staide Posted April 19, 2021 ID:1452239 Share Posted April 19, 2021 Hello. My brother installed some program and run it with admin privileges, after that I tried to uninstall the file but it said I cant do that without admin privileges which I had. After few minutes the file disappeared. I don't know if it is a virus but I would like to get some help and someone to tell me what to do. I have bitdefender on my pc but when I try to scan it scans for 5 min and then just stops, usually it takes about 45 min to complete the scan. Anything I can do to make sure I don't have any viruses on my pc? Thanks. Link to post Share on other sites More sharing options...
kevinf80 Posted April 20, 2021 ID:1452298 Share Posted April 20, 2021 Hello staide and welcome to Malwarebytes, Continue with the following: If you do not have Malwarebytes installed do the following: Download Malwarebytes version 4 from the following link:https://www.malwarebytes.com/mwb-download/thankyou/ Double click on the installer and follow the prompts. When the install completes or Malwarebytes is already installed do the following: Open Malwarebytes, select > small cog wheel top right hand corner, that will open "settings" from there select "Security" tab. Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Close out the settings window, this will take you back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes quarantine any found entries... To get the log from Malwarebytes do the following: Click on the Detection History tab > from main interface. Then click on "History" that will open to a historical list Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options:Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your replyText file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply… Next, Download AdwCleaner by Malwarebytes onto your Desktop. Or from this Mirror Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.htmlNote: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... If English is not your primary language Right click on FRST/FRST64 and rename FRSTEnglish/FRST64English Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Let me see those logs in your reply... Thank you, Kevin.... Link to post Share on other sites More sharing options...
staide Posted April 20, 2021 Author ID:1452395 Share Posted April 20, 2021 Hello Kevin. Thank you for your help I appreciate your guidance. Here are all the logs: ______________________________________________________________________________________________________________________________________ Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 4/20/21 Scan Time: 9:59 PM Log File: f343a8a6-a212-11eb-9591-b42e990cdf0d.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1251 Update Package Version: 1.0.39639 License: Trial -System Information- OS: Windows 10 (Build 19042.928) CPU: x64 File System: NTFS User: DESKTOP-R4LF066\kavoo -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 319259 Threats Detected: 1 Threats Quarantined: 1 Time Elapsed: 3 min, 31 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 1 PUP.Optional.InstallCore, HKU\S-1-5-21-3288830602-4078900590-3289903987-1001\SOFTWARE\CSASTATS\ic, Quarantined, 512, 586068, 1.0.39639, , ame, , , Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Link to post Share on other sites More sharing options...
staide Posted April 20, 2021 Author ID:1452396 Share Posted April 20, 2021 # ------------------------------- # Malwarebytes AdwCleaner 8.2.0.0 # ------------------------------- # Build: 03-22-2021 # Database: 2021-04-20.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 04-20-2021 # Duration: 00:00:00 # OS: Windows 10 Home # Cleaned: 2 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** No malicious folders cleaned. ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKCU\Software\csastats ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Hosts File Entries ] ***** No malicious hosts file entries cleaned. ***** [ Preinstalled Software ] ***** Deleted Preinstalled.HPTouchSmart File C:\Users\kavoo\Desktop\Netflix.lnk ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [1463 octets] - [20/04/2021 22:11:41] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ########## FRST.txt Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-04-2021 Ran by kavoo (administrator) on DESKTOP-R4LF066 (Gigabyte Technology Co., Ltd. B360M-DS3H) (20-04-2021 22:15:21) Running from C:\Users\kavoo\Desktop Loaded Profiles: kavoo Platform: Windows 10 Home Version 20H2 19042.928 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdagent.exe (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdredline.exe (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsserv.exe (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe (NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3> (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3> (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7d91b2ed40558a26\Display.NvContainer\NVDisplay.Container.exe <2> (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [856288 2019-10-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [353400 2021-03-26] (Riot Games, Inc. -> Riot Games, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646776 2020-03-12] (Oracle America, Inc. -> Oracle Corporation) HKLM-x32\...\Run: [RazerCortex] => D:\Razer cortex\Razer Cortex\CortexLauncher.exe [267056 2021-01-14] (Razer USA Ltd. -> Razer Inc.) HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226728 2019-07-22] (Kilonova LLC -> ) HKLM-x32\...\Run: [ExpressVPNNotificationService] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe [370032 2021-04-07] (EXPRSVPN LLC -> ExpressVPN) HKU\S-1-5-21-3288830602-4078900590-3289903987-1001\...\Run: [EpicGamesLauncher] => D:\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [33001952 2021-04-16] (Epic Games Inc. -> Epic Games, Inc.) HKU\S-1-5-21-3288830602-4078900590-3289903987-1001\...\Run: [Discord] => C:\Users\kavoo\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub) HKU\S-1-5-21-3288830602-4078900590-3289903987-1001\...\Run: [FACEIT] => C:\Users\kavoo\AppData\Local\FACEITApp\update.exe [2204984 2020-12-18] (FACE IT LIMITED -> ) HKU\S-1-5-21-3288830602-4078900590-3289903987-1001\...\Run: [Overwolf] => D:\forge\Overwolf\OverwolfLauncher.exe [1747288 2021-03-18] (Overwolf Ltd -> Overwolf Ltd.) HKU\S-1-5-21-3288830602-4078900590-3289903987-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.128\Installer\chrmstp.exe [2021-04-15] (Google LLC -> Google LLC) HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0898F057-C5CA-4C30-AF32-5AF2AFD15D0A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905584 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation) Task: {18B0A3C2-F682-495A-9384-761CE4CACAB2} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [888232 2021-01-29] (Bitdefender SRL -> Bitdefender) Task: {19DC63CB-453A-4FA3-B674-61003233274C} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [645488 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation) Task: {1AEBD4A2-F823-4B51-8D02-0668B9C62483} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation) Task: {577EF8C3-1FD7-48A7-8A59-3D1F3EF78CE0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-06-01] (Google LLC -> Google LLC) Task: {58311F0C-2FBA-482C-A000-F0C969BDA46D} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation) Task: {5C1D3A08-2F5F-438E-8ADB-A148295CF3EC} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>) Task: {6AA1B7DA-994E-48CA-A149-9C96806B2DF3} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation) Task: {7397F9CA-311E-4D18-B0CA-2233E0C93306} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\program files (x86)\microsoft visual studio\installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe [65440 2020-06-12] (Microsoft Corporation -> Microsoft) Task: {82B59CBB-5125-4F71-8FFE-947F8F59BBBF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-17] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {8B729A8C-8549-4670-AA37-C08C832B3D01} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3336560 2021-04-08] (NVIDIA Corporation -> NVIDIA Corporation) Task: {91E14CA1-7003-4E9F-8502-B3EA8D960452} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-09-29] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log Task: {A5E56993-D1E2-4159-A504-1243312F6C61} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel(R) Trust Services -> Intel(R) Corporation) Task: {B2B31135-6F8C-4AEE-A1AB-564396EEA41B} - System32\Tasks\ProtonVPN Update => D:\Vpn\ProtonVPN.UpdateService.exe [61760 2020-10-23] (ProtonVPN AG -> ) Task: {B3AAB51C-2456-4426-9F3A-12B74B408020} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-17] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {B8FC3C4E-2BDB-4F0C-916D-0CE4B87D680A} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation) Task: {C685DD58-80BA-4E9B-902A-1BE683CB5492} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-06-01] (Google LLC -> Google LLC) Task: {C8F9C6EF-E209-445C-9F22-BECA92AEECBF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-17] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {CB29BBAB-E5E7-41DF-BC72-887B6E5A10E1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-17] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {CECFB790-4040-4190-8617-72C8ABF10373} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905584 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation) Task: {D013DBBE-4115-4424-A96C-F819F2F5EC0C} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-09-29] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log Task: {E31AE267-40D6-4D74-8EEB-892D0AC42002} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864" /ENABLE Task: {E31AE267-40D6-4D74-8EEB-892D0AC42002} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE Task: {E31AE267-40D6-4D74-8EEB-892D0AC42002} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE Task: {E31AE267-40D6-4D74-8EEB-892D0AC42002} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\Intel PTT EK Recertification" /ENABLE Task: {E31AE267-40D6-4D74-8EEB-892D0AC42002} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore" /ENABLE Task: {E31AE267-40D6-4D74-8EEB-892D0AC42002} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineUA" /ENABLE Task: {E31AE267-40D6-4D74-8EEB-892D0AC42002} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE Task: {E31AE267-40D6-4D74-8EEB-892D0AC42002} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE Task: {E31AE267-40D6-4D74-8EEB-892D0AC42002} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE Task: {E31AE267-40D6-4D74-8EEB-892D0AC42002} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE Task: {E31AE267-40D6-4D74-8EEB-892D0AC42002} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE Task: {E31AE267-40D6-4D74-8EEB-892D0AC42002} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(12): schtasks.exe -> /Change /TN "\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE Task: {E31AE267-40D6-4D74-8EEB-892D0AC42002} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(13): schtasks.exe -> /Change /TN "\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE Task: {E31AE267-40D6-4D74-8EEB-892D0AC42002} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(14): schtasks.exe -> /Change /TN "\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE Task: {E31AE267-40D6-4D74-8EEB-892D0AC42002} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(15): schtasks.exe -> /Change /TN "\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE Task: {E31AE267-40D6-4D74-8EEB-892D0AC42002} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(16): schtasks.exe -> /Change /TN "\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE Task: {E31AE267-40D6-4D74-8EEB-892D0AC42002} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(17): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-3288830602-4078900590-3289903987-1001" /ENABLE Task: {E31AE267-40D6-4D74-8EEB-892D0AC42002} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(18): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-3288830602-4078900590-3289903987-1003" /ENABLE Task: {E31AE267-40D6-4D74-8EEB-892D0AC42002} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(19): schtasks.exe -> /Change /TN "\Overwolf Updater Task" /ENABLE Task: {E31AE267-40D6-4D74-8EEB-892D0AC42002} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(20): schtasks.exe -> /Change /TN "\ProtonVPN Update" /ENABLE Task: {E31AE267-40D6-4D74-8EEB-892D0AC42002} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(21): schtasks.exe -> /Change /TN "\update-S-1-5-21-3288830602-4078900590-3289903987-1001" /ENABLE Task: {E31AE267-40D6-4D74-8EEB-892D0AC42002} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(22): schtasks.exe -> /Change /TN "\update-sys" /ENABLE Task: {E31AE267-40D6-4D74-8EEB-892D0AC42002} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(23): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE Task: {E5BC44FE-2E1B-4727-86FB-459576BC2FDE} - System32\Tasks\Overwolf Updater Task => D:\forge\Overwolf\OverwolfUpdater.exe [2491736 2021-03-18] (Overwolf Ltd -> Overwolf LTD) Task: {EEE11CA2-8D5D-4AC7-88A2-68D41DBA8FD8} - System32\Tasks\update-S-1-5-21-3288830602-4078900590-3289903987-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Intel PTT EK Recertification.job => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe Task: C:\WINDOWS\Tasks\update-S-1-5-21-3288830602-4078900590-3289903987-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{69baf071-995d-49b3-80e7-5466613bbce7}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{f20d3e77-6f1c-4c84-ad51-4eb7fce1e619}: [DhcpNameServer] 192.168.1.1 Edge: ======= Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found] Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found] Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found] Edge Profile: C:\Users\kavoo\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-20] FireFox: ======== FF Plugin-x32: @java.com/DTPlugin,version=11.251.2 -> D:\java\bin\dtplugin\npDeployJava1.dll [2020-06-15] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.251.2 -> D:\java\bin\plugin2\npjp2.dll [2020-06-15] (Oracle America, Inc. -> Oracle Corporation) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\kavoo\AppData\Local\Google\Chrome\User Data\Default [2021-04-20] CHR StartupUrls: Default -> "hxxp://websearch.coolsearches.info/?pid=3601&r=2015/03/26&hid=4975871964915997178&lg=EN&cc=HR&unqvl=85" CHR Extension: (Slides) - C:\Users\kavoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-06-01] CHR Extension: (Docs) - C:\Users\kavoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-06-01] CHR Extension: (Google Drive) - C:\Users\kavoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24] CHR Extension: (YouTube) - C:\Users\kavoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-06-01] CHR Extension: (AutoDraw for skribbl.io) - C:\Users\kavoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpnefockcbbpkbahgkkacjmebfheacjb [2021-04-16] CHR Extension: (Pushbullet) - C:\Users\kavoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2021-03-24] CHR Extension: (Slither.io Skins, Mods, Hack & Guide) - C:\Users\kavoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dggomkijbihggjgcgdbnleolpleddaid [2020-06-01] CHR Extension: (Tampermonkey) - C:\Users\kavoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2021-03-26] CHR Extension: (Sheets) - C:\Users\kavoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-06-01] CHR Extension: (Google Docs Offline) - C:\Users\kavoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-04-14] CHR Extension: (AdBlock — best ad blocker) - C:\Users\kavoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-04-12] CHR Extension: (uVPN - Free and secure VPN for online privacy) - C:\Users\kavoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaoafpkngncfpfggjefnekilbkcpjdgp [2021-04-08] CHR Extension: (MY AD FINDER) - C:\Users\kavoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdelodjlpgkjenhcongcfdcocmjgjbci [2021-04-19] CHR Extension: (PowerPoint Online) - C:\Users\kavoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdafamggmaaaginooondinjgkgcbpnhp [2020-06-01] CHR Extension: (Chrome Web Store Payments) - C:\Users\kavoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-02] CHR Extension: (Skribbl Assistant) - C:\Users\kavoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohniohajdcaicipofiohnkejhmdjhile [2020-10-24] CHR Extension: (Netflix Party is now Teleparty) - C:\Users\kavoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\oocalimimngaihdkbihfgmpkcpnmlaoa [2021-03-09] CHR Extension: (Gmail) - C:\Users\kavoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22] CHR Extension: (Chrome Media Router) - C:\Users\kavoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-13] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 bdredline; C:\Program Files\Bitdefender Antivirus Free\bdredline.exe [2461792 2019-03-27] (Bitdefender SRL -> Bitdefender) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8901968 2021-04-16] (BattlEye Innovations e.K. -> ) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [818304 2021-02-11] (EasyAntiCheat Oy -> Epic Games, Inc) S2 ExpressVPNService; C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe [437104 2021-04-07] (EXPRSVPN LLC -> ExpressVPN) S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [409456 2021-03-30] (NVIDIA Corporation -> NVIDIA) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-04-20] (Malwarebytes Inc -> Malwarebytes) S3 OverwolfUpdater; D:\forge\Overwolf\OverwolfUpdater.exe [2491736 2021-03-18] (Overwolf Ltd -> Overwolf LTD) S2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1358248 2021-01-29] (Bitdefender SRL -> Bitdefender) S3 ProtonVPN Service; D:\Vpn\ProtonVPNService.exe [99136 2020-10-23] (ProtonVPN AG -> ) S3 ProtonVPN Update Service; D:\Vpn\ProtonVPN.UpdateService.exe [61760 2020-10-23] (ProtonVPN AG -> ) S2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [253776 2020-12-01] (Razer USA Ltd. -> Razer Inc) S2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [533376 2020-12-09] (Razer USA Ltd. -> Razer Inc.) S2 RzKLService; D:\Razer cortex\Razer Cortex\RzKLService.exe [291304 2021-01-14] (Razer USA Ltd. -> Razer Inc.) S2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2020-06-26] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [935352 2020-06-26] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) S3 uncheater_bgl; C:\Program Files\Common Files\Uncheater\uncheater_bgl.exe [2097008 2021-04-14] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.) R2 updatesrv; C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [236128 2020-11-26] (Bitdefender SRL -> Bitdefender) S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [10359000 2021-03-26] (Riot Games, Inc. -> Riot Games, Inc.) R2 vsserv; C:\Program Files\Bitdefender Antivirus Free\vsserv.exe [559200 2021-04-02] (Bitdefender SRL -> Bitdefender) R2 vsservppl; C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [240352 2020-11-26] (Bitdefender SRL -> Bitdefender) S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [147392 2019-04-30] (Microsoft Corporation -> Microsoft Corporation) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2103.7-0\NisSrv.exe [2624104 2021-04-17] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2103.7-0\MsMpEng.exe [128376 2021-04-17] (Microsoft Windows Publisher -> Microsoft Corporation) R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7d91b2ed40558a26\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7d91b2ed40558a26\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [2718744 2021-02-26] (Bitdefender SRL -> Bitdefender S.R.L. Bucharest, ROMANIA) R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [802976 2020-12-04] (Bitdefender SRL -> Bitdefender) S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [22976 2020-12-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender) S3 edrsensor; C:\WINDOWS\System32\DRIVERS\edrsensor.sys [309120 2020-02-03] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [199128 2021-04-20] (Malwarebytes Inc -> Malwarebytes) S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVPN\splittunnel\expressvpnsplittunnel.sys [37024 2021-04-07] (ExprsVPN LLC -> ExpressVPN) R3 expressvpnwintun; C:\WINDOWS\System32\drivers\expressvpn-wintun.sys [46824 2021-04-07] (Express VPN International Ltd. -> ExpressVPN) R1 Gemma; C:\WINDOWS\System32\DRIVERS\gemma.sys [488592 2021-02-16] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-04-20] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-04-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198248 2021-04-20] (Malwarebytes Inc -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-04-20] (Malwarebytes Inc -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-04-20] (Malwarebytes Inc -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [157944 2021-04-20] (Malwarebytes Inc -> Malwarebytes) S3 ProtonVPNSplitTunnel; D:\Vpn\x64\Win10\ProtonVPN.SplitTunnelDriver.sys [31584 2020-08-19] (Microsoft Windows Hardware Compatibility Publisher -> Proton Technologies AG) R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions) S3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [52904 2021-04-07] (ExprsVPN LLC -> The OpenVPN Project) S3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project) R3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [49008 2020-04-06] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project) R2 trufos; C:\WINDOWS\System32\drivers\trufos.sys [641728 2021-02-26] (Bitdefender SRL -> Bitdefender) S3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [239432 2020-10-16] (Oracle Corporation -> Oracle Corporation) S1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [6436768 2021-03-25] (Riot Games, Inc. -> Riot Games, Inc.) R0 vlflt; C:\WINDOWS\System32\DRIVERS\vlflt.sys [386800 2020-10-20] (Bitdefender SRL -> Bitdefender) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-04-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [421088 2021-04-17] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72928 2021-04-17] (Microsoft Windows -> Microsoft Corporation) S3 xhunter1; C:\WINDOWS\xhunter1.sys [74552 2021-04-19] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.) S3 MpKsle3bcee30; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{70240424-DD35-4AEA-B34F-0003CF8BC95C}\MpKslDrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-04-20 22:15 - 2021-04-20 22:15 - 000029048 _____ C:\Users\kavoo\Desktop\FRST.txt 2021-04-20 22:14 - 2021-04-20 22:15 - 000001646 _____ C:\Users\kavoo\Desktop\Second scan.txt 2021-04-20 22:10 - 2021-04-20 22:15 - 000001386 _____ C:\Users\kavoo\Desktop\First Scan.txt 2021-04-20 22:09 - 2021-04-20 22:12 - 000000000 ____D C:\AdwCleaner 2021-04-20 22:09 - 2021-04-20 22:09 - 008534696 _____ (Malwarebytes) C:\Users\kavoo\Desktop\adwcleaner_8.2.exe 2021-04-20 22:08 - 2021-04-20 22:08 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2021-04-20 22:08 - 2021-04-20 22:08 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2021-04-20 22:08 - 2021-04-20 22:08 - 000198248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2021-04-20 22:08 - 2021-04-20 22:08 - 000157944 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2021-04-20 22:08 - 2021-04-20 22:08 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2021-04-20 22:08 - 2021-04-20 22:08 - 000000000 ____D C:\Users\kavoo\AppData\LocalLow\IGDump 2021-04-20 22:08 - 2021-04-20 19:21 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2021-04-20 19:22 - 2021-04-20 19:22 - 000000000 ____D C:\Users\kavoo\AppData\Local\mbam 2021-04-20 19:21 - 2021-04-20 22:08 - 000002041 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2021-04-20 19:21 - 2021-04-20 22:08 - 000002029 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2021-04-20 