Solved Automatic Proxy Setup Script on Chrome

TDMoor

Posts: 36   +0
Before I ran FRST fix, I restarted my laptop. When I opened Google Chrome afterwards, the setup script had toggled again and the IP had reappeared twice in regedit. I untoggled and deleted the regedit entries. They were located here:

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings

Then I ran the FRST fix.

Fix result of Farbar Recovery Scan Tool (x64) Version: 24-01-2021 01
Ran by Predator (25-01-2021 22:48:33) Run:2
Running from C:\Users\Predator\OneDrive\Desktop
Loaded Profiles: Predator
Boot Mode: Normal
==============================================

fixlist content:
*****************
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings)
RemoveProxy:
cmd: bitsadmin /util /setieproxy localsystem NO_PROXY RESET
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION


*****************

C:\ProgramData\NTUSER.pol => moved successfully
"HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser" => removed successfully

========= RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1889391155-3959138193-832358570-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1889391155-3959138193-832358570-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= bitsadmin /util /setieproxy localsystem NO_PROXY RESET =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

Internet proxy settings for account localsystem set to NO_PROXY.
(connection = default)


========= End of CMD: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => not found

==== End of Fixlog 22:48:33 ====
 

TDMoor

Posts: 36   +0
Okay, so the setup script button is no longer toggled and the IP is gone. The "Automatically Detect Settings" button above it is toggled, but I'm guessing that's intended.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-01-2021 01
Ran by Predator (administrator) on PIXELATOR (Acer Predator PH315-52) (25-01-2021 22:55:48)
Running from C:\Users\Predator\OneDrive\Desktop
Loaded Profiles: Predator
Platform: Windows 10 Enterprise Version 20H2 19042.746 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adlice -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(Adlice -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\DiscoverySrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdntwrk.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe <3>
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdwtxag.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
(Box, Inc. -> Box, Inc.) C:\Program Files\Box\Box\Box.Desktop.UpdateService.exe
(Box, Inc. -> Box, Inc.) C:\Program Files\Box\Box\Box.exe
(Box, Inc. -> Box, Inc.) C:\Program Files\Box\Box\FS\streem.exe
(Box, Inc. -> Box, Inc.) C:\Program Files\Box\Box\UI\BoxUI.exe
(Cold Turkey Software, Inc. -> ) C:\Program Files\Cold Turkey\ServiceHub.Helper.exe
(Cold Turkey Software, Inc. -> ) C:\Program Files\Cold Turkey\ServiceHub.Power.exe
(Cold Turkey Software, Inc. -> Cold Turkey Software Inc.) C:\Program Files\Cold Turkey\Cold Turkey Blocker.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Flexera Software LLC -> InstallShield Software Corporation) [File not signed] C:\Program Files (x86)\Common Files\installshield\engine\8\intel 32\iKernel.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_d52c63e0e1c02c96\jhi_service.exe
(Intel(R) Extreme Tuning Utility -> Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b578901fbed94a8e\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b578901fbed94a8e\igfxEM.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_3d18534d52d73f63\OneApp.IGCC.WinService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_6c4c2066b430f3ad\IntelCpHDCPSvc.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_6c4c2066b430f3ad\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_42f9d9bfb72d84cf\RstMwService.exe
(Intel(R) Trust Services -> Intel(R) Corporation) C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_e3f9b958faa255f1\lib\TPMProvisioningService.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvaci.inf_amd64_5691fa6e0332f879\Display.NvContainer\NVDisplay.Container.exe <2>
(Plex, Inc. -> Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(Rivet Networks LLC -> Rivet Networks LLC) C:\Windows\System32\drivers\RivetNetworks\Killer\xTendUtility.exe
(Rivet Networks LLC -> Rivet Networks) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe
(Rivet Networks LLC -> Rivet Networks, LLC.) C:\Windows\System32\drivers\RivetNetworks\Killer\xTendUtilityService.exe
(Rivet Networks LLC) C:\Program Files\WindowsApps\RivetNetworks.KillerControlCenter_2.1.2925.0_x64__rh07ty8m5nkag\KillerControlCenter_v2\KillerControlCenter.exe
(TEFINCOM S.A. -> TEFINCOM S.A.) C:\Program Files\NordVPN\nordvpn-service.exe
(Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo77ac.inf_amd64_b71853ad38306f1c\WavesSvc64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo77ac.inf_amd64_b71853ad38306f1c\WavesSysSvc64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1082592 2020-02-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo77ac.inf_amd64_b71853ad38306f1c\WavesSvc64.exe [1597528 2019-12-23] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [Box] => C:\Program Files\Box\Box\Box.exe [6387944 2020-12-21] (Box, Inc. -> Box, Inc.)
HKLM\...\Run: [cfmon] => C:\Windows\System32\ctfmon.exe [11264 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\MountPoints2: {0dafccc4-bf41-11ea-b3a1-50e085ba1633} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-18\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [21233264 2021-01-05] (Plex, Inc. -> Plex, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\88.0.4324.104\Installer\chrmstp.exe [2021-01-25] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {11810E54-6E06-4D99-BACE-B4746BEB1B98} - System32\Tasks\Power_a17007 => C:\Program Files\Cold Turkey\CTServiceInstaller.exe [20224 2021-01-10] (Cold Turkey Software, Inc. -> Cold Turkey Software Inc.)
Task: {4ED77466-76A7-4A21-8142-2B6E739FD744} - System32\Tasks\Optimize Thumbnail Cache => C:\Program Files (x86)\Common Files\installshield\engine\8\intel 32\isupdate.exe [61104 2020-09-26] (Flexera Software LLC -> InstallShield®) [File not signed]
Task: {8D1C2012-6235-4F06-B028-A6C409DCB52B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-25] (Google LLC -> Google LLC)
Task: {A42B5245-B179-4D4B-9257-DDF3D85A210B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-25] (Google LLC -> Google LLC)
Task: {A6035921-0766-4EC2-908B-95C79185BB4E} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [895080 2020-10-28] (Bitdefender SRL -> Bitdefender)
Task: {AB949040-EA4A-412A-BCF5-736D5E5FDF87} - System32\Tasks\InstallShield® Setup Engine Kernel => C:\Program Files (x86)\Common Files\installshield\engine\8\intel 32\iKernel.exe [72880 2020-10-16] (Flexera Software LLC -> InstallShield Software Corporation) [File not signed]

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\Driver Easy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{90002c76-16bd-4c5f-bf9b-fa5571ee34eb}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{cf3f026a-e4fb-46f4-b342-96e9ddaa1fda}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Predator\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-25]
Edge Extension: (Outlook) - C:\Users\Predator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2020-10-19]
Edge Extension: (Cold Turkey Blocker) - C:\Users\Predator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jfphahkinplobmabmgjmjgflbhjjddeb [2021-01-19]
Edge Extension: (Excel) - C:\Users\Predator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2020-10-19]
Edge Extension: (PowerPoint) - C:\Users\Predator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2020-10-19]

FireFox:
========
FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi [2020-07-16] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/wallet/updates.json ]
FF HKLM\...\Firefox\Extensions: [bdtbe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi
FF Extension: (Bitdefender Anti-tracker) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi [2020-09-17] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/antitracker/updates.json ]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2020-12-08] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
FF HKLM-x32\...\Firefox\Extensions: [bdtbe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-09-15] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-09-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default [2021-01-25]
CHR Extension: (Slides) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-01-25]
CHR Extension: (Docs) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-01-25]
CHR Extension: (Google Drive) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-01-25]
CHR Extension: (YouTube) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-01-25]
CHR Extension: (Adobe Acrobat) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-01-25]
CHR Extension: (Sheets) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-01-25]
CHR Extension: (Google Docs Offline) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-01-25]
CHR Extension: (Jon Klassen) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmgjhcokclngghkncjakaigpjhfhpoek [2021-01-25]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2021-01-25]
CHR Extension: (Bitdefender Anti-tracker) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\khndhdhbebhaddchcgnalcjlaekbbeof [2021-01-25]
CHR Extension: (MetaMask) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2021-01-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-25]
CHR Extension: (Toggl Track: Productivity & Time Tracker) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejgccbfbmkkpaidnkphaiaecficdnfn [2021-01-25]
CHR Extension: (Gmail) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-25]
CHR Extension: (Chrome Media Router) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-25]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl]
CHR HKLM-x32\...\Chrome\Extension: [khndhdhbebhaddchcgnalcjlaekbbeof]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
R2 BDAuxSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [803576 2020-10-02] (Bitdefender SRL -> Bitdefender)
R2 BDProtSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [803576 2020-10-02] (Bitdefender SRL -> Bitdefender)
R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2195344 2018-03-22] (Bitdefender SRL -> Bitdefender)
R2 BoxUpdateSvc; C:\Program Files\Box\Box\Box.Desktop.UpdateService.exe [98000 2020-12-21] (Box, Inc. -> Box, Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8960384 2021-01-19] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2020-10-14] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [439880 2021-01-05] (Epic Games Inc. -> Epic Games, Inc.)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [287720 2020-10-19] (NVIDIA Corporation -> NVIDIA)
R2 Killer Network Service; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe [2616424 2019-06-17] (Rivet Networks LLC -> Rivet Networks)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-01-25] (Malwarebytes Inc -> Malwarebytes)
R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [275200 2020-10-16] (TEFINCOM S.A. -> TEFINCOM S.A.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2533952 2021-01-20] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3479112 2021-01-20] (Electronic Arts, Inc. -> Electronic Arts)
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [1427568 2021-01-05] (Plex, Inc. -> Plex, Inc.)
R2 Power_a17007; C:\Program Files\Cold Turkey\ServiceHub.Power.exe [111096 2020-11-13] (Cold Turkey Software, Inc. -> )
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1355768 2020-10-28] (Bitdefender SRL -> Bitdefender)
S3 PSSvc; C:\Program Files\Acer\PredatorSense Service\PSSvc.exe [979736 2019-10-09] (Acer Incorporated -> Acer Incorporated)
R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13686080 2021-01-13] (Adlice -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [170840 2020-11-13] (Bitdefender SRL -> Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [803576 2020-10-02] (Bitdefender SRL -> Bitdefender)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 xTendSoftAPService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\xTendSoftAPService.exe [72808 2019-06-17] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 xTendUtilityService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\xTendUtilityService.exe [72816 2019-06-17] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvaci.inf_amd64_5691fa6e0332f879\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvaci.inf_amd64_5691fa6e0332f879\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AcerAirplaneModeController; C:\WINDOWS\System32\drivers\AcerAirplaneModeController.sys [30168 2020-05-12] (Acer Incorporated -> Acer Incorporated)
R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [2151624 2020-09-16] (Bitdefender SRL -> Bitdefender S.R.L. Bucharest, ROMANIA)
R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [796200 2020-05-26] (Bitdefender SRL -> Bitdefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [22960 2019-03-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
R0 bdprivmon; C:\WINDOWS\System32\DRIVERS\bdprivmon.sys [46056 2020-01-17] (Bitdefender SRL -> © Bitdefender SRL)
R1 cbfsconnect2017; C:\Windows\system32\drivers\cbfsconnect2017.sys [480272 2019-10-07] (Microsoft Windows Hardware Compatibility Publisher -> Callback Technologies, Inc.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2021-01-25] (Malwarebytes Corporation -> Malwarebytes)
R0 Gemma; C:\WINDOWS\System32\DRIVERS\gemma.sys [473608 2020-09-14] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [195232 2020-09-03] (Bitdefender SRL -> BitDefender LLC)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [57728 2021-01-21] (SurfRight B.V. -> )
R2 Ignis; C:\WINDOWS\system32\DRIVERS\ignis.sys [185312 2020-10-07] (Bitdefender SRL -> Bitdefender)
R3 KfeCoSvc; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KfeCo10X64.sys [162432 2019-06-17] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220160 2021-01-25] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-01-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [197792 2021-01-25] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-01-25] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-01-25] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [141472 2021-01-25] (Malwarebytes Inc -> Malwarebytes)
S2 NDivert; C:\WINDOWS\System32\drivers\NDivert.sys [101600 2020-12-29] (TEFINCOM S.A. -> )
R3 nlwt; C:\WINDOWS\System32\drivers\nlwt.sys [39360 2020-10-25] (TEFINCOM S.A. -> WireGuard LLC)
R1 nordlwf; C:\WINDOWS\system32\DRIVERS\nordlwf.sys [38608 2020-07-10] (TEFINCOM S.A. -> TEFINCOM S.A.)
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [38032 2021-01-25] (Adlice -> )
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [640760 2020-06-09] (Bitdefender SRL -> Bitdefender)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

TDMoor

Posts: 36   +0
==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-25 22:42 - 2021-01-25 22:42 - 000000000 __RDL C:\Users\Predator\Box
2021-01-25 21:47 - 2021-01-25 21:47 - 000000000 ____D C:\Users\Predator\AppData\LocalLow\IGDump
2021-01-25 16:04 - 2021-01-25 16:04 - 000002319 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-25 16:03 - 2021-01-25 16:03 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-01-25 16:03 - 2021-01-25 16:03 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-01-25 16:03 - 2021-01-25 16:03 - 000000000 ____D C:\Program Files\Google
2021-01-25 15:17 - 2021-01-25 15:17 - 000197792 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-01-25 15:17 - 2021-01-25 15:17 - 000141472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-01-25 15:17 - 2021-01-25 15:17 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-01-25 15:17 - 2021-01-25 15:17 - 000000000 ____D C:\ProgramData\Atc
2021-01-25 07:24 - 2021-01-25 07:24 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-01-25 07:24 - 2021-01-25 07:24 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-01-25 07:24 - 2021-01-25 07:24 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-01-25 07:24 - 2021-01-25 07:24 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-01-25 07:24 - 2021-01-25 07:24 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-01-25 07:24 - 2021-01-25 07:24 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-01-25 07:23 - 2021-01-25 07:23 - 000085636 _____ C:\ProgramData\agent.update.1611544978.bdinstall.v2.bin
2021-01-25 07:23 - 2021-01-25 07:23 - 000000000 ____D C:\Program Files\Malwarebytes
2021-01-25 07:12 - 2021-01-25 07:12 - 000000000 ____D C:\ProgramData\48C4687D-9760-4F5B-BAB3-60351B0841E4
2021-01-25 07:11 - 2021-01-25 15:17 - 000038032 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2021-01-25 07:11 - 2021-01-25 07:16 - 000000000 ____D C:\ProgramData\RogueKiller
2021-01-25 07:11 - 2021-01-25 07:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2021-01-25 07:11 - 2021-01-25 07:11 - 000000000 ____D C:\Program Files\RogueKiller
2021-01-24 13:48 - 2021-01-25 22:56 - 000000000 ____D C:\FRST
2021-01-24 12:53 - 2021-01-24 12:53 - 000003802 _____ C:\WINDOWS\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2021-01-24 12:53 - 2021-01-24 12:53 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-24 12:53 - 2021-01-24 12:53 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-01-24 12:51 - 2021-01-24 12:51 - 000003866 _____ C:\WINDOWS\system32\Tasks\Power_a17007
2021-01-24 12:50 - 2021-01-24 12:50 - 000003430 _____ C:\WINDOWS\system32\Tasks\InstallShield® Setup Engine Kernel
2021-01-21 16:43 - 2021-01-23 12:03 - 000029734 _____ C:\Users\Predator\.babel.json
2021-01-21 16:08 - 2021-01-21 16:08 - 000000000 ____D C:\Users\Predator\AppData\Local\node-gyp
2021-01-21 15:49 - 2021-01-21 15:49 - 000000290 _____ C:\Users\Predator\.gitconfig
2021-01-21 15:49 - 2021-01-21 15:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
2021-01-21 15:49 - 2021-01-21 15:49 - 000000000 ____D C:\Program Files\Git
2021-01-21 15:38 - 2021-01-23 11:15 - 000000000 ____D C:\Users\Predator\AppData\Roaming\npm-cache
2021-01-21 15:38 - 2021-01-21 15:38 - 000000000 ____D C:\Users\Predator\.config
2021-01-21 15:37 - 2021-01-21 15:37 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Ganache
2021-01-21 15:26 - 2021-01-21 15:26 - 000000000 ____D C:\Users\Predator\AppData\Local\Package Cache
2021-01-21 15:26 - 2021-01-21 15:26 - 000000000 ____D C:\Python39
2021-01-21 15:26 - 2021-01-21 15:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.9
2021-01-21 15:25 - 2021-01-21 15:25 - 000000000 ____D C:\Users\Predator\AppData\Roaming\NuGet
2021-01-21 15:24 - 2021-01-21 15:38 - 000000000 ____D C:\Users\Predator\AppData\Roaming\npm
2021-01-21 15:24 - 2021-01-21 15:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js
2021-01-21 15:24 - 2021-01-21 15:24 - 000000000 ____D C:\Program Files\nodejs
2021-01-21 12:13 - 2021-01-21 12:13 - 000000312 _____ C:\WINDOWS\system32\.crusader
2021-01-21 12:10 - 2021-01-21 12:14 - 000057728 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2021-01-21 11:48 - 2021-01-21 12:30 - 000064959 _____ C:\WINDOWS\ZAM.krnl.trace
2021-01-21 11:48 - 2021-01-21 12:30 - 000000000 ____D C:\Users\Predator\AppData\Local\AMSDK
2021-01-21 11:48 - 2021-01-21 11:48 - 000000000 ____D C:\Users\Predator\AppData\Local\Zemana
2021-01-21 11:10 - 2021-01-21 11:12 - 000000000 ____D C:\AdwCleaner
2021-01-21 10:54 - 2021-01-21 11:04 - 000477624 _____ C:\WINDOWS\ntbtlog.txt
2021-01-21 10:54 - 2021-01-21 10:54 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2021-01-21 10:49 - 2021-01-21 10:49 - 000099608 _____ C:\ProgramData\vpn.uninstall.1611211736.bdinstall.v2.bin
2021-01-21 08:17 - 2021-01-21 08:17 - 000196800 _____ C:\ProgramData\vpn.1611202658.bdinstall.v2.bin
2021-01-21 08:10 - 2021-01-25 07:24 - 000220160 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-01-21 08:10 - 2021-01-21 08:19 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2021-01-21 08:10 - 2021-01-21 08:10 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\4524E26C.sys
2021-01-21 08:10 - 2021-01-21 08:10 - 000000000 ____D C:\Program Files (x86)\Malwarebytes
2021-01-21 08:09 - 2021-01-21 08:09 - 000765208 _____ C:\ProgramData\cl.1611201876.bdinstall.v2.bin
2021-01-21 08:09 - 2021-01-21 08:09 - 000102248 _____ C:\ProgramData\cl.kit.1611201875.bdinstall.v2.bin
2021-01-21 08:09 - 2021-01-21 08:09 - 000000000 ____D C:\WINDOWS\system32\elambkup
2021-01-21 08:09 - 2021-01-21 08:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender Security
2021-01-21 08:09 - 2021-01-21 08:09 - 000000000 ____D C:\ProgramData\Gemma
2021-01-21 08:09 - 2021-01-21 08:09 - 000000000 ____D C:\ProgramData\BDLogging
2021-01-21 08:09 - 2020-09-16 13:26 - 002151624 _____ (Bitdefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\atc.sys
2021-01-21 08:09 - 2020-09-14 14:26 - 000473608 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\gemma.sys
2021-01-21 08:09 - 2020-05-26 13:23 - 000796200 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bddci.sys
2021-01-21 08:09 - 2020-01-17 02:03 - 000046056 _____ (© Bitdefender SRL) C:\WINDOWS\system32\Drivers\bdprivmon.sys
2021-01-21 08:09 - 2019-03-21 00:12 - 000022960 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
2021-01-21 08:08 - 2021-01-21 10:54 - 000000000 ____D C:\Program Files\Bitdefender
2021-01-21 08:08 - 2021-01-21 09:14 - 000000000 ____D C:\ProgramData\Bitdefender
2021-01-21 08:08 - 2021-01-21 08:08 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Bitdefender
2021-01-21 08:08 - 2020-10-07 11:30 - 000185312 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\ignis.sys
2021-01-21 08:08 - 2020-09-03 05:20 - 000195232 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2021-01-21 08:08 - 2020-06-09 17:13 - 000640760 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\trufos.sys
2021-01-21 08:04 - 2021-01-21 08:08 - 000000000 ____D C:\Program Files\Common Files\Bitdefender
2021-01-21 07:55 - 2021-01-25 07:23 - 000000000 ____D C:\Program Files\Bitdefender Agent
2021-01-21 07:55 - 2021-01-21 07:55 - 000117564 _____ C:\ProgramData\agent.1611201317.bdinstall.v2.bin
2021-01-21 07:55 - 2021-01-21 07:55 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2021-01-21 07:51 - 2021-01-21 07:51 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000025-000000.txt
2021-01-21 07:48 - 2021-01-21 08:10 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-01-20 22:21 - 2021-01-20 22:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2021-01-20 14:45 - 2021-01-20 14:45 - 000001425 _____ C:\WINDOWS\system32\default_error_stack-000024-000000.txt
2021-01-20 14:45 - 2021-01-20 14:45 - 000000000 ____D C:\WINDOWS\Panther
2021-01-19 08:10 - 2021-01-25 22:57 - 000000000 ____D C:\ProgramData\Cold Turkey
2021-01-19 08:10 - 2021-01-19 08:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cold Turkey Software
2021-01-19 08:10 - 2021-01-19 08:10 - 000000000 ____D C:\Program Files\Cold Turkey
2021-01-18 07:29 - 2021-01-18 07:29 - 000001425 _____ C:\WINDOWS\system32\default_error_stack-000023-000000.txt
2021-01-18 07:08 - 2021-01-18 07:10 - 000000000 ____D C:\Users\Predator\OneDrive\Documents\STAR WARS Battlefront II
2021-01-18 07:08 - 2021-01-18 07:08 - 000000000 ____D C:\Users\Predator\AppData\Local\STAR WARS Battlefront II
2021-01-13 13:25 - 2021-01-13 13:25 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000022-000000.txt
2021-01-13 12:53 - 2021-01-13 12:53 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 001162240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-01-13 12:53 - 2021-01-13 12:53 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-13 12:53 - 2021-01-13 12:53 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-13 12:53 - 2021-01-13 12:53 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-13 12:53 - 2021-01-13 12:53 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-13 12:53 - 2021-01-13 12:53 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000467968 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-13 12:53 - 2021-01-13 12:53 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-13 12:53 - 2021-01-13 12:53 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-13 12:53 - 2021-01-13 12:53 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-13 12:53 - 2021-01-13 12:53 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-01-13 12:53 - 2021-01-13 12:53 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-01-13 12:53 - 2021-01-13 12:53 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-13 12:53 - 2021-01-13 12:53 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-13 12:53 - 2021-01-13 12:53 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-13 12:53 - 2021-01-13 12:53 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000010894 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-01-13 12:52 - 2021-01-13 12:52 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-13 12:52 - 2021-01-13 12:52 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-01-13 12:52 - 2021-01-13 12:52 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-01-13 12:52 - 2021-01-13 12:52 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-01-08 20:11 - 2021-01-04 18:49 - 001855192 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-01-08 20:11 - 2021-01-04 18:49 - 001855192 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-01-08 20:11 - 2021-01-04 18:49 - 001435864 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-01-08 20:11 - 2021-01-04 18:49 - 001435864 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-01-08 20:11 - 2021-01-04 18:49 - 000948952 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-01-08 20:11 - 2021-01-04 18:49 - 000948952 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-01-08 20:11 - 2021-01-04 18:48 - 001454488 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-01-08 20:11 - 2021-01-04 18:48 - 001193880 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-01-08 20:11 - 2021-01-04 18:48 - 001094880 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-01-08 20:11 - 2021-01-04 18:48 - 001094880 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 001512856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 001165720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 000690072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2021-01-08 20:11 - 2021-01-04 18:46 - 000680856 _____ C:\WINDOWS\system32\nvofapi64.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 000673688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 000610712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 000559000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 000548248 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 008262552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 007393176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 004612504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 002731928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 002104216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 001589144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 000813976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 000657816 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 000447384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2021-01-08 20:11 - 2021-01-04 18:44 - 000850840 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2021-01-08 20:11 - 2021-01-04 18:43 - 006071032 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2021-01-08 20:11 - 2020-12-31 18:01 - 000084159 _____ C:\WINDOWS\system32\nvinfo.pb
2021-01-08 15:16 - 2021-01-08 15:16 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000021-000000.txt
2021-01-08 14:53 - 2021-01-19 07:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-Link
2021-01-08 14:53 - 2021-01-19 07:51 - 000000000 ____D C:\Program Files (x86)\TP-Link
2021-01-08 14:53 - 2021-01-08 15:29 - 000000000 ____D C:\Users\Predator\AppData\Roaming\tpPLC
2021-01-08 14:53 - 2021-01-08 14:53 - 000000000 ____D C:\Users\Predator\AppData\Local\Downloaded Installations
2021-01-07 10:41 - 2020-12-29 17:02 - 000101600 _____ C:\WINDOWS\system32\Drivers\NDivert.sys
2021-01-05 15:55 - 2021-01-05 15:55 - 000000000 ____D C:\Users\Predator\AppData\LocalLow\Team Cherry
2020-12-29 08:57 - 2020-12-29 08:57 - 000001781 _____ C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MaxxAudio by Waves – Speaker Audio Control and Nx 3D Sound.lnk
2020-12-29 08:50 - 2020-12-29 08:50 - 000000000 ____D C:\WINDOWS\Firmware
2020-12-27 19:47 - 2021-01-13 20:29 - 000000000 ____D C:\Users\Predator\AppData\Local\ElevatedDiagnostics

