Inactive Pup.Optional.Delta not leaving me alone

Status
Not open for further replies.

TeodoraM

Posts: 8   +0
Hello!

I have tried the 'traditional' ways to get rid of the PUP but not much helped, it keep showing back up. Also can't find anything in y programmes&software that would be called Delta so I couldn't find anything to uninstall.

Here are the logs.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-02-2021
Ran by teoma (administrator) on DESKTOP-0VHGCAM (26-02-2021 06:46:57)
Running from C:\Users\teoma\Desktop
Loaded Profiles: teoma
Platform: Windows 10 Home Version 2004 19041.804 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\GIGABYTE FORCE\GIGABYTE FORCE.exe
(Acer Incorporated -> ) C:\OEM\Preload\FubTool\FubTool.exe
(Acer Incorporated -> ) C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <2>
(Avast Software s.r.o. -> AVAST Software) C:\Users\teoma\Desktop\avast_free_antivirus_setup_offline.exe
(Avast Software s.r.o. -> AVAST Software) C:\Windows\Temp\asw.d3a49a93963159a8\aswOfferTool.exe
(Avast Software s.r.o. -> AVAST Software) C:\Windows\Temp\asw.d3a49a93963159a8\Instup.exe
(Avast Software s.r.o. -> AVAST Software) C:\Windows\Temp\asw.d3a49a93963159a8\sbr.exe
(Blizzard Entertainment, Inc. -> Blizzard Entertainment) C:\Program Files (x86)\Blizzard App\.Battle.net.exe.399.10316.temp <4>
(Blizzard Entertainment, Inc. -> Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.7342\Agent.exe
(Creative Technology Ltd) [File not signed] C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB5\Sound Blaster X-Fi MB5\SBXFIMB5.exe
(Discord Inc. -> Discord Inc.) C:\Users\teoma\AppData\Local\Discord\app-0.0.309\Discord.exe <6>
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpnd\expressvpnd.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <11>
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Lexmark International, Inc. -> ) C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe
(Lexmark International, Inc. -> ) C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe
(Lexmark International, Inc. -> ) C:\Windows\SysWOW64\lxedcoms.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.521.2012.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.521.2012.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2101.9-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2101.9-0\NisSrv.exe
(NETGEAR -> ) C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
(Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Piriform Software Ltd -> Piriform Software) C:\Program Files (x86)\CCleaner Browser\Update\1.8.1067.0\CCleanerBrowserCrashHandler.exe
(Piriform Software Ltd -> Piriform Software) C:\Program Files (x86)\CCleaner Browser\Update\1.8.1067.0\CCleanerBrowserCrashHandler64.exe
(Spotify AB -> Spotify Ltd) C:\Users\teoma\AppData\Roaming\Spotify\Spotify.exe <5>
(SteelSeries ApS -> SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(WhatsApp, Inc -> WhatsApp) C:\Users\teoma\AppData\Local\WhatsApp\app-2.2104.10\WhatsApp.exe <7>
(Xerox Corporation -> Xerox Corporation) C:\Program Files\Xerox\XeroxPrintExperience\CommonFiles\XeroxPrintJobEventManagerService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320568 2016-09-20] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\MBCfg64.dll [41088 2014-02-21] (Creative Technology Ltd -> Creative Technology Ltd.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17494136 2017-04-06] (Logitech Inc -> Logitech Inc.)
HKLM\...\Run: [lxedmon.exe] => C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe [772712 2013-01-23] (Lexmark International, Inc. -> )
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe [150264 2013-01-23] (Lexmark International, Inc. -> )
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [117352 2021-02-26] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [Sound Blaster X-Fi MB5] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB5\Sound Blaster X-Fi MB5\SBXFIMB5.exe [871424 2015-09-10] (Creative Technology Ltd) [File not signed]
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) [File not signed]
HKLM-x32\...\Run: [GMouse] => C:\GIGABYTE FORCE\GIGABYTE FORCE.EXE [667648 2011-11-08] () [File not signed]
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409944 2018-06-22] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [ExpressVPNNotificationService] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe [471432 2020-04-01] (Express Vpn LLC -> ExpressVPN)
HKLM-x32\...\RunOnce: [AvRepair] => C:\Program Files\Avast Software\Avast\setup\instup.exe [3233944 2020-12-09] (Avast Software s.r.o. -> AVAST Software)
HKU\S-1-5-21-1868823286-2031935487-995410770-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3412696 2021-02-13] (Valve -> Valve Corporation)
HKU\S-1-5-21-1868823286-2031935487-995410770-1001\...\Run: [Battle.net] => C:\Program Files (x86)\Blizzard App\Battle.net.exe [1090480 2021-02-26] (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
HKU\S-1-5-21-1868823286-2031935487-995410770-1001\...\Run: [Discord] => C:\Users\teoma\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-1868823286-2031935487-995410770-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32721976 2021-02-16] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-1868823286-2031935487-995410770-1001\...\Run: [Spotify] => C:\Users\teoma\AppData\Roaming\Spotify\Spotify.exe [23810120 2021-02-22] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-1868823286-2031935487-995410770-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-10-22] (Adobe Inc. -> Adobe Systems Incorporated)
HKLM\...\Windows x64\Print Processors\Lexmark S600 Series Print Processor: C:\Windows\System32\spool\prtprocs\x64\lxeddrpp.dll [189440 2009-11-04] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\Xerox Virtualization Port: C:\Windows\system32\x5lrsl.dll [135168 2019-12-05] (Microsoft Windows Hardware Compatibility Publisher -> Xerox Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{052EB454-9F19-CB42-7875-807F79F311C4}] -> C:\Program Files (x86)\CCleaner Browser\Application\88.1.8016.153\Installer\chrmstp.exe [2021-02-23] (Piriform Software Ltd -> Piriform Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\88.0.4324.190\Installer\chrmstp.exe [2021-02-26] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2021-02-19]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS -> SteelSeries ApS)
Startup: C:\Users\teoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EOS Utility.lnk [2018-07-09]
ShortcutTarget: EOS Utility.lnk -> C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe (Canon Inc. -> Canon INC.)
==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03A5E191-51E8-42F8-B1C1-C571E698F0AC} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [444720 2016-11-12] (Acer Incorporated -> Acer Incorporated)
Task: {07581C77-499D-4893-896D-875713E77B21} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0A197121-42A1-490C-9DF8-9D9AC5E66C35} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [216296 2014-03-13] (Acer Incorporated -> TODO: <Company name>)
Task: {0DDFF497-B12A-4F8D-801C-AF1F530C07BE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-02-26] (Google LLC -> Google LLC)
Task: {116F0C4D-D509-47FD-B762-75019C434171} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-02-16] (Piriform Software Ltd -> Piriform)
Task: {1A587C25-F778-4D12-8CFD-8B1E74AA348F} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [473904 2016-09-20] (Acer Incorporated -> Acer Incorporated)
Task: {1EC297C3-A90F-4167-95C0-3F662A1532A4} - System32\Tasks\AcerCMUpdateTask2.1.16258 => C:\Program Files (x86)\Acer\Amundsen\2.1.16258\AWC.exe [152880 2016-09-20] (Acer Incorporated -> )
Task: {274BCA11-406D-4CAC-A389-B05F72696DAD} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {28584E43-764D-41DD-A9F6-F4C8CEEE5811} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2021-01-11] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {2ACC5F39-41FE-4A2A-B06A-FE09BAA61F6E} - System32\Tasks\CCleaner Browser Heartbeat Task (Logon) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [2212528 2021-02-09] (Piriform Software Ltd -> Piriform Software)
Task: {31AF1114-8B94-49AF-9908-8166A87ED835} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-19] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {35632374-78A8-43F6-8D1D-401954EAC667} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [3915216 2021-02-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {37B9B924-A8AA-4E52-A523-4E7276032B39} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-19] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3EF27246-DA5E-469C-B9E7-AB8528426393} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646896 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3FFB0EBC-55D7-45F6-9EF4-7AA33B21D04B} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3302128 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {40717C1B-650E-41E8-A025-9DC1D81BEF2E} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {453BF27E-DB1D-4F14-9B71-110B443C92E0} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906480 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4EFB4525-4792-45F6-AF56-C40E9F1297F7} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2920752 2017-05-24] (Acer Incorporated -> )
Task: {4FDB8E67-7E57-4508-93F7-78C7B0091E77} - System32\Tasks\Xerox XeroxPrintExperience Printer Configuration - New or Changed => c:\program files\xerox\xeroxprintexperience\xeroxprintexperience\XeroxPrinterConfiguration.exe [393928 2020-10-30] (Xerox Corporation -> Xerox Corporation)
Task: {5302AB70-B439-4679-BBB0-6EBF56AC358E} - System32\Tasks\Oem\AcerJumpstartTask => C:\Program Files (x86)\Acer\Acer Jumpstart\hermes.exe [64320 2019-07-11] (Acer Incorporated -> Acer)
Task: {5316E215-E0C3-45E8-9A16-98206AE8AA5A} - System32\Tasks\CCleanerUpdateTaskMachineUA => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200928 2021-02-19] (Piriform Software Ltd -> Piriform Software)
Task: {545D571D-AF8C-4987-AF19-B4620FE98F21} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22763912 2021-02-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {56D7D94C-0A85-4FC0-8A6A-2B920B21534E} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5A0D1ECB-203D-4079-A362-6A91B074BB46} - System32\Tasks\CCleanerUpdateTaskMachineCore => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200928 2021-02-19] (Piriform Software Ltd -> Piriform Software)
Task: {5CAC104A-E744-4BDD-8561-08C45A1EEBB1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-02-26] (Google LLC -> Google LLC)
Task: {663405DB-D6C9-46BF-B62F-F7E21DE10324} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [41264 2016-09-20] (Acer Incorporated -> )
Task: {A1F4319F-0268-421D-B942-3B8F5DA51731} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {A5845CB8-F1B7-4E3F-8845-046BD2ECE73F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-19] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A5A47911-BBE9-4231-B3A6-5AA597FBD2A7} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [4696880 2018-05-28] (Acer Incorporated -> )
Task: {A6FCFF79-2AF9-4419-92E7-666310C22398} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {ACBE75C7-747A-46B9-8A49-7E9DFD90367A} - System32\Tasks\Xerox XeroxPrintExperience Printer Configuration - Periodic Refresh => c:\program files\xerox\xeroxprintexperience\xeroxprintexperience\XeroxPrinterConfiguration.exe [393928 2020-10-30] (Xerox Corporation -> Xerox Corporation)
Task: {B43323A9-9E47-46BA-B18F-288020A225FF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-19] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B6DDBDB2-FA2E-4310-9CD7-E747747E4045} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [3915216 2021-02-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {B73F598A-CCFB-402B-8789-A6BEE8A763A1} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906480 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BF8A23B9-DE1E-44F1-ADD1-C9A38188CB5B} - System32\Tasks\FubToolByPLD => C:\OEM\Preload\FubTool\FubTool.exe [30976 2015-05-14] (Acer Incorporated -> )
Task: {C584613A-3F68-48C7-BD1E-D2DFBD5148AF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22763912 2021-02-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {C6C62510-9B56-4742-97BE-D7B0BD86762E} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2021-01-11] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {C8B41732-79BF-4E25-83F2-227BA06128F9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27165752 2021-02-16] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {CA6B40CA-57AD-4AEF-A610-E93051830896} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {CBC85B82-9E0F-445D-AA38-95B62B52CB99} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {CFEE7B59-BEA7-41AE-84D0-5E98BEA70B02} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [118096 2021-02-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {D51A0D3D-141E-4CDE-9C63-F4B08FE004EC} - System32\Tasks\CCleaner Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [2212528 2021-02-09] (Piriform Software Ltd -> Piriform Software)
Task: {D8718F40-25EE-4F9D-8401-52CB3D7C0407} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [118096 2021-02-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {EA8B3A60-B886-4CE9-AF73-FEA2080094C7} - System32\Tasks\Xerox XeroxPrintExperience Printer Configuration - User Logon => c:\program files\xerox\xeroxprintexperience\xeroxprintexperience\XeroxPrinterConfiguration.exe [393928 2020-10-30] (Xerox Corporation -> Xerox Corporation)
Task: {ECD1CCAB-5060-4E04-B91B-B5994650096B} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1283512 2021-02-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {F22DC836-7E05-4FF6-A89D-976CAFE9F847} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\WINDOWS\Tasks\Intel PTT EK Recertification.job => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe
 

TeodoraM

Posts: 8   +0
==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{39f961bd-278d-461f-a9f8-28e5e1bd7fb2}: [DhcpNameServer] 192.168.43.79
Tcpip\..\Interfaces\{6ff56932-ab24-453a-b9ee-5ff7601bf853}: [DhcpNameServer] 192.168.1.2
Tcpip\..\Interfaces\{8e8394c1-3960-4c49-b041-d56120ffb4fb}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{c5ff339b-7647-4bbd-9420-4a89266b453d}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d52a7b57-c785-4315-8122-20175a580f01}: [DhcpNameServer] 193.229.0.40 193.229.0.42
Tcpip\..\Interfaces\{dbfbb040-9f5f-482d-989d-64ffb3fb73a6}: [DhcpNameServer] 193.229.0.40 193.229.0.42

Edge:
=======
Edge Profile: C:\Users\teoma\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-26]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\teoma\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-02-26]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: 8ywlrjsx.default
FF ProfilePath: C:\Users\teoma\AppData\Roaming\Mozilla\Firefox\Profiles\8ywlrjsx.default [2021-02-26]
FF Extension: (Amazon Assistant for Firefox) - C:\Users\teoma\AppData\Roaming\Mozilla\Firefox\Profiles\8ywlrjsx.default\Extensions\abb-acer@amazon.com [2017-05-22] [Legacy]
FF Extension: (English (US) Language Pack) - C:\Users\teoma\AppData\Roaming\Mozilla\Firefox\Profiles\8ywlrjsx.default\Extensions\langpack-en-US@firefox.mozilla.org [2017-05-22] [Legacy]
FF Extension: (Mozilla Partner Defaults) - C:\Users\teoma\AppData\Roaming\Mozilla\Firefox\Profiles\8ywlrjsx.default\Extensions\partnerdefaults@mozilla.com [2017-05-22] [Legacy]
FF Extension: (Youtube Unblocker Remediation) - C:\Users\teoma\AppData\Roaming\Mozilla\Firefox\Profiles\8ywlrjsx.default\features\{92855e4b-3a0c-4766-bdfb-af16bf77ee96}\malware-remediation@mozilla.org.xpi [2017-11-28] [Legacy]
FF Extension: (Amazon Assistant for Firefox) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\abb-acer@amazon.com [2017-02-09] [Legacy]
FF Extension: (English (US) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-en-US@firefox.mozilla.org [2017-02-09] [Legacy]
FF Extension: (Mozilla Partner Defaults) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\partnerdefaults@mozilla.com [2017-02-09] [Legacy]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-06-22] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-02-19] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-02-19] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2021-02-26] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2021-02-26] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=3 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1067.0\npCCleanerBrowserUpdate3.dll [2021-02-19] (Piriform Software Ltd -> Piriform Software)
FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=9 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1067.0\npCCleanerBrowserUpdate3.dll [2021-02-19] (Piriform Software Ltd -> Piriform Software)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-02-20] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-06-22] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin HKU\S-1-5-21-1868823286-2031935487-995410770-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\teoma\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-05-20] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