19:21 - 2021-04-20 22:08 - 000002029 _____ C:\ProgramData\Desktop\Malwarebytes.lnk 2021-04-20 19:21 - 2021-04-20 19:21 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2021-04-20 19:21 - 2021-04-20 19:21 - 000000000 ____D C:\ProgramData\Malwarebytes 2021-04-20 19:21 - 2021-04-20 19:21 - 000000000 ____D C:\Program Files\Malwarebytes 2021-04-20 18:55 - 2021-04-20 18:55 - 002078632 _____ (Malwarebytes) C:\Users\kavoo\Desktop\MBSetup.exe 2021-04-20 13:44 - 2021-04-20 13:45 - 000000000 ____D C:\Users\kavoo\AppData\Local\ExpressVPN 2021-04-20 13:44 - 2021-04-20 13:44 - 000002338 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExpressVPN.lnk 2021-04-20 13:44 - 2021-04-20 13:44 - 000002168 _____ C:\Users\Public\Desktop\ExpressVPN.lnk 2021-04-20 13:44 - 2021-04-20 13:44 - 000002168 _____ C:\ProgramData\Desktop\ExpressVPN.lnk 2021-04-20 13:44 - 2021-04-20 13:44 - 000000000 ____D C:\ProgramData\ExpressVPN 2021-04-20 13:44 - 2021-04-20 13:44 - 000000000 ____D C:\Program Files (x86)\ExpressVPN 2021-04-20 12:30 - 2021-04-20 12:57 - 000000000 ____D C:\WINDOWS\ShellNew 2021-04-20 00:01 - 2021-04-20 22:15 - 000000000 ____D C:\FRST 2021-04-20 00:00 - 2021-04-20 00:00 - 002298368 _____ (Farbar) C:\Users\kavoo\Desktop\FRST64.exe 2021-04-19 18:08 - 2021-04-19 18:08 - 000000000 ____D C:\Users\kavoo\Desktop\ACLib 2021-04-19 13:42 - 2021-04-19 13:42 - 000000651 _____ C:\Users\Public\Desktop\Call of Duty Modern Warfare.lnk 2021-04-19 13:42 - 2021-04-19 13:42 - 000000651 _____ C:\ProgramData\Desktop\Call of Duty Modern Warfare.lnk 2021-04-19 05:28 - 2021-04-20 14:56 - 088342528 _____ C:\WINDOWS\system32\config\SOFTWARE 2021-04-19 04:59 - 2021-04-19 05:28 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware 2021-04-18 22:50 - 2021-04-18 23:45 - 000000000 ____D C:\Users\kavoo\Documents\Trackmania 2021-04-18 22:50 - 2021-04-18 23:45 - 000000000 ____D C:\ProgramData\Trackmania 2021-04-18 18:03 - 2021-04-18 18:04 - 000000000 ____D C:\Users\kavoo\AppData\Local\BariumApp 2021-04-17 23:43 - 2021-04-17 23:43 - 000000000 ____D C:\Users\kavoo\AppData\Local\AAR 2021-04-17 23:42 - 2021-04-17 23:42 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime 2021-04-17 22:35 - 2021-04-17 22:35 - 000087748 _____ C:\ProgramData\agent.update.1618691694.bdinstall.v2.bin 2021-04-17 22:34 - 2021-04-17 22:34 - 000001214 _____ C:\Users\kavoo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free.lnk 2021-04-17 22:34 - 2021-04-17 22:34 - 000000020 ___SH C:\Users\Mario\ntuser.ini 2021-04-17 22:34 - 2021-04-17 22:34 - 000000000 ____D C:\ProgramData\48C4687D-9760-4F5B-BAB3-60351B0841E4 2021-04-17 22:33 - 2021-04-17 22:33 - 000001229 _____ C:\Users\Public\Desktop\Bitdefender Antivirus Free.lnk 2021-04-17 22:33 - 2021-04-17 22:33 - 000001229 _____ C:\ProgramData\Desktop\Bitdefender Antivirus Free.lnk 2021-04-17 22:33 - 2021-04-17 22:33 - 000000000 ____D C:\ProgramData\Bitdefender 2021-04-17 22:33 - 2021-02-26 18:31 - 000641728 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\trufos.sys 2021-04-17 22:33 - 2021-02-26 13:40 - 002718744 _____ (Bitdefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\atc.sys 2021-04-17 22:33 - 2020-12-18 02:37 - 000022976 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys 2021-04-17 22:33 - 2020-10-20 13:18 - 000386800 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\vlflt.sys 2021-04-17 22:33 - 2020-02-03 16:53 - 000309120 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\edrsensor.sys 2021-04-17 22:32 - 2021-04-20 22:13 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free 2021-04-17 22:32 - 2021-04-17 22:32 - 000003802 _____ C:\WINDOWS\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 2021-04-17 22:32 - 2021-02-16 15:31 - 000488592 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\gemma.sys 2021-04-17 22:32 - 2020-12-04 15:15 - 000802976 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bddci.sys 2021-04-17 22:30 - 2021-04-17 22:35 - 000000000 ____D C:\Program Files\Bitdefender Agent 2021-04-17 22:30 - 2021-04-17 22:30 - 000122244 _____ C:\ProgramData\agent.1618691452.bdinstall.v2.bin 2021-04-17 20:06 - 2021-04-17 20:06 - 000000000 ____D C:\ProgramData\Bitdefender Agent 2021-04-17 19:56 - 2020-10-03 02:33 - 000835472 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2021-04-17 19:56 - 2020-10-03 02:33 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2021-04-17 12:06 - 2021-04-17 12:06 - 000000000 ____D C:\WINDOWS\system32\lxss 2021-04-17 11:58 - 2021-04-13 09:23 - 001855208 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe 2021-04-17 11:58 - 2021-04-13 09:23 - 001855208 _____ C:\WINDOWS\system32\vulkaninfo.exe 2021-04-17 11:58 - 2021-04-13 09:23 - 001452320 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll 2021-04-17 11:58 - 2021-04-13 09:23 - 001435880 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe 2021-04-17 11:58 - 2021-04-13 09:23 - 001435880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe 2021-04-17 11:58 - 2021-04-13 09:23 - 001191712 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll 2021-04-17 11:58 - 2021-04-13 09:23 - 001094888 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll 2021-04-17 11:58 - 2021-04-13 09:23 - 001094888 _____ C:\WINDOWS\system32\vulkan-1.dll 2021-04-17 11:58 - 2021-04-13 09:23 - 000948968 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll 2021-04-17 11:58 - 2021-04-13 09:23 - 000948968 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll 2021-04-17 11:58 - 2021-04-13 09:20 - 000715568 _____ C:\WINDOWS\system32\nvofapi64.dll 2021-04-17 11:58 - 2021-04-13 09:20 - 000675120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll 2021-04-17 11:58 - 2021-04-13 09:20 - 000626976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll 2021-04-17 11:58 - 2021-04-13 09:20 - 000575776 _____ C:\WINDOWS\SysWOW64\nvofapi.dll 2021-04-17 11:58 - 2021-04-13 09:19 - 002106136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll 2021-04-17 11:58 - 2021-04-13 09:19 - 001590560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll 2021-04-17 11:58 - 2021-04-13 09:19 - 001514800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll 2021-04-17 11:58 - 2021-04-13 09:19 - 001166112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll 2021-04-17 11:58 - 2021-04-13 09:19 - 000811800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll 2021-04-17 11:58 - 2021-04-13 09:19 - 000689952 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe 2021-04-17 11:58 - 2021-04-13 09:19 - 000656152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll 2021-04-17 11:58 - 2021-04-13 09:19 - 000564000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll 2021-04-17 11:58 - 2021-04-13 09:18 - 008317232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll 2021-04-17 11:58 - 2021-04-13 09:18 - 007434032 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll 2021-04-17 11:58 - 2021-04-13 09:18 - 004795184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll 2021-04-17 11:58 - 2021-04-13 09:18 - 002823472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll 2021-04-17 11:58 - 2021-04-13 09:18 - 000445728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe 2021-04-17 11:58 - 2021-04-13 09:16 - 000848664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe 2021-04-17 11:58 - 2021-04-13 09:15 - 007212232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll 2021-04-17 11:58 - 2021-04-13 09:15 - 006159160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll 2021-04-17 11:58 - 2021-04-13 02:03 - 000087164 _____ C:\WINDOWS\system32\nvinfo.pb 2021-04-17 11:53 - 2021-04-17 20:47 - 000003398 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-04-17 11:53 - 2021-04-17 20:47 - 000003196 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-04-17 11:53 - 2021-04-17 20:47 - 000003152 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-04-17 11:53 - 2021-04-17 20:47 - 000002984 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-04-17 11:53 - 2021-04-17 20:47 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-04-17 11:53 - 2021-04-17 20:47 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-04-17 11:53 - 2021-04-17 20:47 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-04-17 11:53 - 2021-04-17 20:47 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-04-17 11:53 - 2021-04-17 20:47 - 000002914 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-04-17 11:53 - 2021-04-17 20:47 - 000002744 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-04-17 11:53 - 2021-04-07 13:38 - 002817904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll 2021-04-17 11:52 - 2021-04-20 18:49 - 000008192 ___SH C:\DumpStack.log.tmp 2021-04-17 11:52 - 2021-04-17 11:52 - 000897012 _____ C:\WINDOWS\Minidump\041721-10875-01.dmp 2021-04-17 11:52 - 2021-04-17 11:52 - 000000000 ____D C:\WINDOWS\Minidump 2021-04-17 11:51 - 2020-08-14 09:59 - 000043416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\NvModuleTracker.sys 2021-04-16 20:17 - 2021-04-16 20:17 - 000000279 _____ C:\Users\kavoo\Desktop\Fortnite.url 2021-04-15 16:40 - 2021-04-20 18:56 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-04-15 16:37 - 2021-04-15 16:37 - 000000000 ____D C:\ProgramData\Microsoft OneDrive 2021-04-15 16:35 - 2021-04-20 18:49 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-04-15 16:35 - 2021-04-17 20:47 - 000003408 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2021-04-15 16:35 - 2021-04-17 20:47 - 000003346 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2021-04-15 16:35 - 2021-04-17 20:47 - 000003220 _____ C:\WINDOWS\system32\Tasks\Intel PTT EK Recertification 2021-04-15 16:35 - 2021-04-17 20:47 - 000003188 _____ C:\WINDOWS\system32\Tasks\Overwolf Updater Task 2021-04-15 16:35 - 2021-04-17 20:47 - 000003184 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2021-04-15 16:35 - 2021-04-17 20:47 - 000003122 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2021-04-15 16:35 - 2021-04-17 20:47 - 000003056 _____ C:\WINDOWS\system32\Tasks\update-S-1-5-21-3288830602-4078900590-3289903987-1001 2021-04-15 16:35 - 2021-04-17 20:47 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3288830602-4078900590-3289903987-1003 2021-04-15 16:35 - 2021-04-17 20:47 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3288830602-4078900590-3289903987-1001 2021-04-15 16:35 - 2021-04-17 20:47 - 000002800 _____ C:\WINDOWS\system32\Tasks\update-sys 2021-04-15 16:35 - 2021-04-17 20:47 - 000002742 _____ C:\WINDOWS\system32\Tasks\ProtonVPN Update 2021-04-15 16:35 - 2021-04-17 20:46 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software 2021-04-15 16:35 - 2021-04-15 16:35 - 000011433 _____ C:\WINDOWS\diagwrn.xml 2021-04-15 16:35 - 2021-04-15 16:35 - 000011433 _____ C:\WINDOWS\diagerr.xml 2021-04-15 16:35 - 2021-04-15 16:35 - 000000020 ___SH C:\Users\kavoo\ntuser.ini 2021-04-15 16:35 - 2021-04-15 16:35 - 000000000 ____D C:\WINDOWS\system32\Tasks\S-1-5-21-3288830602-4078900590-3289903987-1001 2021-04-15 16:34 - 2021-04-15 16:34 - 000000368 ____H C:\WINDOWS\Tasks\Intel PTT EK Recertification.job 2021-04-15 16:31 - 2021-04-20 12:21 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2021-04-15 16:31 - 2021-04-15 16:31 - 000257824 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2021-04-15 16:30 - 2021-04-15 16:35 - 000000000 ____D C:\Windows.old 2021-04-15 14:10 - 2021-04-15 16:31 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate 2021-04-15 14:07 - 2021-04-19 13:47 - 000000000 ____D C:\Users\kavoo 2021-04-15 14:07 - 2021-04-17 22:34 - 000000000 ____D C:\Users\Mario 2021-04-15 14:07 - 2019-12-07 11:10 - 000001105 _____ C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-04-15 14:07 - 2019-12-07 11:10 - 000001105 _____ C:\Users\kavoo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-04-15 14:06 - 2021-04-15 14:09 - 000000000 ____D C:\WINDOWS\ServiceProfiles 2021-04-15 14:04 - 2021-04-15 14:04 - 000000000 ____D C:\ProgramData\ssh 2021-04-15 14:03 - 2021-04-15 