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-25 22:52 - 2019-12-07 13:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-25 22:44 - 2020-06-25 16:43 - 001755600 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-01-25 22:44 - 2020-06-25 15:29 - 000778836 _____ C:\WINDOWS\system32\perfh019.dat
2021-01-25 22:44 - 2020-06-25 15:29 - 000157542 _____ C:\WINDOWS\system32\perfc019.dat
2021-01-25 22:44 - 2019-12-07 13:13 - 000000000 ____D C:\WINDOWS\INF
2021-01-25 22:42 - 2020-06-25 15:38 - 000000000 ____D C:\Users\Predator
2021-01-25 22:42 - 2020-06-06 08:03 - 000001302 _____ C:\Users\Predator\Desktop\Box.lnk
2021-01-25 22:42 - 2020-05-29 00:50 - 000000000 ____D C:\ProgramData\NVIDIA
2021-01-25 22:42 - 2020-05-27 22:23 - 000000000 __SHD C:\Users\Predator\IntelGraphicsProfiles
2021-01-25 22:22 - 2019-12-07 13:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-01-25 21:37 - 2020-06-01 11:27 - 000000000 ____D C:\Program Files (x86)\Steam
2021-01-25 21:34 - 2020-06-25 16:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-01-25 19:41 - 2020-11-08 18:28 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Origin
2021-01-25 19:41 - 2020-11-08 18:28 - 000000000 ____D C:\ProgramData\Origin
2021-01-25 19:23 - 2020-11-09 21:11 - 000000000 ____D C:\Program Files (x86)\Origin Games
2021-01-25 19:23 - 2020-11-08 18:28 - 000000000 ____D C:\Users\Predator\AppData\Local\Origin
2021-01-25 18:00 - 2020-11-02 17:19 - 000000000 ____D C:\Users\Predator\AppData\Local\Plex Media Server
2021-01-25 16:04 - 2020-05-27 22:20 - 000000000 ____D C:\Users\Predator\AppData\Local\Google
2021-01-25 16:03 - 2020-05-27 22:20 - 000000000 ____D C:\Program Files (x86)\Google
2021-01-25 16:02 - 2020-06-23 15:07 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Code
2021-01-25 15:17 - 2020-06-25 16:43 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-25 15:17 - 2020-06-25 16:39 - 000008192 ___SH C:\DumpStack.log.tmp
2021-01-25 15:17 - 2020-05-27 22:23 - 000000000 ____D C:\Intel
2021-01-25 15:17 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-01-25 15:17 - 2019-12-07 13:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-01-25 15:16 - 2019-03-19 08:52 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-01-25 15:15 - 2020-06-01 11:23 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Slack
2021-01-25 15:05 - 2020-08-25 16:45 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Dabble
2021-01-25 07:24 - 2020-06-08 07:24 - 000000000 ____D C:\Users\Predator\AppData\Local\CrashDumps
2021-01-25 07:24 - 2019-12-07 13:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-01-24 17:20 - 2020-08-16 15:48 - 000000000 ____D C:\Users\Predator\AppData\Local\BitTorrentHelper
2021-01-24 17:20 - 2020-08-16 15:47 - 000000000 ____D C:\Users\Predator\AppData\Roaming\uTorrent Web
2021-01-24 16:30 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-01-24 16:20 - 2020-05-28 00:18 - 000000000 ____D C:\Users\Predator\AppData\Local\Packages
2021-01-24 16:20 - 2020-05-27 22:25 - 000000000 ____D C:\ProgramData\Packages
2021-01-24 16:20 - 2020-05-27 22:20 - 000000000 ____D C:\Users\Predator\AppData\Local\PlaceholderTileLogoFolder
2021-01-24 16:20 - 2019-12-07 13:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-24 12:50 - 2020-12-23 20:14 - 000003790 _____ C:\WINDOWS\system32\Tasks\Optimize Thumbnail Cache
2021-01-24 12:18 - 2020-06-01 10:12 - 000000000 ____D C:\Program Files\Microsoft Office
2021-01-24 07:06 - 2020-09-03 22:16 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-24 07:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-01-22 08:33 - 2020-11-08 18:30 - 000000000 ____D C:\Program Files (x86)\Origin
2021-01-22 07:12 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-01-21 19:26 - 2020-07-09 08:40 - 000000000 ____D C:\Users\Predator\AppData\Roaming\obs-studio
2021-01-21 15:43 - 2020-06-23 15:07 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Studio Code
2021-01-21 15:39 - 2020-08-24 13:26 - 000000000 ____D C:\ProgramData\chocolatey
2021-01-21 15:26 - 2020-05-29 00:31 - 000000000 ____D C:\ProgramData\Package Cache
2021-01-21 11:12 - 2020-05-29 00:44 - 000000000 ____D C:\ProgramData\Acer
2021-01-21 10:48 - 2020-06-25 16:39 - 000312784 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-01-21 08:20 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2021-01-21 08:20 - 2019-12-07 13:14 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2021-01-21 08:05 - 2020-06-25 15:27 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-01-21 08:00 - 2020-05-27 22:24 - 000000000 ____D C:\Users\Predator\AppData\Local\D3DSCache
2021-01-20 22:16 - 2020-08-16 15:47 - 000001919 _____ C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent Web.lnk
2021-01-19 08:15 - 2020-06-23 10:15 - 000000000 ____D C:\Users\Predator\AppData\Roaming\immutable-launcher
2021-01-18 08:19 - 2020-12-15 07:13 - 000000000 ____D C:\Program Files (x86)\Epic Games
2021-01-18 08:15 - 2020-05-29 00:33 - 000000000 ____D C:\Program Files (x86)\Intel
2021-01-17 21:59 - 2020-11-09 23:31 - 000000000 ___HD C:\Program Files\Common Files\EAInstaller
2021-01-13 13:25 - 2020-06-25 21:29 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-01-13 13:25 - 2019-12-07 18:48 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-13 13:25 - 2019-12-07 18:48 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-13 13:25 - 2019-12-07 18:44 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\IME
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-13 12:55 - 2019-12-07 13:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-01-13 12:52 - 2020-06-25 16:43 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-01-13 07:09 - 2020-05-27 22:38 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-01-13 07:08 - 2020-05-27 22:38 - 135062968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-01-12 20:58 - 2020-07-09 09:41 - 000000000 ____D C:\Users\Predator\AppData\Roaming\vlc
2021-01-12 07:25 - 2020-06-01 11:23 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies Inc
2021-01-12 07:25 - 2020-06-01 11:23 - 000000000 ____D C:\Users\Predator\AppData\Local\slack
2021-01-12 07:24 - 2020-05-27 22:41 - 000000000 ____D C:\Users\Predator\AppData\Local\SquirrelTemp
2021-01-09 08:49 - 2020-06-01 10:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-01-08 15:17 - 2020-06-06 08:00 - 000002509 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Box Drive.lnk
2021-01-07 10:42 - 2020-06-01 11:23 - 000000000 ____D C:\Users\Predator\AppData\Local\NordVPN
2021-01-07 10:41 - 2020-10-15 10:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordSec
2021-01-07 10:41 - 2020-08-13 13:05 - 000000000 ____D C:\ProgramData\NordVPN
2021-01-07 10:41 - 2020-08-13 13:05 - 000000000 ____D C:\Program Files\NordVPN
2021-01-04 18:43 - 2020-06-26 15:40 - 007115280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2021-01-03 09:18 - 2020-08-30 16:20 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Anki2
2021-01-02 21:44 - 2020-07-09 14:51 - 000000000 ____D C:\Users\Predator\OneDrive\Documents\The Witcher 3

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 

TDMoor

Posts: 36   +0
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2021 01
Ran by Predator (25-01-2021 22:57:41)
Running from C:\Users\Predator\OneDrive\Desktop
Windows 10 Enterprise Version 20H2 19042.746 (X64) (2020-06-25 12:43:14)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1889391155-3959138193-832358570-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1889391155-3959138193-832358570-503 - Limited - Disabled)
Guest (S-1-5-21-1889391155-3959138193-832358570-501 - Limited - Disabled)
Predator (S-1-5-21-1889391155-3959138193-832358570-1001 - Administrator - Enabled) => C:\Users\Predator
WDAGUtilityAccount (S-1-5-21-1889391155-3959138193-832358570-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: Bitdefender Antivirus (Enabled - Up to date) {0E17DB7D-A20F-62CE-B95B-17DB0CDFE318}
FW: Bitdefender Firewall (Enabled) {362C5A58-E860-6396-9204-BEEEF20CA463}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
Anki (HKLM-x32\...\Anki) (Version: 2.1.35 - )
Apex Legends (HKLM-x32\...\{D7FBF176-382D-484E-863A-DFD1124A2A1C}) (Version: 1.0.5.0 - Electronic Arts, Inc.)
Belgium e-ID middleware 4.4.27 (build 4277) (HKLM\...\{DB942AEA-93D6-4FE4-8862-180D35A74277}) (Version: 4.4.4277 - Belgian Government)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 25.0.1.177 - Bitdefender)
Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 25.0.10.52 - Bitdefender)
Box (HKLM\...\{C1A6C984-4C0F-4C47-8DAD-5745EA8BC101}) (Version: 2.19.294 - Box, Inc.)
Cold Turkey Blocker (HKLM\...\{6498E673-B9C2-4544-A722-1E854B5B573E}_is1) (Version: 4.1 - Cold Turkey Software, Inc.)
Dabble 1.6.3 (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\544dca61-9865-5e8b-812f-c37d8d6689f2) (Version: 1.6.3 - Jacob Wright)
Epic Games Launcher (HKLM-x32\...\{FEF3A9BA-A962-4469-AD62-04839D4BB847}) (Version: 1.1.298.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{6D70A161-C29B-441B-9AA5-2ABBAB3B4B4D}) (Version: 1.1.1.0 - Epic Games, Inc.)
Excel (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
Git version 2.30.0.2 (HKLM\...\Git_is1) (Version: 2.30.0.2 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.104 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Immutable 0.13.2 (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\{6ae4b193-3f11-53fc-9cc5-14b1f1a73184}) (Version: 0.13.2 - Immutable)
Intel(R) Chipset Device Software (HKLM-x32\...\{70281077-96c3-4f75-938c-dc4746110c00}) (Version: 10.1.17903.8106 - Intel(R) Corporation)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.5.10103.7263 - Intel Corporation)
Intel(R) Graphics Driver Software (HKLM-x32\...\{2e312ef6-e0d3-4dc4-bce3-1fc8264ddb12}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{7cd4cd84-8203-4ef3-92b4-ed60c8210241}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{8a13c1a0-15ca-4939-92ea-9a745169ba28}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{b0307f85-280a-491f-8f69-4678e4100558}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{bd73e01d-c055-4533-8bc3-1f9489e66168}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{fb198756-7be7-4730-8f2e-282d5e71e412}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 17.2.0.1009 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000020-0220-1033-84C8-B8D95FA3C8C3}) (Version: 22.20.0.3 - Intel Corporation)
Killer Drivers (HKLM\...\{79D3BD20-5240-45E8-A367-2082C0DE299F}) (Version: 2.2.1460 - Rivet Networks)
Killer Ethernet Performance Driver Suite UWD (HKLM\...\{2BC138AD-0144-4B09-998B-77D25B26B1FA}) (Version: 2.0.1159 - Rivet Networks)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft Access 2016 - en-us (HKLM\...\AccessRetail - en-us) (Version: 16.0.13530.20440 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.50 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.71 - )
Microsoft Excel 2016 - en-us (HKLM\...\ExcelRetail - en-us) (Version: 16.0.13530.20440 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 12.181.137.0 - Microsoft Corporation)
Microsoft Outlook 2016 - en-us (HKLM\...\OutlookRetail - en-us) (Version: 16.0.13530.20440 - Microsoft Corporation)
Microsoft PowerPoint 2016 - en-us (HKLM\...\PowerPointRetail - en-us) (Version: 16.0.13530.20440 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.26.28720 (HKLM-x32\...\{7d607fb4-7e28-4c7a-a92f-3fcdaf555faf}) (Version: 14.26.28720.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.26.28720 (HKLM-x32\...\{86380aef-fd23-4fc3-8723-a98ccad8f2c6}) (Version: 14.26.28720.3 - Microsoft Corporation)
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.52.1 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.18.1111.805 - Microsoft Corporation)
Microsoft Word 2016 - en-us (HKLM\...\WordRetail - en-us) (Version: 16.0.13530.20440 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Node.js (HKLM\...\{70453304-793B-4FAB-A673-FB14AF816C9B}) (Version: 14.15.4 - Node.js Foundation)
NordVPN (HKLM\...\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 6.33.10.0 - TEFINCOM S.A.)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
NordVPN network TUN (HKLM\...\{BD0E4F38-D3F6-452D-A32E-B14D721839AC}) (Version: 1.0.1 - NordVPN)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden
NVIDIA FrameView SDK 1.1.4923.29214634 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29214634 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.20.5.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.5.70 - NVIDIA Corporation)
NVIDIA Graphics Driver 461.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 461.09 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NVIDIA USBC Driver 1.46.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.46.831.832 - NVIDIA Corporation)
NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 25.0.8 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13530.20440 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13530.20440 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13530.20440 - Microsoft Corporation) Hidden
OptaneDowngradeGuard (HKLM\...\{86B0E6C1-32E0-42CC-BC4F-BF3C0730CECB}) (Version: 18.0.0.0 - Intel Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.5.90.46284 - Electronic Arts, Inc.)
Outlook (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)
Paradox Launcher v2 (HKLM\...\{A92DB5D9-A24D-4678-9F91-B4FA6D895718}) (Version: 2.0.4.0 - Paradox Interactive)
Plex Media Server (HKLM-x32\...\{4a5565be-c707-413a-baa1-d5eccde17706}) (Version: 1.21.1.3876 - Plex, Inc.)
Plex Media Server (HKLM-x32\...\{83F0AA15-A6F5-499C-B5D1-34F7780DE904}) (Version: 1.21.1876 - Plex, Inc.) Hidden
PowerPoint (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
PredatorSense Service (HKLM\...\{8D399C7A-8693-4BDE-9D22-D43CBB8BBF62}) (Version: 3.00.3136 - Acer Incorporated)
Python 3.9.1 (64-bit) (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\{b2be55ad-3177-42aa-a6c2-53004684e4ea}) (Version: 3.9.1150.0 - Python Software Foundation)
Python 3.9.1 Add to Path (64-bit) (HKLM\...\{5AD5ED9C-14D1-4CFA-B4B1-A02CE8916D9F}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Core Interpreter (64-bit) (HKLM\...\{1C00F581-D5BF-491E-B1BB-72AA3A2250E5}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Development Libraries (64-bit) (HKLM\...\{27AD952D-DD9D-4AAC-B486-8AA601BFA064}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Documentation (64-bit) (HKLM\...\{5CB3AEED-BB03-47E2-BFF1-0CA58C236895}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Executables (64-bit) (HKLM\...\{71A9F41D-A865-46D4-A650-B210150DEF2A}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 pip Bootstrap (64-bit) (HKLM\...\{EF2B9385-6453-4702-9584-21BA8288D157}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Standard Library (64-bit) (HKLM\...\{5DD5C023-790B-4F1B-9B1B-8D1BC48F3057}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Tcl/Tk Support (64-bit) (HKLM\...\{414B5372-24FD-4302-8090-B9CE5564A6DD}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Test Suite (64-bit) (HKLM\...\{A7EC4DEB-8ABD-471D-BB5B-E579EBC9B043}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Utility Scripts (64-bit) (HKLM\...\{47A9647A-A576-4751-9C37-D32EB70285A3}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{FFC95928-6A14-4FB3-8D73-7A62382F66AC}) (Version: 3.9.7280.0 - Python Software Foundation)
REDlauncher (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\{7258BA11-600C-430E-A759-27E2C691A335}-REDlauncher_is1) (Version: - GOG.com)
RogueKiller version 14.8.4.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 14.8.4.0 - Adlice Software)
RstDowngradeGuard (HKLM\...\{13C2A26E-7AD4-4D82-BB4F-DEA6E871B958}) (Version: 18.0.0.0 - Intel Corporation) Hidden
Slack (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\slack) (Version: 4.12.2 - Slack Technologies Inc.)
STAR WARS™ Battlefront™ II (HKLM-x32\...\{8a882ce0-0c0b-4eb2-850c-28ebadab4f50}) (Version: 1.1.8.16162 - Electronic Arts)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stopping Plex (HKLM-x32\...\{2DEE500C-6080-45ED-90B0-17C666DB4B6C}) (Version: 1.21.1876 - Plex, Inc.) Hidden
uTorrent Web (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\utweb) (Version: 1.1.3 - BitTorrent, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Windows SDK AddOn (HKLM-x32\...\{1E76DFA7-96F3-4281-8E41-8A226C3E42EE}) (Version: 10.1.0.0 - Microsoft Corporation)
WinRAR 5.90 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.90.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\ZoomUMX) (Version: 5.2.0 (42619.0804) - Zoom Video Communications, Inc.)

Packages:
=========
Ganache -> C:\Program Files\WindowsApps\GanacheUI_2.5.4.0_x64__5dg5pnz03psnj [2021-01-21] (Truffle)
Killer Control Center -> C:\Program Files\WindowsApps\RivetNetworks.KillerControlCenter_2.1.2925.0_x64__rh07ty8m5nkag [2020-05-27] (Rivet Networks LLC) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-05-28] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-05-28] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.959.0_x64__56jybvy8sckqj [2021-01-08] (NVIDIA Corp.)
PredatorSense_V30 -> C:\Program Files\WindowsApps\AcerIncorporated.PredatorSenseV30_3.0.3136.0_x64__48frkmn4z8aw4 [2020-05-29] (Acer Incorporated)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.9.214.0_x64__dt26b99r8h8gj [2020-05-27] (Realtek Semiconductor Corp)
Waves MaxxAudio For Acer -> C:\Program Files\WindowsApps\WavesAudio.20761030F5EAC_1.0.67.0_x64__fh4rh281wavaa [2020-05-27] (Waves Audio)
Windows Terminal -> C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.4.3243.0_x64__8wekyb3d8bbwe [2021-01-24] (Microsoft Corporation) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1889391155-3959138193-832358570-1001_Classes\CLSID\{220d4c62-e55b-4ba8-8a2a-4893f134b062}\localserver32 -> C:\Program Files\Cold Turkey\Cold Turkey Blocker.exe (Cold Turkey Software, Inc. -> Cold Turkey Software Inc.)
CustomCLSID: HKU\S-1-5-21-1889391155-3959138193-832358570-1001_Classes\CLSID\{4E519A5C-D30A-4057-822B-80000AE06C3B}\localserver32 -> C:\Windows\System32\DriverStore\FileRepository\wavesapo77ac.inf_amd64_b71853ad38306f1c\WavesSvc64.exe (Waves Inc -> Waves Audio Ltd.)
SSODL: CallbackTechMountNotificator-cbfsconnect2017 - {E0B5A2AD-5A60-43C1-8657-B6E698942300} - C:\Windows\system32\cbfsconnectMntNtf2017.dll (Callback Technologies, Inc. -> Callback Technologies, Inc.)
SSODL-x32: CallbackTechMountNotificator-cbfsconnect2017 - {E0B5A2AD-5A60-43C1-8657-B6E698942300} - C:\Windows\SysWOW64\cbfsconnectMntNtf2017.dll (Callback Technologies, Inc. -> Callback Technologies, Inc.)
ShellServiceObjects: Virtual Storage Mount Notification -> {E0B5A2AD-5A60-43C1-8657-B6E698942300} => C:\Windows\system32\cbfsconnectMntNtf2017.dll [2019-10-07] (Callback Technologies, Inc. -> Callback Technologies, Inc.)
ShellServiceObjects-x32: Virtual Storage Mount Notification -> {E0B5A2AD-5A60-43C1-8657-B6E698942300} => C:\Windows\SysWOW64\cbfsconnectMntNtf2017.dll [2019-10-07] (Callback Technologies, Inc. -> Callback Technologies, Inc.)
ShellIconOverlayIdentifiers: [ BoxAvailableOffline] -> {8D0A4E1B-C25A-4AF8-8DA7-531929C02958} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [ BoxLocked] -> {1B927815-D431-48B1-A746-6FF91FB35431} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [ BoxLockedByOther] -> {73C8BC94-4A51-413B-B927-829449EAFA75} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [ BoxProblem] -> {8BBBCFB6-60E2-4C0F-BB31-10434068E2BE} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [ BoxSynced] -> {04B9BDFA-0C53-4F36-A77F-51F53E3EF3EC} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [ BoxSyncing] -> {2FFF193C-5891-4B26-B363-40D3B5257FE9} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers-x32: [ BoxAvailableOffline] -> {8D0A4E1B-C25A-4AF8-8DA7-531929C02958} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers-x32: [ BoxLocked] -> {1B927815-D431-48B1-A746-6FF91FB35431} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers-x32: [ BoxLockedByOther] -> {73C8BC94-4A51-413B-B927-829449EAFA75} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers-x32: [ BoxProblem] -> {8BBBCFB6-60E2-4C0F-BB31-10434068E2BE} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers-x32: [ BoxSynced] -> {04B9BDFA-0C53-4F36-A77F-51F53E3EF3EC} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers-x32: [ BoxSyncing] -> {2FFF193C-5891-4B26-B363-40D3B5257FE9} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ContextMenuHandlers1: [PeContextMenuExtension] -> {098A124A-AA1C-38C8-A65E-D1199A14516A} => C:\Program Files (x86)\Common Files\Wondershare\PDFelement\AddIns\PEShellExt_x64.dll [2020-09-28] (Wondershare Technology Co.,Ltd -> Wondershare)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-01-25] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvaci.inf_amd64_5691fa6e0332f879\nvshext.dll [2021-01-04] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-01-25] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm --app-url=hxxps://excel.office.com/
ShortcutWithArgument: C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb --app-url=hxxps://outlook.com/
ShortcutWithArgument: C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf --app-url=hxxps://powerpoint.office.com/