Chrome:
=======
CHR Profile: C:\Users\teoma\AppData\Local\Google\Chrome\User Data\Default [2021-02-26]
CHR StartupUrls: Default -> "hxxp://99designs.com/product-label-design/contests/design-product-labels-fidelis-farms-help-organic-veteran-243826?filter=allactive&sorting=time&show=shortlisted","hxxp://neverlight.shivtr.com/","hxxp://us-mg5.mail.yahoo.com/neo/launch?.rand=7ukjdm254q55f","hxxp://watchseries.lt/episode/suits_s3_e5.html","hxxp://9gag.com/","hxxp://www.btvguide.com/profile/mycalendar","hxxp://www.btvguide.com/Suits/episodes","hxxp://www.ampparit.com/","hxxp://www.google.com/"
CHR Extension: (Slides) - C:\Users\teoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-02-26]
CHR Extension: (Docs) - C:\Users\teoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-02-26]
CHR Extension: (Google Drive) - C:\Users\teoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-02-26]
CHR Extension: (YouTube) - C:\Users\teoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-02-26]
CHR Extension: (GoFullPage - Full Page Screen Capture) - C:\Users\teoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2021-02-26]
CHR Extension: (Sheets) - C:\Users\teoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-02-26]
CHR Extension: (Postman) - C:\Users\teoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbjgbiflinjbdggehcddcbncdddomop [2021-02-26]
CHR Extension: (Google Docs Offline) - C:\Users\teoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-02-26]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\teoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-02-26]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\teoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2021-02-26]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\teoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-02-26]
CHR Extension: (Grammarly for Chrome) - C:\Users\teoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-02-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\teoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-26]
CHR Extension: (Gmail) - C:\Users\teoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-02-26]
CHR Extension: (Chrome Media Router) - C:\Users\teoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-02-26]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-06-22] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3739728 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3511376 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8477080 2021-02-26] (Avast Software s.r.o. -> AVAST Software)
R2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-02-26] (Avast Software s.r.o. -> AVAST Software)
S2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [621728 2021-02-26] (Avast Software s.r.o. -> AVAST Software)
S2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [351848 2021-02-26] (Avast Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-02-26] (Avast Software s.r.o. -> AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8646752 2020-06-22] (BattlEye Innovations e.K. -> )
S2 ccleaner; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200928 2021-02-19] (Piriform Software Ltd -> Piriform Software)
S3 CCleanerBrowserElevationService; C:\Program Files (x86)\CCleaner Browser\Application\88.1.8016.153\elevation_service.exe [1456376 2021-02-09] (Piriform Software Ltd -> Piriform Software)
S3 ccleanerm; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200928 2021-02-19] (Piriform Software Ltd -> Piriform Software)
S3 cfbackd; C:\Program Files\CleverFiles\Disk Drill\cfbackd.w32.exe [274432 2020-04-15] (CleverFiles) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8854920 2021-02-05] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803952 2020-04-16] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 ExpressVPNService; C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe [438664 2020-04-01] (Express Vpn LLC -> ExpressVPN)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [410864 2021-01-25] (NVIDIA Corporation -> NVIDIA)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [1673288 2020-06-20] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6821960 2020-03-10] (GOG Sp. z o.o. -> GOG.com)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-04-06] (Logitech Inc -> Logitech Inc.)
S2 lxedCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxedserv.exe [45736 2010-04-14] (Lexmark International, Inc. -> Lexmark International, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-02-22] (Malwarebytes Inc -> Malwarebytes)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [7770888 2017-05-10] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [506672 2016-11-12] (Acer Incorporated -> Acer Incorporated)
S3 SteelSeriesUpdateService; C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesUpdateService.exe [32648 2021-01-20] (SteelSeries ApS -> )
S3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [295840 2016-05-28] (Acer Incorporated -> acer)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\NisSrv.exe [2462960 2021-02-19] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MsMpEng.exe [128376 2021-02-19] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [316120 2014-08-18] (NETGEAR -> )
R2 XeroxPrintJobEventManagerService; C:\Program Files\Xerox\XeroxPrintExperience\CommonFiles\XeroxPrintJobEventManagerService.exe [513920 2020-10-30] (Xerox Corporation -> Xerox Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [36792 2021-02-26] (Avast Software s.r.o. -> AVAST Software)
S1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [208672 2021-02-26] (Avast Software s.r.o. -> AVAST Software)
S1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [332880 2021-02-26] (Avast Software s.r.o. -> AVAST Software)
S0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [247888 2021-02-26] (Avast Software s.r.o. -> AVAST Software)
S0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [97360 2021-02-26] (Avast Software s.r.o. -> AVAST Software)
S0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16832 2021-02-26] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
S1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42424 2021-02-26] (Avast Software s.r.o. -> AVAST Software)
S1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [176384 2021-02-26] (Avast Software s.r.o. -> AVAST Software)
S1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [522480 2021-02-26] (Avast Software s.r.o. -> AVAST Software)
S1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [108928 2021-02-26] (Avast Software s.r.o. -> AVAST Software)
S0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84496 2021-02-26] (Avast Software s.r.o. -> AVAST Software)
S1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [851256 2021-02-26] (Avast Software s.r.o. -> AVAST Software)
S1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [469472 2021-02-26] (Avast Software s.r.o. -> AVAST Software)
S2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [216984 2021-02-26] (Avast Software s.r.o. -> AVAST Software)
S0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [326064 2021-02-26] (Avast Software s.r.o. -> AVAST Software)
R1 dokan1; C:\WINDOWS\System32\DRIVERS\dokan1.sys [104312 2018-08-09] (D3L -> Dokan Project)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2019-10-10] (Malwarebytes Corporation -> Malwarebytes)
S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVPN\splittunnel\expressvpnsplittunnel.sys [28440 2020-04-01] (ExprsVPN LLC -> ExpressVPN)
R3 ladfGSS; C:\WINDOWS\system32\drivers\ladfGSS.sys [54552 2017-04-06] (Logitech Inc -> Logitech Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-04-06] (Logitech Inc -> Logitech Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220616 2021-02-26] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-02-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198248 2021-02-26] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-02-26] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-02-26] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [142416 2021-02-26] (Malwarebytes Inc -> Malwarebytes)
S3 NPF; C:\WINDOWS\system32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc. -> CACE Technologies, Inc.)
R0 SCMNdisP; C:\WINDOWS\System32\DRIVERS\scmndisp.sys [25312 2007-01-19] (NETGEAR -> Windows (R) Codename Longhorn DDK provider)
R2 speedfan; C:\WINDOWS\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [48848 2020-12-21] (SteelSeries ApS -> SteelSeries ApS)
R3 sshid; C:\WINDOWS\system32\DRIVERS\sshid.sys [57440 2020-12-21] (SteelSeries ApS -> SteelSeries ApS)
R3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [44304 2020-04-01] (ExprsVPN LLC -> The OpenVPN Project)
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [50688 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49552 2021-02-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [419040 2021-02-19] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [71912 2021-02-19] (Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [74552 2019-07-12] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-26 06:48 - 2021-02-26 06:48 - 000001983 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2021-02-26 06:48 - 2021-02-26 06:48 - 000001971 _____ C:\ProgramData\Desktop\Avast Free Antivirus.lnk
2021-02-26 06:48 - 2021-02-26 06:48 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2021-02-26 06:48 - 2021-02-26 06:48 - 000000000 ____D C:\Users\teoma\AppData\Roaming\Avast Software
2021-02-26 06:47 - 2021-02-26 06:47 - 000003990 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-02-26 06:47 - 2021-02-26 06:47 - 000003856 _____ C:\WINDOWS\system32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)
2021-02-26 06:47 - 2021-02-26 06:47 - 000003456 _____ C:\WINDOWS\system32\Tasks\AvastUpdateTaskMachineUA
2021-02-26 06:47 - 2021-02-26 06:47 - 000003332 _____ C:\WINDOWS\system32\Tasks\AvastUpdateTaskMachineCore
2021-02-26 06:47 - 2021-02-26 06:47 - 000003272 _____ C:\WINDOWS\system32\Tasks\Avast Secure Browser Heartbeat Task (Logon)
2021-02-26 06:47 - 2021-02-26 06:47 - 000002574 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2021-02-26 06:47 - 2021-02-26 06:47 - 000002539 _____ C:\ProgramData\Desktop\Avast Secure Browser.lnk
2021-02-26 06:47 - 2021-02-26 06:47 - 000000000 ____D C:\Users\teoma\AppData\Local\AVAST Software
2021-02-26 06:47 - 2021-02-26 06:47 - 000000000 ____D C:\Program Files (x86)\AVAST Software
2021-02-26 06:46 - 2021-02-26 06:47 - 000468888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2021-02-26 06:46 - 2021-02-26 06:47 - 000324904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2021-02-26 06:46 - 2021-02-26 06:47 - 000214808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2021-02-26 06:46 - 2021-02-26 06:47 - 000042440 _____ C:\Users\teoma\Desktop\FRST.txt
2021-02-26 06:46 - 2021-02-26 06:47 - 000000000 ____D C:\FRST
2021-02-26 06:46 - 2021-02-26 06:46 - 000851256 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2021-02-26 06:46 - 2021-02-26 06:46 - 000522480 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2021-02-26 06:46 - 2021-02-26 06:46 - 000340576 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2021-02-26 06:46 - 2021-02-26 06:46 - 000332880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2021-02-26 06:46 - 2021-02-26 06:46 - 000247888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2021-02-26 06:46 - 2021-02-26 06:46 - 000208672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2021-02-26 06:46 - 2021-02-26 06:46 - 000176384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2021-02-26 06:46 - 2021-02-26 06:46 - 000108928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2021-02-26 06:46 - 2021-02-26 06:46 - 000097360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2021-02-26 06:46 - 2021-02-26 06:46 - 000084496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2021-02-26 06:46 - 2021-02-26 06:46 - 000042424 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2021-02-26 06:46 - 2021-02-26 06:46 - 000036792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2021-02-26 06:46 - 2021-02-26 06:46 - 000016832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2021-02-26 06:46 - 2021-02-26 06:46 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2021-02-26 06:46 - 2021-02-26 06:46 - 000000000 ____D C:\Program Files\Avast Software
2021-02-26 06:45 - 2021-02-26 06:48 - 000000000 ____D C:\ProgramData\Avast Software
2021-02-26 06:45 - 2021-02-26 06:45 - 002301440 _____ (Farbar) C:\Users\teoma\Desktop\FRST64.exe
2021-02-26 06:43 - 2021-02-26 06:45 - 531178792 _____ (AVAST Software) C:\Users\teoma\Desktop\avast_free_antivirus_setup_offline.exe
2021-02-26 06:37 - 2021-02-26 06:37 - 000000000 ____D C:\Users\teoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2021-02-26 06:36 - 2021-02-26 06:36 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-02-26 06:36 - 2021-02-26 06:36 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-02-26 06:36 - 2021-02-26 06:36 - 000002323 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-02-26 06:36 - 2021-02-26 06:36 - 000002282 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-02-26 06:36 - 2021-02-26 06:36 - 000000000 ____D C:\Program Files\Google
2021-02-26 06:35 - 2021-02-26 06:35 - 001304160 _____ (Google LLC) C:\Users\teoma\Downloads\ChromeSetup.exe
2021-02-26 06:35 - 2021-02-26 06:35 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2021-02-26 06:34 - 2021-02-26 06:34 - 000046413 _____ C:\Users\teoma\Desktop\Chrome Passwords.csv
2021-02-26 06:29 - 2021-02-26 06:29 - 000478826 _____ C:\Users\teoma\Desktop\bookmarks_2_26_21.html
2021-02-26 06:18 - 2021-02-26 06:23 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-02-26 06:18 - 2021-02-26 06:18 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-02-26 06:18 - 2021-02-26 06:18 - 000198248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-02-26 06:18 - 2021-02-26 06:18 - 000142416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-02-26 06:18 - 2021-02-22 08:56 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-02-26 06:17 - 2021-02-26 06:17 - 002084016 _____ (Malwarebytes) C:\Users\teoma\Desktop\MBSetup.exe
2021-02-25 11:57 - 2021-01-23 10:57 - 001855184 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-02-25 11:57 - 2021-01-23 10:57 - 001855184 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-02-25 11:57 - 2021-01-23 10:57 - 001453720 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-02-25 11:57 - 2021-01-23 10:57 - 001435872 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-02-25 11:57 - 2021-01-23 10:57 - 001435872 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-02-25 11:57 - 2021-01-23 10:57 - 001094872 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-02-25 11:57 - 2021-01-23 10:57 - 001094872 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-02-25 11:57 - 2021-01-23 10:57 - 000948960 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-02-25 11:57 - 2021-01-23 10:57 - 000948960 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-02-25 11:57 - 2021-01-23 10:56 - 001193112 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-02-25 11:57 - 2021-01-23 10:54 - 001512104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2021-02-25 11:57 - 2021-01-23 10:54 - 001164968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2021-02-25 11:57 - 2021-01-23 10:54 - 000680088 _____ C:\WINDOWS\system32\nvofapi64.dll
2021-02-25 11:57 - 2021-01-23 10:54 - 000672936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2021-02-25 11:57 - 2021-01-23 10:54 - 000558248 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2021-02-25 11:57 - 2021-01-23 10:54 - 000547480 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2021-02-25 11:57 - 2021-01-23 10:53 - 008262312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2021-02-25 11:57 - 2021-01-23 10:53 - 007392920 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2021-02-25 11:57 - 2021-01-23 10:53 - 004611760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2021-02-25 11:57 - 2021-01-23 10:53 - 002731184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2021-02-25 11:57 - 2021-01-23 10:53 - 002103448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2021-02-25 11:57 - 2021-01-23 10:53 - 001732264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6446140.dll
2021-02-25 11:57 - 2021-01-23 10:53 - 001589400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2021-02-25 11:57 - 2021-01-23 10:53 - 001491608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6446140.dll