14:03 - 000020908 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml 2021-04-15 14:00 - 2021-04-15 14:00 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr 2021-04-15 14:00 - 2021-04-15 14:00 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll 2021-04-15 13:59 - 2021-04-15 13:59 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll 2021-04-15 13:59 - 2021-04-15 13:59 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2021-04-15 13:59 - 2021-04-15 13:59 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2021-04-15 13:59 - 2021-04-15 13:59 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll 2021-04-15 13:59 - 2021-04-15 13:59 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2021-04-15 13:59 - 2021-04-15 13:59 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll 2021-04-15 13:59 - 2021-04-15 13:59 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll 2021-04-15 13:59 - 2021-04-15 13:59 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll 2021-04-15 13:59 - 2021-04-15 13:59 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx 2021-04-15 13:59 - 2021-04-15 13:59 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll 2021-04-15 13:59 - 2021-04-15 13:59 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl 2021-04-15 13:59 - 2021-04-15 13:59 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr 2021-04-15 13:59 - 2021-04-15 13:59 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx 2021-04-15 13:59 - 2021-04-15 13:59 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl 2021-04-15 13:59 - 2021-04-15 13:59 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll 2021-04-15 13:59 - 2021-04-15 13:59 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl 2021-04-15 13:59 - 2021-04-15 13:59 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax 2021-04-15 13:59 - 2021-04-15 13:59 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax 2021-04-15 13:59 - 2021-04-15 13:59 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll 2021-04-15 13:59 - 2021-04-15 13:59 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax 2021-04-15 13:59 - 2021-04-15 13:59 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl 2021-04-15 13:59 - 2021-04-15 13:59 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax 2021-04-15 13:59 - 2021-04-15 13:59 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl 2021-04-15 13:59 - 2021-04-15 13:59 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax 2021-04-15 13:59 - 2021-04-15 13:59 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax 2021-04-15 13:59 - 2021-04-15 13:59 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\activeds.tlb 2021-04-15 13:59 - 2021-04-15 13:59 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl 2021-04-15 13:59 - 2021-04-15 13:59 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx 2021-04-15 13:59 - 2021-04-15 13:59 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl 2021-04-15 13:59 - 2021-04-15 13:59 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx 2021-04-15 13:59 - 2021-04-15 13:59 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl 2021-04-15 13:59 - 2021-04-15 13:59 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll 2021-04-15 13:59 - 2021-04-15 13:59 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll 2021-04-15 13:59 - 2021-04-15 13:59 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll 2021-04-15 13:59 - 2021-04-15 13:59 - 000047472 _____ C:\WINDOWS\SysWOW64\umpdc.dll 2021-04-15 13:59 - 2021-04-15 13:59 - 000045880 _____ C:\WINDOWS\system32\HvSocket.dll 2021-04-15 13:59 - 2021-04-15 13:59 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2021-04-15 13:59 - 2021-04-15 13:59 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2021-04-15 13:58 - 2021-04-15 13:58 - 004898144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll 2021-04-15 13:58 - 2021-04-15 13:58 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll 2021-04-15 13:58 - 2021-04-15 13:58 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll 2021-04-15 13:58 - 2021-04-15 13:58 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll 2021-04-15 13:58 - 2021-04-15 13:58 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2021-04-15 13:58 - 2021-04-15 13:58 - 001394024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2021-04-15 13:58 - 2021-04-15 13:58 - 001354080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll 2021-04-15 13:58 - 2021-04-15 13:58 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE 2021-04-15 13:58 - 2021-04-15 13:58 - 001091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll 2021-04-15 13:58 - 2021-04-15 13:58 - 001032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll 2021-04-15 13:58 - 2021-04-15 13:58 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll 2021-04-15 13:58 - 2021-04-15 13:58 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll 2021-04-15 13:58 - 2021-04-15 13:58 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl 2021-04-15 13:58 - 2021-04-15 13:58 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv 2021-04-15 13:58 - 2021-04-15 13:58 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll 2021-04-15 13:58 - 2021-04-15 13:58 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll 2021-04-15 13:58 - 2021-04-15 13:58 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl 2021-04-15 13:58 - 2021-04-15 13:58 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll 2021-04-15 13:58 - 2021-04-15 13:58 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll 2021-04-15 13:58 - 2021-04-15 13:58 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl 2021-04-15 13:58 - 2021-04-15 13:58 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll 2021-04-15 13:58 - 2021-04-15 13:58 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll 2021-04-15 13:58 - 2021-04-15 13:58 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl 2021-04-15 13:58 - 2021-04-15 13:58 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe 2021-04-15 13:58 - 2021-04-15 13:58 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\activeds.tlb 2021-04-15 13:58 - 2021-04-15 13:58 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl 2021-04-15 13:58 - 2021-04-15 13:58 - 000091136 _____ C:\WINDOWS\system32\Drivers\cimfs.sys 2021-04-15 13:58 - 2021-04-15 13:58 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe 2021-04-15 13:58 - 2021-04-15 13:58 - 000056672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll 2021-04-15 13:58 - 2021-04-15 13:58 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2021-04-15 13:58 - 2021-04-15 13:58 - 000029696 _____ (The ICU Project) C:\WINDOWS\system32\icuuc.dll 2021-04-15 13:58 - 2021-04-15 13:58 - 000025088 _____ (The ICU Project) C:\WINDOWS\system32\icuin.dll 2021-04-15 13:58 - 2021-04-15 13:58 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.drv 2021-04-15 13:58 - 2021-04-15 13:58 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe 2021-04-15 13:58 - 2021-04-15 13:58 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt 2021-04-15 13:57 - 2021-04-15 13:57 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin 2021-04-15 13:57 - 2021-04-15 13:57 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2021-04-15 13:57 - 2021-04-15 13:57 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll 2021-04-15 13:57 - 2021-04-15 13:57 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll 2021-04-15 13:57 - 2021-04-15 13:57 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll 2021-04-15 13:57 - 2021-04-15 13:57 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl 2021-04-15 13:57 - 2021-04-15 13:57 - 000197632 _____ C:\WINDOWS\system32\IHDS.dll 2021-04-15 13:57 - 2021-04-15 13:57 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe 2021-04-15 13:57 - 2021-04-15 13:57 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll 2021-04-15 13:57 - 2021-04-15 13:57 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll 2021-04-15 13:57 - 2021-04-15 13:57 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll 2021-04-15 13:57 - 2021-04-15 13:57 - 000064552 _____ C:\WINDOWS\system32\umpdc.dll 2021-04-15 13:57 - 2021-04-15 13:57 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.drv 2021-04-15 13:57 - 2021-04-15 13:57 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe 2021-04-15 13:50 - 2021-04-15 13:50 - 000417792 _____ C:\WINDOWS\system32\d3dconfig.exe 2021-04-15 13:50 - 2021-04-15 13:50 - 000374784 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\DXCpl.exe 2021-04-15 13:50 - 2021-04-15 13:50 - 000365056 _____ C:\WINDOWS\SysWOW64\d3dconfig.exe 2021-04-15 13:50 - 2021-04-15 13:50 - 000347136 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\SysWOW64\DXCpl.exe 2021-04-15 13:49 - 2021-04-15 13:49 - 000000000 ____D C:\WINDOWS\system32\hr 2021-04-15 13:47 - 2021-04-15 16:31 - 000000000 ____D C:\Program Files (x86)\MSBuild 2021-04-15 13:47 - 2021-04-15 13:47 - 000000000 ____D C:\Program Files\Reference Assemblies 2021-04-15 13:47 - 2021-04-15 13:47 - 000000000 ____D C:\Program Files\MSBuild 2021-04-15 13:47 - 2021-04-15 13:47 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies 2021-04-15 13:41 - 2021-04-15 13:41 - 000008192 _____ C:\WINDOWS\system32\config\userdiff 2021-04-15 13:21 - 2021-04-15 16:35 - 000000000 ___DC C:\WINDOWS\Panther 2021-04-14 15:23 - 2021-04-19 17:24 - 000074552 _____ (Wellbia.com Co., Ltd.) C:\WINDOWS\xhunter1.sys 2021-04-14 15:23 - 2021-04-14 15:23 - 000000000 ____D C:\Users\kavoo\AppData\Local\ShadowTrackerExtra 2021-04-14 15:23 - 2021-04-14 15:23 - 000000000 ____D C:\Program Files\Common Files\Uncheater 2021-04-14 14:59 - 2021-04-14 14:59 - 000000584 _____ C:\Users\kavoo\Desktop\PUBG LITE.lnk 2021-04-14 14:59 - 2021-04-14 14:59 - 000000584 _____ C:\Users\kavoo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PUBG LITE.lnk 2021-04-14 14:59 - 2021-04-14 14:59 - 000000000 ____D C:\ProgramData\PUBG 2021-04-13 11:45 - 2021-04-13 11:45 - 000000000 ____D C:\Users\kavoo\.mputils 2021-04-13 11:38 - 2021-04-15 16:31 - 000000000 ____D C:\Users\kavoo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf 2021-04-13 11:38 - 2021-04-15 10:47 - 000001798 _____ C:\Users\kavoo\Desktop\CurseForge.lnk 2021-04-13 11:38 - 2021-04-13 11:38 - 000000000 ____D C:\Users\kavoo\curseforge 2021-04-13 11:37 - 2021-04-13 11:38 - 000000000 ____D C:\ProgramData\Overwolf 2021-04-13 11:35 - 2021-04-15 10:47 - 000000000 ____D C:\Users\kavoo\AppData\Local\Overwolf 2021-04-11 22:16 - 2021-04-11 22:38 - 000001627 _____ C:\Users\Public\Desktop\VALORANT.lnk 2021-04-11 22:16 - 2021-04-11 22:38 - 000001627 _____ C:\ProgramData\Desktop\VALORANT.lnk 2021-04-11 22:16 - 2021-04-11 22:16 - 000000000 ____D C:\Program Files\Riot Vanguard 2021-04-11 12:00 - 2021-04-19 14:40 - 000000000 ____D C:\Users\kavoo\AppData\Roaming\WhatsApp 2021-04-11 12:00 - 2021-04-15 16:31 - 000000000 ____D C:\Users\kavoo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp 2021-04-11 12:00 - 2021-04-11 12:00 - 000002203 _____ C:\Users\kavoo\Desktop\WhatsApp.lnk 2021-04-11 11:59 - 2021-04-19 14:39 - 000000000 ____D C:\Users\kavoo\AppData\Local\WhatsApp 2021-04-10 12:41 - 2021-04-15 16:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty Black Ops Cold War 2021-04-08 16:44 - 2021-04-08 16:44 - 000000000 ____D C:\Users\kavoo\AppData\LocalLow\Pixile Inc 2021-04-07 09:23 - 2021-04-07 09:23 - 000052904 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tapexpressvpn.sys 2021-04-07 09:23 - 2021-04-07 09:23 - 000046824 _____ (ExpressVPN) C:\WINDOWS\system32\Drivers\expressvpn-wintun.sys 2021-04-02 20:47 - 2021-04-18 10:14 - 000000000 ____D C:\Users\kavoo\AppData\Roaming\EasyAntiCheat 2021-04-02 20:44 - 2021-04-02 20:47 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat 2021-03-24 20:51 - 2021-04-07 12:13 - 000000000 ____D C:\Users\kavoo\AppData\Roaming\betterdiscord 2021-03-24 20:51 - 2021-03-24 20:51 - 000000000 ____D C:\Users\kavoo\AppData\Local\Zerebos 2021-03-21 13:13 - 2021-03-21 