==================== Loaded Modules (Whitelisted) =============

2021-01-19 08:10 - 2017-11-01 20:58 - 001537024 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Cold Turkey\x64\SQLite.Interop.dll
2020-11-08 18:30 - 2020-11-08 18:30 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2020-11-08 18:30 - 2020-11-08 18:30 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2020-11-08 18:30 - 2020-11-08 18:30 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2021-01-22 08:33 - 2020-11-08 18:30 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2021-01-22 08:33 - 2020-11-08 18:30 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2021-01-22 08:33 - 2020-11-08 18:30 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2021-01-22 08:33 - 2020-11-08 18:30 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2021-01-22 08:33 - 2020-11-08 18:30 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2021-01-22 08:33 - 2020-11-08 18:30 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-1889391155-3959138193-832358570-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://google.com/
BHO: Bitdefender Trackers Blocking -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:\Program Files\Bitdefender\Bitdefender Security\bdtbie.dll [2020-11-13] (Bitdefender SRL -> Bitdefender)
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2020-11-13] (Bitdefender SRL -> Bitdefender)
BHO-x32: Bitdefender Trackers Blocking -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:\Program Files\Bitdefender\Bitdefender Security\antispam32\bdtbie.dll [2020-11-13] (Bitdefender SRL -> Bitdefender)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2020-11-13] (Bitdefender SRL -> Bitdefender)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2020-11-13] (Bitdefender SRL -> Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2020-11-13] (Bitdefender SRL -> Bitdefender)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 08:49 - 2021-01-25 22:17 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Python39\Scripts\;C:\Python39\;C:\Python38\Scripts\;C:\Python38\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\ProgramData\chocolatey\bin;C:\Program Files\Git LFS;C:\Program Files\nodejs\;C:\Program Files\Git\cmd
HKU\S-1-5-21-1889391155-3959138193-832358570-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: NordVPN LightWeight Firewall -> NordLwf (enabled)
WiFi: NordVPN LightWeight Firewall -> NordLwf (enabled)
Ethernet 2: NordVPN LightWeight Firewall -> NordLwf (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==
 

TDMoor

Posts: 36   +0
==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{4691B83A-E942-4A92-A86E-C95F6A5C08D0}C:\users\predator\appdata\local\programs\immutable-launcher\immutable.exe] => (Allow) C:\users\predator\appdata\local\programs\immutable-launcher\immutable.exe (FUEL GAMES PTY LTD -> Immutable)
FirewallRules: [TCP Query User{A68D2B54-07D1-4507-8AAE-936DD073C938}C:\users\predator\appdata\local\programs\immutable-launcher\immutable.exe] => (Allow) C:\users\predator\appdata\local\programs\immutable-launcher\immutable.exe (FUEL GAMES PTY LTD -> Immutable)
FirewallRules: [{5AC84A4A-AF6E-4E99-BE9C-63AD921E70B8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{35AD696D-F172-4A04-935C-8CFD7D0556D8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{2DE182D3-5804-4B94-AE5B-6831B130692F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RimWorld\RimWorldWin64.exe () [File not signed]
FirewallRules: [{5AE80C86-5829-4376-ACE2-C927E3CC022D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RimWorld\RimWorldWin64.exe () [File not signed]
FirewallRules: [{A221BEDA-5AC1-48D0-8A61-8A07535951B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed]
FirewallRules: [{76A9B99B-ED05-4968-8A80-4EB6C411BF4B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed]
FirewallRules: [{A297773B-2450-4240-91B1-E620FFD9ABDA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{D77D211B-51D3-4892-AC4F-93D9668C00A3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{77A85CBC-CBB1-4648-B3E3-5107CA8D4B6E}] => (Allow) C:\Program Files\Acer\PredatorSense Service\PSMobile.exe (Acer Incorporated -> Acer Incorporated)
FirewallRules: [{C39684F0-0C2E-4997-9632-64C8A0BF5BC7}] => (Allow) LPort=1688
FirewallRules: [{23BEE4BC-57FF-4DA7-90CE-596458857A3B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{53A220CD-2F57-41FD-9DFE-4654DE30539A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{16827971-00BA-4101-8016-1065CAA56CDE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [{0878BBEC-6A36-4133-B240-53B05A7893A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [{04D721C8-E162-4CB1-9EE4-4406CD8ED208}] => (Allow) C:\Users\Predator\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{E520C0C9-EBBC-476C-8B54-2B3E792A33EB}] => (Allow) C:\Users\Predator\AppData\Roaming\uTorrent Web\utweb.exe (Jenkins Win Client Build CA -> BitTorrent Inc.) [File not signed]
FirewallRules: [{707F8CDA-3444-4054-B1F7-3D1889B042E2}] => (Allow) C:\Users\Predator\AppData\Roaming\uTorrent Web\utweb.exe (Jenkins Win Client Build CA -> BitTorrent Inc.) [File not signed]
FirewallRules: [TCP Query User{59F05CC7-B590-455A-89A9-93F699E599EA}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{3D0A8F2F-F33F-45DF-AF78-164066464E4A}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{C0827ACE-9708-41E4-8C2E-3DBC09CDAF97}C:\users\predator\appdata\roaming\utorrent web\utweb.exe] => (Allow) C:\users\predator\appdata\roaming\utorrent web\utweb.exe (Jenkins Win Client Build CA -> BitTorrent Inc.) [File not signed]
FirewallRules: [UDP Query User{9425FF70-3FB5-4FD4-8A53-D45722910214}C:\users\predator\appdata\roaming\utorrent web\utweb.exe] => (Allow) C:\users\predator\appdata\roaming\utorrent web\utweb.exe (Jenkins Win Client Build CA -> BitTorrent Inc.) [File not signed]
FirewallRules: [{4D000003-5E6F-469E-8631-45D67B5381A8}] => (Allow) LPort=5556
FirewallRules: [{A218392C-2D4D-4D18-9D37-FD1E21D5FC74}] => (Allow) LPort=5558
FirewallRules: [{FC21407D-FDDD-4BEF-993C-D1E527D375C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Noita\noita.exe () [File not signed]
FirewallRules: [{5900202B-4B0B-40BA-9C0E-679B4B80249D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Noita\noita.exe () [File not signed]
FirewallRules: [{CB642A24-BE88-4508-B615-BA67907B5A04}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3744750E-62ED-4E11-A0B8-9CE16A335CE3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F9B1B90C-7E30-48CD-AFB2-A0AB5C34CF1B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{9515CEA7-7D38-4141-9993-875645BA41D2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{05E213DC-9D30-4D24-B94B-4396481EA4A4}] => (Allow) D:\SteamLibrary\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{1BF4B660-5576-405D-9697-77DEA6D1F498}] => (Allow) D:\SteamLibrary\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{430F94D4-4A80-461E-A5D0-560E852CC73B}] => (Allow) C:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{17343607-9A23-4D65-8F93-7F7CDBFBD1EA}] => (Allow) C:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{0136B642-4A42-4D68-9E6C-BB2BB338B29A}] => (Allow) D:\SteamLibrary\steamapps\common\Frostpunk\Frostpunk.exe (Marek Ziemak -> 11 bit studios S.A.)
FirewallRules: [{DDF5C115-054B-4042-9CC9-869696E37C20}] => (Allow) D:\SteamLibrary\steamapps\common\Frostpunk\Frostpunk.exe (Marek Ziemak -> 11 bit studios S.A.)
FirewallRules: [{B4E2CD39-0C62-467B-B29A-C9EC1F69DFA4}] => (Allow) D:\SteamLibrary\steamapps\common\Risk of Rain 2\Risk of Rain 2.exe () [File not signed]
FirewallRules: [{CEC25D48-DE11-41B0-B340-5AC78125697B}] => (Allow) D:\SteamLibrary\steamapps\common\Risk of Rain 2\Risk of Rain 2.exe () [File not signed]
FirewallRules: [{919FF8F5-EE4C-48EB-8E52-A966F393C67C}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x64\Hades.exe () [File not signed]
FirewallRules: [{B53A6CA0-6B55-4B41-AB38-36EF666710C2}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x64\Hades.exe () [File not signed]
FirewallRules: [{477081A5-2536-4021-AE0A-9CE82BE8CCC4}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x64Vk\Hades.exe () [File not signed]
FirewallRules: [{7739B2FB-C548-4C86-BFDA-C4D3DE1032CB}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x64Vk\Hades.exe () [File not signed]
FirewallRules: [{4AEDDCED-CA5C-4710-80E7-56CF5A03B816}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x86\Hades.exe () [File not signed]
FirewallRules: [{2A892D41-A607-42A3-980E-6FA7596C313C}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x86\Hades.exe () [File not signed]
FirewallRules: [{5F79DD4B-C8ED-4EC0-8B9E-59FC9CFB2B7B}] => (Allow) D:\SteamLibrary\steamapps\common\Cyberpunk 2077\REDprelauncher.exe (GOG Sp. z o.o. -> GOG.com)
FirewallRules: [{A1DEF92D-6B1B-4AA4-9450-7454CF9DE8C3}] => (Allow) D:\SteamLibrary\steamapps\common\Cyberpunk 2077\REDprelauncher.exe (GOG Sp. z o.o. -> GOG.com)
FirewallRules: [TCP Query User{80DFDF74-D9F2-4DCA-9D3C-9A18116B9276}D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [UDP Query User{BA79B7DC-F04A-43F6-94C3-830EAEE4CB8E}D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [{152AE6EA-7CDE-40F7-A6BA-BC8C50D2EF02}] => (Allow) D:\SteamLibrary\steamapps\common\OxygenNotIncluded\OxygenNotIncluded.exe () [File not signed]
FirewallRules: [{F19D12E7-EFC2-4097-B951-86EBFD2936BB}] => (Allow) D:\SteamLibrary\steamapps\common\OxygenNotIncluded\OxygenNotIncluded.exe () [File not signed]
FirewallRules: [{0A73930D-97CB-431C-BD9C-EC7888A4048F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{50D43171-131F-48C1-AB3A-19E2F016A731}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CFBBAA07-A265-42D6-9391-9F1A51522F68}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{61ED058C-9686-4C1B-B8AE-3FBCA8D9E10E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{438AE6F0-5DD7-4367-91AD-D93805C31C08}] => (Allow) D:\SteamLibrary\steamapps\common\Hollow Knight\hollow_knight.exe () [File not signed]
FirewallRules: [{F9E07F44-D1D5-490D-A26D-5EF899558ABC}] => (Allow) D:\SteamLibrary\steamapps\common\Hollow Knight\hollow_knight.exe () [File not signed]
FirewallRules: [{5CA2BC43-98BF-462F-AADF-DE0AE5210CC2}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{7124117D-B6DE-40A4-A372-E6701EA6AFFE}D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [UDP Query User{CE094F67-C96D-4399-B207-14C796437F8E}D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [{AFC61512-A706-43A6-8994-2316D89083D0}] => (Allow) D:\OriginLibrary\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{9D5975D6-0401-4B32-83AA-99F8BDC2D475}] => (Allow) D:\OriginLibrary\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{7301FD69-0D6D-4B7A-A3C5-2C3D6A5A6703}] => (Allow) D:\OriginLibrary\STAR WARS Battlefront II\starwarsbattlefrontii.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{F61294EE-DD20-45DD-AB8F-E99F325B17E9}] => (Allow) D:\OriginLibrary\STAR WARS Battlefront II\starwarsbattlefrontii.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{8DE05D07-4B21-4E7D-B6BF-D92891660650}] => (Allow) C:\Program Files\Cold Turkey\Cold Turkey Blocker.exe (Cold Turkey Software, Inc. -> Cold Turkey Software Inc.)
FirewallRules: [{445BDBA8-C704-47E1-9D51-39F7E7BC07C5}] => (Allow) C:\Program Files\Cold Turkey\Cold Turkey Blocker.exe (Cold Turkey Software, Inc. -> Cold Turkey Software Inc.)
FirewallRules: [{8BCDBD85-3201-40F7-84CB-08AC6871BF56}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [{D03F056E-E411-49B0-9E08-382AC54F1D8A}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe (Plex, Inc. -> Python Software Foundation)
FirewallRules: [{6343A0F3-8581-4E78-B163-60604BF38CF6}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [{2CEF015F-4598-40CA-BA41-702E14325BA2}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe (Plex, Inc. -> )
FirewallRules: [{5136DDC4-EEEB-4636-88B1-432DD1BC4C48}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/25/2021 10:58:56 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-01-26T11:17:56Z. Error Code: 0x80070002.

Error: (01/25/2021 10:58:26 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-01-26T11:18:26Z. Error Code: 0x80070002.

Error: (01/25/2021 10:57:56 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-01-26T11:17:56Z. Error Code: 0x80070002.

Error: (01/25/2021 10:57:26 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-01-26T11:18:26Z. Error Code: 0x80070002.

Error: (01/25/2021 10:56:56 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-01-26T11:17:56Z. Error Code: 0x80070002.

Error: (01/25/2021 10:56:26 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-01-26T11:18:26Z. Error Code: 0x80070002.

Error: (01/25/2021 10:55:56 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-01-26T11:17:56Z. Error Code: 0x80070002.

Error: (01/25/2021 10:55:26 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-01-26T11:18:26Z. Error Code: 0x80070002.


System errors:
=============
Error: (01/25/2021 07:22:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Epic Online Services service terminated unexpectedly. It has done this 1 time(s).

Error: (01/25/2021 03:17:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NDivert service failed to start due to the following error:
The driver was not loaded because it failed its initialization call.

Error: (01/25/2021 03:16:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The nordvpn-service service terminated unexpectedly. It has done this 2 time(s).

Error: (01/25/2021 03:16:42 PM) (Source: DCOM) (EventID: 10010) (User: PIXELATOR)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (01/25/2021 03:16:42 PM) (Source: DCOM) (EventID: 10010) (User: PIXELATOR)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (01/25/2021 07:06:25 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelIHVRouter08.dll

Error: (01/25/2021 07:06:25 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelIHVRouter08.dll

Error: (01/24/2021 09:46:30 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelIHVRouter08.dll


Windows Defender:
===================================
Date: 2021-01-20 09:30:02.5710000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {ACC5F2B3-B00C-478D-A291-D9A28D85F5ED}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-19 10:04:26.6460000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {AB40B445-6CC2-4D1E-8F04-1E2DD3D5042A}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-17 09:10:26.9690000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {C24E8599-FAA4-4C9D-B221-D350EC0AAE07}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-16 09:08:17.4710000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {D289753A-EFF4-4CFC-8FAB-0CA89AD70978}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-15 09:32:21.9780000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {7DD587C2-D05C-4325-8C36-59D4A51F0C05}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-15 19:37:57.3500000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.2223.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070422
Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Date: 2021-01-08 20:25:17.8380000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.1856.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070422
Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Date: 2021-01-08 15:27:25.7810000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.1856.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070422
Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Date: 2021-01-04 17:29:30.7480000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.1624.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070422
Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Date: 2020-12-31 17:00:07.0980000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.1388.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070422
Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

CodeIntegrity:
===================================

Date: 2021-01-25 21:38:32.6190000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume6\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-25 21:38:32.6100000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume6\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-25 21:38:32.5990000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume6\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-25 21:38:32.5890000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume6\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-25 21:38:32.5760000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume6\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-25 21:38:27.1900000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume6\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-25 21:38:27.1780000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume6\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-25 21:38:27.1680000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume6\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

BIOS: Insyde Corp. V1.12 07/28/2020
Motherboard: CFL Covini_CFS
Processor: Intel(R) Core(TM) i7-9750H CPU @ 2.60GHz
Percentage of memory in use: 39%
Total physical RAM: 16223.24 MB
Available physical RAM: 9822.53 MB
Total Virtual: 17247.24 MB
Available Virtual: 9255.73 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:237.94 GB) (Free:40.07 GB) NTFS
Drive d: () (Fixed) (Total:930.88 GB) (Free:458.68 GB) NTFS

\\?\Volume{90bd557f-eeda-40df-98c9-c824fee5f592}\ (Recovery) (Fixed) (Total:0.52 GB) (Free:0.5 GB) NTFS
\\?\Volume{98cfbf4c-e03e-4864-80a9-3d9498080616}\ () (Fixed) (Total:0.52 GB) (Free:0.07 GB) NTFS
\\?\Volume{7291a17b-e9c8-4205-9de3-6c4c29d9a227}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
\\?\Volume{52e5fb0b-a7aa-11ea-b395-50e085ba1633}\ (Box) (Network) (Total:237.94 GB) (Free:40.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: AC8C3942)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 238.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================
 

Broni

Posts: 55,721   +501
It looks good now :)

Last scans....

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 

TDMoor

Posts: 36   +0
Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
Malwarebytes
Bitdefender Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamtray.exe
Bitdefender Bitdefender Security bdservicehost.exe
Bitdefender Agent ProductAgentService.exe
Bitdefender Bitdefender Security updatesrv.exe
Bitdefender Bitdefender Security bdntwrk.exe
Common Files Bitdefender SetupInformation Bitdefender RedLine\bdredline.exe
Bitdefender Agent DiscoverySrv.exe
Bitdefender Bitdefender Security bdwtxag.exe
Bitdefender Bitdefender Security bdagent.exe
Bitdefender Bitdefender Security bdtrackersnmh.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Farbar Service Scanner Version: 23-12-2020
Ran by Predator (administrator) on 25-01-2021 at 23:09:26
Running from "C:\Users\Predator\OneDrive\Desktop"
Microsoft Windows 10 Enterprise (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Windows Security:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\SecurityHealthService.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 

TDMoor

Posts: 36   +0
While I wait for the Sophos Virus Removal tool to finish its scan, I'll ask the following: assuming everything's okay now, and I'm guessing it is, which cybersecurity/malware programs do you recommend I keep installed or newly install so my laptop stays protected?

Otherwise, thank you so so much for your wonderful help!
 

Broni

Posts: 55,721   +501
You're very welcome
file.php


I really don't recommend anything, because I think computer's security mostly depends on the owner habits.
If you're not careful, there is no security program which is gonna help you.
On the other hand, even if you extremely careful, sometimes, things just happen.
Nobody is 100% safe, unfortunately.
 

TDMoor

Posts: 36   +0
Alright, so it's back :(. Everything was okay for much of my morning. No sign of the malware when I went to bed and no sign of it when I woke up.

But just now, my laptop's connection to the wifi briefly turned on and off, so I became suspicious and checked my proxy settings. There it was again, setup script toggled with the same IP value. Now my laptop's connection to my wifi occasionally flickers. It turns off briefly and then turns back on. BitDefender also notifies me of a suspicious connection again.

I hadn't been doing anything suspicious. The only thing I'd done was uninstall some of the programs I'd installed to fix this (Sopos, Malwarebytes, Roguekiller). I'd also installed a few Chrome plugins: MetaMask, Lastpass, Toggl, Grammarly, and I had enabled Chrome Sync again. Everything was still okay after I'd done this. I was writing an article online when my laptop's connection to the wifi flickered.

So it seems the fixlist.txt and other scans didn't remove the root of the problem. Any suggestions? Remove it as we did before and then change SSID/pw of my router perhaps?
 
Last edited:

TDMoor

Posts: 36   +0
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-01-2021 01
Ran by Predator (administrator) on PIXELATOR (Acer Predator PH315-52) (26-01-2021 09:46:08)
Running from C:\Users\Predator\OneDrive\Desktop
Loaded Profiles: Predator
Platform: Windows 10 Enterprise Version 20H2 19042.746 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\DiscoverySrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdntwrk.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe <3>
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdtrackersnmh.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
(Box, Inc. -> Box, Inc.) C:\Program Files\Box\Box\Box.Desktop.UpdateService.exe
(Box, Inc. -> Box, Inc.) C:\Program Files\Box\Box\Box.exe
(Box, Inc. -> Box, Inc.) C:\Program Files\Box\Box\FS\streem.exe
(Box, Inc. -> Box, Inc.) C:\Program Files\Box\Box\UI\BoxUI.exe
(Cold Turkey Software, Inc. -> ) C:\Program Files\Cold Turkey\ServiceHub.Helper.exe
(Cold Turkey Software, Inc. -> ) C:\Program Files\Cold Turkey\ServiceHub.Power.exe
(Cold Turkey Software, Inc. -> Cold Turkey Software Inc.) C:\Program Files\Cold Turkey\Cold Turkey Blocker.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Flexera Software LLC -> InstallShield Software Corporation) [File not signed] C:\Program Files (x86)\Common Files\installshield\engine\8\intel 32\iKernel.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <27>
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_d52c63e0e1c02c96\jhi_service.exe
(Intel(R) Extreme Tuning Utility -> Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b578901fbed94a8e\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b578901fbed94a8e\igfxEM.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_3d18534d52d73f63\OneApp.IGCC.WinService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_6c4c2066b430f3ad\IntelCpHDCPSvc.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_6c4c2066b430f3ad\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_42f9d9bfb72d84cf\RstMwService.exe
(Intel(R) Trust Services -> Intel(R) Corporation) C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_e3f9b958faa255f1\lib\TPMProvisioningService.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\pacjsworker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvaci.inf_amd64_5691fa6e0332f879\Display.NvContainer\NVDisplay.Container.exe <2>
(Plex, Inc. -> Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(Rivet Networks LLC -> Rivet Networks LLC) C:\Windows\System32\drivers\RivetNetworks\Killer\xTendUtility.exe
(Rivet Networks LLC -> Rivet Networks) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe
(Rivet Networks LLC -> Rivet Networks, LLC.) C:\Windows\System32\drivers\RivetNetworks\Killer\xTendUtilityService.exe
(Rivet Networks LLC) C:\Program Files\WindowsApps\RivetNetworks.KillerControlCenter_2.1.2925.0_x64__rh07ty8m5nkag\KillerControlCenter_v2\KillerControlCenter.exe
(Slack Technologies, Inc. -> Slack Technologies Inc.) C:\Users\Predator\AppData\Local\slack\app-4.12.2\slack.exe <7>
(TEFINCOM S.A. -> TEFINCOM S.A.) C:\Program Files\NordVPN\nordvpn-service.exe
(Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo77ac.inf_amd64_b71853ad38306f1c\WavesSvc64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo77ac.inf_amd64_b71853ad38306f1c\WavesSysSvc64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1082592 2020-02-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo77ac.inf_amd64_b71853ad38306f1c\WavesSvc64.exe [1597528 2019-12-23] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [Box] => C:\Program Files\Box\Box\Box.exe [6387944 2020-12-21] (Box, Inc. -> Box, Inc.)
HKLM\...\Run: [cfmon] => C:\Windows\System32\ctfmon.exe [11264 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\MountPoints2: {0dafccc4-bf41-11ea-b3a1-50e085ba1633} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-18\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [21233264 2021-01-05] (Plex, Inc. -> Plex, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\88.0.4324.104\Installer\chrmstp.exe [2021-01-25] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {11810E54-6E06-4D99-BACE-B4746BEB1B98} - System32\Tasks\Power_a17007 => C:\Program Files\Cold Turkey\CTServiceInstaller.exe [20224 2021-01-10] (Cold Turkey Software, Inc. -> Cold Turkey Software Inc.)
Task: {4ED77466-76A7-4A21-8142-2B6E739FD744} - System32\Tasks\Optimize Thumbnail Cache => C:\Program Files (x86)\Common Files\installshield\engine\8\intel 32\isupdate.exe [61104 2020-09-26] (Flexera Software LLC -> InstallShield®) [File not signed]
Task: {8D1C2012-6235-4F06-B028-A6C409DCB52B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-25] (Google LLC -> Google LLC)
Task: {A42B5245-B179-4D4B-9257-DDF3D85A210B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-25] (Google LLC -> Google LLC)
Task: {A6035921-0766-4EC2-908B-95C79185BB4E} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [895080 2020-10-28] (Bitdefender SRL -> Bitdefender)
Task: {AB949040-EA4A-412A-BCF5-736D5E5FDF87} - System32\Tasks\InstallShield® Setup Engine Kernel => C:\Program Files (x86)\Common Files\installshield\engine\8\intel 32\iKernel.exe [72880 2020-10-16] (Flexera Software LLC -> InstallShield Software Corporation) [File not signed]

