Inactive I may be infected, please help.

Apotherin · Feb 26, 2021

FireFox:
========
FF DefaultProfile: m786g6em.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m786g6em.default [2020-06-12]
FF NewTab: Mozilla\Firefox\Profiles\m786g6em.default -> hxxps://defaultsearch.co/homepage?hp=1&pId=IC150206&iDate=2019-12-06 10:48:11&bName=&bitmask=0600
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0g1pbg6h.default-release [2021-02-26]
FF Homepage: Mozilla\Firefox\Profiles\0g1pbg6h.default-release -> hxxps://www.google.ca/?gws_rd=ssl
FF NewTab: Mozilla\Firefox\Profiles\0g1pbg6h.default-release -> hxxps://defaultsearch.co/homepage?hp=1&pId=IC150206&iDate=2019-12-06 10:48:11&bName=&bitmask=0600
FF Extension: (Grammarly for Firefox) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0g1pbg6h.default-release\Extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi [2021-02-23]
FF Extension: (Windscribe - Free Proxy and Ad Blocker) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0g1pbg6h.default-release\Extensions\@windscribeff.xpi [2021-02-08]
FF Extension: (AdBlocker Ultimate) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0g1pbg6h.default-release\Extensions\adblockultimate@adblockultimate.net.xpi [2020-12-08]
FF Extension: (Bitdefender Anti-tracker) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0g1pbg6h.default-release\Extensions\bdtbe@bitdefender.com.xpi [2020-09-18] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/antitracker/updates.json ]
FF Extension: (Honey) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0g1pbg6h.default-release\Extensions\jid1-93CWPmRbVPjRQA@jetpack.xpi [2020-10-29]
FF Extension: (Twitch Channel Points Autoclicker) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0g1pbg6h.default-release\Extensions\{3c9b993f-29b9-44c2-a913-def7b93a70b1}.xpi [2020-08-08]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_465.dll [2020-12-09] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-09] (Adobe Inc. -> )

Chrome:
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2021-02-05]
CHR DefaultSearchURL: Default -> hxxps://q.eadblock.com/?vnd=1&q={searchTerms}
CHR DefaultSearchKeyword: Default -> q.eadblock.com
CHR Extension: (eAdBlock Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hojhhmecfdlobchoejlbonoabacfnaap [2020-02-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-02-03]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-02-03]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]