13:13 - 000000000 ____D C:\Users\Mario\AppData\Roaming\WinRAR 2021-03-21 13:12 - 2021-03-21 13:14 - 000000000 ____D C:\Users\Mario\AppData\Local\NVIDIA Corporation 2021-03-21 13:12 - 2021-03-21 13:12 - 000000000 ____D C:\Users\Mario\AppData\Local\NVIDIA 2021-03-21 13:12 - 2021-03-21 13:12 - 000000000 ____D C:\Users\Mario\ansel ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-04-20 22:13 - 2020-06-01 18:27 - 000000000 ____D C:\ProgramData\NVIDIA 2021-04-20 22:12 - 2020-06-02 00:58 - 000000000 ____D C:\Users\kavoo\AppData\Roaming\discord 2021-04-20 22:12 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-04-20 22:08 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2021-04-20 22:08 - 2019-12-07 11:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2021-04-20 21:59 - 2020-06-08 15:05 - 000000000 ____D C:\Users\kavoo\AppData\Local\CrashDumps 2021-04-20 21:11 - 2020-06-11 12:52 - 000000000 ____D C:\Users\kavoo\AppData\Roaming\.minecraft 2021-04-20 19:22 - 2020-06-02 11:36 - 000000001 _____ C:\WINDOWS\vgkbootstatus.dat 2021-04-20 18:56 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF 2021-04-20 14:56 - 2019-12-07 11:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2021-04-20 13:44 - 2020-06-02 10:24 - 000000000 ____D C:\ProgramData\Package Cache 2021-04-20 10:03 - 2020-06-01 18:24 - 000000000 ____D C:\Users\kavoo\AppData\Local\Packages 2021-04-19 18:39 - 2021-01-17 23:13 - 000000000 ____D C:\Users\kavoo\AppData\Local\Battle.net 2021-04-19 17:56 - 2020-06-11 12:57 - 000000000 ____D C:\Users\kavoo\AppData\Local\NVIDIA 2021-04-18 22:43 - 2020-09-26 10:16 - 000000000 ____D C:\Users\kavoo\AppData\Local\Ubisoft Game Launcher 2021-04-18 17:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-04-18 10:13 - 2020-06-02 11:37 - 000000000 ____D C:\Users\kavoo\Desktop\.~ 2021-04-17 22:55 - 2020-11-26 18:13 - 000000000 ____D C:\Users\kavoo\AppData\Roaming\pphud-temp 2021-04-17 22:23 - 2020-12-09 02:16 - 000000420 _____ C:\WINDOWS\Tasks\update-sys.job 2021-04-17 22:23 - 2020-12-09 02:16 - 000000420 _____ C:\WINDOWS\Tasks\update-S-1-5-21-3288830602-4078900590-3289903987-1001.job 2021-04-17 21:00 - 2020-06-02 03:05 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2021-04-17 21:00 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Windows Defender 2021-04-17 20:47 - 2020-06-01 18:38 - 000000000 ____D C:\ProgramData\Avast Software 2021-04-17 20:46 - 2020-06-01 18:27 - 000799104 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2021-04-17 20:04 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps 2021-04-17 19:59 - 2020-09-30 23:58 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2021-04-17 19:57 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-04-17 12:06 - 2020-06-09 21:26 - 000000000 ____D C:\ProgramData\Epic 2021-04-17 12:06 - 2020-06-02 03:05 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation 2021-04-17 11:53 - 2020-11-23 13:31 - 000001447 _____ C:\Users\Public\Desktop\GeForce Experience.lnk 2021-04-17 11:53 - 2020-11-23 13:31 - 000001447 _____ C:\ProgramData\Desktop\GeForce Experience.lnk 2021-04-17 11:53 - 2020-11-23 13:31 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2021-04-17 11:53 - 2020-11-23 13:29 - 000000000 ____D C:\Program Files\NVIDIA Corporation 2021-04-17 11:53 - 2020-06-02 03:05 - 000000000 ____D C:\ProgramData\NVIDIA Corporation 2021-04-17 11:52 - 2020-06-01 23:59 - 1183407792 _____ C:\WINDOWS\MEMORY.DMP 2021-04-17 11:41 - 2020-08-18 13:27 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-04-16 09:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\appcompat 2021-04-15 16:52 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog 2021-04-15 16:37 - 2020-06-01 18:24 - 000000000 __RHD C:\Users\Public\AccountPictures 2021-04-15 16:36 - 2020-06-01 18:29 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-04-15 16:36 - 2020-06-01 18:29 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2021-04-15 16:36 - 2020-06-01 18:29 - 000002260 _____ C:\ProgramData\Desktop\Google Chrome.lnk 2021-04-15 16:36 - 2020-06-01 18:24 - 000000000 ___RD C:\Users\kavoo\3D Objects 2021-04-15 16:36 - 2020-06-01 18:09 - 000000000 ____D C:\ProgramData\Packages 2021-04-15 16:36 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2021-04-15 16:36 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\USOPrivate 2021-04-15 16:35 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2021-04-15 16:34 - 2019-12-07 11:14 - 000000000 __RHD C:\Users\Public\Libraries 2021-04-15 16:31 - 2021-01-17 23:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net 2021-04-15 16:31 - 2020-12-09 02:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot 2021-04-15 16:31 - 2020-12-05 14:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer Cortex 2021-04-15 16:31 - 2020-11-23 13:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2021-04-15 16:31 - 2020-11-09 10:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProtonVPN 2021-04-15 16:31 - 2020-09-15 12:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2 2021-04-15 16:31 - 2020-06-28 10:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MacroRecorder 2021-04-15 16:31 - 2020-06-23 09:37 - 000000000 ____D C:\Users\kavoo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2021-04-15 16:31 - 2020-06-23 09:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2021-04-15 16:31 - 2020-06-19 16:45 - 000000000 ____D C:\WINDOWS\SysWOW64\3082 2021-04-15 16:31 - 2020-06-19 16:45 - 000000000 ____D C:\WINDOWS\SysWOW64\1055 2021-04-15 16:31 - 2020-06-19 16:45 - 000000000 ____D C:\WINDOWS\SysWOW64\1049 2021-04-15 16:31 - 2020-06-19 16:45 - 000000000 ____D C:\WINDOWS\SysWOW64\1046 2021-04-15 16:31 - 2020-06-19 16:45 - 000000000 ____D C:\WINDOWS\SysWOW64\1045 2021-04-15 16:31 - 2020-06-19 16:45 - 000000000 ____D C:\WINDOWS\SysWOW64\1040 2021-04-15 16:31 - 2020-06-19 16:45 - 000000000 ____D C:\WINDOWS\SysWOW64\1036 2021-04-15 16:31 - 2020-06-19 16:45 - 000000000 ____D C:\WINDOWS\SysWOW64\1033 2021-04-15 16:31 - 2020-06-19 16:45 - 000000000 ____D C:\WINDOWS\SysWOW64\1029 2021-04-15 16:31 - 2020-06-19 16:45 - 000000000 ____D C:\WINDOWS\system32\3082 2021-04-15 16:31 - 2020-06-19 16:45 - 000000000 ____D C:\WINDOWS\system32\1055 2021-04-15 16:31 - 2020-06-19 16:45 - 000000000 ____D C:\WINDOWS\system32\1049 2021-04-15 16:31 - 2020-06-19 16:45 - 000000000 ____D C:\WINDOWS\system32\1046 2021-04-15 16:31 - 2020-06-19 16:45 - 000000000 ____D C:\WINDOWS\system32\1045 2021-04-15 16:31 - 2020-06-19 16:45 - 000000000 ____D C:\WINDOWS\system32\1040 2021-04-15 16:31 - 2020-06-19 16:45 - 000000000 ____D C:\WINDOWS\system32\1036 2021-04-15 16:31 - 2020-06-19 16:45 - 000000000 ____D C:\WINDOWS\system32\1033 2021-04-15 16:31 - 2020-06-19 16:45 - 000000000 ____D C:\WINDOWS\system32\1029 2021-04-15 16:31 - 2020-06-19 11:35 - 000000000 ____D C:\Program Files\IIS 2021-04-15 16:31 - 2020-06-15 12:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2021-04-15 16:31 - 2020-06-11 12:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft Launcher 2021-04-15 16:31 - 2020-06-04 23:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreePCB 2021-04-15 16:31 - 2020-06-02 11:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games 2021-04-15 16:31 - 2020-06-02 11:11 - 000000000 ____D C:\Program Files\UNP 2021-04-15 16:31 - 2020-06-02 03:27 - 000000000 ____D C:\WINDOWS\OEM 2021-04-15 16:31 - 2020-06-02 03:24 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated 2021-04-15 16:31 - 2020-06-02 03:24 - 000000000 ____D C:\WINDOWS\system32\MsDtc 2021-04-15 16:31 - 2020-06-02 01:04 - 000000000 ____D C:\Users\kavoo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2021-04-15 16:31 - 2020-06-02 00:58 - 000000000 ____D C:\Users\kavoo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc 2021-04-15 16:31 - 2019-12-07 11:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template 2021-04-15 16:31 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase 2021-04-15 16:31 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\spool 2021-04-15 16:31 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\NDF 2021-04-15 16:31 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState 2021-04-15 16:31 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2021-04-15 16:31 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2021-04-15 16:30 - 2019-12-07 11:18 - 000000000 ____D C:\WINDOWS\Setup 2021-04-15 14:10 - 2020-12-18 19:09 - 000000000 ____D C:\WINDOWS\system32\Samsung 2021-04-15 14:10 - 2020-06-22 17:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID 2021-04-15 14:10 - 2020-06-12 16:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2019 2021-04-15 14:08 - 2020-10-25 19:51 - 000000000 ____D C:\Users\Mario\AppData\Local\Packages 2021-04-15 14:08 - 2020-09-26 10:16 - 000000000 ____D C:\Users\kavoo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft 2021-04-15 14:04 - 2019-12-07 11:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2021-04-15 14:04 - 2019-12-07 11:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12 2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs 2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\UNP 2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\F12 2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs 2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata 2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation 2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz 2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords 2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com 2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers 2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources 2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata 2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep 2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences 2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup 2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation 2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\migwiz 2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV 2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT 2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Keywords 2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE 2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX 2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism 2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Com 2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\appraiser 2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers 2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellExperiences 2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellComponents 2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning 2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\IME 2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\DiagTrack 2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\System 2021-04-15 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender 2021-04-15 14:04 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\servicing 2021-04-15 13:49 - 2019-12-07 11:51 - 000000000 ____D C:\WINDOWS\OCR 2021-04-15 13:49 - 2019-12-07 11:49 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN 2021-04-15 13:49 - 2019-12-07 11:49 - 000000000 ____D C:\WINDOWS\system32\WCN 2021-04-14 15:23 - 2020-06-02 10:26 - 000000000 ____D C:\Users\kavoo\AppData\Local\UnrealEngine 2021-04-14 11:22 - 2020-06-01 19:11 - 000000000 ____D C:\WINDOWS\system32\MRT 2021-04-14 11:20 - 2020-06-01 19:11 - 131963968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2021-04-12 19:37 - 2020-06-01 18:26 - 000000000 ___RD C:\Users\kavoo\OneDrive 2021-04-12 17:33 - 2020-06-02 11:14 - 000000000 ____D C:\ProgramData\Riot Games 2021-04-11 12:09 - 2020-06-01 18:27 - 000000000 ____D C:\Users\kavoo\AppData\Local\D3DSCache 2021-04-11 12:00 - 2020-06-02 00:58 - 000000000 ____D C:\Users\kavoo\AppData\Local\SquirrelTemp 2021-04-10 12:58 - 