Jump to content

I think i might have a virus on my pc.


Go to solution Solved by kevinf80,

Recommended Posts

Hello.

My brother installed some program and run it with admin privileges, after that I tried to uninstall the file but it said I cant do that without admin privileges which I had. After few minutes the file disappeared. I don't know if it is a virus but I would like to get some help and someone to tell me what to do. I have bitdefender on my pc but when I try to scan it scans for 5 min and then just stops, usually it takes about 45 min to complete the scan.
Anything I can do to make sure I don't have any viruses on my pc?

Thanks.

Link to post
Share on other sites

Hello staide and welcome to Malwarebytes,

Continue with the following:

If you do not have Malwarebytes installed do the following:

Download Malwarebytes version 4 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts.

When the install completes or Malwarebytes is already installed do the following:

Open Malwarebytes, select > small cog wheel top right hand corner, that will open "settings" from there select "Security" tab.

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Close out the settings window, this will take you back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:
 
  • Click on the Detection History tab > from main interface.
  • Then click on "History" that will open to a historical list
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status... If English is not your primary language Right click on FRST/FRST64 and rename FRSTEnglish/FRST64English

 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your reply...

Thank you,

Kevin....
Link to post
Share on other sites

Hello Kevin.

Thank you for your help I appreciate your guidance.

 

Here are all the logs:

______________________________________________________________________________________________________________________________________

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/20/21
Scan Time: 9:59 PM
Log File: f343a8a6-a212-11eb-9591-b42e990cdf0d.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1251
Update Package Version: 1.0.39639
License: Trial

-System Information-
OS: Windows 10 (Build 19042.928)
CPU: x64
File System: NTFS
User: DESKTOP-R4LF066\kavoo

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 319259
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 3 min, 31 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
PUP.Optional.InstallCore, HKU\S-1-5-21-3288830602-4078900590-3289903987-1001\SOFTWARE\CSASTATS\ic, Quarantined, 512, 586068, 1.0.39639, , ame, , , 

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 


 

Link to post
Share on other sites


# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build:    03-22-2021
# Database: 2021-04-20.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    04-20-2021
# Duration: 00:00:00
# OS:       Windows 10 Home
# Cleaned:  2
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\csastats

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted       Preinstalled.HPTouchSmart   File   C:\Users\kavoo\Desktop\Netflix.lnk


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1463 octets] - [20/04/2021 22:11:41]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

FRST.txt
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-04-2021
Ran by kavoo (administrator) on DESKTOP-R4LF066 (Gigabyte Technology Co., Ltd. B360M-DS3H) (20-04-2021 22:15:21)
Running from C:\Users\kavoo\Desktop
Loaded Profiles: kavoo
Platform: Windows 10 Home Version 20H2 19042.928 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdagent.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdredline.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsserv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe
(EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7d91b2ed40558a26\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [856288 2019-10-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [353400 2021-03-26] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646776 2020-03-12] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [RazerCortex] => D:\Razer cortex\Razer Cortex\CortexLauncher.exe [267056 2021-01-14] (Razer USA Ltd. -> Razer Inc.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226728 2019-07-22] (Kilonova LLC -> )
HKLM-x32\...\Run: [ExpressVPNNotificationService] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe [370032 2021-04-07] (EXPRSVPN LLC -> ExpressVPN)
HKU\S-1-5-21-3288830602-4078900590-3289903987-1001\...\Run: [EpicGamesLauncher] => D:\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [33001952 2021-04-16] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3288830602-4078900590-3289903987-1001\...\Run: [Discord] => C:\Users\kavoo\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-3288830602-4078900590-3289903987-1001\...\Run: [FACEIT] => C:\Users\kavoo\AppData\Local\FACEITApp\update.exe [2204984 2020-12-18] (FACE IT LIMITED -> )
HKU\S-1-5-21-3288830602-4078900590-3289903987-1001\...\Run: [Overwolf] => D:\forge\Overwolf\OverwolfLauncher.exe [1747288 2021-03-18] (Overwolf Ltd -> Overwolf Ltd.)
HKU\S-1-5-21-3288830602-4078900590-3289903987-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.128\Installer\chrmstp.exe [2021-04-15] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0898F057-C5CA-4C30-AF32-5AF2AFD15D0A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905584 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {18B0A3C2-F682-495A-9384-761CE4CACAB2} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [888232 2021-01-29] (Bitdefender SRL -> Bitdefender)
Task: {19DC63CB-453A-4FA3-B674-61003233274C} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [645488 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1AEBD4A2-F823-4B51-8D02-0668B9C62483} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {577EF8C3-1FD7-48A7-8A59-3D1F3EF78CE0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-06-01] (Google LLC -> Google LLC)
Task: {58311F0C-2FBA-482C-A000-F0C969BDA46D} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5C1D3A08-2F5F-438E-8ADB-A148295CF3EC} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {6AA1B7DA-994E-48CA-A149-9C96806B2DF3} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7397F9CA-311E-4D18-B0CA-2233E0C93306} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\program files (x86)\microsoft visual studio\installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe [65440 2020-06-12] (Microsoft Corporation -> Microsoft)
Task: {82B59CBB-5125-4F71-8FFE-947F8F59BBBF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8B729A8C-8549-4670-AA37-C08C832B3D01} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3336560 2021-04-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {91E14CA1-7003-4E9F-8502-B3EA8D960452} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-09-29] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {A5E56993-D1E2-4159-A504-1243312F6C61} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {B2B31135-6F8C-4AEE-A1AB-564396EEA41B} - System32\Tasks\ProtonVPN Update => D:\Vpn\ProtonVPN.UpdateService.exe [61760 2020-10-23] (ProtonVPN AG -> )
Task: {B3AAB51C-2456-4426-9F3A-12B74B408020} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B8FC3C4E-2BDB-4F0C-916D-0CE4B87D680A} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C685DD58-80BA-4E9B-902A-1BE683CB5492} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-06-01] (Google LLC -> Google LLC)
Task: {C8F9C6EF-E209-445C-9F22-BECA92AEECBF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CB29BBAB-E5E7-41DF-BC72-887B6E5A10E1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CECFB790-4040-4190-8617-72C8ABF10373} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905584 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D013DBBE-4115-4424-A96C-F819F2F5EC0C} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-09-29] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {E31AE267-40D6-4D74-8EEB-892D0AC42002} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864" /ENABLE
Task: {E31AE267-40D6-4D74-8EEB-892D0AC42002} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {E31AE267-40D6-4D74-8EEB-892D0AC42002} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {E31AE267-40D6-4D74-8EEB-892D0AC42002} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\Intel PTT EK Recertification" /ENABLE
Task: {E31AE267-40D6-4D74-8EEB-892D0AC42002} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore" /ENABLE
Task: {E31AE267-40D6-4D74-8EEB-892D0AC42002} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineUA" /ENABLE
Task: {E31AE267-40D6-4D74-8EEB-892D0AC42002} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {E31AE267-40D6-4D74-8EEB-892D0AC42002} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {E31AE267-40D6-4D74-8EEB-892D0AC42002} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {E31AE267-40D6-4D74-8EEB-892D0AC42002} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {E31AE267-40D6-4D74-8EEB-892D0AC42002} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {E31AE267-40D6-4D74-8EEB-892D0AC42002} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(12): schtasks.exe -> /Change /TN "\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {E31AE267-40D6-4D74-8EEB-892D0AC42002} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(13): schtasks.exe -> /Change /TN "\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {E31AE267-40D6-4D74-8EEB-892D0AC42002} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(14): schtasks.exe -> /Change /TN "\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {E31AE267-40D6-4D74-8EEB-892D0AC42002} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(15): schtasks.exe -> /Change /TN "\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {E31AE267-40D6-4D74-8EEB-892D0AC42002} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(16): schtasks.exe -> /Change /TN "\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {E31AE267-40D6-4D74-8EEB-892D0AC42002} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(17): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-3288830602-4078900590-3289903987-1001" /ENABLE
Task: {E31AE267-40D6-4D74-8EEB-892D0AC42002} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(18): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-3288830602-4078900590-3289903987-1003" /ENABLE
Task: {E31AE267-40D6-4D74-8EEB-892D0AC42002} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(19): schtasks.exe -> /Change /TN "\Overwolf Updater Task" /ENABLE
Task: {E31AE267-40D6-4D74-8EEB-892D0AC42002} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(20): schtasks.exe -> /Change /TN "\ProtonVPN Update" /ENABLE
Task: {E31AE267-40D6-4D74-8EEB-892D0AC42002} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(21): schtasks.exe -> /Change /TN "\update-S-1-5-21-3288830602-4078900590-3289903987-1001" /ENABLE
Task: {E31AE267-40D6-4D74-8EEB-892D0AC42002} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(22): schtasks.exe -> /Change /TN "\update-sys" /ENABLE
Task: {E31AE267-40D6-4D74-8EEB-892D0AC42002} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(23): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {E5BC44FE-2E1B-4727-86FB-459576BC2FDE} - System32\Tasks\Overwolf Updater Task => D:\forge\Overwolf\OverwolfUpdater.exe [2491736 2021-03-18] (Overwolf Ltd -> Overwolf LTD)
Task: {EEE11CA2-8D5D-4AC7-88A2-68D41DBA8FD8} - System32\Tasks\update-S-1-5-21-3288830602-4078900590-3289903987-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Intel PTT EK Recertification.job => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-3288830602-4078900590-3289903987-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{69baf071-995d-49b3-80e7-5466613bbce7}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{f20d3e77-6f1c-4c84-ad51-4eb7fce1e619}: [DhcpNameServer] 192.168.1.1

Edge: 
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\kavoo\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-20]

FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.251.2 -> D:\java\bin\dtplugin\npDeployJava1.dll [2020-06-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.251.2 -> D:\java\bin\plugin2\npjp2.dll [2020-06-15] (Oracle America, Inc. -> Oracle Corporation)