Opera:
=======
OPR Profile: C:\Users\User\AppData\Roaming\Opera Software\Opera Stable [2021-02-05]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2020-12-22]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-09] (Adobe Inc. -> Adobe)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8477080 2021-02-26] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [621728 2021-02-26] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [351848 2021-02-26] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [58048 2021-02-26] (Avast Software s.r.o. -> AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8402648 2020-01-13] (BattlEye Innovations e.K. -> )
S3 Disc Soft Ultra Bus Service; C:\Program Files\DAEMON Tools Ultra\DiscSoftBusServiceUltra.exe [6950256 2018-11-16] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2021-01-07] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [287720 2020-10-19] (NVIDIA Corporation -> NVIDIA)
S4 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1325352 2017-05-15] (HP Inc. -> HP Inc.)
R2 HPAppHelperCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_5544a2e7dfd0f875\x64\AppHelperCap.exe [693760 2021-01-06] (HP Inc. -> HP Inc.)
R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-05-23] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_5544a2e7dfd0f875\x64\NetworkCap.exe [692736 2021-01-06] (HP Inc. -> HP Inc.)
R2 HPOmenCap; C:\Windows\System32\DriverStore\FileRepository\hpomencustomcapcomp.inf_amd64_b6eaa96b215eb9da\x64\OmenCap.exe [523544 2020-06-14] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_5544a2e7dfd0f875\x64\SysInfoCap.exe [693760 2021-01-06] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_f98b15466093b28e\x64\TouchpointAnalyticsClientService.exe [479504 2021-01-06] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [621568 2017-06-27] (HP Inc.) [File not signed]
R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [10496928 2021-02-24] (Logitech Inc -> Logitech, Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2533952 2021-02-10] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3479624 2021-02-10] (Electronic Arts, Inc. -> Electronic Arts)
R2 RtkBtAudioServ; C:\Windows\RtkBtAudioServ.exe [198512 2019-12-02] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
S3 SteelSeriesUpdateService; C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesUpdateService.exe [32648 2021-01-20] (SteelSeries ApS -> )
R2 Wallpaper Engine Service; C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe [350712 2020-06-22] (Kristjan Skutta -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\NisSrv.exe [2462960 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MsMpEng.exe [128376 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\Windows\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [36792 2021-02-26] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [208672 2021-02-26] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [332880 2021-02-26] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [247888 2021-02-26] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [97360 2021-02-26] (Avast Software s.r.o. -> AVAST Software)
S0 aswElam; C:\Windows\System32\drivers\aswElam.sys [16832 2021-02-26] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42424 2021-02-26] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [176384 2021-02-26] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [522480 2021-02-26] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [108928 2021-02-26] (Avast Software s.r.o. -> AVAST Software)
S0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84496 2021-02-26] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [851256 2021-02-26] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [468888 2021-02-26] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [214808 2021-02-26] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [324904 2021-02-26] (Avast Software s.r.o. -> AVAST Software)
R3 dtultrascsibus; C:\Windows\System32\drivers\dtultrascsibus.sys [30264 2020-01-30] (Disc Soft Ltd -> Disc Soft Ltd)
R3 dtultrausbbus; C:\Windows\System32\drivers\dtultrausbbus.sys [47672 2020-01-30] (Disc Soft Ltd -> Disc Soft Ltd)
R3 HPCustomCapDriver; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_1f5602eb8a12ac4c\x64\hpcustomcapdriver.sys [33352 2018-12-18] (HP Inc. -> HP Inc.)
R3 HPOmenCustomCapDriver; C:\Windows\System32\DriverStore\FileRepository\hpomencustomcapdriver.inf_amd64_326f2e1d16385daf\x64\hpomencustomcapdriver.sys [33464 2018-12-19] (HP Inc. -> HP Inc.)
R2 HpPortIo; C:\Windows\System32\drivers\HpPortIox64.sys [31488 2020-09-18] (HP Inc. -> )
R2 LGHUBTemperatureService; C:\Program Files\LGHUB\logi_core_temp.sys [25448 2021-02-24] (Logitech Inc. -> Logitech)
R3 logi_audio_surround; C:\Windows\system32\drivers\logi_audio_surround.sys [44096 2021-02-24] (Logitech Inc -> Logitech)
R3 logi_joy_bus_enum; C:\Windows\system32\drivers\logi_joy_bus_enum.sys [38136 2019-06-04] (Logitech Inc -> Logitech)
R3 logi_joy_vir_hid; C:\Windows\system32\drivers\logi_joy_vir_hid.sys [26672 2020-05-21] (Logitech Inc -> Logitech)
R3 logi_joy_xlcore; C:\Windows\system32\drivers\logi_joy_xlcore.sys [66808 2019-06-04] (Logitech Inc -> Logitech)
S3 Netaapl; C:\Windows\System32\drivers\netaapl64.sys [32352 2017-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2019-05-29] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2019-05-29] (MiniTool Solution Ltd -> )
R1 rtf64; C:\Windows\system32\DRIVERS\rtf64x64.sys [70560 2020-09-18] (Realtek Semiconductor Corp. -> Realtek)
R3 RtkA2dp; C:\Windows\System32\drivers\RtkA2dp.sys [217032 2019-05-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
R3 RtkAvrcp; C:\Windows\System32\drivers\RtkAvrcp.sys [96984 2019-05-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-19] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 tap-tb-0901; C:\Windows\System32\drivers\tap-tb-0901.sys [38656 2019-06-19] (TunnelBear, Inc. -> The OpenVPN Project)
S3 tap0901cn; C:\Windows\System32\drivers\tap0901cn.sys [47448 2020-07-09] (Connectify (Connectify, Inc.) -> The OpenVPN Project)
S3 tapwindscribe0901; C:\Windows\System32\drivers\tapwindscribe0901.sys [54896 2018-07-06] (Windscribe Limited -> The OpenVPN Project)
S3 tap_ovpnconnect; C:\Windows\System32\drivers\tap_ovpnconnect.sys [40128 2020-08-21] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 tesrsdt; C:\WINDOWS\system32\drivers\tesrsdt.sys [442128 2019-10-26] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)
S3 TesSafe; C:\WINDOWS\system32\TesSafe.sys [555064 2019-10-26] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2019-04-03] (Apple, Inc.) [File not signed]
R3 ViGEmBus; C:\Windows\System32\DriverStore\FileRepository\vigembus.inf_amd64_e84845c70c38fbe7\x64\ViGEmBus.sys [74648 2018-08-01] (HP Inc. -> Benjamin Höglinger-Stelzer)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [49552 2021-02-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [419040 2021-02-11] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [71912 2021-02-11] (Microsoft Windows -> Microsoft Corporation)
R3 WinRing0_1_2_0; C:\Program Files (x86)\AnVir Task Manager Free\OpenHardwareMonitor\OpenHardwareMonitorLib.sys [14544 2021-02-26] (Noriyuki MIYAZAKI -> OpenLibSys.org)
S3 cpuz148; \??\C:\WINDOWS\temp\cpuz148\cpuz148_x64.sys [X]
S3 cpuz150; \??\C:\Windows\temp\cpuz150\cpuz150_x64.sys [X]
U4 npcap_wifi; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-26 04:36 - 2021-02-26 04:36 - 000013770 _____ C:\Users\User\Desktop\FRST.txt
2021-02-26 04:30 - 2021-02-26 04:36 - 000000000 ____D C:\FRST
2021-02-26 04:30 - 2021-02-26 04:30 - 000000000 ____D C:\Users\User\AppData\Roaming\Avast Software
2021-02-26 04:29 - 2021-02-26 04:30 - 002301440 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2021-02-26 04:29 - 2021-02-26 04:29 - 000851256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2021-02-26 04:29 - 2021-02-26 04:29 - 000522480 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetHub.sys