2020-12-14 22:21 - 000000000 ____D C:\GOG Games 2021-04-10 12:58 - 2020-11-03 12:32 - 000000000 ____D C:\Program Files\Rockstar Games 2021-04-10 12:58 - 2020-11-03 12:32 - 000000000 ____D C:\Program Files (x86)\Rockstar Games 2021-04-10 12:58 - 2020-11-03 12:31 - 000000000 ____D C:\Users\kavoo\AppData\Local\Rockstar Games 2021-04-10 12:58 - 2020-11-03 12:30 - 000000000 ____D C:\Users\kavoo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rockstar Games 2021-04-10 12:58 - 2020-11-03 12:30 - 000000000 ____D C:\ProgramData\Rockstar Games 2021-04-10 12:58 - 2020-09-14 19:24 - 000000000 ____D C:\Users\kavoo\Documents\My Games 2021-04-10 12:55 - 2020-12-18 16:10 - 000000000 ____D C:\Users\kavoo\AppData\Local\FACEITApp 2021-04-10 12:55 - 2020-12-18 15:45 - 000000000 ____D C:\Users\kavoo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FACEIT Ltd 2021-04-10 12:55 - 2020-12-18 15:45 - 000000000 ____D C:\Users\kavoo\AppData\Roaming\FACEIT 2021-04-10 12:50 - 2021-01-10 17:40 - 000000000 ____D C:\ProgramData\Origin 2021-04-10 12:41 - 2021-02-05 23:26 - 000000835 _____ C:\Users\kavoo\Desktop\Call of Duty Black Ops Cold War.lnk 2021-04-07 13:38 - 2020-11-23 13:31 - 002171760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll 2021-04-07 13:38 - 2020-11-23 13:31 - 001293680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll 2021-03-30 12:57 - 2020-11-23 13:31 - 000074608 _____ C:\WINDOWS\system32\FvSDK_x64.dll 2021-03-30 12:57 - 2020-11-23 13:31 - 000064880 _____ C:\WINDOWS\SysWOW64\FvSDK_x86.dll 2021-03-21 13:12 - 2020-10-25 19:53 - 000000000 ____D C:\Users\Mario\AppData\Local\PlaceholderTileLogoFolder 2021-03-21 13:12 - 2020-10-25 19:52 - 000000000 ___RD C:\Users\Mario\OneDrive 2021-03-21 13:12 - 2020-10-25 19:51 - 000000000 ___RD C:\Users\Mario\3D Objects ==================== Files in the root of some directories ======== 2021-01-23 17:44 - 2021-01-23 17:44 - 000007615 _____ () C:\Users\kavoo\AppData\Local\Resmon.ResmonCfg 2020-12-09 02:16 - 2020-12-09 02:16 - 000000003 _____ () C:\Users\kavoo\AppData\Local\updater.log 2020-12-09 02:16 - 2020-12-09 02:16 - 000000424 _____ () C:\Users\kavoo\AppData\Local\UserProducts.xml ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== Additional.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2021 Ran by kavoo (20-04-2021 22:17:34) Running from C:\Users\kavoo\Desktop Windows 10 Home Version 20H2 19042.928 (X64) (2021-04-15 14:35:46) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3288830602-4078900590-3289903987-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3288830602-4078900590-3289903987-503 - Limited - Disabled) Guest (S-1-5-21-3288830602-4078900590-3289903987-501 - Limited - Disabled) kavoo (S-1-5-21-3288830602-4078900590-3289903987-1001 - Administrator - Enabled) => C:\Users\kavoo Mario (S-1-5-21-3288830602-4078900590-3289903987-1003 - Limited - Enabled) => C:\Users\Mario mosca (S-1-5-21-3288830602-4078900590-3289903987-1002 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-3288830602-4078900590-3289903987-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {BAD274F4-FA00-8560-1CDE-6C830442BEFA} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 25.0.1.177 - Bitdefender) Bitdefender Antivirus Free (HKLM\...\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}) (Version: 1.0.21.234 - Bitdefender) Call of Duty Black Ops Cold War (HKLM-x32\...\Call of Duty Black Ops Cold War) (Version: - Blizzard Entertainment) Call of Duty Modern Warfare (HKLM-x32\...\Call of Duty Modern Warfare) (Version: - Blizzard Entertainment) ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{0243F145-076D-423A-8F77-218DC8840261}) (Version: 4.8.04119 - Microsoft Corporation) Hidden CPUID HWMonitor 1.43 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.43 - CPUID, Inc.) CurseForge (HKU\S-1-5-21-3288830602-4078900590-3289903987-1001\...\Overwolf_cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj) (Version: 0.172.1.5 - Overwolf app) DiagnosticsHub_CollectionService (HKLM\...\{1F3C3AAC-9F7A-47DA-A082-0ACE770041BE}) (Version: 16.1.28901 - Microsoft Corporation) Hidden Discord (HKU\S-1-5-21-3288830602-4078900590-3289903987-1001\...\Discord) (Version: 0.0.309 - Discord Inc.) Entity Framework 6.2.0 Tools for Visual Studio 2019 (HKLM-x32\...\{7C2070BF-8E07-4B5F-A182-FADB0B95AB39}) (Version: 6.2.0.0 - Microsoft Corporation) Hidden Epic Games Launcher (HKLM-x32\...\{1D4EB18B-0FEE-444E-B4D1-6F2CFBC363E6}) (Version: 1.1.267.0 - Epic Games, Inc.) ExpressVPN (HKLM-x32\...\{dfa3c815-2d05-4891-86c7-c97f34b245d0}) (Version: 10.2.2.29 - ExpressVPN) ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B876ED984E}) (Version: 10.2.2.29 - ExpressVPN) Hidden FreePCB 1.2 (HKLM-x32\...\FreePCB_is1) (Version: - Allan) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.128 - Google LLC) icecap_collection_neutral (HKLM-x32\...\{2A00DCB3-752F-446C-B3B3-1B6ADFBFF3E3}) (Version: 16.6.30014 - Microsoft Corporation) Hidden icecap_collection_x64 (HKLM\...\{BE5E54C4-6B68-4AE3-A7F4-45F0D29D48D3}) (Version: 16.6.30014 - Microsoft Corporation) Hidden icecap_collectionresources (HKLM-x32\...\{1E6E5904-E97F-41F7-B3DB-0C8CD3180E3C}) (Version: 16.6.30014 - Microsoft Corporation) Hidden icecap_collectionresourcesx64 (HKLM-x32\...\{7FD392DF-51A1-4DC1-9C6F-BF7C58A576AC}) (Version: 16.6.30014 - Microsoft Corporation) Hidden IntelliTraceProfilerProxy (HKLM-x32\...\{7D94CF67-6666-4111-B027-D7AB7F189F70}) (Version: 15.0.18198.01 - Microsoft Corporation) Hidden Java 8 Update 251 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180251F0}) (Version: 8.0.2510.8 - Oracle Corporation) Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Lightshot-5.5.0.7 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.5.0.7 - Skillbrains) MacroRecorder v1.0.74 (HKLM-x32\...\MacroRecorder_is1) (Version: 1.0.74 - Bartels Media GmbH) Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes) Microsoft .NET Core SDK 3.1.301 (x64) from Visual Studio (HKLM\...\{4ECCC18D-A5B3-4913-B693-A40CD7BD0F7A}) (Version: 3.1.301.015174 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.77 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3288830602-4078900590-3289903987-1001\...\OneDriveSetup.exe) (Version: 21.052.0314.0001 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3288830602-4078900590-3289903987-1003\...\OneDriveSetup.exe) (Version: 21.030.0211.0002 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM\...\{8D7CE3B0-5379-46FE-9F4B-A65D9F4CC1F1}) (Version: 15.0.1200.24 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM-x32\...\{725CC962-98BD-42C7-87D8-51C680FB1779}) (Version: 15.0.1200.24 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation) Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 2.6.2035.522 - Microsoft Corporation) Microsoft Web Deploy 4.0 (HKLM\...\{BBCDB523-F5B7-4E53-A911-C85191E3BDF0}) (Version: 10.0.2606 - Microsoft Corporation) Minecraft Launcher (HKLM-x32\...\{F6678473-0198-46D0-A88F-2A247E6FA03C}) (Version: 1.0.0.0 - Mojang) NVIDIA FrameView SDK 1.1.4923.29781331 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29781331 - NVIDIA Corporation) NVIDIA GeForce Experience 3.22.0.32 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.22.0.32 - NVIDIA Corporation) NVIDIA Graphics Driver 466.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 466.11 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation) NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation) NVIDIA USBC Driver 1.46.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.46.831.832 - NVIDIA Corporation) Overwolf (HKLM-x32\...\Overwolf) (Version: 0.168.0.12 - Overwolf Ltd.) Process Hacker 2.39 (r124) (HKLM\...\Process_Hacker2_is1) (Version: 2.39.0.124 - wj32) ProtonVPN (HKLM-x32\...\{D19979C9-8B5B-4500-AA6A-EF331F658074}) (Version: 1.17.5 - Proton Technologies AG) Hidden ProtonVPN (HKLM-x32\...\ProtonVPN 1.17.5) (Version: 1.17.5 - Proton Technologies AG) ProtonVPNTap (HKLM-x32\...\{BCB82CD9-F514-4F93-A6D9-F898494DC927}) (Version: 1.1.0 - Proton Technologies AG) PUBG LITE (HKLM-x32\...\PUBG LITE_is1) (Version: 1.0.1.0 - ) Python Launcher (HKLM-x32\...\{4E5F47AD-2588-4BE3-9DC2-0F9CD283A3DF}) (Version: 3.7.6860.0 - Python Software Foundation) Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 9.13.18.1333 - Razer Inc.) Riot Vanguard (HKLM\...\Riot Vanguard) (Version: - Riot Games, Inc.) Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.31.0 - Samsung Electronics Co., Ltd.) TypeScript SDK (HKLM-x32\...\{7E046A6D-8DDB-41BF-B2FB-46CA2C9506FB}) (Version: 3.8.3.0 - Microsoft Corporation) Hidden Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 85.0 - Ubisoft) UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) VALORANT (HKU\S-1-5-21-3288830602-4078900590-3289903987-1001\...\Riot Game valorant.live) (Version: - Riot Games, Inc) vcpp_crt.redist.clickonce (HKLM-x32\...\{AA38DC14-21AD-4BE9-BCDB-736C0FD94713}) (Version: 14.26.28720 - Microsoft Corporation) Hidden Visual Studio Community 2019 (HKLM-x32\...\105ca4a3) (Version: 16.6.30204.135 - Microsoft Corporation) VS Immersive Activate Helper (HKLM-x32\...\{A71406B5-E487-4B01-8E59-D466841350F5}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden VS JIT Debugger (HKLM\...\{C7E8A4F2-EF09-42A8-B892-69D5ED99D965}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden VS Script Debugging Common (HKLM\...\{A4272808-82F5-410F-A5F9-1BF6F63F6B9A}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden vs_BlendMsi (HKLM-x32\...\{B5E3A3E1-1529-4D5A-9E95-34971FA07825}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_clickoncebootstrappermsi (HKLM-x32\...\{BAF91847-0A64-405E-98EC-A0BA6FB4BC4E}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_clickoncebootstrappermsires (HKLM-x32\...\{271F1F42-B547-4498-825F-590DBB1774F7}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_clickoncesigntoolmsi (HKLM-x32\...\{30D97A69-3C0F-4552-9A72-60E591B210C7}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_communitymsi (HKLM-x32\...\{2CCEC45B-1462-4FFD-8214-90E3C25000F7}) (Version: 16.6.30014 - Microsoft Corporation) Hidden vs_communitymsires (HKLM-x32\...\{95E79BBC-97FD-4FEB-91B5-CC0231324812}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_devenvmsi (HKLM-x32\...\{AD0C92A4-1514-4BC1-A723-A272A8343924}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_filehandler_amd64 (HKLM-x32\...\{7A991159-9069-471D-B85F-89B1E4E66822}) (Version: 16.6.30014 - Microsoft Corporation) Hidden vs_filehandler_x86 (HKLM-x32\...\{16E73A5A-339C-4177-A0BD-04278C06625C}) (Version: 16.6.30014 - Microsoft Corporation) Hidden vs_FileTracker_Singleton (HKLM-x32\...\{C8E7C1FC-925C-4163-BAB3-769E6C7961D2}) (Version: 16.6.30014 - Microsoft Corporation) Hidden vs_Graphics_Singletonx64 (HKLM\...\{ABBD10CA-0CFA-4D76-B033-F76C55A54336}) (Version: 16.4.29411 - Microsoft Corporation) Hidden vs_Graphics_Singletonx86 (HKLM-x32\...\{E47B4703-2337-4ED0-BA24-3EC08D643684}) (Version: 16.4.29411 - Microsoft Corporation) Hidden vs_minshellinteropmsi (HKLM-x32\...\{27B16914-BC5D-4018-8074-071262A27F6D}) (Version: 16.2.28917 - Microsoft Corporation) Hidden vs_minshellmsi (HKLM-x32\...\{DA7AB063-D1A3-4D5A-8221-598ACF4574B4}) (Version: 16.6.30014 - Microsoft Corporation) Hidden vs_minshellmsires (HKLM-x32\...\{EC04CD66-C03A-470D-B0D2-4BBC87F6382D}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{0A54CADD-CBA1-4BC9-A134-6C9F91F41B9A}) (Version: 16.5.29521 - Microsoft Corporation) Hidden vs_tipsmsi (HKLM-x32\...\{E208E682-50EE-4F2F-9860-C91B906B8A03}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_vswebprotocolselectormsi (HKLM-x32\...\{5F2E2347-2042-4340-BBDD-262BB1791EC7}) (Version: 16.6.30014 - Microsoft Corporation) Hidden WhatsApp (HKU\S-1-5-21-3288830602-4078900590-3289903987-1001\...\WhatsApp) (Version: 2.2112.10 - WhatsApp) Windows SDK AddOn (HKLM-x32\...