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\kavoo\AppData\Local\Google\Chrome\User Data\Default [2021-04-20]
CHR StartupUrls: Default -> "hxxp://websearch.coolsearches.info/?pid=3601&r=2015/03/26&hid=4975871964915997178&lg=EN&cc=HR&unqvl=85"
CHR Extension: (Slides) - C:\Users\kavoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-06-01]
CHR Extension: (Docs) - C:\Users\kavoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-06-01]
CHR Extension: (Google Drive) - C:\Users\kavoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (YouTube) - C:\Users\kavoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-06-01]
CHR Extension: (AutoDraw for skribbl.io) - C:\Users\kavoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpnefockcbbpkbahgkkacjmebfheacjb [2021-04-16]
CHR Extension: (Pushbullet) - C:\Users\kavoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2021-03-24]
CHR Extension: (Slither.io Skins, Mods, Hack & Guide) - C:\Users\kavoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dggomkijbihggjgcgdbnleolpleddaid [2020-06-01]
CHR Extension: (Tampermonkey) - C:\Users\kavoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2021-03-26]
CHR Extension: (Sheets) - C:\Users\kavoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-06-01]
CHR Extension: (Google Docs Offline) - C:\Users\kavoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-04-14]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\kavoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-04-12]
CHR Extension: (uVPN - Free and secure VPN for online privacy) - C:\Users\kavoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaoafpkngncfpfggjefnekilbkcpjdgp [2021-04-08]
CHR Extension: (MY AD FINDER) - C:\Users\kavoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdelodjlpgkjenhcongcfdcocmjgjbci [2021-04-19]
CHR Extension: (PowerPoint Online) - C:\Users\kavoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdafamggmaaaginooondinjgkgcbpnhp [2020-06-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\kavoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-02]
CHR Extension: (Skribbl Assistant) - C:\Users\kavoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohniohajdcaicipofiohnkejhmdjhile [2020-10-24]
CHR Extension: (Netflix Party is now Teleparty) - C:\Users\kavoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\oocalimimngaihdkbihfgmpkcpnmlaoa [2021-03-09]
CHR Extension: (Gmail) - C:\Users\kavoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\kavoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-13]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 bdredline; C:\Program Files\Bitdefender Antivirus Free\bdredline.exe [2461792 2019-03-27] (Bitdefender SRL -> Bitdefender)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8901968 2021-04-16] (BattlEye Innovations e.K. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [818304 2021-02-11] (EasyAntiCheat Oy -> Epic Games, Inc)
S2 ExpressVPNService; C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe [437104 2021-04-07] (EXPRSVPN LLC -> ExpressVPN)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [409456 2021-03-30] (NVIDIA Corporation -> NVIDIA)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-04-20] (Malwarebytes Inc -> Malwarebytes)
S3 OverwolfUpdater; D:\forge\Overwolf\OverwolfUpdater.exe [2491736 2021-03-18] (Overwolf Ltd -> Overwolf LTD)
S2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1358248 2021-01-29] (Bitdefender SRL -> Bitdefender)
S3 ProtonVPN Service; D:\Vpn\ProtonVPNService.exe [99136 2020-10-23] (ProtonVPN AG -> )
S3 ProtonVPN Update Service; D:\Vpn\ProtonVPN.UpdateService.exe [61760 2020-10-23] (ProtonVPN AG -> )
S2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [253776 2020-12-01] (Razer USA Ltd. -> Razer Inc)
S2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [533376 2020-12-09] (Razer USA Ltd. -> Razer Inc.)
S2 RzKLService; D:\Razer cortex\Razer Cortex\RzKLService.exe [291304 2021-01-14] (Razer USA Ltd. -> Razer Inc.)
S2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2020-06-26] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [935352 2020-06-26] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
S3 uncheater_bgl; C:\Program Files\Common Files\Uncheater\uncheater_bgl.exe [2097008 2021-04-14] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
R2 updatesrv; C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [236128 2020-11-26] (Bitdefender SRL -> Bitdefender)
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [10359000 2021-03-26] (Riot Games, Inc. -> Riot Games, Inc.)
R2 vsserv; C:\Program Files\Bitdefender Antivirus Free\vsserv.exe [559200 2021-04-02] (Bitdefender SRL -> Bitdefender)
R2 vsservppl; C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [240352 2020-11-26] (Bitdefender SRL -> Bitdefender)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [147392 2019-04-30] (Microsoft Corporation -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2103.7-0\NisSrv.exe [2624104 2021-04-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2103.7-0\MsMpEng.exe [128376 2021-04-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7d91b2ed40558a26\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7d91b2ed40558a26\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [2718744 2021-02-26] (Bitdefender SRL -> Bitdefender S.R.L. Bucharest, ROMANIA)
R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [802976 2020-12-04] (Bitdefender SRL -> Bitdefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [22976 2020-12-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
S3 edrsensor; C:\WINDOWS\System32\DRIVERS\edrsensor.sys [309120 2020-02-03] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [199128 2021-04-20] (Malwarebytes Inc -> Malwarebytes)
S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVPN\splittunnel\expressvpnsplittunnel.sys [37024 2021-04-07] (ExprsVPN LLC -> ExpressVPN)
R3 expressvpnwintun; C:\WINDOWS\System32\drivers\expressvpn-wintun.sys [46824 2021-04-07] (Express VPN International Ltd. -> ExpressVPN)
R1 Gemma; C:\WINDOWS\System32\DRIVERS\gemma.sys [488592 2021-02-16] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-04-20] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-04-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198248 2021-04-20] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-04-20] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-04-20] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [157944 2021-04-20] (Malwarebytes Inc -> Malwarebytes)
S3 ProtonVPNSplitTunnel; D:\Vpn\x64\Win10\ProtonVPN.SplitTunnelDriver.sys [31584 2020-08-19] (Microsoft Windows Hardware Compatibility Publisher -> Proton Technologies AG)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
S3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [52904 2021-04-07] (ExprsVPN LLC -> The OpenVPN Project)
S3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)
R3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [49008 2020-04-06] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R2 trufos; C:\WINDOWS\System32\drivers\trufos.sys [641728 2021-02-26] (Bitdefender SRL -> Bitdefender)
S3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [239432 2020-10-16] (Oracle Corporation -> Oracle Corporation)
S1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [6436768 2021-03-25] (Riot Games, Inc. -> Riot Games, Inc.)
R0 vlflt; C:\WINDOWS\System32\DRIVERS\vlflt.sys [386800 2020-10-20] (Bitdefender SRL -> Bitdefender)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-04-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [421088 2021-04-17] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72928 2021-04-17] (Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [74552 2021-04-19] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 MpKsle3bcee30; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{70240424-DD35-4AEA-B34F-0003CF8BC95C}\MpKslDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-20 22:15 - 2021-04-20 22:15 - 000029048 _____ C:\Users\kavoo\Desktop\FRST.txt
2021-04-20 22:14 - 2021-04-20 22:15 - 000001646 _____ C:\Users\kavoo\Desktop\Second scan.txt
2021-04-20 22:10 - 2021-04-20 22:15 - 000001386 _____ C:\Users\kavoo\Desktop\First Scan.txt
2021-04-20 22:09 - 2021-04-20 22:12 - 000000000 ____D C:\AdwCleaner
2021-04-20 22:09 - 2021-04-20 22:09 - 008534696 _____ (Malwarebytes) C:\Users\kavoo\Desktop\adwcleaner_8.2.exe
2021-04-20 22:08 - 2021-04-20 22:08 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-04-20 22:08 - 2021-04-20 22:08 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-04-20 22:08 - 2021-04-20 22:08 - 000198248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-04-20 22:08 - 2021-04-20 22:08 - 000157944 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-04-20 22:08 - 2021-04-20 22:08 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-04-20 22:08 - 2021-04-20 22:08 - 000000000 ____D C:\Users\kavoo\AppData\LocalLow\IGDump
2021-04-20 22:08 - 2021-04-20 19:21 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-04-20 19:22 - 2021-04-20 19:22 - 000000000 ____D C:\Users\kavoo\AppData\Local\mbam
2021-04-20 19:21 - 2021-04-20 22:08 - 000002041 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-04-20 19:21 - 2021-04-20 22:08 - 000002029 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-04-20 19:21 - 2021-04-20 22:08 - 000002029 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-04-20 19:21 - 2021-04-20 19:21 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-04-20 19:21 - 2021-04-20 19:21 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-04-20 19:21 - 2021-04-20 19:21 - 000000000 ____D C:\Program Files\Malwarebytes
2021-04-20 18:55 - 2021-04-20 18:55 - 002078632 _____ (Malwarebytes) C:\Users\kavoo\Desktop\MBSetup.exe
2021-04-20 13:44 - 2021-04-20 13:45 - 000000000 ____D C:\Users\kavoo\AppData\Local\ExpressVPN
2021-04-20 13:44 - 2021-04-20 13:44 - 000002338 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExpressVPN.lnk
2021-04-20 13:44 - 2021-04-20 13:44 - 000002168 _____ C:\Users\Public\Desktop\ExpressVPN.lnk
2021-04-20 13:44 - 2021-04-20 13:44 - 000002168 _____ C:\ProgramData\Desktop\ExpressVPN.lnk
2021-04-20 13:44 - 2021-04-20 13:44 - 000000000 ____D C:\ProgramData\ExpressVPN
2021-04-20 13:44 - 2021-04-20 13:44 - 000000000 ____D C:\Program Files (x86)\ExpressVPN
2021-04-20 12:30 - 2021-04-20 12:57 - 000000000 ____D C:\WINDOWS\ShellNew
2021-04-20 00:01 - 2021-04-20 22:15 - 000000000 ____D C:\FRST
2021-04-20 00:00 - 2021-04-20 00:00 - 002298368 _____ (Farbar) C:\Users\kavoo\Desktop\FRST64.exe
2021-04-19 18:08 - 2021-04-19 18:08 - 000000000 ____D C:\Users\kavoo\Desktop\ACLib
2021-04-19 13:42 - 2021-04-19 13:42 - 000000651 _____ C:\Users\Public\Desktop\Call of Duty Modern Warfare.lnk
2021-04-19 13:42 - 2021-04-19 13:42 - 000000651 _____ C:\ProgramData\Desktop\Call of Duty Modern Warfare.lnk
2021-04-19 05:28 - 2021-04-20 14:56 - 088342528 _____ C:\WINDOWS\system32\config\SOFTWARE
2021-04-19 04:59 - 2021-04-19 05:28 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2021-04-18 22:50 - 2021-04-18 23:45 - 000000000 ____D C:\Users\kavoo\Documents\Trackmania
2021-04-18 22:50 - 2021-04-18 23:45 - 000000000 ____D C:\ProgramData\Trackmania
2021-04-18 18:03 - 2021-04-18 18:04 - 000000000 ____D C:\Users\kavoo\AppData\Local\BariumApp
2021-04-17 23:43 - 2021-04-17 23:43 - 000000000 ____D C:\Users\kavoo\AppData\Local\AAR
2021-04-17 23:42 - 2021-04-17 23:42 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2021-04-17 22:35 - 2021-04-17 22:35 - 000087748 _____ C:\ProgramData\agent.update.1618691694.bdinstall.v2.bin
2021-04-17 22:34 - 2021-04-17 22:34 - 000001214 _____ C:\Users\kavoo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free.lnk
2021-04-17 22:34 - 2021-04-17 22:34 - 000000020 ___SH C:\Users\Mario\ntuser.ini
2021-04-17 22:34 - 2021-04-17 22:34 - 000000000 ____D C:\ProgramData\48C4687D-9760-4F5B-BAB3-60351B0841E4
2021-04-17 22:33 - 2021-04-17 22:33 - 000001229 _____ C:\Users\Public\Desktop\Bitdefender Antivirus Free.lnk
2021-04-17 22:33 - 2021-04-17 22:33 - 000001229 _____ C:\ProgramData\Desktop\Bitdefender Antivirus Free.lnk
2021-04-17 22:33 - 2021-04-17 22:33 - 000000000 ____D C:\ProgramData\Bitdefender
2021-04-17 22:33 - 2021-02-26 18:31 - 000641728 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\trufos.sys
2021-04-17 22:33 - 2021-02-26 13:40 - 002718744 _____ (Bitdefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\atc.sys
2021-04-17 22:33 - 2020-12-18 02:37 - 000022976 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
2021-04-17 22:33 - 2020-10-20 13:18 - 000386800 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\vlflt.sys
2021-04-17 22:33 - 2020-02-03 16:53 - 000309120 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\edrsensor.sys
2021-04-17 22:32 - 2021-04-20 22:13 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free
2021-04-17 22:32 - 2021-04-17 22:32 - 000003802 _____ C:\WINDOWS\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2021-04-17 22:32 - 2021-02-16 15:31 - 000488592 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\gemma.sys
2021-04-17 22:32 - 2020-12-04 15:15 - 000802976 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bddci.sys
2021-04-17 22:30 - 2021-04-17 22:35 - 000000000 ____D C:\Program Files\Bitdefender Agent
2021-04-17 22:30 - 2021-04-17 22:30 - 000122244 _____ C:\ProgramData\agent.1618691452.bdinstall.v2.bin
2021-04-17 20:06 - 2021-04-17 20:06 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2021-04-17 19:56 - 2020-10-03 02:33 - 000835472 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2021-04-17 19:56 - 2020-10-03 02:33 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2021-04-17 12:06 - 2021-04-17 12:06 - 000000000 ____D C:\WINDOWS\system32\lxss
2021-04-17 11:58 - 2021-04-13 09:23 - 001855208 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-04-17 11:58 - 2021-04-13 09:23 - 001855208 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-04-17 11:58 - 2021-04-13 09:23 - 001452320 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-04-17 11:58 - 2021-04-13 09:23 - 001435880 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-04-17 11:58 - 2021-04-13 09:23 - 001435880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-04-17 11:58 - 2021-04-13 09:23 - 001191712 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-04-17 11:58 - 2021-04-13 09:23 - 001094888 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-04-17 11:58 - 2021-04-13 09:23 - 001094888 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-04-17 11:58 - 2021-04-13 09:23 - 000948968 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-04-17 11:58 - 2021-04-13 09:23 - 000948968 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-04-17 11:58 - 2021-04-13 09:20 - 000715568 _____ C:\WINDOWS\system32\nvofapi64.dll
2021-04-17 11:58 - 2021-04-13 09:20 - 000675120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2021-04-17 11:58 - 2021-04-13 09:20 - 000626976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2021-04-17 11:58 - 2021-04-13 09:20 - 000575776 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2021-04-17 11:58 - 2021-04-13 09:19 - 002106136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2021-04-17 11:58 - 2021-04-13 09:19 - 001590560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2021-04-17 11:58 - 2021-04-13 09:19 - 001514800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2021-04-17 11:58 - 2021-04-13 09:19 - 001166112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2021-04-17 11:58 - 2021-04-13 09:19 - 000811800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2021-04-17 11:58 - 2021-04-13 09:19 - 000689952 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2021-04-17 11:58 - 2021-04-13 09:19 - 000656152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2021-04-17 11:58 - 2021-04-13 09:19 - 000564000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2021-04-17 11:58 - 2021-04-13 09:18 - 008317232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2021-04-17 11:58 - 2021-04-13 09:18 - 007434032 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2021-04-17 11:58 - 2021-04-13 09:18 - 004795184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2021-04-17 11:58 - 2021-04-13 09:18 - 002823472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2021-04-17 11:58 - 2021-04-13 09:18 - 000445728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2021-04-17 11:58 - 2021-04-13 09:16 - 000848664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2021-04-17 11:58 - 2021-04-13 09:15 - 007212232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2021-04-17 11:58 - 2021-04-13 09:15 - 006159160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2021-04-17 11:58 - 2021-04-13 02:03 - 000087164 _____ C:\WINDOWS\system32\nvinfo.pb
2021-04-17 11:53 - 2021-04-17 20:47 - 000003398 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-17 11:53 - 2021-04-17 20:47 - 000003196 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-17 11:53 - 2021-04-17 20:47 - 000003152 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-17 11:53 - 2021-04-17 20:47 - 000002984 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-17 11:53 - 2021-04-17 20:47 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-17 11:53 - 2021-04-17 20:47 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-17 11:53 - 2021-04-17 20:47 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-17 11:53 - 2021-04-17 20:47 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-17 11:53 - 2021-04-17 20:47 - 000002914 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-17 11:53 - 2021-04-17 20:47 - 000002744 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-17 11:53 - 2021-04-07 13:38 - 002817904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2021-04-17 11:52 - 2021-04-20 18:49 - 000008192 ___SH C:\DumpStack.log.tmp
2021-04-17 11:52 - 2021-04-17 11:52 - 000897012 _____ C:\WINDOWS\Minidump\041721-10875-01.dmp
2021-04-17 11:52 - 2021-04-17 11:52 - 000000000 ____D C:\WINDOWS\Minidump
2021-04-17 11:51 - 2020-08-14 09:59 - 000043416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\NvModuleTracker.sys
2021-04-16 20:17 - 2021-04-16 20:17 - 000000279 _____ C:\Users\kavoo\Desktop\Fortnite.url
2021-04-15 16:40 - 2021-04-20 18:56 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-04-15 16:37 - 2021-04-15 16:37 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-04-15 16:35 - 2021-04-20 18:49 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-04-15 16:35 - 2021-04-17 20:47 - 000003408 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-15 16:35 - 2021-04-17 20:47 - 000003346 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-04-15 16:35 - 2021-04-17 20:47 - 000003220 _____ C:\WINDOWS\system32\Tasks\Intel PTT EK Recertification
2021-04-15 16:35 - 2021-04-17 20:47 - 000003188 _____ C:\WINDOWS\system32\Tasks\Overwolf Updater Task
2021-04-15 16:35 - 2021-04-17 20:47 - 000003184 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-04-15 16:35 - 2021-04-17 20:47 - 000003122 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-04-15 16:35 - 2021-04-17 20:47 - 000003056 _____ C:\WINDOWS\system32\Tasks\update-S-1-5-21-3288830602-4078900590-3289903987-1001
2021-04-15 16:35 - 2021-04-17 20:47 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3288830602-4078900590-3289903987-1003
2021-04-15 16:35 - 2021-04-17 20:47 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3288830602-4078900590-3289903987-1001
2021-04-15 16:35 - 2021-04-17 20:47 - 000002800 _____ C:\WINDOWS\system32\Tasks\update-sys
2021-04-15 16:35 - 2021-04-17 20:47 - 000002742 _____ C:\WINDOWS\system32\Tasks\ProtonVPN Update
2021-04-15 16:35 - 2021-04-17 20:46 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2021-04-15 16:35 - 2021-04-15 16:35 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2021-04-15 16:35 - 2021-04-15 16:35 - 000011433 _____ C:\WINDOWS\diagerr.xml
2021-04-15 16:35 - 2021-04-15 16:35 - 000000020 ___SH C:\Users\kavoo\ntuser.ini
2021-04-15 16:35 - 2021-04-15 16:35 - 000000000 ____D C:\WINDOWS\system32\Tasks\S-1-5-21-3288830602-4078900590-3289903987-1001
2021-04-15 16:34 - 2021-04-15 16:34 - 000000368 ____H C:\WINDOWS\Tasks\Intel PTT EK Recertification.job
2021-04-15 16:31 - 2021-04-20 12:21 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-04-15 16:31 - 2021-04-15 16:31 - 000257824 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-04-15 16:30 - 2021-04-15 16:35 - 000000000 ____D C:\Windows.old
2021-04-15 14:10 - 2021-04-15 16:31 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2021-04-15 14:07 - 2021-04-19 13:47 - 000000000 ____D C:\Users\kavoo
2021-04-15 14:07 - 2021-04-17 22:34 - 000000000 ____D C:\Users\Mario
2021-04-15 14:07 - 2019-12-07 11:10 - 000001105 _____ C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-15 14:07 - 2019-12-07 11:10 - 000001105 _____ C:\Users\kavoo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-15 14:06 - 2021-04-15 14:09 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2021-04-15 14:04 - 2021-04-15 14:04 - 000000000 ____D C:\ProgramData\ssh
2021-04-15 14:03 - 2021-04-15 14:03 - 000020908 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2021-04-15 14:00 - 2021-04-15 14:00 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-04-15 14:00 - 2021-04-15 14:00 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-04-15 13:59 - 2021-04-15 13:59 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll
2021-04-15 13:59 - 2021-04-15 13:59 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-04-15 13:59 - 2021-04-15 13:59 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-04-15 13:59 - 2021-04-15 13:59 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-04-15 13:59 - 2021-04-15 13:59 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-04-15 13:59 - 2021-04-15 13:59 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll
2021-04-15 13:59 - 2021-04-15 13:59 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll
2021-04-15 13:59 - 2021-04-15 13:59 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll
2021-04-15 13:59 - 2021-04-15 13:59 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-04-15 13:59 - 2021-04-15 13:59 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-04-15 13:59 - 2021-04-15 13:59 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-04-15 13:59 - 2021-04-15 13:59 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-04-15 13:59 - 2021-04-15 13:59 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-04-15 13:59 - 2021-04-15 13:59 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-04-15 13:59 - 2021-04-15 13:59 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-04-15 13:59 - 2021-04-15 13:59 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-04-15 13:59 - 2021-04-15 13:59 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-04-15 13:59 - 2021-04-15 13:59 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax
2021-04-15 13:59 - 2021-04-15 13:59 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-04-15 13:59 - 2021-04-15 13:59 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-04-15 13:59 - 2021-04-15 13:59 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
2021-04-15 13:59 - 2021-04-15 13:59 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax
2021-04-15 13:59 - 2021-04-15 13:59 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-04-15 13:59 - 2021-04-15 13:59 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-04-15 13:59 - 2021-04-15 13:59 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-04-15 13:59 - 2021-04-15 13:59 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\activeds.tlb
2021-04-15 13:59 - 2021-04-15 13:59 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2021-04-15 13:59 - 2021-04-15 13:59 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-04-15 13:59 - 2021-04-15 13:59 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-04-15 13:59 - 2021-04-15 13:59 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-04-15 13:59 - 2021-04-15 13:59 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-04-15 13:59 - 2021-04-15 13:59 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-04-15 13:59 - 2021-04-15 13:59 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll
2021-04-15 13:59 - 2021-04-15 13:59 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-04-15 13:59 - 2021-04-15 13:59 - 000047472 _____ C:\WINDOWS\SysWOW64\umpdc.dll
2021-04-15 13:59 - 2021-04-15 13:59 - 000045880 _____ C:\WINDOWS\system32\HvSocket.dll
2021-04-15 13:59 - 2021-04-15 13:59 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2021-04-15 13:59 - 2021-04-15 13:59 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-04-15 13:58 - 2021-04-15 13:58 - 004898144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2021-04-15 13:58 - 2021-04-15 13:58 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-04-15 13:58 - 2021-04-15 13:58 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-04-15 13:58 - 2021-04-15 13:58 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-04-15 13:58 - 2021-04-15 13:58 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-04-15 13:58 - 2021-04-15 13:58 - 001394024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-04-15 13:58 - 2021-04-15 13:58 - 001354080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2021-04-15 13:58 - 2021-04-15 13:58 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-04-15 13:58 - 2021-04-15 13:58 - 001091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2021-04-15 13:58 - 2021-04-15 13:58 - 001032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2021-04-15 13:58 - 2021-04-15 13:58 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll
2021-04-15 13:58 - 2021-04-15 13:58 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-04-15 13:58 - 2021-04-15 13:58 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-04-15 13:58 - 2021-04-15 13:58 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-04-15 13:58 - 2021-04-15 13:58 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-04-15 13:58 - 2021-04-15 13:58 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-04-15 13:58 - 2021-04-15 13:58 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2021-04-15 13:58 - 2021-04-15 13:58 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-04-15 13:58 - 2021-04-15 13:58 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2021-04-15 13:58 - 2021-04-15 13:58 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-04-15 13:58 - 2021-04-15 13:58 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-04-15 13:58 - 2021-04-15 13:58 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-04-15 13:58 - 2021-04-15 13:58 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-04-15 13:58 - 2021-04-15 13:58 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-04-15 13:58 - 2021-04-15 13:58 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\activeds.tlb
2021-04-15 13:58 - 2021-04-15 13:58 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2021-04-15 13:58 - 2021-04-15 13:58 - 000091136 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-04-15 13:58 - 2021-04-15 13:58 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-04-15 13:58 - 2021-04-15 13:58 - 000056672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2021-04-15 13:58 - 2021-04-15 13:58 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2021-04-15 13:58 - 2021-04-15 13:58 - 000029696 _____ (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2021-04-15 13:58 - 2021-04-15 13:58 - 000025088 _____ (The ICU Project) C:\WINDOWS\system32\icuin.dll
2021-04-15 13:58 - 2021-04-15 13:58 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.drv
2021-04-15 13:58 - 2021-04-15 13:58 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2021-04-15 13:58 - 2021-04-15 13:58 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2021-04-15 13:57 - 2021-04-15 13:57 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin
2021-04-15 13:57 - 2021-04-15 13:57 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-04-15 13:57 - 2021-04-15 13:57 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-04-15 13:57 - 2021-04-15 13:57 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-04-15 13:57 - 2021-04-15 13:57 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-04-15 13:57 - 2021-04-15 13:57 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-04-15 13:57 - 2021-04-15 13:57 - 000197632 _____ C:\WINDOWS\system32\IHDS.dll
2021-04-15 13:57 - 2021-04-15 13:57 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-04-15 13:57 - 2021-04-15 13:57 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2021-04-15 13:57 - 2021-04-15 13:57 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-04-15 13:57 - 2021-04-15 13:57 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2021-04-15 13:57 - 2021-04-15 13:57 - 000064552 _____ C:\WINDOWS\system32\umpdc.dll
2021-04-15 13:57 - 2021-04-15 13:57 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.drv
2021-04-15 13:57 - 2021-04-15 13:57 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-04-15 13:50 - 2021-04-15 13:50 - 000417792 _____ C:\WINDOWS\system32\d3dconfig.exe
2021-04-15 13:50 - 2021-04-15 13:50 - 000374784 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\DXCpl.exe
2021-04-15 13:50 - 2021-04-15 13:50 - 000365056 _____ C:\WINDOWS\SysWOW64\d3dconfig.exe
2021-04-15 13:50 - 2021-04-15 13:50 - 000347136 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\SysWOW64\DXCpl.exe
2021-04-15 13:49 - 2021-04-15 13:49 - 000000000 ____D C:\WINDOWS\system32\hr
2021-04-15 13:47 - 2021-04-15 16:31 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-04-15 13:47 - 2021-04-15 13:47 - 000000000 ____D C:\Program Files\Reference Assemblies
2021-04-15 13:47 - 2021-04-15 13:47 - 000000000 ____D C:\Program Files\MSBuild
2021-04-15 13:47 - 2021-04-15 13:47 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2021-04-15 13:41 - 2021-04-15 13:41 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-04-15 13:21 - 2021-04-15 16:35 - 000000000 ___DC C:\WINDOWS\Panther
2021-04-14 15:23 - 2021-04-19 17:24 - 000074552 _____ (Wellbia.com Co., Ltd.) C:\WINDOWS\xhunter1.sys
2021-04-14 15:23 - 2021-04-14 15:23 - 000000000 ____D C:\Users\kavoo\AppData\Local\ShadowTrackerExtra
2021-04-14 15:23 - 2021-04-14 15:23 - 000000000 ____D C:\Program Files\Common Files\Uncheater
2021-04-14 14:59 - 2021-04-14 14:59 - 000000584 _____ C:\Users\kavoo\Desktop\PUBG LITE.lnk
2021-04-14 14:59 - 2021-04-14 14:59 - 000000584 _____ C:\Users\kavoo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PUBG LITE.lnk
2021-04-14 14:59 - 2021-04-14 14:59 - 000000000 ____D C:\ProgramData\PUBG
2021-04-13 11:45 - 2021-04-13 11:45 - 000000000 ____D C:\Users\kavoo\.mputils
2021-04-13 11:38 - 2021-04-15 16:31 - 000000000 ____D C:\Users\kavoo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2021-04-13 11:38 - 2021-04-15 10:47 - 000001798 _____ C:\Users\kavoo\Desktop\CurseForge.lnk
2021-04-13 11:38 - 2021-04-13 11:38 - 000000000 ____D C:\Users\kavoo\curseforge
2021-04-13 11:37 - 2021-04-13 11:38 - 000000000 ____D C:\ProgramData\Overwolf
2021-04-13 11:35 - 2021-04-15 10:47 - 000000000 ____D C:\Users\kavoo\AppData\Local\Overwolf
2021-04-11 22:16 - 2021-04-11 22:38 - 000001627 _____ C:\Users\Public\Desktop\VALORANT.lnk
2021-04-11 22:16 - 2021-04-11 22:38 - 000001627 _____ C:\ProgramData\Desktop\VALORANT.lnk
2021-04-11 22:16 - 2021-04-11 22:16 - 000000000 ____D C:\Program Files\Riot Vanguard
2021-04-11 12:00 - 2021-04-19 14:40 - 000000000 ____D C:\Users\kavoo\AppData\Roaming\WhatsApp
2021-04-11 12:00 - 2021-04-15 16:31 - 000000000 ____D C:\Users\kavoo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2021-04-11 12:00 - 2021-04-11 12:00 - 000002203 _____ C:\Users\kavoo\Desktop\WhatsApp.lnk
2021-04-11 11:59 - 2021-04-19 14:39 - 000000000 ____D C:\Users\kavoo\AppData\Local\WhatsApp
2021-04-10 12:41 - 2021-04-15 16:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty Black Ops Cold War
2021-04-08 16:44 - 2021-04-08 16:44 - 000000000 ____D C:\Users\kavoo\AppData\LocalLow\Pixile Inc
2021-04-07 09:23 - 2021-04-07 09:23 - 000052904 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tapexpressvpn.sys
2021-04-07 09:23 - 2021-04-07 09:23 - 000046824 _____ (ExpressVPN) C:\WINDOWS\system32\Drivers\expressvpn-wintun.sys
2021-04-02 20:47 - 2021-04-18 10:14 - 000000000 ____D C:\Users\kavoo\AppData\Roaming\EasyAntiCheat
2021-04-02 20:44 - 2021-04-02 20:47 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2021-03-24 20:51 - 2021-04-07 12:13 - 000000000 ____D C:\Users\kavoo\AppData\Roaming\betterdiscord
2021-03-24 20:51 - 2021-03-24 20:51 - 000000000 ____D C:\Users\kavoo\AppData\Local\Zerebos
2021-03-21 13:13 - 2021-03-21 13:13 - 000000000 ____D C:\Users\Mario\AppData\Roaming\WinRAR
2021-03-21 13:12 - 2021-03-21 13:14 - 000000000 ____D C:\Users\Mario\AppData\Local\NVIDIA Corporation
2021-03-21 13:12 - 2021-03-21 13:12 - 000000000 ____D C:\Users\Mario\AppData\Local\NVIDIA
2021-03-21 13:12 - 2021-03-21 13:12 - 000000000 ____D C:\Users\Mario\ansel

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-20 22:13 - 2020-06-01 18:27 - 000000000 ____D C:\ProgramData\NVIDIA
2021-04-20 22:12 - 2020-06-02 00:58 - 000000000 ____D C:\Users\kavoo\AppData\Roaming\discord
2021-04-20 22:12 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-04-20 22:08 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-04-20 22:08 - 2019-12-07 11:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-04-20 21:59 - 2020-06-08 15:05 - 000000000 ____D C:\Users\kavoo\AppData\Local\CrashDumps
2021-04-20 21:11 - 2020-06-11 12:52 - 000000000 ____D C:\Users\kavoo\AppData\Roaming\.minecraft
2021-04-20 19:22 - 2020-06-02 11:36 - 000000001 _____ C:\WINDOWS\vgkbootstatus.dat
2021-04-20 18:56 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-04-20 14:56 - 2019-12-07 11:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-04-20 13:44 - 2020-06-02 10:24 - 000000000 ____D C:\ProgramData\Package Cache
2021-04-20 10:03 - 2020-06-01 18:24 - 000000000 ____D C:\Users\kavoo\AppData\Local\Packages
2021-04-19 18:39 - 2021-01-17 23:13 - 000000000 ____D C:\Users\kavoo\AppData\Local\Battle.net
2021-04-19 17:56 - 2020-06-11 12:57 - 000000000 ____D C:\Users\kavoo\AppData\Local\NVIDIA
2021-04-18 22:43 - 2020-09-26 10:16 - 000000000 ____D C:\Users\kavoo\AppData\Local\Ubisoft Game Launcher
2021-04-18 17:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-04-18 10:13 - 2020-06-02 11:37 - 000000000 ____D C:\Users\kavoo\Desktop\.~
2021-04-17 22:55 - 2020-11-26 18:13 - 000000000 ____D C:\Users\kavoo\AppData\Roaming\pphud-temp
2021-04-17 22:23 - 2020-12-09 02:16 - 000000420 _____ C:\WINDOWS\Tasks\update-sys.job
2021-04-17 22:23 - 2020-12-09 02:16 - 000000420 _____ C:\WINDOWS\Tasks\update-S-1-5-21-3288830602-4078900590-3289903987-1001.job
2021-04-17 21:00 - 2020-06-02 03:05 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-04-17 21:00 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-04-17 20:47 - 2020-06-01 18:38 - 000000000 ____D C:\ProgramData\Avast Software
2021-04-17 20:46 - 2020-06-01 18:27 - 000799104 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-04-17 20:04 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-04-17 19:59 - 2020-09-30 23:58 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-04-17 19:57 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-04-17 12:06 - 2020-06-09 21:26 - 000000000 ____D C:\ProgramData\Epic
2021-04-17 12:06 - 2020-06-02 03:05 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2021-04-17 11:53 - 2020-11-23 13:31 - 000001447 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2021-04-17 11:53 - 2020-11-23 13:31 - 000001447 _____ C:\ProgramData\Desktop\GeForce Experience.lnk
2021-04-17 11:53 - 2020-11-23 13:31 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2021-04-17 11:53 - 2020-11-23 13:29 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2021-04-17 11:53 - 2020-06-02 03:05 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2021-04-17 11:52 - 2020-06-01 23:59 - 1183407792 _____ C:\WINDOWS\MEMORY.DMP
2021-04-17 11:41 - 2020-08-18 13:27 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-04-16 09:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\appcompat
2021-04-15 16:52 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-04-15 16:37 - 2020-06-01 18:24 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-04-15 16:36 - 2020-06-01 18:29 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-04-15 16:36 - 2020-06-01 18:29 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-04-15 16:36 - 2020-06-01 18:29 - 000002260 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-04-15 16:36 - 2020-06-01 18:24 - 000000000 ___RD C:\Users\kavoo\3D Objects
2021-04-15 16:36 - 2020-06-01 18:09 - 000000000 ____D C:\ProgramData\Packages
2021-04-15 16:36 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-04-15 16:36 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\USOPrivate
2021-04-15 16:35 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-04-15 16:34 - 2019-12-07 11:14 - 000000000 __RHD C:\Users\Public\Libraries
2021-04-15 16:31 - 2021-01-17 23:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2021-04-15 16:31 - 2020-12-09 02:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2021-04-15 16:31 - 2020-12-05 14:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer Cortex
2021-04-15 16:31 - 2020-11-23 13:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2021-04-15 16:31 - 2020-11-09 10:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProtonVPN
2021-04-15 16:31 - 2020-09-15 12:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
2021-04-15 16:31 - 2020-06-28 10:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MacroRecorder
2021-04-15 16:31 - 2020-06-23 09:37 - 000000000 ____D C:\Users\kavoo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-04-15 16:31 - 2020-06-23 09:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-04-15 16:31 - 2020-06-19 16:45 - 000000000 ____D C:\WINDOWS\SysWOW64\3082
2021-04-15 16:31 - 2020-06-19 16:45 - 000000000 ____D C:\WINDOWS\SysWOW64\1055
2021-04-15 16:31 - 2020-06-19 16:45 - 000000000 ____D C:\WINDOWS\SysWOW64\1049
2021-04-15 16:31 - 2020-06-19 16:45 - 000000000 ____D C:\WINDOWS\SysWOW64\1046
2021-04-15 16:31 - 2020-06-19 16:45 - 000000000 ____D C:\WINDOWS\SysWOW64\1045
2021-04-15 16:31 - 2020-06-19 16:45 - 000000000 ____D C:\WINDOWS\SysWOW64\1040
2021-04-15 16:31 - 2020-06-19 16:45 - 000000000 ____D C:\WINDOWS\SysWOW64\1036
2021-04-15 16:31 - 2020-06-19 16:45 - 000000000 ____D C:\WINDOWS\SysWOW64\1033
2021-04-15 16:31 - 2020-06-19 16:45 - 000000000 ____D C:\WINDOWS\SysWOW64\1029
2021-04-15 16:31 - 2020-06-19 16:45 - 000000000 ____D C:\WINDOWS\system32\3082
2021-04-15 16:31 - 2020-06-19 16:45 - 000000000 ____D C:\WINDOWS\system32\1055
2021-04-15 16:31 - 2020-06-19 16:45 - 000000000 ____D C:\WINDOWS\system32\1049
2021-04-15 16:31 - 2020-06-19 16:45 - 000000000 ____D C:\WINDOWS\system32\1046
2021-04-15 16:31 - 2020-06-19 16:45 - 000000000 ____D C:\WINDOWS\system32\1045
2021-04-15 16:31 - 2020-06-19 16:45 - 000000000 ____D C:\WINDOWS\system32\1040
2021-04-15 16:31 - 2020-06-19 16:45 - 000000000 ____D C:\WINDOWS\system32\1036
2021-04-15 16:31 - 2020-06-19 16:45 - 000000000 ____D C:\WINDOWS\system32\1033
2021-04-15 16:31 - 2020-06-19 16:45 - 000000000 ____D C:\WINDOWS\system32\1029
2021-04-15 16:31 - 2020-06-19 11:35 - 000000000 ____D C:\Program Files\IIS
2021-04-15 16:31 - 2020-06-15 12:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2021-04-15 16:31 - 2020-06-11 12:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft Launcher
2021-04-15 16:31 - 2020-06-04 23:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreePCB
2021-04-15 16:31 - 2020-06-02 11:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
2021-04-15 16:31 - 2020-06-02 11:11 - 000000000 ____D C:\Program Files\UNP
2021-04-15 16:31 - 2020-06-02 03:27 - 000000000 ____D C:\WINDOWS\OEM
2021-04-15 16:31 - 2020-06-02 03:24 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2021-04-15 16:31 - 2020-06-02 03:24 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2021-04-15 16:31 - 2020-06-02 01:04 - 000000000 ____D C:\Users\kavoo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-04-15 16:31 - 2020-06-02 00:58 - 000000000 ____D C:\Users\kavoo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2021-04-15 16:31 - 2019-12-07 11:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2021-04-15 16:31 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-04-15 16:31 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\spool
2021-04-15 16:31 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-04-15 16:31 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-04-15 16:31 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-04-15 16:31 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-04-15 16:30 - 2019-12-07 11:18 - 000000000 ____D C:\WINDOWS\Setup
2021-04-15 14:10 - 2020-12-18 19:09 - 000000000 ____D C:\WINDOWS\system32\Samsung
2021-04-15 14:10 - 2020-06-22 17:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2021-04-15 14:10 - 2020-06-12 16:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2019
2021-04-15 14:08 - 2020-10-25 19:51 - 000000000 ____D C:\Users\Mario\AppData\Local\Packages
2021-04-15 14:08 - 2020-09-26 10:16 - 000000000 ____D C:\Users\kavoo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2021-04-15 14:04 - 2019-12-07 11:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-04-15 14:04 - 2019-12-07 11:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\IME
2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2021-04-15 14:04 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\servicing
2021-04-15 13:49 - 2019-12-07 11:51 - 000000000 ____D C:\WINDOWS\OCR
2021-04-15 13:49 - 2019-12-07 11:49 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2021-04-15 13:49 - 2019-12-07 11:49 - 000000000 ____D C:\WINDOWS\system32\WCN
2021-04-14 15:23 - 2020-06-02 10:26 - 000000000 ____D C:\Users\kavoo\AppData\Local\UnrealEngine
2021-04-14 11:22 - 2020-06-01 19:11 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-04-14 11:20 - 2020-06-01 19:11 - 131963968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-04-12 19:37 - 2020-06-01 18:26 - 000000000 ___RD C:\Users\kavoo\OneDrive
2021-04-12 17:33 - 2020-06-02 11:14 - 000000000 ____D C:\ProgramData\Riot Games
2021-04-11 12:09 - 2020-06-01 18:27 - 000000000 ____D C:\Users\kavoo\AppData\Local\D3DSCache
2021-04-11 12:00 - 2020-06-02 00:58 - 000000000 ____D C:\Users\kavoo\AppData\Local\SquirrelTemp
2021-04-10 12:58 - 2020-12-14 22:21 - 000000000 ____D C:\GOG Games
2021-04-10 12:58 - 2020-11-03 12:32 - 000000000 ____D C:\Program Files\Rockstar Games
2021-04-10 12:58 - 2020-11-03 12:32 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2021-04-10 12:58 - 2020-11-03 12:31 - 000000000 ____D C:\Users\kavoo\AppData\Local\Rockstar Games
2021-04-10 12:58 - 2020-11-03 12:30 - 000000000 ____D C:\Users\kavoo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2021-04-10 12:58 - 2020-11-03 12:30 - 000000000 ____D C:\ProgramData\Rockstar Games
2021-04-10 12:58 - 2020-09-14 19:24 - 000000000 ____D C:\Users\kavoo\Documents\My Games
2021-04-10 12:55 - 2020-12-18 16:10 - 000000000 ____D C:\Users\kavoo\AppData\Local\FACEITApp
2021-04-10 12:55 - 2020-12-18 15:45 - 000000000 ____D C:\Users\kavoo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FACEIT Ltd
2021-04-10 12:55 - 2020-12-18 15:45 - 000000000 ____D C:\Users\kavoo\AppData\Roaming\FACEIT
2021-04-10 12:50 - 2021-01-10 17:40 - 000000000 ____D C:\ProgramData\Origin
2021-04-10 12:41 - 2021-02-05 23:26 - 000000835 _____ C:\Users\kavoo\Desktop\Call of Duty Black Ops Cold War.lnk
2021-04-07 13:38 - 2020-11-23 13:31 - 002171760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2021-04-07 13:38 - 2020-11-23 13:31 - 001293680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2021-03-30 12:57 - 2020-11-23 13:31 - 000074608 _____ C:\WINDOWS\system32\FvSDK_x64.dll
2021-03-30 12:57 - 2020-11-23 13:31 - 000064880 _____ C:\WINDOWS\SysWOW64\FvSDK_x86.dll
2021-03-21 13:12 - 2020-10-25 19:53 - 000000000 ____D C:\Users\Mario\AppData\Local\PlaceholderTileLogoFolder
2021-03-21 13:12 - 2020-10-25 19:52 - 000000000 ___RD C:\Users\Mario\OneDrive
2021-03-21 13:12 - 2020-10-25 19:51 - 000000000 ___RD C:\Users\Mario\3D Objects

==================== Files in the root of some directories ========

2021-01-23 17:44 - 2021-01-23 17:44 - 000007615 _____ () C:\Users\kavoo\AppData\Local\Resmon.ResmonCfg
2020-12-09 02:16 - 2020-12-09 02:16 - 000000003 _____ () C:\Users\kavoo\AppData\Local\updater.log
2020-12-09 02:16 - 2020-12-09 02:16 - 000000424 _____ () C:\Users\kavoo\AppData\Local\UserProducts.xml

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================













Additional.txt
 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2021
Ran by kavoo (20-04-2021 22:17:34)
Running from C:\Users\kavoo\Desktop
Windows 10 Home Version 20H2 19042.928 (X64) (2021-04-15 14:35:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3288830602-4078900590-3289903987-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3288830602-4078900590-3289903987-503 - Limited - Disabled)
Guest (S-1-5-21-3288830602-4078900590-3289903987-501 - Limited - Disabled)
kavoo (S-1-5-21-3288830602-4078900590-3289903987-1001 - Administrator - Enabled) => C:\Users\kavoo
Mario (S-1-5-21-3288830602-4078900590-3289903987-1003 - Limited - Enabled) => C:\Users\Mario
mosca (S-1-5-21-3288830602-4078900590-3289903987-1002 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3288830602-4078900590-3289903987-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {BAD274F4-FA00-8560-1CDE-6C830442BEFA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 25.0.1.177 - Bitdefender)
Bitdefender Antivirus Free (HKLM\...\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}) (Version: 1.0.21.234 - Bitdefender)
Call of Duty Black Ops Cold War (HKLM-x32\...\Call of Duty Black Ops Cold War) (Version:  - Blizzard Entertainment)
Call of Duty Modern Warfare (HKLM-x32\...\Call of Duty Modern Warfare) (Version:  - Blizzard Entertainment)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{0243F145-076D-423A-8F77-218DC8840261}) (Version: 4.8.04119 - Microsoft Corporation) Hidden
CPUID HWMonitor 1.43 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.43 - CPUID, Inc.)
CurseForge (HKU\S-1-5-21-3288830602-4078900590-3289903987-1001\...\Overwolf_cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj) (Version: 0.172.1.5 - Overwolf app)
DiagnosticsHub_CollectionService (HKLM\...\{1F3C3AAC-9F7A-47DA-A082-0ACE770041BE}) (Version: 16.1.28901 - Microsoft Corporation) Hidden
Discord (HKU\S-1-5-21-3288830602-4078900590-3289903987-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Entity Framework 6.2.0 Tools  for Visual Studio 2019 (HKLM-x32\...\{7C2070BF-8E07-4B5F-A182-FADB0B95AB39}) (Version: 6.2.0.0 - Microsoft Corporation) Hidden
Epic Games Launcher (HKLM-x32\...\{1D4EB18B-0FEE-444E-B4D1-6F2CFBC363E6}) (Version: 1.1.267.0 - Epic Games, Inc.)
ExpressVPN (HKLM-x32\...\{dfa3c815-2d05-4891-86c7-c97f34b245d0}) (Version: 10.2.2.29 - ExpressVPN)
ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B876ED984E}) (Version: 10.2.2.29 - ExpressVPN) Hidden
FreePCB 1.2 (HKLM-x32\...\FreePCB_is1) (Version:  - Allan)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.128 - Google LLC)
icecap_collection_neutral (HKLM-x32\...\{2A00DCB3-752F-446C-B3B3-1B6ADFBFF3E3}) (Version: 16.6.30014 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{BE5E54C4-6B68-4AE3-A7F4-45F0D29D48D3}) (Version: 16.6.30014 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{1E6E5904-E97F-41F7-B3DB-0C8CD3180E3C}) (Version: 16.6.30014 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{7FD392DF-51A1-4DC1-9C6F-BF7C58A576AC}) (Version: 16.6.30014 - Microsoft Corporation) Hidden
IntelliTraceProfilerProxy (HKLM-x32\...\{7D94CF67-6666-4111-B027-D7AB7F189F70}) (Version: 15.0.18198.01 - Microsoft Corporation) Hidden
Java 8 Update 251 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180251F0}) (Version: 8.0.2510.8 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lightshot-5.5.0.7 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.5.0.7 - Skillbrains)
MacroRecorder v1.0.74 (HKLM-x32\...\MacroRecorder_is1) (Version: 1.0.74 - Bartels Media GmbH)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft .NET Core SDK 3.1.301 (x64) from Visual Studio (HKLM\...\{4ECCC18D-A5B3-4913-B693-A40CD7BD0F7A}) (Version: 3.1.301.015174 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.77 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3288830602-4078900590-3289903987-1001\...\OneDriveSetup.exe) (Version: 21.052.0314.0001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3288830602-4078900590-3289903987-1003\...\OneDriveSetup.exe) (Version: 21.030.0211.0002 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM\...\{8D7CE3B0-5379-46FE-9F4B-A65D9F4CC1F1}) (Version: 15.0.1200.24 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM-x32\...\{725CC962-98BD-42C7-87D8-51C680FB1779}) (Version: 15.0.1200.24 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 2.6.2035.522 - Microsoft Corporation)
Microsoft Web Deploy 4.0 (HKLM\...\{BBCDB523-F5B7-4E53-A911-C85191E3BDF0}) (Version: 10.0.2606 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{F6678473-0198-46D0-A88F-2A247E6FA03C}) (Version: 1.0.0.0 - Mojang)
NVIDIA FrameView SDK 1.1.4923.29781331 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29781331 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.22.0.32 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.22.0.32 - NVIDIA Corporation)
NVIDIA Graphics Driver 466.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 466.11 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NVIDIA USBC Driver 1.46.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.46.831.832 - NVIDIA Corporation)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.168.0.12 - Overwolf Ltd.)
Process Hacker 2.39 (r124) (HKLM\...\Process_Hacker2_is1) (Version: 2.39.0.124 - wj32)
ProtonVPN (HKLM-x32\...\{D19979C9-8B5B-4500-AA6A-EF331F658074}) (Version: 1.17.5 - Proton Technologies AG) Hidden
ProtonVPN (HKLM-x32\...\ProtonVPN 1.17.5) (Version: 1.17.5 - Proton Technologies AG)
ProtonVPNTap (HKLM-x32\...\{BCB82CD9-F514-4F93-A6D9-F898494DC927}) (Version: 1.1.0 - Proton Technologies AG)
PUBG LITE (HKLM-x32\...\PUBG LITE_is1) (Version: 1.0.1.0 - )
Python Launcher (HKLM-x32\...\{4E5F47AD-2588-4BE3-9DC2-0F9CD283A3DF}) (Version: 3.7.6860.0 - Python Software Foundation)
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 9.13.18.1333 - Razer Inc.)
Riot Vanguard (HKLM\...\Riot Vanguard) (Version:  - Riot Games, Inc.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.31.0 - Samsung Electronics Co., Ltd.)
TypeScript SDK (HKLM-x32\...\{7E046A6D-8DDB-41BF-B2FB-46CA2C9506FB}) (Version: 3.8.3.0 - Microsoft Corporation) Hidden
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 85.0 - Ubisoft)
UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
VALORANT (HKU\S-1-5-21-3288830602-4078900590-3289903987-1001\...\Riot Game valorant.live) (Version:  - Riot Games, Inc)
vcpp_crt.redist.clickonce (HKLM-x32\...\{AA38DC14-21AD-4BE9-BCDB-736C0FD94713}) (Version: 14.26.28720 - Microsoft Corporation) Hidden
Visual Studio Community 2019 (HKLM-x32\...\105ca4a3) (Version: 16.6.30204.135 - Microsoft Corporation)
VS Immersive Activate Helper (HKLM-x32\...\{A71406B5-E487-4B01-8E59-D466841350F5}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden
VS JIT Debugger (HKLM\...\{C7E8A4F2-EF09-42A8-B892-69D5ED99D965}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM\...\{A4272808-82F5-410F-A5F9-1BF6F63F6B9A}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{B5E3A3E1-1529-4D5A-9E95-34971FA07825}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{BAF91847-0A64-405E-98EC-A0BA6FB4BC4E}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{271F1F42-B547-4498-825F-590DBB1774F7}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{30D97A69-3C0F-4552-9A72-60E591B210C7}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{2CCEC45B-1462-4FFD-8214-90E3C25000F7}) (Version: 16.6.30014 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{95E79BBC-97FD-4FEB-91B5-CC0231324812}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{AD0C92A4-1514-4BC1-A723-A272A8343924}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{7A991159-9069-471D-B85F-89B1E4E66822}) (Version: 16.6.30014 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{16E73A5A-339C-4177-A0BD-04278C06625C}) (Version: 16.6.30014 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{C8E7C1FC-925C-4163-BAB3-769E6C7961D2}) (Version: 16.6.30014 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx64 (HKLM\...\{ABBD10CA-0CFA-4D76-B033-F76C55A54336}) (Version: 16.4.29411 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx86 (HKLM-x32\...\{E47B4703-2337-4ED0-BA24-3EC08D643684}) (Version: 16.4.29411 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{27B16914-BC5D-4018-8074-071262A27F6D}) (Version: 16.2.28917 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{DA7AB063-D1A3-4D5A-8221-598ACF4574B4}) (Version: 16.6.30014 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{EC04CD66-C03A-470D-B0D2-4BBC87F6382D}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{0A54CADD-CBA1-4BC9-A134-6C9F91F41B9A}) (Version: 16.5.29521 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{E208E682-50EE-4F2F-9860-C91B906B8A03}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_vswebprotocolselectormsi (HKLM-x32\...\{5F2E2347-2042-4340-BBDD-262BB1791EC7}) (Version: 16.6.30014 - Microsoft Corporation) Hidden
WhatsApp (HKU\S-1-5-21-3288830602-4078900590-3289903987-1001\...\WhatsApp) (Version: 2.2112.10 - WhatsApp)
Windows SDK AddOn (HKLM-x32\...\{E6F877A1-2F65-4BF0-87B6-A4071B7663D3}) (Version: 10.1.0.0 - Microsoft Corporation)
WinRAR 5.91 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)

Packages:
=========
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.4072.0_x64__8wekyb3d8bbwe [2021-04-17] (Microsoft Studios) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-11-05] (Netflix, Inc.)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.960.0_x64__56jybvy8sckqj [2021-04-17] (NVIDIA Corp.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-12-19] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.2.175.0_x64__dt26b99r8h8gj [2021-04-15] (Realtek Semiconductor Corp)
XLS Opener -> C:\Program Files\WindowsApps\BallardAppCraftery.CraftySpreadsheetViewer_1.3.4.0_x64__epyrqhfctk40t [2020-06-12] (Ballard App Craftery)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-04-20] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7d91b2ed40558a26\nvshext.dll [2021-04-13] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-04-20] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\kavoo\Application Data:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]
AlternateDataStreams: C:\Users\kavoo\AppData\Roaming:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [488]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3288830602-4078900590-3289903987-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=BT171002&iDate=2020-02-02%2003:38:06&bName=
SearchScopes: HKU\S-1-5-21-3288830602-4078900590-3289903987-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\java\bin\ssv.dll [2020-06-15] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\java\bin\jp2ssv.dll [2020-06-15] (Oracle America, Inc. -> Oracle Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2020-06-02 03:24 - 2020-06-02 03:23 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\dotnet\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3288830602-4078900590-3289903987-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\kavoo\Desktop\2ff26a3dd03271d1764c36af3ff448de.jpg
HKU\S-1-5-21-3288830602-4078900590-3289903987-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "REDRAGON M711 Gaming Mouse"
HKLM\...\StartupApproved\Run32: => "REDRAGON M711-FPS Gaming Mouse"
HKLM\...\StartupApproved\Run32: => "RazerCortex"
HKU\S-1-5-21-3288830602-4078900590-3289903987-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3288830602-4078900590-3289903987-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-3288830602-4078900590-3289903987-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-3288830602-4078900590-3289903987-1001\...\StartupApproved\Run: => "NordVPN"
HKU\S-1-5-21-3288830602-4078900590-3289903987-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3288830602-4078900590-3289903987-1001\...\StartupApproved\Run: => "FACEIT"
HKU\S-1-5-21-3288830602-4078900590-3289903987-1001\...\StartupApproved\Run: => "Samsung DeX"
HKU\S-1-5-21-3288830602-4078900590-3289903987-1001\...\StartupApproved\Run: => "Overwolf"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{21AE0ECA-6F20-4604-BEA5-379D627EAB3C}D:\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe] => (Allow) D:\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe (PUBG CORPORATION -> PUBG Works)
FirewallRules: [TCP Query User{D94E4C91-1764-44D9-BA96-DE826032259A}D:\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe] => (Allow) D:\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe (PUBG CORPORATION -> PUBG Works)
FirewallRules: [{1497CD3B-9C22-4946-8A54-A68CC030C9F1}] => (Allow) D:\steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_Vulkan.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{A55B8E03-9C90-4292-B469-D0DA7058B019}] => (Allow) D:\steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_Vulkan.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{3DC5B7C8-C0C0-4086-A7E3-A7C15AEB0118}] => (Allow) D:\steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{68F1FA66-3EF8-425F-9189-5A9983C1D27B}] => (Allow) D:\steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [UDP Query User{F68A2ACF-4801-416A-97F0-40E8E6B5FA93}D:\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) D:\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [TCP Query User{DE2F6E33-8F5E-487E-8221-770BD0ABE208}D:\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) D:\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [{CAD28CD6-B0A7-43C8-AF37-9E67331BF7AB}] => (Block) D:\forge\Overwolf\0.168.0.12\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{A9C7CF1D-39F9-4A65-BC5C-15356F6D8126}] => (Block) D:\forge\Overwolf\0.168.0.12\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{5EE91F04-F85B-4E99-AAF8-32C430A9B4A1}] => (Allow) D:\forge\Overwolf\0.168.0.12\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{D22B454C-2633-4EBF-B5FC-85581D36A14A}] => (Allow) D:\forge\Overwolf\0.168.0.12\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{B7312EC3-6360-4184-8B36-4AB7A37D99FC}] => (Allow) D:\steam\steamapps\common\EasyAntiCheat\EasyAntiCheat.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{DD659105-BD2D-43E6-9D41-D12AF43FB109}] => (Allow) D:\steam\steamapps\common\EasyAntiCheat\EasyAntiCheat.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{07E43740-F30A-4924-86EA-3EC55DD25682}] => (Allow) D:\steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{D2BABE70-21A5-4ADD-98A4-5190931D67BF}] => (Allow) D:\steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{C05179A0-BC5F-469C-B10B-C5BC1FE249A0}] => (Allow) C:\SteamLibrary\steamapps\common\Rust\Rust.exe (Facepunch Studios Ltd -> Epic Games, Inc)
FirewallRules: [{DE09B697-3DBA-41A0-A8F7-61DDFC750160}] => (Allow) C:\SteamLibrary\steamapps\common\Rust\Rust.exe (Facepunch Studios Ltd -> Epic Games, Inc)
FirewallRules: [UDP Query User{70B08382-7C17-449F-9643-035480245D81}D:\minecraft\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) D:\minecraft\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [TCP Query User{B651A1F7-742C-4D34-8561-49661674F4B0}D:\minecraft\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) D:\minecraft\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [UDP Query User{CF73CD4E-94B8-4A5C-A117-27ABCA6848E1}D:\fortnite2\paladins\binaries\win64\paladins.exe] => (Allow) D:\fortnite2\paladins\binaries\win64\paladins.exe => No File
FirewallRules: [TCP Query User{8133BB96-1B1F-48BE-88B5-52808822B52E}D:\fortnite2\paladins\binaries\win64\paladins.exe] => (Allow) D:\fortnite2\paladins\binaries\win64\paladins.exe => No File
FirewallRules: [{5FC8C435-0257-433D-B2CF-BDCF9EC9B6C2}] => (Allow) D:\steam\steamapps\common\Rust\Rust.exe => No File
FirewallRules: [{7CCA0DB3-5982-4D85-BB12-45A4AAA0DBEB}] => (Allow) D:\steam\steamapps\common\Rust\Rust.exe => No File
FirewallRules: [{1C9B51E2-7230-47E0-8985-C84CE7CA80AF}] => (Allow) D:\steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{52E38D4B-E67A-4D04-87D5-4D014C888AA7}] => (Allow) D:\steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{A6AD8E59-A81E-4A10-A467-F24217148EBD}] => (Allow) D:\steam\steam.exe (Valve -> Valve Corporation)
FirewallRules: [{218CE19D-61E8-4AD2-8B00-D3FB0768ADBE}] => (Allow) D:\steam\steam.exe (Valve -> Valve Corporation)
FirewallRules: [UDP Query User{7427F701-E799-4624-BD4F-95219B8BD633}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{D91ED9A5-154F-4C32-A099-81593338201E}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{A794D467-05A0-4A32-A37B-6B27D040D6CA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A0B645BB-04BF-4EC4-9369-1B5CF10BF235}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [UDP Query User{B9209047-6EF8-4763-90A9-8B03DE913F8F}C:\cold war\call of duty black ops cold war\blackopscoldwar.exe] => (Allow) C:\cold war\call of duty black ops cold war\blackopscoldwar.exe (Activision Publishing Inc -> Activision Publishing, Inc.)
FirewallRules: [TCP Query User{41EA9596-2BD5-45CA-B5C1-0F3C6B918B5B}C:\cold war\call of duty black ops cold war\blackopscoldwar.exe] => (Allow) C:\cold war\call of duty black ops cold war\blackopscoldwar.exe (Activision Publishing Inc -> Activision Publishing, Inc.)
FirewallRules: [UDP Query User{8730F456-44AA-4D4F-9AC5-3EF86F017067}C:\program files (x86)\call of duty black ops cold war\blackopscoldwar.exe] => (Allow) C:\program files (x86)\call of duty black ops cold war\blackopscoldwar.exe => No File
FirewallRules: [TCP Query User{B8FE846F-ADA7-49C0-B6F1-30D1C75BDAB3}C:\program files (x86)\call of duty black ops cold war\blackopscoldwar.exe] => (Allow) C:\program files (x86)\call of duty black ops cold war\blackopscoldwar.exe => No File
FirewallRules: [{43EFCD68-1528-4CD3-BD3D-9BD167B79E1F}] => (Allow) LPort=27036
FirewallRules: [{091DF681-00DA-4F96-8BC2-E03A0507758E}] => (Allow) LPort=3074
FirewallRules: [{937F0460-B34D-448F-A85B-05CCF8F387D1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{C9B48517-CAF4-4FB6-9DE5-4F5DE3CC7DBD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A05371AE-AAFD-426E-A980-F28DEBC3220B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{B56BCB53-00A2-4AF8-9309-5773075C93F3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{EEEB8AC3-0B1C-4EEA-B3B6-16ABD30BA1F0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{5E640674-F9EF-42AF-8207-A08108B41E77}D:\fortnite2\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\fortnite2\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{F6BC3111-32F3-481B-A894-6D454AD9F9D6}D:\fortnite2\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\fortnite2\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{05F964BE-DE52-4E4A-B9F9-598CDD006915}] => (Allow) D:\fortnite2\TrackmaniaNext\trackmania.exe => No File
FirewallRules: [{AD7242BE-E459-4DE7-A085-5073E00FC257}] => (Allow) D:\fortnite2\TrackmaniaNext\trackmania.exe => No File
FirewallRules: [TCP Query User{CBCE8809-9229-4307-A2D4-756D1DB210C0}D:\java\bin\javaw.exe] => (Allow) D:\java\bin\javaw.exe
FirewallRules: [UDP Query User{99BF475B-4BF7-4D31-BC68-1C0E8FDC0051}D:\java\bin\javaw.exe] => (Allow) D:\java\bin\javaw.exe

==================== Restore Points =========================

20-04-2021 10:08:18 Scheduled Checkpoint
20-04-2021 22:12:39 AdwCleaner_BeforeCleaning_20/04/2021_22:12:39

==================== Faulty Device Manager Devices ============

Name: ExpressVPN TAP Adapter
Description: ExpressVPN TAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ExpressVPN
Service: tapexpressvpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (04/20/2021 09:59:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamtray.exe, version: 4.0.0.944, time stamp: 0x60660637
Faulting module name: Qt5Core.dll, version: 5.14.1.0, time stamp: 0x603971ce
Exception code: 0xc0000005
Fault offset: 0x0000000000219dc5
Faulting process id: 0xbd8
Faulting application start time: 0x01d73609a8166479
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: 3c94f900-f8d4-49b9-82ba-f16057240cbd
Faulting package full name: 
Faulting package-relative application ID:

Error: (04/19/2021 10:17:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MinecraftLauncher.exe, version: 1.0.1.0, time stamp: 0x605335a0
Faulting module name: ntdll.dll, version: 10.0.19041.928, time stamp: 0xa0caab76
Exception code: 0xc0000005
Fault offset: 0x0002fc2d
Faulting process id: 0x2808
Faulting application start time: 0x01d73558ea887310
Faulting application path: D:\minecraft\MinecraftLauncher.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 86205307-0991-4862-8e4e-b600d8d0464a
Faulting package full name: 
Faulting package-relative application ID:

Error: (04/19/2021 08:10:54 AM) (Source: MsiInstaller) (EventID: 11606) (User: DESKTOP-R4LF066)
Description: Product: Epic Online Services -- Error 1606. Could not access network location Epic Online Services\service.

Error: (04/19/2021 08:10:54 AM) (Source: MsiInstaller) (EventID: 11606) (User: DESKTOP-R4LF066)
Description: Product: Epic Online Services -- Error 1606. Could not access network location Epic Online Services\service.

Error: (04/18/2021 07:37:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program RustClient.exe version 2019.4.7.37553 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1738

Start Time: 01d7347982b959cb

Termination Time: 4294967295

Application Path: C:\SteamLibrary\steamapps\common\Rust\RustClient.exe

Report Id: bdf27ec2-a18c-4896-8d7e-e5e0d52c5b45

Faulting package full name: 

Faulting package-relative application ID: 

Hang type: Top level window is idle

Error: (04/18/2021 06:03:39 PM) (Source: MsiInstaller) (EventID: 11321) (User: DESKTOP-R4LF066)
Description: Product: Barium App -- Error 1321. The Installer has insufficient privileges to modify this file: C:\Users\kavoo\AppData\Local\BariumApp\BariumApp.exe. System Error 5.

Error: (04/18/2021 06:03:31 PM) (Source: MsiInstaller) (EventID: 11500) (User: DESKTOP-R4LF066)
Description: Product: Barium App -- Error 1500. Another installation is in progress. You must complete that installation before continuing this one.

Error: (04/17/2021 10:34:02 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_SNOOZED.


System errors:
=============
Error: (04/20/2021 10:12:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The RzKLService service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/20/2021 10:12:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ProductAgentService service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/20/2021 10:12:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Razer Central Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/20/2021 10:12:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 6000 milliseconds: Restart the service.

Error: (04/20/2021 10:12:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SAMSUNG Mobile Connectivity Service V2 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.

Error: (04/20/2021 10:12:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SAMSUNG Mobile Connectivity Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/20/2021 10:12:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Realtek Audio Universal Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (04/20/2021 10:12:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Razer Game Manager service terminated unexpectedly.  It has done this 1 time(s).


Windows Defender:
================
Date: 2021-04-19 09:27:11
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=App:Utorrent_BundleInstaller&threatid=290703&enterprise=0
Name: App:Utorrent_BundleInstaller
Severity: Low
Category: Potentially Unwanted Software
Path: file:_D:\$RECYCLE.BIN\S-1-5-21-1766290516-2644260735-1604191060-1001\$RCE4ZRD.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: User
Process Name: Unknown
Security intelligence Version: AV: 1.335.1177.0, AS: 1.335.1177.0, NIS: 1.335.1177.0
Engine Version: AM: 1.1.18000.5, NIS: 1.1.18000.5

Date: 2021-04-19 09:27:11
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Occamy.CCD&threatid=2147756162&enterprise=0
Name: Trojan:Win32/Occamy.CCD
Severity: Severe
Category: Trojan
Path: containerfile:_D:\$RECYCLE.BIN\S-1-5-21-1766290516-2644260735-1604191060-1001\$R96J94J.zip; file:_D:\$RECYCLE.BIN\S-1-5-21-1766290516-2644260735-1604191060-1001\$R96J94J.zip->Osiris.dll
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: User
Process Name: Unknown
Security intelligence Version: AV: 1.335.1177.0, AS: 1.335.1177.0, NIS: 1.335.1177.0
Engine Version: AM: 1.1.18000.5, NIS: 1.1.18000.5

Date: 2021-04-18 19:24:55
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2021-04-17 22:18:37
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Script/Phonzy.B!ml&threatid=2147772967&enterprise=0
Name: Trojan:Script/Phonzy.B!ml
Severity: Severe
Category: Trojan
Path: file:_C:\Users\kavoo\Desktop\noviNcK^ybu_ktmp.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.335.1079.0, AS: 1.335.1079.0, NIS: 1.335.1079.0
Engine Version: AM: 1.1.18000.5, NIS: 1.1.18000.5

Date: 2021-04-17 22:18:37
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/GameHack&threatid=2147712662&enterprise=0
Name: HackTool:Win32/GameHack
Severity: High
Category: Tool
Path: file:_C:\WINDOWS\GODWARE.dll; file:_C:\WINDOWS\Osiris.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.335.1079.0, AS: 1.335.1079.0, NIS: 1.335.1079.0
Engine Version: AM: 1.1.18000.5, NIS: 1.1.18000.5

Date: 2021-04-17 20:47:34
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.317.403.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17100.2
Error code: 0x80090305
Error description: The requested security package does not exist 

Date: 2021-04-17 20:47:34
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.317.403.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17100.2
Error code: 0x80090305
Error description: The requested security package does not exist 

Date: 2021-04-17 20:47:34
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.317.403.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17100.2
Error code: 0x80090305
Error description: The requested security package does not exist 

Date: 2021-04-17 20:47:34
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.317.403.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17100.2
Error code: 0x80090305
Error description: The requested security package does not exist 

Date: 2021-04-17 20:47:34
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.317.403.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17100.2
Error code: 0x80090305
Error description: The requested security package does not exist 

CodeIntegrity:
===============
Date: 2021-04-20 22:08:36
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bitdefender Antivirus Free\bdamsi\265231836547332704\antimalware_provider64.dll that did not meet the Windows signing level requirements.

Date: 2021-04-20 19:41:54
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume6\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bitdefender Antivirus Free\bdamsi\265231836547332704\antimalware_provider64.dll that did not meet the Microsoft signing level requirements.


==================== Memory info =========================== 

BIOS: American Megatrends Inc. F15 06/05/2019
Motherboard: Gigabyte Technology Co., Ltd. B360M DS3H
Processor: Intel(R) Core(TM) i5-9400F CPU @ 2.90GHz
Percentage of memory in use: 35%
Total physical RAM: 16315.39 MB
Available physical RAM: 10481.08 MB
Total Virtual: 28603.39 MB
Available Virtual: 21120 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:237.84 GB) (Free:52.89 GB) NTFS
Drive d: (HDD) (Fixed) (Total:931.5 GB) (Free:285.62 GB) NTFS

\\?\Volume{2eadf7fb-10f3-4be6-af7b-ceb122f37a33}\ (Recovery) (Fixed) (Total:0.52 GB) (Free:0.09 GB) NTFS
\\?\Volume{ead3d471-4872-470e-907a-9a00a4004822}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 238.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

Link to post
Share on other sites

  • Solution

Hiya staide,

Thanks for those logs, continue:

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.

NOTE. It's important that both files, FRST or FRSTEnglish, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed.

The following directories are emptied:
 
  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin


Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

user posted image

The system will be rebooted after the fix has run.

Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.

If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....

Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours...
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....



The Virus Removal Tool scans the following areas of your computer:
  • Memory, including system memory on 32-bit (x86) versions of Windows
  • The Windows registry
  • All local hard drives, fixed and removable
  • Mapped network drives are not scanned.


Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

Saved logs are found here: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs

Let me see those logs in your reply...

Thank you,

Kevin...

fixlist.txt

Link to post
Share on other sites

Hello Kevin.
My system works perfectly but I was just really paranoid about having some sort of virus in my system for last few days, so this is a relief for me.
Thanks you so much Kevin u really helped a lot. I don't know what else to say but thank u for your time.

Staide.

 

Link to post
Share on other sites

Hiya Staide,

Thanks for the update and kind words. We did clean up your system with FRST fix, other than that we just complete precautionary scans... Continue to clran up:

Uninstall the following program (unless you prefer to keepit):

Sophos AV

http://www.askvg.com/how-to-completely-uninstall-remove-a-software-program-in-windows-without-using-3rd-party-software/

Also delete this folder if still present: C:\ProgramData\Sophos

Next,

Right click on FRST here: C:\Users\kavoo\Desktop\FRST.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator"

If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST to uninstall

That action will remove FRST and all created files and folders...

Next,

Condsider the following:

Malwarebytes Browser Guard (Free) for Firefox: https://addons.mozilla.org/en-GB/firefox/addon/malwarebytes/

Malwarebytes Browser Guard (Free) for Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee

PatchMyPC, keep all your software upto date - https://patchmypc.com/home-updater#download

From there you should be good to go...

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.