2021-02-26 04:29 - 2021-02-26 04:29 - 000468888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2021-02-26 04:29 - 2021-02-26 04:29 - 000340576 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2021-02-26 04:29 - 2021-02-26 04:29 - 000332880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2021-02-26 04:29 - 2021-02-26 04:29 - 000324904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2021-02-26 04:29 - 2021-02-26 04:29 - 000247888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2021-02-26 04:29 - 2021-02-26 04:29 - 000214808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2021-02-26 04:29 - 2021-02-26 04:29 - 000208672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2021-02-26 04:29 - 2021-02-26 04:29 - 000176384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2021-02-26 04:29 - 2021-02-26 04:29 - 000108928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2021-02-26 04:29 - 2021-02-26 04:29 - 000097360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2021-02-26 04:29 - 2021-02-26 04:29 - 000084496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2021-02-26 04:29 - 2021-02-26 04:29 - 000042424 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2021-02-26 04:29 - 2021-02-26 04:29 - 000036792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2021-02-26 04:29 - 2021-02-26 04:29 - 000016832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswElam.sys
2021-02-26 04:29 - 2021-02-26 04:29 - 000003990 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2021-02-26 04:29 - 2021-02-26 04:29 - 000001986 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2021-02-26 04:29 - 2021-02-26 04:29 - 000001974 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2021-02-26 04:29 - 2021-02-26 04:29 - 000001974 _____ C:\ProgramData\Desktop\Avast Free Antivirus.lnk
2021-02-26 04:29 - 2021-02-26 04:29 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2021-02-26 04:29 - 2021-02-26 04:29 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2021-02-26 04:29 - 2021-02-26 04:29 - 000000000 ____D C:\Program Files\Avast Software
2021-02-26 04:28 - 2021-02-26 04:30 - 000000000 ____D C:\ProgramData\Avast Software
2021-02-26 04:28 - 2021-02-26 04:28 - 531178792 _____ (AVAST Software) C:\Users\User\Downloads\avast_free_antivirus_setup_offline.exe
2021-02-26 04:21 - 2021-02-26 04:21 - 000000650 _____ C:\Users\Public\Desktop\Logitech G HUB.lnk
2021-02-26 04:21 - 2021-02-26 04:21 - 000000650 _____ C:\ProgramData\Desktop\Logitech G HUB.lnk
2021-02-26 04:21 - 2021-02-26 04:21 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2021-02-26 04:21 - 2021-02-26 04:21 - 000000000 ____D C:\Windows\LastGood
2021-02-26 04:21 - 2021-02-26 04:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2021-02-26 04:21 - 2021-02-26 04:21 - 000000000 ____D C:\Program Files\LGHUB
2021-02-25 17:55 - 2021-02-25 17:55 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-02-24 01:12 - 2021-02-24 01:12 - 004451384 _____ (Logitech) C:\Windows\system32\logi_audio_headset_render_apo.dll
2021-02-24 01:12 - 2021-02-24 01:12 - 002174656 _____ (Logitech) C:\Windows\system32\logi_audio_headset_capture_apo.dll
2021-02-23 02:20 - 2021-02-23 02:20 - 000000314 _____ C:\Users\User\Desktop\Fortnite.url
2021-02-18 22:45 - 2021-02-18 22:45 - 027255216 _____ (Acresso Software Inc.) C:\Users\User\Downloads\InstallWizard101.exe
2021-02-18 20:53 - 2021-02-18 20:53 - 000000009 _____ C:\Users\User\Desktop\EI.txt
2021-02-12 18:30 - 2021-02-12 18:30 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2021-02-12 18:30 - 2021-02-12 18:30 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2021-02-12 18:30 - 2021-02-12 18:30 - 000000315 _____ C:\Windows\system32\DrtmAuth9.bin
2021-02-12 18:30 - 2021-02-12 18:30 - 000000315 _____ C:\Windows\system32\DrtmAuth8.bin
2021-02-12 18:30 - 2021-02-12 18:30 - 000000315 _____ C:\Windows\system32\DrtmAuth7.bin
2021-02-12 18:30 - 2021-02-12 18:30 - 000000315 _____ C:\Windows\system32\DrtmAuth6.bin
2021-02-12 18:30 - 2021-02-12 18:30 - 000000315 _____ C:\Windows\system32\DrtmAuth5.bin
2021-02-12 18:30 - 2021-02-12 18:30 - 000000315 _____ C:\Windows\system32\DrtmAuth4.bin
2021-02-12 18:30 - 2021-02-12 18:30 - 000000315 _____ C:\Windows\system32\DrtmAuth3.bin
2021-02-12 18:30 - 2021-02-12 18:30 - 000000315 _____ C:\Windows\system32\DrtmAuth2.bin
2021-02-12 18:30 - 2021-02-12 18:30 - 000000315 _____ C:\Windows\system32\DrtmAuth18.bin
2021-02-12 18:30 - 2021-02-12 18:30 - 000000315 _____ C:\Windows\system32\DrtmAuth17.bin
2021-02-12 18:30 - 2021-02-12 18:30 - 000000315 _____ C:\Windows\system32\DrtmAuth16.bin
2021-02-12 18:30 - 2021-02-12 18:30 - 000000315 _____ C:\Windows\system32\DrtmAuth15.bin
2021-02-12 18:30 - 2021-02-12 18:30 - 000000315 _____ C:\Windows\system32\DrtmAuth12.bin
2021-02-12 18:30 - 2021-02-12 18:30 - 000000315 _____ C:\Windows\system32\DrtmAuth11.bin
2021-02-12 18:30 - 2021-02-12 18:30 - 000000315 _____ C:\Windows\system32\DrtmAuth10.bin
2021-02-12 18:30 - 2021-02-12 18:30 - 000000315 _____ C:\Windows\system32\DrtmAuth1.bin
2021-02-12 18:29 - 2021-02-12 18:29 - 000232752 _____ C:\Windows\system32\containerdevicemanagement.dll
2021-02-07 16:29 - 2021-02-07 20:29 - 000000000 ____D C:\Program Files (x86)\Overwolf
2021-02-07 16:29 - 2021-02-07 16:29 - 000002173 _____ C:\Users\User\Desktop\CurseForge.lnk
2021-02-07 16:28 - 2021-02-07 16:28 - 001386784 _____ (Overwolf Ltd.) C:\Users\User\Downloads\CurseForge - LP-Installer.exe
2021-02-05 20:38 - 2021-02-05 20:38 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup (Disabled by AnVir)
2021-02-05 20:38 - 2021-02-05 20:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup (Disabled by AnVir)
2021-02-05 20:33 - 2021-02-05 20:50 - 000000000 ____D C:\Users\User\AppData\Local\AnVir
2021-02-05 20:33 - 2021-02-05 20:34 - 000003220 _____ C:\Windows\system32\Tasks\AnVir Task Manager
2021-02-05 20:33 - 2021-02-05 20:33 - 004450288 _____ C:\Users\User\Downloads\taskfree.exe
2021-02-05 20:33 - 2021-02-05 20:33 - 000003366 _____ C:\Windows\system32\Tasks\Anvirlauncher
2021-02-05 20:33 - 2021-02-05 20:33 - 000001189 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\AnVir Task Manager Free.lnk
2021-02-05 20:33 - 2021-02-05 20:33 - 000001165 _____ C:\Users\User\Desktop\AnVir Task Manager Free.lnk
2021-02-05 20:33 - 2021-02-05 20:33 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnVir Task Manager Free
2021-02-05 20:33 - 2021-02-05 20:33 - 000000000 ____D C:\Program Files (x86)\AnVir Task Manager Free
2021-02-05 20:14 - 2021-02-05 20:14 - 004863280 _____ C:\Users\User\Downloads\SystemMechanicStd_DM.exe
2021-02-05 20:10 - 2021-02-05 20:10 - 000585912 _____ C:\Users\User\Downloads\smfree_dm.exe
2021-02-05 20:10 - 2021-02-05 20:10 - 000074703 _____ C:\Windows\SysWOW64\mfc45.dll
2021-02-05 20:10 - 2021-02-05 20:10 - 000000000 ____D C:\Users\User\AppData\Roaming\iolo
2021-02-04 19:38 - 2021-02-04 19:38 - 000001198 _____ C:\Users\Public\Desktop\Apex Legends.lnk
2021-02-04 19:38 - 2021-02-04 19:38 - 000001198 _____ C:\ProgramData\Desktop\Apex Legends.lnk
2021-02-04 19:38 - 2021-02-04 19:38 - 000000000 ___HD C:\Program Files\Common Files\EAInstaller
2021-02-04 19:24 - 2021-02-06 20:51 - 000000000 ____D C:\Program Files (x86)\Origin Games
2021-02-04 19:22 - 2021-02-23 14:40 - 000000000 ____D C:\Program Files (x86)\Origin
2021-02-04 19:22 - 2021-02-04 19:22 - 000001065 _____ C:\Users\Public\Desktop\Origin.lnk
2021-02-04 19:22 - 2021-02-04 19:22 - 000001065 _____ C:\ProgramData\Desktop\Origin.lnk
2021-02-04 19:22 - 2021-02-04 19:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2021-02-04 19:21 - 2021-02-07 16:31 - 000000000 ____D C:\Users\User\AppData\Roaming\Origin
2021-02-04 19:21 - 2021-02-06 20:51 - 000000000 ____D C:\Users\User\AppData\Local\Origin
2021-02-04 19:21 - 2021-02-04 19:21 - 069192266 _____ (Electronic Arts) C:\Users\User\Downloads\ApexLegendsInstaller.exe
2021-02-01 20:46 - 2021-02-01 20:46 - 000001062 _____ C:\Users\Public\Desktop\World of Warcraft.lnk
2021-02-01 20:46 - 2021-02-01 20:46 - 000001062 _____ C:\ProgramData\Desktop\World of Warcraft.lnk
2021-02-01 20:46 - 2021-02-01 20:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2021-02-01 20:44 - 2021-02-04 06:02 - 000000000 ____D C:\Program Files (x86)\World of Warcraft
2021-02-01 20:07 - 2021-02-01 20:07 - 004950512 _____ (Blizzard Entertainment) C:\Users\User\Downloads\World-of-Warcraft-Setup.exe
2021-01-30 19:17 - 2021-01-30 19:17 - 000000000 ____D C:\Users\User\AppData\Roaming\twitch-desktop-electron-platform