\{E6F877A1-2F65-4BF0-87B6-A4071B7663D3}) (Version: 10.1.0.0 - Microsoft Corporation) WinRAR 5.91 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH) Packages: ========= Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.4072.0_x64__8wekyb3d8bbwe [2021-04-17] (Microsoft Studios) [MS Ad] Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-11-05] (Netflix, Inc.) NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.960.0_x64__56jybvy8sckqj [2021-04-17] (NVIDIA Corp.) Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-12-19] (Microsoft Corporation) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.2.175.0_x64__dt26b99r8h8gj [2021-04-15] (Realtek Semiconductor Corp) XLS Opener -> C:\Program Files\WindowsApps\BallardAppCraftery.CraftySpreadsheetViewer_1.3.4.0_x64__epyrqhfctk40t [2020-06-12] (Ballard App Craftery) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-04-20] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7d91b2ed40558a26\nvshext.dll [2021-04-13] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-04-20] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\kavoo\Application Data:fbd50e2f7662a5c33287ddc6e65ab5a1 [394] AlternateDataStreams: C:\Users\kavoo\AppData\Roaming:fbd50e2f7662a5c33287ddc6e65ab5a1 [394] AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [488] ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-3288830602-4078900590-3289903987-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=BT171002&iDate=2020-02-02%2003:38:06&bName= SearchScopes: HKU\S-1-5-21-3288830602-4078900590-3289903987-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\java\bin\ssv.dll [2020-06-15] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\java\bin\jp2ssv.dll [2020-06-15] (Oracle America, Inc. -> Oracle Corporation) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2020-06-02 03:24 - 2020-06-02 03:23 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\dotnet\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\ HKU\S-1-5-21-3288830602-4078900590-3289903987-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\kavoo\Desktop\2ff26a3dd03271d1764c36af3ff448de.jpg HKU\S-1-5-21-3288830602-4078900590-3289903987-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run32: => "REDRAGON M711 Gaming Mouse" HKLM\...\StartupApproved\Run32: => "REDRAGON M711-FPS Gaming Mouse" HKLM\...\StartupApproved\Run32: => "RazerCortex" HKU\S-1-5-21-3288830602-4078900590-3289903987-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3288830602-4078900590-3289903987-1001\...\StartupApproved\Run: => "Discord" HKU\S-1-5-21-3288830602-4078900590-3289903987-1001\...\StartupApproved\Run: => "EpicGamesLauncher" HKU\S-1-5-21-3288830602-4078900590-3289903987-1001\...\StartupApproved\Run: => "NordVPN" HKU\S-1-5-21-3288830602-4078900590-3289903987-1001\...\StartupApproved\Run: => "Spotify" HKU\S-1-5-21-3288830602-4078900590-3289903987-1001\...\StartupApproved\Run: => "FACEIT" HKU\S-1-5-21-3288830602-4078900590-3289903987-1001\...\StartupApproved\Run: => "Samsung DeX" HKU\S-1-5-21-3288830602-4078900590-3289903987-1001\...\StartupApproved\Run: => "Overwolf" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{21AE0ECA-6F20-4604-BEA5-379D627EAB3C}D:\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe] => (Allow) D:\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe (PUBG CORPORATION -> PUBG Works) FirewallRules: [TCP Query User{D94E4C91-1764-44D9-BA96-DE826032259A}D:\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe] => (Allow) D:\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe (PUBG CORPORATION -> PUBG Works) FirewallRules: [{1497CD3B-9C22-4946-8A54-A68CC030C9F1}] => (Allow) D:\steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_Vulkan.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft) FirewallRules: [{A55B8E03-9C90-4292-B469-D0DA7058B019}] => (Allow) D:\steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_Vulkan.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft) FirewallRules: [{3DC5B7C8-C0C0-4086-A7E3-A7C15AEB0118}] => (Allow) D:\steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft) FirewallRules: [{68F1FA66-3EF8-425F-9189-5A9983C1D27B}] => (Allow) D:\steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft) FirewallRules: [UDP Query User{F68A2ACF-4801-416A-97F0-40E8E6B5FA93}D:\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) D:\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe FirewallRules: [TCP Query User{DE2F6E33-8F5E-487E-8221-770BD0ABE208}D:\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) D:\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe FirewallRules: [{CAD28CD6-B0A7-43C8-AF37-9E67331BF7AB}] => (Block) D:\forge\Overwolf\0.168.0.12\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD) FirewallRules: [{A9C7CF1D-39F9-4A65-BC5C-15356F6D8126}] => (Block) D:\forge\Overwolf\0.168.0.12\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD) FirewallRules: [{5EE91F04-F85B-4E99-AAF8-32C430A9B4A1}] => (Allow) D:\forge\Overwolf\0.168.0.12\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD) FirewallRules: [{D22B454C-2633-4EBF-B5FC-85581D36A14A}] => (Allow) D:\forge\Overwolf\0.168.0.12\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD) FirewallRules: [{B7312EC3-6360-4184-8B36-4AB7A37D99FC}] => (Allow) D:\steam\steamapps\common\EasyAntiCheat\EasyAntiCheat.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{DD659105-BD2D-43E6-9D41-D12AF43FB109}] => (Allow) D:\steam\steamapps\common\EasyAntiCheat\EasyAntiCheat.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{07E43740-F30A-4924-86EA-3EC55DD25682}] => (Allow) D:\steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> ) FirewallRules: [{D2BABE70-21A5-4ADD-98A4-5190931D67BF}] => (Allow) D:\steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> ) FirewallRules: [{C05179A0-BC5F-469C-B10B-C5BC1FE249A0}] => (Allow) C:\SteamLibrary\steamapps\common\Rust\Rust.exe (Facepunch Studios Ltd -> Epic Games, Inc) FirewallRules: [{DE09B697-3DBA-41A0-A8F7-61DDFC750160}] => (Allow) C:\SteamLibrary\steamapps\common\Rust\Rust.exe (Facepunch Studios Ltd -> Epic Games, Inc) FirewallRules: [UDP Query User{70B08382-7C17-449F-9643-035480245D81}D:\minecraft\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) D:\minecraft\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe FirewallRules: [TCP Query User{B651A1F7-742C-4D34-8561-49661674F4B0}D:\minecraft\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) D:\minecraft\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe FirewallRules: [UDP Query User{CF73CD4E-94B8-4A5C-A117-27ABCA6848E1}D:\fortnite2\paladins\binaries\win64\paladins.exe] => (Allow) D:\fortnite2\paladins\binaries\win64\paladins.exe => No File FirewallRules: [TCP Query User{8133BB96-1B1F-48BE-88B5-52808822B52E}D:\fortnite2\paladins\binaries\win64\paladins.exe] => (Allow) D:\fortnite2\paladins\binaries\win64\paladins.exe => No File FirewallRules: [{5FC8C435-0257-433D-B2CF-BDCF9EC9B6C2}] => (Allow) D:\steam\steamapps\common\Rust\Rust.exe => No File FirewallRules: [{7CCA0DB3-5982-4D85-BB12-45A4AAA0DBEB}] => (Allow) D:\steam\steamapps\common\Rust\Rust.exe => No File FirewallRules: [{1C9B51E2-7230-47E0-8985-C84CE7CA80AF}] => (Allow) D:\steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{52E38D4B-E67A-4D04-87D5-4D014C888AA7}] => (Allow) D:\steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{A6AD8E59-A81E-4A10-A467-F24217148EBD}] => (Allow) D:\steam\steam.exe (Valve -> Valve Corporation) FirewallRules: [{218CE19D-61E8-4AD2-8B00-D3FB0768ADBE}] => (Allow) D:\steam\steam.exe (Valve -> Valve Corporation) FirewallRules: [UDP Query User{7427F701-E799-4624-BD4F-95219B8BD633}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [TCP Query User{D91ED9A5-154F-4C32-A099-81593338201E}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{A794D467-05A0-4A32-A37B-6B27D040D6CA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{A0B645BB-04BF-4EC4-9369-1B5CF10BF235}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [UDP Query User{B9209047-6EF8-4763-90A9-8B03DE913F8F}C:\cold war\call of duty black ops cold war\blackopscoldwar.exe] => (Allow) C:\cold war\call of duty black ops cold war\blackopscoldwar.exe (Activision Publishing Inc -> Activision Publishing, Inc.) FirewallRules: [TCP Query User{41EA9596-2BD5-45CA-B5C1-0F3C6B918B5B}C:\cold war\call of duty black ops cold war\blackopscoldwar.exe] => (Allow) C:\cold war\call of duty black ops cold war\blackopscoldwar.exe (Activision Publishing Inc -> Activision Publishing, Inc.) FirewallRules: [UDP Query User{8730F456-44AA-4D4F-9AC5-3EF86F017067}C:\program files (x86)\call of duty black ops cold war\blackopscoldwar.exe] => (Allow) C:\program files (x86)\call of duty black ops cold war\blackopscoldwar.exe => No File FirewallRules: [TCP Query User{B8FE846F-ADA7-49C0-B6F1-30D1C75BDAB3}C:\program files (x86)\call of duty black ops cold war\blackopscoldwar.exe] => (Allow) C:\program files (x86)\call of duty black ops cold war\blackopscoldwar.exe => No File FirewallRules: [{43EFCD68-1528-4CD3-BD3D-9BD167B79E1F}] => (Allow) LPort=27036 FirewallRules: [{091DF681-00DA-4F96-8BC2-E03A0507758E}] => (Allow) LPort=3074 FirewallRules: [{937F0460-B34D-448F-A85B-05CCF8F387D1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{C9B48517-CAF4-4FB6-9DE5-4F5DE3CC7DBD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{A05371AE-AAFD-426E-A980-F28DEBC3220B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{B56BCB53-00A2-4AF8-9309-5773075C93F3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{EEEB8AC3-0B1C-4EEA-B3B6-16ABD30BA1F0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [TCP Query User{5E640674-F9EF-42AF-8207-A08108B41E77}D:\fortnite2\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\fortnite2\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{F6BC3111-32F3-481B-A894-6D454AD9F9D6}D:\fortnite2\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\fortnite2\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{05F964BE-DE52-4E4A-B9F9-598CDD006915}] => (Allow) D:\fortnite2\TrackmaniaNext\trackmania.exe => No File FirewallRules: [{AD7242BE-E459-4DE7-A085-5073E00FC257}] => (Allow) D:\fortnite2\TrackmaniaNext\trackmania.exe => No File FirewallRules: [TCP Query User{CBCE8809-9229-4307-A2D4-756D1DB210C0}D:\java\bin\javaw.exe] => (Allow) D:\java\bin\javaw.exe FirewallRules: [UDP Query User{99BF475B-4BF7-4D31-BC68-1C0E8FDC0051}D:\java\bin\javaw.exe] => (Allow) D:\java\bin\javaw.exe ==================== Restore Points ========================= 20-04-2021 10:08:18 Scheduled Checkpoint 20-04-2021 22:12:39 AdwCleaner_BeforeCleaning_20/04/2021_22:12:39 ==================== Faulty Device Manager Devices ============ Name: ExpressVPN TAP Adapter Description: ExpressVPN TAP Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: ExpressVPN Service: tapexpressvpn Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ======================== Application errors: ================== Error: (04/20/2021 09:59:44 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbamtray.exe, version: 4.0.0.944, time stamp: 0x60660637 Faulting module name: Qt5Core.dll, version: 5.14.1.0, time stamp: 0x603971ce Exception code: 0xc0000005 Fault offset: 0x0000000000219dc5 Faulting process id: 0xbd8 Faulting application start time: 0x01d73609a8166479 Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll Report Id: 3c94f900-f8d4-49b9-82ba-f16057240cbd Faulting package full name: Faulting package-relative application ID: Error: (04/19/2021 10:17:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MinecraftLauncher.exe, version: 1.0.1.0, time stamp: 0x605335a0 Faulting module name: ntdll.dll, version: 10.0.19041.928, time stamp: 0xa0caab76 Exception code: 0xc0000005 Fault offset: 0x0002fc2d Faulting process id: 0x2808 Faulting application start time: 0x01d73558ea887310 Faulting application path: D:\minecraft\MinecraftLauncher.