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\Driver Easy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings)
AutoConfigURL: [HKLM] => hxxp://127.0.0.1:86/
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{90002c76-16bd-4c5f-bf9b-fa5571ee34eb}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{cf3f026a-e4fb-46f4-b342-96e9ddaa1fda}: [DhcpNameServer] 192.168.1.1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Predator\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-26]
Edge Extension: (Cold Turkey Blocker) - C:\Users\Predator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jfphahkinplobmabmgjmjgflbhjjddeb [2021-01-19]

FireFox:
========
FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi [2020-07-16] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/wallet/updates.json ]
FF HKLM\...\Firefox\Extensions: [bdtbe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi
FF Extension: (Bitdefender Anti-tracker) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi [2020-09-17] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/antitracker/updates.json ]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2020-12-08] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
FF HKLM-x32\...\Firefox\Extensions: [bdtbe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-09-15] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-09-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default [2021-01-26]
CHR Extension: (Slides) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-01-25]
CHR Extension: (Docs) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-01-25]
CHR Extension: (Google Drive) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-01-25]
CHR Extension: (YouTube) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-01-25]
CHR Extension: (Adobe Acrobat) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-01-25]
CHR Extension: (Sheets) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-01-25]
CHR Extension: (Google Docs Offline) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-01-25]
CHR Extension: (Jon Klassen) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmgjhcokclngghkncjakaigpjhfhpoek [2021-01-25]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2021-01-25]
CHR Extension: (Grammarly for Chrome) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-01-26]
CHR Extension: (Bitdefender Anti-tracker) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\khndhdhbebhaddchcgnalcjlaekbbeof [2021-01-25]
CHR Extension: (MetaMask) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2021-01-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-25]
CHR Extension: (Toggl Track: Productivity & Time Tracker) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejgccbfbmkkpaidnkphaiaecficdnfn [2021-01-25]
CHR Extension: (Gmail) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-25]
CHR Extension: (Chrome Media Router) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-25]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl]
CHR HKLM-x32\...\Chrome\Extension: [khndhdhbebhaddchcgnalcjlaekbbeof]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
R2 BDAuxSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [803576 2020-10-02] (Bitdefender SRL -> Bitdefender)
R2 BDProtSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [803576 2020-10-02] (Bitdefender SRL -> Bitdefender)
R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2195344 2018-03-22] (Bitdefender SRL -> Bitdefender)
R2 BoxUpdateSvc; C:\Program Files\Box\Box\Box.Desktop.UpdateService.exe [98000 2020-12-21] (Box, Inc. -> Box, Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8960384 2021-01-19] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2020-10-14] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [439880 2021-01-05] (Epic Games Inc. -> Epic Games, Inc.)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [287720 2020-10-19] (NVIDIA Corporation -> NVIDIA)
R2 Killer Network Service; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe [2616424 2019-06-17] (Rivet Networks LLC -> Rivet Networks)
R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [275200 2020-10-16] (TEFINCOM S.A. -> TEFINCOM S.A.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2533952 2021-01-20] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3479112 2021-01-20] (Electronic Arts, Inc. -> Electronic Arts)
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [1427568 2021-01-05] (Plex, Inc. -> Plex, Inc.)
R2 Power_a17007; C:\Program Files\Cold Turkey\ServiceHub.Power.exe [111096 2020-11-13] (Cold Turkey Software, Inc. -> )
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1355768 2020-10-28] (Bitdefender SRL -> Bitdefender)
S3 PSSvc; C:\Program Files\Acer\PredatorSense Service\PSSvc.exe [979736 2019-10-09] (Acer Incorporated -> Acer Incorporated)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [170840 2020-11-13] (Bitdefender SRL -> Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [803576 2020-10-02] (Bitdefender SRL -> Bitdefender)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 xTendSoftAPService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\xTendSoftAPService.exe [72808 2019-06-17] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 xTendUtilityService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\xTendUtilityService.exe [72816 2019-06-17] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvaci.inf_amd64_5691fa6e0332f879\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvaci.inf_amd64_5691fa6e0332f879\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AcerAirplaneModeController; C:\WINDOWS\System32\drivers\AcerAirplaneModeController.sys [30168 2020-05-12] (Acer Incorporated -> Acer Incorporated)
R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [2151624 2020-09-16] (Bitdefender SRL -> Bitdefender S.R.L. Bucharest, ROMANIA)
R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [796200 2020-05-26] (Bitdefender SRL -> Bitdefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [22960 2019-03-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
R0 bdprivmon; C:\WINDOWS\System32\DRIVERS\bdprivmon.sys [46056 2020-01-17] (Bitdefender SRL -> © Bitdefender SRL)
R1 cbfsconnect2017; C:\Windows\system32\drivers\cbfsconnect2017.sys [480272 2019-10-07] (Microsoft Windows Hardware Compatibility Publisher -> Callback Technologies, Inc.)
R0 Gemma; C:\WINDOWS\System32\DRIVERS\gemma.sys [473608 2020-09-14] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [195232 2020-09-03] (Bitdefender SRL -> BitDefender LLC)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [57728 2021-01-21] (SurfRight B.V. -> )
R2 Ignis; C:\WINDOWS\system32\DRIVERS\ignis.sys [185312 2020-10-07] (Bitdefender SRL -> Bitdefender)
R3 KfeCoSvc; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KfeCo10X64.sys [162432 2019-06-17] (Rivet Networks LLC -> Rivet Networks, LLC.)
S2 NDivert; C:\WINDOWS\System32\drivers\NDivert.sys [101600 2020-12-29] (TEFINCOM S.A. -> )
R3 nlwt; C:\WINDOWS\System32\drivers\nlwt.sys [39360 2020-10-25] (TEFINCOM S.A. -> WireGuard LLC)
R1 nordlwf; C:\WINDOWS\system32\DRIVERS\nordlwf.sys [38608 2020-07-10] (TEFINCOM S.A. -> TEFINCOM S.A.)
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [640760 2020-06-09] (Bitdefender SRL -> Bitdefender)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-26 07:19 - 2021-01-26 07:19 - 000000000 __RDL C:\Users\Predator\Box
2021-01-25 23:16 - 2021-01-25 23:16 - 000000000 ____D C:\ProgramData\Sophos
2021-01-25 16:04 - 2021-01-25 16:04 - 000002319 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-25 16:03 - 2021-01-25 16:03 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-01-25 16:03 - 2021-01-25 16:03 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-01-25 16:03 - 2021-01-25 16:03 - 000000000 ____D C:\Program Files\Google
2021-01-25 15:17 - 2021-01-25 15:17 - 000000000 ____D C:\ProgramData\Atc
2021-01-25 07:23 - 2021-01-25 07:23 - 000085636 _____ C:\ProgramData\agent.update.1611544978.bdinstall.v2.bin
2021-01-25 07:12 - 2021-01-25 07:12 - 000000000 ____D C:\ProgramData\48C4687D-9760-4F5B-BAB3-60351B0841E4
2021-01-24 13:48 - 2021-01-26 09:46 - 000000000 ____D C:\FRST
2021-01-24 12:53 - 2021-01-24 12:53 - 000003802 _____ C:\WINDOWS\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2021-01-24 12:53 - 2021-01-24 12:53 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-24 12:53 - 2021-01-24 12:53 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-01-24 12:51 - 2021-01-24 12:51 - 000003866 _____ C:\WINDOWS\system32\Tasks\Power_a17007
2021-01-24 12:50 - 2021-01-24 12:50 - 000003430 _____ C:\WINDOWS\system32\Tasks\InstallShield® Setup Engine Kernel
2021-01-21 16:43 - 2021-01-23 12:03 - 000029734 _____ C:\Users\Predator\.babel.json
2021-01-21 16:08 - 2021-01-21 16:08 - 000000000 ____D C:\Users\Predator\AppData\Local\node-gyp
2021-01-21 15:49 - 2021-01-21 15:49 - 000000290 _____ C:\Users\Predator\.gitconfig
2021-01-21 15:49 - 2021-01-21 15:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
2021-01-21 15:49 - 2021-01-21 15:49 - 000000000 ____D C:\Program Files\Git
2021-01-21 15:38 - 2021-01-23 11:15 - 000000000 ____D C:\Users\Predator\AppData\Roaming\npm-cache
2021-01-21 15:38 - 2021-01-21 15:38 - 000000000 ____D C:\Users\Predator\.config
2021-01-21 15:37 - 2021-01-21 15:37 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Ganache
2021-01-21 15:26 - 2021-01-21 15:26 - 000000000 ____D C:\Users\Predator\AppData\Local\Package Cache
2021-01-21 15:26 - 2021-01-21 15:26 - 000000000 ____D C:\Python39
2021-01-21 15:26 - 2021-01-21 15:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.9
2021-01-21 15:25 - 2021-01-21 15:25 - 000000000 ____D C:\Users\Predator\AppData\Roaming\NuGet
2021-01-21 15:24 - 2021-01-21 15:38 - 000000000 ____D C:\Users\Predator\AppData\Roaming\npm
2021-01-21 15:24 - 2021-01-21 15:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js
2021-01-21 15:24 - 2021-01-21 15:24 - 000000000 ____D C:\Program Files\nodejs
2021-01-21 12:13 - 2021-01-21 12:13 - 000000312 _____ C:\WINDOWS\system32\.crusader
2021-01-21 12:10 - 2021-01-21 12:14 - 000057728 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2021-01-21 11:48 - 2021-01-21 12:30 - 000064959 _____ C:\WINDOWS\ZAM.krnl.trace
2021-01-21 11:48 - 2021-01-21 12:30 - 000000000 ____D C:\Users\Predator\AppData\Local\AMSDK
2021-01-21 11:48 - 2021-01-21 11:48 - 000000000 ____D C:\Users\Predator\AppData\Local\Zemana
2021-01-21 11:10 - 2021-01-21 11:12 - 000000000 ____D C:\AdwCleaner
2021-01-21 10:54 - 2021-01-21 11:04 - 000477624 _____ C:\WINDOWS\ntbtlog.txt
2021-01-21 10:54 - 2021-01-21 10:54 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2021-01-21 10:49 - 2021-01-21 10:49 - 000099608 _____ C:\ProgramData\vpn.uninstall.1611211736.bdinstall.v2.bin
2021-01-21 08:17 - 2021-01-21 08:17 - 000196800 _____ C:\ProgramData\vpn.1611202658.bdinstall.v2.bin
2021-01-21 08:10 - 2021-01-21 08:19 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2021-01-21 08:10 - 2021-01-21 08:10 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\4524E26C.sys
2021-01-21 08:10 - 2021-01-21 08:10 - 000000000 ____D C:\Program Files (x86)\Malwarebytes
2021-01-21 08:09 - 2021-01-21 08:09 - 000765208 _____ C:\ProgramData\cl.1611201876.bdinstall.v2.bin
2021-01-21 08:09 - 2021-01-21 08:09 - 000102248 _____ C:\ProgramData\cl.kit.1611201875.bdinstall.v2.bin
2021-01-21 08:09 - 2021-01-21 08:09 - 000000000 ____D C:\WINDOWS\system32\elambkup
2021-01-21 08:09 - 2021-01-21 08:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender Security
2021-01-21 08:09 - 2021-01-21 08:09 - 000000000 ____D C:\ProgramData\Gemma
2021-01-21 08:09 - 2021-01-21 08:09 - 000000000 ____D C:\ProgramData\BDLogging
2021-01-21 08:09 - 2020-09-16 13:26 - 002151624 _____ (Bitdefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\atc.sys
2021-01-21 08:09 - 2020-09-14 14:26 - 000473608 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\gemma.sys
2021-01-21 08:09 - 2020-05-26 13:23 - 000796200 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bddci.sys
2021-01-21 08:09 - 2020-01-17 02:03 - 000046056 _____ (© Bitdefender SRL) C:\WINDOWS\system32\Drivers\bdprivmon.sys
2021-01-21 08:09 - 2019-03-21 00:12 - 000022960 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
2021-01-21 08:08 - 2021-01-21 10:54 - 000000000 ____D C:\Program Files\Bitdefender
2021-01-21 08:08 - 2021-01-21 09:14 - 000000000 ____D C:\ProgramData\Bitdefender
2021-01-21 08:08 - 2021-01-21 08:08 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Bitdefender
2021-01-21 08:08 - 2020-10-07 11:30 - 000185312 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\ignis.sys
2021-01-21 08:08 - 2020-09-03 05:20 - 000195232 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2021-01-21 08:08 - 2020-06-09 17:13 - 000640760 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\trufos.sys
2021-01-21 08:04 - 2021-01-21 08:08 - 000000000 ____D C:\Program Files\Common Files\Bitdefender
2021-01-21 07:55 - 2021-01-25 07:23 - 000000000 ____D C:\Program Files\Bitdefender Agent
2021-01-21 07:55 - 2021-01-21 07:55 - 000117564 _____ C:\ProgramData\agent.1611201317.bdinstall.v2.bin
2021-01-21 07:55 - 2021-01-21 07:55 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2021-01-21 07:51 - 2021-01-21 07:51 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000025-000000.txt
2021-01-21 07:48 - 2021-01-21 08:10 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-01-20 22:21 - 2021-01-20 22:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2021-01-20 14:45 - 2021-01-20 14:45 - 000001425 _____ C:\WINDOWS\system32\default_error_stack-000024-000000.txt
2021-01-20 14:45 - 2021-01-20 14:45 - 000000000 ____D C:\WINDOWS\Panther
2021-01-19 08:10 - 2021-01-26 09:48 - 000000000 ____D C:\ProgramData\Cold Turkey
2021-01-19 08:10 - 2021-01-19 08:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cold Turkey Software
2021-01-19 08:10 - 2021-01-19 08:10 - 000000000 ____D C:\Program Files\Cold Turkey
2021-01-18 07:29 - 2021-01-18 07:29 - 000001425 _____ C:\WINDOWS\system32\default_error_stack-000023-000000.txt
2021-01-18 07:08 - 2021-01-18 07:10 - 000000000 ____D C:\Users\Predator\OneDrive\Documents\STAR WARS Battlefront II
2021-01-18 07:08 - 2021-01-18 07:08 - 000000000 ____D C:\Users\Predator\AppData\Local\STAR WARS Battlefront II
2021-01-13 13:25 - 2021-01-13 13:25 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000022-000000.txt
2021-01-13 12:53 - 2021-01-13 12:53 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 001162240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-01-13 12:53 - 2021-01-13 12:53 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-13 12:53 - 2021-01-13 12:53 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-13 12:53 - 2021-01-13 12:53 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-13 12:53 - 2021-01-13 12:53 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-13 12:53 - 2021-01-13 12:53 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000467968 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-13 12:53 - 2021-01-13 12:53 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-13 12:53 - 2021-01-13 12:53 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-13 12:53 - 2021-01-13 12:53 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-13 12:53 - 2021-01-13 12:53 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-01-13 12:53 - 2021-01-13 12:53 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-01-13 12:53 - 2021-01-13 12:53 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-13 12:53 - 2021-01-13 12:53 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-13 12:53 - 2021-01-13 12:53 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-13 12:53 - 2021-01-13 12:53 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000010894 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-01-13 12:52 - 2021-01-13 12:52 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-13 12:52 - 2021-01-13 12:52 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-01-13 12:52 - 2021-01-13 12:52 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-01-13 12:52 - 2021-01-13 12:52 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-01-08 20:11 - 2021-01-04 18:49 - 001855192 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-01-08 20:11 - 2021-01-04 18:49 - 001855192 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-01-08 20:11 - 2021-01-04 18:49 - 001435864 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-01-08 20:11 - 2021-01-04 18:49 - 001435864 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-01-08 20:11 - 2021-01-04 18:49 - 000948952 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-01-08 20:11 - 2021-01-04 18:49 - 000948952 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-01-08 20:11 - 2021-01-04 18:48 - 001454488 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-01-08 20:11 - 2021-01-04 18:48 - 001193880 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-01-08 20:11 - 2021-01-04 18:48 - 001094880 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-01-08 20:11 - 2021-01-04 18:48 - 001094880 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 001512856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 001165720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 000690072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2021-01-08 20:11 - 2021-01-04 18:46 - 000680856 _____ C:\WINDOWS\system32\nvofapi64.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 000673688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 000610712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 000559000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 000548248 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 008262552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 007393176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 004612504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 002731928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 002104216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 001589144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 000813976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 000657816 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 000447384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2021-01-08 20:11 - 2021-01-04 18:44 - 000850840 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2021-01-08 20:11 - 2021-01-04 18:43 - 006071032 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2021-01-08 20:11 - 2020-12-31 18:01 - 000084159 _____ C:\WINDOWS\system32\nvinfo.pb
2021-01-08 15:16 - 2021-01-08 15:16 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000021-000000.txt
2021-01-08 14:53 - 2021-01-19 07:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-Link
2021-01-08 14:53 - 2021-01-19 07:51 - 000000000 ____D C:\Program Files (x86)\TP-Link
2021-01-08 14:53 - 2021-01-08 15:29 - 000000000 ____D C:\Users\Predator\AppData\Roaming\tpPLC
2021-01-08 14:53 - 2021-01-08 14:53 - 000000000 ____D C:\Users\Predator\AppData\Local\Downloaded Installations
2021-01-07 10:41 - 2020-12-29 17:02 - 000101600 _____ C:\WINDOWS\system32\Drivers\NDivert.sys
2021-01-05 15:55 - 2021-01-05 15:55 - 000000000 ____D C:\Users\Predator\AppData\LocalLow\Team Cherry
2020-12-29 08:57 - 2020-12-29 08:57 - 000001781 _____ C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MaxxAudio by Waves – Speaker Audio Control and Nx 3D Sound.lnk
2020-12-29 08:50 - 2020-12-29 08:50 - 000000000 ____D C:\WINDOWS\Firmware
2020-12-27 19:47 - 2021-01-13 20:29 - 000000000 ____D C:\Users\Predator\AppData\Local\ElevatedDiagnostics

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-26 09:41 - 2020-06-01 11:23 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Slack
2021-01-26 09:35 - 2019-12-07 13:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-26 09:33 - 2020-06-25 16:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-01-26 07:25 - 2020-06-25 16:43 - 001755600 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-01-26 07:25 - 2020-06-25 15:29 - 000778836 _____ C:\WINDOWS\system32\perfh019.dat
2021-01-26 07:25 - 2020-06-25 15:29 - 000157542 _____ C:\WINDOWS\system32\perfc019.dat
2021-01-26 07:25 - 2019-12-07 13:13 - 000000000 ____D C:\WINDOWS\INF
2021-01-26 07:23 - 2019-12-07 13:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-01-26 07:19 - 2020-06-25 15:38 - 000000000 ____D C:\Users\Predator
2021-01-26 07:19 - 2020-06-06 08:03 - 000001302 _____ C:\Users\Predator\Desktop\Box.lnk
2021-01-26 07:19 - 2020-05-29 00:50 - 000000000 ____D C:\ProgramData\NVIDIA
2021-01-26 07:18 - 2020-06-25 16:43 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-26 07:18 - 2020-06-25 16:39 - 000008192 ___SH C:\DumpStack.log.tmp
2021-01-26 07:18 - 2020-05-27 22:23 - 000000000 __SHD C:\Users\Predator\IntelGraphicsProfiles
2021-01-26 07:18 - 2020-05-27 22:23 - 000000000 ____D C:\Intel
2021-01-26 07:18 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-01-26 07:18 - 2019-12-07 13:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-01-26 07:14 - 2019-12-07 13:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-01-25 21:37 - 2020-06-01 11:27 - 000000000 ____D C:\Program Files (x86)\Steam
2021-01-25 19:41 - 2020-11-08 18:28 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Origin
2021-01-25 19:41 - 2020-11-08 18:28 - 000000000 ____D C:\ProgramData\Origin
2021-01-25 19:23 - 2020-11-09 21:11 - 000000000 ____D C:\Program Files (x86)\Origin Games
2021-01-25 19:23 - 2020-11-08 18:28 - 000000000 ____D C:\Users\Predator\AppData\Local\Origin
2021-01-25 18:00 - 2020-11-02 17:19 - 000000000 ____D C:\Users\Predator\AppData\Local\Plex Media Server
2021-01-25 16:04 - 2020-05-27 22:20 - 000000000 ____D C:\Users\Predator\AppData\Local\Google
2021-01-25 16:03 - 2020-05-27 22:20 - 000000000 ____D C:\Program Files (x86)\Google
2021-01-25 16:02 - 2020-06-23 15:07 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Code
2021-01-25 15:16 - 2019-03-19 08:52 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-01-25 15:05 - 2020-08-25 16:45 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Dabble
2021-01-25 07:24 - 2020-06-08 07:24 - 000000000 ____D C:\Users\Predator\AppData\Local\CrashDumps
2021-01-24 17:20 - 2020-08-16 15:48 - 000000000 ____D C:\Users\Predator\AppData\Local\BitTorrentHelper
2021-01-24 17:20 - 2020-08-16 15:47 - 000000000 ____D C:\Users\Predator\AppData\Roaming\uTorrent Web
2021-01-24 16:30 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-01-24 16:20 - 2020-05-28 00:18 - 000000000 ____D C:\Users\Predator\AppData\Local\Packages
2021-01-24 16:20 - 2020-05-27 22:25 - 000000000 ____D C:\ProgramData\Packages
2021-01-24 16:20 - 2020-05-27 22:20 - 000000000 ____D C:\Users\Predator\AppData\Local\PlaceholderTileLogoFolder
2021-01-24 16:20 - 2019-12-07 13:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-24 12:50 - 2020-12-23 20:14 - 000003790 _____ C:\WINDOWS\system32\Tasks\Optimize Thumbnail Cache
2021-01-24 12:18 - 2020-06-01 10:12 - 000000000 ____D C:\Program Files\Microsoft Office
2021-01-24 07:06 - 2020-09-03 22:16 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-24 07:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-01-22 08:33 - 2020-11-08 18:30 - 000000000 ____D C:\Program Files (x86)\Origin
2021-01-22 07:12 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-01-21 19:26 - 2020-07-09 08:40 - 000000000 ____D C:\Users\Predator\AppData\Roaming\obs-studio
2021-01-21 15:43 - 2020-06-23 15:07 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Studio Code
2021-01-21 15:39 - 2020-08-24 13:26 - 000000000 ____D C:\ProgramData\chocolatey
2021-01-21 15:26 - 2020-05-29 00:31 - 000000000 ____D C:\ProgramData\Package Cache
2021-01-21 11:12 - 2020-05-29 00:44 - 000000000 ____D C:\ProgramData\Acer
2021-01-21 10:48 - 2020-06-25 16:39 - 000312784 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-01-21 08:20 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2021-01-21 08:20 - 2019-12-07 13:14 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2021-01-21 08:05 - 2020-06-25 15:27 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-01-21 08:00 - 2020-05-27 22:24 - 000000000 ____D C:\Users\Predator\AppData\Local\D3DSCache
2021-01-20 22:16 - 2020-08-16 15:47 - 000001919 _____ C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent Web.lnk
2021-01-19 08:15 - 2020-06-23 10:15 - 000000000 ____D C:\Users\Predator\AppData\Roaming\immutable-launcher
2021-01-18 08:19 - 2020-12-15 07:13 - 000000000 ____D C:\Program Files (x86)\Epic Games
2021-01-18 08:15 - 2020-05-29 00:33 - 000000000 ____D C:\Program Files (x86)\Intel
2021-01-17 21:59 - 2020-11-09 23:31 - 000000000 ___HD C:\Program Files\Common Files\EAInstaller
2021-01-13 13:25 - 2020-06-25 21:29 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-01-13 13:25 - 2019-12-07 18:48 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-13 13:25 - 2019-12-07 18:48 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-13 13:25 - 2019-12-07 18:44 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\IME
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-13 12:55 - 2019-12-07 13:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-01-13 12:52 - 2020-06-25 16:43 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-01-13 07:09 - 2020-05-27 22:38 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-01-13 07:08 - 2020-05-27 22:38 - 135062968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-01-12 20:58 - 2020-07-09 09:41 - 000000000 ____D C:\Users\Predator\AppData\Roaming\vlc
2021-01-12 07:25 - 2020-06-01 11:23 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies Inc
2021-01-12 07:25 - 2020-06-01 11:23 - 000000000 ____D C:\Users\Predator\AppData\Local\slack
2021-01-12 07:24 - 2020-05-27 22:41 - 000000000 ____D C:\Users\Predator\AppData\Local\SquirrelTemp
2021-01-09 08:49 - 2020-06-01 10:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-01-08 15:17 - 2020-06-06 08:00 - 000002509 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Box Drive.lnk
2021-01-07 10:42 - 2020-06-01 11:23 - 000000000 ____D C:\Users\Predator\AppData\Local\NordVPN
2021-01-07 10:41 - 2020-10-15 10:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordSec
2021-01-07 10:41 - 2020-08-13 13:05 - 000000000 ____D C:\ProgramData\NordVPN
2021-01-07 10:41 - 2020-08-13 13:05 - 000000000 ____D C:\Program Files\NordVPN
2021-01-04 18:43 - 2020-06-26 15:40 - 007115280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2021-01-03 09:18 - 2020-08-30 16:20 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Anki2
2021-01-02 21:44 - 2020-07-09 14:51 - 000000000 ____D C:\Users\Predator\OneDrive\Documents\The Witcher 3

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 

TDMoor

Posts: 36   +0
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2021 01
Ran by Predator (26-01-2021 09:48:10)
Running from C:\Users\Predator\OneDrive\Desktop
Windows 10 Enterprise Version 20H2 19042.746 (X64) (2020-06-25 12:43:14)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1889391155-3959138193-832358570-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1889391155-3959138193-832358570-503 - Limited - Disabled)
Guest (S-1-5-21-1889391155-3959138193-832358570-501 - Limited - Disabled)
Predator (S-1-5-21-1889391155-3959138193-832358570-1001 - Administrator - Enabled) => C:\Users\Predator
WDAGUtilityAccount (S-1-5-21-1889391155-3959138193-832358570-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: Bitdefender Antivirus (Enabled - Up to date) {0E17DB7D-A20F-62CE-B95B-17DB0CDFE318}
FW: Bitdefender Firewall (Enabled) {362C5A58-E860-6396-9204-BEEEF20CA463}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
Anki (HKLM-x32\...\Anki) (Version: 2.1.35 - )
Apex Legends (HKLM-x32\...\{D7FBF176-382D-484E-863A-DFD1124A2A1C}) (Version: 1.0.5.0 - Electronic Arts, Inc.)
Belgium e-ID middleware 4.4.27 (build 4277) (HKLM\...\{DB942AEA-93D6-4FE4-8862-180D35A74277}) (Version: 4.4.4277 - Belgian Government)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 25.0.1.177 - Bitdefender)
Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 25.0.10.52 - Bitdefender)
Box (HKLM\...\{C1A6C984-4C0F-4C47-8DAD-5745EA8BC101}) (Version: 2.19.294 - Box, Inc.)
Cold Turkey Blocker (HKLM\...\{6498E673-B9C2-4544-A722-1E854B5B573E}_is1) (Version: 4.1 - Cold Turkey Software, Inc.)
Dabble 1.6.3 (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\544dca61-9865-5e8b-812f-c37d8d6689f2) (Version: 1.6.3 - Jacob Wright)
Epic Games Launcher (HKLM-x32\...\{FEF3A9BA-A962-4469-AD62-04839D4BB847}) (Version: 1.1.298.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{6D70A161-C29B-441B-9AA5-2ABBAB3B4B4D}) (Version: 1.1.1.0 - Epic Games, Inc.)
Git version 2.30.0.2 (HKLM\...\Git_is1) (Version: 2.30.0.2 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.104 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Immutable 0.13.2 (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\{6ae4b193-3f11-53fc-9cc5-14b1f1a73184}) (Version: 0.13.2 - Immutable)
Intel(R) Chipset Device Software (HKLM-x32\...\{70281077-96c3-4f75-938c-dc4746110c00}) (Version: 10.1.17903.8106 - Intel(R) Corporation)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.5.10103.7263 - Intel Corporation)
Intel(R) Graphics Driver Software (HKLM-x32\...\{2e312ef6-e0d3-4dc4-bce3-1fc8264ddb12}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{7cd4cd84-8203-4ef3-92b4-ed60c8210241}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{8a13c1a0-15ca-4939-92ea-9a745169ba28}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{b0307f85-280a-491f-8f69-4678e4100558}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{bd73e01d-c055-4533-8bc3-1f9489e66168}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{fb198756-7be7-4730-8f2e-282d5e71e412}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 17.2.0.1009 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000020-0220-1033-84C8-B8D95FA3C8C3}) (Version: 22.20.0.3 - Intel Corporation)
Killer Drivers (HKLM\...\{79D3BD20-5240-45E8-A367-2082C0DE299F}) (Version: 2.2.1460 - Rivet Networks)
Killer Ethernet Performance Driver Suite UWD (HKLM\...\{2BC138AD-0144-4B09-998B-77D25B26B1FA}) (Version: 2.0.1159 - Rivet Networks)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft Access 2016 - en-us (HKLM\...\AccessRetail - en-us) (Version: 16.0.13530.20440 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.50 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.71 - )
Microsoft Excel 2016 - en-us (HKLM\...\ExcelRetail - en-us) (Version: 16.0.13530.20440 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 12.181.137.0 - Microsoft Corporation)
Microsoft Outlook 2016 - en-us (HKLM\...\OutlookRetail - en-us) (Version: 16.0.13530.20440 - Microsoft Corporation)
Microsoft PowerPoint 2016 - en-us (HKLM\...\PowerPointRetail - en-us) (Version: 16.0.13530.20440 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.26.28720 (HKLM-x32\...\{7d607fb4-7e28-4c7a-a92f-3fcdaf555faf}) (Version: 14.26.28720.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.26.28720 (HKLM-x32\...\{86380aef-fd23-4fc3-8723-a98ccad8f2c6}) (Version: 14.26.28720.3 - Microsoft Corporation)
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.52.1 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.18.1111.805 - Microsoft Corporation)
Microsoft Word 2016 - en-us (HKLM\...\WordRetail - en-us) (Version: 16.0.13530.20440 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Node.js (HKLM\...\{70453304-793B-4FAB-A673-FB14AF816C9B}) (Version: 14.15.4 - Node.js Foundation)
NordVPN (HKLM\...\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 6.33.10.0 - TEFINCOM S.A.)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
NordVPN network TUN (HKLM\...\{BD0E4F38-D3F6-452D-A32E-B14D721839AC}) (Version: 1.0.1 - NordVPN)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden
NVIDIA FrameView SDK 1.1.4923.29214634 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29214634 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.20.5.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.5.70 - NVIDIA Corporation)
NVIDIA Graphics Driver 461.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 461.09 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NVIDIA USBC Driver 1.46.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.46.831.832 - NVIDIA Corporation)
NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 25.0.8 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13530.20440 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13530.20440 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13530.20440 - Microsoft Corporation) Hidden
OptaneDowngradeGuard (HKLM\...\{86B0E6C1-32E0-42CC-BC4F-BF3C0730CECB}) (Version: 18.0.0.0 - Intel Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.5.90.46284 - Electronic Arts, Inc.)
Paradox Launcher v2 (HKLM\...\{A92DB5D9-A24D-4678-9F91-B4FA6D895718}) (Version: 2.0.4.0 - Paradox Interactive)
Plex Media Server (HKLM-x32\...\{4a5565be-c707-413a-baa1-d5eccde17706}) (Version: 1.21.1.3876 - Plex, Inc.)
Plex Media Server (HKLM-x32\...\{83F0AA15-A6F5-499C-B5D1-34F7780DE904}) (Version: 1.21.1876 - Plex, Inc.) Hidden
PredatorSense Service (HKLM\...\{8D399C7A-8693-4BDE-9D22-D43CBB8BBF62}) (Version: 3.00.3136 - Acer Incorporated)
Python 3.9.1 (64-bit) (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\{b2be55ad-3177-42aa-a6c2-53004684e4ea}) (Version: 3.9.1150.0 - Python Software Foundation)
Python 3.9.1 Add to Path (64-bit) (HKLM\...\{5AD5ED9C-14D1-4CFA-B4B1-A02CE8916D9F}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Core Interpreter (64-bit) (HKLM\...\{1C00F581-D5BF-491E-B1BB-72AA3A2250E5}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Development Libraries (64-bit) (HKLM\...\{27AD952D-DD9D-4AAC-B486-8AA601BFA064}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Documentation (64-bit) (HKLM\...\{5CB3AEED-BB03-47E2-BFF1-0CA58C236895}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Executables (64-bit) (HKLM\...\{71A9F41D-A865-46D4-A650-B210150DEF2A}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 pip Bootstrap (64-bit) (HKLM\...\{EF2B9385-6453-4702-9584-21BA8288D157}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Standard Library (64-bit) (HKLM\...\{5DD5C023-790B-4F1B-9B1B-8D1BC48F3057}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Tcl/Tk Support (64-bit) (HKLM\...\{414B5372-24FD-4302-8090-B9CE5564A6DD}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Test Suite (64-bit) (HKLM\...\{A7EC4DEB-8ABD-471D-BB5B-E579EBC9B043}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Utility Scripts (64-bit) (HKLM\...\{47A9647A-A576-4751-9C37-D32EB70285A3}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{FFC95928-6A14-4FB3-8D73-7A62382F66AC}) (Version: 3.9.7280.0 - Python Software Foundation)
REDlauncher (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\{7258BA11-600C-430E-A759-27E2C691A335}-REDlauncher_is1) (Version: - GOG.com)
RstDowngradeGuard (HKLM\...\{13C2A26E-7AD4-4D82-BB4F-DEA6E871B958}) (Version: 18.0.0.0 - Intel Corporation) Hidden
Slack (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\slack) (Version: 4.12.2 - Slack Technologies Inc.)
STAR WARS™ Battlefront™ II (HKLM-x32\...\{8a882ce0-0c0b-4eb2-850c-28ebadab4f50}) (Version: 1.1.8.16162 - Electronic Arts)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stopping Plex (HKLM-x32\...\{2DEE500C-6080-45ED-90B0-17C666DB4B6C}) (Version: 1.21.1876 - Plex, Inc.) Hidden
uTorrent Web (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\utweb) (Version: 1.1.3 - BitTorrent, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Windows SDK AddOn (HKLM-x32\...\{1E76DFA7-96F3-4281-8E41-8A226C3E42EE}) (Version: 10.1.0.0 - Microsoft Corporation)
WinRAR 5.90 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.90.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\ZoomUMX) (Version: 5.2.0 (42619.0804) - Zoom Video Communications, Inc.)

Packages:
=========
Ganache -> C:\Program Files\WindowsApps\GanacheUI_2.5.4.0_x64__5dg5pnz03psnj [2021-01-21] (Truffle)
Killer Control Center -> C:\Program Files\WindowsApps\RivetNetworks.KillerControlCenter_2.1.2925.0_x64__rh07ty8m5nkag [2020-05-27] (Rivet Networks LLC) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-05-28] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-05-28] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.959.0_x64__56jybvy8sckqj [2021-01-08] (NVIDIA Corp.)
PredatorSense_V30 -> C:\Program Files\WindowsApps\AcerIncorporated.PredatorSenseV30_3.0.3136.0_x64__48frkmn4z8aw4 [2020-05-29] (Acer Incorporated)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.9.214.0_x64__dt26b99r8h8gj [2020-05-27] (Realtek Semiconductor Corp)
Waves MaxxAudio For Acer -> C:\Program Files\WindowsApps\WavesAudio.20761030F5EAC_1.0.67.0_x64__fh4rh281wavaa [2020-05-27] (Waves Audio)
Windows Terminal -> C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.4.3243.0_x64__8wekyb3d8bbwe [2021-01-24] (Microsoft Corporation) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1889391155-3959138193-832358570-1001_Classes\CLSID\{220d4c62-e55b-4ba8-8a2a-4893f134b062}\localserver32 -> C:\Program Files\Cold Turkey\Cold Turkey Blocker.exe (Cold Turkey Software, Inc. -> Cold Turkey Software Inc.)
CustomCLSID: HKU\S-1-5-21-1889391155-3959138193-832358570-1001_Classes\CLSID\{4E519A5C-D30A-4057-822B-80000AE06C3B}\localserver32 -> C:\Windows\System32\DriverStore\FileRepository\wavesapo77ac.inf_amd64_b71853ad38306f1c\WavesSvc64.exe (Waves Inc -> Waves Audio Ltd.)
SSODL: CallbackTechMountNotificator-cbfsconnect2017 - {E0B5A2AD-5A60-43C1-8657-B6E698942300} - C:\Windows\system32\cbfsconnectMntNtf2017.dll (Callback Technologies, Inc. -> Callback Technologies, Inc.)
SSODL-x32: CallbackTechMountNotificator-cbfsconnect2017 - {E0B5A2AD-5A60-43C1-8657-B6E698942300} - C:\Windows\SysWOW64\cbfsconnectMntNtf2017.dll (Callback Technologies, Inc. -> Callback Technologies, Inc.)
ShellServiceObjects: Virtual Storage Mount Notification -> {E0B5A2AD-5A60-43C1-8657-B6E698942300} => C:\Windows\system32\cbfsconnectMntNtf2017.dll [2019-10-07] (Callback Technologies, Inc. -> Callback Technologies, Inc.)
ShellServiceObjects-x32: Virtual Storage Mount Notification -> {E0B5A2AD-5A60-43C1-8657-B6E698942300} => C:\Windows\SysWOW64\cbfsconnectMntNtf2017.dll [2019-10-07] (Callback Technologies, Inc. -> Callback Technologies, Inc.)
ShellIconOverlayIdentifiers: [ BoxAvailableOffline] -> {8D0A4E1B-C25A-4AF8-8DA7-531929C02958} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [ BoxLocked] -> {1B927815-D431-48B1-A746-6FF91FB35431} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [ BoxLockedByOther] -> {73C8BC94-4A51-413B-B927-829449EAFA75} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [ BoxProblem] -> {8BBBCFB6-60E2-4C0F-BB31-10434068E2BE} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [ BoxSynced] -> {04B9BDFA-0C53-4F36-A77F-51F53E3EF3EC} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [ BoxSyncing] -> {2FFF193C-5891-4B26-B363-40D3B5257FE9} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers-x32: [ BoxAvailableOffline] -> {8D0A4E1B-C25A-4AF8-8DA7-531929C02958} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers-x32: [ BoxLocked] -> {1B927815-D431-48B1-A746-6FF91FB35431} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers-x32: [ BoxLockedByOther] -> {73C8BC94-4A51-413B-B927-829449EAFA75} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers-x32: [ BoxProblem] -> {8BBBCFB6-60E2-4C0F-BB31-10434068E2BE} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers-x32: [ BoxSynced] -> {04B9BDFA-0C53-4F36-A77F-51F53E3EF3EC} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers-x32: [ BoxSyncing] -> {2FFF193C-5891-4B26-B363-40D3B5257FE9} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ContextMenuHandlers1: [PeContextMenuExtension] -> {098A124A-AA1C-38C8-A65E-D1199A14516A} => C:\Program Files (x86)\Common Files\Wondershare\PDFelement\AddIns\PEShellExt_x64.dll [2020-09-28] (Wondershare Technology Co.,Ltd -> Wondershare)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvaci.inf_amd64_5691fa6e0332f879\nvshext.dll [2021-01-04] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-01-19 08:10 - 2017-11-01 20:58 - 001537024 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Cold Turkey\x64\SQLite.Interop.dll
2020-11-08 18:30 - 2020-11-08 18:30 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2020-11-08 18:30 - 2020-11-08 18:30 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2020-11-08 18:30 - 2020-11-08 18:30 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2021-01-22 08:33 - 2020-11-08 18:30 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2021-01-22 08:33 - 2020-11-08 18:30 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2021-01-22 08:33 - 2020-11-08 18:30 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2021-01-22 08:33 - 2020-11-08 18:30 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2021-01-22 08:33 - 2020-11-08 18:30 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2021-01-22 08:33 - 2020-11-08 18:30 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-1889391155-3959138193-832358570-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://google.com/
BHO: Bitdefender Trackers Blocking -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:\Program Files\Bitdefender\Bitdefender Security\bdtbie.dll [2020-11-13] (Bitdefender SRL -> Bitdefender)
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2020-11-13] (Bitdefender SRL -> Bitdefender)
BHO-x32: Bitdefender Trackers Blocking -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:\Program Files\Bitdefender\Bitdefender Security\antispam32\bdtbie.dll [2020-11-13] (Bitdefender SRL -> Bitdefender)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2020-11-13] (Bitdefender SRL -> Bitdefender)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2020-11-13] (Bitdefender SRL -> Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2020-11-13] (Bitdefender SRL -> Bitdefender)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 08:49 - 2021-01-26 09:19 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Python39\Scripts\;C:\Python39\;C:\Python38\Scripts\;C:\Python38\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\ProgramData\chocolatey\bin;C:\Program Files\Git LFS;C:\Program Files\nodejs\;C:\Program Files\Git\cmd
HKU\S-1-5-21-1889391155-3959138193-832358570-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: NordVPN LightWeight Firewall -> NordLwf (enabled)
WiFi: NordVPN LightWeight Firewall -> NordLwf (enabled)
Ethernet 2: NordVPN LightWeight Firewall -> NordLwf (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==
 

TDMoor

Posts: 36   +0
==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{4691B83A-E942-4A92-A86E-C95F6A5C08D0}C:\users\predator\appdata\local\programs\immutable-launcher\immutable.exe] => (Allow) C:\users\predator\appdata\local\programs\immutable-launcher\immutable.exe (FUEL GAMES PTY LTD -> Immutable)
FirewallRules: [TCP Query User{A68D2B54-07D1-4507-8AAE-936DD073C938}C:\users\predator\appdata\local\programs\immutable-launcher\immutable.exe] => (Allow) C:\users\predator\appdata\local\programs\immutable-launcher\immutable.exe (FUEL GAMES PTY LTD -> Immutable)
FirewallRules: [{5AC84A4A-AF6E-4E99-BE9C-63AD921E70B8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{35AD696D-F172-4A04-935C-8CFD7D0556D8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{2DE182D3-5804-4B94-AE5B-6831B130692F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RimWorld\RimWorldWin64.exe () [File not signed]
FirewallRules: [{5AE80C86-5829-4376-ACE2-C927E3CC022D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RimWorld\RimWorldWin64.exe () [File not signed]
FirewallRules: [{A221BEDA-5AC1-48D0-8A61-8A07535951B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed]
FirewallRules: [{76A9B99B-ED05-4968-8A80-4EB6C411BF4B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed]
FirewallRules: [{A297773B-2450-4240-91B1-E620FFD9ABDA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{D77D211B-51D3-4892-AC4F-93D9668C00A3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{77A85CBC-CBB1-4648-B3E3-5107CA8D4B6E}] => (Allow) C:\Program Files\Acer\PredatorSense Service\PSMobile.exe (Acer Incorporated -> Acer Incorporated)
FirewallRules: [{C39684F0-0C2E-4997-9632-64C8A0BF5BC7}] => (Allow) LPort=1688
FirewallRules: [{23BEE4BC-57FF-4DA7-90CE-596458857A3B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{53A220CD-2F57-41FD-9DFE-4654DE30539A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{16827971-00BA-4101-8016-1065CAA56CDE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [{0878BBEC-6A36-4133-B240-53B05A7893A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [{04D721C8-E162-4CB1-9EE4-4406CD8ED208}] => (Allow) C:\Users\Predator\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{E520C0C9-EBBC-476C-8B54-2B3E792A33EB}] => (Allow) C:\Users\Predator\AppData\Roaming\uTorrent Web\utweb.exe (Jenkins Win Client Build CA -> BitTorrent Inc.) [File not signed]
FirewallRules: [{707F8CDA-3444-4054-B1F7-3D1889B042E2}] => (Allow) C:\Users\Predator\AppData\Roaming\uTorrent Web\utweb.exe (Jenkins Win Client Build CA -> BitTorrent Inc.) [File not signed]
FirewallRules: [TCP Query User{59F05CC7-B590-455A-89A9-93F699E599EA}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{3D0A8F2F-F33F-45DF-AF78-164066464E4A}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{C0827ACE-9708-41E4-8C2E-3DBC09CDAF97}C:\users\predator\appdata\roaming\utorrent web\utweb.exe] => (Allow) C:\users\predator\appdata\roaming\utorrent web\utweb.exe (Jenkins Win Client Build CA -> BitTorrent Inc.) [File not signed]
FirewallRules: [UDP Query User{9425FF70-3FB5-4FD4-8A53-D45722910214}C:\users\predator\appdata\roaming\utorrent web\utweb.exe] => (Allow) C:\users\predator\appdata\roaming\utorrent web\utweb.exe (Jenkins Win Client Build CA -> BitTorrent Inc.) [File not signed]
FirewallRules: [{4D000003-5E6F-469E-8631-45D67B5381A8}] => (Allow) LPort=5556
FirewallRules: [{A218392C-2D4D-4D18-9D37-FD1E21D5FC74}] => (Allow) LPort=5558
FirewallRules: [{FC21407D-FDDD-4BEF-993C-D1E527D375C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Noita\noita.exe () [File not signed]
FirewallRules: [{5900202B-4B0B-40BA-9C0E-679B4B80249D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Noita\noita.exe () [File not signed]
FirewallRules: [{CB642A24-BE88-4508-B615-BA67907B5A04}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3744750E-62ED-4E11-A0B8-9CE16A335CE3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F9B1B90C-7E30-48CD-AFB2-A0AB5C34CF1B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{9515CEA7-7D38-4141-9993-875645BA41D2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{05E213DC-9D30-4D24-B94B-4396481EA4A4}] => (Allow) D:\SteamLibrary\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{1BF4B660-5576-405D-9697-77DEA6D1F498}] => (Allow) D:\SteamLibrary\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{430F94D4-4A80-461E-A5D0-560E852CC73B}] => (Allow) C:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{17343607-9A23-4D65-8F93-7F7CDBFBD1EA}] => (Allow) C:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{0136B642-4A42-4D68-9E6C-BB2BB338B29A}] => (Allow) D:\SteamLibrary\steamapps\common\Frostpunk\Frostpunk.exe (Marek Ziemak -> 11 bit studios S.A.)
FirewallRules: [{DDF5C115-054B-4042-9CC9-869696E37C20}] => (Allow) D:\SteamLibrary\steamapps\common\Frostpunk\Frostpunk.exe (Marek Ziemak -> 11 bit studios S.A.)
FirewallRules: [{B4E2CD39-0C62-467B-B29A-C9EC1F69DFA4}] => (Allow) D:\SteamLibrary\steamapps\common\Risk of Rain 2\Risk of Rain 2.exe () [File not signed]
FirewallRules: [{CEC25D48-DE11-41B0-B340-5AC78125697B}] => (Allow) D:\SteamLibrary\steamapps\common\Risk of Rain 2\Risk of Rain 2.exe () [File not signed]
FirewallRules: [{919FF8F5-EE4C-48EB-8E52-A966F393C67C}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x64\Hades.exe () [File not signed]
FirewallRules: [{B53A6CA0-6B55-4B41-AB38-36EF666710C2}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x64\Hades.exe () [File not signed]
FirewallRules: [{477081A5-2536-4021-AE0A-9CE82BE8CCC4}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x64Vk\Hades.exe () [File not signed]
FirewallRules: [{7739B2FB-C548-4C86-BFDA-C4D3DE1032CB}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x64Vk\Hades.exe () [File not signed]
FirewallRules: [{4AEDDCED-CA5C-4710-80E7-56CF5A03B816}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x86\Hades.exe () [File not signed]
FirewallRules: [{2A892D41-A607-42A3-980E-6FA7596C313C}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x86\Hades.exe () [File not signed]
FirewallRules: [{5F79DD4B-C8ED-4EC0-8B9E-59FC9CFB2B7B}] => (Allow) D:\SteamLibrary\steamapps\common\Cyberpunk 2077\REDprelauncher.exe (GOG Sp. z o.o. -> GOG.com)
FirewallRules: [{A1DEF92D-6B1B-4AA4-9450-7454CF9DE8C3}] => (Allow) D:\SteamLibrary\steamapps\common\Cyberpunk 2077\REDprelauncher.exe (GOG Sp. z o.o. -> GOG.com)
FirewallRules: [TCP Query User{80DFDF74-D9F2-4DCA-9D3C-9A18116B9276}D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [UDP Query User{BA79B7DC-F04A-43F6-94C3-830EAEE4CB8E}D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [{152AE6EA-7CDE-40F7-A6BA-BC8C50D2EF02}] => (Allow) D:\SteamLibrary\steamapps\common\OxygenNotIncluded\OxygenNotIncluded.exe () [File not signed]
FirewallRules: [{F19D12E7-EFC2-4097-B951-86EBFD2936BB}] => (Allow) D:\SteamLibrary\steamapps\common\OxygenNotIncluded\OxygenNotIncluded.exe () [File not signed]
FirewallRules: [{0A73930D-97CB-431C-BD9C-EC7888A4048F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{50D43171-131F-48C1-AB3A-19E2F016A731}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CFBBAA07-A265-42D6-9391-9F1A51522F68}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{61ED058C-9686-4C1B-B8AE-3FBCA8D9E10E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{438AE6F0-5DD7-4367-91AD-D93805C31C08}] => (Allow) D:\SteamLibrary\steamapps\common\Hollow Knight\hollow_knight.exe () [File not signed]
FirewallRules: [{F9E07F44-D1D5-490D-A26D-5EF899558ABC}] => (Allow) D:\SteamLibrary\steamapps\common\Hollow Knight\hollow_knight.exe () [File not signed]
FirewallRules: [{5CA2BC43-98BF-462F-AADF-DE0AE5210CC2}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{7124117D-B6DE-40A4-A372-E6701EA6AFFE}D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [UDP Query User{CE094F67-C96D-4399-B207-14C796437F8E}D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [{AFC61512-A706-43A6-8994-2316D89083D0}] => (Allow) D:\OriginLibrary\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{9D5975D6-0401-4B32-83AA-99F8BDC2D475}] => (Allow) D:\OriginLibrary\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{7301FD69-0D6D-4B7A-A3C5-2C3D6A5A6703}] => (Allow) D:\OriginLibrary\STAR WARS Battlefront II\starwarsbattlefrontii.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{F61294EE-DD20-45DD-AB8F-E99F325B17E9}] => (Allow) D:\OriginLibrary\STAR WARS Battlefront II\starwarsbattlefrontii.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{8DE05D07-4B21-4E7D-B6BF-D92891660650}] => (Allow) C:\Program Files\Cold Turkey\Cold Turkey Blocker.exe (Cold Turkey Software, Inc. -> Cold Turkey Software Inc.)
FirewallRules: [{445BDBA8-C704-47E1-9D51-39F7E7BC07C5}] => (Allow) C:\Program Files\Cold Turkey\Cold Turkey Blocker.exe (Cold Turkey Software, Inc. -> Cold Turkey Software Inc.)
FirewallRules: [{8BCDBD85-3201-40F7-84CB-08AC6871BF56}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [{D03F056E-E411-49B0-9E08-382AC54F1D8A}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe (Plex, Inc. -> Python Software Foundation)
FirewallRules: [{6343A0F3-8581-4E78-B163-60604BF38CF6}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [{2CEF015F-4598-40CA-BA41-702E14325BA2}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe (Plex, Inc. -> )
FirewallRules: [{5136DDC4-EEEB-4636-88B1-432DD1BC4C48}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

25-01-2021 23:15:16 Installed Sophos Virus Removal Tool.

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/26/2021 09:49:21 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-01-26T11:18:21Z. Error Code: 0x80070002.

Error: (01/26/2021 09:48:51 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-01-26T11:18:51Z. Error Code: 0x80070002.

Error: (01/26/2021 09:48:21 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-01-26T11:18:21Z. Error Code: 0x80070002.

Error: (01/26/2021 09:47:51 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-01-26T11:18:51Z. Error Code: 0x80070002.

Error: (01/26/2021 09:47:21 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-01-26T11:18:21Z. Error Code: 0x80070002.

Error: (01/26/2021 09:46:51 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-01-26T11:18:51Z. Error Code: 0x80070002.

Error: (01/26/2021 09:46:21 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-01-26T11:18:21Z. Error Code: 0x80070002.

Error: (01/26/2021 09:45:51 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-01-26T11:18:51Z. Error Code: 0x80070002.


System errors:
=============
Error: (01/26/2021 07:18:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NDivert service failed to start due to the following error:
The driver was not loaded because it failed its initialization call.

Error: (01/26/2021 07:18:27 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The nordvpn-service service terminated unexpectedly. It has done this 1 time(s).

Error: (01/25/2021 11:11:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ProductAgentService service terminated unexpectedly. It has done this 1 time(s).

Error: (01/25/2021 07:22:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Epic Online Services service terminated unexpectedly. It has done this 1 time(s).

Error: (01/25/2021 03:17:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NDivert service failed to start due to the following error:
The driver was not loaded because it failed its initialization call.

Error: (01/25/2021 03:16:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The nordvpn-service service terminated unexpectedly. It has done this 2 time(s).

Error: (01/25/2021 03:16:42 PM) (Source: DCOM) (EventID: 10010) (User: PIXELATOR)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (01/25/2021 03:16:42 PM) (Source: DCOM) (EventID: 10010) (User: PIXELATOR)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.


Windows Defender:
===================================
Date: 2021-01-20 09:30:02.5710000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {ACC5F2B3-B00C-478D-A291-D9A28D85F5ED}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-19 10:04:26.6460000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {AB40B445-6CC2-4D1E-8F04-1E2DD3D5042A}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-17 09:10:26.9690000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {C24E8599-FAA4-4C9D-B221-D350EC0AAE07}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-16 09:08:17.4710000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {D289753A-EFF4-4CFC-8FAB-0CA89AD70978}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-15 09:32:21.9780000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {7DD587C2-D05C-4325-8C36-59D4A51F0C05}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-15 19:37:57.3500000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.2223.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070422
Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Date: 2021-01-08 20:25:17.8380000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.1856.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070422
Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Date: 2021-01-08 15:27:25.7810000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.1856.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070422
Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Date: 2021-01-04 17:29:30.7480000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.1624.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070422
Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Date: 2020-12-31 17:00:07.0980000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.1388.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070422
Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

CodeIntegrity:
===================================

Date: 2021-01-26 02:42:31.9070000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume6\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-26 02:42:31.8990000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume6\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-26 02:42:31.8910000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume6\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-26 02:42:31.8830000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume6\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-26 02:42:31.8750000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume6\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-26 02:42:02.8870000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume6\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-26 02:42:02.8780000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume6\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-26 02:42:02.8700000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume6\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

BIOS: Insyde Corp. V1.12 07/28/2020
Motherboard: CFL Covini_CFS
Processor: Intel(R) Core(TM) i7-9750H CPU @ 2.60GHz
Percentage of memory in use: 52%
Total physical RAM: 16223.24 MB
Available physical RAM: 7631.98 MB
Total Virtual: 17247.24 MB
Available Virtual: 7108.54 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:237.94 GB) (Free:37.72 GB) NTFS
Drive d: () (Fixed) (Total:930.88 GB) (Free:458.68 GB) NTFS

\\?\Volume{90bd557f-eeda-40df-98c9-c824fee5f592}\ (Recovery) (Fixed) (Total:0.52 GB) (Free:0.5 GB) NTFS
\\?\Volume{98cfbf4c-e03e-4864-80a9-3d9498080616}\ () (Fixed) (Total:0.52 GB) (Free:0.07 GB) NTFS
\\?\Volume{7291a17b-e9c8-4205-9de3-6c4c29d9a227}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
\\?\Volume{52e5fb0b-a7aa-11ea-b395-50e085ba1633}\ (Box) (Network) (Total:237.94 GB) (Free:37.72 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: AC8C3942)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 238.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================
 

Broni

Posts: 55,721   +501
redtarget.gif
Reset your router.
On your router, you'll find a pinhole marked "Reset".
Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
NOTE. Simple router disconnecting from a power source will NOT do.
Restart computer.

NOTE. You may need to re-check your router security settings, as described HERE

redtarget.gif
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    350 bytes · Views: 4

TDMoor

Posts: 36   +0
I reset my router and called my ISP to change my wifi SSID and password (yes, I live in a country -- Georgia -- where the ISP controls that). When I restarted my laptop, the IP was in my regedit again, so I deleted those entries and ran fixlog.txt. Same result as last time; it appears to be gone for now.

Fix result of Farbar Recovery Scan Tool (x64) Version: 24-01-2021 01
Ran by Predator (26-01-2021 12:55:54) Run:3
Running from C:\Users\Predator\OneDrive\Desktop
Loaded Profiles: Predator
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings)
AutoConfigURL: [HKLM] => hxxp://127.0.0.1:86/
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
RemoveProxy:
cmd: bitsadmin /util /setieproxy localsystem NO_PROXY RESET

*****************

"HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL" => not found
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully

========= RemoveProxy: =========

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1889391155-3959138193-832358570-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1889391155-3959138193-832358570-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= bitsadmin /util /setieproxy localsystem NO_PROXY RESET =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

Internet proxy settings for account localsystem set to NO_PROXY.
(connection = default)


========= End of CMD: =========


==== End of Fixlog 12:55:54 ====
 

TDMoor

Posts: 36   +0
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-01-2021 01
Ran by Predator (administrator) on PIXELATOR (Acer Predator PH315-52) (26-01-2021 13:03:14)
Running from C:\Users\Predator\OneDrive\Desktop
Loaded Profiles: Predator
Platform: Windows 10 Enterprise Version 20H2 19042.746 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\DiscoverySrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdntwrk.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe <3>
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
(Box, Inc. -> Box, Inc.) C:\Program Files\Box\Box\Box.Desktop.UpdateService.exe
(Box, Inc. -> Box, Inc.) C:\Program Files\Box\Box\Box.exe
(Box, Inc. -> Box, Inc.) C:\Program Files\Box\Box\FS\streem.exe
(Box, Inc. -> Box, Inc.) C:\Program Files\Box\Box\UI\BoxUI.exe
(Cold Turkey Software, Inc. -> ) C:\Program Files\Cold Turkey\ServiceHub.Helper.exe
(Cold Turkey Software, Inc. -> ) C:\Program Files\Cold Turkey\ServiceHub.Power.exe
(Cold Turkey Software, Inc. -> Cold Turkey Software Inc.) C:\Program Files\Cold Turkey\Cold Turkey Blocker.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Flexera Software LLC -> InstallShield Software Corporation) [File not signed] C:\Program Files (x86)\Common Files\installshield\engine\8\intel 32\iKernel.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_d52c63e0e1c02c96\jhi_service.exe
(Intel(R) Extreme Tuning Utility -> Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b578901fbed94a8e\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b578901fbed94a8e\igfxEM.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_3d18534d52d73f63\OneApp.IGCC.WinService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_6c4c2066b430f3ad\IntelCpHDCPSvc.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_6c4c2066b430f3ad\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_42f9d9bfb72d84cf\RstMwService.exe
(Intel(R) Trust Services -> Intel(R) Corporation) C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_e3f9b958faa255f1\lib\TPMProvisioningService.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\pacjsworker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvaci.inf_amd64_5691fa6e0332f879\Display.NvContainer\NVDisplay.Container.exe <2>
(Plex, Inc. -> Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(Rivet Networks LLC -> Rivet Networks LLC) C:\Windows\System32\drivers\RivetNetworks\Killer\xTendUtility.exe
(Rivet Networks LLC -> Rivet Networks) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe
(Rivet Networks LLC -> Rivet Networks, LLC.) C:\Windows\System32\drivers\RivetNetworks\Killer\xTendUtilityService.exe
(Rivet Networks LLC) C:\Program Files\WindowsApps\RivetNetworks.KillerControlCenter_2.1.2925.0_x64__rh07ty8m5nkag\KillerControlCenter_v2\KillerControlCenter.exe
(TEFINCOM S.A. -> TEFINCOM S.A.) C:\Program Files\NordVPN\nordvpn-service.exe
(Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo77ac.inf_amd64_b71853ad38306f1c\WavesSvc64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo77ac.inf_amd64_b71853ad38306f1c\WavesSysSvc64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1082592 2020-02-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo77ac.inf_amd64_b71853ad38306f1c\WavesSvc64.exe [1597528 2019-12-23] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [Box] => C:\Program Files\Box\Box\Box.exe [6387944 2020-12-21] (Box, Inc. -> Box, Inc.)
HKLM\...\Run: [cfmon] => C:\Windows\System32\ctfmon.exe [11264 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\MountPoints2: {0dafccc4-bf41-11ea-b3a1-50e085ba1633} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-18\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [21233264 2021-01-05] (Plex, Inc. -> Plex, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\88.0.4324.104\Installer\chrmstp.exe [2021-01-25] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {11810E54-6E06-4D99-BACE-B4746BEB1B98} - System32\Tasks\Power_a17007 => C:\Program Files\Cold Turkey\CTServiceInstaller.exe [20224 2021-01-10] (Cold Turkey Software, Inc. -> Cold Turkey Software Inc.)
Task: {4ED77466-76A7-4A21-8142-2B6E739FD744} - System32\Tasks\Optimize Thumbnail Cache => C:\Program Files (x86)\Common Files\installshield\engine\8\intel 32\isupdate.exe [61104 2020-09-26] (Flexera Software LLC -> InstallShield®) [File not signed]
Task: {8D1C2012-6235-4F06-B028-A6C409DCB52B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-25] (Google LLC -> Google LLC)
Task: {A42B5245-B179-4D4B-9257-DDF3D85A210B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-25] (Google LLC -> Google LLC)
Task: {A6035921-0766-4EC2-908B-95C79185BB4E} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [895080 2020-10-28] (Bitdefender SRL -> Bitdefender)
Task: {AB949040-EA4A-412A-BCF5-736D5E5FDF87} - System32\Tasks\InstallShield® Setup Engine Kernel => C:\Program Files (x86)\Common Files\installshield\engine\8\intel 32\iKernel.exe [72880 2020-10-16] (Flexera Software LLC -> InstallShield Software Corporation) [File not signed]

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\Driver Easy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{90002c76-16bd-4c5f-bf9b-fa5571ee34eb}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{cf3f026a-e4fb-46f4-b342-96e9ddaa1fda}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Predator\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-26]
Edge Extension: (Cold Turkey Blocker) - C:\Users\Predator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jfphahkinplobmabmgjmjgflbhjjddeb [2021-01-19]

FireFox:
========
FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi [2020-07-16] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/wallet/updates.json ]
FF HKLM\...\Firefox\Extensions: [bdtbe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi
FF Extension: (Bitdefender Anti-tracker) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi [2020-09-17] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/antitracker/updates.json ]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2020-12-08] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
FF HKLM-x32\...\Firefox\Extensions: [bdtbe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-09-15] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-09-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default [2021-01-26]
CHR Extension: (Slides) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-01-25]
CHR Extension: (Docs) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-01-25]
CHR Extension: (Google Drive) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-01-25]
CHR Extension: (YouTube) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-01-25]
CHR Extension: (Adobe Acrobat) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-01-25]
CHR Extension: (Sheets) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-01-25]
CHR Extension: (Google Docs Offline) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-01-25]
CHR Extension: (Jon Klassen) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmgjhcokclngghkncjakaigpjhfhpoek [2021-01-25]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2021-01-25]
CHR Extension: (Grammarly for Chrome) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-01-26]
CHR Extension: (Bitdefender Anti-tracker) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\khndhdhbebhaddchcgnalcjlaekbbeof [2021-01-25]
CHR Extension: (MetaMask) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2021-01-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-25]
CHR Extension: (Toggl Track: Productivity & Time Tracker) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejgccbfbmkkpaidnkphaiaecficdnfn [2021-01-25]
CHR Extension: (Gmail) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-25]
CHR Extension: (Chrome Media Router) - C:\Users\Predator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-25]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl]
CHR HKLM-x32\...\Chrome\Extension: [khndhdhbebhaddchcgnalcjlaekbbeof]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
R2 BDAuxSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [803576 2020-10-02] (Bitdefender SRL -> Bitdefender)
R2 BDProtSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [803576 2020-10-02] (Bitdefender SRL -> Bitdefender)
R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2195344 2018-03-22] (Bitdefender SRL -> Bitdefender)
R2 BoxUpdateSvc; C:\Program Files\Box\Box\Box.Desktop.UpdateService.exe [98000 2020-12-21] (Box, Inc. -> Box, Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8960384 2021-01-19] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2020-10-14] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [439880 2021-01-05] (Epic Games Inc. -> Epic Games, Inc.)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [287720 2020-10-19] (NVIDIA Corporation -> NVIDIA)
R2 Killer Network Service; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe [2616424 2019-06-17] (Rivet Networks LLC -> Rivet Networks)
R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [275200 2020-10-16] (TEFINCOM S.A. -> TEFINCOM S.A.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2533952 2021-01-20] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3479112 2021-01-20] (Electronic Arts, Inc. -> Electronic Arts)
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [1427568 2021-01-05] (Plex, Inc. -> Plex, Inc.)
R2 Power_a17007; C:\Program Files\Cold Turkey\ServiceHub.Power.exe [111096 2020-11-13] (Cold Turkey Software, Inc. -> )
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1355768 2020-10-28] (Bitdefender SRL -> Bitdefender)
S3 PSSvc; C:\Program Files\Acer\PredatorSense Service\PSSvc.exe [979736 2019-10-09] (Acer Incorporated -> Acer Incorporated)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [170840 2020-11-13] (Bitdefender SRL -> Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [803576 2020-10-02] (Bitdefender SRL -> Bitdefender)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 xTendSoftAPService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\xTendSoftAPService.exe [72808 2019-06-17] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 xTendUtilityService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\xTendUtilityService.exe [72816 2019-06-17] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvaci.inf_amd64_5691fa6e0332f879\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvaci.inf_amd64_5691fa6e0332f879\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AcerAirplaneModeController; C:\WINDOWS\System32\drivers\AcerAirplaneModeController.sys [30168 2020-05-12] (Acer Incorporated -> Acer Incorporated)
R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [2151624 2020-09-16] (Bitdefender SRL -> Bitdefender S.R.L. Bucharest, ROMANIA)
R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [796200 2020-05-26] (Bitdefender SRL -> Bitdefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [22960 2019-03-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
R0 bdprivmon; C:\WINDOWS\System32\DRIVERS\bdprivmon.sys [46056 2020-01-17] (Bitdefender SRL -> © Bitdefender SRL)
R1 cbfsconnect2017; C:\Windows\system32\drivers\cbfsconnect2017.sys [480272 2019-10-07] (Microsoft Windows Hardware Compatibility Publisher -> Callback Technologies, Inc.)
R0 Gemma; C:\WINDOWS\System32\DRIVERS\gemma.sys [473608 2020-09-14] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [195232 2020-09-03] (Bitdefender SRL -> BitDefender LLC)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [57728 2021-01-21] (SurfRight B.V. -> )
R2 Ignis; C:\WINDOWS\system32\DRIVERS\ignis.sys [185312 2020-10-07] (Bitdefender SRL -> Bitdefender)
R3 KfeCoSvc; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KfeCo10X64.sys [162432 2019-06-17] (Rivet Networks LLC -> Rivet Networks, LLC.)
S2 NDivert; C:\WINDOWS\System32\drivers\NDivert.sys [101600 2020-12-29] (TEFINCOM S.A. -> )
R3 nlwt; C:\WINDOWS\System32\drivers\nlwt.sys [39360 2020-10-25] (TEFINCOM S.A. -> WireGuard LLC)
R1 nordlwf; C:\WINDOWS\system32\DRIVERS\nordlwf.sys [38608 2020-07-10] (TEFINCOM S.A. -> TEFINCOM S.A.)
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [640760 2020-06-09] (Bitdefender SRL -> Bitdefender)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-26 12:54 - 2021-01-26 12:54 - 000000000 __RDL C:\Users\Predator\Box
2021-01-26 11:30 - 2021-01-26 11:30 - 000108916 _____ C:\Users\Predator\Downloads\Amazon Invoice.pdf
2021-01-25 23:16 - 2021-01-25 23:16 - 000000000 ____D C:\ProgramData\Sophos
2021-01-25 16:04 - 2021-01-25 16:04 - 000002319 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-25 16:03 - 2021-01-25 16:03 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-01-25 16:03 - 2021-01-25 16:03 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-01-25 16:03 - 2021-01-25 16:03 - 000000000 ____D C:\Program Files\Google
2021-01-25 15:17 - 2021-01-25 15:17 - 000000000 ____D C:\ProgramData\Atc
2021-01-25 07:23 - 2021-01-25 07:23 - 000085636 _____ C:\ProgramData\agent.update.1611544978.bdinstall.v2.bin
2021-01-25 07:12 - 2021-01-25 07:12 - 000000000 ____D C:\ProgramData\48C4687D-9760-4F5B-BAB3-60351B0841E4
2021-01-24 13:48 - 2021-01-26 13:03 - 000000000 ____D C:\FRST
2021-01-24 12:53 - 2021-01-24 12:53 - 000003802 _____ C:\WINDOWS\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2021-01-24 12:53 - 2021-01-24 12:53 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-24 12:53 - 2021-01-24 12:53 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-01-24 12:51 - 2021-01-24 12:51 - 000003866 _____ C:\WINDOWS\system32\Tasks\Power_a17007
2021-01-24 12:50 - 2021-01-24 12:50 - 000003430 _____ C:\WINDOWS\system32\Tasks\InstallShield® Setup Engine Kernel
2021-01-21 16:43 - 2021-01-26 11:24 - 000071244 _____ C:\Users\Predator\.babel.json
2021-01-21 16:08 - 2021-01-21 16:08 - 000000000 ____D C:\Users\Predator\AppData\Local\node-gyp
2021-01-21 15:49 - 2021-01-21 15:49 - 000000290 _____ C:\Users\Predator\.gitconfig
2021-01-21 15:49 - 2021-01-21 15:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
2021-01-21 15:49 - 2021-01-21 15:49 - 000000000 ____D C:\Program Files\Git
2021-01-21 15:38 - 2021-01-26 10:45 - 000000000 ____D C:\Users\Predator\AppData\Roaming\npm-cache
2021-01-21 15:38 - 2021-01-21 15:38 - 000000000 ____D C:\Users\Predator\.config
2021-01-21 15:37 - 2021-01-21 15:37 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Ganache
2021-01-21 15:26 - 2021-01-21 15:26 - 000000000 ____D C:\Users\Predator\AppData\Local\Package Cache
2021-01-21 15:26 - 2021-01-21 15:26 - 000000000 ____D C:\Python39
2021-01-21 15:26 - 2021-01-21 15:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.9
2021-01-21 15:25 - 2021-01-21 15:25 - 000000000 ____D C:\Users\Predator\AppData\Roaming\NuGet
2021-01-21 15:24 - 2021-01-21 15:38 - 000000000 ____D C:\Users\Predator\AppData\Roaming\npm
2021-01-21 15:24 - 2021-01-21 15:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js
2021-01-21 15:24 - 2021-01-21 15:24 - 000000000 ____D C:\Program Files\nodejs
2021-01-21 12:13 - 2021-01-21 12:13 - 000000312 _____ C:\WINDOWS\system32\.crusader
2021-01-21 12:10 - 2021-01-21 12:14 - 000057728 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2021-01-21 11:48 - 2021-01-21 12:30 - 000064959 _____ C:\WINDOWS\ZAM.krnl.trace
2021-01-21 11:48 - 2021-01-21 12:30 - 000000000 ____D C:\Users\Predator\AppData\Local\AMSDK
2021-01-21 11:48 - 2021-01-21 11:48 - 000000000 ____D C:\Users\Predator\AppData\Local\Zemana
2021-01-21 11:10 - 2021-01-21 11:12 - 000000000 ____D C:\AdwCleaner
2021-01-21 10:54 - 2021-01-21 11:04 - 000477624 _____ C:\WINDOWS\ntbtlog.txt
2021-01-21 10:54 - 2021-01-21 10:54 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2021-01-21 10:49 - 2021-01-21 10:49 - 000099608 _____ C:\ProgramData\vpn.uninstall.1611211736.bdinstall.v2.bin
2021-01-21 08:17 - 2021-01-21 08:17 - 000196800 _____ C:\ProgramData\vpn.1611202658.bdinstall.v2.bin
2021-01-21 08:10 - 2021-01-21 08:19 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2021-01-21 08:10 - 2021-01-21 08:10 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\4524E26C.sys
2021-01-21 08:10 - 2021-01-21 08:10 - 000000000 ____D C:\Program Files (x86)\Malwarebytes
2021-01-21 08:09 - 2021-01-21 08:09 - 000765208 _____ C:\ProgramData\cl.1611201876.bdinstall.v2.bin
2021-01-21 08:09 - 2021-01-21 08:09 - 000102248 _____ C:\ProgramData\cl.kit.1611201875.bdinstall.v2.bin
2021-01-21 08:09 - 2021-01-21 08:09 - 000000000 ____D C:\WINDOWS\system32\elambkup
2021-01-21 08:09 - 2021-01-21 08:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender Security
2021-01-21 08:09 - 2021-01-21 08:09 - 000000000 ____D C:\ProgramData\Gemma
2021-01-21 08:09 - 2021-01-21 08:09 - 000000000 ____D C:\ProgramData\BDLogging
2021-01-21 08:09 - 2020-09-16 13:26 - 002151624 _____ (Bitdefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\atc.sys
2021-01-21 08:09 - 2020-09-14 14:26 - 000473608 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\gemma.sys
2021-01-21 08:09 - 2020-05-26 13:23 - 000796200 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bddci.sys
2021-01-21 08:09 - 2020-01-17 02:03 - 000046056 _____ (© Bitdefender SRL) C:\WINDOWS\system32\Drivers\bdprivmon.sys
2021-01-21 08:09 - 2019-03-21 00:12 - 000022960 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
2021-01-21 08:08 - 2021-01-21 10:54 - 000000000 ____D C:\Program Files\Bitdefender
2021-01-21 08:08 - 2021-01-21 09:14 - 000000000 ____D C:\ProgramData\Bitdefender
2021-01-21 08:08 - 2021-01-21 08:08 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Bitdefender
2021-01-21 08:08 - 2020-10-07 11:30 - 000185312 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\ignis.sys
2021-01-21 08:08 - 2020-09-03 05:20 - 000195232 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2021-01-21 08:08 - 2020-06-09 17:13 - 000640760 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\trufos.sys
2021-01-21 08:04 - 2021-01-21 08:08 - 000000000 ____D C:\Program Files\Common Files\Bitdefender
2021-01-21 07:55 - 2021-01-25 07:23 - 000000000 ____D C:\Program Files\Bitdefender Agent
2021-01-21 07:55 - 2021-01-21 07:55 - 000117564 _____ C:\ProgramData\agent.1611201317.bdinstall.v2.bin
2021-01-21 07:55 - 2021-01-21 07:55 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2021-01-21 07:51 - 2021-01-21 07:51 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000025-000000.txt
2021-01-21 07:48 - 2021-01-21 08:10 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-01-20 22:21 - 2021-01-20 22:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2021-01-20 14:45 - 2021-01-20 14:45 - 000001425 _____ C:\WINDOWS\system32\default_error_stack-000024-000000.txt
2021-01-20 14:45 - 2021-01-20 14:45 - 000000000 ____D C:\WINDOWS\Panther
2021-01-19 08:10 - 2021-01-26 13:05 - 000000000 ____D C:\ProgramData\Cold Turkey
2021-01-19 08:10 - 2021-01-19 08:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cold Turkey Software
2021-01-19 08:10 - 2021-01-19 08:10 - 000000000 ____D C:\Program Files\Cold Turkey
2021-01-18 07:29 - 2021-01-18 07:29 - 000001425 _____ C:\WINDOWS\system32\default_error_stack-000023-000000.txt
2021-01-18 07:08 - 2021-01-18 07:10 - 000000000 ____D C:\Users\Predator\OneDrive\Documents\STAR WARS Battlefront II
2021-01-18 07:08 - 2021-01-18 07:08 - 000000000 ____D C:\Users\Predator\AppData\Local\STAR WARS Battlefront II
2021-01-13 13:25 - 2021-01-13 13:25 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000022-000000.txt
2021-01-13 12:53 - 2021-01-13 12:53 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 001162240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-01-13 12:53 - 2021-01-13 12:53 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-13 12:53 - 2021-01-13 12:53 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-13 12:53 - 2021-01-13 12:53 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-13 12:53 - 2021-01-13 12:53 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-13 12:53 - 2021-01-13 12:53 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000467968 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-13 12:53 - 2021-01-13 12:53 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-13 12:53 - 2021-01-13 12:53 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-13 12:53 - 2021-01-13 12:53 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-13 12:53 - 2021-01-13 12:53 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-01-13 12:53 - 2021-01-13 12:53 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-01-13 12:53 - 2021-01-13 12:53 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-13 12:53 - 2021-01-13 12:53 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-13 12:53 - 2021-01-13 12:53 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-13 12:53 - 2021-01-13 12:53 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-13 12:53 - 2021-01-13 12:53 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-13 12:53 - 2021-01-13 12:53 - 000010894 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-01-13 12:52 - 2021-01-13 12:52 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-13 12:52 - 2021-01-13 12:52 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-01-13 12:52 - 2021-01-13 12:52 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-01-13 12:52 - 2021-01-13 12:52 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-01-08 20:11 - 2021-01-04 18:49 - 001855192 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-01-08 20:11 - 2021-01-04 18:49 - 001855192 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-01-08 20:11 - 2021-01-04 18:49 - 001435864 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-01-08 20:11 - 2021-01-04 18:49 - 001435864 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-01-08 20:11 - 2021-01-04 18:49 - 000948952 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-01-08 20:11 - 2021-01-04 18:49 - 000948952 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-01-08 20:11 - 2021-01-04 18:48 - 001454488 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-01-08 20:11 - 2021-01-04 18:48 - 001193880 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-01-08 20:11 - 2021-01-04 18:48 - 001094880 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-01-08 20:11 - 2021-01-04 18:48 - 001094880 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 001512856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 001165720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 000690072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2021-01-08 20:11 - 2021-01-04 18:46 - 000680856 _____ C:\WINDOWS\system32\nvofapi64.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 000673688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 000610712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 000559000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2021-01-08 20:11 - 2021-01-04 18:46 - 000548248 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 008262552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 007393176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 004612504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 002731928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 002104216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 001589144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 000813976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 000657816 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2021-01-08 20:11 - 2021-01-04 18:45 - 000447384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2021-01-08 20:11 - 2021-01-04 18:44 - 000850840 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2021-01-08 20:11 - 2021-01-04 18:43 - 006071032 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2021-01-08 20:11 - 2020-12-31 18:01 - 000084159 _____ C:\WINDOWS\system32\nvinfo.pb
2021-01-08 15:16 - 2021-01-08 15:16 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000021-000000.txt
2021-01-08 14:53 - 2021-01-19 07:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-Link
2021-01-08 14:53 - 2021-01-19 07:51 - 000000000 ____D C:\Program Files (x86)\TP-Link
2021-01-08 14:53 - 2021-01-08 15:29 - 000000000 ____D C:\Users\Predator\AppData\Roaming\tpPLC
2021-01-08 14:53 - 2021-01-08 14:53 - 000000000 ____D C:\Users\Predator\AppData\Local\Downloaded Installations
2021-01-07 10:41 - 2020-12-29 17:02 - 000101600 _____ C:\WINDOWS\system32\Drivers\NDivert.sys
2021-01-05 15:55 - 2021-01-05 15:55 - 000000000 ____D C:\Users\Predator\AppData\LocalLow\Team Cherry
2020-12-29 08:57 - 2020-12-29 08:57 - 000001781 _____ C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MaxxAudio by Waves – Speaker Audio Control and Nx 3D Sound.lnk
2020-12-29 08:50 - 2020-12-29 08:50 - 000000000 ____D C:\WINDOWS\Firmware
2020-12-27 19:47 - 2021-01-13 20:29 - 000000000 ____D C:\Users\Predator\AppData\Local\ElevatedDiagnostics

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-26 13:00 - 2020-06-25 16:43 - 001755600 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-01-26 13:00 - 2020-06-25 15:29 - 000778836 _____ C:\WINDOWS\system32\perfh019.dat
2021-01-26 13:00 - 2020-06-25 15:29 - 000157542 _____ C:\WINDOWS\system32\perfc019.dat
2021-01-26 13:00 - 2019-12-07 13:13 - 000000000 ____D C:\WINDOWS\INF
2021-01-26 12:58 - 2019-12-07 13:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-01-26 12:54 - 2020-06-25 15:38 - 000000000 ____D C:\Users\Predator
2021-01-26 12:54 - 2020-06-06 08:03 - 000001302 _____ C:\Users\Predator\Desktop\Box.lnk
2021-01-26 12:54 - 2019-12-07 13:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-26 12:53 - 2020-06-25 16:43 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-26 12:53 - 2020-06-25 16:39 - 000008192 ___SH C:\DumpStack.log.tmp
2021-01-26 12:53 - 2020-05-29 00:50 - 000000000 ____D C:\ProgramData\NVIDIA
2021-01-26 12:53 - 2020-05-27 22:23 - 000000000 __SHD C:\Users\Predator\IntelGraphicsProfiles
2021-01-26 12:53 - 2020-05-27 22:23 - 000000000 ____D C:\Intel
2021-01-26 12:53 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-01-26 12:52 - 2019-12-07 13:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-01-26 12:20 - 2020-06-25 16:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-01-26 11:25 - 2020-06-23 15:07 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Code
2021-01-26 10:06 - 2020-06-01 11:23 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Slack
2021-01-26 07:14 - 2019-12-07 13:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-01-25 21:37 - 2020-06-01 11:27 - 000000000 ____D C:\Program Files (x86)\Steam
2021-01-25 19:41 - 2020-11-08 18:28 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Origin
2021-01-25 19:41 - 2020-11-08 18:28 - 000000000 ____D C:\ProgramData\Origin
2021-01-25 19:23 - 2020-11-09 21:11 - 000000000 ____D C:\Program Files (x86)\Origin Games
2021-01-25 19:23 - 2020-11-08 18:28 - 000000000 ____D C:\Users\Predator\AppData\Local\Origin
2021-01-25 18:00 - 2020-11-02 17:19 - 000000000 ____D C:\Users\Predator\AppData\Local\Plex Media Server
2021-01-25 16:04 - 2020-05-27 22:20 - 000000000 ____D C:\Users\Predator\AppData\Local\Google
2021-01-25 16:03 - 2020-05-27 22:20 - 000000000 ____D C:\Program Files (x86)\Google
2021-01-25 15:16 - 2019-03-19 08:52 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-01-25 15:05 - 2020-08-25 16:45 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Dabble
2021-01-25 07:24 - 2020-06-08 07:24 - 000000000 ____D C:\Users\Predator\AppData\Local\CrashDumps
2021-01-24 17:20 - 2020-08-16 15:48 - 000000000 ____D C:\Users\Predator\AppData\Local\BitTorrentHelper
2021-01-24 17:20 - 2020-08-16 15:47 - 000000000 ____D C:\Users\Predator\AppData\Roaming\uTorrent Web
2021-01-24 16:30 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-01-24 16:20 - 2020-05-28 00:18 - 000000000 ____D C:\Users\Predator\AppData\Local\Packages
2021-01-24 16:20 - 2020-05-27 22:25 - 000000000 ____D C:\ProgramData\Packages
2021-01-24 16:20 - 2020-05-27 22:20 - 000000000 ____D C:\Users\Predator\AppData\Local\PlaceholderTileLogoFolder
2021-01-24 16:20 - 2019-12-07 13:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-24 12:50 - 2020-12-23 20:14 - 000003790 _____ C:\WINDOWS\system32\Tasks\Optimize Thumbnail Cache
2021-01-24 12:18 - 2020-06-01 10:12 - 000000000 ____D C:\Program Files\Microsoft Office
2021-01-24 07:06 - 2020-09-03 22:16 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-24 07:05 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-01-22 08:33 - 2020-11-08 18:30 - 000000000 ____D C:\Program Files (x86)\Origin
2021-01-22 07:12 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-01-21 19:26 - 2020-07-09 08:40 - 000000000 ____D C:\Users\Predator\AppData\Roaming\obs-studio
2021-01-21 15:43 - 2020-06-23 15:07 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Studio Code
2021-01-21 15:39 - 2020-08-24 13:26 - 000000000 ____D C:\ProgramData\chocolatey
2021-01-21 15:26 - 2020-05-29 00:31 - 000000000 ____D C:\ProgramData\Package Cache
2021-01-21 11:12 - 2020-05-29 00:44 - 000000000 ____D C:\ProgramData\Acer
2021-01-21 10:48 - 2020-06-25 16:39 - 000312784 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-01-21 08:20 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2021-01-21 08:20 - 2019-12-07 13:14 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2021-01-21 08:05 - 2020-06-25 15:27 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-01-21 08:00 - 2020-05-27 22:24 - 000000000 ____D C:\Users\Predator\AppData\Local\D3DSCache
2021-01-20 22:16 - 2020-08-16 15:47 - 000001919 _____ C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent Web.lnk
2021-01-19 08:15 - 2020-06-23 10:15 - 000000000 ____D C:\Users\Predator\AppData\Roaming\immutable-launcher
2021-01-18 08:19 - 2020-12-15 07:13 - 000000000 ____D C:\Program Files (x86)\Epic Games
2021-01-18 08:15 - 2020-05-29 00:33 - 000000000 ____D C:\Program Files (x86)\Intel
2021-01-17 21:59 - 2020-11-09 23:31 - 000000000 ___HD C:\Program Files\Common Files\EAInstaller
2021-01-13 13:25 - 2020-06-25 21:29 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-01-13 13:25 - 2019-12-07 18:48 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-13 13:25 - 2019-12-07 18:48 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-13 13:25 - 2019-12-07 18:44 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\IME
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-01-13 13:25 - 2019-12-07 13:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-13 12:55 - 2019-12-07 13:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-01-13 12:52 - 2020-06-25 16:43 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-01-13 07:09 - 2020-05-27 22:38 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-01-13 07:08 - 2020-05-27 22:38 - 135062968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-01-12 20:58 - 2020-07-09 09:41 - 000000000 ____D C:\Users\Predator\AppData\Roaming\vlc
2021-01-12 07:25 - 2020-06-01 11:23 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies Inc
2021-01-12 07:25 - 2020-06-01 11:23 - 000000000 ____D C:\Users\Predator\AppData\Local\slack
2021-01-12 07:24 - 2020-05-27 22:41 - 000000000 ____D C:\Users\Predator\AppData\Local\SquirrelTemp
2021-01-09 08:49 - 2020-06-01 10:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-01-08 15:17 - 2020-06-06 08:00 - 000002509 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Box Drive.lnk
2021-01-07 10:42 - 2020-06-01 11:23 - 000000000 ____D C:\Users\Predator\AppData\Local\NordVPN
2021-01-07 10:41 - 2020-10-15 10:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordSec
2021-01-07 10:41 - 2020-08-13 13:05 - 000000000 ____D C:\ProgramData\NordVPN
2021-01-07 10:41 - 2020-08-13 13:05 - 000000000 ____D C:\Program Files\NordVPN
2021-01-04 18:43 - 2020-06-26 15:40 - 007115280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2021-01-03 09:18 - 2020-08-30 16:20 - 000000000 ____D C:\Users\Predator\AppData\Roaming\Anki2
2021-01-02 21:44 - 2020-07-09 14:51 - 000000000 ____D C:\Users\Predator\OneDrive\Documents\The Witcher 3

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 

TDMoor

Posts: 36   +0
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2021 01
Ran by Predator (26-01-2021 13:05:08)
Running from C:\Users\Predator\OneDrive\Desktop
Windows 10 Enterprise Version 20H2 19042.746 (X64) (2020-06-25 12:43:14)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1889391155-3959138193-832358570-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1889391155-3959138193-832358570-503 - Limited - Disabled)
Guest (S-1-5-21-1889391155-3959138193-832358570-501 - Limited - Disabled)
Predator (S-1-5-21-1889391155-3959138193-832358570-1001 - Administrator - Enabled) => C:\Users\Predator
WDAGUtilityAccount (S-1-5-21-1889391155-3959138193-832358570-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: Bitdefender Antivirus (Enabled - Up to date) {0E17DB7D-A20F-62CE-B95B-17DB0CDFE318}
FW: Bitdefender Firewall (Enabled) {362C5A58-E860-6396-9204-BEEEF20CA463}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
Anki (HKLM-x32\...\Anki) (Version: 2.1.35 - )
Apex Legends (HKLM-x32\...\{D7FBF176-382D-484E-863A-DFD1124A2A1C}) (Version: 1.0.5.0 - Electronic Arts, Inc.)
Belgium e-ID middleware 4.4.27 (build 4277) (HKLM\...\{DB942AEA-93D6-4FE4-8862-180D35A74277}) (Version: 4.4.4277 - Belgian Government)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 25.0.1.177 - Bitdefender)
Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 25.0.10.52 - Bitdefender)
Box (HKLM\...\{C1A6C984-4C0F-4C47-8DAD-5745EA8BC101}) (Version: 2.19.294 - Box, Inc.)
Cold Turkey Blocker (HKLM\...\{6498E673-B9C2-4544-A722-1E854B5B573E}_is1) (Version: 4.1 - Cold Turkey Software, Inc.)
Dabble 1.6.3 (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\544dca61-9865-5e8b-812f-c37d8d6689f2) (Version: 1.6.3 - Jacob Wright)
Epic Games Launcher (HKLM-x32\...\{FEF3A9BA-A962-4469-AD62-04839D4BB847}) (Version: 1.1.298.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{6D70A161-C29B-441B-9AA5-2ABBAB3B4B4D}) (Version: 1.1.1.0 - Epic Games, Inc.)
Git version 2.30.0.2 (HKLM\...\Git_is1) (Version: 2.30.0.2 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.104 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Immutable 0.13.2 (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\{6ae4b193-3f11-53fc-9cc5-14b1f1a73184}) (Version: 0.13.2 - Immutable)
Intel(R) Chipset Device Software (HKLM-x32\...\{70281077-96c3-4f75-938c-dc4746110c00}) (Version: 10.1.17903.8106 - Intel(R) Corporation)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.5.10103.7263 - Intel Corporation)
Intel(R) Graphics Driver Software (HKLM-x32\...\{2e312ef6-e0d3-4dc4-bce3-1fc8264ddb12}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{7cd4cd84-8203-4ef3-92b4-ed60c8210241}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{8a13c1a0-15ca-4939-92ea-9a745169ba28}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{b0307f85-280a-491f-8f69-4678e4100558}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{bd73e01d-c055-4533-8bc3-1f9489e66168}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{fb198756-7be7-4730-8f2e-282d5e71e412}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 17.2.0.1009 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000020-0220-1033-84C8-B8D95FA3C8C3}) (Version: 22.20.0.3 - Intel Corporation)
Killer Drivers (HKLM\...\{79D3BD20-5240-45E8-A367-2082C0DE299F}) (Version: 2.2.1460 - Rivet Networks)
Killer Ethernet Performance Driver Suite UWD (HKLM\...\{2BC138AD-0144-4B09-998B-77D25B26B1FA}) (Version: 2.0.1159 - Rivet Networks)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft Access 2016 - en-us (HKLM\...\AccessRetail - en-us) (Version: 16.0.13530.20440 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.50 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.71 - )
Microsoft Excel 2016 - en-us (HKLM\...\ExcelRetail - en-us) (Version: 16.0.13530.20440 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 12.181.137.0 - Microsoft Corporation)
Microsoft Outlook 2016 - en-us (HKLM\...\OutlookRetail - en-us) (Version: 16.0.13530.20440 - Microsoft Corporation)
Microsoft PowerPoint 2016 - en-us (HKLM\...\PowerPointRetail - en-us) (Version: 16.0.13530.20440 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.26.28720 (HKLM-x32\...\{7d607fb4-7e28-4c7a-a92f-3fcdaf555faf}) (Version: 14.26.28720.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.26.28720 (HKLM-x32\...\{86380aef-fd23-4fc3-8723-a98ccad8f2c6}) (Version: 14.26.28720.3 - Microsoft Corporation)
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.52.1 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.18.1111.805 - Microsoft Corporation)
Microsoft Word 2016 - en-us (HKLM\...\WordRetail - en-us) (Version: 16.0.13530.20440 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Node.js (HKLM\...\{70453304-793B-4FAB-A673-FB14AF816C9B}) (Version: 14.15.4 - Node.js Foundation)
NordVPN (HKLM\...\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 6.33.10.0 - TEFINCOM S.A.)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
NordVPN network TUN (HKLM\...\{BD0E4F38-D3F6-452D-A32E-B14D721839AC}) (Version: 1.0.1 - NordVPN)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden
NVIDIA FrameView SDK 1.1.4923.29214634 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29214634 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.20.5.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.5.70 - NVIDIA Corporation)
NVIDIA Graphics Driver 461.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 461.09 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NVIDIA USBC Driver 1.46.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.46.831.832 - NVIDIA Corporation)
NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 25.0.8 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13530.20440 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13530.20440 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13530.20440 - Microsoft Corporation) Hidden
OptaneDowngradeGuard (HKLM\...\{86B0E6C1-32E0-42CC-BC4F-BF3C0730CECB}) (Version: 18.0.0.0 - Intel Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.5.90.46284 - Electronic Arts, Inc.)
Paradox Launcher v2 (HKLM\...\{A92DB5D9-A24D-4678-9F91-B4FA6D895718}) (Version: 2.0.4.0 - Paradox Interactive)
Plex Media Server (HKLM-x32\...\{4a5565be-c707-413a-baa1-d5eccde17706}) (Version: 1.21.1.3876 - Plex, Inc.)
Plex Media Server (HKLM-x32\...\{83F0AA15-A6F5-499C-B5D1-34F7780DE904}) (Version: 1.21.1876 - Plex, Inc.) Hidden
PredatorSense Service (HKLM\...\{8D399C7A-8693-4BDE-9D22-D43CBB8BBF62}) (Version: 3.00.3136 - Acer Incorporated)
Python 3.9.1 (64-bit) (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\{b2be55ad-3177-42aa-a6c2-53004684e4ea}) (Version: 3.9.1150.0 - Python Software Foundation)
Python 3.9.1 Add to Path (64-bit) (HKLM\...\{5AD5ED9C-14D1-4CFA-B4B1-A02CE8916D9F}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Core Interpreter (64-bit) (HKLM\...\{1C00F581-D5BF-491E-B1BB-72AA3A2250E5}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Development Libraries (64-bit) (HKLM\...\{27AD952D-DD9D-4AAC-B486-8AA601BFA064}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Documentation (64-bit) (HKLM\...\{5CB3AEED-BB03-47E2-BFF1-0CA58C236895}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Executables (64-bit) (HKLM\...\{71A9F41D-A865-46D4-A650-B210150DEF2A}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 pip Bootstrap (64-bit) (HKLM\...\{EF2B9385-6453-4702-9584-21BA8288D157}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Standard Library (64-bit) (HKLM\...\{5DD5C023-790B-4F1B-9B1B-8D1BC48F3057}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Tcl/Tk Support (64-bit) (HKLM\...\{414B5372-24FD-4302-8090-B9CE5564A6DD}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Test Suite (64-bit) (HKLM\...\{A7EC4DEB-8ABD-471D-BB5B-E579EBC9B043}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Utility Scripts (64-bit) (HKLM\...\{47A9647A-A576-4751-9C37-D32EB70285A3}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{FFC95928-6A14-4FB3-8D73-7A62382F66AC}) (Version: 3.9.7280.0 - Python Software Foundation)
REDlauncher (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\{7258BA11-600C-430E-A759-27E2C691A335}-REDlauncher_is1) (Version: - GOG.com)
RstDowngradeGuard (HKLM\...\{13C2A26E-7AD4-4D82-BB4F-DEA6E871B958}) (Version: 18.0.0.0 - Intel Corporation) Hidden
Slack (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\slack) (Version: 4.12.2 - Slack Technologies Inc.)
STAR WARS™ Battlefront™ II (HKLM-x32\...\{8a882ce0-0c0b-4eb2-850c-28ebadab4f50}) (Version: 1.1.8.16162 - Electronic Arts)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stopping Plex (HKLM-x32\...\{2DEE500C-6080-45ED-90B0-17C666DB4B6C}) (Version: 1.21.1876 - Plex, Inc.) Hidden
uTorrent Web (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\utweb) (Version: 1.1.3 - BitTorrent, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Windows SDK AddOn (HKLM-x32\...\{1E76DFA7-96F3-4281-8E41-8A226C3E42EE}) (Version: 10.1.0.0 - Microsoft Corporation)
WinRAR 5.90 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.90.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-1889391155-3959138193-832358570-1001\...\ZoomUMX) (Version: 5.2.0 (42619.0804) - Zoom Video Communications, Inc.)

Packages:
=========
Ganache -> C:\Program Files\WindowsApps\GanacheUI_2.5.4.0_x64__5dg5pnz03psnj [2021-01-21] (Truffle)
Killer Control Center -> C:\Program Files\WindowsApps\RivetNetworks.KillerControlCenter_2.1.2925.0_x64__rh07ty8m5nkag [2020-05-27] (Rivet Networks LLC) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-05-28] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-05-28] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.959.0_x64__56jybvy8sckqj [2021-01-08] (NVIDIA Corp.)
PredatorSense_V30 -> C:\Program Files\WindowsApps\AcerIncorporated.PredatorSenseV30_3.0.3136.0_x64__48frkmn4z8aw4 [2020-05-29] (Acer Incorporated)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.9.214.0_x64__dt26b99r8h8gj [2020-05-27] (Realtek Semiconductor Corp)
Waves MaxxAudio For Acer -> C:\Program Files\WindowsApps\WavesAudio.20761030F5EAC_1.0.67.0_x64__fh4rh281wavaa [2020-05-27] (Waves Audio)
Windows Terminal -> C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.4.3243.0_x64__8wekyb3d8bbwe [2021-01-24] (Microsoft Corporation) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1889391155-3959138193-832358570-1001_Classes\CLSID\{220d4c62-e55b-4ba8-8a2a-4893f134b062}\localserver32 -> C:\Program Files\Cold Turkey\Cold Turkey Blocker.exe (Cold Turkey Software, Inc. -> Cold Turkey Software Inc.)
CustomCLSID: HKU\S-1-5-21-1889391155-3959138193-832358570-1001_Classes\CLSID\{4E519A5C-D30A-4057-822B-80000AE06C3B}\localserver32 -> C:\Windows\System32\DriverStore\FileRepository\wavesapo77ac.inf_amd64_b71853ad38306f1c\WavesSvc64.exe (Waves Inc -> Waves Audio Ltd.)
SSODL: CallbackTechMountNotificator-cbfsconnect2017 - {E0B5A2AD-5A60-43C1-8657-B6E698942300} - C:\Windows\system32\cbfsconnectMntNtf2017.dll (Callback Technologies, Inc. -> Callback Technologies, Inc.)
SSODL-x32: CallbackTechMountNotificator-cbfsconnect2017 - {E0B5A2AD-5A60-43C1-8657-B6E698942300} - C:\Windows\SysWOW64\cbfsconnectMntNtf2017.dll (Callback Technologies, Inc. -> Callback Technologies, Inc.)
ShellServiceObjects: Virtual Storage Mount Notification -> {E0B5A2AD-5A60-43C1-8657-B6E698942300} => C:\Windows\system32\cbfsconnectMntNtf2017.dll [2019-10-07] (Callback Technologies, Inc. -> Callback Technologies, Inc.)
ShellServiceObjects-x32: Virtual Storage Mount Notification -> {E0B5A2AD-5A60-43C1-8657-B6E698942300} => C:\Windows\SysWOW64\cbfsconnectMntNtf2017.dll [2019-10-07] (Callback Technologies, Inc. -> Callback Technologies, Inc.)
ShellIconOverlayIdentifiers: [ BoxAvailableOffline] -> {8D0A4E1B-C25A-4AF8-8DA7-531929C02958} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [ BoxLocked] -> {1B927815-D431-48B1-A746-6FF91FB35431} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [ BoxLockedByOther] -> {73C8BC94-4A51-413B-B927-829449EAFA75} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [ BoxProblem] -> {8BBBCFB6-60E2-4C0F-BB31-10434068E2BE} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [ BoxSynced] -> {04B9BDFA-0C53-4F36-A77F-51F53E3EF3EC} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [ BoxSyncing] -> {2FFF193C-5891-4B26-B363-40D3B5257FE9} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers-x32: [ BoxAvailableOffline] -> {8D0A4E1B-C25A-4AF8-8DA7-531929C02958} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers-x32: [ BoxLocked] -> {1B927815-D431-48B1-A746-6FF91FB35431} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers-x32: [ BoxLockedByOther] -> {73C8BC94-4A51-413B-B927-829449EAFA75} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers-x32: [ BoxProblem] -> {8BBBCFB6-60E2-4C0F-BB31-10434068E2BE} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers-x32: [ BoxSynced] -> {04B9BDFA-0C53-4F36-A77F-51F53E3EF3EC} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers-x32: [ BoxSyncing] -> {2FFF193C-5891-4B26-B363-40D3B5257FE9} => C:\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll [2020-12-21] (Box, Inc. -> Box, Inc.)
ContextMenuHandlers1: [PeContextMenuExtension] -> {098A124A-AA1C-38C8-A65E-D1199A14516A} => C:\Program Files (x86)\Common Files\Wondershare\PDFelement\AddIns\PEShellExt_x64.dll [2020-09-28] (Wondershare Technology Co.,Ltd -> Wondershare)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvaci.inf_amd64_5691fa6e0332f879\nvshext.dll [2021-01-04] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================
 

TDMoor

Posts: 36   +0
==================== Loaded Modules (Whitelisted) =============

2021-01-19 08:10 - 2017-11-01 20:58 - 001537024 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Cold Turkey\x64\SQLite.Interop.dll
2020-11-08 18:30 - 2020-11-08 18:30 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2020-11-08 18:30 - 2020-11-08 18:30 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2020-11-08 18:30 - 2020-11-08 18:30 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2021-01-22 08:33 - 2020-11-08 18:30 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2021-01-22 08:33 - 2020-11-08 18:30 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2021-01-22 08:33 - 2020-11-08 18:30 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2021-01-22 08:33 - 2020-11-08 18:30 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2021-01-22 08:33 - 2020-11-08 18:30 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2021-01-22 08:33 - 2020-11-08 18:30 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-1889391155-3959138193-832358570-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://google.com/
BHO: Bitdefender Trackers Blocking -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:\Program Files\Bitdefender\Bitdefender Security\bdtbie.dll [2020-11-13] (Bitdefender SRL -> Bitdefender)
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2020-11-13] (Bitdefender SRL -> Bitdefender)
BHO-x32: Bitdefender Trackers Blocking -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:\Program Files\Bitdefender\Bitdefender Security\antispam32\bdtbie.dll [2020-11-13] (Bitdefender SRL -> Bitdefender)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2020-11-13] (Bitdefender SRL -> Bitdefender)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2020-11-13] (Bitdefender SRL -> Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2020-11-13] (Bitdefender SRL -> Bitdefender)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-09] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 08:49 - 2021-01-26 12:53 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Python39\Scripts\;C:\Python39\;C:\Python38\Scripts\;C:\Python38\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\ProgramData\chocolatey\bin;C:\Program Files\Git LFS;C:\Program Files\nodejs\;C:\Program Files\Git\cmd
HKU\S-1-5-21-1889391155-3959138193-832358570-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Predator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: NordVPN LightWeight Firewall -> NordLwf (enabled)
WiFi: NordVPN LightWeight Firewall -> NordLwf (enabled)
Ethernet 2: NordVPN LightWeight Firewall -> NordLwf (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{4691B83A-E942-4A92-A86E-C95F6A5C08D0}C:\users\predator\appdata\local\programs\immutable-launcher\immutable.exe] => (Allow) C:\users\predator\appdata\local\programs\immutable-launcher\immutable.exe (FUEL GAMES PTY LTD -> Immutable)
FirewallRules: [TCP Query User{A68D2B54-07D1-4507-8AAE-936DD073C938}C:\users\predator\appdata\local\programs\immutable-launcher\immutable.exe] => (Allow) C:\users\predator\appdata\local\programs\immutable-launcher\immutable.exe (FUEL GAMES PTY LTD -> Immutable)
FirewallRules: [{5AC84A4A-AF6E-4E99-BE9C-63AD921E70B8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{35AD696D-F172-4A04-935C-8CFD7D0556D8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{2DE182D3-5804-4B94-AE5B-6831B130692F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RimWorld\RimWorldWin64.exe () [File not signed]
FirewallRules: [{5AE80C86-5829-4376-ACE2-C927E3CC022D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RimWorld\RimWorldWin64.exe () [File not signed]
FirewallRules: [{A221BEDA-5AC1-48D0-8A61-8A07535951B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed]
FirewallRules: [{76A9B99B-ED05-4968-8A80-4EB6C411BF4B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed]
FirewallRules: [{A297773B-2450-4240-91B1-E620FFD9ABDA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{D77D211B-51D3-4892-AC4F-93D9668C00A3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{77A85CBC-CBB1-4648-B3E3-5107CA8D4B6E}] => (Allow) C:\Program Files\Acer\PredatorSense Service\PSMobile.exe (Acer Incorporated -> Acer Incorporated)
FirewallRules: [{C39684F0-0C2E-4997-9632-64C8A0BF5BC7}] => (Allow) LPort=1688
FirewallRules: [{23BEE4BC-57FF-4DA7-90CE-596458857A3B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{53A220CD-2F57-41FD-9DFE-4654DE30539A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{16827971-00BA-4101-8016-1065CAA56CDE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [{0878BBEC-6A36-4133-B240-53B05A7893A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [{04D721C8-E162-4CB1-9EE4-4406CD8ED208}] => (Allow) C:\Users\Predator\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{E520C0C9-EBBC-476C-8B54-2B3E792A33EB}] => (Allow) C:\Users\Predator\AppData\Roaming\uTorrent Web\utweb.exe (Jenkins Win Client Build CA -> BitTorrent Inc.) [File not signed]
FirewallRules: [{707F8CDA-3444-4054-B1F7-3D1889B042E2}] => (Allow) C:\Users\Predator\AppData\Roaming\uTorrent Web\utweb.exe (Jenkins Win Client Build CA -> BitTorrent Inc.) [File not signed]
FirewallRules: [TCP Query User{59F05CC7-B590-455A-89A9-93F699E599EA}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{3D0A8F2F-F33F-45DF-AF78-164066464E4A}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{C0827ACE-9708-41E4-8C2E-3DBC09CDAF97}C:\users\predator\appdata\roaming\utorrent web\utweb.exe] => (Allow) C:\users\predator\appdata\roaming\utorrent web\utweb.exe (Jenkins Win Client Build CA -> BitTorrent Inc.) [File not signed]
FirewallRules: [UDP Query User{9425FF70-3FB5-4FD4-8A53-D45722910214}C:\users\predator\appdata\roaming\utorrent web\utweb.exe] => (Allow) C:\users\predator\appdata\roaming\utorrent web\utweb.exe (Jenkins Win Client Build CA -> BitTorrent Inc.) [File not signed]
FirewallRules: [{4D000003-5E6F-469E-8631-45D67B5381A8}] => (Allow) LPort=5556
FirewallRules: [{A218392C-2D4D-4D18-9D37-FD1E21D5FC74}] => (Allow) LPort=5558
FirewallRules: [{FC21407D-FDDD-4BEF-993C-D1E527D375C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Noita\noita.exe () [File not signed]
FirewallRules: [{5900202B-4B0B-40BA-9C0E-679B4B80249D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Noita\noita.exe () [File not signed]
FirewallRules: [{CB642A24-BE88-4508-B615-BA67907B5A04}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3744750E-62ED-4E11-A0B8-9CE16A335CE3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F9B1B90C-7E30-48CD-AFB2-A0AB5C34CF1B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{9515CEA7-7D38-4141-9993-875645BA41D2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{05E213DC-9D30-4D24-B94B-4396481EA4A4}] => (Allow) D:\SteamLibrary\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{1BF4B660-5576-405D-9697-77DEA6D1F498}] => (Allow) D:\SteamLibrary\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{430F94D4-4A80-461E-A5D0-560E852CC73B}] => (Allow) C:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{17343607-9A23-4D65-8F93-7F7CDBFBD1EA}] => (Allow) C:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{0136B642-4A42-4D68-9E6C-BB2BB338B29A}] => (Allow) D:\SteamLibrary\steamapps\common\Frostpunk\Frostpunk.exe (Marek Ziemak -> 11 bit studios S.A.)
FirewallRules: [{DDF5C115-054B-4042-9CC9-869696E37C20}] => (Allow) D:\SteamLibrary\steamapps\common\Frostpunk\Frostpunk.exe (Marek Ziemak -> 11 bit studios S.A.)
FirewallRules: [{B4E2CD39-0C62-467B-B29A-C9EC1F69DFA4}] => (Allow) D:\SteamLibrary\steamapps\common\Risk of Rain 2\Risk of Rain 2.exe () [File not signed]
FirewallRules: [{CEC25D48-DE11-41B0-B340-5AC78125697B}] => (Allow) D:\SteamLibrary\steamapps\common\Risk of Rain 2\Risk of Rain 2.exe () [File not signed]
FirewallRules: [{919FF8F5-EE4C-48EB-8E52-A966F393C67C}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x64\Hades.exe () [File not signed]
FirewallRules: [{B53A6CA0-6B55-4B41-AB38-36EF666710C2}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x64\Hades.exe () [File not signed]
FirewallRules: [{477081A5-2536-4021-AE0A-9CE82BE8CCC4}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x64Vk\Hades.exe () [File not signed]
FirewallRules: [{7739B2FB-C548-4C86-BFDA-C4D3DE1032CB}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x64Vk\Hades.exe () [File not signed]
FirewallRules: [{4AEDDCED-CA5C-4710-80E7-56CF5A03B816}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x86\Hades.exe () [File not signed]
FirewallRules: [{2A892D41-A607-42A3-980E-6FA7596C313C}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x86\Hades.exe () [File not signed]
FirewallRules: [{5F79DD4B-C8ED-4EC0-8B9E-59FC9CFB2B7B}] => (Allow) D:\SteamLibrary\steamapps\common\Cyberpunk 2077\REDprelauncher.exe (GOG Sp. z o.o. -> GOG.com)
FirewallRules: [{A1DEF92D-6B1B-4AA4-9450-7454CF9DE8C3}] => (Allow) D:\SteamLibrary\steamapps\common\Cyberpunk 2077\REDprelauncher.exe (GOG Sp. z o.o. -> GOG.com)
FirewallRules: [TCP Query User{80DFDF74-D9F2-4DCA-9D3C-9A18116B9276}D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [UDP Query User{BA79B7DC-F04A-43F6-94C3-830EAEE4CB8E}D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [{152AE6EA-7CDE-40F7-A6BA-BC8C50D2EF02}] => (Allow) D:\SteamLibrary\steamapps\common\OxygenNotIncluded\OxygenNotIncluded.exe () [File not signed]
FirewallRules: [{F19D12E7-EFC2-4097-B951-86EBFD2936BB}] => (Allow) D:\SteamLibrary\steamapps\common\OxygenNotIncluded\OxygenNotIncluded.exe () [File not signed]
FirewallRules: [{0A73930D-97CB-431C-BD9C-EC7888A4048F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{50D43171-131F-48C1-AB3A-19E2F016A731}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CFBBAA07-A265-42D6-9391-9F1A51522F68}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{61ED058C-9686-4C1B-B8AE-3FBCA8D9E10E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{438AE6F0-5DD7-4367-91AD-D93805C31C08}] => (Allow) D:\SteamLibrary\steamapps\common\Hollow Knight\hollow_knight.exe () [File not signed]
FirewallRules: [{F9E07F44-D1D5-490D-A26D-5EF899558ABC}] => (Allow) D:\SteamLibrary\steamapps\common\Hollow Knight\hollow_knight.exe () [File not signed]
FirewallRules: [{5CA2BC43-98BF-462F-AADF-DE0AE5210CC2}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{7124117D-B6DE-40A4-A372-E6701EA6AFFE}D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [UDP Query User{CE094F67-C96D-4399-B207-14C796437F8E}D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [{AFC61512-A706-43A6-8994-2316D89083D0}] => (Allow) D:\OriginLibrary\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{9D5975D6-0401-4B32-83AA-99F8BDC2D475}] => (Allow) D:\OriginLibrary\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{7301FD69-0D6D-4B7A-A3C5-2C3D6A5A6703}] => (Allow) D:\OriginLibrary\STAR WARS Battlefront II\starwarsbattlefrontii.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{F61294EE-DD20-45DD-AB8F-E99F325B17E9}] => (Allow) D:\OriginLibrary\STAR WARS Battlefront II\starwarsbattlefrontii.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{8DE05D07-4B21-4E7D-B6BF-D92891660650}] => (Allow) C:\Program Files\Cold Turkey\Cold Turkey Blocker.exe (Cold Turkey Software, Inc. -> Cold Turkey Software Inc.)
FirewallRules: [{445BDBA8-C704-47E1-9D51-39F7E7BC07C5}] => (Allow) C:\Program Files\Cold Turkey\Cold Turkey Blocker.exe (Cold Turkey Software, Inc. -> Cold Turkey Software Inc.)
FirewallRules: [{8BCDBD85-3201-40F7-84CB-08AC6871BF56}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [{D03F056E-E411-49B0-9E08-382AC54F1D8A}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe (Plex, Inc. -> Python Software Foundation)
FirewallRules: [{6343A0F3-8581-4E78-B163-60604BF38CF6}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [{2CEF015F-4598-40CA-BA41-702E14325BA2}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe (Plex, Inc. -> )
FirewallRules: [{5136DDC4-EEEB-4636-88B1-432DD1BC4C48}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

25-01-2021 23:15:16 Installed Sophos Virus Removal Tool.

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/26/2021 01:06:22 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-01-26T11:18:22Z. Error Code: 0x80070002.

Error: (01/26/2021 01:05:52 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-01-26T11:17:52Z. Error Code: 0x80070002.

Error: (01/26/2021 01:05:22 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-01-26T11:18:22Z. Error Code: 0x80070002.

Error: (01/26/2021 01:04:52 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-01-26T11:17:52Z. Error Code: 0x80070002.

Error: (01/26/2021 01:04:22 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-01-26T11:18:22Z. Error Code: 0x80070002.

Error: (01/26/2021 01:03:52 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-01-26T11:17:52Z. Error Code: 0x80070002.

Error: (01/26/2021 01:03:22 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-01-26T11:18:22Z. Error Code: 0x80070002.

Error: (01/26/2021 01:02:52 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2021-01-26T11:17:52Z. Error Code: 0x80070002.


System errors:
=============
Error: (01/26/2021 12:53:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NDivert service failed to start due to the following error:
The driver was not loaded because it failed its initialization call.

Error: (01/26/2021 12:52:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The nordvpn-service service terminated unexpectedly. It has done this 1 time(s).

Error: (01/26/2021 07:18:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NDivert service failed to start due to the following error:
The driver was not loaded because it failed its initialization call.

Error: (01/26/2021 07:18:27 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The nordvpn-service service terminated unexpectedly. It has done this 1 time(s).

Error: (01/25/2021 11:11:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ProductAgentService service terminated unexpectedly. It has done this 1 time(s).

Error: (01/25/2021 07:22:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Epic Online Services service terminated unexpectedly. It has done this 1 time(s).

Error: (01/25/2021 03:17:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NDivert service failed to start due to the following error:
The driver was not loaded because it failed its initialization call.

Error: (01/25/2021 03:16:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The nordvpn-service service terminated unexpectedly. It has done this 2 time(s).


Windows Defender:
===================================
Date: 2021-01-20 09:30:02.5710000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {ACC5F2B3-B00C-478D-A291-D9A28D85F5ED}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-19 10:04:26.6460000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {AB40B445-6CC2-4D1E-8F04-1E2DD3D5042A}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-17 09:10:26.9690000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {C24E8599-FAA4-4C9D-B221-D350EC0AAE07}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-16 09:08:17.4710000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {D289753A-EFF4-4CFC-8FAB-0CA89AD70978}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-15 09:32:21.9780000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {7DD587C2-D05C-4325-8C36-59D4A51F0C05}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-15 19:37:57.3500000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.2223.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070422
Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Date: 2021-01-08 20:25:17.8380000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.1856.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070422
Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Date: 2021-01-08 15:27:25.7810000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.1856.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070422
Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Date: 2021-01-04 17:29:30.7480000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.1624.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070422
Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Date: 2020-12-31 17:00:07.0980000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.1388.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070422
Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

CodeIntegrity:
===================================

Date: 2021-01-26 02:42:31.9070000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume6\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-26 02:42:31.8990000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume6\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-26 02:42:31.8910000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume6\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-26 02:42:31.8830000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume6\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-26 02:42:31.8750000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume6\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-26 02:42:02.8870000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume6\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-26 02:42:02.8780000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume6\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-26 02:42:02.8700000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume6\Program Files\Box\Box\BoxShellExtShim-2.19.294.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

BIOS: Insyde Corp. V1.12 07/28/2020
Motherboard: CFL Covini_CFS
Processor: Intel(R) Core(TM) i7-9750H CPU @ 2.60GHz
Percentage of memory in use: 34%
Total physical RAM: 16223.24 MB
Available physical RAM: 10657.61 MB
Total Virtual: 17247.24 MB
Available Virtual: 10614.38 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:237.94 GB) (Free:36.76 GB) NTFS
Drive d: () (Fixed) (Total:930.88 GB) (Free:458.68 GB) NTFS

\\?\Volume{90bd557f-eeda-40df-98c9-c824fee5f592}\ (Recovery) (Fixed) (Total:0.52 GB) (Free:0.5 GB) NTFS
\\?\Volume{98cfbf4c-e03e-4864-80a9-3d9498080616}\ () (Fixed) (Total:0.52 GB) (Free:0.07 GB) NTFS
\\?\Volume{7291a17b-e9c8-4205-9de3-6c4c29d9a227}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
\\?\Volume{52e5fb0b-a7aa-11ea-b395-50e085ba1633}\ (Box) (Network) (Total:237.94 GB) (Free:36.76 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: AC8C3942)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 238.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================
 

TDMoor

Posts: 36   +0
Unfortunately it came back this morning, so I decided to reformat my PC. It's gone now, most probably for good. Thank you for your help nonetheless. I didn't know about TechSpot before I had this problem, but I'm definitely going to return to your website after this.