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-26 04:29 - 2019-03-19 00:52 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-02-26 04:27 - 2019-07-11 20:36 - 000936976 _____ C:\Windows\system32\PerfStringBackup.INI
2021-02-26 04:27 - 2019-03-19 00:50 - 000000000 ____D C:\Windows\INF
2021-02-26 04:24 - 2019-03-19 00:52 - 000000000 ____D C:\Windows\AppReadiness
2021-02-26 04:22 - 2019-11-23 12:11 - 000000000 ____D C:\Users\User\AppData\Local\LGHUB
2021-02-26 04:22 - 2019-06-04 22:21 - 000000000 ____D C:\Users\User\AppData\Roaming\LGHUB
2021-02-26 04:21 - 2019-07-11 20:38 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-02-26 04:21 - 2019-06-04 22:20 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-02-26 04:21 - 2019-06-04 22:20 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2021-02-26 04:21 - 2019-06-04 22:20 - 000000000 ____D C:\ProgramData\Mozilla
2021-02-26 04:21 - 2019-06-04 22:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-02-26 04:21 - 2019-05-28 15:53 - 000000000 ____D C:\ProgramData\NVIDIA
2021-02-26 04:21 - 2019-03-19 00:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-26 04:20 - 2019-06-11 00:50 - 000000000 ____D C:\Users\User\AppData\Roaming\Discord
2021-02-26 04:20 - 2019-03-19 00:52 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-02-26 04:20 - 2019-03-19 00:37 - 000786432 _____ C:\Windows\system32\config\BBI
2021-02-26 04:19 - 2019-05-28 16:55 - 000000000 ____D C:\Users\User\AppData\Local\Packages
2021-02-26 04:18 - 2019-03-19 00:52 - 000000000 ___HD C:\Program Files\WindowsApps
2021-02-26 04:15 - 2019-05-28 15:55 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2021-02-26 04:15 - 2019-05-28 15:52 - 000000000 ____D C:\Program Files (x86)\Intel
2021-02-26 04:15 - 2017-09-25 06:19 - 000000000 ____D C:\ProgramData\Package Cache
2021-02-26 03:54 - 2019-07-11 20:24 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-02-25 04:51 - 2019-06-07 01:48 - 000000000 ____D C:\ProgramData\Riot Games
2021-02-24 01:12 - 2019-10-05 16:56 - 000044096 _____ (Logitech) C:\Windows\system32\Drivers\logi_audio_surround.sys
2021-02-23 01:42 - 2020-12-25 02:31 - 000000000 ____D C:\Program Files\Epic Games
2021-02-23 01:39 - 2019-03-19 00:37 - 000000000 ____D C:\Windows\CbsTemp
2021-02-19 15:32 - 2020-09-21 04:20 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-02-19 15:07 - 2020-07-07 17:13 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-02-19 15:07 - 2020-07-07 17:13 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-02-19 15:07 - 2020-07-07 17:13 - 000002283 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-02-18 20:50 - 2019-06-07 02:04 - 000000000 ____D C:\Users\User\AppData\Roaming\NexonLauncher
2021-02-18 19:35 - 2019-06-04 22:55 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps
2021-02-14 19:12 - 2020-02-11 19:07 - 000485336 _____ C:\Windows\system32\FNTCACHE.DAT
2021-02-14 19:12 - 2019-07-11 20:40 - 000000000 ___RD C:\Users\User\3D Objects
2021-02-14 19:12 - 2017-03-17 23:53 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-02-14 19:11 - 2019-03-19 00:52 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-02-14 19:11 - 2019-03-19 00:52 - 000000000 ____D C:\Windows\SystemResources
2021-02-14 19:11 - 2019-03-19 00:52 - 000000000 ____D C:\Windows\system32\oobe
2021-02-14 19:11 - 2019-03-19 00:52 - 000000000 ____D C:\Windows\system32\es-MX
2021-02-14 19:11 - 2019-03-19 00:52 - 000000000 ____D C:\Windows\system32\Dism
2021-02-14 19:11 - 2019-03-19 00:52 - 000000000 ____D C:\Windows\ShellExperiences
2021-02-14 19:11 - 2019-03-19 00:52 - 000000000 ____D C:\Windows\PolicyDefinitions
2021-02-14 19:11 - 2019-03-19 00:52 - 000000000 ____D C:\Windows\bcastdvr
2021-02-14 19:11 - 2019-03-19 00:52 - 000000000 ____D C:\Program Files\Common Files\System
2021-02-12 21:53 - 2020-04-24 17:43 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\gamingtcuihelpers.dll
2021-02-12 21:53 - 2019-07-11 20:43 - 001615824 _____ (Microsoft Corporation) C:\Windows\system32\xgameruntime.dll
2021-02-12 21:52 - 2019-12-12 00:30 - 000198088 _____ (Microsoft Corporation) C:\Windows\system32\gameplatformservices.dll
2021-02-12 21:52 - 2019-10-10 19:45 - 000038352 _____ (Microsoft Corporation) C:\Windows\system32\gamemodcontrol.exe
2021-02-12 21:52 - 2019-07-11 20:43 - 000167368 _____ (Microsoft Corporation) C:\Windows\system32\gamingservicesproxy.dll
2021-02-12 21:52 - 2019-07-11 20:43 - 000159176 _____ (Microsoft Corporation) C:\Windows\system32\gameconfighelper.dll
2021-02-12 18:31 - 2019-03-19 02:20 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\OEMDefaultAssociations.dll
2021-02-12 18:31 - 2019-03-19 02:20 - 000019469 _____ C:\Windows\system32\OEMDefaultAssociations.xml
2021-02-11 18:17 - 2019-07-11 20:38 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-02-11 00:49 - 2020-07-07 17:13 - 000003480 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-02-11 00:49 - 2020-07-07 17:13 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-02-10 16:44 - 2020-12-22 22:11 - 000004202 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1608689482
2021-02-10 16:44 - 2020-12-22 22:11 - 000001405 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2021-02-10 08:06 - 2019-06-05 00:35 - 000000000 ____D C:\Windows\system32\MRT
2021-02-10 08:05 - 2019-06-05 00:35 - 130141752 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-02-08 08:41 - 2019-07-11 20:38 - 000003372 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1957907147-79231427-402788363-1001
2021-02-08 08:41 - 2019-07-11 20:08 - 000002363 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-02-08 08:41 - 2019-05-28 16:58 - 000000000 ___RD C:\Users\User\OneDrive
2021-02-07 21:07 - 2020-10-29 15:11 - 000000000 ____D C:\Users\User\AppData\Local\Battle.net
2021-02-07 16:31 - 2020-07-25 00:29 - 000000000 ____D C:\ProgramData\Origin
2021-02-07 16:29 - 2020-10-06 23:49 - 000004382 _____ C:\Windows\system32\Tasks\Overwolf Updater Task
2021-02-07 16:29 - 2020-10-06 23:49 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2021-02-07 16:29 - 2020-10-06 23:48 - 000000000 ____D C:\Users\User\AppData\Local\Overwolf
2021-02-06 21:16 - 2019-07-12 16:25 - 000000000 ____D C:\Users\User\AppData\Local\D3DSCache
2021-02-05 20:30 - 2020-09-21 04:20 - 000916288 _____ (Microsoft Corporation) C:\Windows\system32\sedplugins.dll
2021-02-05 20:30 - 2020-09-21 04:20 - 000437056 _____ (Microsoft Corporation) C:\Windows\system32\QualityUpdateAssistant.dll
2021-02-05 20:13 - 2019-12-17 22:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2021-02-05 20:13 - 2017-09-25 06:21 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2021-02-04 19:56 - 2020-10-14 01:45 - 000000000 ____D C:\Users\User\AppData\Roaming\Twitch
2021-02-04 19:55 - 2020-10-24 10:34 - 000000000 ____D C:\Users\User\AppData\Roaming\EasyAntiCheat
2021-02-04 07:23 - 2019-06-04 22:33 - 000000000 ____D C:\Program Files (x86)\Steam
2021-02-02 02:16 - 2020-09-18 07:32 - 000001517 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver & Support Assistant.lnk
2021-02-01 20:44 - 2019-12-06 21:47 - 000000000 ____D C:\Users\User\AppData\Local\cache
2021-02-01 20:09 - 2020-10-29 15:10 - 000000000 ____D C:\Program Files (x86)\Battle.net

==================== Files in the root of some directories ========

2020-10-25 13:34 - 2020-10-25 14:13 - 000000128 _____ () C:\Users\User\AppData\Local\PUTTY.RND
2019-07-12 16:26 - 2021-01-02 00:28 - 000007600 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Apotherin · Feb 26, 2021

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-02-2021
Ran by User (26-02-2021 04:37:20)
Running from C:\Users\User\Desktop
Windows 10 Home Version 1909 18363.1379 (X64) (2019-07-12 00:39:49)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1957907147-79231427-402788363-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-1957907147-79231427-402788363-503 - Limited - Disabled)
Guest (S-1-5-21-1957907147-79231427-402788363-501 - Limited - Disabled)
User (S-1-5-21-1957907147-79231427-402788363-1001 - Administrator - Enabled) => C:\Users\User
WDAGUtilityAccount (S-1-5-21-1957907147-79231427-402788363-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.465 - Adobe)
AnVir Task Manager Free (HKLM-x32\...\AnVir Task Manager Free) (Version: 9.3.3 - AnVir Software)
Apex Legends (HKLM-x32\...\{D7FBF176-382D-484E-863A-DFD1124A2A1C}) (Version: 1.0.5.5 - Electronic Arts, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 20.10.2442 - Avast Software)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BitTorrent (HKU\S-1-5-21-1957907147-79231427-402788363-1001\...\BitTorrent) (Version: 7.10.5.45857 - BitTorrent Inc.)
CPUID CPU-Z 1.93 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.93 - CPUID, Inc.)
CurseForge (HKU\S-1-5-21-1957907147-79231427-402788363-1001\...\Overwolf_cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj) (Version: 0.167.2.4 - Overwolf app)
DAEMON Tools Ultra (HKLM\...\DAEMON Tools Ultra) (Version: 5.4.0.0894 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-1957907147-79231427-402788363-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{FEF3A9BA-A962-4469-AD62-04839D4BB847}) (Version: 1.1.298.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
GameInput Redistributable (HKLM-x32\...\{7E52156F-18FE-B953-BEA9-6BE6A77AFDFF}) (Version: 10.1.19041.3906 - Microsoft Corporation)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
HP Audio Switch (HKLM-x32\...\{BC852AA8-58F6-4F07-ACB1-7377E52CA4F3}) (Version: 1.0.150.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{54da9769-2364-4bd3-8139-6400500778b3}) (Version: 5.3.22034 - HP Inc.)
HP JumpStart Apps (HKLM-x32\...\HP JumpStart Apps) (Version: 7.0.32 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{EB0912FF-C311-4E0F-A6B1-420FDD3C295E}) (Version: 1.3.0.407 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{6A139049-EBB9-4076-8664-B468888E55A3}) (Version: 1.3.392.0 - HP Inc.)
HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.0.4 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{2282C4AC-ADFD-4CB7-962E-D700F62024E6}) (Version: 1.4.24 - HP Inc.)
Intel Driver && Support Assistant (HKLM-x32\...\{F0E9774D-C5A1-4C83-89F9-191E1334D476}) (Version: 21.1.5.2 - Intel) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{17408817-d415-4768-a160-ae6d46d6bdb0}) (Version: 10.1.1.44 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1037 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.8.0.1006 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{beabe998-b0dd-460a-82c3-f48ff70bca66}) (Version: 21.1.5.2 - Intel)
Intel® Memory and Storage Tool (HKLM-x32\...\{E26CF14B-871D-411D-920B-78DD480B5C01}) (Version: 1.3.92 - Intel)
Intel® SSD Toolbox (HKLM-x32\...\{06D085C8-1F00-11B2-96A7-8f0CE39193ED}) (Version: 3.5.12.400 - Intel Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: - Logitech)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.74 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.59 - )
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 88.0.705.81 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1957907147-79231427-402788363-1001\...\OneDriveSetup.exe) (Version: 21.002.0104.0005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1957907147-79231427-402788363-500\...\OneDriveSetup.exe) (Version: 20.143.0716.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{BAB9FCC5-1506-4B4F-BFCA-EDE0BDB86C21}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 86.0 (x64 en-CA) (HKLM\...\Mozilla Firefox 86.0 (x64 en-CA)) (Version: 86.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 67.0.1 - Mozilla)
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 2.1.0 - Nexon)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden
NVIDIA FrameView SDK 1.1.4923.29214634 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29214634 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.20.5.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.5.70 - NVIDIA Corporation)
NVIDIA Graphics Driver 460.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 460.89 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden
OMEN Command Center (HKLM\...\{B13CB0A1-4411-404C-A7DB-BB1441B089EC}) (Version: 1.3.118 - HP Inc.)
Opera Stable 74.0.3911.107 (HKU\S-1-5-21-1957907147-79231427-402788363-1001\...\Opera 74.0.3911.107) (Version: 74.0.3911.107 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 10.5.93.46608 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.165.0.28 - Overwolf Ltd.)
Popcorn-Time (HKU\S-1-5-21-1957907147-79231427-402788363-1001\...\Popcorn-Time) (Version: 0.4.4 - Popcorn Time)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.106 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.31235 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.18.526.2017 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8924.1 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.100 - REALTEK Semiconductor Corp.)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.19.0 (HKLM\...\SteelSeries Engine 3) (Version: 3.19.0 - SteelSeries ApS)
Twitch (HKU\S-1-5-21-1957907147-79231427-402788363-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 8.0.0 - Twitch Interactive, Inc.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F14FB68A-9188-4036-AD0D-D054BC9C9291}) (Version: 2.59.0.0 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{2E8B8BDD-03DF-4C1C-8C99-E6A4BCBF43CE}) (Version: 2.51.0.0 - Microsoft Corporation)
Windows Driver Package - Sony Computer Entertainment Inc. Wireless controller for PLAYSTATION(R)3 Driver Package (01/20/2012 1.4.0.0) (HKLM\...\D5410AE5FA467EF0F19558D5F60C991A79E11B51) (Version: 01/20/2012 1.4.0.0 - Sony Computer Entertainment Inc.)
Windows Subsystem for Linux Update (HKLM\...\{8D646799-DB00-4000-AE7A-756A05A4F1D8}) (Version: 5.4.72 - Microsoft Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)

Packages:
=========
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.7.238.0_x64__v10z8vjag6ke6 [2021-02-22] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-06-04] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-06-04] (Microsoft Corporation) [MS Ad]
Ubuntu -> C:\Program Files\WindowsApps\CanonicalGroupLimited.UbuntuonWindows_2004.2021.222.0_x64__79rhkp1fndgsc [2021-02-24] (Canonical Group Limited)
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2019-07-11] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1957907147-79231427-402788363-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (IDSA Production signing key 2021 -> Intel)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-02-26] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-02-26] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers2: [DaemonShellExtDriveUltra] -> {F0E53CA3-02F8-40AE-9470-309F0309036F} => C:\Program Files\DAEMON Tools Ultra\DTShl64.dll [2018-11-16] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-02-26] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [DaemonShellExtImageUltra] -> {B5EBA666-2B94-4C7A-9CAA-A4539F329646} => C:\Program Files\DAEMON Tools Ultra\DTShl64.dll [2018-11-16] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2020-12-11] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-02-26] (Avast Software s.r.o. -> AVAST Software)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.FPS1] => C:\windows\system32\frapsv64.dll [105984 2019-08-30] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [94208 2019-08-30] (Beepa P/L) [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\User\Desktop\facebook.lnk -> C:\Users\User\AppData\Local\Programs\Opera\launcher.exe (Opera Software) -> www.facebook.com
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\76f9e4d33b60b312\Popcorn-Time.lnk -> C:\Users\User\AppData\Local\Popcorn-Time\Popcorn-Time.exe (The NW.js Community) -> --user-data-dir="C:\Users\User\AppData\Local\Popcorn-Time\User Data" --profile-directory=Default --app-id=hecfofbbdfadifpemejbbdcjmfmboohj

==================== Loaded Modules (Whitelisted) =============

2017-09-01 05:54 - 2017-09-01 05:54 - 000172032 _____ (HP.Inc) [File not signed] C:\Program Files\HP\OMEN Ally\SdkWrapperForNativeCode.dll
2020-01-30 22:26 - 2019-02-21 12:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2019-05-28 15:58 - 2020-09-18 08:43 - 000330240 _____ (Realtek Semiconductor Corp.) [File not signed] C:\Windows\SYSTEM32\RtBWCtrl.dll
2021-02-04 19:22 - 2021-02-04 19:21 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2021-02-04 19:22 - 2021-02-04 19:21 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2021-02-04 19:22 - 2021-02-04 19:21 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2021-02-23 14:40 - 2021-02-04 19:21 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2021-02-23 14:40 - 2021-02-04 19:21 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2021-02-23 14:40 - 2021-02-04 19:21 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2021-02-23 14:40 - 2021-02-04 19:21 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2021-02-23 14:40 - 2021-02-04 19:21 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2021-02-23 14:40 - 2021-02-04 19:21 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll
2019-05-28 15:58 - 2020-09-18 08:43 - 002216448 _____ (TODO: <Company name>) [File not signed] C:\Windows\SYSTEM32\wlanCliDLL.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [470]
AlternateDataStreams: C:\Users\User\AppData\Local\Temp:$DATA [16]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-1957907147-79231427-402788363-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1957907147-79231427-402788363-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-1957907147-79231427-402788363-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-1957907147-79231427-402788363-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1957907147-79231427-402788363-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-1957907147-79231427-402788363-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2020-10-29] (HP Inc. -> HP Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2020-10-29] (HP Inc. -> HP Inc.)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1957907147-79231427-402788363-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1957907147-79231427-402788363-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2020-01-31 15:48 - 2020-09-15 08:16 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Memory And Storage Tool\
HKU\S-1-5-21-1957907147-79231427-402788363-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-1957907147-79231427-402788363-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 203.141.128.37 - 209.59.96.12
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: Realtek LightWeight Filter (NDIS6.40) -> nt_rtf64 (enabled)
Wi-Fi: Realtek LightWeight Filter (NDIS6.40) -> nt_rtf64 (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: brave => 2
MSCONFIG\Services: bravem => 3
MSCONFIG\Services: BTDevManager => 2
MSCONFIG\Services: ClientAnalyticsService => 3
MSCONFIG\Services: EasyAntiCheat => 3
MSCONFIG\Services: HasteUEService => 2
MSCONFIG\Services: HP Comm Recover => 2
MSCONFIG\Services: HPJumpStartBridge => 2
MSCONFIG\Services: hpqcaslwmiex => 3
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: HPWMISVC => 2
MSCONFIG\Services: iaStorAfsService => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: Intel(R) Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: Intel(R) TPM Provisioning Service => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LGHUBUpdaterService => 2
MSCONFIG\Services: McAWFwk => 3
MSCONFIG\Services: mccspsvc => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NvContainerLocalSystem => 2
MSCONFIG\Services: NvContainerNetworkService => 3
MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2
MSCONFIG\Services: OverwolfUpdater => 3
MSCONFIG\Services: PornTime Updater => 2
MSCONFIG\Services: QMEmulatorService => 2
MSCONFIG\Services: RstMwService => 2
MSCONFIG\Services: RtkAudioService => 2
MSCONFIG\Services: RtkBtManServ => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TunnelBearMaintenance => 2
MSCONFIG\Services: XTU3SERVICE => 2
HKLM\...\StartupApproved\StartupFolder: => "AVG TuneUp.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "BdVpnApp"
HKLM\...\StartupApproved\Run32: => "HPMessageService"
HKLM\...\StartupApproved\Run32: => "Intel Driver & Support Assistant"
HKU\S-1-5-21-1957907147-79231427-402788363-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1957907147-79231427-402788363-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1957907147-79231427-402788363-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-1957907147-79231427-402788363-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-1957907147-79231427-402788363-1001\...\StartupApproved\Run: => "Haste"
HKU\S-1-5-21-1957907147-79231427-402788363-1001\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-1957907147-79231427-402788363-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-1957907147-79231427-402788363-1001\...\StartupApproved\Run: => "Web Companion"
HKU\S-1-5-21-1957907147-79231427-402788363-1001\...\StartupApproved\Run: => "DAEMON Tools Ultra Agent"
HKU\S-1-5-21-1957907147-79231427-402788363-1001\...\StartupApproved\Run: => "MobalyticsHQ.DesktopApp"
HKU\S-1-5-21-1957907147-79231427-402788363-1001\...\StartupApproved\Run: => "com.blitz.app"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5E3DB2D2-BDBE-44EA-BD85-6D4BE0311B6C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{36B02FA5-0E10-4314-8DC2-9B6FB2D7832F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{B330C482-92D5-409F-A106-97934D1437D1}] => (Allow) C:\Riot Games\League of Legends\LeagueClient.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{FCE598D9-7906-4FB5-B278-17C293AEAD2C}] => (Allow) C:\Riot Games\League of Legends\LeagueClient.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{5B0C8E54-6A83-40CB-8761-4079A512BDD5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C9B93C24-9B59-4790-B155-BFB2DE5BB500}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{981CE805-2B31-426D-933F-FCD88E92B752}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{1D9EE00C-B802-488D-8291-1F382C8402FF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{4B210B6A-2F62-4B62-A8FC-2DE83AF5E9B9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6D16741D-9AF6-4911-9EEC-8024881D5434}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{B470FFB8-1936-4B05-BEAC-08E9790652C4}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [UDP Query User{8CEF0EF6-CB08-4A12-9C20-8DC165D9984B}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{97E0AAD2-2269-4415-A7EB-9A14997A1B50}] => (Allow) C:\Program Files (x86)\Common Files\PT\updater.exe => No File
FirewallRules: [{A319BEE3-88EB-49AF-B06D-A5239D9EEC54}] => (Allow) C:\Program Files (x86)\Common Files\PT\updater.exe => No File
FirewallRules: [{8E7A6262-7657-4C3B-8D02-DCD1DC54194E}] => (Allow) C:\Program Files (x86)\Common Files\PT\updater.exe => No File
FirewallRules: [{D0284536-4736-4D80-9183-65ECFB6A0C42}] => (Allow) C:\Program Files (x86)\Common Files\PT\updater.exe => No File
FirewallRules: [{7A34D105-BEC9-4C1F-9026-9466B823307F}] => (Allow) C:\Users\User\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{13417EBF-EEE3-4C9E-8557-FB2034A6839B}] => (Allow) C:\Users\User\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{5DAA3461-A485-4336-BF12-496B0BF127AF}] => (Allow) C:\Users\User\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{3905C5C2-5A6E-4D0A-9C30-29D1981573BC}] => (Allow) C:\Users\User\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{700EC818-40E8-443F-9AB1-7EA2D0A20E58}] => (Allow) C:\Users\User\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{5CFD083D-CEE7-45F1-8A3E-82564AAECFAA}] => (Allow) C:\Users\User\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [TCP Query User{F19D7AD9-3A06-4F81-A2BC-9D1C87368125}C:\users\user\appdata\local\blitz\current\blitz.exe] => (Allow) C:\users\user\appdata\local\blitz\current\blitz.exe => No File
FirewallRules: [UDP Query User{EAF99367-E39E-4C1A-8177-0B8ADE395EE3}C:\users\user\appdata\local\blitz\current\blitz.exe] => (Allow) C:\users\user\appdata\local\blitz\current\blitz.exe => No File
FirewallRules: [{269C09C9-4532-49AB-B04D-BDBECD2BDF47}] => (Block) C:\users\user\appdata\local\blitz\current\blitz.exe => No File
FirewallRules: [{462071CA-D9CE-48C3-A95F-3D809A61DDDC}] => (Block) C:\users\user\appdata\local\blitz\current\blitz.exe => No File
FirewallRules: [{35E6A2BF-3E15-411D-BFF4-EE675363760A}] => (Allow) C:\Users\User\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{EB0788B4-C578-4F93-84BC-0C41DA210813}] => (Allow) C:\Users\User\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{97136518-42B4-4831-A9FB-15F7B9ED23CF}] => (Allow) C:\Program Files\DAEMON Tools Ultra\DiscSoftBusServiceUltra.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [TCP Query User{11A84833-DD3F-4861-A1C7-AB5FEF211A41}C:\users\user\appdata\local\popcorn-time\popcorn-time.exe] => (Allow) C:\users\user\appdata\local\popcorn-time\popcorn-time.exe (The NW.js Community) [File not signed]
FirewallRules: [UDP Query User{1011CB51-96BD-4623-83D8-5870EC2AC552}C:\users\user\appdata\local\popcorn-time\popcorn-time.exe] => (Allow) C:\users\user\appdata\local\popcorn-time\popcorn-time.exe (The NW.js Community) [File not signed]
FirewallRules: [TCP Query User{839ABD4A-F99A-417A-AC1E-453AB90C9E0F}C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe => No File
FirewallRules: [UDP Query User{0B9AF192-EA2C-4AEA-BDA7-B15CF7824925}C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe => No File
FirewallRules: [TCP Query User{32FE42E0-6678-45B0-9ACD-6F87AE95A5BD}C:\users\user\appdata\local\programs\blitz\blitz.exe] => (Block) C:\users\user\appdata\local\programs\blitz\blitz.exe => No File
FirewallRules: [UDP Query User{F791075B-C72A-4FB9-B4C5-26E14B12F45A}C:\users\user\appdata\local\programs\blitz\blitz.exe] => (Block) C:\users\user\appdata\local\programs\blitz\blitz.exe => No File
FirewallRules: [TCP Query User{E6BB84B9-97F2-49D0-AF4D-949B31439B1C}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [UDP Query User{CAD0C682-D225-4FDD-9CBC-493A3CF8923D}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [{C5C1EAE2-0865-43B6-972C-84AA34D68F9A}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
FirewallRules: [{8CE43D0D-607E-4B7B-A065-B2E2F5D4D1AB}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
FirewallRules: [{E1747414-26D4-42EA-8725-F00168F0D44D}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
FirewallRules: [{745779D1-2DC3-4B81-AD00-D1D1B3732B3A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan -> )
FirewallRules: [{CBA3C294-1D1D-4394-A7ED-90E48A0E4C5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan -> )
FirewallRules: [{363156E1-7EC3-41FE-8B73-857C08AFE775}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PanzerBall\WindowsNoEditor\Ball.exe => No File
FirewallRules: [{E14E5E6A-A287-417F-BFD1-D2DEF182D402}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PanzerBall\WindowsNoEditor\Ball.exe => No File
FirewallRules: [TCP Query User{85B6AEF4-E58D-4399-A22B-A869811D7239}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{2E100B10-1D6D-48E7-81C4-1180B6AC956A}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B0731FEA-F233-4EAF-840C-16E345D0A02F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8983F627-E0B2-43A3-8731-2F63D8421F27}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BE0E1C6C-7CC2-4252-8A1D-F6A7084E1B40}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{283317B5-1D08-43F3-B667-8A08F5ADE2F3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{5D9D8C57-422F-4785-8B56-4B93574795D6}C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe] => (Block) C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe => No File
FirewallRules: [UDP Query User{A5C23132-A851-4392-84DC-503765066589}C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe] => (Block) C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe => No File
FirewallRules: [TCP Query User{E929DBB8-EDA1-4491-8481-36B6A6044134}C:\users\user\appdata\local\packages\canonicalgrouplimited.ubuntuonwindows_79rhkp1fndgsc\localstate\rootfs\usr\sbin\apache2] => (Allow) C:\users\user\appdata\local\packages\canonicalgrouplimited.ubuntuonwindows_79rhkp1fndgsc\localstate\rootfs\usr\sbin\apache2 () [File not signed]
FirewallRules: [UDP Query User{0B916518-1F29-4E6E-88CC-0354B804F03E}C:\users\user\appdata\local\packages\canonicalgrouplimited.ubuntuonwindows_79rhkp1fndgsc\localstate\rootfs\usr\sbin\apache2] => (Allow) C:\users\user\appdata\local\packages\canonicalgrouplimited.ubuntuonwindows_79rhkp1fndgsc\localstate\rootfs\usr\sbin\apache2 () [File not signed]
FirewallRules: [{FF939A1B-003F-4EFC-9556-223E4F85D2C5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{95CC3BDF-3020-4B08-A7E5-5EFBEF120FD3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{D7A2A9F9-A808-4BBB-8B37-1A1A7076C109}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{9069B365-C459-4F35-9774-31DA184904C8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5567F584-D1F3-4F91-A340-BD58E7537A1E}] => (Allow) C:\Games\Red Dead Redemption 2\RDR2.exe => No File
FirewallRules: [{554F6E3E-0FC4-496F-AA7A-379C176B23B3}] => (Allow) C:\Games\Red Dead Redemption 2\RDR2.exe => No File
FirewallRules: [{9791D8D5-BD8C-434C-994D-8CF1B29FBAE7}] => (Block) %SystemDrive%\Games\Red Dead Redemption 2\Launcher.exe => No File
FirewallRules: [{C5F1ABED-F917-4538-AAE4-47EA9143EE7D}] => (Block) %SystemDrive%\Games\Red Dead Redemption 2\RDR2.exe => No File
FirewallRules: [{02532AB4-4644-4D41-B505-A2CFB6B4FA4E}] => (Block) %SystemDrive%\Games\Red Dead Redemption 2\Launcher.exe => No File
FirewallRules: [{64245A5C-8268-485C-A7F2-65910F858621}] => (Block) %SystemDrive%\Games\Red Dead Redemption 2\RDR2.exe => No File
FirewallRules: [TCP Query User{2BCCD64E-2867-4A47-A4E8-07B4C3F1815A}C:\users\user\downloads\red.dead.redemption.2.ultimate.edition.rgl.rip-insaneramzes\red dead redemption 2\rdr2.exe] => (Allow) C:\users\user\downloads\red.dead.redemption.2.ultimate.edition.rgl.rip-insaneramzes\red dead redemption 2\rdr2.exe (Rockstar Games) [File not signed]
FirewallRules: [UDP Query User{286B4EAA-A72E-4454-A15A-CDA1BAF0C257}C:\users\user\downloads\red.dead.redemption.2.ultimate.edition.rgl.rip-insaneramzes\red dead redemption 2\rdr2.exe] => (Allow) C:\users\user\downloads\red.dead.redemption.2.ultimate.edition.rgl.rip-insaneramzes\red dead redemption 2\rdr2.exe (Rockstar Games) [File not signed]
FirewallRules: [{DC69C6F6-69A6-4634-A7A9-8C0F3D84A69F}] => (Allow) C:\Users\User\AppData\Local\Programs\Opera\73.0.3856.344\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{8B52355D-EFF0-4335-AB90-426F3153E202}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta, Kristjan -> )
FirewallRules: [{334602DE-DC12-4C64-B117-5540B2B5A585}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta, Kristjan -> )
FirewallRules: [{57088BAE-AC98-4916-8529-66DA74E05D24}] => (Allow) C:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{99B71621-10FA-4363-B8C4-68996BE0D714}] => (Allow) C:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{BA80C89C-6D8B-4DDD-9638-1723C99924D9}] => (Allow) C:\Program Files (x86)\Overwolf\0.165.0.28\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{74B2467F-754E-417D-9034-1AC69BDD1392}] => (Allow) C:\Program Files (x86)\Overwolf\0.165.0.28\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{8E08AF66-A753-4F69-8AEC-2C248DCB9B54}] => (Block) C:\Program Files (x86)\Overwolf\0.165.0.28\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{D47302BF-71D1-464D-8585-1BB5F42773CF}] => (Block) C:\Program Files (x86)\Overwolf\0.165.0.28\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{661E68FD-C165-4663-9DBB-B66FF8CF1B48}] => (Allow) C:\Users\User\AppData\Local\Programs\Opera\74.0.3911.107\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{1253361A-42A9-44CF-A604-59BAAA8C8DE9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{25B6AFE8-C81D-4315-8F03-2C6AA303EC97}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{61DD3533-0288-4C8D-80AF-5F9D87E07716}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2E5FC632-AFFE-4927-97D6-0EDC7F17EF98}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D5D80C5A-365E-4F0D-9743-7053BFBAF401}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\88.0.705.81\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