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: 86205307-0991-4862-8e4e-b600d8d0464a Faulting package full name: Faulting package-relative application ID: Error: (04/19/2021 08:10:54 AM) (Source: MsiInstaller) (EventID: 11606) (User: DESKTOP-R4LF066) Description: Product: Epic Online Services -- Error 1606. Could not access network location Epic Online Services\service. Error: (04/19/2021 08:10:54 AM) (Source: MsiInstaller) (EventID: 11606) (User: DESKTOP-R4LF066) Description: Product: Epic Online Services -- Error 1606. Could not access network location Epic Online Services\service. Error: (04/18/2021 07:37:45 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program RustClient.exe version 2019.4.7.37553 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1738 Start Time: 01d7347982b959cb Termination Time: 4294967295 Application Path: C:\SteamLibrary\steamapps\common\Rust\RustClient.exe Report Id: bdf27ec2-a18c-4896-8d7e-e5e0d52c5b45 Faulting package full name: Faulting package-relative application ID: Hang type: Top level window is idle Error: (04/18/2021 06:03:39 PM) (Source: MsiInstaller) (EventID: 11321) (User: DESKTOP-R4LF066) Description: Product: Barium App -- Error 1321. The Installer has insufficient privileges to modify this file: C:\Users\kavoo\AppData\Local\BariumApp\BariumApp.exe. System Error 5. Error: (04/18/2021 06:03:31 PM) (Source: MsiInstaller) (EventID: 11500) (User: DESKTOP-R4LF066) Description: Product: Barium App -- Error 1500. Another installation is in progress. You must complete that installation before continuing this one. Error: (04/17/2021 10:34:02 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating status to SECURITY_PRODUCT_STATE_SNOOZED. System errors: ============= Error: (04/20/2021 10:12:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The RzKLService service terminated unexpectedly. It has done this 1 time(s). Error: (04/20/2021 10:12:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The ProductAgentService service terminated unexpectedly. It has done this 1 time(s). Error: (04/20/2021 10:12:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Razer Central Service service terminated unexpectedly. It has done this 1 time(s). Error: (04/20/2021 10:12:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The NVIDIA LocalSystem Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service. Error: (04/20/2021 10:12:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The SAMSUNG Mobile Connectivity Service V2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. Error: (04/20/2021 10:12:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The SAMSUNG Mobile Connectivity Service service terminated unexpectedly. It has done this 1 time(s). Error: (04/20/2021 10:12:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Realtek Audio Universal Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error: (04/20/2021 10:12:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Razer Game Manager service terminated unexpectedly. It has done this 1 time(s). Windows Defender: ================ Date: 2021-04-19 09:27:11 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following:https://go.microsoft.com/fwlink/?linkid=37020&name=App:Utorrent_BundleInstaller&threatid=290703&enterprise=0 Name: App:Utorrent_BundleInstaller Severity: Low Category: Potentially Unwanted Software Path: file:_D:\$RECYCLE.BIN\S-1-5-21-1766290516-2644260735-1604191060-1001\$RCE4ZRD.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: User Process Name: Unknown Security intelligence Version: AV: 1.335.1177.0, AS: 1.335.1177.0, NIS: 1.335.1177.0 Engine Version: AM: 1.1.18000.5, NIS: 1.1.18000.5 Date: 2021-04-19 09:27:11 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following:https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Occamy.CCD&threatid=2147756162&enterprise=0 Name: Trojan:Win32/Occamy.CCD Severity: Severe Category: Trojan Path: containerfile:_D:\$RECYCLE.BIN\S-1-5-21-1766290516-2644260735-1604191060-1001\$R96J94J.zip; file:_D:\$RECYCLE.BIN\S-1-5-21-1766290516-2644260735-1604191060-1001\$R96J94J.zip->Osiris.dll Detection Origin: Local machine Detection Type: FastPath Detection Source: User Process Name: Unknown Security intelligence Version: AV: 1.335.1177.0, AS: 1.335.1177.0, NIS: 1.335.1177.0 Engine Version: AM: 1.1.18000.5, NIS: 1.1.18000.5 Date: 2021-04-18 19:24:55 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Full Scan Date: 2021-04-17 22:18:37 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following:https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Script/Phonzy.B!ml&threatid=2147772967&enterprise=0 Name: Trojan:Script/Phonzy.B!ml Severity: Severe Category: Trojan Path: file:_C:\Users\kavoo\Desktop\noviNcK^ybu_ktmp.exe Detection Origin: Local machine Detection Type: FastPath Detection Source: System Process Name: Unknown Security intelligence Version: AV: 1.335.1079.0, AS: 1.335.1079.0, NIS: 1.335.1079.0 Engine Version: AM: 1.1.18000.5, NIS: 1.1.18000.5 Date: 2021-04-17 22:18:37 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following:https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/GameHack&threatid=2147712662&enterprise=0 Name: HackTool:Win32/GameHack Severity: High Category: Tool Path: file:_C:\WINDOWS\GODWARE.dll; file:_C:\WINDOWS\Osiris.dll Detection Origin: Local machine Detection Type: Concrete Detection Source: System Process Name: Unknown Security intelligence Version: AV: 1.335.1079.0, AS: 1.335.1079.0, NIS: 1.335.1079.0 Engine Version: AM: 1.1.18000.5, NIS: 1.1.18000.5 Date: 2021-04-17 20:47:34 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.317.403.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.17100.2 Error code: 0x80090305 Error description: The requested security package does not exist Date: 2021-04-17 20:47:34 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.317.403.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 1.1.17100.2 Error code: 0x80090305 Error description: The requested security package does not exist Date: 2021-04-17 20:47:34 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.317.403.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.17100.2 Error code: 0x80090305 Error description: The requested security package does not exist Date: 2021-04-17 20:47:34 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.317.403.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.17100.2 Error code: 0x80090305 Error description: The requested security package does not exist Date: 2021-04-17 20:47:34 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.317.403.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 1.1.17100.2 Error code: 0x80090305 Error description: The requested security package does not exist CodeIntegrity: =============== Date: 2021-04-20 22:08:36 Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bitdefender Antivirus Free\bdamsi\265231836547332704\antimalware_provider64.dll that did not meet the Windows signing level requirements. Date: 2021-04-20 19:41:54 Description: Code Integrity determined that a process (\Device\HarddiskVolume6\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bitdefender Antivirus Free\bdamsi\265231836547332704\antimalware_provider64.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== BIOS: American Megatrends Inc. F15 06/05/2019 Motherboard: Gigabyte Technology Co., Ltd. B360M DS3H Processor: Intel(R) Core(TM) i5-9400F CPU @ 2.90GHz Percentage of memory in use: 35% Total physical RAM: 16315.39 MB Available physical RAM: 10481.08 MB Total Virtual: 28603.39 MB Available Virtual: 21120 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:237.84 GB) (Free:52.89 GB) NTFS Drive d: (HDD) (Fixed) (Total:931.5 GB) (Free:285.62 GB) NTFS \\?\Volume{2eadf7fb-10f3-4be6-af7b-ceb122f37a33}\ (Recovery) (Fixed) (Total:0.52 GB) (Free:0.09 GB) NTFS \\?\Volume{ead3d471-4872-470e-907a-9a00a4004822}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000) Partition: GPT. ========================================================== Disk: 1 (Protective MBR) (Size: 238.5 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ======================= Link to post Share on other sites More sharing options...
Solution kevinf80 Posted April 20, 2021 Solution ID:1452418 Share Posted April 20, 2021 Hiya staide, Thanks for those logs, continue: Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.NOTE. It's important that both files, FRST or FRSTEnglish, and fixlist.txt are in the same location or the fix will not work.NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.Note: If the tool warned you about an outdated version please download and run the updated version.NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. The system will be rebooted after the fix has run. Next, Download Sophos Free Virus Removal Tool and save it to your desktop. If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete..... Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours... Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View log file... (bottom left hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found please confirm that result.... The Virus Removal Tool scans the following areas of your computer: Memory, including system memory on 32-bit (x86) versions of Windows The Windows registry All local hard drives, fixed and removable Mapped network drives are not scanned. Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan. Saved logs are found here: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs Let me see those logs in your reply... Thank you, Kevin... fixlist.txt Link to post Share on other sites More sharing options...
staide Posted April 21, 2021 Author ID:1452552 Share Posted April 21, 2021 Hello Kevin. Here is the fixlog that I got after the FRST scan,Fixlog.txt Also here are the logs from Sophos,SophosVirusRemovalTool.log Thanks, Staide. Link to post Share on other sites More sharing options...
kevinf80 Posted April 21, 2021 ID:1452556 Share Posted April 21, 2021 Hiya Staide, Thanks for those logs, How is your system responding now, any issues or concerns.... There was no real evidence of malware or infection in your logs... Thank you, Kevin... Link to post Share on other sites More sharing options...
staide Posted April 21, 2021 Author ID:1452559 Share Posted April 21, 2021 Hello Kevin. My system works perfectly but I was just really paranoid about having some sort of virus in my system for last few days, so this is a relief for me. Thanks you so much Kevin u really helped a lot. I don't know what else to say but thank u for your time. Staide. Link to post Share on other sites More sharing options...
kevinf80 Posted April 21, 2021 ID:1452561 Share Posted April 21, 2021 Hiya Staide, Thanks for the update and kind words. We did clean up your system with FRST fix, other than that we just complete precautionary scans... Continue to clran up: Uninstall the following program (unless you prefer to keepit):Sophos AVhttp://www.askvg.com/how-to-completely-uninstall-remove-a-software-program-in-windows-without-using-3rd-party-software/ Also delete this folder if still present: C:\ProgramData\Sophos Next, Right click on FRST here: C:\Users\kavoo\Desktop\FRST.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator" If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST to uninstall That action will remove FRST and all created files and folders... Next, Condsider the following: Malwarebytes Browser Guard (Free) for Firefox: https://addons.mozilla.org/en-GB/firefox/addon/malwarebytes/ Malwarebytes Browser Guard (Free) for Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee PatchMyPC, keep all your software upto date - https://patchmypc.com/home-updater#download From there you should be good to go... Next, Read the following links to fully understand PC Security and Best Practices, you may find them useful....Answers to Common Security Questions and best PracticesDo I need a Registry Cleaner? Take care and surf safe Kevin... Link to post Share on other sites More sharing options...
kevinf80 Posted April 22, 2021 ID:1452646 Share Posted April 22, 2021 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts