID\{220d4c62-e55b-4ba8-8a2a-4893f134b062}\localserver32 -> C:\Program Files\Cold Turkey\Cold Turkey Blocker.exe (Cold Turkey Software, Inc. -> Cold Turkey Software Inc.)
CustomCLSID: HKU\S-1-5-21-1889391155-3959138193-832358570-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> "C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-1889391155-3959138193-832358570-1001_Classes\CLSID\{4E519A5C-D30A-4057-822B-80000AE06C3B}\localserver32 -> C:\Windows\System32\DriverStore\FileRepository\wavesapo77ac.inf_amd64_b71853ad38306f1c\WavesSvc64.exe (Waves Inc -> Waves Audio Ltd.)
CustomCLSID: HKU\S-1-5-21-1889391155-3959138193-832358570-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Predator\AppData\Local\Microsoft\OneDrive\20.064.0329.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1889391155-3959138193-832358570-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Predator\AppData\Local\Microsoft\OneDrive\20.064.0329.0008\amd64\FileSyncShell64.dll => No File
SSODL: CallbackTechMountNotificator-cbfsconnect2017 - {E0B5A2AD-5A60-43C1-8657-B6E698942300} - C:\Windows\system32\cbfsconnectMntNtf2017.dll (Callback Technologies, Inc. -> Callback Technologies, Inc.)
SSODL-x32: CallbackTechMountNotificator-cbfsconnect2017 - {E0B5A2AD-5A60-43C1-8657-B6E698942300} - C:\Windows\SysWOW64\cbfsconnectMntNtf2017.dll (Callback Technologies, Inc. -> Callback Technologies, Inc.)
ShellServiceObjects: Virtual Storage Mount Notification -> {E0B5A2AD-5A60-43C1-8657-B6E698942300} => C:\Windows\system32\cbfsconnectMntNtf2017.dll [2019-10-07] (Callback Technologies, Inc. -> Callback Technologies, Inc.)
ShellServiceObjects-x32: Virtual Storage Mount Notification -> {E0B5A2AD-5A60-43C1-8657-B6E698942300} => C:\Windows\SysWOW64\cbfsconnectMntNtf2017.dll [2019-10-07] (Callback Technologies, Inc. -> Callback Technologies, Inc.)
ShellIconOverlayIdentifiers: [ BoxAvailableOffline] -> {8D0A4E1B-C25A-4AF8-8DA7-531929C02958} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [ BoxLocked] -> {1B927815-D431-48B1-A746-6FF91FB35431} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [ BoxLockedByOther] -> {73C8BC94-4A51-413B-B927-829449EAFA75} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [ BoxProblem] -> {8BBBCFB6-60E2-4C0F-BB31-10434068E2BE} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [ BoxSynced] -> {04B9BDFA-0C53-4F36-A77F-51F53E3EF3EC} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [ BoxSyncing] -> {2FFF193C-5891-4B26-B363-40D3B5257FE9} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ BoxAvailableOffline] -> {8D0A4E1B-C25A-4AF8-8DA7-531929C02958} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers-x32: [ BoxLocked] -> {1B927815-D431-48B1-A746-6FF91FB35431} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers-x32: [ BoxLockedByOther] -> {73C8BC94-4A51-413B-B927-829449EAFA75} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers-x32: [ BoxProblem] -> {8BBBCFB6-60E2-4C0F-BB31-10434068E2BE} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers-x32: [ BoxSynced] -> {04B9BDFA-0C53-4F36-A77F-51F53E3EF3EC} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers-x32: [ BoxSyncing] -> {2FFF193C-5891-4B26-B363-40D3B5257FE9} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [PeContextMenuExtension] -> {098A124A-AA1C-38C8-A65E-D1199A14516A} => C:\Program Files (x86)\Common Files\Wondershare\PDFelement\AddIns\PEShellExt_x64.dll [2020-09-28] (Wondershare Technology Co.,Ltd -> Wondershare)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvaci.inf_amd64_5691fa6e0332f879\nvshext.dll [2021-01-04] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm --app-url=hxxps://excel.office.com/
ShortcutWithArgument: C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb --app-url=hxxps://outlook.com/
ShortcutWithArgument: C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf --app-url=hxxps://powerpoint.office.com/
ShortcutWithArgument: C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Videostream for Google Chromecast™.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=cnciopoikihiagdjbjpnocolokfelagl

==================== Loaded Modules (Whitelisted) =============

2021-01-19 08:10 - 2017-11-01 20:58 - 001246208 _____ (Robert Simpson, et al.) [File not signed] [File is in use] C:\Program Files\Cold Turkey\x86\SQLite.Interop.dll
2021-01-19 08:10 - 2017-11-01 20:58 - 001537024 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Cold Turkey\x64\SQLite.Interop.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-1889391155-3959138193-832358570-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://google.com/
BHO: Bitdefender Trackers Blocking -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:\Program Files\Bitdefender\Bitdefender Security\bdtbie.dll [2020-11-13] (Bitdefender SRL -> Bitdefender)
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2020-11-13] (Bitdefender SRL -> Bitdefender)
BHO: No Name -> {E0B5A2AD-5A60-43C1-8657-B6E698942300}' -> No File
BHO-x32: Bitdefender Trackers Blocking -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:\Program Files\Bitdefender\Bitdefender Security\antispam32\bdtbie.dll [2020-11-13] (Bitdefender SRL -> Bitdefender)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2020-11-13] (Bitdefender SRL -> Bitdefender)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: No Name -> {E0B5A2AD-5A60-43C1-8657-B6E698942300}' -> No File
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2020-11-13] (Bitdefender SRL -> Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2020-11-13] (Bitdefender SRL -> Bitdefender)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
 

TDMoor

Posts: 36   +0
Here is the 2/2 of the addition.txt file:

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 08:49 - 2021-01-24 14:33 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Python39\Scripts\;C:\Python39\;C:\Python38\Scripts\;C:\Python38\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\ProgramData\chocolatey\bin;C:\Program Files\Git LFS;C:\Program Files\nodejs\;C:\Program Files\Git\cmd
HKU\S-1-5-21-1889391155-3959138193-832358570-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: NordVPN LightWeight Firewall -> NordLwf (enabled)
WiFi: NordVPN LightWeight Firewall -> NordLwf (enabled)
Ethernet 2: NordVPN LightWeight Firewall -> NordLwf (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{30607531-800C-4832-8643-5BD7E0ECA1B2}C:\users\predator\downloads\apollo\gods unchained\standalonewindows64\gods.exe] => (Allow) C:\users\predator\downloads\apollo\gods unchained\standalonewindows64\gods.exe => No File
FirewallRules: [TCP Query User{B39F257D-BF6D-4B24-BFA5-41FAF02C2574}C:\users\predator\downloads\apollo\gods unchained\standalonewindows64\gods.exe] => (Allow) C:\users\predator\downloads\apollo\gods unchained\standalonewindows64\gods.exe => No File
FirewallRules: [UDP Query User{4691B83A-E942-4A92-A86E-C95F6A5C08D0}C:\users\predator\appdata\local\programs\immutable-launcher\immutable.exe] => (Allow) C:\users\predator\appdata\local\programs\immutable-launcher\immutable.exe (FUEL GAMES PTY LTD -> Immutable)
FirewallRules: [TCP Query User{A68D2B54-07D1-4507-8AAE-936DD073C938}C:\users\predator\appdata\local\programs\immutable-launcher\immutable.exe] => (Allow) C:\users\predator\appdata\local\programs\immutable-launcher\immutable.exe (FUEL GAMES PTY LTD -> Immutable)
FirewallRules: [{749AB571-3E65-4684-A86C-58DB274EEFF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe => No File
FirewallRules: [{BDA5AEA6-A1F2-4D8B-B20B-5AF587A6C684}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe => No File
FirewallRules: [{BD6B02E7-F128-4360-8EFD-DF84824B7ACE}] => (Block) C:\users\predator\appdata\local\programs\upwork\upwork.exe => No File
FirewallRules: [{6520F244-37BF-49F2-91FB-1E73FE0238E6}] => (Block) C:\users\predator\appdata\local\programs\upwork\upwork.exe => No File
FirewallRules: [UDP Query User{E44E43AC-1701-4689-BBD2-ADE639522D99}C:\users\predator\appdata\local\programs\upwork\upwork.exe] => (Allow) C:\users\predator\appdata\local\programs\upwork\upwork.exe => No File
FirewallRules: [TCP Query User{1F1ACA01-F040-4CCC-8560-F42484F4B4D7}C:\users\predator\appdata\local\programs\upwork\upwork.exe] => (Allow) C:\users\predator\appdata\local\programs\upwork\upwork.exe => No File
FirewallRules: [{5AC84A4A-AF6E-4E99-BE9C-63AD921E70B8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{35AD696D-F172-4A04-935C-8CFD7D0556D8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{2DE182D3-5804-4B94-AE5B-6831B130692F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RimWorld\RimWorldWin64.exe () [File not signed]
FirewallRules: [{5AE80C86-5829-4376-ACE2-C927E3CC022D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RimWorld\RimWorldWin64.exe () [File not signed]
FirewallRules: [{FA92D2B3-EDA5-479C-900C-43E5B2133B3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe => No File
FirewallRules: [{D5991069-3FAA-4819-BCF3-53865FC9DF95}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe => No File
FirewallRules: [{6A6272F0-EFE0-4BA1-9FBA-3FF393B25803}] => (Block) C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe => No File
FirewallRules: [{26F0DDC5-E644-4AD8-AE56-233088842827}] => (Block) C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe => No File
FirewallRules: [UDP Query User{52243E87-4240-4D88-9FA3-434EFAD0602E}C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe => No File
FirewallRules: [TCP Query User{D9A9D9CF-1D2E-4205-B302-BE3C8EC5EBB9}C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe => No File
FirewallRules: [{A221BEDA-5AC1-48D0-8A61-8A07535951B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed]
FirewallRules: [{76A9B99B-ED05-4968-8A80-4EB6C411BF4B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed]
FirewallRules: [{E108D91D-4C0B-428B-B4A3-3F9EA8FBDB1C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{1EC9F616-CABC-4E36-BEB6-A36C4074C4BC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{A297773B-2450-4240-91B1-E620FFD9ABDA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{D77D211B-51D3-4892-AC4F-93D9668C00A3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{77A85CBC-CBB1-4648-B3E3-5107CA8D4B6E}] => (Allow) C:\Program Files\Acer\PredatorSense Service\PSMobile.exe (Acer Incorporated -> Acer Incorporated)
FirewallRules: [UDP Query User{9EB0445A-D44A-4B17-991C-6B469F5AF9A4}C:\games\world_of_tanks_eu\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_eu\win64\worldoftanks.exe => No File
FirewallRules: [TCP Query User{AC2CD6DE-E315-4121-8B4C-67B684AF8AEB}C:\games\world_of_tanks_eu\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_eu\win64\worldoftanks.exe => No File
FirewallRules: [{C39684F0-0C2E-4997-9632-64C8A0BF5BC7}] => (Allow) LPort=1688
FirewallRules: [{48B5F51D-3304-4038-8CB5-CC3D0BE39C76}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe => No File
FirewallRules: [{BF7A5D08-0D1E-4841-B29F-9CF646D15940}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe => No File
FirewallRules: [{23BEE4BC-57FF-4DA7-90CE-596458857A3B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{53A220CD-2F57-41FD-9DFE-4654DE30539A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{4267FEDD-B5B9-40FF-83D9-C6EFD022B690}C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe => No File
FirewallRules: [UDP Query User{1E0B71AD-47C9-46A4-A05D-5A4C1D8F3358}C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe => No File
FirewallRules: [{16827971-00BA-4101-8016-1065CAA56CDE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [{0878BBEC-6A36-4133-B240-53B05A7893A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [TCP Query User{E71AF805-F8B1-42F3-90B5-E5321E8450DB}C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe => No File
FirewallRules: [UDP Query User{FB78546C-7820-4976-82E0-2FAE75FC25C8}C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe => No File
FirewallRules: [{04D721C8-E162-4CB1-9EE4-4406CD8ED208}] => (Allow) C:\Users\Predator\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{4A94D10A-4287-4C85-A6AE-BA4AE816A2F7}] => (Allow) C:\Users\Predator\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{858743D4-4B72-4BEF-A533-73AD889F2724}] => (Allow) C:\Users\Predator\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{B365C743-5FC8-46FF-883C-20C8B41BD82D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe => No File
FirewallRules: [{48C1483B-ACBD-44A9-ADD1-429BD2DD7294}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe => No File
FirewallRules: [{E520C0C9-EBBC-476C-8B54-2B3E792A33EB}] => (Allow) C:\Users\Predator\AppData\Roaming\uTorrent Web\utweb.exe (Jenkins Win Client Build CA -> BitTorrent Inc.) [File not signed]
FirewallRules: [{707F8CDA-3444-4054-B1F7-3D1889B042E2}] => (Allow) C:\Users\Predator\AppData\Roaming\uTorrent Web\utweb.exe (Jenkins Win Client Build CA -> BitTorrent Inc.) [File not signed]
FirewallRules: [TCP Query User{59F05CC7-B590-455A-89A9-93F699E599EA}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{3D0A8F2F-F33F-45DF-AF78-164066464E4A}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{C0827ACE-9708-41E4-8C2E-3DBC09CDAF97}C:\users\predator\appdata\roaming\utorrent web\utweb.exe] => (Allow) C:\users\predator\appdata\roaming\utorrent web\utweb.exe (Jenkins Win Client Build CA -> BitTorrent Inc.) [File not signed]
FirewallRules: [UDP Query User{9425FF70-3FB5-4FD4-8A53-D45722910214}C:\users\predator\appdata\roaming\utorrent web\utweb.exe] => (Allow) C:\users\predator\appdata\roaming\utorrent web\utweb.exe (Jenkins Win Client Build CA -> BitTorrent Inc.) [File not signed]
FirewallRules: [{3F1AA302-E477-4BCA-8E5F-BFEF8577E9D0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{4B1FE329-A3B6-4284-A263-7D2E5E1B62FF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{4D000003-5E6F-469E-8631-45D67B5381A8}] => (Allow) LPort=5556
FirewallRules: [{A218392C-2D4D-4D18-9D37-FD1E21D5FC74}] => (Allow) LPort=5558
FirewallRules: [{FC21407D-FDDD-4BEF-993C-D1E527D375C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Noita\noita.exe () [File not signed]
FirewallRules: [{5900202B-4B0B-40BA-9C0E-679B4B80249D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Noita\noita.exe () [File not signed]
FirewallRules: [{CB642A24-BE88-4508-B615-BA67907B5A04}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3744750E-62ED-4E11-A0B8-9CE16A335CE3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F9B1B90C-7E30-48CD-AFB2-A0AB5C34CF1B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{9515CEA7-7D38-4141-9993-875645BA41D2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{05E213DC-9D30-4D24-B94B-4396481EA4A4}] => (Allow) D:\SteamLibrary\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{1BF4B660-5576-405D-9697-77DEA6D1F498}] => (Allow) D:\SteamLibrary\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{430F94D4-4A80-461E-A5D0-560E852CC73B}] => (Allow) C:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{17343607-9A23-4D65-8F93-7F7CDBFBD1EA}] => (Allow) C:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{0136B642-4A42-4D68-9E6C-BB2BB338B29A}] => (Allow) D:\SteamLibrary\steamapps\common\Frostpunk\Frostpunk.exe (Marek Ziemak -> 11 bit studios S.A.)
FirewallRules: [{DDF5C115-054B-4042-9CC9-869696E37C20}] => (Allow) D:\SteamLibrary\steamapps\common\Frostpunk\Frostpunk.exe (Marek Ziemak -> 11 bit studios S.A.)
FirewallRules: [{B4E2CD39-0C62-467B-B29A-C9EC1F69DFA4}] => (Allow) D:\SteamLibrary\steamapps\common\Risk of Rain 2\Risk of Rain 2.exe () [File not signed]
FirewallRules: [{CEC25D48-DE11-41B0-B340-5AC78125697B}] => (Allow) D:\SteamLibrary\steamapps\common\Risk of Rain 2\Risk of Rain 2.exe () [File not signed]
FirewallRules: [{919FF8F5-EE4C-48EB-8E52-A966F393C67C}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x64\Hades.exe () [File not signed]
FirewallRules: [{B53A6CA0-6B55-4B41-AB38-36EF666710C2}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x64\Hades.exe () [File not signed]
FirewallRules: [{477081A5-2536-4021-AE0A-9CE82BE8CCC4}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x64Vk\Hades.exe () [File not signed]
FirewallRules: [{7739B2FB-C548-4C86-BFDA-C4D3DE1032CB}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x64Vk\Hades.exe () [File not signed]
FirewallRules: [{4AEDDCED-CA5C-4710-80E7-56CF5A03B816}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x86\Hades.exe () [File not signed]
FirewallRules: [{2A892D41-A607-42A3-980E-6FA7596C313C}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x86\Hades.exe () [File not signed]
FirewallRules: [{C60A52D3-9D64-4464-B3B5-EAA9B587EA09}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings III\launcher\dowser.exe => No File
FirewallRules: [{4F7B4150-B6B5-42C3-8D34-58185A1AFF92}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings III\launcher\dowser.exe => No File
FirewallRules: [{5F79DD4B-C8ED-4EC0-8B9E-59FC9CFB2B7B}] => (Allow) D:\SteamLibrary\steamapps\common\Cyberpunk 2077\REDprelauncher.exe (GOG Sp. z o.o. -> GOG.com)
FirewallRules: [{A1DEF92D-6B1B-4AA4-9450-7454CF9DE8C3}] => (Allow) D:\SteamLibrary\steamapps\common\Cyberpunk 2077\REDprelauncher.exe (GOG Sp. z o.o. -> GOG.com)
FirewallRules: [TCP Query User{80DFDF74-D9F2-4DCA-9D3C-9A18116B9276}D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [UDP Query User{BA79B7DC-F04A-43F6-94C3-830EAEE4CB8E}D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [{152AE6EA-7CDE-40F7-A6BA-BC8C50D2EF02}] => (Allow) D:\SteamLibrary\steamapps\common\OxygenNotIncluded\OxygenNotIncluded.exe () [File not signed]
FirewallRules: [{F19D12E7-EFC2-4097-B951-86EBFD2936BB}] => (Allow) D:\SteamLibrary\steamapps\common\OxygenNotIncluded\OxygenNotIncluded.exe () [File not signed]
FirewallRules: [{0A73930D-97CB-431C-BD9C-EC7888A4048F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{50D43171-131F-48C1-AB3A-19E2F016A731}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CFBBAA07-A265-42D6-9391-9F1A51522F68}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{61ED058C-9686-4C1B-B8AE-3FBCA8D9E10E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{438AE6F0-5DD7-4367-91AD-D93805C31C08}] => (Allow) D:\SteamLibrary\steamapps\common\Hollow Knight\hollow_knight.exe () [File not signed]
FirewallRules: [{F9E07F44-D1D5-490D-A26D-5EF899558ABC}] => (Allow) D:\SteamLibrary\steamapps\common\Hollow Knight\hollow_knight.exe () [File not signed]
FirewallRules: [TCP Query User{3F4A2668-06DD-41A4-B5AF-20F5860530DD}C:\program files (x86)\tp-link\tp-link plc utility\plcu.exe] => (Allow) C:\program files (x86)\tp-link\tp-link plc utility\plcu.exe => No File
FirewallRules: [UDP Query User{A61A5094-CBCE-4002-99A6-DFCF5BB6DD48}C:\program files (x86)\tp-link\tp-link plc utility\plcu.exe] => (Allow) C:\program files (x86)\tp-link\tp-link plc utility\plcu.exe => No File
FirewallRules: [{5CA2BC43-98BF-462F-AADF-DE0AE5210CC2}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{7124117D-B6DE-40A4-A372-E6701EA6AFFE}D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [UDP Query User{CE094F67-C96D-4399-B207-14C796437F8E}D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [{AFC61512-A706-43A6-8994-2316D89083D0}] => (Allow) D:\OriginLibrary\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{9D5975D6-0401-4B32-83AA-99F8BDC2D475}] => (Allow) D:\OriginLibrary\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{7301FD69-0D6D-4B7A-A3C5-2C3D6A5A6703}] => (Allow) D:\OriginLibrary\STAR WARS Battlefront II\starwarsbattlefrontii.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{F61294EE-DD20-45DD-AB8F-E99F325B17E9}] => (Allow) D:\OriginLibrary\STAR WARS Battlefront II\starwarsbattlefrontii.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{8DE05D07-4B21-4E7D-B6BF-D92891660650}] => (Allow) C:\Program Files\Cold Turkey\Cold Turkey Blocker.exe (Cold Turkey Software, Inc. -> Cold Turkey Software Inc.)
FirewallRules: [{445BDBA8-C704-47E1-9D51-39F7E7BC07C5}] => (Allow) C:\Program Files\Cold Turkey\Cold Turkey Blocker.exe (Cold Turkey Software, Inc. -> Cold Turkey Software Inc.)
FirewallRules: [{8BCDBD85-3201-40F7-84CB-08AC6871BF56}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [{D03F056E-E411-49B0-9E08-382AC54F1D8A}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe (Plex, Inc. -> Python Software Foundation)
FirewallRules: [{6343A0F3-8581-4E78-B163-60604BF38CF6}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [{2CEF015F-4598-40CA-BA41-702E14325BA2}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe (Plex, Inc. -> )
FirewallRules: [{CD5C2FBD-864C-442B-85CB-50B1F3EACA66}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/24/2021 02:34:01 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-01-25T08:52:01Z. Error Code: 0x80070002.

Error: (01/24/2021 02:33:31 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-01-25T08:52:31Z. Error Code: 0x80070002.

Error: (01/24/2021 02:33:01 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-01-25T08:52:01Z. Error Code: 0x80070002.

Error: (01/24/2021 02:32:31 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-01-25T08:52:31Z. Error Code: 0x80070002.

Error: (01/24/2021 02:32:01 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-01-25T08:52:01Z. Error Code: 0x80070002.

Error: (01/24/2021 02:31:31 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-01-25T08:52:31Z. Error Code: 0x80070002.

Error: (01/24/2021 02:31:01 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-01-25T08:52:01Z. Error Code: 0x80070002.

Error: (01/24/2021 02:30:31 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-01-25T08:52:31Z. Error Code: 0x80070002.


System errors:
=============
Error: (01/24/2021 02:07:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Plex Update Service service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/24/2021 02:07:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.

Error: (01/24/2021 02:07:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 3 time(s).

Error: (01/24/2021 02:07:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Power_a17007 service terminated unexpectedly. It has done this 3 time(s).

Error: (01/24/2021 02:07:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 3 time(s).

Error: (01/24/2021 02:07:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Display Container LS service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.

Error: (01/24/2021 02:07:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Realtek Audio Universal Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (01/24/2021 01:46:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.


Windows Defender:
===================================
Date: 2021-01-20 09:30:02.5710000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {ACC5F2B3-B00C-478D-A291-D9A28D85F5ED}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-19 10:04:26.6460000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {AB40B445-6CC2-4D1E-8F04-1E2DD3D5042A}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-17 09:10:26.9690000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {C24E8599-FAA4-4C9D-B221-D350EC0AAE07}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-16 09:08:17.4710000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {D289753A-EFF4-4CFC-8FAB-0CA89AD70978}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-15 09:32:21.9780000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {7DD587C2-D05C-4325-8C36-59D4A51F0C05}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-15 19:37:57.3500000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.2223.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070422
Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Date: 2021-01-08 20:25:17.8380000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.1856.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070422
Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Date: 2021-01-08 15:27:25.7810000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.1856.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070422
Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Date: 2021-01-04 17:29:30.7480000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.1624.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070422
Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Date: 2020-12-31 17:00:07.0980000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.1388.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070422
Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

CodeIntegrity:
===================================

Date: 2021-01-21 07:50:14.0150000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume6\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-21 07:50:14.0060000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume6\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-21 07:50:13.9960000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume6\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-21 07:50:13.9860000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume6\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-21 07:50:13.9750000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume6\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-21 07:49:56.8910000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume6\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-21 07:49:56.8770000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume6\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-21 07:49:56.8640000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume6\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

BIOS: Insyde Corp. V1.12 07/28/2020
Motherboard: CFL Covini_CFS
Processor: Intel(R) Core(TM) i7-9750H CPU @ 2.60GHz
Percentage of memory in use: 42%
Total physical RAM: 16223.24 MB
Available physical RAM: 9344.5 MB
Total Virtual: 17247.24 MB
Available Virtual: 9229.6 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:237.94 GB) (Free:43.88 GB) NTFS
Drive d: () (Fixed) (Total:930.88 GB) (Free:458.68 GB) NTFS

\\?\Volume{90bd557f-eeda-40df-98c9-c824fee5f592}\ (Recovery) (Fixed) (Total:0.52 GB) (Free:0.5 GB) NTFS
\\?\Volume{98cfbf4c-e03e-4864-80a9-3d9498080616}\ () (Fixed) (Total:0.52 GB) (Free:0.07 GB) NTFS
\\?\Volume{7291a17b-e9c8-4205-9de3-6c4c29d9a227}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
\\?\Volume{52e5fb0b-a7aa-11ea-b395-50e085ba1633}\ () () (Total:0 GB) (Free:0 GB)

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: AC8C3942)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 238.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================
 

Broni

Posts: 55,721   +501
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=============================

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 

TDMoor

Posts: 36   +0
RogueKiller Anti-Malware V14.8.4.0 (x64) [Jan 13 2021] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19042) 64 bits
Started in : Normal mode
User : Predator [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20210121_133540, Driver : Loaded
Mode : Standard Scan, Delete -- Date : 2021/01/25 07:21:06 (Duration : 00:07:41)
Switches : -minimize

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUM.Proxy (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings|AutoConfigURL -- -> Deleted
[PUM.Proxy (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings|AutoConfigURL -- -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{E44E43AC-1701-4689-BBD2-ADE639522D99}C:\users\predator\appdata\local\programs\upwork\upwork.exe -- [%localappdata%\programs\upwork\upwork.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{1F1ACA01-F040-4CCC-8560-F42484F4B4D7}C:\users\predator\appdata\local\programs\upwork\upwork.exe -- [%localappdata%\programs\upwork\upwork.exe] -> Deleted
[PUP.HackTool (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{48B5F51D-3304-4038-8CB5-CC3D0BE39C76} -- [%ProgramFiles%\KMSpico\Service_KMS.exe] -> Deleted
[PUP.HackTool (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{BF7A5D08-0D1E-4841-B29F-9CF646D15940} -- [%ProgramFiles%\KMSpico\Service_KMS.exe] -> Deleted
 

TDMoor

Posts: 36   +0
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/25/21
Scan Time: 7:25 AM
Log File: f0e95dd8-5ebc-11eb-baf7-7cd30a82a317.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1146
Update Package Version: 1.0.36191
License: Trial

-System Information-
OS: Windows 10 (Build 19041.746)
CPU: x64
File System: NTFS
User: PIXELATOR\Predator

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 299465
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 1 min, 22 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 

TDMoor

Posts: 36   +0
# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build: 10-08-2020
# Database: 2021-01-11.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 01-25-2021
# Duration: 00:00:14
# OS: Windows 10 Enterprise
# Scanned: 31956
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner[S00].txt - [1950 octets] - [21/01/2021 11:11:13]
AdwCleaner[C00].txt - [2057 octets] - [21/01/2021 11:12:06]
AdwCleaner[S01].txt - [1579 octets] - [21/01/2021 11:22:17]
AdwCleaner[C01].txt - [1749 octets] - [21/01/2021 11:22:29]
AdwCleaner[S02].txt - [1656 octets] - [21/01/2021 11:23:00]
AdwCleaner[S03].txt - [1762 octets] - [21/01/2021 11:38:59]
AdwCleaner[C03].txt - [1932 octets] - [21/01/2021 11:42:53]
AdwCleaner[S04].txt - [1839 octets] - [21/01/2021 11:43:16]
AdwCleaner[S05].txt - [1945 octets] - [21/01/2021 12:07:52]
AdwCleaner[C05].txt - [2115 octets] - [21/01/2021 12:09:22]
AdwCleaner[S06].txt - [2067 octets] - [24/01/2021 12:55:18]
AdwCleaner[C06].txt - [2237 octets] - [24/01/2021 12:58:30]
AdwCleaner[S07].txt - [2144 octets] - [24/01/2021 12:58:52]
AdwCleaner[C07].txt - [2334 octets] - [24/01/2021 13:00:43]
AdwCleaner[S08].txt - [2311 octets] - [24/01/2021 13:05:07]
AdwCleaner[C08].txt - [2481 octets] - [24/01/2021 13:05:18]
AdwCleaner[S09].txt - [2433 octets] - [24/01/2021 13:32:39]
AdwCleaner[C09].txt - [2639 octets] - [24/01/2021 13:32:44]
AdwCleaner[S10].txt - [2555 octets] - [24/01/2021 13:36:30]
AdwCleaner[C10].txt - [2761 octets] - [24/01/2021 13:45:10]
AdwCleaner[S11].txt - [2677 octets] - [24/01/2021 13:46:16]
AdwCleaner[C11].txt - [2883 octets] - [24/01/2021 13:46:20]
AdwCleaner[S12].txt - [2799 octets] - [24/01/2021 14:07:08]
AdwCleaner[C12].txt - [3005 octets] - [24/01/2021 14:07:12]
AdwCleaner[S13].txt - [2876 octets] - [24/01/2021 14:08:47]
AdwCleaner[S14].txt - [2937 octets] - [24/01/2021 14:10:13]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S15].txt ##########
 

Broni

Posts: 55,721   +501
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 

TDMoor

Posts: 36   +0
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-01-2021 01
Ran by Predator (administrator) on PIXELATOR (Acer Predator PH315-52) (25-01-2021 11:50:55)
Running from C:\Users\Predator\Downloads
Loaded Profiles: Predator
Platform: Windows 10 Enterprise Version 20H2 19042.746 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adlice -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(Adlice -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\DiscoverySrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdntwrk.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe <3>
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdtrackersnmh.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
(Box, Inc. -> Box, Inc.) C:\Program Files\Box\Box\Box.exe
(Box, Inc. -> Box, Inc.) C:\Program Files\Box\Box\FS\streem.exe
(Box, Inc. -> Box, Inc.) C:\Program Files\Box\Box\UI\BoxUI.exe
(Cold Turkey Software, Inc. -> ) C:\Program Files\Cold Turkey\ServiceHub.Helper.exe
(Cold Turkey Software, Inc. -> ) C:\Program Files\Cold Turkey\ServiceHub.Power.exe
(Cold Turkey Software, Inc. -> Cold Turkey Software Inc.) C:\Program Files\Cold Turkey\Cold Turkey Blocker.exe
(Cold Turkey Software, Inc. -> Cold Turkey Software Inc.) C:\Program Files\Cold Turkey\CTMsgHostChrome.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Flexera Software LLC -> InstallShield Software Corporation) [File not signed] C:\Program Files (x86)\Common Files\installshield\engine\8\intel 32\iKernel.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <26>
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Extreme Tuning Utility -> Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvaci.inf_amd64_5691fa6e0332f879\Display.NvContainer\NVDisplay.Container.exe <2>
(Plex, Inc. -> Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(TEFINCOM S.A. -> TEFINCOM S.A.) C:\Program Files\NordVPN\nordvpn-service.exe
(Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo77ac.inf_amd64_b71853ad38306f1c\WavesSvc64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1082592 2020-02-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo77ac.inf_amd64_b71853ad38306f1c\WavesSvc64.exe [1597528 2019-12-23] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [Box] => C:\Program Files\Box\Box\Box.exe [6387944 2020-12-21] (Box, Inc. -> Box, Inc.)
HKLM\...\Run: [cfmon] => C:\Windows\System32\ctfmon.exe [11264 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\MountPoints2: {0dafccc4-bf41-11ea-b3a1-50e085ba1633} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-18\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [21233264 2021-01-05] (Plex, Inc. -> Plex, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.104\Installer\chrmstp.exe [2021-01-22] (Google LLC -> Google LLC)
GroupPolicy\User: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {11810E54-6E06-4D99-BACE-B4746BEB1B98} - System32\Tasks\Power_a17007 => C:\Program Files\Cold Turkey\CTServiceInstaller.exe [20224 2021-01-10] (Cold Turkey Software, Inc. -> Cold Turkey Software Inc.)
Task: {4ED77466-76A7-4A21-8142-2B6E739FD744} - System32\Tasks\Optimize Thumbnail Cache => C:\Program Files (x86)\Common Files\installshield\engine\8\intel 32\isupdate.exe [61104 2020-09-26] (Flexera Software LLC -> InstallShield®) [File not signed]
Task: {A6035921-0766-4EC2-908B-95C79185BB4E} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [895080 2020-10-28] (Bitdefender SRL -> Bitdefender)
Task: {AB949040-EA4A-412A-BCF5-736D5E5FDF87} - System32\Tasks\InstallShield® Setup Engine Kernel => C:\Program Files (x86)\Common Files\installshield\engine\8\intel 32\iKernel.exe [72880 2020-10-16] (Flexera Software LLC -> InstallShield Software Corporation) [File not signed]

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\Driver Easy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{90002c76-16bd-4c5f-bf9b-fa5571ee34eb}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{cf3f026a-e4fb-46f4-b342-96e9ddaa1fda}: [DhcpNameServer] 192.168.1.1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Predator\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-21]
Edge Extension: (Outlook) - C:\Users\Predator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2020-10-19]
Edge Extension: (Cold Turkey Blocker) - C:\Users\Predator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jfphahkinplobmabmgjmjgflbhjjddeb [2021-01-19]
Edge Extension: (Excel) - C:\Users\Predator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2020-10-19]
Edge Extension: (PowerPoint) - C:\Users\Predator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2020-10-19]

FireFox:
========
FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi [2020-07-16] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/wallet/updates.json ]
FF HKLM\...\Firefox\Extensions: [bdtbe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi
FF Extension: (Bitdefender Anti-tracker) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi [2020-09-17] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/antitracker/updates.json ]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2020-12-08] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
FF HKLM-x32\...\Firefox\Extensions: [bdtbe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-09-15] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-09-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default [2021-01-25]
CHR Notifications: Default -> hxxps://calendar.google.com
CHR HomePage: Default -> hxxp://www.bbc.co.uk/news/
CHR Extension: (Google Translate) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2021-01-08]
CHR Extension: (Slides) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-05-27]
CHR Extension: (Docs) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-05-27]
CHR Extension: (Google Drive) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-25]
CHR Extension: (ColorZilla) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2020-10-26]
CHR Extension: (Hypothesis - Web & PDF Annotation) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjfhmglciegochdpefhhlphglcehbmek [2021-01-22]
CHR Extension: (James White) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm [2021-01-06]
CHR Extension: (YouTube) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-05-27]
CHR Extension: (Remember The Milk) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\chdiaibgndcpagmnpkjoelgfkommjbni [2020-06-01]
CHR Extension: (Adblock for Youtube™) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2021-01-16]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2020-09-07]
CHR Extension: (Readwise Exporter) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnokljebgljnegkchppjijnhbcjmejdj [2020-11-30]
CHR Extension: (Adobe Acrobat) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-12-15]
CHR Extension: (Readwise) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\egfepjgjabnppmaiadpedbgadkcelcbd [2020-11-30]
CHR Extension: (Sheets) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-05-27]
CHR Extension: (Google Docs Offline) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-17]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2021-01-21]
CHR Extension: (World Time Buddy) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdhpjomiingppeefgnohkiapmnaeakoj [2020-06-01]
CHR Extension: (Grammarly for Chrome) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-01-24]
CHR Extension: (Bitdefender Anti-tracker) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\khndhdhbebhaddchcgnalcjlaekbbeof [2021-01-21]
CHR Extension: (Evernote Web) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2020-06-01]
CHR Extension: (Save to Pocket) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2020-11-10]
CHR Extension: (MetaMask) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2021-01-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-05-27]
CHR Extension: (Buffer) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\noojglkidnpfjbincgijbaiedldjfbhh [2020-11-05]
CHR Extension: (Toggl Track: Productivity & Time Tracker) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejgccbfbmkkpaidnkphaiaecficdnfn [2020-12-03]
CHR Extension: (Cold Turkey Blocker) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pganeibhckoanndahmnfggfoeofncnii [2021-01-19]
CHR Extension: (Gmail) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-24]
CHR Extension: (Writer) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnengefjfhgcceajaepbjhanoojifmog [2020-06-01]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl]
CHR HKLM-x32\...\Chrome\Extension: [khndhdhbebhaddchcgnalcjlaekbbeof]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
R2 BDAuxSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [803576 2020-10-02] (Bitdefender SRL -> Bitdefender)
R2 BDProtSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [803576 2020-10-02] (Bitdefender SRL -> Bitdefender)
R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2195344 2018-03-22] (Bitdefender SRL -> Bitdefender)
S2 BoxUpdateSvc; C:\Program Files\Box\Box\Box.Desktop.UpdateService.exe [98000 2020-12-21] (Box, Inc. -> Box, Inc.)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8960384 2021-01-19] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2020-10-14] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [439880 2021-01-05] (Epic Games Inc. -> Epic Games, Inc.)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [287720 2020-10-19] (NVIDIA Corporation -> NVIDIA)
S2 Killer Network Service; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe [2616424 2019-06-17] (Rivet Networks LLC -> Rivet Networks)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-01-25] (Malwarebytes Inc -> Malwarebytes)
R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [275200 2020-10-16] (TEFINCOM S.A. -> TEFINCOM S.A.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2533952 2021-01-20] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3479112 2021-01-20] (Electronic Arts, Inc. -> Electronic Arts)
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [1427568 2021-01-05] (Plex, Inc. -> Plex, Inc.)
R2 Power_a17007; C:\Program Files\Cold Turkey\ServiceHub.Power.exe [111096 2020-11-13] (Cold Turkey Software, Inc. -> )
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1355768 2020-10-28] (Bitdefender SRL -> Bitdefender)
S3 PSSvc; C:\Program Files\Acer\PredatorSense Service\PSSvc.exe [979736 2019-10-09] (Acer Incorporated -> Acer Incorporated)
R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13686080 2021-01-13] (Adlice -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [170840 2020-11-13] (Bitdefender SRL -> Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [803576 2020-10-02] (Bitdefender SRL -> Bitdefender)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 xTendSoftAPService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\xTendSoftAPService.exe [72808 2019-06-17] (Rivet Networks LLC -> Rivet Networks, LLC.)
S2 xTendUtilityService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\xTendUtilityService.exe [72816 2019-06-17] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvaci.inf_amd64_5691fa6e0332f879\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvaci.inf_amd64_5691fa6e0332f879\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
 

TDMoor

Posts: 36   +0
===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AcerAirplaneModeController; C:\WINDOWS\System32\drivers\AcerAirplaneModeController.sys [30168 2020-05-12] (Acer Incorporated -> Acer Incorporated)
R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [2151624 2020-09-16] (Bitdefender SRL -> Bitdefender S.R.L. Bucharest, ROMANIA)
R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [796200 2020-05-26] (Bitdefender SRL -> Bitdefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [22960 2019-03-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
R0 bdprivmon; C:\WINDOWS\System32\DRIVERS\bdprivmon.sys [46056 2020-01-17] (Bitdefender SRL -> © Bitdefender SRL)
R1 cbfsconnect2017; C:\Windows\system32\drivers\cbfsconnect2017.sys [480272 2019-10-07] (Microsoft Windows Hardware Compatibility Publisher -> Callback Technologies, Inc.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2021-01-25] (Malwarebytes Corporation -> Malwarebytes)
R0 Gemma; C:\WINDOWS\System32\DRIVERS\gemma.sys [473608 2020-09-14] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [195232 2020-09-03] (Bitdefender SRL -> BitDefender LLC)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [57728 2021-01-21] (SurfRight B.V. -> )
R2 Ignis; C:\WINDOWS\system32\DRIVERS\ignis.sys [185312 2020-10-07] (Bitdefender SRL -> Bitdefender)
R3 KfeCoSvc; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KfeCo10X64.sys [162432 2019-06-17] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220160 2021-01-25] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-01-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [197792 2021-01-25] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-01-25] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-01-25] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [141472 2021-01-25] (Malwarebytes Inc -> Malwarebytes)
R2 NDivert; C:\WINDOWS\System32\drivers\NDivert.sys [101600 2020-12-29] (TEFINCOM S.A. -> )
R3 nlwt; C:\WINDOWS\System32\drivers\nlwt.sys [39360 2020-10-25] (TEFINCOM S.A. -> WireGuard LLC)
R1 nordlwf; C:\WINDOWS\system32\DRIVERS\nordlwf.sys [38608 2020-07-10] (TEFINCOM S.A. -> TEFINCOM S.A.)
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [38032 2021-01-25] (Adlice -> )
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [640760 2020-06-09] (Bitdefender SRL -> Bitdefender)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
S1 amsdk; \??\C:\WINDOWS\system32\drivers\amsdk.sys [X]
S3 cpuz148; \??\C:\WINDOWS\temp\cpuz148\cpuz148_x64.sys [X]
S3 semav6msr64; \??\C:\WINDOWS\system32\drivers\semav6msr64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-25 11:50 - 2021-01-25 11:50 - 000000000 ____D C:\Users\Predator\Downloads\FRST-OlderVersion
2021-01-25 07:35 - 2021-01-25 07:35 - 000000000 ____D C:\Users\Predator\AppData\LocalLow\IGDump
2021-01-25 07:24 - 2021-01-25 07:24 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-01-25 07:24 - 2021-01-25 07:24 - 000197792 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-01-25 07:24 - 2021-01-25 07:24 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-01-25 07:24 - 2021-01-25 07:24 - 000141472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-01-25 07:24 - 2021-01-25 07:24 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-01-25 07:24 - 2021-01-25 07:24 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-01-25 07:24 - 2021-01-25 07:24 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-01-25 07:24 - 2021-01-25 07:24 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-01-25 07:24 - 2021-01-25 07:24 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-01-25 07:23 - 2021-01-25 07:23 - 000085636 _____ C:\ProgramData\agent.update.1611544978.bdinstall.v2.bin
2021-01-25 07:23 - 2021-01-25 07:23 - 000000000 ____D C:\Program Files\Malwarebytes
2021-01-25 07:12 - 2021-01-25 07:12 - 000000000 ____D C:\ProgramData\48C4687D-9760-4F5B-BAB3-60351B0841E4
2021-01-25 07:11 - 2021-01-25 07:16 - 000000000 ____D C:\ProgramData\RogueKiller
2021-01-25 07:11 - 2021-01-25 07:11 - 000038032 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2021-01-25 07:11 - 2021-01-25 07:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2021-01-25 07:11 - 2021-01-25 07:11 - 000000000 ____D C:\Program Files\RogueKiller
2021-01-25 07:08 - 2021-01-25 07:08 - 000000000 __RDL C:\Users\Predator\Box
2021-01-24 14:33 - 2021-01-24 14:34 - 000061437 _____ C:\Users\Predator\Downloads\Addition.txt
2021-01-24 13:49 - 2021-01-25 11:51 - 000024390 _____ C:\Users\Predator\Downloads\FRST.txt
2021-01-24 13:48 - 2021-01-25 11:51 - 000000000 ____D C:\FRST
2021-01-24 13:46 - 2021-01-25 11:50 - 002297344 _____ (Farbar) C:\Users\Predator\Downloads\FRST64.exe
2021-01-24 12:54 - 2021-01-24 12:54 - 008457584 _____ (Malwarebytes) C:\Users\Predator\Downloads\adwcleaner_8.0.9.1.exe
2021-01-24 12:53 - 2021-01-24 12:53 - 000003802 _____ C:\WINDOWS\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2021-01-24 12:53 - 2021-01-24 12:53 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-24 12:53 - 2021-01-24 12:53 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-01-24 12:51 - 2021-01-24 12:51 - 000003866 _____ C:\WINDOWS\system32\Tasks\Power_a17007
2021-01-24 12:50 - 2021-01-24 12:50 - 000003430 _____ C:\WINDOWS\system32\Tasks\InstallShield® Setup Engine Kernel
2021-01-21 16:43 - 2021-01-23 12:03 - 000029734 _____ C:\Users\Predator\.babel.json
2021-01-21 16:08 - 2021-01-21 16:08 - 000000000 ____D C:\Users\Predator\AppData\Local\node-gyp
2021-01-21 15:49 - 2021-01-21 15:49 - 000000290 _____ C:\Users\Predator\.gitconfig
2021-01-21 15:49 - 2021-01-21 15:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
2021-01-21 15:49 - 2021-01-21 15:49 - 000000000 ____D C:\Program Files\Git
2021-01-21 15:38 - 2021-01-23 11:15 - 000000000 ____D C:\Users\Predator\AppData\Roaming\npm-cache
2021-01-21 15:38 - 2021-01-21 15:38 - 000000000 ____D C:\Users\Predator\.config
2021-01-21 15:37 - 2021-01-21 15:37 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Ganache
2021-01-21 15:26 - 2021-01-21 15:26 - 000000000 ____D C:\Users\Predator\AppData\Local\Package Cache
2021-01-21 15:26 - 2021-01-21 15:26 - 000000000 ____D C:\Python39
2021-01-21 15:26 - 2021-01-21 15:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.9
2021-01-21 15:25 - 2021-01-21 15:25 - 000000000 ____D C:\Users\Predator\AppData\Roaming\NuGet
2021-01-21 15:24 - 2021-01-21 15:38 - 000000000 ____D C:\Users\Predator\AppData\Roaming\npm
2021-01-21 15:24 - 2021-01-21 15:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js
2021-01-21 15:24 - 2021-01-21 15:24 - 000000000 ____D C:\Program Files\nodejs
2021-01-21 12:13 - 2021-01-21 12:13 - 000000312 _____ C:\WINDOWS\system32\.crusader
2021-01-21 12:10 - 2021-01-21 12:14 - 000057728 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2021-01-21 11:48 - 2021-01-21 12:30 - 000064959 _____ C:\WINDOWS\ZAM.krnl.trace
2021-01-21 11:48 - 2021-01-21 12:30 - 000000000 ____D C:\Users\Predator\AppData\Local\AMSDK
2021-01-21 11:48 - 2021-01-21 11:48 - 000000000 ____D C:\Users\Predator\AppData\Local\Zemana
2021-01-21 11:10 - 2021-01-21 11:12 - 000000000 ____D C:\AdwCleaner
2021-01-21 10:54 - 2021-01-21 11:04 - 000477624 _____ C:\WINDOWS\ntbtlog.txt
2021-01-21 10:54 - 2021-01-21 10:54 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2021-01-21 10:49 - 2021-01-21 10:49 - 000099608 _____ C:\ProgramData\vpn.uninstall.1611211736.bdinstall.v2.bin
2021-01-21 08:17 - 2021-01-21 08:17 - 000196800 _____ C:\ProgramData\vpn.1611202658.bdinstall.v2.bin
2021-01-21 08:10 - 2021-01-25 07:24 - 000220160 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-01-21 08:10 - 2021-01-21 08:19 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2021-01-21 08:10 - 2021-01-21 08:10 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\4524E26C.sys
2021-01-21 08:10 - 2021-01-21 08:10 - 000000000 ____D C:\Program Files (x86)\Malwarebytes
2021-01-21 08:09 - 2021-01-21 08:09 - 000765208 _____ C:\ProgramData\cl.1611201876.bdinstall.v2.bin
2021-01-21 08:09 - 2021-01-21 08:09 - 000102248 _____ C:\ProgramData\cl.kit.1611201875.bdinstall.v2.bin
2021-01-21 08:09 - 2021-01-21 08:09 - 000000000 ____D C:\WINDOWS\system32\elambkup
2021-01-21 08:09 - 2021-01-21 08:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender Security
2021-01-21 08:09 - 2021-01-21 08:09 - 000000000 ____D C:\ProgramData\Gemma
2021-01-21 08:09 - 2021-01-21 08:09 - 000000000 ____D C:\ProgramData\BDLogging
2021-01-21 08:09 - 2020-09-16 13:26 - 002151624 _____ (Bitdefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\atc.sys
2021-01-21 08:09 - 2020-09-14 14:26 - 000473608 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\gemma.sys
2021-01-21 08:09 - 2020-05-26 13:23 - 000796200 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bddci.sys
2021-01-21 08:09 - 2020-01-17 02:03 - 000046056 _____ (© Bitdefender SRL) C:\WINDOWS\system32\Drivers\bdprivmon.sys
2021-01-21 08:09 - 2019-03-21 00:12 - 000022960 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
2021-01-21 08:08 - 2021-01-21 10:54 - 000000000 ____D C:\Program Files\Bitdefender
2021-01-21 08:08 - 2021-01-21 09:14 - 000000000 ____D C:\ProgramData\Bitdefender
2021-01-21 08:08 - 2021-01-21 08:08 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Bitdefender
2021-01-21 08:08 - 2020-10-07 11:30 - 000185312 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\ignis.sys
2021-01-21 08:08 - 2020-09-03 05:20 - 000195232 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2021-01-21 08:08 - 2020-06-09 17:13 - 000640760 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\trufos.sys
2021-01-21 08:04 - 2021-01-21 08:08 - 000000000 ____D C:\Program Files\Common Files\Bitdefender
2021-01-21 07:55 - 2021-01-25 07:23 - 000000000 ____D C:\Program Files\Bitdefender Agent
2021-01-21 07:55 - 2021-01-21 07:55 - 000117564 _____ C:\ProgramData\agent.1611201317.bdinstall.v2.bin
2021-01-21 07:55 - 2021-01-21 07:55 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2021-01-21 07:51 - 2021-01-21 07:51 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000025-000000.txt
2021-01-21 07:48 - 2021-01-21 08:10 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-01-20 22:21 - 2021-01-20 22:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2021-01-20 14:45 - 2021-01-20 14:45 - 000001425 _____ C:\WINDOWS\system32\default_error_stack-000024-000000.txt
2021-01-20 14:45 - 2021-01-20 14:45 - 000000000 ____D C:\WINDOWS\Panther
2021-01-19 08:10 - 2021-01-25 11:52 - 000000000 ____D C:\ProgramData\Cold Turkey
2021-01-19 08:10 - 2021-01-19 08:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cold Turkey Software
2021-01-19 08:10 - 2021-01-19 08:10 - 000000000 ____D C:\Program Files\Cold Turkey
2021-01-18 07:29 - 2021-01-18 07:29 - 000001425 _____ C:\WINDOWS\system32\default_error_stack-000023-000000.txt
2021-01-18 07:08 - 2021-01-18 07:10 - 000000000 ____D C:\Users\Predator\OneDrive\Documents\STAR WARS Battlefront II
2021-01-18 07:08 - 2021-01-18 07:08 - 000000000 ____D C:\Users\Predator\AppData\Local\STAR WARS Battlefront II
2021-01-13 21:23 - 2021-01-21 07:52 - 000000258 __RSH C:\ProgramData\ntuser.pol
2021-01-13 13:25 - 2021-01-13 13:25 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000022-000000.txt
2021-01-13 12:53 - 2021-01-13 12:53 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 001162240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-01-13 12:53 - 2021-01-13 12:53 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-13 12:53 - 2021-01-13 12:53 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-13 12:53 - 2021-01-13 12:53 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-13 12:53 - 2021-01-13 12:53 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-13 12:53 - 2021-01-13 12:53 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000467968 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-13 12:53 - 2021-01-13 12:53 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-13 12:53 - 2021-01-13 12:53 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-13 12:53 - 2021-01-13 12:53 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-13 12:53 - 2021-01-13 12:53 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-01-13 12:53 - 2021-01-13 12:53 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-01-13 12:53 - 2021-01-13 12:53 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-13 12:53 - 2021-01-13 12:53 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-13 12:53 - 2021-01-13 12:53 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-13 12:53 - 2021-01-13 12:53 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000010894 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-01-13 12:52 - 2021-01-13 12:52 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-13 12:52 - 2021-01-13 12:52 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-01-13 12:52 - 2021-01-13 12:52 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-01-13 12:52 - 2021-01-13 12:52 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-01-08 20:11 - 2021-01-04 18:49 - 001855192 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-01-08 20:11 - 2021-01-04 18:49 - 001855192 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-01-08 20:11 - 2021-01-04 18:49 - 001435864 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-01-08 20:11 - 2021-01-04 18:49 - 001435864 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-01-08 20:11 - 2021-01-04 18:49 - 000948952 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-01-08 20:11 - 2021-01-04 18:49 - 000948952 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-01-08 20:11 - 2021-01-04 18:48 - 001454488 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-01-08 20:11 - 2021-01-04 18:48 - 001193880 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-01-08 20:11 - 2021-01-04 18:48 - 001094880 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-01-08 20:11 - 2021-01-04 18:48 - 001094880 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 001512856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 001165720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 000690072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2021-01-08 20:11 - 2021-01-04 18:46 - 000680856 _____ C:\WINDOWS\system32\nvofapi64.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 000673688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 000610712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 000559000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 000548248 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 008262552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 007393176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 004612504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 002731928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 002104216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 001589144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 000813976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 000657816 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 000447384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2021-01-08 20:11 - 2021-01-04 18:44 - 000850840 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2021-01-08 20:11 - 2021-01-04 18:43 - 006071032 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2021-01-08 20:11 - 2020-12-31 18:01 - 000084159 _____ C:\WINDOWS\system32\nvinfo.pb
2021-01-08 15:16 - 2021-01-08 15:16 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000021-000000.txt
2021-01-08 14:53 - 2021-01-19 07:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-Link
2021-01-08 14:53 - 2021-01-19 07:51 - 000000000 ____D C:\Program Files (x86)\TP-Link
2021-01-08 14:53 - 2021-01-08 15:29 - 000000000 ____D C:\Users\Predator\AppData\Roaming\tpPLC
2021-01-08 14:53 - 2021-01-08 14:53 - 000000000 ____D C:\Users\Predator\AppData\Local\Downloaded Installations
2021-01-07 10:41 - 2020-12-29 17:02 - 000101600 _____ C:\WINDOWS\system32\Drivers\NDivert.sys
2021-01-05 15:55 - 2021-01-05 15:55 - 000000000 ____D C:\Users\Predator\AppData\LocalLow\Team Cherry
2020-12-29 08:57 - 2020-12-29 08:57 - 000001781 _____ C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MaxxAudio by Waves – Speaker Audio Control and Nx 3D Sound.lnk
2020-12-29 08:50 - 2020-12-29 08:50 - 000000000 ____D C:\WINDOWS\Firmware
2020-12-27 19:47 - 2021-01-13 20:29 - 000000000 ____D C:\Users\Predator\AppData\Local\ElevatedDiagnostics

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-25 11:50 - 2019-12-07 13:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-25 11:06 - 2019-12-07 13:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-01-25 10:50 - 2020-06-25 16:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-01-25 07:24 - 2020-06-08 07:24 - 000000000 ____D C:\Users\Predator\AppData\Local\CrashDumps
2021-01-25 07:24 - 2019-12-07 13:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-01-25 07:08 - 2020-06-25 15:38 - 000000000 ____D C:\Users\Predator
2021-01-25 07:08 - 2020-06-06 08:03 - 000001302 _____ C:\Users\Predator\Desktop\Box.lnk
2021-01-25 07:07 - 2020-05-29 00:50 - 000000000 ____D C:\ProgramData\NVIDIA
2021-01-24 21:31 - 2020-06-01 11:27 - 000000000 ____D C:\Program Files (x86)\Steam
2021-01-24 19:51 - 2020-11-08 18:28 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Origin
2021-01-24 19:51 - 2020-11-08 18:28 - 000000000 ____D C:\ProgramData\Origin
2021-01-24 19:11 - 2020-11-09 21:11 - 000000000 ____D C:\Program Files (x86)\Origin Games
2021-01-24 19:11 - 2020-11-08 18:28 - 000000000 ____D C:\Users\Predator\AppData\Local\Origin
2021-01-24 17:22 - 2020-11-02 17:19 - 000000000 ____D C:\Users\Predator\AppData\Local\Plex Media Server
2021-01-24 17:20 - 2020-08-16 15:48 - 000000000 ____D C:\Users\Predator\AppData\Local\BitTorrentHelper
2021-01-24 17:20 - 2020-08-16 15:47 - 000000000 ____D C:\Users\Predator\AppData\Roaming\uTorrent Web
2021-01-24 17:16 - 2020-06-23 15:07 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Code
2021-01-24 16:30 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-01-24 16:20 - 2020-05-28 00:18 - 000000000 ____D C:\Users\Predator\AppData\Local\Packages
2021-01-24 16:20 - 2020-05-27 22:25 - 000000000 ____D C:\ProgramData\Packages
2021-01-24 16:20 - 2020-05-27 22:20 - 000000000 ____D C:\Users\Predator\AppData\Local\PlaceholderTileLogoFolder
2021-01-24 16:20 - 2019-12-07 13:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-24 13:38 - 2020-06-25 16:43 - 001755600 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-01-24 13:38 - 2020-06-25 15:29 - 000778836 _____ C:\WINDOWS\system32\perfh019.dat
2021-01-24 13:38 - 2020-06-25 15:29 - 000157542 _____ C:\WINDOWS\system32\perfc019.dat
2021-01-24 13:38 - 2019-12-07 13:13 - 000000000 ____D C:\WINDOWS\INF
2021-01-24 13:33 - 2020-06-25 16:43 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-24 13:33 - 2020-06-25 16:39 - 000008192 ___SH C:\DumpStack.log.tmp
2021-01-24 13:33 - 2020-05-27 22:23 - 000000000 __SHD C:\Users\Predator\IntelGraphicsProfiles
2021-01-24 13:33 - 2020-05-27 22:23 - 000000000 ____D C:\Intel
2021-01-24 13:33 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-01-24 13:33 - 2019-12-07 13:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-01-24 12:50 - 2020-12-23 20:14 - 000003790 _____ C:\WINDOWS\system32\Tasks\Optimize Thumbnail Cache
2021-01-24 12:18 - 2020-06-01 10:12 - 000000000 ____D C:\Program Files\Microsoft Office
2021-01-24 10:06 - 2020-08-25 16:45 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Dabble
2021-01-24 07:33 - 2020-06-01 11:23 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Slack
2021-01-24 07:06 - 2020-09-03 22:16 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-24 07:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-01-22 08:33 - 2020-11-08 18:30 - 000000000 ____D C:\Program Files (x86)\Origin
2021-01-22 07:29 - 2020-05-27 22:20 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-22 07:12 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-01-21 20:18 - 2020-07-30 21:11 - 000007586 _____ C:\Users\Predator\AppData\Local\Resmon.ResmonCfg
2021-01-21 19:26 - 2020-07-09 08:40 - 000000000 ____D C:\Users\Predator\AppData\Roaming\obs-studio
2021-01-21 15:43 - 2020-06-23 15:07 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Studio Code
2021-01-21 15:39 - 2020-08-24 13:26 - 000000000 ____D C:\ProgramData\chocolatey
2021-01-21 15:26 - 2020-05-29 00:31 - 000000000 ____D C:\ProgramData\Package Cache
2021-01-21 11:12 - 2020-05-29 00:44 - 000000000 ____D C:\ProgramData\Acer
2021-01-21 10:48 - 2020-06-25 16:39 - 000312784 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-01-21 08:20 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2021-01-21 08:20 - 2019-12-07 13:14 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2021-01-21 08:05 - 2020-06-25 15:27 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-01-21 08:00 - 2020-05-27 22:24 - 000000000 ____D C:\Users\Predator\AppData\Local\D3DSCache
2021-01-20 22:16 - 2020-08-16 15:47 - 000001919 _____ C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent Web.lnk
2021-01-19 08:15 - 2020-06-23 10:15 - 000000000 ____D C:\Users\Predator\AppData\Roaming\immutable-launcher
2021-01-18 08:19 - 2020-12-15 07:13 - 000000000 ____D C:\Program Files (x86)\Epic Games
2021-01-18 08:15 - 2020-05-29 00:33 - 000000000 ____D C:\Program Files (x86)\Intel
2021-01-17 21:59 - 2020-11-09 23:31 - 000000000 ___HD C:\Program Files\Common Files\EAInstaller
2021-01-13 21:23 - 2019-03-19 08:52 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-01-13 13:25 - 2020-06-25 21:29 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-01-13 13:25 - 2019-12-07 18:48 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-13 13:25 - 2019-12-07 18:48 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-13 13:25 - 2019-12-07 18:44 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\IME
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-13 12:55 - 2019-12-07 13:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-01-13 12:52 - 2020-06-25 16:43 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-01-13 07:09 - 2020-05-27 22:38 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-01-13 07:08 - 2020-05-27 22:38 - 135062968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-01-12 20:58 - 2020-07-09 09:41 - 000000000 ____D C:\Users\Predator\AppData\Roaming\vlc
2021-01-12 07:25 - 2020-06-01 11:23 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies Inc
2021-01-12 07:25 - 2020-06-01 11:23 - 000000000 ____D C:\Users\Predator\AppData\Local\slack
2021-01-12 07:24 - 2020-05-27 22:41 - 000000000 ____D C:\Users\Predator\AppData\Local\SquirrelTemp
2021-01-09 08:49 - 2020-06-01 10:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-01-08 15:17 - 2020-06-06 08:00 - 000002509 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Box Drive.lnk
2021-01-07 10:42 - 2020-06-01 11:23 - 000000000 ____D C:\Users\Predator\AppData\Local\NordVPN
2021-01-07 10:41 - 2020-10-15 10:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordSec
2021-01-07 10:41 - 2020-08-13 13:05 - 000000000 ____D C:\ProgramData\NordVPN
2021-01-07 10:41 - 2020-08-13 13:05 - 000000000 ____D C:\Program Files\NordVPN
2021-01-04 18:43 - 2020-06-26 15:40 - 007115280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2021-01-03 09:18 - 2020-08-30 16:20 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Anki2
2021-01-02 21:44 - 2020-07-09 14:51 - 000000000 ____D C:\Users\Predator\OneDrive\Documents\The Witcher 3

==================== Files in the root of some directories ========

2020-07-30 21:11 - 2021-01-21 20:18 - 000007586 _____ () C:\Users\Predator\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 

TDMoor

Posts: 36   +0
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2021 01
Ran by Predator (25-01-2021 11:52:55)
Running from C:\Users\Predator\Downloads
Windows 10 Enterprise Version 20H2 19042.746 (X64) (2020-06-25 12:43:14)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1889391155-3959138193-832358570-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1889391155-3959138193-832358570-503 - Limited - Disabled)
Guest (S-1-5-21-1889391155-3959138193-832358570-501 - Limited - Disabled)
Predator (S-1-5-21-1889391155-3959138193-832358570-1001 - Administrator - Enabled) => C:\Users\Predator
WDAGUtilityAccount (S-1-5-21-1889391155-3959138193-832358570-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: Bitdefender Antivirus (Enabled - Up to date) {0E17DB7D-A20F-62CE-B95B-17DB0CDFE318}
FW: Bitdefender Firewall (Enabled) {362C5A58-E860-6396-9204-BEEEF20CA463}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
Anki (HKLM-x32\...\Anki) (Version: 2.1.35 - )
Apex Legends (HKLM-x32\...\{D7FBF176-382D-484E-863A-DFD1124A2A1C}) (Version: 1.0.5.0 - Electronic Arts, Inc.)
Belgium e-ID middleware 4.4.27 (build 4277) (HKLM\...\{DB942AEA-93D6-4FE4-8862-180D35A74277}) (Version: 4.4.4277 - Belgian Government)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 25.0.1.177 - Bitdefender)
Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 25.0.10.52 - Bitdefender)
Box (HKLM\...\{C1A6C984-4C0F-4C47-8DAD-5745EA8BC101}) (Version: 2.19.294 - Box, Inc.)
Cold Turkey Blocker (HKLM\...\{6498E673-B9C2-4544-A722-1E854B5B573E}_is1) (Version: 4.1 - Cold Turkey Software, Inc.)
Dabble 1.6.3 (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\544dca61-9865-5e8b-812f-c37d8d6689f2) (Version: 1.6.3 - Jacob Wright)
Epic Games Launcher (HKLM-x32\...\{FEF3A9BA-A962-4469-AD62-04839D4BB847}) (Version: 1.1.298.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{6D70A161-C29B-441B-9AA5-2ABBAB3B4B4D}) (Version: 1.1.1.0 - Epic Games, Inc.)
Excel (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
Git version 2.30.0.2 (HKLM\...\Git_is1) (Version: 2.30.0.2 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.104 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Immutable 0.13.2 (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\{6ae4b193-3f11-53fc-9cc5-14b1f1a73184}) (Version: 0.13.2 - Immutable)
Intel(R) Chipset Device Software (HKLM-x32\...\{70281077-96c3-4f75-938c-dc4746110c00}) (Version: 10.1.17903.8106 - Intel(R) Corporation)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.5.10103.7263 - Intel Corporation)
Intel(R) Graphics Driver Software (HKLM-x32\...\{2e312ef6-e0d3-4dc4-bce3-1fc8264ddb12}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{7cd4cd84-8203-4ef3-92b4-ed60c8210241}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{8a13c1a0-15ca-4939-92ea-9a745169ba28}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{b0307f85-280a-491f-8f69-4678e4100558}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{bd73e01d-c055-4533-8bc3-1f9489e66168}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{fb198756-7be7-4730-8f2e-282d5e71e412}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 17.2.0.1009 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000020-0220-1033-84C8-B8D95FA3C8C3}) (Version: 22.20.0.3 - Intel Corporation)
Killer Drivers (HKLM\...\{79D3BD20-5240-45E8-A367-2082C0DE299F}) (Version: 2.2.1460 - Rivet Networks)
Killer Ethernet Performance Driver Suite UWD (HKLM\...\{2BC138AD-0144-4B09-998B-77D25B26B1FA}) (Version: 2.0.1159 - Rivet Networks)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft Access 2016 - en-us (HKLM\...\AccessRetail - en-us) (Version: 16.0.13530.20440 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.50 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.71 - )
Microsoft Excel 2016 - en-us (HKLM\...\ExcelRetail - en-us) (Version: 16.0.13530.20440 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 12.181.137.0 - Microsoft Corporation)
Microsoft Outlook 2016 - en-us (HKLM\...\OutlookRetail - en-us) (Version: 16.0.13530.20440 - Microsoft Corporation)
Microsoft PowerPoint 2016 - en-us (HKLM\...\PowerPointRetail - en-us) (Version: 16.0.13530.20440 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.26.28720 (HKLM-x32\...\{7d607fb4-7e28-4c7a-a92f-3fcdaf555faf}) (Version: 14.26.28720.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.26.28720 (HKLM-x32\...\{86380aef-fd23-4fc3-8723-a98ccad8f2c6}) (Version: 14.26.28720.3 - Microsoft Corporation)
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.52.1 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.18.1111.805 - Microsoft Corporation)
Microsoft Word 2016 - en-us (HKLM\...\WordRetail - en-us) (Version: 16.0.13530.20440 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Node.js (HKLM\...\{70453304-793B-4FAB-A673-FB14AF816C9B}) (Version: 14.15.4 - Node.js Foundation)
NordVPN (HKLM\...\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 6.33.10.0 - TEFINCOM S.A.)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
NordVPN network TUN (HKLM\...\{BD0E4F38-D3F6-452D-A32E-B14D721839AC}) (Version: 1.0.1 - NordVPN)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden
NVIDIA FrameView SDK 1.1.4923.29214634 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29214634 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.20.5.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.5.70 - NVIDIA Corporation)
NVIDIA Graphics Driver 461.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 461.09 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NVIDIA USBC Driver 1.46.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.46.831.832 - NVIDIA Corporation)
NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 25.0.8 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13530.20440 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13530.20440 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13530.20440 - Microsoft Corporation) Hidden
OptaneDowngradeGuard (HKLM\...\{86B0E6C1-32E0-42CC-BC4F-BF3C0730CECB}) (Version: 18.0.0.0 - Intel Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.5.90.46284 - Electronic Arts, Inc.)
Outlook (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)
Paradox Launcher v2 (HKLM\...\{A92DB5D9-A24D-4678-9F91-B4FA6D895718}) (Version: 2.0.4.0 - Paradox Interactive)
Plex Media Server (HKLM-x32\...\{4a5565be-c707-413a-baa1-d5eccde17706}) (Version: 1.21.1.3876 - Plex, Inc.)
Plex Media Server (HKLM-x32\...\{83F0AA15-A6F5-499C-B5D1-34F7780DE904}) (Version: 1.21.1876 - Plex, Inc.) Hidden
PowerPoint (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
PredatorSense Service (HKLM\...\{8D399C7A-8693-4BDE-9D22-D43CBB8BBF62}) (Version: 3.00.3136 - Acer Incorporated)
Python 3.9.1 (64-bit) (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\{b2be55ad-3177-42aa-a6c2-53004684e4ea}) (Version: 3.9.1150.0 - Python Software Foundation)
Python 3.9.1 Add to Path (64-bit) (HKLM\...\{5AD5ED9C-14D1-4CFA-B4B1-A02CE8916D9F}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Core Interpreter (64-bit) (HKLM\...\{1C00F581-D5BF-491E-B1BB-72AA3A2250E5}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Development Libraries (64-bit) (HKLM\...\{27AD952D-DD9D-4AAC-B486-8AA601BFA064}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Documentation (64-bit) (HKLM\...\{5CB3AEED-BB03-47E2-BFF1-0CA58C236895}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Executables (64-bit) (HKLM\...\{71A9F41D-A865-46D4-A650-B210150DEF2A}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 pip Bootstrap (64-bit) (HKLM\...\{EF2B9385-6453-4702-9584-21BA8288D157}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Standard Library (64-bit) (HKLM\...\{5DD5C023-790B-4F1B-9B1B-8D1BC48F3057}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Tcl/Tk Support (64-bit) (HKLM\...\{414B5372-24FD-4302-8090-B9CE5564A6DD}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Test Suite (64-bit) (HKLM\...\{A7EC4DEB-8ABD-471D-BB5B-E579EBC9B043}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Utility Scripts (64-bit) (HKLM\...\{47A9647A-A576-4751-9C37-D32EB70285A3}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{FFC95928-6A14-4FB3-8D73-7A62382F66AC}) (Version: 3.9.7280.0 - Python Software Foundation)
REDlauncher (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\{7258BA11-600C-430E-A759-27E2C691A335}-REDlauncher_is1) (Version: - GOG.com)
RogueKiller version 14.8.4.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 14.8.4.0 - Adlice Software)
RstDowngradeGuard (HKLM\...\{13C2A26E-7AD4-4D82-BB4F-DEA6E871B958}) (Version: 18.0.0.0 - Intel Corporation) Hidden
Slack (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\slack) (Version: 4.12.2 - Slack Technologies Inc.)
STAR WARS™ Battlefront™ II (HKLM-x32\...\{8a882ce0-0c0b-4eb2-850c-28ebadab4f50}) (Version: 1.1.8.16162 - Electronic Arts)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stopping Plex (HKLM-x32\...\{2DEE500C-6080-45ED-90B0-17C666DB4B6C}) (Version: 1.21.1876 - Plex, Inc.) Hidden
uTorrent Web (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\utweb) (Version: 1.1.3 - BitTorrent, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Windows SDK AddOn (HKLM-x32\...\{1E76DFA7-96F3-4281-8E41-8A226C3E42EE}) (Version: 10.1.0.0 - Microsoft Corporation)
WinRAR 5.90 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.90.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\ZoomUMX) (Version: 5.2.0 (42619.0804) - Zoom Video Communications, Inc.)

Packages:
=========
Ganache -> C:\Program Files\WindowsApps\GanacheUI_2.5.4.0_x64__5dg5pnz03psnj [2021-01-21] (Truffle)
Killer Control Center -> C:\Program Files\WindowsApps\RivetNetworks.KillerControlCenter_2.1.2925.0_x64__rh07ty8m5nkag [2020-05-27] (Rivet Networks LLC) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-05-28] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-05-28] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.959.0_x64__56jybvy8sckqj [2021-01-08] (NVIDIA Corp.)
PredatorSense_V30 -> C:\Program Files\WindowsApps\AcerIncorporated.PredatorSenseV30_3.0.3136.0_x64__48frkmn4z8aw4 [2020-05-29] (Acer Incorporated)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.9.214.0_x64__dt26b99r8h8gj [2020-05-27] (Realtek Semiconductor Corp)
Waves MaxxAudio For Acer -> C:\Program Files\WindowsApps\WavesAudio.20761030F5EAC_1.0.67.0_x64__fh4rh281wavaa [2020-05-27] (Waves Audio)
Windows Terminal -> C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.4.3243.0_x64__8wekyb3d8bbwe [2021-01-24] (Microsoft Corporation) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1889391155-3959138193-832358570-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Predator\AppData\Local\Microsoft\OneDrive\20.064.0329.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1889391155-3959138193-832358570-1001_Classes\CLSID\{220d4c62-e55b-4ba8-8a2a-4893f134b062}\localserver32 -> C:\Program Files\Cold Turkey\Cold Turkey Blocker.exe (Cold Turkey Software, Inc. -> Cold Turkey Software Inc.)
CustomCLSID: HKU\S-1-5-21-1889391155-3959138193-832358570-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> "C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-1889391155-3959138193-832358570-1001_Classes\CLSID\{4E519A5C-D30A-4057-822B-80000AE06C3B}\localserver32 -> C:\Windows\System32\DriverStore\FileRepository\wavesapo77ac.inf_amd64_b71853ad38306f1c\WavesSvc64.exe (Waves Inc -> Waves Audio Ltd.)
CustomCLSID: HKU\S-1-5-21-1889391155-3959138193-832358570-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Predator\AppData\Local\Microsoft\OneDrive\20.064.0329.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1889391155-3959138193-832358570-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Predator\AppData\Local\Microsoft\OneDrive\20.064.0329.0008\amd64\FileSyncShell64.dll => No File
SSODL: CallbackTechMountNotificator-cbfsconnect2017 - {E0B5A2AD-5A60-43C1-8657-B6E698942300} - C:\Windows\system32\cbfsconnectMntNtf2017.dll (Callback Technologies, Inc. -> Callback Technologies, Inc.)
SSODL-x32: CallbackTechMountNotificator-cbfsconnect2017 - {E0B5A2AD-5A60-43C1-8657-B6E698942300} - C:\Windows\SysWOW64\cbfsconnectMntNtf2017.dll (Callback Technologies, Inc. -> Callback Technologies, Inc.)
ShellServiceObjects: Virtual Storage Mount Notification -> {E0B5A2AD-5A60-43C1-8657-B6E698942300} => C:\Windows\system32\cbfsconnectMntNtf2017.dll [2019-10-07] (Callback Technologies, Inc. -> Callback Technologies, Inc.)
ShellServiceObjects-x32: Virtual Storage Mount Notification -> {E0B5A2AD-5A60-43C1-8657-B6E698942300} => C:\Windows\SysWOW64\cbfsconnectMntNtf2017.dll [2019-10-07] (Callback Technologies, Inc. -> Callback Technologies, Inc.)
ShellIconOverlayIdentifiers: [ BoxAvailableOffline] -> {8D0A4E1B-C25A-4AF8-8DA7-531929C02958} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [ BoxLocked] -> {1B927815-D431-48B1-A746-6FF91FB35431} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [ BoxLockedByOther] -> {73C8BC94-4A51-413B-B927-829449EAFA75} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [ BoxProblem] -> {8BBBCFB6-60E2-4C0F-BB31-10434068E2BE} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [ BoxSynced] -> {04B9BDFA-0C53-4F36-A77F-51F53E3EF3EC} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [ BoxSyncing] -> {2FFF193C-5891-4B26-B363-40D3B5257FE9} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ BoxAvailableOffline] -> {8D0A4E1B-C25A-4AF8-8DA7-531929C02958} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers-x32: [ BoxLocked] -> {1B927815-D431-48B1-A746-6FF91FB35431} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers-x32: [ BoxLockedByOther] -> {73C8BC94-4A51-413B-B927-829449EAFA75} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers-x32: [ BoxProblem] -> {8BBBCFB6-60E2-4C0F-BB31-10434068E2BE} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers-x32: [ BoxSynced] -> {04B9BDFA-0C53-4F36-A77F-51F53E3EF3EC} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers-x32: [ BoxSyncing] -> {2FFF193C-5891-4B26-B363-40D3B5257FE9} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [PeContextMenuExtension] -> {098A124A-AA1C-38C8-A65E-D1199A14516A} => C:\Program Files (x86)\Common Files\Wondershare\PDFelement\AddIns\PEShellExt_x64.dll [2020-09-28] (Wondershare Technology Co.,Ltd -> Wondershare)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-01-25] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvaci.inf_amd64_5691fa6e0332f879\nvshext.dll [2021-01-04] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-01-25] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm --app-url=hxxps://excel.office.com/
ShortcutWithArgument: C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb --app-url=hxxps://outlook.com/
ShortcutWithArgument: C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf --app-url=hxxps://powerpoint.office.com/
ShortcutWithArgument: C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Videostream for Google Chromecast™.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=cnciopoikihiagdjbjpnocolokfelagl

==================== Loaded Modules (Whitelisted) =============

2021-01-19 08:10 - 2017-11-01 20:58 - 001246208 _____ (Robert Simpson, et al.) [File not signed] [File is in use] C:\Program Files\Cold Turkey\x86\SQLite.Interop.dll
2021-01-19 08:10 - 2017-11-01 20:58 - 001537024 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Cold Turkey\x64\SQLite.Interop.dll
2020-11-08 18:30 - 2020-11-08 18:30 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2020-11-08 18:30 - 2020-11-08 18:30 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2020-11-08 18:30 - 2020-11-08 18:30 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2021-01-22 08:33 - 2020-11-08 18:30 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2021-01-22 08:33 - 2020-11-08 18:30 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2021-01-22 08:33 - 2020-11-08 18:30 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2021-01-22 08:33 - 2020-11-08 18:30 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2021-01-22 08:33 - 2020-11-08 18:30 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2021-01-22 08:33 - 2020-11-08 18:30 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-1889391155-3959138193-832358570-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://google.com/
BHO: Bitdefender Trackers Blocking -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:\Program Files\Bitdefender\Bitdefender Security\bdtbie.dll [2020-11-13] (Bitdefender SRL -> Bitdefender)
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2020-11-13] (Bitdefender SRL -> Bitdefender)
BHO: No Name -> {E0B5A2AD-5A60-43C1-8657-B6E698942300}' -> No File
BHO-x32: Bitdefender Trackers Blocking -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:\Program Files\Bitdefender\Bitdefender Security\antispam32\bdtbie.dll [2020-11-13] (Bitdefender SRL -> Bitdefender)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2020-11-13] (Bitdefender SRL -> Bitdefender)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: No Name -> {E0B5A2AD-5A60-43C1-8657-B6E698942300}' -> No File
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2020-11-13] (Bitdefender SRL -> Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2020-11-13] (Bitdefender SRL -> Bitdefender)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 08:49 - 2021-01-25 11:07 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Python39\Scripts\;C:\Python39\;C:\Python38\Scripts\;C:\Python38\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\ProgramData\chocolatey\bin;C:\Program Files\Git LFS;C:\Program Files\nodejs\;C:\Program Files\Git\cmd
HKU\S-1-5-21-1889391155-3959138193-832358570-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: NordVPN LightWeight Firewall -> NordLwf (enabled)
WiFi: NordVPN LightWeight Firewall -> NordLwf (enabled)
Ethernet 2: NordVPN LightWeight Firewall -> NordLwf (enabled)
 

TDMoor

Posts: 36   +0
==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{30607531-800C-4832-8643-5BD7E0ECA1B2}C:\users\predator\downloads\apollo\gods unchained\standalonewindows64\gods.exe] => (Allow) C:\users\predator\downloads\apollo\gods unchained\standalonewindows64\gods.exe => No File
FirewallRules: [TCP Query User{B39F257D-BF6D-4B24-BFA5-41FAF02C2574}C:\users\predator\downloads\apollo\gods unchained\standalonewindows64\gods.exe] => (Allow) C:\users\predator\downloads\apollo\gods unchained\standalonewindows64\gods.exe => No File
FirewallRules: [UDP Query User{4691B83A-E942-4A92-A86E-C95F6A5C08D0}C:\users\predator\appdata\local\programs\immutable-launcher\immutable.exe] => (Allow) C:\users\predator\appdata\local\programs\immutable-launcher\immutable.exe (FUEL GAMES PTY LTD -> Immutable)
FirewallRules: [TCP Query User{A68D2B54-07D1-4507-8AAE-936DD073C938}C:\users\predator\appdata\local\programs\immutable-launcher\immutable.exe] => (Allow) C:\users\predator\appdata\local\programs\immutable-launcher\immutable.exe (FUEL GAMES PTY LTD -> Immutable)
FirewallRules: [{749AB571-3E65-4684-A86C-58DB274EEFF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe => No File
FirewallRules: [{BDA5AEA6-A1F2-4D8B-B20B-5AF587A6C684}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe => No File
FirewallRules: [{BD6B02E7-F128-4360-8EFD-DF84824B7ACE}] => (Block) C:\users\predator\appdata\local\programs\upwork\upwork.exe => No File
FirewallRules: [{6520F244-37BF-49F2-91FB-1E73FE0238E6}] => (Block) C:\users\predator\appdata\local\programs\upwork\upwork.exe => No File
FirewallRules: [{5AC84A4A-AF6E-4E99-BE9C-63AD921E70B8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{35AD696D-F172-4A04-935C-8CFD7D0556D8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{2DE182D3-5804-4B94-AE5B-6831B130692F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RimWorld\RimWorldWin64.exe () [File not signed]
FirewallRules: [{5AE80C86-5829-4376-ACE2-C927E3CC022D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RimWorld\RimWorldWin64.exe () [File not signed]
FirewallRules: [{FA92D2B3-EDA5-479C-900C-43E5B2133B3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe => No File
FirewallRules: [{D5991069-3FAA-4819-BCF3-53865FC9DF95}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe => No File
FirewallRules: [{6A6272F0-EFE0-4BA1-9FBA-3FF393B25803}] => (Block) C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe => No File
FirewallRules: [{26F0DDC5-E644-4AD8-AE56-233088842827}] => (Block) C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe => No File
FirewallRules: [UDP Query User{52243E87-4240-4D88-9FA3-434EFAD0602E}C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe => No File
FirewallRules: [TCP Query User{D9A9D9CF-1D2E-4205-B302-BE3C8EC5EBB9}C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe => No File
FirewallRules: [{A221BEDA-5AC1-48D0-8A61-8A07535951B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed]
FirewallRules: [{76A9B99B-ED05-4968-8A80-4EB6C411BF4B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed]
FirewallRules: [{E108D91D-4C0B-428B-B4A3-3F9EA8FBDB1C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{1EC9F616-CABC-4E36-BEB6-A36C4074C4BC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{A297773B-2450-4240-91B1-E620FFD9ABDA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{D77D211B-51D3-4892-AC4F-93D9668C00A3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{77A85CBC-CBB1-4648-B3E3-5107CA8D4B6E}] => (Allow) C:\Program Files\Acer\PredatorSense Service\PSMobile.exe (Acer Incorporated -> Acer Incorporated)
FirewallRules: [UDP Query User{9EB0445A-D44A-4B17-991C-6B469F5AF9A4}C:\games\world_of_tanks_eu\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_eu\win64\worldoftanks.exe => No File
FirewallRules: [TCP Query User{AC2CD6DE-E315-4121-8B4C-67B684AF8AEB}C:\games\world_of_tanks_eu\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_eu\win64\worldoftanks.exe => No File
FirewallRules: [{C39684F0-0C2E-4997-9632-64C8A0BF5BC7}] => (Allow) LPort=1688
FirewallRules: [{23BEE4BC-57FF-4DA7-90CE-596458857A3B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{53A220CD-2F57-41FD-9DFE-4654DE30539A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{4267FEDD-B5B9-40FF-83D9-C6EFD022B690}C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe => No File
FirewallRules: [UDP Query User{1E0B71AD-47C9-46A4-A05D-5A4C1D8F3358}C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe => No File
FirewallRules: [{16827971-00BA-4101-8016-1065CAA56CDE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [{0878BBEC-6A36-4133-B240-53B05A7893A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [TCP Query User{E71AF805-F8B1-42F3-90B5-E5321E8450DB}C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe => No File
FirewallRules: [UDP Query User{FB78546C-7820-4976-82E0-2FAE75FC25C8}C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe => No File
FirewallRules: [{04D721C8-E162-4CB1-9EE4-4406CD8ED208}] => (Allow) C:\Users\Predator\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{4A94D10A-4287-4C85-A6AE-BA4AE816A2F7}] => (Allow) C:\Users\Predator\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{858743D4-4B72-4BEF-A533-73AD889F2724}] => (Allow) C:\Users\Predator\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{B365C743-5FC8-46FF-883C-20C8B41BD82D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe => No File
FirewallRules: [{48C1483B-ACBD-44A9-ADD1-429BD2DD7294}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe => No File
FirewallRules: [{E520C0C9-EBBC-476C-8B54-2B3E792A33EB}] => (Allow) C:\Users\Predator\AppData\Roaming\uTorrent Web\utweb.exe (Jenkins Win Client Build CA -> BitTorrent Inc.) [File not signed]
FirewallRules: [{707F8CDA-3444-4054-B1F7-3D1889B042E2}] => (Allow) C:\Users\Predator\AppData\Roaming\uTorrent Web\utweb.exe (Jenkins Win Client Build CA -> BitTorrent Inc.) [File not signed]
FirewallRules: [TCP Query User{59F05CC7-B590-455A-89A9-93F699E599EA}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{3D0A8F2F-F33F-45DF-AF78-164066464E4A}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{C0827ACE-9708-41E4-8C2E-3DBC09CDAF97}C:\users\predator\appdata\roaming\utorrent web\utweb.exe] => (Allow) C:\users\predator\appdata\roaming\utorrent web\utweb.exe (Jenkins Win Client Build CA -> BitTorrent Inc.) [File not signed]
FirewallRules: [UDP Query User{9425FF70-3FB5-4FD4-8A53-D45722910214}C:\users\predator\appdata\roaming\utorrent web\utweb.exe] => (Allow) C:\users\predator\appdata\roaming\utorrent web\utweb.exe (Jenkins Win Client Build CA -> BitTorrent Inc.) [File not signed]
FirewallRules: [{3F1AA302-E477-4BCA-8E5F-BFEF8577E9D0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{4B1FE329-A3B6-4284-A263-7D2E5E1B62FF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{4D000003-5E6F-469E-8631-45D67B5381A8}] => (Allow) LPort=5556
FirewallRules: [{A218392C-2D4D-4D18-9D37-FD1E21D5FC74}] => (Allow) LPort=5558
FirewallRules: [{FC21407D-FDDD-4BEF-993C-D1E527D375C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Noita\noita.exe () [File not signed]
FirewallRules: [{5900202B-4B0B-40BA-9C0E-679B4B80249D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Noita\noita.exe () [File not signed]
FirewallRules: [{CB642A24-BE88-4508-B615-BA67907B5A04}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3744750E-62ED-4E11-A0B8-9CE16A335CE3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F9B1B90C-7E30-48CD-AFB2-A0AB5C34CF1B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{9515CEA7-7D38-4141-9993-875645BA41D2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{05E213DC-9D30-4D24-B94B-4396481EA4A4}] => (Allow) D:\SteamLibrary\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{1BF4B660-5576-405D-9697-77DEA6D1F498}] => (Allow) D:\SteamLibrary\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{430F94D4-4A80-461E-A5D0-560E852CC73B}] => (Allow) C:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{17343607-9A23-4D65-8F93-7F7CDBFBD1EA}] => (Allow) C:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{0136B642-4A42-4D68-9E6C-BB2BB338B29A}] => (Allow) D:\SteamLibrary\steamapps\common\Frostpunk\Frostpunk.exe (Marek Ziemak -> 11 bit studios S.A.)
FirewallRules: [{DDF5C115-054B-4042-9CC9-869696E37C20}] => (Allow) D:\SteamLibrary\steamapps\common\Frostpunk\Frostpunk.exe (Marek Ziemak -> 11 bit studios S.A.)
FirewallRules: [{B4E2CD39-0C62-467B-B29A-C9EC1F69DFA4}] => (Allow) D:\SteamLibrary\steamapps\common\Risk of Rain 2\Risk of Rain 2.exe () [File not signed]
FirewallRules: [{CEC25D48-DE11-41B0-B340-5AC78125697B}] => (Allow) D:\SteamLibrary\steamapps\common\Risk of Rain 2\Risk of Rain 2.exe () [File not signed]
FirewallRules: [{919FF8F5-EE4C-48EB-8E52-A966F393C67C}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x64\Hades.exe () [File not signed]
FirewallRules: [{B53A6CA0-6B55-4B41-AB38-36EF666710C2}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x64\Hades.exe () [File not signed]
FirewallRules: [{477081A5-2536-4021-AE0A-9CE82BE8CCC4}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x64Vk\Hades.exe () [File not signed]
FirewallRules: [{7739B2FB-C548-4C86-BFDA-C4D3DE1032CB}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x64Vk\Hades.exe () [File not signed]
FirewallRules: [{4AEDDCED-CA5C-4710-80E7-56CF5A03B816}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x86\Hades.exe () [File not signed]
FirewallRules: [{2A892D41-A607-42A3-980E-6FA7596C313C}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x86\Hades.exe () [File not signed]
FirewallRules: [{C60A52D3-9D64-4464-B3B5-EAA9B587EA09}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings III\launcher\dowser.exe => No File
FirewallRules: [{4F7B4150-B6B5-42C3-8D34-58185A1AFF92}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings III\launcher\dowser.exe => No File
FirewallRules: [{5F79DD4B-C8ED-4EC0-8B9E-59FC9CFB2B7B}] => (Allow) D:\SteamLibrary\steamapps\common\Cyberpunk 2077\REDprelauncher.exe (GOG Sp. z o.o. -> GOG.com)
FirewallRules: [{A1DEF92D-6B1B-4AA4-9450-7454CF9DE8C3}] => (Allow) D:\SteamLibrary\steamapps\common\Cyberpunk 2077\REDprelauncher.exe (GOG Sp. z o.o. -> GOG.com)
FirewallRules: [TCP Query User{80DFDF74-D9F2-4DCA-9D3C-9A18116B9276}D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [UDP Query User{BA79B7DC-F04A-43F6-94C3-830EAEE4CB8E}D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [{152AE6EA-7CDE-40F7-A6BA-BC8C50D2EF02}] => (Allow) D:\SteamLibrary\steamapps\common\OxygenNotIncluded\OxygenNotIncluded.exe () [File not signed]
FirewallRules: [{F19D12E7-EFC2-4097-B951-86EBFD2936BB}] => (Allow) D:\SteamLibrary\steamapps\common\OxygenNotIncluded\OxygenNotIncluded.exe () [File not signed]
FirewallRules: [{0A73930D-97CB-431C-BD9C-EC7888A4048F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{50D43171-131F-48C1-AB3A-19E2F016A731}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CFBBAA07-A265-42D6-9391-9F1A51522F68}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{61ED058C-9686-4C1B-B8AE-3FBCA8D9E10E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{438AE6F0-5DD7-4367-91AD-D93805C31C08}] => (Allow) D:\SteamLibrary\steamapps\common\Hollow Knight\hollow_knight.exe () [File not signed]
FirewallRules: [{F9E07F44-D1D5-490D-A26D-5EF899558ABC}] => (Allow) D:\SteamLibrary\steamapps\common\Hollow Knight\hollow_knight.exe () [File not signed]
FirewallRules: [TCP Query User{3F4A2668-06DD-41A4-B5AF-20F5860530DD}C:\program files (x86)\tp-link\tp-link plc utility\plcu.exe] => (Allow) C:\program files (x86)\tp-link\tp-link plc utility\plcu.exe => No File
FirewallRules: [UDP Query User{A61A5094-CBCE-4002-99A6-DFCF5BB6DD48}C:\program files (x86)\tp-link\tp-link plc utility\plcu.exe] => (Allow) C:\program files (x86)\tp-link\tp-link plc utility\plcu.exe => No File
FirewallRules: [{5CA2BC43-98BF-462F-AADF-DE0AE5210CC2}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{7124117D-B6DE-40A4-A372-E6701EA6AFFE}D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [UDP Query User{CE094F67-C96D-4399-B207-14C796437F8E}D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [{AFC61512-A706-43A6-8994-2316D89083D0}] => (Allow) D:\OriginLibrary\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{9D5975D6-0401-4B32-83AA-99F8BDC2D475}] => (Allow) D:\OriginLibrary\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{7301FD69-0D6D-4B7A-A3C5-2C3D6A5A6703}] => (Allow) D:\OriginLibrary\STAR WARS Battlefront II\starwarsbattlefrontii.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{F61294EE-DD20-45DD-AB8F-E99F325B17E9}] => (Allow) D:\OriginLibrary\STAR WARS Battlefront II\starwarsbattlefrontii.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{8DE05D07-4B21-4E7D-B6BF-D92891660650}] => (Allow) C:\Program Files\Cold Turkey\Cold Turkey Blocker.exe (Cold Turkey Software, Inc. -> Cold Turkey Software Inc.)
FirewallRules: [{445BDBA8-C704-47E1-9D51-39F7E7BC07C5}] => (Allow) C:\Program Files\Cold Turkey\Cold Turkey Blocker.exe (Cold Turkey Software, Inc. -> Cold Turkey Software Inc.)
FirewallRules: [{8BCDBD85-3201-40F7-84CB-08AC6871BF56}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [{D03F056E-E411-49B0-9E08-382AC54F1D8A}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe (Plex, Inc. -> Python Software Foundation)
FirewallRules: [{6343A0F3-8581-4E78-B163-60604BF38CF6}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [{2CEF015F-4598-40CA-BA41-702E14325BA2}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe (Plex, Inc. -> )
FirewallRules: [{CD5C2FBD-864C-442B-85CB-50B1F3EACA66}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/25/2021 11:54:14 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-01-25T08:52:14Z. Error Code: 0x80070002.

Error: (01/25/2021 11:53:44 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-01-25T08:51:44Z. Error Code: 0x80070002.

Error: (01/25/2021 11:53:14 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-01-25T08:52:14Z. Error Code: 0x80070002.

Error: (01/25/2021 11:52:44 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-01-25T08:51:44Z. Error Code: 0x80070002.

Error: (01/25/2021 11:52:14 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-01-25T08:52:14Z. Error Code: 0x80070002.

Error: (01/25/2021 11:51:44 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-01-25T08:51:44Z. Error Code: 0x80070002.

Error: (01/25/2021 11:51:14 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-01-25T08:52:14Z. Error Code: 0x80070002.

Error: (01/25/2021 11:50:44 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-01-25T08:51:44Z. Error Code: 0x80070002.


System errors:
=============
Error: (01/25/2021 07:06:25 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelIHVRouter08.dll

Error: (01/25/2021 07:06:25 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelIHVRouter08.dll

Error: (01/24/2021 09:46:30 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelIHVRouter08.dll

Error: (01/24/2021 09:46:29 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelIHVRouter08.dll

Error: (01/24/2021 09:46:29 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelIHVRouter08.dll

Error: (01/24/2021 09:46:27 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelIHVRouter08.dll

Error: (01/24/2021 09:46:26 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelIHVRouter08.dll

Error: (01/24/2021 07:10:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Epic Online Services service terminated unexpectedly. It has done this 1 time(s).


Windows Defender:
===================================
Date: 2021-01-20 09:30:02.5710000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {ACC5F2B3-B00C-478D-A291-D9A28D85F5ED}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-19 10:04:26.6460000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {AB40B445-6CC2-4D1E-8F04-1E2DD3D5042A}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-17 09:10:26.9690000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {C24E8599-FAA4-4C9D-B221-D350EC0AAE07}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-16 09:08:17.4710000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {D289753A-EFF4-4CFC-8FAB-0CA89AD70978}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-15 09:32:21.9780000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {7DD587C2-D05C-4325-8C36-59D4A51F0C05}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-15 19:37:57.3500000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.2223.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070422
Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Date: 2021-01-08 20:25:17.8380000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.1856.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070422
Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Date: 2021-01-08 15:27:25.7810000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.1856.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070422
Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Date: 2021-01-04 17:29:30.7480000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.1624.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070422
Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Date: 2020-12-31 17:00:07.0980000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.1388.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070422
Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

CodeIntegrity:
===================================

Date: 2021-01-25 07:26:26.9260000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume6\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-25 07:26:26.9160000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume6\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-25 07:26:26.9060000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume6\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-25 07:26:26.8950000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume6\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-25 07:26:26.8820000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume6\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-25 07:26:13.5330000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume6\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-25 07:26:13.5190000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume6\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-25 07:26:13.5080000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume6\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

BIOS: Insyde Corp. V1.12 07/28/2020
Motherboard: CFL Covini_CFS
Processor: Intel(R) Core(TM) i7-9750H CPU @ 2.60GHz
Percentage of memory in use: 48%
Total physical RAM: 16223.24 MB
Available physical RAM: 8306.45 MB
Total Virtual: 17247.24 MB
Available Virtual: 6947.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:237.94 GB) (Free:38.33 GB) NTFS
Drive d: () (Fixed) (Total:930.88 GB) (Free:458.68 GB) NTFS

\\?\Volume{90bd557f-eeda-40df-98c9-c824fee5f592}\ (Recovery) (Fixed) (Total:0.52 GB) (Free:0.5 GB) NTFS
\\?\Volume{98cfbf4c-e03e-4864-80a9-3d9498080616}\ () (Fixed) (Total:0.52 GB) (Free:0.07 GB) NTFS
\\?\Volume{7291a17b-e9c8-4205-9de3-6c4c29d9a227}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
\\?\Volume{52e5fb0b-a7aa-11ea-b395-50e085ba1633}\ (Box) (Network) (Total:237.94 GB) (Free:38.33 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: AC8C3942)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 238.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================
 

Broni

Posts: 55,721   +501
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    8.3 KB · Views: 11

TDMoor

Posts: 36   +0
Fix result of Farbar Recovery Scan Tool (x64) Version: 24-01-2021 01
Ran by Predator (25-01-2021 15:16:41) Run:1
Running from C:\Users\Predator\OneDrive\Desktop
Loaded Profiles: Predator
Boot Mode: Normal
==============================================

fixlist content:
*****************
GroupPolicy\User: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
RemoveProxy:
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
S1 amsdk; \??\C:\WINDOWS\system32\drivers\amsdk.sys [X]
S3 cpuz148; \??\C:\WINDOWS\temp\cpuz148\cpuz148_x64.sys [X]
S3 semav6msr64; \??\C:\WINDOWS\system32\drivers\semav6msr64.sys [X]
2020-07-30 21:11 - 2021-01-21 20:18 - 000007586 _____ () C:\Users\Predator\AppData\Local\Resmon.ResmonCfg
CustomCLSID: HKU\S-1-5-21-1889391155-3959138193-832358570-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Predator\AppData\Local\Microsoft\OneDrive\20.064.0329.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1889391155-3959138193-832358570-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> "C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-1889391155-3959138193-832358570-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Predator\AppData\Local\Microsoft\OneDrive\20.064.0329.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1889391155-3959138193-832358570-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Predator\AppData\Local\Microsoft\OneDrive\20.064.0329.0008\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
BHO: No Name -> {E0B5A2AD-5A60-43C1-8657-B6E698942300}' -> No File
BHO-x32: No Name -> {E0B5A2AD-5A60-43C1-8657-B6E698942300}' -> No File
FirewallRules: [UDP Query User{30607531-800C-4832-8643-5BD7E0ECA1B2}C:\users\predator\downloads\apollo\gods unchained\standalonewindows64\gods.exe] => (Allow) C:\users\predator\downloads\apollo\gods unchained\standalonewindows64\gods.exe => No File
FirewallRules: [TCP Query User{B39F257D-BF6D-4B24-BFA5-41FAF02C2574}C:\users\predator\downloads\apollo\gods unchained\standalonewindows64\gods.exe] => (Allow) C:\users\predator\downloads\apollo\gods unchained\standalonewindows64\gods.exe => No File
FirewallRules: [{749AB571-3E65-4684-A86C-58DB274EEFF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe => No File
FirewallRules: [{BDA5AEA6-A1F2-4D8B-B20B-5AF587A6C684}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe => No File
FirewallRules: [{BD6B02E7-F128-4360-8EFD-DF84824B7ACE}] => (Block) C:\users\predator\appdata\local\programs\upwork\upwork.exe => No File
FirewallRules: [{6520F244-37BF-49F2-91FB-1E73FE0238E6}] => (Block) C:\users\predator\appdata\local\programs\upwork\upwork.exe => No File
FirewallRules: [{FA92D2B3-EDA5-479C-900C-43E5B2133B3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe => No File
FirewallRules: [{D5991069-3FAA-4819-BCF3-53865FC9DF95}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe => No File
FirewallRules: [{6A6272F0-EFE0-4BA1-9FBA-3FF393B25803}] => (Block) C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe => No File
FirewallRules: [{26F0DDC5-E644-4AD8-AE56-233088842827}] => (Block) C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe => No File
FirewallRules: [UDP Query User{52243E87-4240-4D88-9FA3-434EFAD0602E}C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe => No File
FirewallRules: [TCP Query User{D9A9D9CF-1D2E-4205-B302-BE3C8EC5EBB9}C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe => No File
FirewallRules: [{E108D91D-4C0B-428B-B4A3-3F9EA8FBDB1C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{1EC9F616-CABC-4E36-BEB6-A36C4074C4BC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [UDP Query User{9EB0445A-D44A-4B17-991C-6B469F5AF9A4}C:\games\world_of_tanks_eu\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_eu\win64\worldoftanks.exe => No File
FirewallRules: [TCP Query User{AC2CD6DE-E315-4121-8B4C-67B684AF8AEB}C:\games\world_of_tanks_eu\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_eu\win64\worldoftanks.exe => No File
FirewallRules: [TCP Query User{4267FEDD-B5B9-40FF-83D9-C6EFD022B690}C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe => No File
FirewallRules: [UDP Query User{1E0B71AD-47C9-46A4-A05D-5A4C1D8F3358}C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe => No File
FirewallRules: [TCP Query User{E71AF805-F8B1-42F3-90B5-E5321E8450DB}C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe => No File
FirewallRules: [UDP Query User{FB78546C-7820-4976-82E0-2FAE75FC25C8}C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe => No File
FirewallRules: [{4A94D10A-4287-4C85-A6AE-BA4AE816A2F7}] => (Allow) C:\Users\Predator\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{858743D4-4B72-4BEF-A533-73AD889F2724}] => (Allow) C:\Users\Predator\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{B365C743-5FC8-46FF-883C-20C8B41BD82D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe => No File
FirewallRules: [{48C1483B-ACBD-44A9-ADD1-429BD2DD7294}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe => No File
FirewallRules: [{C60A52D3-9D64-4464-B3B5-EAA9B587EA09}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings III\launcher\dowser.exe => No File
FirewallRules: [{4F7B4150-B6B5-42C3-8D34-58185A1AFF92}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings III\launcher\dowser.exe => No File
FirewallRules: [TCP Query User{3F4A2668-06DD-41A4-B5AF-20F5860530DD}C:\program files (x86)\tp-link\tp-link plc utility\plcu.exe] => (Allow) C:\program files (x86)\tp-link\tp-link plc utility\plcu.exe => No File
FirewallRules: [UDP Query User{A61A5094-CBCE-4002-99A6-DFCF5BB6DD48}C:\program files (x86)\tp-link\tp-link plc utility\plcu.exe] => (Allow) C:\program files (x86)\tp-link\tp-link plc utility\plcu.exe => No File


*****************

C:\WINDOWS\system32\GroupPolicy\User => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
HKLM\SOFTWARE\Policies\Google => removed successfully

========= RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-1889391155-3959138193-832358570-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1889391155-3959138193-832358570-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========

"HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser" => not found
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => not found
HKLM\System\CurrentControlSet\Services\amsdk => removed successfully
amsdk => service removed successfully
HKLM\System\CurrentControlSet\Services\cpuz148 => removed successfully
cpuz148 => service removed successfully
HKLM\System\CurrentControlSet\Services\semav6msr64 => removed successfully
semav6msr64 => service removed successfully
C:\Users\Predator\AppData\Local\Resmon.ResmonCfg => moved successfully
HKU\S-1-5-21-1889391155-3959138193-832358570-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => removed successfully
HKU\S-1-5-21-1889391155-3959138193-832358570-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145} => removed successfully
HKU\S-1-5-21-1889391155-3959138193-832358570-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => removed successfully
HKU\S-1-5-21-1889391155-3959138193-832358570-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0B5A2AD-5A60-43C1-8657-B6E698942300}' => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0B5A2AD-5A60-43C1-8657-B6E698942300}' => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{30607531-800C-4832-8643-5BD7E0ECA1B2}C:\users\predator\downloads\apollo\gods unchained\standalonewindows64\gods.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B39F257D-BF6D-4B24-BFA5-41FAF02C2574}C:\users\predator\downloads\apollo\gods unchained\standalonewindows64\gods.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{749AB571-3E65-4684-A86C-58DB274EEFF9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BDA5AEA6-A1F2-4D8B-B20B-5AF587A6C684}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BD6B02E7-F128-4360-8EFD-DF84824B7ACE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6520F244-37BF-49F2-91FB-1E73FE0238E6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FA92D2B3-EDA5-479C-900C-43E5B2133B3B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D5991069-3FAA-4819-BCF3-53865FC9DF95}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6A6272F0-EFE0-4BA1-9FBA-3FF393B25803}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{26F0DDC5-E644-4AD8-AE56-233088842827}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{52243E87-4240-4D88-9FA3-434EFAD0602E}C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D9A9D9CF-1D2E-4205-B302-BE3C8EC5EBB9}C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E108D91D-4C0B-428B-B4A3-3F9EA8FBDB1C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1EC9F616-CABC-4E36-BEB6-A36C4074C4BC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9EB0445A-D44A-4B17-991C-6B469F5AF9A4}C:\games\world_of_tanks_eu\win64\worldoftanks.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{AC2CD6DE-E315-4121-8B4C-67B684AF8AEB}C:\games\world_of_tanks_eu\win64\worldoftanks.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4267FEDD-B5B9-40FF-83D9-C6EFD022B690}C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{1E0B71AD-47C9-46A4-A05D-5A4C1D8F3358}C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E71AF805-F8B1-42F3-90B5-E5321E8450DB}C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{FB78546C-7820-4976-82E0-2FAE75FC25C8}C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4A94D10A-4287-4C85-A6AE-BA4AE816A2F7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{858743D4-4B72-4BEF-A533-73AD889F2724}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B365C743-5FC8-46FF-883C-20C8B41BD82D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{48C1483B-ACBD-44A9-ADD1-429BD2DD7294}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C60A52D3-9D64-4464-B3B5-EAA9B587EA09}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4F7B4150-B6B5-42C3-8D34-58185A1AFF92}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{3F4A2668-06DD-41A4-B5AF-20F5860530DD}C:\program files (x86)\tp-link\tp-link plc utility\plcu.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A61A5094-CBCE-4002-99A6-DFCF5BB6DD48}C:\program files (x86)\tp-link\tp-link plc utility\plcu.exe" => removed successfully


The system needed a reboot.

==== End of Fixlog 15:16:42 ====
 

TDMoor

Posts: 36   +0
Thank you for your help so far. The setup script is still automatically enabled to the malware whenever I use Google Chrome.
 

Broni

Posts: 55,721   +501
Make sure Chrome sync is OFF.

Then.....
Reset Chrome...
Click on "Customize and control Google Chrome":
p22003758.gif

Click "Settings" then "Show advanced settings" at the bottom of the screen.
Click "Reset browser settings" button.
Restart Chrome.

If the above didn't help....

Reinstall Chrome...
If you want to save your bookmarks...
How to Backup Bookmarks in Google Chrome
If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/
  • Close all Chrome windows and tabs.
  • Go to the Start menu > Control Panel. (Windows 8 users: Learn how to access the Control Panel)
  • Click Programs and Features.
  • Double-click Google Chrome.
  • Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, by selecting the "Also delete your browsing data" checkbox.
Install fresh copy.
 

TDMoor

Posts: 36   +0
Chrome Sync was off the whole time. Neither methods worked. I reset Chrome's browser setting and restarted Chrome, but the setup script turned back on right away. I uninstalled Chrome while deleting browser data and reinstalled it. The setup script came back right away.

As I was doing this, however, BitDefender noticed chrome.exe trying to make a suspicious connection. It has now tried to do this three times in the span of fifteen minutes. This hasn't happened before.

Malware.jpg

The setup script IP has also reappeared as an "AutoConfigURL" value in my regedit settings in these locations:

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings

Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iphlpsvc\Parameters\ProxyMgr\{8F6FC2A0-7BF6-421F-B744-A07B6C288205}

Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\ProxyMgr\{8F6FC2A0-7BF6-421F-B744-A07B6C288205}
 

Broni

Posts: 55,721   +501
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 

TDMoor

Posts: 36   +0
Okay, before I saw your message I had deleted all entries of 127. 0.0.1:86 in the registry editor. I had also run a BitDefender, RogueKiller, and Malwarebytes scan, all three of which were 100% clean. So that's good. Then I ran the FRST64 scan.

Perhaps also good to know is that, after I'd done the above, the setup script now no longer toggles, but the IP is still there. It's just grayed out. I also still get the "suspicious connection blocked" notification from BitDefender, exactly the same in the screenshot I posted above.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-01-2021 01
Ran by Predator (administrator) on PIXELATOR (Acer Predator PH315-52) (25-01-2021 21:47:16)
Running from C:\Users\Predator\OneDrive\Desktop
Loaded Profiles: Predator
Platform: Windows 10 Enterprise Version 20H2 19042.746 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adlice -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(Adlice -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\DiscoverySrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdntwrk.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe <3>
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdwtxag.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
(Box, Inc. -> Box, Inc.) C:\Program Files\Box\Box\Box.Desktop.UpdateService.exe
(Cold Turkey Software, Inc. -> ) C:\Program Files\Cold Turkey\ServiceHub.Helper.exe
(Cold Turkey Software, Inc. -> ) C:\Program Files\Cold Turkey\ServiceHub.Power.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Flexera Software LLC -> InstallShield Software Corporation) [File not signed] C:\Program Files (x86)\Common Files\installshield\engine\8\intel 32\iKernel.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_d52c63e0e1c02c96\jhi_service.exe
(Intel(R) Extreme Tuning Utility -> Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b578901fbed94a8e\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b578901fbed94a8e\igfxEM.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_3d18534d52d73f63\OneApp.IGCC.WinService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_6c4c2066b430f3ad\IntelCpHDCPSvc.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_6c4c2066b430f3ad\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_42f9d9bfb72d84cf\RstMwService.exe
(Intel(R) Trust Services -> Intel(R) Corporation) C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_e3f9b958faa255f1\lib\TPMProvisioningService.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\pacjsworker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvaci.inf_amd64_5691fa6e0332f879\Display.NvContainer\NVDisplay.Container.exe <2>
(Plex, Inc. -> Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(Rivet Networks LLC -> Rivet Networks LLC) C:\Windows\System32\drivers\RivetNetworks\Killer\xTendUtility.exe
(Rivet Networks LLC -> Rivet Networks) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe
(Rivet Networks LLC -> Rivet Networks, LLC.) C:\Windows\System32\drivers\RivetNetworks\Killer\xTendUtilityService.exe
(Rivet Networks LLC) C:\Program Files\WindowsApps\RivetNetworks.KillerControlCenter_2.1.2925.0_x64__rh07ty8m5nkag\KillerControlCenter_v2\KillerControlCenter.exe
(TEFINCOM S.A. -> TEFINCOM S.A.) C:\Program Files\NordVPN\nordvpn-service.exe
(Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo77ac.inf_amd64_b71853ad38306f1c\WavesSvc64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo77ac.inf_amd64_b71853ad38306f1c\WavesSysSvc64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1082592 2020-02-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo77ac.inf_amd64_b71853ad38306f1c\WavesSvc64.exe [1597528 2019-12-23] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [Box] => C:\Program Files\Box\Box\Box.exe [6387944 2020-12-21] (Box, Inc. -> Box, Inc.)
HKLM\...\Run: [cfmon] => C:\Windows\System32\ctfmon.exe [11264 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\MountPoints2: {0dafccc4-bf41-11ea-b3a1-50e085ba1633} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-18\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [21233264 2021-01-05] (Plex, Inc. -> Plex, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\88.0.4324.104\Installer\chrmstp.exe [2021-01-25] (Google LLC -> Google LLC)
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {11810E54-6E06-4D99-BACE-B4746BEB1B98} - System32\Tasks\Power_a17007 => C:\Program Files\Cold Turkey\CTServiceInstaller.exe [20224 2021-01-10] (Cold Turkey Software, Inc. -> Cold Turkey Software Inc.)
Task: {4ED77466-76A7-4A21-8142-2B6E739FD744} - System32\Tasks\Optimize Thumbnail Cache => C:\Program Files (x86)\Common Files\installshield\engine\8\intel 32\isupdate.exe [61104 2020-09-26] (Flexera Software LLC -> InstallShield®) [File not signed]
Task: {8D1C2012-6235-4F06-B028-A6C409DCB52B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-25] (Google LLC -> Google LLC)
Task: {A42B5245-B179-4D4B-9257-DDF3D85A210B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-25] (Google LLC -> Google LLC)
Task: {A6035921-0766-4EC2-908B-95C79185BB4E} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [895080 2020-10-28] (Bitdefender SRL -> Bitdefender)
Task: {AB949040-EA4A-412A-BCF5-736D5E5FDF87} - System32\Tasks\InstallShield® Setup Engine Kernel => C:\Program Files (x86)\Common Files\installshield\engine\8\intel 32\iKernel.exe [72880 2020-10-16] (Flexera Software LLC -> InstallShield Software Corporation) [File not signed]

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\Driver Easy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{90002c76-16bd-4c5f-bf9b-fa5571ee34eb}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{cf3f026a-e4fb-46f4-b342-96e9ddaa1fda}: [DhcpNameServer] 192.168.1.1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Predator\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-25]
Edge Extension: (Outlook) - C:\Users\Predator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2020-10-19]
Edge Extension: (Cold Turkey Blocker) - C:\Users\Predator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jfphahkinplobmabmgjmjgflbhjjddeb [2021-01-19]
Edge Extension: (Excel) - C:\Users\Predator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2020-10-19]
Edge Extension: (PowerPoint) - C:\Users\Predator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2020-10-19]

FireFox:
========
FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi [2020-07-16] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/wallet/updates.json ]
FF HKLM\...\Firefox\Extensions: [bdtbe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi
FF Extension: (Bitdefender Anti-tracker) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi [2020-09-17] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/antitracker/updates.json ]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2020-12-08] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
FF HKLM-x32\...\Firefox\Extensions: [bdtbe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-09-15] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-09-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default [2021-01-25]
CHR Extension: (Slides) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-01-25]
CHR Extension: (Docs) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-01-25]
CHR Extension: (Google Drive) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-01-25]
CHR Extension: (YouTube) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-01-25]
CHR Extension: (Adobe Acrobat) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-01-25]
CHR Extension: (Sheets) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-01-25]
CHR Extension: (Google Docs Offline) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-01-25]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2021-01-25]
CHR Extension: (Bitdefender Anti-tracker) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\khndhdhbebhaddchcgnalcjlaekbbeof [2021-01-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-25]
CHR Extension: (Gmail) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-25]
CHR Extension: (Chrome Media Router) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-25]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl]
CHR HKLM-x32\...\Chrome\Extension: [khndhdhbebhaddchcgnalcjlaekbbeof]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
R2 BDAuxSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [803576 2020-10-02] (Bitdefender SRL -> Bitdefender)
R2 BDProtSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [803576 2020-10-02] (Bitdefender SRL -> Bitdefender)
R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2195344 2018-03-22] (Bitdefender SRL -> Bitdefender)
R2 BoxUpdateSvc; C:\Program Files\Box\Box\Box.Desktop.UpdateService.exe [98000 2020-12-21] (Box, Inc. -> Box, Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8960384 2021-01-19] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2020-10-14] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [439880 2021-01-05] (Epic Games Inc. -> Epic Games, Inc.)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [287720 2020-10-19] (NVIDIA Corporation -> NVIDIA)
R2 Killer Network Service; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe [2616424 2019-06-17] (Rivet Networks LLC -> Rivet Networks)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-01-25] (Malwarebytes Inc -> Malwarebytes)
R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [275200 2020-10-16] (TEFINCOM S.A. -> TEFINCOM S.A.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2533952 2021-01-20] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3479112 2021-01-20] (Electronic Arts, Inc. -> Electronic Arts)
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [1427568 2021-01-05] (Plex, Inc. -> Plex, Inc.)
R2 Power_a17007; C:\Program Files\Cold Turkey\ServiceHub.Power.exe [111096 2020-11-13] (Cold Turkey Software, Inc. -> )
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1355768 2020-10-28] (Bitdefender SRL -> Bitdefender)
S3 PSSvc; C:\Program Files\Acer\PredatorSense Service\PSSvc.exe [979736 2019-10-09] (Acer Incorporated -> Acer Incorporated)
R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13686080 2021-01-13] (Adlice -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [170840 2020-11-13] (Bitdefender SRL -> Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [803576 2020-10-02] (Bitdefender SRL -> Bitdefender)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 xTendSoftAPService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\xTendSoftAPService.exe [72808 2019-06-17] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 xTendUtilityService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\xTendUtilityService.exe [72816 2019-06-17] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvaci.inf_amd64_5691fa6e0332f879\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvaci.inf_amd64_5691fa6e0332f879\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AcerAirplaneModeController; C:\WINDOWS\System32\drivers\AcerAirplaneModeController.sys [30168 2020-05-12] (Acer Incorporated -> Acer Incorporated)
R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [2151624 2020-09-16] (Bitdefender SRL -> Bitdefender S.R.L. Bucharest, ROMANIA)
R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [796200 2020-05-26] (Bitdefender SRL -> Bitdefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [22960 2019-03-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
R0 bdprivmon; C:\WINDOWS\System32\DRIVERS\bdprivmon.sys [46056 2020-01-17] (Bitdefender SRL -> © Bitdefender SRL)
R1 cbfsconnect2017; C:\Windows\system32\drivers\cbfsconnect2017.sys [480272 2019-10-07] (Microsoft Windows Hardware Compatibility Publisher -> Callback Technologies, Inc.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2021-01-25] (Malwarebytes Corporation -> Malwarebytes)
R0 Gemma; C:\WINDOWS\System32\DRIVERS\gemma.sys [473608 2020-09-14] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [195232 2020-09-03] (Bitdefender SRL -> BitDefender LLC)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [57728 2021-01-21] (SurfRight B.V. -> )
R2 Ignis; C:\WINDOWS\system32\DRIVERS\ignis.sys [185312 2020-10-07] (Bitdefender SRL -> Bitdefender)
R3 KfeCoSvc; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KfeCo10X64.sys [162432 2019-06-17] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220160 2021-01-25] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-01-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [197792 2021-01-25] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-01-25] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-01-25] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [141472 2021-01-25] (Malwarebytes Inc -> Malwarebytes)
S2 NDivert; C:\WINDOWS\System32\drivers\NDivert.sys [101600 2020-12-29] (TEFINCOM S.A. -> )
R3 nlwt; C:\WINDOWS\System32\drivers\nlwt.sys [39360 2020-10-25] (TEFINCOM S.A. -> WireGuard LLC)
R1 nordlwf; C:\WINDOWS\system32\DRIVERS\nordlwf.sys [38608 2020-07-10] (TEFINCOM S.A. -> TEFINCOM S.A.)
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [38032 2021-01-25] (Adlice -> )
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [640760 2020-06-09] (Bitdefender SRL -> Bitdefender)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
 

TDMoor

Posts: 36   +0
==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-25 21:47 - 2021-01-25 21:47 - 000000000 ____D C:\Users\Predator\AppData\LocalLow\IGDump
2021-01-25 16:04 - 2021-01-25 16:04 - 000002319 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-25 16:03 - 2021-01-25 16:03 - 001321688 _____ (Google LLC) C:\Users\Predator\Downloads\ChromeSetup.exe
2021-01-25 16:03 - 2021-01-25 16:03 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-01-25 16:03 - 2021-01-25 16:03 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-01-25 16:03 - 2021-01-25 16:03 - 000000000 ____D C:\Program Files\Google
2021-01-25 15:17 - 2021-01-25 15:17 - 000197792 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-01-25 15:17 - 2021-01-25 15:17 - 000141472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-01-25 15:17 - 2021-01-25 15:17 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-01-25 15:17 - 2021-01-25 15:17 - 000000008 __RSH C:\ProgramData\ntuser.pol
2021-01-25 15:17 - 2021-01-25 15:17 - 000000000 ____D C:\ProgramData\Atc
2021-01-25 07:24 - 2021-01-25 07:24 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-01-25 07:24 - 2021-01-25 07:24 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-01-25 07:24 - 2021-01-25 07:24 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-01-25 07:24 - 2021-01-25 07:24 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-01-25 07:24 - 2021-01-25 07:24 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-01-25 07:24 - 2021-01-25 07:24 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-01-25 07:23 - 2021-01-25 07:23 - 000085636 _____ C:\ProgramData\agent.update.1611544978.bdinstall.v2.bin
2021-01-25 07:23 - 2021-01-25 07:23 - 000000000 ____D C:\Program Files\Malwarebytes
2021-01-25 07:12 - 2021-01-25 07:12 - 000000000 ____D C:\ProgramData\48C4687D-9760-4F5B-BAB3-60351B0841E4
2021-01-25 07:11 - 2021-01-25 15:17 - 000038032 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2021-01-25 07:11 - 2021-01-25 07:16 - 000000000 ____D C:\ProgramData\RogueKiller
2021-01-25 07:11 - 2021-01-25 07:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2021-01-25 07:11 - 2021-01-25 07:11 - 000000000 ____D C:\Program Files\RogueKiller
2021-01-24 13:48 - 2021-01-25 21:47 - 000000000 ____D C:\FRST
2021-01-24 12:53 - 2021-01-24 12:53 - 000003802 _____ C:\WINDOWS\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2021-01-24 12:53 - 2021-01-24 12:53 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-24 12:53 - 2021-01-24 12:53 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-01-24 12:51 - 2021-01-24 12:51 - 000003866 _____ C:\WINDOWS\system32\Tasks\Power_a17007
2021-01-24 12:50 - 2021-01-24 12:50 - 000003430 _____ C:\WINDOWS\system32\Tasks\InstallShield® Setup Engine Kernel
2021-01-21 16:43 - 2021-01-23 12:03 - 000029734 _____ C:\Users\Predator\.babel.json
2021-01-21 16:08 - 2021-01-21 16:08 - 000000000 ____D C:\Users\Predator\AppData\Local\node-gyp
2021-01-21 15:49 - 2021-01-21 15:49 - 000000290 _____ C:\Users\Predator\.gitconfig
2021-01-21 15:49 - 2021-01-21 15:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
2021-01-21 15:49 - 2021-01-21 15:49 - 000000000 ____D C:\Program Files\Git
2021-01-21 15:38 - 2021-01-23 11:15 - 000000000 ____D C:\Users\Predator\AppData\Roaming\npm-cache
2021-01-21 15:38 - 2021-01-21 15:38 - 000000000 ____D C:\Users\Predator\.config
2021-01-21 15:37 - 2021-01-21 15:37 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Ganache
2021-01-21 15:26 - 2021-01-21 15:26 - 000000000 ____D C:\Users\Predator\AppData\Local\Package Cache
2021-01-21 15:26 - 2021-01-21 15:26 - 000000000 ____D C:\Python39
2021-01-21 15:26 - 2021-01-21 15:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.9
2021-01-21 15:25 - 2021-01-21 15:25 - 000000000 ____D C:\Users\Predator\AppData\Roaming\NuGet
2021-01-21 15:24 - 2021-01-21 15:38 - 000000000 ____D C:\Users\Predator\AppData\Roaming\npm
2021-01-21 15:24 - 2021-01-21 15:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js
2021-01-21 15:24 - 2021-01-21 15:24 - 000000000 ____D C:\Program Files\nodejs
2021-01-21 12:13 - 2021-01-21 12:13 - 000000312 _____ C:\WINDOWS\system32\.crusader
2021-01-21 12:10 - 2021-01-21 12:14 - 000057728 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2021-01-21 11:48 - 2021-01-21 12:30 - 000064959 _____ C:\WINDOWS\ZAM.krnl.trace
2021-01-21 11:48 - 2021-01-21 12:30 - 000000000 ____D C:\Users\Predator\AppData\Local\AMSDK
2021-01-21 11:48 - 2021-01-21 11:48 - 000000000 ____D C:\Users\Predator\AppData\Local\Zemana
2021-01-21 11:10 - 2021-01-21 11:12 - 000000000 ____D C:\AdwCleaner
2021-01-21 10:54 - 2021-01-21 11:04 - 000477624 _____ C:\WINDOWS\ntbtlog.txt
2021-01-21 10:54 - 2021-01-21 10:54 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2021-01-21 10:49 - 2021-01-21 10:49 - 000099608 _____ C:\ProgramData\vpn.uninstall.1611211736.bdinstall.v2.bin
2021-01-21 08:17 - 2021-01-21 08:17 - 000196800 _____ C:\ProgramData\vpn.1611202658.bdinstall.v2.bin
2021-01-21 08:10 - 2021-01-25 07:24 - 000220160 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-01-21 08:10 - 2021-01-21 08:19 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2021-01-21 08:10 - 2021-01-21 08:10 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\4524E26C.sys
2021-01-21 08:10 - 2021-01-21 08:10 - 000000000 ____D C:\Program Files (x86)\Malwarebytes
2021-01-21 08:09 - 2021-01-21 08:09 - 000765208 _____ C:\ProgramData\cl.1611201876.bdinstall.v2.bin
2021-01-21 08:09 - 2021-01-21 08:09 - 000102248 _____ C:\ProgramData\cl.kit.1611201875.bdinstall.v2.bin
2021-01-21 08:09 - 2021-01-21 08:09 - 000000000 ____D C:\WINDOWS\system32\elambkup
2021-01-21 08:09 - 2021-01-21 08:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender Security
2021-01-21 08:09 - 2021-01-21 08:09 - 000000000 ____D C:\ProgramData\Gemma
2021-01-21 08:09 - 2021-01-21 08:09 - 000000000 ____D C:\ProgramData\BDLogging
2021-01-21 08:09 - 2020-09-16 13:26 - 002151624 _____ (Bitdefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\atc.sys
2021-01-21 08:09 - 2020-09-14 14:26 - 000473608 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\gemma.sys
2021-01-21 08:09 - 2020-05-26 13:23 - 000796200 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bddci.sys
2021-01-21 08:09 - 2020-01-17 02:03 - 000046056 _____ (© Bitdefender SRL) C:\WINDOWS\system32\Drivers\bdprivmon.sys
2021-01-21 08:09 - 2019-03-21 00:12 - 000022960 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
2021-01-21 08:08 - 2021-01-21 10:54 - 000000000 ____D C:\Program Files\Bitdefender
2021-01-21 08:08 - 2021-01-21 09:14 - 000000000 ____D C:\ProgramData\Bitdefender
2021-01-21 08:08 - 2021-01-21 08:08 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Bitdefender
2021-01-21 08:08 - 2020-10-07 11:30 - 000185312 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\ignis.sys
2021-01-21 08:08 - 2020-09-03 05:20 - 000195232 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2021-01-21 08:08 - 2020-06-09 17:13 - 000640760 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\trufos.sys
2021-01-21 08:04 - 2021-01-21 08:08 - 000000000 ____D C:\Program Files\Common Files\Bitdefender
2021-01-21 07:55 - 2021-01-25 07:23 - 000000000 ____D C:\Program Files\Bitdefender Agent
2021-01-21 07:55 - 2021-01-21 07:55 - 000117564 _____ C:\ProgramData\agent.1611201317.bdinstall.v2.bin
2021-01-21 07:55 - 2021-01-21 07:55 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2021-01-21 07:51 - 2021-01-21 07:51 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000025-000000.txt
2021-01-21 07:48 - 2021-01-21 08:10 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-01-20 22:21 - 2021-01-20 22:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2021-01-20 14:45 - 2021-01-20 14:45 - 000001425 _____ C:\WINDOWS\system32\default_error_stack-000024-000000.txt
2021-01-20 14:45 - 2021-01-20 14:45 - 000000000 ____D C:\WINDOWS\Panther
2021-01-19 08:10 - 2021-01-25 21:49 - 000000000 ____D C:\ProgramData\Cold Turkey
2021-01-19 08:10 - 2021-01-19 08:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cold Turkey Software
2021-01-19 08:10 - 2021-01-19 08:10 - 000000000 ____D C:\Program Files\Cold Turkey
2021-01-18 07:29 - 2021-01-18 07:29 - 000001425 _____ C:\WINDOWS\system32\default_error_stack-000023-000000.txt
2021-01-18 07:08 - 2021-01-18 07:10 - 000000000 ____D C:\Users\Predator\OneDrive\Documents\STAR WARS Battlefront II
2021-01-18 07:08 - 2021-01-18 07:08 - 000000000 ____D C:\Users\Predator\AppData\Local\STAR WARS Battlefront II
2021-01-13 13:25 - 2021-01-13 13:25 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000022-000000.txt
2021-01-13 12:53 - 2021-01-13 12:53 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 001162240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-01-13 12:53 - 2021-01-13 12:53 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-13 12:53 - 2021-01-13 12:53 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-13 12:53 - 2021-01-13 12:53 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-13 12:53 - 2021-01-13 12:53 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-13 12:53 - 2021-01-13 12:53 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000467968 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-13 12:53 - 2021-01-13 12:53 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-13 12:53 - 2021-01-13 12:53 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-13 12:53 - 2021-01-13 12:53 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-13 12:53 - 2021-01-13 12:53 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-01-13 12:53 - 2021-01-13 12:53 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-01-13 12:53 - 2021-01-13 12:53 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-13 12:53 - 2021-01-13 12:53 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-13 12:53 - 2021-01-13 12:53 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-13 12:53 - 2021-01-13 12:53 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000010894 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-01-13 12:52 - 2021-01-13 12:52 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-13 12:52 - 2021-01-13 12:52 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-01-13 12:52 - 2021-01-13 12:52 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-01-13 12:52 - 2021-01-13 12:52 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-01-08 20:11 - 2021-01-04 18:49 - 001855192 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-01-08 20:11 - 2021-01-04 18:49 - 001855192 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-01-08 20:11 - 2021-01-04 18:49 - 001435864 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-01-08 20:11 - 2021-01-04 18:49 - 001435864 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-01-08 20:11 - 2021-01-04 18:49 - 000948952 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-01-08 20:11 - 2021-01-04 18:49 - 000948952 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-01-08 20:11 - 2021-01-04 18:48 - 001454488 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-01-08 20:11 - 2021-01-04 18:48 - 001193880 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-01-08 20:11 - 2021-01-04 18:48 - 001094880 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-01-08 20:11 - 2021-01-04 18:48 - 001094880 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 001512856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 001165720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 000690072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2021-01-08 20:11 - 2021-01-04 18:46 - 000680856 _____ C:\WINDOWS\system32\nvofapi64.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 000673688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 000610712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 000559000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 000548248 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 008262552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 007393176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 004612504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 002731928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 002104216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 001589144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 000813976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 000657816 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 000447384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2021-01-08 20:11 - 2021-01-04 18:44 - 000850840 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2021-01-08 20:11 - 2021-01-04 18:43 - 006071032 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2021-01-08 20:11 - 2020-12-31 18:01 - 000084159 _____ C:\WINDOWS\system32\nvinfo.pb
2021-01-08 15:16 - 2021-01-08 15:16 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000021-000000.txt
2021-01-08 14:53 - 2021-01-19 07:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-Link
2021-01-08 14:53 - 2021-01-19 07:51 - 000000000 ____D C:\Program Files (x86)\TP-Link
2021-01-08 14:53 - 2021-01-08 15:29 - 000000000 ____D C:\Users\Predator\AppData\Roaming\tpPLC
2021-01-08 14:53 - 2021-01-08 14:53 - 000000000 ____D C:\Users\Predator\AppData\Local\Downloaded Installations
2021-01-07 10:41 - 2020-12-29 17:02 - 000101600 _____ C:\WINDOWS\system32\Drivers\NDivert.sys
2021-01-05 15:55 - 2021-01-05 15:55 - 000000000 ____D C:\Users\Predator\AppData\LocalLow\Team Cherry
2020-12-29 08:57 - 2020-12-29 08:57 - 000001781 _____ C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MaxxAudio by Waves – Speaker Audio Control and Nx 3D Sound.lnk
2020-12-29 08:50 - 2020-12-29 08:50 - 000000000 ____D C:\WINDOWS\Firmware
2020-12-27 19:47 - 2021-01-13 20:29 - 000000000 ____D C:\Users\Predator\AppData\Local\ElevatedDiagnostics

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-25 21:37 - 2020-06-01 11:27 - 000000000 ____D C:\Program Files (x86)\Steam
2021-01-25 21:34 - 2020-06-25 16:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-01-25 20:22 - 2019-12-07 13:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-01-25 19:41 - 2020-11-08 18:28 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Origin
2021-01-25 19:41 - 2020-11-08 18:28 - 000000000 ____D C:\ProgramData\Origin
2021-01-25 19:23 - 2020-11-09 21:11 - 000000000 ____D C:\Program Files (x86)\Origin Games
2021-01-25 19:23 - 2020-11-08 18:28 - 000000000 ____D C:\Users\Predator\AppData\Local\Origin
2021-01-25 18:52 - 2019-12-07 13:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-25 18:49 - 2020-06-25 15:38 - 000000000 ____D C:\Users\Predator
2021-01-25 18:00 - 2020-11-02 17:19 - 000000000 ____D C:\Users\Predator\AppData\Local\Plex Media Server
2021-01-25 16:04 - 2020-05-27 22:20 - 000000000 ____D C:\Users\Predator\AppData\Local\Google
2021-01-25 16:03 - 2020-05-27 22:20 - 000000000 ____D C:\Program Files (x86)\Google
2021-01-25 16:02 - 2020-06-23 15:07 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Code
2021-01-25 15:24 - 2020-06-25 16:43 - 001755600 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-01-25 15:24 - 2020-06-25 15:29 - 000778836 _____ C:\WINDOWS\system32\perfh019.dat
2021-01-25 15:24 - 2020-06-25 15:29 - 000157542 _____ C:\WINDOWS\system32\perfc019.dat
2021-01-25 15:24 - 2019-12-07 13:13 - 000000000 ____D C:\WINDOWS\INF
2021-01-25 15:18 - 2020-06-06 08:03 - 000001302 _____ C:\Users\Predator\Desktop\Box.lnk
2021-01-25 15:17 - 2020-06-25 16:43 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-25 15:17 - 2020-06-25 16:39 - 000008192 ___SH C:\DumpStack.log.tmp
2021-01-25 15:17 - 2020-05-29 00:50 - 000000000 ____D C:\ProgramData\NVIDIA
2021-01-25 15:17 - 2020-05-27 22:23 - 000000000 __SHD C:\Users\Predator\IntelGraphicsProfiles
2021-01-25 15:17 - 2020-05-27 22:23 - 000000000 ____D C:\Intel
2021-01-25 15:17 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-01-25 15:17 - 2019-12-07 13:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-01-25 15:16 - 2019-03-19 08:52 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-01-25 15:15 - 2020-06-01 11:23 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Slack
2021-01-25 15:05 - 2020-08-25 16:45 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Dabble
2021-01-25 07:24 - 2020-06-08 07:24 - 000000000 ____D C:\Users\Predator\AppData\Local\CrashDumps
2021-01-25 07:24 - 2019-12-07 13:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-01-24 17:20 - 2020-08-16 15:48 - 000000000 ____D C:\Users\Predator\AppData\Local\BitTorrentHelper
2021-01-24 17:20 - 2020-08-16 15:47 - 000000000 ____D C:\Users\Predator\AppData\Roaming\uTorrent Web
2021-01-24 16:30 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-01-24 16:20 - 2020-05-28 00:18 - 000000000 ____D C:\Users\Predator\AppData\Local\Packages
2021-01-24 16:20 - 2020-05-27 22:25 - 000000000 ____D C:\ProgramData\Packages
2021-01-24 16:20 - 2020-05-27 22:20 - 000000000 ____D C:\Users\Predator\AppData\Local\PlaceholderTileLogoFolder
2021-01-24 16:20 - 2019-12-07 13:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-24 12:50 - 2020-12-23 20:14 - 000003790 _____ C:\WINDOWS\system32\Tasks\Optimize Thumbnail Cache
2021-01-24 12:18 - 2020-06-01 10:12 - 000000000 ____D C:\Program Files\Microsoft Office
2021-01-24 07:06 - 2020-09-03 22:16 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-24 07:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-01-22 08:33 - 2020-11-08 18:30 - 000000000 ____D C:\Program Files (x86)\Origin
2021-01-22 07:12 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-01-21 19:26 - 2020-07-09 08:40 - 000000000 ____D C:\Users\Predator\AppData\Roaming\obs-studio
2021-01-21 15:43 - 2020-06-23 15:07 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Studio Code
2021-01-21 15:39 - 2020-08-24 13:26 - 000000000 ____D C:\ProgramData\chocolatey
2021-01-21 15:26 - 2020-05-29 00:31 - 000000000 ____D C:\ProgramData\Package Cache
2021-01-21 11:12 - 2020-05-29 00:44 - 000000000 ____D C:\ProgramData\Acer
2021-01-21 10:48 - 2020-06-25 16:39 - 000312784 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-01-21 08:20 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2021-01-21 08:20 - 2019-12-07 13:14 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2021-01-21 08:05 - 2020-06-25 15:27 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-01-21 08:00 - 2020-05-27 22:24 - 000000000 ____D C:\Users\Predator\AppData\Local\D3DSCache
2021-01-20 22:16 - 2020-08-16 15:47 - 000001919 _____ C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent Web.lnk
2021-01-19 08:15 - 2020-06-23 10:15 - 000000000 ____D C:\Users\Predator\AppData\Roaming\immutable-launcher
2021-01-18 08:19 - 2020-12-15 07:13 - 000000000 ____D C:\Program Files (x86)\Epic Games
2021-01-18 08:15 - 2020-05-29 00:33 - 000000000 ____D C:\Program Files (x86)\Intel
2021-01-17 21:59 - 2020-11-09 23:31 - 000000000 ___HD C:\Program Files\Common Files\EAInstaller
2021-01-13 13:25 - 2020-06-25 21:29 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-01-13 13:25 - 2019-12-07 18:48 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-13 13:25 - 2019-12-07 18:48 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-13 13:25 - 2019-12-07 18:44 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\IME
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-13 12:55 - 2019-12-07 13:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-01-13 12:52 - 2020-06-25 16:43 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-01-13 07:09 - 2020-05-27 22:38 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-01-13 07:08 - 2020-05-27 22:38 - 135062968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-01-12 20:58 - 2020-07-09 09:41 - 000000000 ____D C:\Users\Predator\AppData\Roaming\vlc
2021-01-12 07:25 - 2020-06-01 11:23 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies Inc
2021-01-12 07:25 - 2020-06-01 11:23 - 000000000 ____D C:\Users\Predator\AppData\Local\slack
2021-01-12 07:24 - 2020-05-27 22:41 - 000000000 ____D C:\Users\Predator\AppData\Local\SquirrelTemp
2021-01-09 08:49 - 2020-06-01 10:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-01-08 15:17 - 2020-06-06 08:00 - 000002509 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Box Drive.lnk
2021-01-07 10:42 - 2020-06-01 11:23 - 000000000 ____D C:\Users\Predator\AppData\Local\NordVPN
2021-01-07 10:41 - 2020-10-15 10:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordSec
2021-01-07 10:41 - 2020-08-13 13:05 - 000000000 ____D C:\ProgramData\NordVPN
2021-01-07 10:41 - 2020-08-13 13:05 - 000000000 ____D C:\Program Files\NordVPN
2021-01-04 18:43 - 2020-06-26 15:40 - 007115280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2021-01-03 09:18 - 2020-08-30 16:20 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Anki2
2021-01-02 21:44 - 2020-07-09 14:51 - 000000000 ____D C:\Users\Predator\OneDrive\Documents\The Witcher 3

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 

TDMoor

Posts: 36   +0
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2021 01
Ran by Predator (25-01-2021 21:49:10)
Running from C:\Users\Predator\OneDrive\Desktop
Windows 10 Enterprise Version 20H2 19042.746 (X64) (2020-06-25 12:43:14)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1889391155-3959138193-832358570-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1889391155-3959138193-832358570-503 - Limited - Disabled)
Guest (S-1-5-21-1889391155-3959138193-832358570-501 - Limited - Disabled)
Predator (S-1-5-21-1889391155-3959138193-832358570-1001 - Administrator - Enabled) => C:\Users\Predator
WDAGUtilityAccount (S-1-5-21-1889391155-3959138193-832358570-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: Bitdefender Antivirus (Enabled - Up to date) {0E17DB7D-A20F-62CE-B95B-17DB0CDFE318}
FW: Bitdefender Firewall (Enabled) {362C5A58-E860-6396-9204-BEEEF20CA463}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
Anki (HKLM-x32\...\Anki) (Version: 2.1.35 - )
Apex Legends (HKLM-x32\...\{D7FBF176-382D-484E-863A-DFD1124A2A1C}) (Version: 1.0.5.0 - Electronic Arts, Inc.)
Belgium e-ID middleware 4.4.27 (build 4277) (HKLM\...\{DB942AEA-93D6-4FE4-8862-180D35A74277}) (Version: 4.4.4277 - Belgian Government)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 25.0.1.177 - Bitdefender)
Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 25.0.10.52 - Bitdefender)
Box (HKLM\...\{C1A6C984-4C0F-4C47-8DAD-5745EA8BC101}) (Version: 2.19.294 - Box, Inc.)
Cold Turkey Blocker (HKLM\...\{6498E673-B9C2-4544-A722-1E854B5B573E}_is1) (Version: 4.1 - Cold Turkey Software, Inc.)
Dabble 1.6.3 (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\544dca61-9865-5e8b-812f-c37d8d6689f2) (Version: 1.6.3 - Jacob Wright)
Epic Games Launcher (HKLM-x32\...\{FEF3A9BA-A962-4469-AD62-04839D4BB847}) (Version: 1.1.298.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{6D70A161-C29B-441B-9AA5-2ABBAB3B4B4D}) (Version: 1.1.1.0 - Epic Games, Inc.)
Excel (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
Git version 2.30.0.2 (HKLM\...\Git_is1) (Version: 2.30.0.2 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.104 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Immutable 0.13.2 (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\{6ae4b193-3f11-53fc-9cc5-14b1f1a73184}) (Version: 0.13.2 - Immutable)
Intel(R) Chipset Device Software (HKLM-x32\...\{70281077-96c3-4f75-938c-dc4746110c00}) (Version: 10.1.17903.8106 - Intel(R) Corporation)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.5.10103.7263 - Intel Corporation)
Intel(R) Graphics Driver Software (HKLM-x32\...\{2e312ef6-e0d3-4dc4-bce3-1fc8264ddb12}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{7cd4cd84-8203-4ef3-92b4-ed60c8210241}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{8a13c1a0-15ca-4939-92ea-9a745169ba28}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{b0307f85-280a-491f-8f69-4678e4100558}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{bd73e01d-c055-4533-8bc3-1f9489e66168}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{fb198756-7be7-4730-8f2e-282d5e71e412}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 17.2.0.1009 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000020-0220-1033-84C8-B8D95FA3C8C3}) (Version: 22.20.0.3 - Intel Corporation)
Killer Drivers (HKLM\...\{79D3BD20-5240-45E8-A367-2082C0DE299F}) (Version: 2.2.1460 - Rivet Networks)
Killer Ethernet Performance Driver Suite UWD (HKLM\...\{2BC138AD-0144-4B09-998B-77D25B26B1FA}) (Version: 2.0.1159 - Rivet Networks)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft Access 2016 - en-us (HKLM\...\AccessRetail - en-us) (Version: 16.0.13530.20440 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.50 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.71 - )
Microsoft Excel 2016 - en-us (HKLM\...\ExcelRetail - en-us) (Version: 16.0.13530.20440 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 12.181.137.0 - Microsoft Corporation)
Microsoft Outlook 2016 - en-us (HKLM\...\OutlookRetail - en-us) (Version: 16.0.13530.20440 - Microsoft Corporation)
Microsoft PowerPoint 2016 - en-us (HKLM\...\PowerPointRetail - en-us) (Version: 16.0.13530.20440 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.26.28720 (HKLM-x32\...\{7d607fb4-7e28-4c7a-a92f-3fcdaf555faf}) (Version: 14.26.28720.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.26.28720 (HKLM-x32\...\{86380aef-fd23-4fc3-8723-a98ccad8f2c6}) (Version: 14.26.28720.3 - Microsoft Corporation)
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.52.1 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.18.1111.805 - Microsoft Corporation)
Microsoft Word 2016 - en-us (HKLM\...\WordRetail - en-us) (Version: 16.0.13530.20440 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Node.js (HKLM\...\{70453304-793B-4FAB-A673-FB14AF816C9B}) (Version: 14.15.4 - Node.js Foundation)
NordVPN (HKLM\...\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 6.33.10.0 - TEFINCOM S.A.)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
NordVPN network TUN (HKLM\...\{BD0E4F38-D3F6-452D-A32E-B14D721839AC}) (Version: 1.0.1 - NordVPN)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden
NVIDIA FrameView SDK 1.1.4923.29214634 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29214634 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.20.5.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.5.70 - NVIDIA Corporation)
NVIDIA Graphics Driver 461.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 461.09 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NVIDIA USBC Driver 1.46.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.46.831.832 - NVIDIA Corporation)
NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 25.0.8 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13530.20440 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13530.20440 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13530.20440 - Microsoft Corporation) Hidden
OptaneDowngradeGuard (HKLM\...\{86B0E6C1-32E0-42CC-BC4F-BF3C0730CECB}) (Version: 18.0.0.0 - Intel Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.5.90.46284 - Electronic Arts, Inc.)
Outlook (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)
Paradox Launcher v2 (HKLM\...\{A92DB5D9-A24D-4678-9F91-B4FA6D895718}) (Version: 2.0.4.0 - Paradox Interactive)
Plex Media Server (HKLM-x32\...\{4a5565be-c707-413a-baa1-d5eccde17706}) (Version: 1.21.1.3876 - Plex, Inc.)
Plex Media Server (HKLM-x32\...\{83F0AA15-A6F5-499C-B5D1-34F7780DE904}) (Version: 1.21.1876 - Plex, Inc.) Hidden
PowerPoint (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
PredatorSense Service (HKLM\...\{8D399C7A-8693-4BDE-9D22-D43CBB8BBF62}) (Version: 3.00.3136 - Acer Incorporated)
Python 3.9.1 (64-bit) (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\{b2be55ad-3177-42aa-a6c2-53004684e4ea}) (Version: 3.9.1150.0 - Python Software Foundation)
Python 3.9.1 Add to Path (64-bit) (HKLM\...\{5AD5ED9C-14D1-4CFA-B4B1-A02CE8916D9F}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Core Interpreter (64-bit) (HKLM\...\{1C00F581-D5BF-491E-B1BB-72AA3A2250E5}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Development Libraries (64-bit) (HKLM\...\{27AD952D-DD9D-4AAC-B486-8AA601BFA064}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Documentation (64-bit) (HKLM\...\{5CB3AEED-BB03-47E2-BFF1-0CA58C236895}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Executables (64-bit) (HKLM\...\{71A9F41D-A865-46D4-A650-B210150DEF2A}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 pip Bootstrap (64-bit) (HKLM\...\{EF2B9385-6453-4702-9584-21BA8288D157}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Standard Library (64-bit) (HKLM\...\{5DD5C023-790B-4F1B-9B1B-8D1BC48F3057}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Tcl/Tk Support (64-bit) (HKLM\...\{414B5372-24FD-4302-8090-B9CE5564A6DD}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Test Suite (64-bit) (HKLM\...\{A7EC4DEB-8ABD-471D-BB5B-E579EBC9B043}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Utility Scripts (64-bit) (HKLM\...\{47A9647A-A576-4751-9C37-D32EB70285A3}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{FFC95928-6A14-4FB3-8D73-7A62382F66AC}) (Version: 3.9.7280.0 - Python Software Foundation)
REDlauncher (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\{7258BA11-600C-430E-A759-27E2C691A335}-REDlauncher_is1) (Version: - GOG.com)
RogueKiller version 14.8.4.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 14.8.4.0 - Adlice Software)
RstDowngradeGuard (HKLM\...\{13C2A26E-7AD4-4D82-BB4F-DEA6E871B958}) (Version: 18.0.0.0 - Intel Corporation) Hidden
Slack (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\slack) (Version: 4.12.2 - Slack Technologies Inc.)
STAR WARS™ Battlefront™ II (HKLM-x32\...\{8a882ce0-0c0b-4eb2-850c-28ebadab4f50}) (Version: 1.1.8.16162 - Electronic Arts)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stopping Plex (HKLM-x32\...\{2DEE500C-6080-45ED-90B0-17C666DB4B6C}) (Version: 1.21.1876 - Plex, Inc.) Hidden
uTorrent Web (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\utweb) (Version: 1.1.3 - BitTorrent, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Windows SDK AddOn (HKLM-x32\...\{1E76DFA7-96F3-4281-8E41-8A226C3E42EE}) (Version: 10.1.0.0 - Microsoft Corporation)
WinRAR 5.90 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.90.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\ZoomUMX) (Version: 5.2.0 (42619.0804) - Zoom Video Communications, Inc.)

Packages:
=========
Ganache -> C:\Program Files\WindowsApps\GanacheUI_2.5.4.0_x64__5dg5pnz03psnj [2021-01-21] (Truffle)
Killer Control Center -> C:\Program Files\WindowsApps\RivetNetworks.KillerControlCenter_2.1.2925.0_x64__rh07ty8m5nkag [2020-05-27] (Rivet Networks LLC) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-05-28] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-05-28] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.959.0_x64__56jybvy8sckqj [2021-01-08] (NVIDIA Corp.)
PredatorSense_V30 -> C:\Program Files\WindowsApps\AcerIncorporated.PredatorSenseV30_3.0.3136.0_x64__48frkmn4z8aw4 [2020-05-29] (Acer Incorporated)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.9.214.0_x64__dt26b99r8h8gj [2020-05-27] (Realtek Semiconductor Corp)
Waves MaxxAudio For Acer -> C:\Program Files\WindowsApps\WavesAudio.20761030F5EAC_1.0.67.0_x64__fh4rh281wavaa [2020-05-27] (Waves Audio)
Windows Terminal -> C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.4.3243.0_x64__8wekyb3d8bbwe [2021-01-24] (Microsoft Corporation) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1889391155-3959138193-832358570-1001_Classes\CLSID\{220d4c62-e55b-4ba8-8a2a-4893f134b062}\localserver32 -> C:\Program Files\Cold Turkey\Cold Turkey Blocker.exe (Cold Turkey Software, Inc. -> Cold Turkey Software Inc.)
CustomCLSID: HKU\S-1-5-21-1889391155-3959138193-832358570-1001_Classes\CLSID\{4E519A5C-D30A-4057-822B-80000AE06C3B}\localserver32 -> C:\Windows\System32\DriverStore\FileRepository\wavesapo77ac.inf_amd64_b71853ad38306f1c\WavesSvc64.exe (Waves Inc -> Waves Audio Ltd.)
SSODL: CallbackTechMountNotificator-cbfsconnect2017 - {E0B5A2AD-5A60-43C1-8657-B6E698942300} - C:\Windows\system32\cbfsconnectMntNtf2017.dll (Callback Technologies, Inc. -> Callback Technologies, Inc.)
SSODL-x32: CallbackTechMountNotificator-cbfsconnect2017 - {E0B5A2AD-5A60-43C1-8657-B6E698942300} - C:\Windows\SysWOW64\cbfsconnectMntNtf2017.dll (Callback Technologies, Inc. -> Callback Technologies, Inc.)
ShellServiceObjects: Virtual Storage Mount Notification -> {E0B5A2AD-5A60-43C1-8657-B6E698942300} => C:\Windows\system32\cbfsconnectMntNtf2017.dll [2019-10-07] (Callback Technologies, Inc. -> Callback Technologies, Inc.)
ShellServiceObjects-x32: Virtual Storage Mount Notification -> {E0B5A2AD-5A60-43C1-8657-B6E698942300} => C:\Windows\SysWOW64\cbfsconnectMntNtf2017.dll [2019-10-07] (Callback Technologies, Inc. -> Callback Technologies, Inc.)
ShellIconOverlayIdentifiers: [ BoxAvailableOffline] -> {8D0A4E1B-C25A-4AF8-8DA7-531929C02958} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [ BoxLocked] -> {1B927815-D431-48B1-A746-6FF91FB35431} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [ BoxLockedByOther] -> {73C8BC94-4A51-413B-B927-829449EAFA75} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [ BoxProblem] -> {8BBBCFB6-60E2-4C0F-BB31-10434068E2BE} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [ BoxSynced] -> {04B9BDFA-0C53-4F36-A77F-51F53E3EF3EC} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [ BoxSyncing] -> {2FFF193C-5891-4B26-B363-40D3B5257FE9} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers-x32: [ BoxAvailableOffline] -> {8D0A4E1B-C25A-4AF8-8DA7-531929C02958} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers-x32: [ BoxLocked] -> {1B927815-D431-48B1-A746-6FF91FB35431} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers-x32: [ BoxLockedByOther] -> {73C8BC94-4A51-413B-B927-829449EAFA75} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers-x32: [ BoxProblem] -> {8BBBCFB6-60E2-4C0F-BB31-10434068E2BE} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers-x32: [ BoxSynced] -> {04B9BDFA-0C53-4F36-A77F-51F53E3EF3EC} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers-x32: [ BoxSyncing] -> {2FFF193C-5891-4B26-B363-40D3B5257FE9} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ContextMenuHandlers1: [PeContextMenuExtension] -> {098A124A-AA1C-38C8-A65E-D1199A14516A} => C:\Program Files (x86)\Common Files\Wondershare\PDFelement\AddIns\PEShellExt_x64.dll [2020-09-28] (Wondershare Technology Co.,Ltd -> Wondershare)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-01-25] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvaci.inf_amd64_5691fa6e0332f879\nvshext.dll [2021-01-04] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-01-25] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm --app-url=hxxps://excel.office.com/
ShortcutWithArgument: C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb --app-url=hxxps://outlook.com/
ShortcutWithArgument: C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf --app-url=hxxps://powerpoint.office.com/

==================== Loaded Modules (Whitelisted) =============

2021-01-19 08:10 - 2017-11-01 20:58 - 001537024 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Cold Turkey\x64\SQLite.Interop.dll
2020-11-08 18:30 - 2020-11-08 18:30 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2020-11-08 18:30 - 2020-11-08 18:30 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2020-11-08 18:30 - 2020-11-08 18:30 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2021-01-22 08:33 - 2020-11-08 18:30 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2021-01-22 08:33 - 2020-11-08 18:30 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2021-01-22 08:33 - 2020-11-08 18:30 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2021-01-22 08:33 - 2020-11-08 18:30 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2021-01-22 08:33 - 2020-11-08 18:30 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2021-01-22 08:33 - 2020-11-08 18:30 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================
 

TDMoor

Posts: 36   +0
==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-1889391155-3959138193-832358570-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://google.com/
BHO: Bitdefender Trackers Blocking -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:\Program Files\Bitdefender\Bitdefender Security\bdtbie.dll [2020-11-13] (Bitdefender SRL -> Bitdefender)
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2020-11-13] (Bitdefender SRL -> Bitdefender)
BHO-x32: Bitdefender Trackers Blocking -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:\Program Files\Bitdefender\Bitdefender Security\antispam32\bdtbie.dll [2020-11-13] (Bitdefender SRL -> Bitdefender)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2020-11-13] (Bitdefender SRL -> Bitdefender)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2020-11-13] (Bitdefender SRL -> Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2020-11-13] (Bitdefender SRL -> Bitdefender)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 08:49 - 2021-01-25 21:17 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Python39\Scripts\;C:\Python39\;C:\Python38\Scripts\;C:\Python38\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\ProgramData\chocolatey\bin;C:\Program Files\Git LFS;C:\Program Files\nodejs\;C:\Program Files\Git\cmd
HKU\S-1-5-21-1889391155-3959138193-832358570-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: NordVPN LightWeight Firewall -> NordLwf (enabled)
WiFi: NordVPN LightWeight Firewall -> NordLwf (enabled)
Ethernet 2: NordVPN LightWeight Firewall -> NordLwf (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{4691B83A-E942-4A92-A86E-C95F6A5C08D0}C:\users\predator\appdata\local\programs\immutable-launcher\immutable.exe] => (Allow) C:\users\predator\appdata\local\programs\immutable-launcher\immutable.exe (FUEL GAMES PTY LTD -> Immutable)
FirewallRules: [TCP Query User{A68D2B54-07D1-4507-8AAE-936DD073C938}C:\users\predator\appdata\local\programs\immutable-launcher\immutable.exe] => (Allow) C:\users\predator\appdata\local\programs\immutable-launcher\immutable.exe (FUEL GAMES PTY LTD -> Immutable)
FirewallRules: [{5AC84A4A-AF6E-4E99-BE9C-63AD921E70B8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{35AD696D-F172-4A04-935C-8CFD7D0556D8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{2DE182D3-5804-4B94-AE5B-6831B130692F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RimWorld\RimWorldWin64.exe () [File not signed]
FirewallRules: [{5AE80C86-5829-4376-ACE2-C927E3CC022D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RimWorld\RimWorldWin64.exe () [File not signed]
FirewallRules: [{A221BEDA-5AC1-48D0-8A61-8A07535951B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed]
FirewallRules: [{76A9B99B-ED05-4968-8A80-4EB6C411BF4B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed]
FirewallRules: [{A297773B-2450-4240-91B1-E620FFD9ABDA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{D77D211B-51D3-4892-AC4F-93D9668C00A3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{77A85CBC-CBB1-4648-B3E3-5107CA8D4B6E}] => (Allow) C:\Program Files\Acer\PredatorSense Service\PSMobile.exe (Acer Incorporated -> Acer Incorporated)
FirewallRules: [{C39684F0-0C2E-4997-9632-64C8A0BF5BC7}] => (Allow) LPort=1688
FirewallRules: [{23BEE4BC-57FF-4DA7-90CE-596458857A3B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{53A220CD-2F57-41FD-9DFE-4654DE30539A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{16827971-00BA-4101-8016-1065CAA56CDE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [{0878BBEC-6A36-4133-B240-53B05A7893A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [{04D721C8-E162-4CB1-9EE4-4406CD8ED208}] => (Allow) C:\Users\Predator\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{E520C0C9-EBBC-476C-8B54-2B3E792A33EB}] => (Allow) C:\Users\Predator\AppData\Roaming\uTorrent Web\utweb.exe (Jenkins Win Client Build CA -> BitTorrent Inc.) [File not signed]
FirewallRules: [{707F8CDA-3444-4054-B1F7-3D1889B042E2}] => (Allow) C:\Users\Predator\AppData\Roaming\uTorrent Web\utweb.exe (Jenkins Win Client Build CA -> BitTorrent Inc.) [File not signed]
FirewallRules: [TCP Query User{59F05CC7-B590-455A-89A9-93F699E599EA}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{3D0A8F2F-F33F-45DF-AF78-164066464E4A}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{C0827ACE-9708-41E4-8C2E-3DBC09CDAF97}C:\users\predator\appdata\roaming\utorrent web\utweb.exe] => (Allow) C:\users\predator\appdata\roaming\utorrent web\utweb.exe (Jenkins Win Client Build CA -> BitTorrent Inc.) [File not signed]
FirewallRules: [UDP Query User{9425FF70-3FB5-4FD4-8A53-D45722910214}C:\users\predator\appdata\roaming\utorrent web\utweb.exe] => (Allow) C:\users\predator\appdata\roaming\utorrent web\utweb.exe (Jenkins Win Client Build CA -> BitTorrent Inc.) [File not signed]
FirewallRules: [{4D000003-5E6F-469E-8631-45D67B5381A8}] => (Allow) LPort=5556
FirewallRules: [{A218392C-2D4D-4D18-9D37-FD1E21D5FC74}] => (Allow) LPort=5558
FirewallRules: [{FC21407D-FDDD-4BEF-993C-D1E527D375C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Noita\noita.exe () [File not signed]
FirewallRules: [{5900202B-4B0B-40BA-9C0E-679B4B80249D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Noita\noita.exe () [File not signed]
FirewallRules: [{CB642A24-BE88-4508-B615-BA67907B5A04}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3744750E-62ED-4E11-A0B8-9CE16A335CE3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F9B1B90C-7E30-48CD-AFB2-A0AB5C34CF1B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{9515CEA7-7D38-4141-9993-875645BA41D2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{05E213DC-9D30-4D24-B94B-4396481EA4A4}] => (Allow) D:\SteamLibrary\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{1BF4B660-5576-405D-9697-77DEA6D1F498}] => (Allow) D:\SteamLibrary\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{430F94D4-4A80-461E-A5D0-560E852CC73B}] => (Allow) C:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{17343607-9A23-4D65-8F93-7F7CDBFBD1EA}] => (Allow) C:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{0136B642-4A42-4D68-9E6C-BB2BB338B29A}] => (Allow) D:\SteamLibrary\steamapps\common\Frostpunk\Frostpunk.exe (Marek Ziemak -> 11 bit studios S.A.)
FirewallRules: [{DDF5C115-054B-4042-9CC9-869696E37C20}] => (Allow) D:\SteamLibrary\steamapps\common\Frostpunk\Frostpunk.exe (Marek Ziemak -> 11 bit studios S.A.)
FirewallRules: [{B4E2CD39-0C62-467B-B29A-C9EC1F69DFA4}] => (Allow) D:\SteamLibrary\steamapps\common\Risk of Rain 2\Risk of Rain 2.exe () [File not signed]
FirewallRules: [{CEC25D48-DE11-41B0-B340-5AC78125697B}] => (Allow) D:\SteamLibrary\steamapps\common\Risk of Rain 2\Risk of Rain 2.exe () [File not signed]
FirewallRules: [{919FF8F5-EE4C-48EB-8E52-A966F393C67C}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x64\Hades.exe () [File not signed]
FirewallRules: [{B53A6CA0-6B55-4B41-AB38-36EF666710C2}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x64\Hades.exe () [File not signed]
FirewallRules: [{477081A5-2536-4021-AE0A-9CE82BE8CCC4}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x64Vk\Hades.exe () [File not signed]
FirewallRules: [{7739B2FB-C548-4C86-BFDA-C4D3DE1032CB}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x64Vk\Hades.exe () [File not signed]
FirewallRules: [{4AEDDCED-CA5C-4710-80E7-56CF5A03B816}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x86\Hades.exe () [File not signed]
FirewallRules: [{2A892D41-A607-42A3-980E-6FA7596C313C}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x86\Hades.exe () [File not signed]
FirewallRules: [{5F79DD4B-C8ED-4EC0-8B9E-59FC9CFB2B7B}] => (Allow) D:\SteamLibrary\steamapps\common\Cyberpunk 2077\REDprelauncher.exe (GOG Sp. z o.o. -> GOG.com)
FirewallRules: [{A1DEF92D-6B1B-4AA4-9450-7454CF9DE8C3}] => (Allow) D:\SteamLibrary\steamapps\common\Cyberpunk 2077\REDprelauncher.exe (GOG Sp. z o.o. -> GOG.com)
FirewallRules: [TCP Query User{80DFDF74-D9F2-4DCA-9D3C-9A18116B9276}D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [UDP Query User{BA79B7DC-F04A-43F6-94C3-830EAEE4CB8E}D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [{152AE6EA-7CDE-40F7-A6BA-BC8C50D2EF02}] => (Allow) D:\SteamLibrary\steamapps\common\OxygenNotIncluded\OxygenNotIncluded.exe () [File not signed]
FirewallRules: [{F19D12E7-EFC2-4097-B951-86EBFD2936BB}] => (Allow) D:\SteamLibrary\steamapps\common\OxygenNotIncluded\OxygenNotIncluded.exe () [File not signed]
FirewallRules: [{0A73930D-97CB-431C-BD9C-EC7888A4048F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{50D43171-131F-48C1-AB3A-19E2F016A731}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CFBBAA07-A265-42D6-9391-9F1A51522F68}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{61ED058C-9686-4C1B-B8AE-3FBCA8D9E10E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{438AE6F0-5DD7-4367-91AD-D93805C31C08}] => (Allow) D:\SteamLibrary\steamapps\common\Hollow Knight\hollow_knight.exe () [File not signed]
FirewallRules: [{F9E07F44-D1D5-490D-A26D-5EF899558ABC}] => (Allow) D:\SteamLibrary\steamapps\common\Hollow Knight\hollow_knight.exe () [File not signed]
FirewallRules: [{5CA2BC43-98BF-462F-AADF-DE0AE5210CC2}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{7124117D-B6DE-40A4-A372-E6701EA6AFFE}D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [UDP Query User{CE094F67-C96D-4399-B207-14C796437F8E}D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [{AFC61512-A706-43A6-8994-2316D89083D0}] => (Allow) D:\OriginLibrary\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{9D5975D6-0401-4B32-83AA-99F8BDC2D475}] => (Allow) D:\OriginLibrary\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{7301FD69-0D6D-4B7A-A3C5-2C3D6A5A6703}] => (Allow) D:\OriginLibrary\STAR WARS Battlefront II\starwarsbattlefrontii.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{F61294EE-DD20-45DD-AB8F-E99F325B17E9}] => (Allow) D:\OriginLibrary\STAR WARS Battlefront II\starwarsbattlefrontii.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{8DE05D07-4B21-4E7D-B6BF-D92891660650}] => (Allow) C:\Program Files\Cold Turkey\Cold Turkey Blocker.exe (Cold Turkey Software, Inc. -> Cold Turkey Software Inc.)
FirewallRules: [{445BDBA8-C704-47E1-9D51-39F7E7BC07C5}] => (Allow) C:\Program Files\Cold Turkey\Cold Turkey Blocker.exe (Cold Turkey Software, Inc. -> Cold Turkey Software Inc.)
FirewallRules: [{8BCDBD85-3201-40F7-84CB-08AC6871BF56}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [{D03F056E-E411-49B0-9E08-382AC54F1D8A}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe (Plex, Inc. -> Python Software Foundation)
FirewallRules: [{6343A0F3-8581-4E78-B163-60604BF38CF6}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [{2CEF015F-4598-40CA-BA41-702E14325BA2}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe (Plex, Inc. -> )
FirewallRules: [{5136DDC4-EEEB-4636-88B1-432DD1BC4C48}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/25/2021 09:50:10 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-01-26T11:18:10Z. Error Code: 0x80070002.

Error: (01/25/2021 09:49:40 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-01-26T11:18:40Z. Error Code: 0x80070002.

Error: (01/25/2021 09:49:10 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-01-26T11:18:10Z. Error Code: 0x80070002.

Error: (01/25/2021 09:48:40 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-01-26T11:18:40Z. Error Code: 0x80070002.

Error: (01/25/2021 09:48:10 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-01-26T11:18:10Z. Error Code: 0x80070002.

Error: (01/25/2021 09:47:40 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-01-26T11:18:40Z. Error Code: 0x80070002.

Error: (01/25/2021 09:47:10 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-01-26T11:18:10Z. Error Code: 0x80070002.

Error: (01/25/2021 09:46:40 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-01-26T11:18:40Z. Error Code: 0x80070002.


System errors:
=============
Error: (01/25/2021 07:22:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Epic Online Services service terminated unexpectedly. It has done this 1 time(s).

Error: (01/25/2021 03:17:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NDivert service failed to start due to the following error:
The driver was not loaded because it failed its initialization call.

Error: (01/25/2021 03:16:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The nordvpn-service service terminated unexpectedly. It has done this 2 time(s).

Error: (01/25/2021 03:16:42 PM) (Source: DCOM) (EventID: 10010) (User: PIXELATOR)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (01/25/2021 03:16:42 PM) (Source: DCOM) (EventID: 10010) (User: PIXELATOR)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (01/25/2021 07:06:25 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelIHVRouter08.dll

Error: (01/25/2021 07:06:25 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelIHVRouter08.dll

Error: (01/24/2021 09:46:30 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelIHVRouter08.dll


Windows Defender:
===================================
Date: 2021-01-20 09:30:02.5710000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {ACC5F2B3-B00C-478D-A291-D9A28D85F5ED}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-19 10:04:26.6460000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {AB40B445-6CC2-4D1E-8F04-1E2DD3D5042A}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-17 09:10:26.9690000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {C24E8599-FAA4-4C9D-B221-D350EC0AAE07}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-16 09:08:17.4710000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {D289753A-EFF4-4CFC-8FAB-0CA89AD70978}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-15 09:32:21.9780000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {7DD587C2-D05C-4325-8C36-59D4A51F0C05}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-15 19:37:57.3500000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.2223.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070422
Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Date: 2021-01-08 20:25:17.8380000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.1856.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070422
Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Date: 2021-01-08 15:27:25.7810000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.1856.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070422
Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Date: 2021-01-04 17:29:30.7480000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.1624.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070422
Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Date: 2020-12-31 17:00:07.0980000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.1388.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070422
Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

CodeIntegrity:
===================================

Date: 2021-01-25 21:38:32.6190000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume6\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-25 21:38:32.6100000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume6\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-25 21:38:32.5990000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume6\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-25 21:38:32.5890000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume6\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-25 21:38:32.5760000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume6\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-25 21:38:27.1900000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume6\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-25 21:38:27.1780000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume6\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-25 21:38:27.1680000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume6\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

BIOS: Insyde Corp. V1.12 07/28/2020
Motherboard: CFL Covini_CFS
Processor: Intel(R) Core(TM) i7-9750H CPU @ 2.60GHz
Percentage of memory in use: 39%
Total physical RAM: 16223.24 MB
Available physical RAM: 9811.68 MB
Total Virtual: 17247.24 MB
Available Virtual: 8963.05 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:237.94 GB) (Free:40.2 GB) NTFS
Drive d: () (Fixed) (Total:930.88 GB) (Free:458.68 GB) NTFS

\\?\Volume{90bd557f-eeda-40df-98c9-c824fee5f592}\ (Recovery) (Fixed) (Total:0.52 GB) (Free:0.5 GB) NTFS
\\?\Volume{98cfbf4c-e03e-4864-80a9-3d9498080616}\ () (Fixed) (Total:0.52 GB) (Free:0.07 GB) NTFS
\\?\Volume{7291a17b-e9c8-4205-9de3-6c4c29d9a227}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
\\?\Volume{52e5fb0b-a7aa-11ea-b395-50e085ba1633}\ () () (Total:0 GB) (Free:0 GB)

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: AC8C3942)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 238.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================
 

Broni

Posts: 55,721   +501
Do you set proxies for whatever reason?
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings)
 

Broni

Posts: 55,721   +501
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    371 bytes · Views: 11