04-02-2021 19:38:16 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
10-02-2021 08:05:05 Windows Update
19-02-2021 15:32:24 Windows Update
23-02-2021 01:39:15 Windows Update
26-02-2021 04:15:08 Removed OpenVPN Connect
26-02-2021 04:15:50 Intel(R) Extreme Tuning Utility

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (02/26/2021 04:29:30 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3856,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\Windows\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (02/26/2021 04:19:17 AM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (02/26/2021 04:17:50 AM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (02/26/2021 04:06:49 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4448,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\Windows\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (02/26/2021 03:56:19 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF.

Error: (02/26/2021 03:56:16 AM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (02/25/2021 10:31:35 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (5224,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\Windows\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (02/25/2021 10:08:43 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (6632,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\Windows\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

System errors:
=============
Error: (02/26/2021 04:20:58 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 124) (User: NT AUTHORITY)
Description: 03225747456

Error: (02/26/2021 04:20:58 AM) (Source: Microsoft-Windows-Hyper-V-Hypervisor) (EventID: 41) (User: NT AUTHORITY)
Description: Hypervisor launch failed; Either VMX not present or not enabled in BIOS.

Error: (02/24/2021 04:38:23 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9MWPM2CQNLHN-Microsoft.GamingServices.

Error: (02/24/2021 12:24:40 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9MWPM2CQNLHN-Microsoft.GamingServices.

Error: (02/23/2021 08:55:37 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-RHT09LN)
Description: The server Windows.Media.Capture.Internal.AppCaptureShell did not register with DCOM within the required timeout.

Error: (02/23/2021 04:33:23 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9MWPM2CQNLHN-Microsoft.GamingServices.

Error: (02/23/2021 01:27:44 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-RHT09LN)
Description: The server Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI did not register with DCOM within the required timeout.

Error: (02/23/2021 01:27:42 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-RHT09LN)
Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.

Windows Defender:
================
Date: 2021-02-19 19:25:42.027
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-02-18 01:12:08.810
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-02-16 23:12:08.674
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-02-15 23:12:06.813
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-02-11 13:33:57.554
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

==================== Memory info ===========================

BIOS: AMI F.51 12/10/2019
Motherboard: HP 8437
Processor: Intel(R) Core(TM) i7-8700 CPU @ 3.20GHz
Percentage of memory in use: 40%
Total physical RAM: 16271.45 MB
Available physical RAM: 9727.71 MB
Total Virtual: 18703.45 MB
Available Virtual: 10323 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:464.53 GB) (Free:52.47 GB) NTFS

\\?\Volume{6ce898ff-1883-11ea-996d-2c6fc91d25f3}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.49 GB) NTFS
\\?\Volume{b7c58f3d-01b5-4444-af4a-a9a84d0ef463}\ () (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32

==================== MBR & Partition Table ====================

==================== End of Addition.txt =======================

Broni · Feb 26, 2021

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================

The first log is inscomplete. The upper part is missing.

Inactive I may be infected, please help.

Apotherin

Apotherin

Broni

Posts: 56,041 +516

Similar threads

Latest posts