2021-02-25 11:57 - 2021-01-23 10:53 - 000813208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2021-02-25 11:57 - 2021-01-23 10:50 - 006070848 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2021-02-25 11:57 - 2021-01-23 00:59 - 000038640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2021-02-25 11:51 - 2021-01-25 05:38 - 000070896 _____ C:\WINDOWS\system32\FvSDK_x64.dll
2021-02-25 11:51 - 2021-01-25 05:38 - 000059632 _____ C:\WINDOWS\SysWOW64\FvSDK_x86.dll
2021-02-25 11:51 - 2020-03-04 14:54 - 000050592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\NvModuleTracker.sys
2021-02-24 03:05 - 2021-02-23 17:12 - 000000000 ____D C:\Windows.old
2021-02-24 03:03 - 2021-02-24 03:05 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2021-02-24 03:02 - 2021-02-24 03:03 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2021-02-24 03:02 - 2021-02-24 03:02 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-02-24 03:01 - 2021-02-24 03:01 - 000000000 ____D C:\ProgramData\ssh
2021-02-24 02:59 - 2021-02-24 02:59 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll
2021-02-24 02:59 - 2021-02-24 02:59 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-02-24 02:59 - 2021-02-24 02:59 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-02-24 02:59 - 2021-02-24 02:59 - 001314112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-02-24 02:59 - 2021-02-24 02:59 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll
2021-02-24 02:59 - 2021-02-24 02:59 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll
2021-02-24 02:59 - 2021-02-24 02:59 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll
2021-02-24 02:59 - 2021-02-24 02:59 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-02-24 02:59 - 2021-02-24 02:59 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-02-24 02:59 - 2021-02-24 02:59 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-02-24 02:59 - 2021-02-24 02:59 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-02-24 02:59 - 2021-02-24 02:59 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-02-24 02:59 - 2021-02-24 02:59 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-02-24 02:59 - 2021-02-24 02:59 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-02-24 02:59 - 2021-02-24 02:59 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-02-24 02:59 - 2021-02-24 02:59 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax
2021-02-24 02:59 - 2021-02-24 02:59 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-02-24 02:59 - 2021-02-24 02:59 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
2021-02-24 02:59 - 2021-02-24 02:59 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax
2021-02-24 02:59 - 2021-02-24 02:59 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-02-24 02:59 - 2021-02-24 02:59 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-02-24 02:59 - 2021-02-24 02:59 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-02-24 02:59 - 2021-02-24 02:59 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\activeds.tlb
2021-02-24 02:59 - 2021-02-24 02:59 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2021-02-24 02:59 - 2021-02-24 02:59 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-02-24 02:59 - 2021-02-24 02:59 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-02-24 02:59 - 2021-02-24 02:59 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-02-24 02:59 - 2021-02-24 02:59 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-02-24 02:59 - 2021-02-24 02:59 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-02-24 02:59 - 2021-02-24 02:59 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-02-24 02:59 - 2021-02-24 02:59 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll
2021-02-24 02:59 - 2021-02-24 02:59 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-02-24 02:59 - 2021-02-24 02:59 - 000045880 _____ C:\WINDOWS\system32\HvSocket.dll
2021-02-24 02:59 - 2021-02-24 02:59 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2021-02-24 02:59 - 2021-02-24 02:59 - 000010892 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-02-24 02:58 - 2021-02-24 02:58 - 004898144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2021-02-24 02:58 - 2021-02-24 02:58 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin
2021-02-24 02:58 - 2021-02-24 02:58 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-02-24 02:58 - 2021-02-24 02:58 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-02-24 02:58 - 2021-02-24 02:58 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-02-24 02:58 - 2021-02-24 02:58 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-02-24 02:58 - 2021-02-24 02:58 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-02-24 02:58 - 2021-02-24 02:58 - 001354080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2021-02-24 02:58 - 2021-02-24 02:58 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-02-24 02:58 - 2021-02-24 02:58 - 001162240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-02-24 02:58 - 2021-02-24 02:58 - 001091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2021-02-24 02:58 - 2021-02-24 02:58 - 001032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2021-02-24 02:58 - 2021-02-24 02:58 - 000707544 _____ C:\WINDOWS\system32\TextShaping.dll
2021-02-24 02:58 - 2021-02-24 02:58 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-02-24 02:58 - 2021-02-24 02:58 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-02-24 02:58 - 2021-02-24 02:58 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-02-24 02:58 - 2021-02-24 02:58 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-02-24 02:58 - 2021-02-24 02:58 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-02-24 02:58 - 2021-02-24 02:58 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-02-24 02:58 - 2021-02-24 02:58 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-02-24 02:58 - 2021-02-24 02:58 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-02-24 02:58 - 2021-02-24 02:58 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-02-24 02:58 - 2021-02-24 02:58 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-02-24 02:58 - 2021-02-24 02:58 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-02-24 02:58 - 2021-02-24 02:58 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2021-02-24 02:58 - 2021-02-24 02:58 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-02-24 02:58 - 2021-02-24 02:58 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-02-24 02:58 - 2021-02-24 02:58 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2021-02-24 02:58 - 2021-02-24 02:58 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-02-24 02:58 - 2021-02-24 02:58 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-02-24 02:58 - 2021-02-24 02:58 - 000231232 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-02-24 02:58 - 2021-02-24 02:58 - 000197632 _____ C:\WINDOWS\system32\IHDS.dll
2021-02-24 02:58 - 2021-02-24 02:58 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-02-24 02:58 - 2021-02-24 02:58 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-02-24 02:58 - 2021-02-24 02:58 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-02-24 02:58 - 2021-02-24 02:58 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-02-24 02:58 - 2021-02-24 02:58 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\activeds.tlb
2021-02-24 02:58 - 2021-02-24 02:58 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2021-02-24 02:58 - 2021-02-24 02:58 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2021-02-24 02:58 - 2021-02-24 02:58 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-02-24 02:58 - 2021-02-24 02:58 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2021-02-24 02:58 - 2021-02-24 02:58 - 000064552 _____ C:\WINDOWS\system32\umpdc.dll
2021-02-24 02:58 - 2021-02-24 02:58 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-02-24 02:58 - 2021-02-24 02:58 - 000056672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2021-02-24 02:58 - 2021-02-24 02:58 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2021-02-24 02:58 - 2021-02-24 02:58 - 000047472 _____ C:\WINDOWS\SysWOW64\umpdc.dll
2021-02-24 02:58 - 2021-02-24 02:58 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.drv
2021-02-24 02:58 - 2021-02-24 02:58 - 000029696 _____ (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2021-02-24 02:58 - 2021-02-24 02:58 - 000025088 _____ (The ICU Project) C:\WINDOWS\system32\icuin.dll
2021-02-24 02:58 - 2021-02-24 02:58 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.drv
2021-02-24 02:58 - 2021-02-24 02:58 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-02-24 02:58 - 2021-02-24 02:58 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2021-02-24 02:58 - 2021-02-24 02:58 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2021-02-24 02:53 - 2021-02-24 02:53 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2021-02-24 02:53 - 2021-02-24 02:53 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2021-02-24 02:53 - 2021-02-24 02:53 - 000000000 ____D C:\WINDOWS\system32\ro
2021-02-24 02:51 - 2021-02-24 02:51 - 000000000 ____D C:\Program Files\Reference Assemblies
2021-02-24 02:51 - 2021-02-24 02:51 - 000000000 ____D C:\Program Files\MSBuild
2021-02-24 02:51 - 2021-02-24 02:51 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2021-02-24 02:51 - 2021-02-24 02:51 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-02-23 17:15 - 2021-02-25 17:00 - 000842414 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-02-23 17:14 - 2021-02-23 17:14 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-02-23 17:12 - 2021-02-25 16:54 - 000005404 _____ C:\WINDOWS\system32\Tasks\Software Update Application
2021-02-23 17:12 - 2021-02-25 16:54 - 000003778 _____ C:\WINDOWS\system32\Tasks\ACC
2021-02-23 17:12 - 2021-02-25 16:54 - 000003060 _____ C:\WINDOWS\system32\Tasks\ACCBackgroundApplication
2021-02-23 17:12 - 2021-02-25 16:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-02-23 17:12 - 2021-02-25 11:51 - 000004308 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-02-23 17:12 - 2021-02-25 11:51 - 000004106 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-02-23 17:12 - 2021-02-25 11:51 - 000003976 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-02-23 17:12 - 2021-02-25 11:51 - 000003940 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-02-23 17:12 - 2021-02-25 11:51 - 000003894 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-02-23 17:12 - 2021-02-25 11:51 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-02-23 17:12 - 2021-02-25 11:51 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-02-23 17:12 - 2021-02-25 11:51 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-02-23 17:12 - 2021-02-25 11:51 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-02-23 17:12 - 2021-02-25 11:51 - 000003654 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-02-23 17:12 - 2021-02-23 17:12 - 000003852 _____ C:\WINDOWS\system32\Tasks\ACCAgent
2021-02-23 17:12 - 2021-02-23 17:12 - 000003692 _____ C:\WINDOWS\system32\Tasks\AcerCMUpdateTask2.1.16258
2021-02-23 17:12 - 2021-02-23 17:12 - 000003598 _____ C:\WINDOWS\system32\Tasks\Xerox XeroxPrintExperience Printer Configuration - User Logon
2021-02-23 17:12 - 2021-02-23 17:12 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-02-23 17:12 - 2021-02-23 17:12 - 000003468 _____ C:\WINDOWS\system32\Tasks\Xerox XeroxPrintExperience Printer Configuration - New or Changed
2021-02-23 17:12 - 2021-02-23 17:12 - 000003408 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-02-23 17:12 - 2021-02-23 17:12 - 000003402 _____ C:\WINDOWS\system32\Tasks\CCleanerUpdateTaskMachineUA
2021-02-23 17:12 - 2021-02-23 17:12 - 000003270 _____ C:\WINDOWS\system32\Tasks\Xerox XeroxPrintExperience Printer Configuration - Periodic Refresh
2021-02-23 17:12 - 2021-02-23 17:12 - 000003226 _____ C:\WINDOWS\system32\Tasks\Intel PTT EK Recertification
2021-02-23 17:12 - 2021-02-23 17:12 - 000003194 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-02-23 17:12 - 2021-02-23 17:12 - 000003184 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-02-23 17:12 - 2021-02-23 17:12 - 000003178 _____ C:\WINDOWS\system32\Tasks\CCleanerUpdateTaskMachineCore
2021-02-23 17:12 - 2021-02-23 17:12 - 000003104 _____ C:\WINDOWS\system32\Tasks\CCleaner Browser Heartbeat Task (Hourly)
2021-02-23 17:12 - 2021-02-23 17:12 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1868823286-2031935487-995410770-1001
2021-02-23 17:12 - 2021-02-23 17:12 - 000002766 _____ C:\WINDOWS\system32\Tasks\UbtFrameworkService
2021-02-23 17:12 - 2021-02-23 17:12 - 000002622 _____ C:\WINDOWS\system32\Tasks\CCleaner Browser Heartbeat Task (Logon)
2021-02-23 17:12 - 2021-02-23 17:12 - 000002612 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2021-02-23 17:12 - 2021-02-23 17:12 - 000002218 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2021-02-23 17:12 - 2021-02-23 17:12 - 000002180 _____ C:\WINDOWS\system32\Tasks\Quick Access
2021-02-23 17:12 - 2021-02-23 17:12 - 000002042 _____ C:\WINDOWS\system32\Tasks\FubToolByPLD
2021-02-23 17:12 - 2021-02-23 17:12 - 000000020 ___SH C:\Users\teoma\ntuser.ini
2021-02-23 17:12 - 2021-02-23 17:12 - 000000000 ____D C:\WINDOWS\system32\Tasks\S-1-5-21-1868823286-2031935487-995410770-1001
2021-02-23 17:12 - 2021-02-23 17:12 - 000000000 ____D C:\WINDOWS\system32\Tasks\Oem
2021-02-23 17:11 - 2021-02-23 17:12 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2021-02-23 17:11 - 2021-02-23 17:12 - 000011433 _____ C:\WINDOWS\diagerr.xml
2021-02-23 17:09 - 2021-02-23 17:09 - 000000368 ____H C:\WINDOWS\Tasks\Intel PTT EK Recertification.job
2021-02-23 17:07 - 2021-02-23 17:12 - 000000000 ____D C:\Users\teoma
2021-02-23 17:07 - 2021-02-23 17:09 - 000000000 ____D C:\Users\defaultuser0
2021-02-23 17:07 - 2019-12-07 11:10 - 000001105 _____ C:\Users\teoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-02-23 17:07 - 2019-12-07 11:10 - 000001105 _____ C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-02-23 17:05 - 2021-02-25 19:58 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-02-23 17:05 - 2021-02-25 16:53 - 000008192 ___SH C:\DumpStack.log.tmp
2021-02-23 17:05 - 2021-02-23 19:28 - 000551408 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-02-23 10:33 - 2021-02-23 10:33 - 000000218 _____ C:\Users\teoma\AppData\Local\recently-used.xbel
2021-02-23 10:30 - 2021-02-23 10:32 - 452491228 _____ C:\Users\teoma\Downloads\90.Day.Fiance.S08E11.Threes.a.Party.480p.x264-mSD[eztv.re].mkv
2021-02-23 09:10 - 2021-02-23 17:12 - 000000000 ___DC C:\WINDOWS\Panther
2021-02-23 09:04 - 2021-02-23 09:04 - 000000000 ___HD C:\$WinREAgent
2021-02-22 10:52 - 2021-02-22 10:53 - 000000000 ____D C:\Users\teoma\Downloads\Chicago.Med.S06E02.HDTV.x264-PHOENiX[TGx]
2021-02-22 10:50 - 2021-02-22 10:51 - 000000000 ____D C:\Users\teoma\Downloads\Chicago.Med.S06E01.HDTV.x264-PHOENiX[TGx]
2021-02-22 09:49 - 2021-02-22 09:49 - 000050400 _____ C:\Users\teoma\Desktop\SciWry - Research Proposal Outline.pdf
2021-02-22 09:30 - 2021-02-22 09:30 - 000227667 _____ C:\Users\teoma\Desktop\teo_mans_finalessay_gams06.pdf
2021-02-22 09:15 - 2021-02-22 09:15 - 000248514 _____ C:\Users\teoma\Desktop\teo_research_plan.pdf
2021-02-22 09:11 - 2021-02-22 09:11 - 000018955 _____ C:\Users\teoma\Desktop\Research Proposal Outline Template.dotx
2021-02-22 09:08 - 2021-02-22 09:09 - 000311026 _____ C:\Users\teoma\Desktop\Proposal_Sketch.pdf
2021-02-22 09:00 - 2021-02-22 09:00 - 000000222 _____ C:\Users\teoma\Desktop\The Long Dark.url
2021-02-22 08:57 - 2021-02-26 06:18 - 000220616 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-02-22 08:57 - 2021-02-26 06:18 - 000002037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-02-22 08:57 - 2021-02-26 06:18 - 000002025 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-02-19 21:19 - 2021-02-24 03:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xerox
2021-02-19 21:19 - 2021-02-19 21:19 - 000000000 ____D C:\Program Files\Xerox
2021-02-19 21:16 - 2021-02-25 08:38 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-02-19 20:35 - 2021-02-23 17:10 - 000002391 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner Browser.lnk
2021-02-19 20:35 - 2021-02-23 09:05 - 000000000 ____D C:\Program Files (x86)\CCleaner Browser
2021-02-19 20:35 - 2021-02-19 20:35 - 000000000 ____D C:\Users\teoma\AppData\Local\CCleaner Browser
2021-02-19 20:35 - 2021-02-19 20:35 - 000000000 ____D C:\ProgramData\CCleaner Browser
 

TeodoraM

Posts: 8   +0
==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-26 06:48 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-26 06:48 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-02-26 06:47 - 2017-05-22 15:43 - 000000000 ____D C:\Users\teoma\AppData\Local\Battle.net
2021-02-26 06:46 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-02-26 06:44 - 2019-01-11 17:22 - 000000000 ____D C:\Users\teoma\AppData\Roaming\WhatsApp
2021-02-26 06:36 - 2017-05-22 14:59 - 000000000 ____D C:\Users\teoma\AppData\Local\Google
2021-02-26 06:36 - 2017-05-22 14:59 - 000000000 ____D C:\Program Files (x86)\Google
2021-02-26 06:27 - 2017-05-22 17:40 - 000000000 ____D C:\Users\teoma\AppData\Roaming\Spotify
2021-02-26 06:27 - 2017-05-22 17:40 - 000000000 ____D C:\Users\teoma\AppData\Local\Spotify
2021-02-26 06:21 - 2017-05-22 15:43 - 000000000 ____D C:\Users\teoma\AppData\Local\CrashDumps
2021-02-26 06:21 - 2017-02-09 04:02 - 000000000 ____D C:\Program Files (x86)\Steam
2021-02-26 06:02 - 2017-06-05 17:12 - 000000000 ____D C:\Users\teoma\AppData\Roaming\discord
2021-02-26 06:01 - 2019-10-04 11:52 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2021-02-26 05:59 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-02-26 05:58 - 2017-02-09 03:41 - 000000000 ____D C:\ProgramData\NVIDIA
2021-02-26 05:57 - 2017-05-22 21:45 - 000000000 ____D C:\Program Files\CCleaner
2021-02-26 05:57 - 2017-05-22 15:43 - 000000000 ____D C:\Program Files (x86)\Blizzard App
2021-02-25 16:54 - 2017-02-09 03:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2021-02-25 16:51 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-02-25 11:58 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Help
2021-02-25 11:58 - 2017-05-22 14:55 - 000000000 ____D C:\Users\teoma\AppData\Local\NVIDIA
2021-02-25 11:58 - 2017-02-09 03:40 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2021-02-25 11:58 - 2017-02-09 03:40 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2021-02-25 11:51 - 2017-02-09 03:40 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2021-02-25 10:35 - 2017-05-22 14:55 - 000000000 ____D C:\Users\teoma\AppData\Local\Packages
2021-02-25 08:39 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-02-25 08:38 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-02-24 08:13 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\appcompat
2021-02-24 03:05 - 2020-05-27 09:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard
2021-02-24 03:05 - 2020-05-27 08:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAV Filters
2021-02-24 03:05 - 2020-05-27 07:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleverFiles Disk Drill (x64)
2021-02-24 03:05 - 2020-04-03 08:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2021-02-24 03:05 - 2020-03-25 20:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2021-02-24 03:05 - 2020-03-05 12:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft Classic
2021-02-24 03:05 - 2019-12-07 11:18 - 000000000 ____D C:\WINDOWS\Setup
2021-02-24 03:05 - 2019-12-07 11:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2021-02-24 03:05 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-02-24 03:05 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\spool
2021-02-24 03:05 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-02-24 03:05 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-02-24 03:05 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Registration
2021-02-24 03:05 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-02-24 03:05 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-02-24 03:05 - 2019-10-16 18:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-02-24 03:05 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2021-02-24 03:05 - 2018-07-22 02:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Acer
2021-02-24 03:05 - 2018-07-01 18:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2021-02-24 03:05 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2021-02-24 03:05 - 2018-01-09 18:47 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2021-02-24 03:05 - 2017-10-31 21:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark
2021-02-24 03:05 - 2017-10-10 20:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2021-02-24 03:05 - 2017-09-19 13:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker
2021-02-24 03:05 - 2017-07-12 10:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.3
2021-02-24 03:05 - 2017-07-12 10:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js
2021-02-24 03:05 - 2017-06-05 14:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2021-02-24 03:05 - 2017-05-24 19:05 - 000000000 ____D C:\Program Files\UNP
2021-02-24 03:05 - 2017-05-23 12:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge
2021-02-24 03:05 - 2017-05-22 22:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE FORCE
2021-02-24 03:05 - 2017-05-22 21:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2021-02-24 03:05 - 2017-05-22 15:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blizzard App
2021-02-24 03:05 - 2017-05-22 14:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2021-02-24 03:05 - 2017-05-22 14:53 - 000000000 ____D C:\WINDOWS\oem
2021-02-24 03:05 - 2017-02-09 04:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2021-02-24 03:05 - 2017-02-09 04:01 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 12
2021-02-24 03:05 - 2017-02-09 03:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2021-02-24 03:05 - 2017-02-09 03:36 - 000000000 ___HD C:\WINDOWS\system32\WLANProfiles
2021-02-24 03:05 - 2017-02-09 03:31 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2021-02-24 03:05 - 2017-02-09 03:29 - 000000000 ____D C:\Program Files\Intel
2021-02-24 03:03 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Resources
2021-02-24 03:03 - 2018-07-09 17:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2021-02-24 03:03 - 2018-03-23 10:31 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2021-02-24 03:03 - 2017-10-04 22:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2021-02-24 03:03 - 2017-09-14 17:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2021-02-24 03:03 - 2017-05-22 15:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SteelSeries
2021-02-24 03:01 - 2019-12-07 11:52 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-02-24 03:01 - 2019-12-07 11:52 - 000020908 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2021-02-24 03:01 - 2019-12-07 11:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-02-24 03:01 - 2019-12-07 11:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-02-24 03:01 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-02-24 03:01 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-02-24 03:01 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-02-24 03:01 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-02-24 03:01 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-02-24 03:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-02-24 03:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-02-24 03:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-02-24 03:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-02-24 03:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2021-02-24 03:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2021-02-24 03:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-02-24 03:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-02-24 03:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-02-24 03:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-02-24 03:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-02-24 03:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-02-24 03:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-02-24 03:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-02-24 03:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2021-02-24 03:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-02-24 03:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-02-24 03:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-02-24 03:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-02-24 03:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-02-24 03:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-02-24 03:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-02-24 03:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-02-24 03:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-02-24 03:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-02-24 03:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-02-24 03:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-02-24 03:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-02-24 03:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\IME
2021-02-24 03:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-02-24 03:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-02-24 03:01 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-02-24 03:01 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2021-02-24 03:01 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\servicing
2021-02-24 02:54 - 2019-12-07 11:51 - 000000000 ____D C:\WINDOWS\OCR
2021-02-24 02:53 - 2019-12-07 11:49 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2021-02-24 02:53 - 2019-12-07 11:49 - 000000000 ____D C:\WINDOWS\system32\WCN
2021-02-24 02:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-02-24 02:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-02-24 02:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2021-02-24 02:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2021-02-24 02:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-02-24 02:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-02-24 02:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-02-23 17:28 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-02-23 17:22 - 2017-05-22 14:55 - 000000000 ____D C:\Users\teoma\AppData\Local\PackageStaging
2021-02-23 17:12 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-02-23 17:12 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-02-23 17:12 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\USOPrivate
2021-02-23 17:12 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-02-23 17:12 - 2019-12-07 11:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-02-23 17:12 - 2018-07-10 07:56 - 000000000 ____D C:\ProgramData\Packages
2021-02-23 17:12 - 2018-06-06 06:22 - 000000000 ___RD C:\Users\teoma\3D Objects
2021-02-23 17:10 - 2020-06-06 23:09 - 000002425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-02-23 17:08 - 2020-05-20 10:05 - 000000000 ____D C:\Users\teoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2021-02-23 17:08 - 2020-04-03 08:20 - 000000000 ____D C:\Users\teoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2021-02-23 17:08 - 2020-04-03 08:19 - 000000000 ____D C:\Users\teoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2021-02-23 17:08 - 2019-10-09 16:50 - 000000000 ____D C:\Users\teoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Poma
2021-02-23 17:08 - 2018-07-04 20:28 - 000000000 ____D C:\Users\teoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2021-02-23 17:08 - 2018-07-03 21:58 - 000000000 ____D C:\Users\teoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server
2021-02-23 17:07 - 2019-10-31 22:48 - 000000000 ____D C:\Users\teoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies Inc
2021-02-23 17:07 - 2019-10-15 16:20 - 000000000 ____D C:\Users\teoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies
2021-02-23 17:07 - 2019-04-13 01:36 - 000000000 ____D C:\Users\teoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2021-02-23 17:07 - 2019-01-11 17:22 - 000000000 ____D C:\Users\teoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2021-02-23 17:07 - 2017-06-05 17:12 - 000000000 ____D C:\Users\teoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2021-02-23 17:07 - 2017-05-22 15:02 - 000000000 ____D C:\Program Files\SteelSeries
2021-02-23 17:07 - 2017-05-22 14:53 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\Packages
2021-02-23 09:09 - 2018-01-22 14:29 - 000002140 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-02-23 08:58 - 2017-06-05 17:12 - 000000000 ____D C:\Users\teoma\AppData\Local\SquirrelTemp
2021-02-20 08:44 - 2019-12-01 23:45 - 000000000 ____D C:\Users\teoma\AppData\Roaming\Telegram Desktop
2021-02-19 23:11 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\TextInput
2021-02-19 21:23 - 2018-02-28 18:59 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-02-19 21:23 - 2017-05-23 14:56 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-02-19 21:21 - 2017-05-23 14:56 - 130141752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-02-19 20:42 - 2017-05-22 21:48 - 000799104 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-02-19 20:42 - 2017-02-09 03:17 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-02-19 20:41 - 2019-01-11 17:22 - 000000000 ____D C:\Users\teoma\AppData\Local\WhatsApp
2021-02-19 20:38 - 2017-06-05 17:12 - 000000000 ____D C:\Users\teoma\AppData\Local\Discord
2021-02-19 20:34 - 2017-05-22 14:57 - 000000000 ___RD C:\Users\teoma\OneDrive
2021-01-27 13:17 - 2018-07-01 18:24 - 002797808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2021-01-27 13:17 - 2018-07-01 18:24 - 002154224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2021-01-27 13:17 - 2018-07-01 18:24 - 001295088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll

==================== Files in the root of some directories ========

2018-08-02 17:41 - 2020-06-02 08:26 - 000000034 _____ () C:\Users\teoma\AppData\Roaming\AdobeWLCMCache.dat
2018-09-28 18:01 - 2018-09-28 18:01 - 000000000 _____ () C:\Users\teoma\AppData\Local\oobelibMkey.log
2021-02-23 10:33 - 2021-02-23 10:33 - 000000218 _____ () C:\Users\teoma\AppData\Local\recently-used.xbel
==================== End of FRST.txt ========================
 

TeodoraM

Posts: 8   +0
==================== Memory info ===========================

BIOS: American Megatrends Inc. 0505 11/08/2016
Motherboard: ASUSTeK COMPUTER INC. STRIX Z270H GAMING
Processor: Intel(R) Core(TM) i7-7700 CPU @ 3.60GHz
Percentage of memory in use: 29%
Total physical RAM: 32698.68 MB
Available physical RAM: 23210.13 MB
Total Virtual: 37562.68 MB
Available Virtual: 24365.29 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:237.91 GB) (Free:16.89 GB) NTFS
Drive d: (DATA) (Fixed) (Total:237.91 GB) (Free:30.23 GB) NTFS
Drive z: (FancyDrive) (Fixed) (Total:931.5 GB) (Free:733.12 GB) NTFS

\\?\Volume{e359757b-6408-4905-a646-cfe23036613c}\ (Recovery) (Fixed) (Total:1 GB) (Free:0.57 GB) NTFS
\\?\Volume{2a07ef4d-38c3-4ecd-8e2d-eda5078b29a7}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 86E5C0D1)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================
 

Broni

Posts: 55,721   +501
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================

1. The second log is incomplete.

2. That PUP shows up where and when?
 

TeodoraM

Posts: 8   +0
1. By second log do you mean the Addition.txt? that's all that's in there.
2.Malwarebytes does a scan every morning and it shows up every time -> quarantine -> shows up again next scan
 

TeodoraM

Posts: 8   +0
Ah ok, did another scan. I see what you mean now.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-02-2021
Ran by teoma (26-02-2021 15:36:00)
Running from C:\Users\teoma\Desktop
Windows 10 Home Version 2004 19041.804 (X64) (2021-02-23 15:12:08)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1868823286-2031935487-995410770-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1868823286-2031935487-995410770-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1868823286-2031935487-995410770-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-1868823286-2031935487-995410770-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1868823286-2031935487-995410770-1003 - Limited - Enabled)
teoma (S-1-5-21-1868823286-2031935487-995410770-1001 - Administrator - Enabled) => C:\Users\teoma
WDAGUtilityAccount (S-1-5-21-1868823286-2031935487-995410770-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3038 - Acer Incorporated)
Acer Configuration Manager (HKLM-x32\...\{414D554E-4453-454E-0201-000000016258}) (Version: 2.1.16258 - Acer)
Acer Jumpstart (HKLM-x32\...\{4B92BFBE-917D-4FA1-97E9-DB9D91286E90}) (Version: 3.0.18135.100 - Acer)
Acer Quick Access (HKLM\...\{8BBF04F1-C68A-441C-B5EF-446EE9960EAF}) (Version: 2.01.3009 - Acer Incorporated)
Acer UEIP Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 3.02.3001 - Acer Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.001.20142 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.6.0.384 - Adobe Systems Incorporated)
Adobe Illustrator 2020 (HKLM-x32\...\ILST_24_0_1) (Version: 24.0.1 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.0 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2018 (HKLM-x32\...\PHSP_19_0_1) (Version: 19.0.1 - Adobe Systems Incorporated)
Adobe Premiere (HKLM\...\{C1CB876C-A08E-4692-B525-42848BD154D7}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 20.10.2442 - Avast Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 88.1.8016.151 - AVAST Software)
Blizzard App (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Canon Utilities EOS Lens Registration Tool (HKLM-x32\...\EOS Lens Registration Tool) (Version: 1.12.10.2 - Canon Inc.)
Canon Utilities EOS Network Setting Tool (HKLM-x32\...\EOS Network Setting Tool) (Version: 1.0.10.4 - Canon Inc.)
Canon Utilities EOS Utility 2 (HKLM-x32\...\EOS Utility 2) (Version: 2.14.20.0 - Canon Inc.)
Canon Utilities EOS Utility 3 (HKLM-x32\...\EOS Utility 3) (Version: 3.12.10.7 - Canon Inc.)
Canon Utilities EOS Web Service Registration Tool (HKLM-x32\...\EOS Web Service Registration Tool) (Version: 1.9.10.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.77 - Piriform)
CCleaner Browser (HKLM-x32\...\CCleaner Browser) (Version: 88.1.8016.153 - Piriform Software)
CCleaner Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.8.1067.0 - Piriform Software) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.6329.01 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Deluge 1.3.15 (HKLM-x32\...\Deluge) (Version: - )
Discord (HKU\S-1-5-21-1868823286-2031935487-995410770-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Disk Drill 4.0.521.0 (HKLM-x32\...\{a8ca0956-f8c2-46e2-96fb-ae2c997dc11c}) (Version: 4.0.521.0 - CleverFiles)
Disk Drill 4.0.521.0 (x64) (HKLM\...\{EA9AFACB-A92D-4246-BB5E-7BA730C924A9}) (Version: 4.0.521.0 - CleverFiles) Hidden
Dokan Library 1.2.0.1000 (x64) (HKLM\...\{65A3A964-3DC3-0102-0000-180809151012}) (Version: 1.2.0.1000 - Dokany Project) Hidden
Dokan Library 1.2.0.1000 Bundle (HKLM-x32\...\{c2f619b0-68fd-4433-970e-cd66cd7a2775}) (Version: 1.2.0.1000 - Dokany Project)
DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3019 - Acer Incorporated)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS)
Epic Games Launcher (HKLM-x32\...\{C69A2919-0662-4390-9418-67C931B44C18}) (Version: 1.1.236.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
ExpressVPN (HKLM-x32\...\{7d1b9543-d21a-48f9-aae3-7779b592ce78}) (Version: 7.9.0.1210 - ExpressVPN)
ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B8465D7CEB}) (Version: 7.9.0.1210 - ExpressVPN) Hidden
FL Studio 20 (HKLM-x32\...\FL Studio 20) (Version: - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line)
GIGABYTE FORCE Driver (HKLM-x32\...\GMouse) (Version: - )
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.190 - Google LLC)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Hotsapi.Uploader (HKU\S-1-5-21-1868823286-2031935487-995410770-1001\...\Hotsapi) (Version: 2.1.0 - Poma)
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{3A55D9C8-17B6-41F9-B9C2-4B1532DCD016}) (Version: 19.10.1635.0483 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{544ecb18-5d76-44bb-ac33-8d06719e39e7}) (Version: 19.20.0 - Intel Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LAV Filters 0.74.1 (HKLM-x32\...\lavfilters_is1) (Version: 0.74.1 - Hendrik Leppkes)
Lexmark S600 Series (HKLM\...\Lexmark S600 Series) (Version: - Lexmark International, Inc.)
LibreOffice 5.3.4.2 (HKLM\...\{798CC630-3AA2-457E-B453-1EBBC3A4582F}) (Version: 5.3.4.2 - The Document Foundation)
Logitech Gaming Software 8.92 (HKLM\...\Logitech Gaming Software) (Version: 8.92.67 - Logitech Inc.)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.13127.21216 - Microsoft Corporation)
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.13127.21216 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.74 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.59 - )
Microsoft OneDrive (HKU\S-1-5-21-1868823286-2031935487-995410770-1001\...\OneDriveSetup.exe) (Version: 21.002.0104.0005 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{49e969a1-2990-464d-92b5-25f6f34573c6}) (Version: 12.0.40664.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{d2c8df0e-f15d-4426-9e51-f13f329f9cb4}) (Version: 12.0.40664.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 45.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0 (x86 en-US)) (Version: 45.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0 - Mozilla)
NETGEAR WNA3100 wireless USB 2.0 driver (HKLM-x32\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 2.2.0.2 - NETGEAR)
Node.js (HKLM\...\{7225FD0F-D8E9-47DE-B0C8-994F5F25F46D}) (Version: 4.6.1 - Node.js Foundation)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden
NVIDIA FrameView SDK 1.1.4923.29548709 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29548709 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.21.0.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.21.0.36 - NVIDIA Corporation)
NVIDIA Graphics Driver 461.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 461.40 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 20.0.1 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13127.21064 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13127.21064 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13127.21216 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.13127.21064 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8018 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 7.1.0 (HKLM-x32\...\RTSS) (Version: 7.1.0 - Unwinder)
Slack (HKU\S-1-5-21-1868823286-2031935487-995410770-1001\...\slack) (Version: 4.2.0 - Slack Technologies Inc.)
Sound Blaster X-Fi MB5 (HKLM-x32\...\{918A4598-866C-4B8F-8901-13F8593EBED6}) (Version: 1.00.14 - Creative Technology Limited)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Spotify (HKU\S-1-5-21-1868823286-2031935487-995410770-1001\...\Spotify) (Version: 1.1.53.608.g7ed9c03a - Spotify AB)
Spotify Weblink (HKLM-x32\...\{8CADF0CB-E834-4019-9B11-B84E051F2A8E}) (Version: 1.16.1210 - Acer)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.19.0 (HKLM\...\SteelSeries Engine 3) (Version: 3.19.0 - SteelSeries ApS)
Teams Machine-Wide Installer (HKLM-x32\...\{39AF0813-FA7B-4860-ADBE-93B9B214B914}) (Version: 1.2.0.34161 - Microsoft Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.8 - TeamSpeak Systems GmbH)
Twitch (HKU\S-1-5-21-1868823286-2031935487-995410770-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 8.0.0 - Twitch Interactive, Inc.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 85.1 - Ubisoft)
WhatsApp (HKU\S-1-5-21-1868823286-2031935487-995410770-1001\...\WhatsApp) (Version: 2.2104.10 - WhatsApp)
Windows Movie Maker 2016 (HKLM-x32\...\{3CC29C1A-B5FE-457B-8F22-32A2videowin}}_is1) (Version: - videowinsoft.com)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wondershare Filmora(Build 8.4.0) (HKLM\...\Wondershare Filmora_is1) (Version: - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
Wondershare Recoverit(Build 8.7.2.21) (HKLM-x32\...\{829555DC-31E5-4FEA-B350-8FCF24CECD95}_is1) (Version: 8.7.2.21 - Wondershare Software Co.,Ltd.)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
World of Warcraft Beta (HKLM-x32\...\World of Warcraft Beta) (Version: - Blizzard Entertainment)
World of Warcraft Classic (HKLM-x32\...\World of Warcraft Classic) (Version: - Blizzard Entertainment)
Xerox Desktop Print Experience 5.0 (HKLM\...\{F69C2056-BC8D-EC77-49FB-E9F863F8C9AA}) (Version: 7.192.8.0 - Xerox Corporation)
Zoom (HKU\S-1-5-21-1868823286-2031935487-995410770-1001\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)

Packages:
=========
Facebook -> C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt [2019-10-23] (Facebook Inc)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-02-23] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-02-23] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-02-25] (Microsoft Studios) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-15] (Netflix, Inc.)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.)
Xbox 360 SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxCompanion_1.4.3.0_x64__8wekyb3d8bbwe [2018-03-01] (Microsoft Corporation) [MS Ad]
Xerox Print and Scan Experience -> C:\Program Files\WindowsApps\XeroxCorp.PrintExperience_7.192.8.0_x64__f7egpvdyrs2a8 [2021-02-25] (Xerox Corp)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1868823286-2031935487-995410770-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-783100C56721} -> [Creative Cloud Files] => C:\Users\teoma\Creative Cloud Files [2018-01-09 18:47]
CustomCLSID: HKU\S-1-5-21-1868823286-2031935487-995410770-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-02-26] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-02-26] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-02-26] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2021-01-22] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-02-26] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\teoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Postman.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fhbjgbiflinjbdggehcddcbncdddomop

==================== Loaded Modules (Whitelisted) =============

2021-02-19 21:34 - 2021-02-19 21:34 - 104873984 _____ () [File not signed] C:\Program Files (x86)\Blizzard App\Battle.net.12685\libcef.dll
2021-02-19 21:34 - 2021-02-19 21:34 - 000112128 _____ () [File not signed] C:\Program Files (x86)\Blizzard App\Battle.net.12685\libegl.dll
2021-02-19 21:34 - 2021-02-19 21:34 - 006227456 _____ () [File not signed] C:\Program Files (x86)\Blizzard App\Battle.net.12685\libglesv2.dll
2017-10-31 21:08 - 2010-04-05 05:55 - 000159890 _____ () [File not signed] C:\Program Files (x86)\Lexmark S600 Series\customui.dll
2017-10-31 21:08 - 2010-04-05 05:55 - 000061604 _____ () [File not signed] C:\Program Files (x86)\Lexmark S600 Series\Epfunct.DLL
2017-10-31 21:08 - 2010-04-05 05:56 - 000094359 _____ () [File not signed] C:\Program Files (x86)\Lexmark S600 Series\EPOEMDll.dll
2017-10-31 21:08 - 2010-04-05 05:56 - 000045221 _____ () [File not signed] C:\Program Files (x86)\Lexmark S600 Series\epstring.dll
2017-10-31 21:08 - 2010-04-05 05:54 - 000123033 _____ () [File not signed] C:\Program Files (x86)\Lexmark S600 Series\Eputil.DLL
2017-10-31 21:08 - 2010-04-05 05:56 - 000716954 _____ () [File not signed] C:\Program Files (x86)\Lexmark S600 Series\Epwizard.DLL
2017-10-31 21:08 - 2010-04-05 05:56 - 002203803 _____ () [File not signed] C:\Program Files (x86)\Lexmark S600 Series\EPWizRes.dll
2017-10-31 21:08 - 2010-04-05 05:54 - 000143502 _____ () [File not signed] C:\Program Files (x86)\Lexmark S600 Series\Imagutil.DLL
2017-10-31 21:08 - 2009-03-02 09:25 - 000151552 _____ () [File not signed] C:\Program Files (x86)\Lexmark S600 Series\lxedptp.dll
2017-10-31 21:08 - 2010-04-01 12:23 - 000389120 _____ () [File not signed] C:\Program Files (x86)\Lexmark S600 Series\lxedscw.dll
2019-07-29 08:58 - 2015-02-26 19:19 - 000380928 _____ () [File not signed] C:\Program Files (x86)\NETGEAR\WNA3100\WifiLib.dll
2017-02-09 03:47 - 2015-08-01 03:33 - 000366080 _____ () [File not signed] C:\Windows\SYSTEM32\APOMgr64.DLL
2017-02-09 03:47 - 2015-08-01 03:34 - 000089600 _____ () [File not signed] C:\Windows\SYSTEM32\CmdRtr64.DLL
2019-07-29 08:58 - 2011-06-21 15:04 - 000229376 _____ (Broadcom Corporation) [File not signed] C:\Program Files (x86)\NETGEAR\WNA3100\wps_api.dll
2017-10-31 21:08 - 2009-03-10 00:41 - 000962560 _____ (Corp.) [File not signed] C:\Program Files (x86)\Lexmark S600 Series\lxedmonr.dll
2017-02-09 03:46 - 2015-04-10 01:25 - 000559104 ____N (Creative Technology Ltd) [File not signed] C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB5\Sound Blaster X-Fi MB5\CTAudEp.dll
2017-02-09 03:46 - 2015-04-10 01:25 - 000238080 ____N (Creative Technology Ltd) [File not signed] C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB5\Sound Blaster X-Fi MB5\CTLoadRs.dll
2017-02-09 03:46 - 2015-05-27 19:49 - 000251904 ____N (Creative Technology Ltd) [File not signed] C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB5\Sound Blaster X-Fi MB5\HKDetect.dll
2020-12-21 21:49 - 2020-12-21 21:49 - 002146304 _____ (Holtek Semiconductor Inc.) [File not signed] C:\Program Files\SteelSeries\SteelSeries Engine 3\HIDDLL.dll
2020-12-21 21:49 - 2020-12-21 21:49 - 002284032 _____ (Holtek) [File not signed] C:\Program Files\SteelSeries\SteelSeries Engine 3\ISPDLL.dll
2017-10-31 21:08 - 2008-03-05 14:23 - 000261264 _____ (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\Lexmark S600 Series\Ltdis15u.dll
2017-10-31 21:08 - 2008-03-05 14:23 - 000257168 _____ (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\Lexmark S600 Series\LTEFX15U.DLL
2017-10-31 21:08 - 2008-03-05 14:23 - 000183440 _____ (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\Lexmark S600 Series\Ltfil15u.dll
2017-10-31 21:08 - 2008-03-05 14:23 - 000212112 _____ (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\Lexmark S600 Series\Ltimgclr15u.dll
2017-10-31 21:08 - 2008-03-05 14:23 - 000355472 _____ (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\Lexmark S600 Series\LTIMGCOR15U.DLL
2017-10-31 21:08 - 2008-03-05 14:23 - 000216208 _____ (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\Lexmark S600 Series\LTIMGEFX15U.DLL
2017-10-31 21:08 - 2008-03-05 14:23 - 000445584 _____ (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\Lexmark S600 Series\LTIMGSFX15U.DLL
2017-10-31 21:08 - 2008-03-05 14:23 - 000117904 _____ (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\Lexmark S600 Series\Ltimgutl15u.dll
2017-10-31 21:08 - 2008-03-05 14:23 - 000482448 _____ (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\Lexmark S600 Series\Ltkrn15u.dll
2017-10-31 21:08 - 2008-03-05 14:23 - 002239632 _____ (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\Lexmark S600 Series\Ltwvc215u.dll
2018-05-01 19:58 - 2018-05-01 19:58 - 000211456 _____ (Mercer Road Corp) [File not signed] C:\Games\Heroes of the Storm\Support64\ortp_x64.dll
2018-05-01 19:58 - 2018-05-01 19:58 - 005214208 _____ (Mercer Road Corp) [File not signed] C:\Games\Heroes of the Storm\Support64\vivoxsdk_x64.dll
2017-10-31 21:08 - 2010-04-01 12:18 - 000548864 _____ (PDFlib GmbH) [File not signed] C:\Program Files (x86)\Lexmark S600 Series\PdfLib.dll
2021-02-19 21:34 - 2021-02-19 21:34 - 000810496 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Blizzard App\Battle.net.12685\chrome_elf.dll
2017-05-22 16:07 - 2017-05-22 16:07 - 010893824 _____ (The ICU Project) [File not signed] C:\Games\Heroes of the Storm\Support64\icudt52.dll
2017-05-22 16:07 - 2017-05-22 16:07 - 001760768 _____ (The ICU Project) [File not signed] C:\Games\Heroes of the Storm\Support64\icuin52.dll
2017-05-22 16:07 - 2017-05-22 16:07 - 001327104 _____ (The ICU Project) [File not signed] C:\Games\Heroes of the Storm\Support64\icuuc52.dll
2021-02-19 21:33 - 2021-02-19 21:33 - 000047104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Blizzard App\Battle.net.12685\audio\qtaudio_windows.dll
2021-02-19 21:34 - 2021-02-19 21:34 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Blizzard App\Battle.net.12685\imageformats\qgif.dll
2021-02-19 21:34 - 2021-02-19 21:34 - 000027136 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Blizzard App\Battle.net.12685\imageformats\qico.dll
2021-02-19 21:34 - 2021-02-19 21:34 - 000243712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Blizzard App\Battle.net.12685\imageformats\qjpeg.dll
2021-02-19 21:34 - 2021-02-19 21:34 - 000223744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Blizzard App\Battle.net.12685\imageformats\qmng.dll
2021-02-19 21:34 - 2021-02-19 21:34 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Blizzard App\Battle.net.12685\imageformats\qsvg.dll
2021-02-19 21:34 - 2021-02-19 21:34 - 000332288 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Blizzard App\Battle.net.12685\imageformats\qtiff.dll
2021-02-19 21:34 - 2021-02-19 21:34 - 001140224 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Blizzard App\Battle.net.12685\platforms\qwindows.dll
2021-02-19 21:34 - 2021-02-19 21:35 - 004943360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Blizzard App\Battle.net.12685\Qt5Core.dll
2021-02-19 21:35 - 2021-02-19 21:35 - 005022208 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Blizzard App\Battle.net.12685\Qt5Gui.dll
2021-02-19 21:35 - 2021-02-19 21:35 - 000626176 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Blizzard App\Battle.net.12685\Qt5Multimedia.dll
2021-02-19 21:35 - 2021-02-19 21:35 - 000877056 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Blizzard App\Battle.net.12685\Qt5Network.dll
2021-02-19 21:35 - 2021-02-19 21:35 - 002908672 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Blizzard App\Battle.net.12685\Qt5Qml.dll
2021-02-19 21:35 - 2021-02-19 21:35 - 003078656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Blizzard App\Battle.net.12685\Qt5Quick.dll
2021-02-19 21:35 - 2021-02-19 21:35 - 000259072 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Blizzard App\Battle.net.12685\Qt5Svg.dll
2021-02-19 21:35 - 2021-02-19 21:35 - 004718080 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Blizzard App\Battle.net.12685\Qt5Widgets.dll
2021-02-19 21:35 - 2021-02-19 21:35 - 000439296 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Blizzard App\Battle.net.12685\Qt5WinExtras.dll
2021-02-19 21:35 - 2021-02-19 21:35 - 000159232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Blizzard App\Battle.net.12685\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-1868823286-2031935487-995410770-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://msi13.msn.com/
HKU\S-1-5-21-1868823286-2031935487-995410770-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE
SearchScopes: HKU\S-1-5-21-1868823286-2031935487-995410770-1001 -> DefaultScope {231345FC-4179-4DB4-8BDA-CC60BCF670AF} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1868823286-2031935487-995410770-1001 -> {231345FC-4179-4DB4-8BDA-CC60BCF670AF} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-02-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-02-19] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-19] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-19] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-19] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-19] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1868823286-2031935487-995410770-1001\...\hola.org -> hxxp://hola.org
IE trusted site: HKU\S-1-5-21-1868823286-2031935487-995410770-1001\...\sharepoint.com -> hxxps://tuni-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 13:47 - 2019-12-31 14:18 - 000001025 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 activate.adobe.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\nodejs\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1868823286-2031935487-995410770-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1868823286-2031935487-995410770-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\teoma\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\screen_eada7243-2219-4b8f-b4c6-7350eaffcc07_hi.png
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

Network Binding:
=============
Ethernet 2: General NDIS Protocol Driver -> SCM_NDISPROT (enabled)
Ethernet 3: General NDIS Protocol Driver -> SCM_NDISPROT (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==
 

TeodoraM

Posts: 8   +0
==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{99F41114-CBB4-41EC-BC53-975280CD3085}C:\games\heroes of the storm\versions\base83716\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base83716\heroesofthestorm_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [TCP Query User{B28F696E-D17D-47A0-B999-62B42B8F562E}C:\games\heroes of the storm\versions\base83716\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base83716\heroesofthestorm_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [UDP Query User{A23D7151-00B3-474B-A35F-24C7855FF1B7}C:\games\heroes of the storm\versions\base83716\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base83716\heroesofthestorm_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [TCP Query User{5F50E0DB-0ADB-4D79-8177-3435EB703278}C:\games\heroes of the storm\versions\base83716\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base83716\heroesofthestorm_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [{C69A857C-4631-4642-9418-E9E747EBAFBB}] => (Allow) C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe (Piriform Software Ltd -> Piriform Software)
FirewallRules: [{65830BC7-1E69-4C42-8E4E-FF7C57859060}] => (Allow) Z:\SteamLibrary\steamapps\common\TheLongDark\tld.exe () [File not signed]
FirewallRules: [{E882123A-1911-4CBD-837F-343F2477BAE8}] => (Allow) Z:\SteamLibrary\steamapps\common\TheLongDark\tld.exe () [File not signed]
FirewallRules: [{52A9DF94-DEA2-40B4-BAB3-A456BDDC5D2A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{673DC0EC-0352-4737-AAF5-6717E64EE45D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7885A83A-AAEF-479B-9963-867E096ADACE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CEBF4E3F-FA22-4351-9119-9C86AB733063}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{19684B36-4ED5-49C5-BE5A-E7BF143FB7DE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{E0B89D3A-769C-4694-AC0D-ED9B21ADD209}C:\games\heroes of the storm\versions\base80702\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base80702\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{25AF7C38-1EF2-4577-BB6B-B9392D474C59}C:\games\heroes of the storm\versions\base80702\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base80702\heroesofthestorm_x64.exe => No File
FirewallRules: [{F8CBB1BB-23D8-42B4-9E51-3FAA6708A924}] => (Allow) Z:\SteamLibrary\steamapps\common\Predecessor\PredecessorClient.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{7006A54B-6C4E-4809-9B4C-44DEEBFB3594}] => (Allow) Z:\SteamLibrary\steamapps\common\Predecessor\PredecessorClient.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [UDP Query User{BD08C075-16A4-440B-9FAD-971165D6A44D}C:\games\heroes of the storm\versions\base80333\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base80333\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{03C466C3-DB15-4659-945B-9D8DB17B3236}C:\games\heroes of the storm\versions\base80333\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base80333\heroesofthestorm_x64.exe => No File
FirewallRules: [{FA9ACD66-5C0C-4677-A27A-A5CA3E00A429}] => (Allow) Z:\SteamLibrary\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe (Wildcard Properties LLC -> Epic Games, Inc.)
FirewallRules: [{729FD557-1814-493D-ADB6-2D1FCC65C496}] => (Allow) Z:\SteamLibrary\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe (Wildcard Properties LLC -> Epic Games, Inc.)
FirewallRules: [{0CE7BF53-2214-41EE-B520-046AB4EF370E}] => (Allow) Z:\SteamLibrary\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{270935C5-0D41-45CD-9481-788F33F9D6D8}] => (Allow) Z:\SteamLibrary\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [UDP Query User{E4B365E3-A745-442B-B5E9-A2E968A23610}C:\games\heroes of the storm\versions\base80046\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base80046\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{735ED1D3-05D3-455C-BAC3-F527250216E2}C:\games\heroes of the storm\versions\base80046\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base80046\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{879BB7DE-6BB1-45CE-9A29-A93E62A2A1BC}C:\games\heroes of the storm\versions\base79999\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base79999\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{91AA8398-E2F4-4CEA-95E8-236534865796}C:\games\heroes of the storm\versions\base79999\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base79999\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{244EC3E7-D3BB-4479-98C7-7EB89D8F26EB}D:\games\borderlands2\binaries\win32\borderlands2.exe] => (Allow) D:\games\borderlands2\binaries\win32\borderlands2.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.) [File not signed]
FirewallRules: [TCP Query User{ABD3FD9F-C1AF-4F34-AA04-9D36E8B38CD0}D:\games\borderlands2\binaries\win32\borderlands2.exe] => (Allow) D:\games\borderlands2\binaries\win32\borderlands2.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.) [File not signed]
FirewallRules: [{21A994DD-DD8F-4230-962E-D62EED7D71A7}] => (Allow) LPort=57209
FirewallRules: [{F085ECEC-495B-475B-9352-DC251CE7DF05}] => (Allow) LPort=57209
FirewallRules: [UDP Query User{316BDD94-89F6-434C-AC3A-E91DC5899F92}C:\games\heroes of the storm\versions\base79515\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base79515\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{B88629B7-3841-41C9-B65A-30C24F1238A5}C:\games\heroes of the storm\versions\base79515\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base79515\heroesofthestorm_x64.exe => No File
FirewallRules: [{CB520C62-1D7E-4AF4-8963-D5C2137FA79D}] => (Allow) D:\Games\Steam\steamapps\common\Crucible\Launch_Crucible.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{CAB2E965-1F47-4AF0-8823-7D66DA75B151}] => (Allow) D:\Games\Steam\steamapps\common\Crucible\Launch_Crucible.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [UDP Query User{A126CA79-F596-40B9-8D98-14D8658837FD}C:\games\heroes of the storm\versions\base79155\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base79155\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{7E3E80E0-3349-4F9D-93A1-8F6A755E7A83}C:\games\heroes of the storm\versions\base79155\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base79155\heroesofthestorm_x64.exe => No File
FirewallRules: [{B1340C44-4341-45C3-A1CA-D97064098773}] => (Allow) D:\Games\Steam\steamapps\common\Green Hell\GH.exe () [File not signed]
FirewallRules: [{30878344-215E-4CBD-BA61-5A261052CA76}] => (Allow) D:\Games\Steam\steamapps\common\Green Hell\GH.exe () [File not signed]
FirewallRules: [UDP Query User{7E69D012-C3BC-4E59-AF61-C31101B03417}D:\games\heroes of the storm public test\versions\base79033\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm public test\versions\base79033\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{AEE91A86-DEE8-48FA-81EA-F42246ED8FC5}D:\games\heroes of the storm public test\versions\base79033\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm public test\versions\base79033\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{FEFD1797-1B89-4CD2-92A6-CD27DC371A85}C:\users\teoma\desktop\drunkensailorweek3.1\engine\binaries\win32\ue4game.exe] => (Allow) C:\users\teoma\desktop\drunkensailorweek3.1\engine\binaries\win32\ue4game.exe => No File
FirewallRules: [TCP Query User{9FEE7613-1D7C-433B-B4FE-B09240F0BA3C}C:\users\teoma\desktop\drunkensailorweek3.1\engine\binaries\win32\ue4game.exe] => (Allow) C:\users\teoma\desktop\drunkensailorweek3.1\engine\binaries\win32\ue4game.exe => No File
FirewallRules: [{58E7084F-6709-412E-8218-86CB1BCC8EF8}] => (Allow) D:\Games\Steam\steamapps\common\Planet Zoo\PlanetZoo.exe (Frontier Developments) [File not signed]
FirewallRules: [{49288F16-28D0-45A6-B92C-E830E6CDBEB8}] => (Allow) D:\Games\Steam\steamapps\common\Planet Zoo\PlanetZoo.exe (Frontier Developments) [File not signed]
FirewallRules: [UDP Query User{0F0212CC-FBC2-4220-B8C4-E8149FE35407}C:\users\teoma\desktop\drunkensailorweek2\engine\binaries\win32\ue4game.exe] => (Allow) C:\users\teoma\desktop\drunkensailorweek2\engine\binaries\win32\ue4game.exe => No File
FirewallRules: [TCP Query User{CF7786AC-A226-4A41-9705-78EE68478F17}C:\users\teoma\desktop\drunkensailorweek2\engine\binaries\win32\ue4game.exe] => (Allow) C:\users\teoma\desktop\drunkensailorweek2\engine\binaries\win32\ue4game.exe => No File
FirewallRules: [{042AFA03-27BF-4C63-AA69-91D13653074B}] => (Allow) C:\Users\teoma\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{39BACD37-F3A6-42EE-95A8-89DBEC5AEEC0}] => (Allow) C:\Users\teoma\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{1E03FF92-E72B-417F-B011-E6A2AD084D3D}C:\users\teoma\desktop\drunkensailor\engine\binaries\win32\ue4game.exe] => (Allow) C:\users\teoma\desktop\drunkensailor\engine\binaries\win32\ue4game.exe => No File
FirewallRules: [TCP Query User{E840B8B3-B95A-48BE-91FC-8D04189E0426}C:\users\teoma\desktop\drunkensailor\engine\binaries\win32\ue4game.exe] => (Allow) C:\users\teoma\desktop\drunkensailor\engine\binaries\win32\ue4game.exe => No File
FirewallRules: [{81D31837-6F50-428E-BA49-1AE6D59CE3FF}] => (Allow) D:\Games\Steam\steamapps\common\New World Public Test\NewWorldLauncher.exe (Amazon.com Services LLC -> EasyAntiCheat Ltd)
FirewallRules: [{E0631431-EAE9-465B-A47B-78DA4ADA4536}] => (Allow) D:\Games\Steam\steamapps\common\New World Public Test\NewWorldLauncher.exe (Amazon.com Services LLC -> EasyAntiCheat Ltd)
FirewallRules: [UDP Query User{2A3FD6C1-FED2-4896-A6CB-C28BECAB49BC}C:\games\heroes of the storm\versions\base78725\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base78725\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{B29DA88A-5A6D-4732-A303-96C846D8A7E0}C:\games\heroes of the storm\versions\base78725\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base78725\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{E1EC4656-48CC-47CB-9163-F8A545557DC8}C:\games\heroes of the storm\versions\base78679\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base78679\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{5AC1FAC1-206C-47CA-86E6-0CF9E3E4E71F}C:\games\heroes of the storm\versions\base78679\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base78679\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{F06A5BFD-B370-43B8-AB5D-25F1539F805C}C:\games\heroes of the storm\versions\base78256\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base78256\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{F1ED720D-6673-43BF-B133-53483B0A3CF8}C:\games\heroes of the storm\versions\base78256\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base78256\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{6D13328C-E0BA-4D0C-870B-311C0EEB9E9F}C:\users\teoma\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\teoma\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{61668822-767B-4F72-AACF-576EFF3321BD}C:\users\teoma\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\teoma\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{B0C97928-9745-4449-80DE-504E72A1CE56}D:\games\steam\steamapps\common\new world public test\bin64\javelin_x64.exe] => (Allow) D:\games\steam\steamapps\common\new world public test\bin64\javelin_x64.exe (Amazon.com Services LLC -> Amazon.com, Inc.)
FirewallRules: [TCP Query User{B8D2FD07-2668-4A36-8C3B-FE7B18DDD85F}D:\games\steam\steamapps\common\new world public test\bin64\javelin_x64.exe] => (Allow) D:\games\steam\steamapps\common\new world public test\bin64\javelin_x64.exe (Amazon.com Services LLC -> Amazon.com, Inc.)
FirewallRules: [UDP Query User{93423CF2-65D3-4FFC-B90E-54CF1722D49B}C:\games\heroes of the storm\versions\base77981\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base77981\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{007E2474-FF95-49DE-B003-B2929CB23599}C:\games\heroes of the storm\versions\base77981\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base77981\heroesofthestorm_x64.exe => No File
FirewallRules: [{E82C4764-EF1F-4442-9BC2-805470A29AF9}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{34B574A7-FC3C-45B9-B5BE-62819A0F40E1}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D354BCD1-0307-4054-85F0-2A06FBA580D2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2C101D87-5E61-4AF3-8631-14B021341A2C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{D84B7BDD-4177-461E-A514-735F331754D3}D:\games\torchlight 2\torchlight2.exe] => (Allow) D:\games\torchlight 2\torchlight2.exe => No File
FirewallRules: [TCP Query User{8479E5EB-3972-478E-BDCB-BDCFF8B1C7BF}D:\games\torchlight 2\torchlight2.exe] => (Allow) D:\games\torchlight 2\torchlight2.exe => No File
FirewallRules: [UDP Query User{0AAA7196-3658-4A1D-9DDF-5167AEB56F51}C:\games\heroes of the storm\versions\base77692\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base77692\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{B7EEEE4B-8D86-4480-ACDC-2C6B72FFEB24}C:\games\heroes of the storm\versions\base77692\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base77692\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{5D253D02-63F3-4BF0-AD31-5439E0E796CC}C:\games\heroes of the storm\versions\base77548\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base77548\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{3DD2DBA5-997B-4F96-93A5-1D9032A899B1}C:\games\heroes of the storm\versions\base77548\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base77548\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{15784191-A3AF-4FC9-A1FD-5AC832526EB9}C:\games\heroes of the storm\versions\base77406\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base77406\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{1A3DFE20-BE0C-491D-96CD-CEE60385B2D4}C:\games\heroes of the storm\versions\base77406\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base77406\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{F29EEE6D-C1B0-43D1-814B-9FC5E81F3165}D:\games\hearthstone\hearthstone.exe] => (Allow) D:\games\hearthstone\hearthstone.exe => No File
FirewallRules: [TCP Query User{057CDB08-A7B8-442F-AB05-C710E07074BA}D:\games\hearthstone\hearthstone.exe] => (Allow) D:\games\hearthstone\hearthstone.exe => No File
FirewallRules: [UDP Query User{DB7FF3CE-56BF-43BD-A8A4-32DB08107368}C:\games\heroes of the storm\versions\base77205\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base77205\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{7BA2BF66-CB23-4BE4-A3A1-8A3055A9215B}C:\games\heroes of the storm\versions\base77205\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base77205\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{56801741-8784-416F-86E9-5EB93ED39EE5}C:\games\heroes of the storm\versions\base76893\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base76893\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{E2804EDC-53B6-42EA-B2E2-0B76B30683D6}C:\games\heroes of the storm\versions\base76893\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base76893\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{A75355CC-6371-472D-8715-20AB3A15364D}C:\games\heroes of the storm\versions\base76781\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base76781\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{8CE13937-0896-4ABF-B985-3503663098CC}C:\games\heroes of the storm\versions\base76781\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base76781\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{0F71CE21-D198-410D-A6D9-6B4AA93D0AD9}C:\users\teoma\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\teoma\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{8EA05495-53B8-41E5-A997-49BC95459692}C:\users\teoma\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\teoma\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{8EC2B412-F38B-4608-9209-048AC9FAA9EB}D:\games\overwatch\_retail_\overwatch.exe] => (Allow) D:\games\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [TCP Query User{C4217DEC-8E70-47BF-8F55-66FF961FA52A}D:\games\overwatch\_retail_\overwatch.exe] => (Allow) D:\games\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [UDP Query User{0AF2ADD7-B8CD-412B-9287-6D51926B684B}C:\games\heroes of the storm\versions\base76517\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base76517\heroesofthestorm_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [TCP Query User{89C7BD02-71D5-4AC4-B625-54E45C613D94}C:\games\heroes of the storm\versions\base76517\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base76517\heroesofthestorm_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [TCP Query User{D29587EE-D563-470D-9711-7A55E7C3CB54}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [UDP Query User{49D12431-064D-4B7A-8933-00C410DCB31A}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [TCP Query User{83A73F78-CFCD-4620-B3AC-CDD822D77F22}C:\windows\syswow64\lxedcoms.exe] => (Allow) C:\windows\syswow64\lxedcoms.exe (Lexmark International, Inc. -> )
FirewallRules: [UDP Query User{6D3B212F-C329-4599-BA3C-8BC28F160680}C:\windows\syswow64\lxedcoms.exe] => (Allow) C:\windows\syswow64\lxedcoms.exe (Lexmark International, Inc. -> )
FirewallRules: [{A8A0362E-9D05-4BEE-BE5E-9E845A397458}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{FC035CB8-BD5C-4D4A-843D-51919EDE8B3E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{0E50B1D5-6BA6-4232-B1DC-2B14BB01A6FA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{AC052B72-33DD-480B-9C41-7D64A44C1F5D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{183E28D9-2EA0-490F-8637-B9A67236D978}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [TCP Query User{3A4858B8-F445-4548-9CCF-C7EFD35DA9A2}D:\games\heroes of the storm\versions\base65285\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base65285\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{ADC3EA85-9A9E-4E02-9BAE-03828735FEF5}D:\games\heroes of the storm\versions\base65285\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base65285\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{255D4009-A016-439B-A081-540C2A962172}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe (Deluge Team) [File not signed]
FirewallRules: [UDP Query User{A25BE26F-ED05-4B0C-932E-78031BB8BF02}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe (Deluge Team) [File not signed]
FirewallRules: [TCP Query User{8F787AF0-219E-4D90-B326-1A8D8FF8684C}D:\games\heroes of the storm\versions\base65617\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base65617\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{1177BF96-3C24-4569-AF0D-A72CFF9D145C}D:\games\heroes of the storm\versions\base65617\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base65617\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{0D3EEA03-CD61-4395-BEB6-01AFCF395B72}D:\games\heroes of the storm\versions\base65943\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base65943\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{9240575D-F529-40D9-A3CB-D2931A669A48}D:\games\heroes of the storm\versions\base65943\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base65943\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{5794FF2D-83F7-4468-BB57-7003AD123319}D:\games\heroes of the storm\versions\base66182\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base66182\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{F079DE4A-B283-4A2F-BBE9-78ED34FA5583}D:\games\heroes of the storm\versions\base66182\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base66182\heroesofthestorm_x64.exe => No File
FirewallRules: [{49B04070-CD0B-457A-AE96-51D645BEC429}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{B9FA2E9A-447C-4220-ADA3-2A2BB1C08B04}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{8E8D585A-43DC-464A-AAC9-BBB673A5B3FE}D:\games\world of warcraft beta\utils\wowvoiceproxyt.exe] => (Allow) D:\games\world of warcraft beta\utils\wowvoiceproxyt.exe => No File
FirewallRules: [UDP Query User{35FADEEF-56F1-4DEC-B49C-4F1BE527A2BB}D:\games\world of warcraft beta\utils\wowvoiceproxyt.exe] => (Allow) D:\games\world of warcraft beta\utils\wowvoiceproxyt.exe => No File
FirewallRules: [{50A30142-6C94-4C6F-B08C-A1E9B96F4651}] => (Allow) C:\Program Files (x86)\Canon\EOS Utility\EOSUPNPSV.exe (Canon Inc. -> CANON INC.)
FirewallRules: [{7BBE35F1-5A16-4720-965D-7F9912772042}] => (Allow) C:\Program Files (x86)\Canon\EOS Utility\EOSUPNPSV.exe (Canon Inc. -> CANON INC.)
FirewallRules: [TCP Query User{B3BF9F27-520F-4052-87C2-08EC07D5C4DD}D:\games\divinity - original sin 2\bin\eocapp.exe] => (Allow) D:\games\divinity - original sin 2\bin\eocapp.exe => No File
FirewallRules: [UDP Query User{675B0F7A-34C8-4F87-B2FA-E8DCE31854BC}D:\games\divinity - original sin 2\bin\eocapp.exe] => (Allow) D:\games\divinity - original sin 2\bin\eocapp.exe => No File
FirewallRules: [TCP Query User{E81ECECE-4760-445C-82C4-0E708E3ADEBE}D:\games\heroes of the storm\versions\base66488\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base66488\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{3C8DCA0B-4486-4D16-B6C9-C787E8D17678}D:\games\heroes of the storm\versions\base66488\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base66488\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{545488A9-7CBE-4FD9-9A72-ABE42D02F559}D:\games\heroes of the storm\versions\base66810\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base66810\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{12B50A14-BB17-4BC6-9B40-47E140286EC9}D:\games\heroes of the storm\versions\base66810\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base66810\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{E3A18A35-B5A5-4615-82E7-C3AB6B25ED8E}D:\games\heroes of the storm\versions\base66946\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base66946\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{2BCDE13F-7CA4-4686-8D00-F8B1EBC577B0}D:\games\heroes of the storm\versions\base66946\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base66946\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{AFFBE46A-758A-43B8-A1BA-ED9FA184A76A}D:\games\world of warcraft\utils\wowvoiceproxy.exe] => (Allow) D:\games\world of warcraft\utils\wowvoiceproxy.exe => No File
FirewallRules: [UDP Query User{4D6A9F60-30C5-44B9-B00E-D0BD4449DA04}D:\games\world of warcraft\utils\wowvoiceproxy.exe] => (Allow) D:\games\world of warcraft\utils\wowvoiceproxy.exe => No File
FirewallRules: [{31ED1977-C077-4353-BC2E-C76907A10AE4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{45761400-B135-4E32-A77E-E7A081DA9B7C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{3EEF685F-0257-4750-8AF4-B9CC764E7F92}D:\games\heroes of the storm\versions\base67621\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base67621\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{462407FA-A094-4041-81A5-3DCD3790DC1B}D:\games\heroes of the storm\versions\base67621\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base67621\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{4FCB99FD-1467-404F-9E5F-A26F4B92F778}D:\games\heroes of the storm\versions\base69264\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base69264\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{DE6C33E7-3F6C-4679-9076-E13E9E4865B0}D:\games\heroes of the storm\versions\base69264\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base69264\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{50CD4065-0D5F-4718-B4C6-514D65A98E65}D:\games\heroes of the storm\versions\base69350\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base69350\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{5A6F66F8-36F3-4EEA-89D4-9F09C0450917}D:\games\heroes of the storm\versions\base69350\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base69350\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{1F6EFF96-152A-4188-890A-A389272A728C}D:\games\overwatch\overwatch.exe] => (Allow) D:\games\overwatch\overwatch.exe => No File
FirewallRules: [UDP Query User{25AB86A2-5338-49CC-87E8-0B5D24812985}D:\games\overwatch\overwatch.exe] => (Allow) D:\games\overwatch\overwatch.exe => No File
FirewallRules: [TCP Query User{36630D7B-0D3D-40D5-9115-D10FC4C1E878}D:\games\heroes of the storm\versions\base69790\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base69790\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{298E5AC9-4D16-44F6-93F9-252968E419EA}D:\games\heroes of the storm\versions\base69790\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base69790\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{711DF480-9E9A-42F5-85DC-A4A1BA4EDB0B}C:\games\heroes of the storm\versions\base70200\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base70200\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{ED525494-42F1-400E-A5A6-C7985F788C8A}C:\games\heroes of the storm\versions\base70200\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base70200\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{F263701D-242B-4349-8536-FDB77D274CA2}C:\games\heroes of the storm\versions\base70616\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base70616\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{6429BE13-A784-4B6B-B65D-F9F6FD91F243}C:\games\heroes of the storm\versions\base70616\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base70616\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{940243A0-A7A6-40E1-B195-86528D689BE0}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [UDP Query User{A9452534-4620-4148-8353-7D2C628F8C80}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [TCP Query User{C42CF58D-260C-4F0A-A1BA-9E1A9EDDBF66}C:\windows\syswow64\lxedcoms.exe] => (Allow) C:\windows\syswow64\lxedcoms.exe (Lexmark International, Inc. -> )
FirewallRules: [UDP Query User{DD470AB3-1760-4799-9A10-5203CF48C5E7}C:\windows\syswow64\lxedcoms.exe] => (Allow) C:\windows\syswow64\lxedcoms.exe (Lexmark International, Inc. -> )
FirewallRules: [TCP Query User{DE636A1E-C7E0-4BB0-9327-B9B922E19E67}C:\games\heroes of the storm\versions\base70920\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base70920\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{78DFDEBC-4ABF-4846-83D6-F133EF7243E7}C:\games\heroes of the storm\versions\base70920\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base70920\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{3F9533A9-474D-4679-A86A-36C2C4E884C8}C:\games\heroes of the storm\versions\base71040\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base71040\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{F32C8D50-553D-4FCB-8C0D-756731FF856F}C:\games\heroes of the storm\versions\base71040\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base71040\heroesofthestorm_x64.exe => No File
FirewallRules: [{FE732C8B-B2D9-430B-970D-72F299ECF9FC}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe => No File
FirewallRules: [{8237ACA2-B078-4C2A-9067-B28A25BD01B0}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe => No File
FirewallRules: [TCP Query User{103520C0-1ADB-487D-B744-929A53FB0CF2}C:\games\heroes of the storm\versions\base71138\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base71138\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{E7D2A6CD-C622-42D4-91DA-EE3C43CF87E3}C:\games\heroes of the storm\versions\base71138\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base71138\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{05DAE344-0641-48D7-98BE-1919FE02AF10}C:\games\heroes of the storm\versions\base71449\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base71449\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{75286235-7454-4241-9B62-E04DABB7D4A4}C:\games\heroes of the storm\versions\base71449\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base71449\heroesofthestorm_x64.exe => No File
FirewallRules: [{F0AEC9E0-E2F3-4381-BD18-50C6575796E8}] => (Allow) C:\Users\teoma\Downloads\bin\BlackDesert32.exe => No File
FirewallRules: [{202FE9D4-E373-4603-BA3A-464A04DD8EA2}] => (Allow) C:\Users\teoma\Downloads\bin64\BlackDesert64.exe => No File
FirewallRules: [{DE178B6F-C1C7-46A7-97BB-7BE94B5E4E76}] => (Allow) C:\Users\teoma\Downloads\BlackDesert_Launcher.exe => No File
FirewallRules: [{4D879AE0-DC78-4971-B348-D84CD0549F9D}] => (Allow) C:\Users\teoma\Downloads\BlackDesert_Downloader.exe => No File
FirewallRules: [TCP Query User{BF2266A3-7BD0-469C-A963-31A56D9DC3F7}C:\games\heroes of the storm\versions\base71652\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base71652\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{F831400F-B541-41FB-B0C7-C2B25AA584DC}C:\games\heroes of the storm\versions\base71652\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base71652\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{9EE6CF4C-5309-4654-816D-2C407DC8E9FA}D:\games\bin64\blackdesert64.exe] => (Allow) D:\games\bin64\blackdesert64.exe => No File
FirewallRules: [UDP Query User{4304065C-9D9D-48D4-906A-450230C70E15}D:\games\bin64\blackdesert64.exe] => (Allow) D:\games\bin64\blackdesert64.exe => No File
FirewallRules: [TCP Query User{856536E2-FB37-4ABD-ABD8-4D0C127338C6}C:\games\heroes of the storm\versions\base71931\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base71931\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{8723CFED-9728-4FE0-BA8D-B53D1046DFD2}C:\games\heroes of the storm\versions\base71931\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base71931\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{7E936630-39E0-49DF-8988-20EAB64D0B6C}C:\games\heroes of the storm\versions\base72191\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base72191\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{5D3B3690-85CD-4D8D-BDDE-3CCA4DAE1CAD}C:\games\heroes of the storm\versions\base72191\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base72191\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{55C79DE7-2572-47A1-9FE6-2DCCD8E72660}C:\games\heroes of the storm\versions\base72307\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base72307\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{F56FB1AB-24FE-48A8-9E5B-7AB804B0F533}C:\games\heroes of the storm\versions\base72307\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base72307\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{3EC88AE5-B5D6-4E04-A946-F2558B439797}C:\games\heroes of the storm\versions\base72481\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base72481\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{9BEE941D-662A-4A20-8041-DFBB9D14BA6A}C:\games\heroes of the storm\versions\base72481\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base72481\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{E2A81271-E397-4849-BAA9-D0593AAB3F83}C:\games\heroes of the storm\versions\base72649\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base72649\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{80DDFB63-9068-415F-B1FC-4180B9D8DC5B}C:\games\heroes of the storm\versions\base72649\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base72649\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{AEBA9510-A3B2-4FE4-B8AF-6B28D91CD124}D:\games\diablo iii\x64\diablo iii64.exe] => (Allow) D:\games\diablo iii\x64\diablo iii64.exe => No File
FirewallRules: [UDP Query User{A8815416-D1BC-4E21-91A3-5A0444E31545}D:\games\diablo iii\x64\diablo iii64.exe] => (Allow) D:\games\diablo iii\x64\diablo iii64.exe => No File
FirewallRules: [TCP Query User{60433EE7-0B95-4607-A51E-FA41EEEFC2B5}C:\games\heroes of the storm\versions\base73016\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base73016\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{EEDF050A-9E4D-40E1-B604-7FD66D2DEB7B}C:\games\heroes of the storm\versions\base73016\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base73016\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{C4E088FC-0410-490C-8343-602E51DFD7D7}C:\games\heroes of the storm\versions\base73493\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base73493\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{862C4AB4-D193-4B8E-ABBF-FE651F7344EB}C:\games\heroes of the storm\versions\base73493\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base73493\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{5D8EE2DB-B108-4374-AAE5-72871D8D0D07}C:\games\heroes of the storm\versions\base73662\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base73662\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{CB6375BF-E790-4CFB-BE58-C461BA4DA450}C:\games\heroes of the storm\versions\base73662\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base73662\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{076F4557-A084-48D7-8899-FCCDCBD58514}C:\games\heroes of the storm\versions\base74238\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base74238\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{EFB32C58-70AC-4407-B853-5273CE951252}C:\games\heroes of the storm\versions\base74238\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base74238\heroesofthestorm_x64.exe => No File
FirewallRules: [{A7029995-7EA2-401A-ABBF-5996650B21FB}] => (Allow) C:\Users\teoma\Downloads\bin\BlackDesert32.exe => No File
FirewallRules: [{D35CAB36-08F5-4388-9A15-D8651B56E3FB}] => (Allow) C:\Users\teoma\Downloads\bin64\BlackDesert64.exe => No File
FirewallRules: [{A20A2A23-9197-44FD-9FD1-C028A3F70CF8}] => (Allow) C:\Users\teoma\Downloads\BlackDesert_Launcher.exe => No File
FirewallRules: [{A823534C-735A-4BA5-96A6-62DDED5F6696}] => (Allow) C:\Users\teoma\Downloads\BlackDesert_Downloader.exe => No File
FirewallRules: [TCP Query User{E6336EA1-54B6-4CEE-BE04-B93A25B4B84F}C:\games\heroes of the storm\versions\base74739\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base74739\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{AA910D20-166C-42A3-8967-BA3F7467B09F}C:\games\heroes of the storm\versions\base74739\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base74739\heroesofthestorm_x64.exe => No File
FirewallRules: [{AD56438E-8862-49AF-90C0-D6F4C66A4825}] => (Allow) C:\Users\teoma\Downloads\bin\BlackDesert32.exe => No File
FirewallRules: [{81C321BE-AEA0-4D0B-9C92-99D1E0EEA76C}] => (Allow) C:\Users\teoma\Downloads\bin64\BlackDesert64.exe => No File
FirewallRules: [{45E0D832-D186-4B99-BD05-784E2D7B1922}] => (Allow) C:\Users\teoma\Downloads\BlackDesert_Launcher.exe => No File
FirewallRules: [{5D60FA97-2934-4E78-B69A-805C305C53FA}] => (Allow) C:\Users\teoma\Downloads\BlackDesert_Downloader.exe => No File
FirewallRules: [{91F7D470-1215-48ED-AEF8-10B9B8FA85FC}] => (Allow) C:\Users\teoma\Downloads\bin\BlackDesert32.exe => No File
FirewallRules: [{EF6438B1-B50F-46A0-808E-BC2BE598ACF1}] => (Allow) C:\Users\teoma\Downloads\bin64\BlackDesert64.exe => No File
FirewallRules: [{5ECA5F64-D722-4C95-95F3-0F8BA06E9843}] => (Allow) C:\Users\teoma\Downloads\BlackDesert_Launcher.exe => No File
FirewallRules: [{1FBAC97E-4774-4000-A237-632081F8D5BE}] => (Allow) C:\Users\teoma\Downloads\BlackDesert_Downloader.exe => No File
FirewallRules: [TCP Query User{DE4B5B13-7DB5-4354-A9A9-07360AAC7481}C:\games\heroes of the storm\versions\base75132\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base75132\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{4BA7DE15-A9D3-4FE9-8792-E5423448DDC2}C:\games\heroes of the storm\versions\base75132\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base75132\heroesofthestorm_x64.exe => No File
FirewallRules: [{1ABFDCBA-E9B1-4692-BACD-A86310BAA5D4}] => (Allow) D:\Games\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe => No File
FirewallRules: [{22423081-35BA-416C-A78E-50095CA99372}] => (Allow) D:\Games\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe => No File
FirewallRules: [TCP Query User{9DCB9F9A-296A-4224-AE35-70FBF595A777}C:\games\heroes of the storm\versions\base75132\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base75132\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{69750788-BAFA-4694-9F5E-D50B3FBDD54C}C:\games\heroes of the storm\versions\base75132\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base75132\heroesofthestorm_x64.exe => No File
FirewallRules: [{057A1437-C34F-474D-8198-F06135EC36EE}] => (Allow) D:\Games\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe => No File
FirewallRules: [{7725C709-0BE8-4461-BA68-FF054EBE0FCC}] => (Allow) D:\Games\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe => No File
FirewallRules: [TCP Query User{E47F2B3A-895D-4C02-9923-01A8C93329FF}D:\games\world of warcraft\_retail_\utils\wowvoiceproxy.exe] => (Allow) D:\games\world of warcraft\_retail_\utils\wowvoiceproxy.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{15C71ED4-EFA7-48D2-BAF9-7EC2E3CEAF63}D:\games\world of warcraft\_retail_\utils\wowvoiceproxy.exe] => (Allow) D:\games\world of warcraft\_retail_\utils\wowvoiceproxy.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{46AF696A-DED0-416F-9D3A-32920B052377}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe (Deluge Team) [File not signed]
FirewallRules: [UDP Query User{501917EA-05DC-4F0D-ADC3-98174DCC001C}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe (Deluge Team) [File not signed]
FirewallRules: [TCP Query User{F4C7BEF9-EBAB-49B2-AB0F-5D9656B1B07D}C:\games\heroes of the storm\versions\base75589\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base75589\heroesofthestorm_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [UDP Query User{DB930E19-761F-420D-9199-416C392E223D}C:\games\heroes of the storm\versions\base75589\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base75589\heroesofthestorm_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [TCP Query User{8E95B2D2-EEB2-404B-82DE-53DD33289641}D:\games\world of warcraft\_classic_\utils\wowvoiceproxy.exe] => (Allow) D:\games\world of warcraft\_classic_\utils\wowvoiceproxy.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{0BBC5F17-1056-4C53-8837-CE3D63E3D1EF}D:\games\world of warcraft\_classic_\utils\wowvoiceproxy.exe] => (Allow) D:\games\world of warcraft\_classic_\utils\wowvoiceproxy.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{27C74D22-B2C7-41EF-8AF0-688A8BE8E8D1}C:\games\heroes of the storm\versions\base75792\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base75792\heroesofthestorm_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [UDP Query User{C1E1E3A4-42C0-498A-8D6D-DA38F52A24E8}C:\games\heroes of the storm\versions\base75792\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base75792\heroesofthestorm_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [TCP Query User{8FE11DAC-116F-4314-9341-065071C1A63A}C:\games\heroes of the storm\versions\base76003\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base76003\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{48A25CFE-6FB6-4BB6-B404-237CCE77C9FB}C:\games\heroes of the storm\versions\base76003\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base76003\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{452F417B-A6B6-408B-BA6A-0181F48B1EEF}C:\games\heroes of the storm\versions\base76124\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base76124\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{87494B99-EB31-45BC-98B7-13FBE94E5F5E}C:\games\heroes of the storm\versions\base76124\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base76124\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{2D81DBA1-AC5F-44F6-BD52-568A8440F85C}C:\games\heroes of the storm\versions\base76389\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base76389\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{47E5D00E-BBB1-4DA1-9B4E-1A4C70A207F3}C:\games\heroes of the storm\versions\base76389\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base76389\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{4E04AA4B-C65A-41C3-B5DC-B5FB125D0ACF}C:\games\heroes of the storm\versions\base76437\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base76437\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{B77F5CCF-C4DF-4B15-82DF-C4D1FD6046FC}C:\games\heroes of the storm\versions\base76437\heroesofthestorm_x64.exe] => (Allow) C:\games\heroes of the storm\versions\base76437\heroesofthestorm_x64.exe => No File
FirewallRules: [{07868C07-EBE1-41CB-B1CF-0B6E72D24DB6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{B26F357B-D058-4C39-8860-2C345BA864EC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4DBF8E8C-9A96-4766-A524-DD3DBAE7F65D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{FF449488-9FD2-4D32-8A5A-76D3276A1296}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{ECDB59EE-2246-4E63-B929-E1FD2D8DAA6A}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{04E19012-260A-43DA-B827-A2FC4FB9E510}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (Avast Software s.r.o. -> AVAST Software)
 

TeodoraM

Posts: 8   +0
==================== Restore Points =========================

25-02-2021 08:37:22 Windows Modules Installer

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (02/26/2021 06:21:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamtray.exe, version: 4.0.0.897, time stamp: 0x6019d411
Faulting module name: Qt5Core.dll, version: 5.14.1.0, time stamp: 0x5f84e8d4
Exception code: 0xc0000005
Fault offset: 0x0000000000219dc5
Faulting process id: 0xc40
Faulting application start time: 0x01d70bf663d1edf6
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: f545d2fd-ca79-4bed-b5a8-2baaf3c4db44
Faulting package full name:
Faulting package-relative application ID:

Error: (02/24/2021 09:15:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.19041.804, time stamp: 0x985b4154
Faulting module name: RenderAPO.dll, version: 8.90.101.0, time stamp: 0x584a1932
Exception code: 0xc0000409
Fault offset: 0x00000000000c93e7
Faulting process id: 0x4bb8
Faulting application start time: 0x01d70ae164adc08b
Faulting application path: C:\WINDOWS\system32\AUDIODG.EXE
Faulting module path: C:\WINDOWS\system32\RenderAPO.dll
Report Id: ec9c0a1c-3664-48af-b230-62b8d906b921
Faulting package full name:
Faulting package-relative application ID:

Error: (02/24/2021 09:15:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.19041.804, time stamp: 0x985b4154
Faulting module name: RenderAPO.dll, version: 8.90.101.0, time stamp: 0x584a1932
Exception code: 0xc0000409
Fault offset: 0x00000000000c93e7
Faulting process id: 0x36e8
Faulting application start time: 0x01d70a095dab4c2c
Faulting application path: C:\WINDOWS\system32\AUDIODG.EXE
Faulting module path: C:\WINDOWS\system32\RenderAPO.dll
Report Id: d41b2843-02af-4334-a01d-c7ac25da9954
Faulting package full name:
Faulting package-relative application ID:

Error: (02/24/2021 09:10:08 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (02/24/2021 09:07:16 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (02/23/2021 05:12:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchApp.exe, version: 10.0.19041.546, time stamp: 0xc404ae05
Faulting module name: ConstraintIndex.Search.dll, version: 10.0.19041.746, time stamp: 0xd439ca93
Exception code: 0xc0000005
Fault offset: 0x000000000003f170
Faulting process id: 0x2b40
Faulting application start time: 0x01d709f64bd10f07
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Faulting module path: C:\Windows\System32\ConstraintIndex.Search.dll
Report Id: 222fb9b5-4756-4766-8c6f-2b28c25626a0
Faulting package full name: Microsoft.Windows.Search_1.14.0.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (02/23/2021 05:12:34 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (02/23/2021 05:11:28 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider IntelWLANEventProvider attempted to register query "select * from CIntelQosEvent" whose target class "CIntelQosEvent" in //./ROOT/default namespace does not exist. The query will be ignored.


System errors:
=============
Error: (02/26/2021 08:55:19 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Xerox - Extension - 7.208.0.0.

Error: (02/25/2021 06:52:35 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Xerox - Extension - 7.208.0.0.

Error: (02/25/2021 04:53:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The lxedCATSCustConnectService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (02/25/2021 04:53:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the lxedCATSCustConnectService service to connect.

Error: (02/25/2021 04:51:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The lxedCATSCustConnectService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (02/25/2021 04:51:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the lxedCATSCustConnectService service to connect.

Error: (02/25/2021 11:57:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.

Error: (02/25/2021 11:57:56 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The NVIDIA LocalSystem Container service terminated with the following error:
A generic command executable returned a result that indicates failure.


Windows Defender:
================
Date: 2021-02-25 12:22:03
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-02-25 12:11:49
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-02-25 11:10:21
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-02-25 08:54:13
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===============
Date: 2021-02-26 15:15:16
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files\Avast Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2021-02-26 14:59:34
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe) attempted to load \Device\HarddiskVolume5\Program Files\Avast Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2021-02-26 14:47:35
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume5\Program Files\Avast Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. 0505 11/08/2016
Motherboard: ASUSTeK COMPUTER INC. STRIX Z270H GAMING
Processor: Intel(R) Core(TM) i7-7700 CPU @ 3.60GHz
Percentage of memory in use: 43%
Total physical RAM: 32698.68 MB
Available physical RAM: 18502.18 MB
Total Virtual: 37562.68 MB
Available Virtual: 16929.86 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:237.91 GB) (Free:14.7 GB) NTFS
Drive d: (DATA) (Fixed) (Total:237.91 GB) (Free:30.23 GB) NTFS
Drive z: (FancyDrive) (Fixed) (Total:931.5 GB) (Free:733.12 GB) NTFS

\\?\Volume{e359757b-6408-4905-a646-cfe23036613c}\ (Recovery) (Fixed) (Total:1 GB) (Free:0.57 GB) NTFS
\\?\Volume{2a07ef4d-38c3-4ecd-8e2d-eda5078b29a7}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 86E5C0D1)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================
 

Broni

Posts: 55,721   +501
There you go :)

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 
Status
Not open for further replies.