Jump to content

PC acting weird from time to time (CPU usage 100%, fully throttling fans)


Go to solution Solved by kevinf80,

Recommended Posts

I have already detected the virus: they were trojans and files like nCoreManager.exe, Trojan.BitCoinMiner, Trojan.Backdoor. 
In the first moments of noticing I downloaded malwarebytes, and to my surprise, it DID find some of the trojans that Avast could not find. Though, it was not even close to being the end. I went to sleep with a thought that this would be over, but noticed that Task Manager was still showing 70-80% usage on its' startup. I thought this was only a leftover side-effect, so I restarted my PC. In the middle of the night, I began to notice that my PC would turn off to sleep mode for a rough 10 seconds, then the PC would start up with my GPU fans spinning on full throttle, then the fans stopped after 3 seconds. The task manager is still showing high CPU usage. I used Avast Full drive scan, Malwarebytes Deepscan and AVG Bootscan, but I haven't found any traces of the malware left, though I for sure know it's still there. I think the only possible explanation would be is that it infected the kernel. Could it be possible, and what do I do now?
Any untried solutions of mine you provide will be greatly accepted.

Screenshot 2021-04-20 083914.png

Screenshot 2021-04-19 174534.png

Screenshot 2021-04-19 174134.png

Link to post
Share on other sites
Hello KyoujinN and welcome to Malwarebytes,

Continue with the following:

If you do not have Malwarebytes installed do the following:

Download Malwarebytes version 4 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts.

When the install completes or Malwarebytes is already installed do the following:

Open Malwarebytes, select > small cog wheel top right hand corner, that will open "settings" from there select "Security" tab.

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Close out the settings window, this will take you back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:
 
  • Click on the Detection History tab > from main interface.
  • Then click on "History" that will open to a historical list
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status... If English is not your primary language Right click on FRST/FRST64 and rename FRSTEnglish/FRST64English

 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your reply...

Thank you,

Kevin....
Link to post
Share on other sites

After ~3hrs of scanning, Malwarebytes was not able to find anything.

Here is the log from AdwCleaner 8.2.0 ( ran as administrator)

2021-04-20 11:46:19 :  <INFO>      [Button clicked] Dashboard menu item
2021-04-20 11:46:19 :  <INFO>      [Button clicked] Scan
2021-04-20 11:46:19 :  <INFO>      [Scan] Started
2021-04-20 11:46:19 :  <INFO>      [Database] Downloading database
2021-04-20 11:46:22 :  <INFO>      [Database] Checking integrity
2021-04-20 11:46:22 :  <INFO>      [Database] Found  2676  families
2021-04-20 11:46:22 :  <INFO>      [Database] Database v "2021-04-20.1"
2021-04-20 11:46:22 :  <INFO>      [Loading paths] Local paths loaded
2021-04-20 11:46:22 :  <INFO>      [Loading paths] Chrome paths loaded
2021-04-20 11:46:22 :  <INFO>      [Loading paths] Firefox paths loaded
2021-04-20 11:46:22 :  <INFO>      [Loading paths] User Keys loaded
2021-04-20 11:46:22 :  <INFO>      [Module initialized]  "Regist2021-202021-04-20 11:46:22 :  <INFO>      [Module initialized]  "Reg2021-04-20 11:46:22 :  <INFO>      [Module initialized]  "RegClasses"
2021-04-20 11:46:22 :  <INFO>      [Module initialized]  "RegProductID"
2021-04-20 11:46:22 :  <INFO>      [Module initialized]  "RegStartup"
2021-04-20 11:46:22 :  <INFO>      [Module initialized]  "DNS"
2021-04-20 11:46:22 :  <INFO>      [Module initialized]  "RegSoftware"
2021-04-20 11:46:22 :  <INFO>      [Module initialized]  "RegGuid"
2021-04-20 11:46:22 :  <INFO>      [Module initialized]  "TaskName"
2021-04-20 11:46:22 :  <INFO>      [Module initialized]  "RegIEElevationPolicy"
2021-04-20 11:46:22 :  <INFO>      [Module initialized]  "RegFirewallPolicy"
2021-04-20 11:46:22 :  <INFO>      [Module initialized]  "Service"
2021-04-20 11:46:22 :  <INFO>      [Module initialized]  "WMI"
2021-04-20 11:46:23 :  <INFO>      [Module initialized]  "URL"
2021-04-20 11:46:23 :  <INFO>      [Scan] Exclusions loaded
2021-04-20 11:46:29 :  <INFO>      [Telemetry] Sending to Influx
2021-04-20 11:46:29 :  <INFO>      [SslCert] Issued by ("R3")
2021-04-20 11:46:29 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2021-04-20 11:46:29 :  <INFO>      [SslCert] Locality Name ()
2021-04-20 11:46:29 :  <INFO>      [SslCert] Organization ()
2021-04-20 11:46:29 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Thu Mar 4 13:43:25 2021 GMT"
2021-04-20 11:46:29 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Wed Jun 2 13:43:25 2021 GMT"
2021-04-20 11:46:29 :  <INFO>      [SslCert] ALPN: Yes
2021-04-20 11:46:29 :  <INFO>      [SslCert] Cipher:  "ECDHE-ECDSA-AES256-GCM-SHA384"
2021-04-20 11:46:29 :  <INFO>      [SslCert] KXE:  "ECDH"
2021-04-20 11:46:29 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2021-04-20 11:46:29 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2021-04-20 11:46:29 :  <INFO>      [Telemetry] Sending to DSE
2021-04-20 11:46:30 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2021-04-20 11:46:30 :  <INFO>      [SslCert] Issued to ("telemetry.malwarebytes.com")
2021-04-20 11:46:30 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2021-04-20 11:46:30 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2021-04-20 11:46:30 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Thu Oct 22 00:00:00 2020 GMT"
2021-04-20 11:46:30 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sun Oct 24 23:59:59 2021 GMT"
2021-04-20 11:46:30 :  <INFO>      [SslCert] ALPN: Yes
2021-04-20 11:46:30 :  <INFO>      [SslCert] Cipher:  "ECDHE-ECDSA-AES256-GCM-SHA384"
2021-04-20 11:46:30 :  <INFO>      [SslCert] KXE:  "ECDH"
2021-04-20 11:46:30 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2021-04-20 11:46:30 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2021-04-20 11:46:30 :  <INFO>      [Scan] Finished
2021-04-20 11:46:36 :  <INFO>      [Button clicked] Cancel
2021-04-20 11:46:38 :  <INFO>      [Button clicked] Quarantine menu item
2021-04-20 11:46:39 :  <INFO>      [Button clicked] Dashboard menu item
2021-04-20 11:46:40 :  <INFO>      [Button clicked] Scan
2021-04-20 11:46:40 :  <INFO>      [Scan] Started
2021-04-20 11:46:40 :  <INFO>      [Database] Downloading database
2021-04-20 11:46:42 :  <INFO>      [Database] Checking integrity
2021-04-20 11:46:42 :  <INFO>      [Database] Found  2676  families
2021-04-20 11:46:42 :  <INFO>      [Database] Database v "2021-04-20.1"
2021-04-20 11:46:42 :  <INFO>      [Loading paths] Local paths loaded
2021-04-20 11:46:42 :  <INFO>      [Loading paths] Chrome paths loaded
2021-04-20 11:46:42 :  <INFO>      [Loading paths] Firefox paths loaded
2021-04-20 11:46:42 :  <INFO>      [Loading paths] User Keys loaded
2021-04-20 11:46:42 :  <INFO>      [Module initialized]  "RegOther202021-04-20 11:46:42 :  <INFO>      [Module initialized]  "RegAppInit"2021-04-20 11:46:42 :  <INFO>      [Module initialized]  "RegClasses"
2021-04-20 11:46:42 :  <INFO>      [Module initialized]  "RegProductID"
2021-04-20 11:46:42 :  <INFO>      [Module initialized]  "WMI"
2021-04-20 11:46:42 :  <INFO>      [Module initialized]  "RegStartup"
2021-04-20 11:46:42 :  <INFO>      [Module initialized]  "DNS"
2021-04-20 11:46:42 :  <INFO>      [Module initialized]  "RegSoftware"
2021-04-20 11:46:42 :  <INFO>      [Module initialized]  "RegGuid"
2021-04-20 11:46:42 :  <INFO>      [Module initialized]  "TaskName"
2021-04-20 11:46:42 :  <INFO>      [Module initialized]  "RegIEElevationPolicy"
2021-04-20 11:46:42 :  <INFO>      [Module initialized]  "RegFirewallPolicy"
2021-04-20 11:46:42 :  <INFO>      [Module initialized]  "Service"
2021-04-20 11:46:43 :  <INFO>      [Module initialized]  "URL"
2021-04-20 11:46:43 :  <INFO>      [Scan] Exclusions loaded
2021-04-20 11:46:49 :  <INFO>      [Telemetry] Sending to Influx
2021-04-20 11:46:49 :  <INFO>      [SslCert] Issued by ("R3")
2021-04-20 11:46:49 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2021-04-20 11:46:49 :  <INFO>      [SslCert] Locality Name ()
2021-04-20 11:46:49 :  <INFO>      [SslCert] Organization ()
2021-04-20 11:46:49 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Thu Mar 4 13:43:25 2021 GMT"
2021-04-20 11:46:49 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Wed Jun 2 13:43:25 2021 GMT"
2021-04-20 11:46:49 :  <INFO>      [SslCert] ALPN: Yes
2021-04-20 11:46:49 :  <INFO>      [SslCert] Cipher:  "ECDHE-ECDSA-AES256-GCM-SHA384"
2021-04-20 11:46:49 :  <INFO>      [SslCert] KXE:  "ECDH"
2021-04-20 11:46:49 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2021-04-20 11:46:49 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2021-04-20 11:46:49 :  <INFO>      [Telemetry] Sending to DSE
2021-04-20 11:46:50 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2021-04-20 11:46:50 :  <INFO>      [SslCert] Issued to ("telemetry.malwarebytes.com")
2021-04-20 11:46:50 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2021-04-20 11:46:50 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2021-04-20 11:46:50 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Thu Oct 22 00:00:00 2020 GMT"
2021-04-20 11:46:50 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sun Oct 24 23:59:59 2021 GMT"
2021-04-20 11:46:50 :  <INFO>      [SslCert] ALPN: Yes
2021-04-20 11:46:50 :  <INFO>      [SslCert] Cipher:  "ECDHE-ECDSA-AES256-GCM-SHA384"
2021-04-20 11:46:50 :  <INFO>      [SslCert] KXE:  "ECDH"
2021-04-20 11:46:50 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2021-04-20 11:46:50 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2021-04-20 11:46:50 :  <INFO>      [Scan] Finished
2021-04-20 11:46:54 :  <INFO>      [Button clicked] Basic repair
2021-04-20 11:47:00 :  <INFO>      [Button clicked] Dialog button clicked [ 2 ]
2021-04-20 11:47:00 :  <INFO>      [Cleaning] Started
2021-04-20 11:47:00 :  <WARNING>   [Cleaning] Unable to Open process -  "[System Process]"   0
2021-04-20 11:47:00 :  <WARNING>   [Cleaning] Unable to Open process -  "System"   0
2021-04-20 11:47:00 :  <WARNING>   [Cleaning] Unable to Open process -  "Registry"   0
2021-04-20 11:47:00 :  <WARNING>   [Cleaning] Unable to Open process -  "wsc_proxy.exe"   0
2021-04-20 11:47:00 :  <WARNING>   [Cleaning] Unable to Open process -  "wsc_proxy.exe"   0
2021-04-20 11:47:00 :  <WARNING>   [Cleaning] Unable to Open process -  "Memory Compression"   0
2021-04-20 11:47:00 :  <WARNING>   [Cleaning] Unable to Open process -  "AvastSvc.exe"   0
2021-04-20 11:47:00 :  <WARNING>   [Cleaning] Unable to Open process -  "AVGSvc.exe"   0
2021-04-20 11:47:00 :  <WARNING>   [Cleaning] Unable to Open process -  "SecurityHealthService.exe"   0
2021-04-20 11:47:00 :  <WARNING>   [Cleaning] Unable to Open process -  "SgrmBroker.exe"   0
2021-04-20 11:47:00 :  <INFO>      [Engine Additional Action]  "Delete IFEO"
2021-04-20 11:47:00 :  <INFO>      [Engine Additional Action]  "Delete Prefetch"
2021-04-20 11:47:00 :  <INFO>      [Engine Additional Action]  "Delete Tracing Keys"
2021-04-20 11:47:00 :  <INFO>      [Engine Additional Action]  "Reset BITS"
2021-04-20 11:47:01 :  <INFO>      [Engine Additional Action]  "Reset Windows Firewall"
2021-04-20 11:47:01 :  <INFO>      [Engine Additional Action]  "Reset Hosts File"
2021-04-20 11:47:01 :  <INFO>      [Engine Additional Action]  "Reset IPSec"
2021-04-20 11:47:01 :  <INFO>      [Engine Additional Action]  "Reset Chromium Policies"
2021-04-20 11:47:01 :  <INFO>      [Engine Additional Action]  "Reset IE Policies"
2021-04-20 11:47:01 :  <INFO>      [Engine Additional Action]  "Reset Winsock"
2021-04-20 11:47:01 :  <INFO>      [Telemetry] Sending to Influx
2021-04-20 11:47:02 :  <INFO>      [SslCert] Issued by ("R3")
2021-04-20 11:47:02 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2021-04-20 11:47:02 :  <INFO>      [SslCert] Locality Name ()
2021-04-20 11:47:02 :  <INFO>      [SslCert] Organization ()
2021-04-20 11:47:02 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Thu Mar 4 13:43:25 2021 GMT"
2021-04-20 11:47:02 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Wed Jun 2 13:43:25 2021 GMT"
2021-04-20 11:47:02 :  <INFO>      [SslCert] ALPN: Yes
2021-04-20 11:47:02 :  <INFO>      [SslCert] Cipher:  "ECDHE-ECDSA-AES256-GCM-SHA384"
2021-04-20 11:47:02 :  <INFO>      [SslCert] KXE:  "ECDH"
2021-04-20 11:47:02 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2021-04-20 11:47:02 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2021-04-20 11:47:02 :  <INFO>      [Telemetry] Sending to DSE
2021-04-20 11:47:03 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2021-04-20 11:47:03 :  <INFO>      [SslCert] Issued to ("telemetry.malwarebytes.com")
2021-04-20 11:47:03 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2021-04-20 11:47:03 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2021-04-20 11:47:03 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Thu Oct 22 00:00:00 2020 GMT"
2021-04-20 11:47:03 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sun Oct 24 23:59:59 2021 GMT"
2021-04-20 11:47:03 :  <INFO>      [SslCert] ALPN: Yes
2021-04-20 11:47:03 :  <INFO>      [SslCert] Cipher:  "ECDHE-ECDSA-AES256-GCM-SHA384"
2021-04-20 11:47:03 :  <INFO>      [SslCert] KXE:  "ECDH"
2021-04-20 11:47:03 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2021-04-20 11:47:03 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2021-04-20 11:47:03 :  <INFO>      [Cleaning] Finished
2021-04-20 11:47:03 :  <INFO>      [MBBanner] Checking Iris
2021-04-20 11:47:03 :  <INFO>      [IRIS] Making request
2021-04-20 11:47:03 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2021-04-20 11:47:03 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2021-04-20 11:47:03 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2021-04-20 11:47:03 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2021-04-20 11:47:03 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Fri Apr 10 00:00:00 2020 GMT"
2021-04-20 11:47:03 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mon May 23 12:00:00 2022 GMT"
2021-04-20 11:47:03 :  <INFO>      [SslCert] ALPN: None
2021-04-20 11:47:03 :  <INFO>      [SslCert] Cipher:  "TLS_AES_128_GCM_SHA256"
2021-04-20 11:47:03 :  <INFO>      [SslCert] KXE:  "any"
2021-04-20 11:47:03 :  <INFO>      [SslCert] Protocol:  "TLSv1.3"
2021-04-20 11:47:03 :  <WARNING>   [File Downloader] Error downloading ( QNetworkReply::ContentNotFoundError )
2021-04-20 11:47:03 :  <INFO>      [IRIS] Failed
2021-04-20 11:47:06 :  <INFO>      [Application] Closing AdwCleaner
2021-04-20 11:47:54 :  <INFO>      [Application] AdwCleaner  8 . 2 . 0  launched
2021-04-20 11:47:54 :  <INFO>      [MBInstaller] Checking Iris
2021-04-20 11:47:54 :  <INFO>      [IRIS] Making request
2021-04-20 11:47:54 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2021-04-20 11:47:54 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2021-04-20 11:47:54 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2021-04-20 11:47:54 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2021-04-20 11:47:54 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Fri Apr 10 00:00:00 2020 GMT"
2021-04-20 11:47:54 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mon May 23 12:00:00 2022 GMT"
2021-04-20 11:47:54 :  <INFO>      [SslCert] ALPN: None
2021-04-20 11:47:54 :  <INFO>      [SslCert] Cipher:  "TLS_AES_128_GCM_SHA256"
2021-04-20 11:47:54 :  <INFO>      [SslCert] KXE:  "any"
2021-04-20 11:47:54 :  <INFO>      [SslCert] Protocol:  "TLSv1.3"
2021-04-20 11:47:54 :  <INFO>      [AdwUpgrade] Checking application updates
2021-04-20 11:47:55 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2021-04-20 11:47:55 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2021-04-20 11:47:55 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2021-04-20 11:47:55 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2021-04-20 11:47:55 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Fri Apr 10 00:00:00 2020 GMT"
2021-04-20 11:47:55 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mon May 23 12:00:00 2022 GMT"
2021-04-20 11:47:55 :  <INFO>      [SslCert] ALPN: None
2021-04-20 11:47:55 :  <INFO>      [SslCert] Cipher:  "TLS_AES_128_GCM_SHA256"
2021-04-20 11:47:55 :  <INFO>      [SslCert] KXE:  "any"
2021-04-20 11:47:55 :  <INFO>      [SslCert] Protocol:  "TLSv1.3"
2021-04-20 11:47:55 :  <INFO>      [Telemetry] Status code:  QVariant(int, 200)
2021-04-20 11:47:55 :  <WARNING>   [File Downloader] Error downloading ( QNetworkReply::ContentNotFoundError )
2021-04-20 11:47:55 :  <INFO>      [IRIS] Failed
2021-04-20 11:47:58 :  <INFO>      [Button clicked] Log files menu item
 

 



Here is the log from Farbar Recovery Scan Tool:

 


 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 82.193.64.2 217.195.49.41
Tcpip\..\Interfaces\{1043222b-e5b1-4c09-8112-4b6d073f32cf}: [DhcpNameServer] 82.193.64.2 217.195.49.41
Tcpip\..\Interfaces\{2205d039-9f71-4a69-a2f7-d3395e942f63}: [DhcpNameServer] 82.193.64.2 217.195.49.41
Tcpip\..\Interfaces\{4ce7a4da-c277-4c40-bcbc-e98a39eee487}: [DhcpNameServer] 8.8.8.8
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Ryzen 5\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-20]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.251.2 -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\dtplugin\npDeployJava1.dll [2021-02-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.251.2 -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\plugin2\npjp2.dll [2021-02-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]

Chrome: 
=======
CHR Profile: C:\Users\Ryzen 5\AppData\Local\Google\Chrome\User Data\Default [2021-04-20]
CHR StartupUrls: Default -> "hxxps://www.google.com/"

Opera: 
=======
StartMenuInternet: (HKU\S-1-5-21-2659368783-938232062-148181124-1001) Opera GXStable - "C:\Users\Ryzen 5\AppData\Local\Programs\Opera GX\Launcher.exe"

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [7894040 2021-04-19] (Avast Software s.r.o. -> AVAST Software)
S2 AUEPLauncher; C:\Program Files\AMD\CIM\..\Performance Profile Client\AUEPLauncher.exe [60704 2021-03-10] (Advanced Micro Devices, Inc. -> AMD)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [606944 2021-04-19] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [356064 2021-04-19] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56920 2021-04-19] (Avast Software s.r.o. -> AVAST Software)
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [607488 2021-04-20] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AVG Tools; C:\Program Files\AVG\Antivirus\avgToolsSvc.exe [356608 2021-04-20] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [7941688 2021-04-20] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AvgWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [109480 2021-04-20] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8788392 2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
S2 Ds3Service; C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpService.exe [389632 2016-01-10] (Scarlet.Crush Productions) [File not signed]
S3 EQU8_19; C:\ProgramData\EQU8\Totally Accurate Battlegrounds\bin\anticheat.x64.equ8.exe [5673048 2021-04-11] (Int3 Software AB -> Int3 Software AB)
S3 FACEITService; D:\FACEIT AC\faceitservice.exe [19414416 2021-04-12] (FACE IT LIMITED -> )
R2 hshld_10.13.3; C:\Program Files (x86)\Hotspot Shield\10.13.3\bin\cmw_srv.exe [222832 2021-02-16] (Pango Inc. -> Pango Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-04-19] (Malwarebytes Inc -> Malwarebytes)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1676696 2021-03-19] (Rockstar Games, Inc. -> Rockstar Games)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5361256 2021-04-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe [2624104 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe [128376 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AMDXE; C:\Windows\System32\drivers\amdxe.sys [62056 2020-07-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R1 amsdk; C:\Windows\system32\drivers\amsdk.sys [232792 2021-04-20] (Zemana D.O.O. Sarajevo -> Copyright 2018.)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [35664 2021-04-19] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [212192 2021-04-19] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [365024 2021-04-19] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [250336 2021-04-19] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [99288 2021-04-19] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\Windows\System32\drivers\aswElam.sys [17352 2021-04-19] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [41296 2021-04-19] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [180448 2021-04-19] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [522384 2021-04-19] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [107792 2021-04-19] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [82872 2021-04-19] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [850632 2021-04-19] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [467720 2021-04-19] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [215352 2021-04-19] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [326992 2021-04-19] (Avast Software s.r.o. -> AVAST Software)
R0 avgArDisk; C:\Windows\System32\drivers\avgArDisk.sys [35816 2021-04-20] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [212344 2021-04-20] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriver.sys [365112 2021-04-20] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 avgbidsh; C:\Windows\System32\drivers\avgbidsh.sys [250408 2021-04-20] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 avgbuniv; C:\Windows\System32\drivers\avgbuniv.sys [99384 2021-04-20] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgElam; C:\Windows\System32\drivers\avgElam.sys [16816 2021-04-20] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.)
S3 avgKbd; C:\Windows\System32\drivers\avgKbd.sys [41432 2021-04-20] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [180576 2021-04-20] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 avgNetHub; C:\Windows\System32\drivers\avgNetHub.sys [522520 2021-04-20] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [107920 2021-04-20] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [83008 2021-04-20] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [850784 2021-04-20] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [467840 2021-04-20] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 avgStm; C:\Windows\System32\drivers\avgStm.sys [215488 2021-04-20] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [327104 2021-04-20] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R1 cbfs6; C:\Windows\system32\drivers\cbfs6.sys [460992 2016-09-21] (EldoS Corporation -> /n software, Inc.)
S3 EQU8_HELPER_19; C:\Windows\system32\DRIVERS\EQU8_HELPER_19.sys [38032 2021-04-11] (Int3 Software AB -> )
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [199128 2021-04-19] (Malwarebytes Inc -> Malwarebytes)
R0 FACEIT; C:\Windows\System32\Drivers\FACEIT.sys [10913184 2021-04-11] (FACE IT LIMITED -> )
R3 hsstap; C:\Windows\System32\drivers\hsstap.sys [39424 2020-09-29] (Microsoft Windows Hardware Compatibility Publisher -> Pango)
R3 iVCam; C:\Windows\system32\DRIVERS\iVCam.sys [1090536 2020-11-02] (Shanghai Yitu Information Technology Co., Ltd. -> e2eSoft)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220752 2021-04-19] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2021-04-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [198248 2021-04-20] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [77496 2021-04-20] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-04-20] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [157944 2021-04-20] (Malwarebytes Inc -> Malwarebytes)
R1 pango_netfilter2; C:\Windows\System32\drivers\pango_netfilter2.sys [94872 2021-02-16] (Pango Inc. -> Pango Inc)
R3 PHYMEM; C:\Users\Ryzen 5\AppData\Local\Packages\33C30B79.HyperXNGenuity_0a78dr3hq0pvt\LocalState\otipcibus64.sys [17488 2021-02-12] (Ours Technology Inc. -> OTi)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
R3 vpnpbus; C:\Windows\System32\drivers\vpnpbus.sys [18624 2016-09-21] (EldoS Corporation -> /n software, Inc.)
R3 WacHidRouterPro; C:\Windows\System32\drivers\wachidrouter.sys [127512 2021-01-21] (WDKTestCert dant,132134237881206156 -> Wacom Technology, Corp.)
R3 wacomrouterfilter; C:\Windows\System32\drivers\wacomrouterfilter.sys [28680 2021-01-21] (WDKTestCert dant,132134237881206156 -> Wacom Technology, Corp.)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [49560 2021-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [421088 2021-04-11] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [72928 2021-04-11] (Microsoft Windows -> Microsoft Corporation)
U3 avgbdisk; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-20 14:58 - 2021-04-20 14:59 - 000000000 ____D C:\Users\Ryzen 5\Desktop\FRST
2021-04-20 14:58 - 2021-04-20 14:59 - 000000000 ____D C:\FRST
2021-04-20 14:43 - 2021-04-20 14:43 - 000198248 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2021-04-20 14:43 - 2021-04-20 14:43 - 000157944 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2021-04-20 14:43 - 2021-04-20 14:43 - 000077496 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2021-04-20 10:33 - 2021-04-20 10:33 - 000002070 _____ C:\Users\Ryzen 5\Desktop\Rkill.txt
2021-04-20 10:32 - 2021-04-20 10:33 - 001780224 _____ (Bleeping Computer, LLC) C:\Users\Ryzen 5\Desktop\rkill-unsigned.exe
2021-04-20 10:28 - 2021-04-20 10:28 - 000012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2021-04-20 10:26 - 2021-04-20 10:26 - 000057728 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2021-04-20 10:26 - 2021-04-20 10:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2021-04-20 10:26 - 2021-04-20 10:26 - 000000000 ____D C:\Program Files\HitmanPro
2021-04-20 10:25 - 2021-04-20 10:29 - 000000000 ____D C:\ProgramData\HitmanPro
2021-04-20 10:25 - 2021-04-20 10:25 - 011291072 _____ (SurfRight B.V.) C:\Users\Ryzen 5\Desktop\HitmanPro_x64.exe
2021-04-20 10:20 - 2021-04-20 14:59 - 000125444 _____ C:\Windows\ZAM.krnl.trace
2021-04-20 10:20 - 2021-04-20 14:39 - 000002526 _____ C:\Windows\system32\Tasks\AMHelper
2021-04-20 10:20 - 2021-04-20 14:39 - 000002218 _____ C:\Windows\system32\Tasks\AMSkipUAC
2021-04-20 10:20 - 2021-04-20 10:21 - 000000000 ____D C:\Users\Ryzen 5\AppData\Local\AMSDK
2021-04-20 10:20 - 2021-04-20 10:20 - 013922376 _____ (Zemana Ltd. ) C:\Users\Ryzen 5\Desktop\AntiMalware_Setup.exe
2021-04-20 10:20 - 2021-04-20 10:20 - 000232792 _____ (Copyright 2018.) C:\Windows\system32\Drivers\amsdk.sys
2021-04-20 10:20 - 2021-04-20 10:20 - 000000000 ____D C:\Users\Ryzen 5\AppData\Local\Zemana
2021-04-20 10:20 - 2021-04-20 10:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2021-04-20 10:20 - 2021-04-20 10:20 - 000000000 ____D C:\Program Files (x86)\Zemana
2021-04-20 10:17 - 2021-04-20 10:18 - 000000000 ____D C:\AdwCleaner
2021-04-20 10:17 - 2021-04-20 10:17 - 008534696 _____ (Malwarebytes) C:\Users\Ryzen 5\Desktop\adwcleaner_8.2.exe
2021-04-20 10:03 - 2021-04-20 10:03 - 008223726 _____ C:\Users\Ryzen 5\Downloads\273711 Stonebank - Stronger (feat. EMEL).osz
2021-04-20 07:54 - 2021-04-20 14:39 - 000003346 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-04-20 07:54 - 2021-04-20 14:39 - 000003122 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-04-20 07:54 - 2021-04-20 08:00 - 000000000 ____D C:\Program Files (x86)\Google
2021-04-20 07:54 - 2021-04-20 07:54 - 000002319 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-04-20 07:54 - 2021-04-20 07:54 - 000002278 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-04-20 07:54 - 2021-04-20 07:54 - 000002278 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-04-20 07:54 - 2021-04-20 07:54 - 000000000 ____D C:\Users\Ryzen 5\AppData\Local\Google
2021-04-20 07:54 - 2021-04-20 07:54 - 000000000 ____D C:\Program Files\Google
2021-04-20 07:53 - 2021-04-20 14:39 - 000003044 _____ C:\Windows\system32\Tasks\Antivirus Emergency Update
2021-04-20 07:53 - 2021-04-20 07:53 - 000850784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2021-04-20 07:53 - 2021-04-20 07:53 - 000522520 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgNetHub.sys
2021-04-20 07:53 - 2021-04-20 07:53 - 000467840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2021-04-20 07:53 - 2021-04-20 07:53 - 000365112 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriver.sys
2021-04-20 07:53 - 2021-04-20 07:53 - 000340224 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2021-04-20 07:53 - 2021-04-20 07:53 - 000327104 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2021-04-20 07:53 - 2021-04-20 07:53 - 000250408 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsh.sys
2021-04-20 07:53 - 2021-04-20 07:53 - 000215488 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2021-04-20 07:53 - 2021-04-20 07:53 - 000212344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
2021-04-20 07:53 - 2021-04-20 07:53 - 000180576 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2021-04-20 07:53 - 2021-04-20 07:53 - 000107920 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2021-04-20 07:53 - 2021-04-20 07:53 - 000099384 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniv.sys
2021-04-20 07:53 - 2021-04-20 07:53 - 000083008 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2021-04-20 07:53 - 2021-04-20 07:53 - 000041432 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgKbd.sys
2021-04-20 07:53 - 2021-04-20 07:53 - 000035816 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArDisk.sys
2021-04-20 07:53 - 2021-04-20 07:53 - 000016816 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgElam.sys
2021-04-20 07:53 - 2021-04-20 07:53 - 000002071 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG AntiVirus FREE.lnk
2021-04-20 07:53 - 2021-04-20 07:53 - 000002059 _____ C:\Users\Public\Desktop\AVG AntiVirus FREE.lnk
2021-04-20 07:53 - 2021-04-20 07:53 - 000002059 _____ C:\ProgramData\Desktop\AVG AntiVirus FREE.lnk
2021-04-20 07:53 - 2021-04-20 07:53 - 000000000 ____D C:\Windows\system32\Tasks\AVG
2021-04-20 07:53 - 2021-04-20 07:53 - 000000000 ____D C:\Users\Ryzen 5\AppData\Roaming\AVG
2021-04-20 07:53 - 2021-04-20 07:53 - 000000000 ____D C:\Program Files\Common Files\AVG
2021-04-20 07:53 - 2021-04-20 07:53 - 000000000 ____D C:\Program Files\AVG
2021-04-20 07:52 - 2021-04-20 14:43 - 000000000 ____D C:\ProgramData\AVG
2021-04-20 07:52 - 2021-04-20 07:52 - 000259344 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Ryzen 5\Desktop\avg_antivirus_free_setup.exe
2021-04-19 18:14 - 2021-04-20 14:43 - 000000000 ____D C:\Users\Ryzen 5\AppData\LocalLow\IGDump
2021-04-19 18:13 - 2021-04-20 09:13 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2021-04-19 18:13 - 2021-04-19 18:13 - 002078632 _____ (Malwarebytes) C:\Users\Ryzen 5\Desktop\MBSetup.exe
2021-04-19 18:13 - 2021-04-19 18:13 - 000220752 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2021-04-19 18:13 - 2021-04-19 18:13 - 000199128 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2021-04-19 18:13 - 2021-04-19 18:13 - 000019912 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2021-04-19 18:13 - 2021-04-19 18:13 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-04-19 18:13 - 2021-04-19 18:13 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-04-19 18:13 - 2021-04-19 18:13 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-04-19 18:13 - 2021-04-19 18:13 - 000000000 ____D C:\Users\Ryzen 5\AppData\Local\mbam
2021-04-19 18:13 - 2021-04-19 18:13 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-04-19 18:13 - 2021-04-19 18:13 - 000000000 ____D C:\Program Files\Malwarebytes
2021-04-19 16:55 - 2021-04-19 16:55 - 000000000 ___HD C:\$AV_ASW
2021-04-19 16:54 - 2021-04-20 10:43 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2021-04-19 16:54 - 2021-04-19 16:54 - 000002160 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2021-04-19 16:54 - 2021-04-19 16:54 - 000000000 ____D C:\Users\Ryzen 5\AppData\Roaming\Avast Software
2021-04-19 16:53 - 2021-04-20 14:43 - 000000000 ____D C:\ProgramData\Avast Software
2021-04-19 16:53 - 2021-04-20 14:39 - 000003042 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2021-04-19 16:53 - 2021-04-19 16:53 - 000850632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2021-04-19 16:53 - 2021-04-19 16:53 - 000522384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetHub.sys
2021-04-19 16:53 - 2021-04-19 16:53 - 000467720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2021-04-19 16:53 - 2021-04-19 16:53 - 000365024 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2021-04-19 16:53 - 2021-04-19 16:53 - 000339680 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2021-04-19 16:53 - 2021-04-19 16:53 - 000326992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2021-04-19 16:53 - 2021-04-19 16:53 - 000250336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2021-04-19 16:53 - 2021-04-19 16:53 - 000215352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2021-04-19 16:53 - 2021-04-19 16:53 - 000212192 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2021-04-19 16:53 - 2021-04-19 16:53 - 000180448 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2021-04-19 16:53 - 2021-04-19 16:53 - 000107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2021-04-19 16:53 - 2021-04-19 16:53 - 000099288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2021-04-19 16:53 - 2021-04-19 16:53 - 000082872 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2021-04-19 16:53 - 2021-04-19 16:53 - 000041296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2021-04-19 16:53 - 2021-04-19 16:53 - 000035664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2021-04-19 16:53 - 2021-04-19 16:53 - 000017352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswElam.sys
2021-04-19 16:53 - 2021-04-19 16:53 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2021-04-19 16:53 - 2021-04-19 16:53 - 000000000 ____D C:\Program Files\Avast Software
2021-04-19 15:44 - 2021-04-19 15:44 - 000000000 ____D C:\Users\Ryzen 5\AppData\Local\xmrig
2021-04-19 15:43 - 2021-04-20 08:03 - 000000000 _RSHD C:\ProgramData\IntelCore
2021-04-19 15:41 - 2021-04-19 18:17 - 000000000 _RSHD C:\ProgramData\SystemNetwork
2021-04-19 15:41 - 2021-04-19 18:17 - 000000000 ____D C:\Users\Ryzen 5\AppData\Roaming\Double
2021-04-19 15:41 - 2021-04-19 16:55 - 000000000 ____D C:\Users\Ryzen 5\AppData\Roaming\Realtek Sound Blaster
2021-04-19 15:41 - 2021-04-19 15:42 - 000000000 ____D C:\Users\Ryzen 5\AppData\Roaming\Software
2021-04-19 14:49 - 2021-04-19 14:49 - 000138926 _____ C:\Users\Ryzen 5\Downloads\WhatsApp Image 2021-04-19 at 12.09.25.jpeg
2021-04-19 14:01 - 2021-04-19 14:01 - 002880632 _____ C:\Users\Ryzen 5\Downloads\*****.webm
2021-04-17 19:41 - 2021-04-19 17:39 - 000000582 _____ C:\Users\Ryzen 5\Desktop\bes.ini
2021-04-17 19:41 - 2021-04-19 17:36 - 000000032 _____ C:\Users\Ryzen 5\Desktop\bes_sw.ini
2021-04-17 19:41 - 2021-01-24 02:25 - 000269312 _____ (hxxp://mion.faireal.net/BES/) C:\Users\Ryzen 5\Desktop\BES.exe
2021-04-17 19:12 - 2021-04-17 19:41 - 000302648 _____ C:\Users\Ryzen 5\Downloads\bes_1.7.8.zip
2021-04-17 14:31 - 2021-04-17 14:31 - 001375169 _____ C:\Users\Ryzen 5\Downloads\video0.mp4
2021-04-15 23:16 - 2021-04-15 23:16 - 000011357 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-04-15 23:15 - 2021-04-15 23:15 - 001823304 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2021-04-15 23:15 - 2021-04-15 23:15 - 000231248 _____ C:\Windows\system32\containerdevicemanagement.dll
2021-04-14 16:02 - 2021-04-14 16:02 - 000002166 _____ C:\Users\Ryzen 5\Downloads\nayu2.theme.css
2021-04-14 15:50 - 2021-04-14 15:50 - 066480404 _____ (BetterDiscord) C:\Users\Ryzen 5\Desktop\BetterDiscord-Windows.exe
2021-04-14 15:50 - 2021-04-14 15:50 - 000000000 ____D C:\Users\Ryzen 5\AppData\Roaming\BetterDiscord
2021-04-14 13:25 - 2021-04-14 13:25 - 000000000 ___HD C:\Users\Ryzen 5\Desktop\1
2021-04-14 13:00 - 2021-04-14 13:01 - 069885854 _____ C:\Users\Ryzen 5\Downloads\Video.zip
2021-04-13 18:15 - 2021-04-13 18:15 - 004221250 _____ C:\Users\Ryzen 5\Desktop\Kvalitatīvas prezentācijas veidošana1.pptx
2021-04-13 17:42 - 2021-04-13 18:15 - 004221252 _____ C:\Users\Ryzen 5\Downloads\Kvalitativas_prezentacijas_veidosana.pptx
2021-04-13 12:55 - 2021-04-13 12:55 - 000064007 _____ C:\Users\Ryzen 5\Downloads\free_robux (1).mp4
2021-04-12 14:40 - 2021-04-12 14:46 - 000001559 _____ C:\Users\Ryzen 5\Desktop\on the kyiv dynamo.txt
2021-04-12 12:09 - 2021-04-12 12:09 - 078522599 _____ C:\Users\Ryzen 5\Downloads\ffmpeg-4.4-essentials_build.zip
2021-04-12 12:09 - 2021-04-09 12:05 - 000000000 ____D C:\Program Files (x86)\ffmpeg
2021-04-12 12:04 - 2021-04-12 12:04 - 000538307 _____ C:\Users\Ryzen 5\Downloads\sleeper_agent_1.mp4
2021-04-12 10:31 - 2021-04-12 10:31 - 000000000 ____D C:\Users\Ryzen 5\Documents\Zoom
2021-04-11 20:59 - 2021-04-11 20:59 - 000038032 _____ C:\Windows\system32\Drivers\EQU8_HELPER_19.sys
2021-04-11 20:59 - 2021-04-11 20:59 - 000000000 ____D C:\Users\Ryzen 5\AppData\LocalLow\Landfall Games
2021-04-11 20:59 - 2021-04-11 20:59 - 000000000 ____D C:\ProgramData\EQU8
2021-04-09 22:37 - 2021-04-09 22:38 - 001970162 _____ C:\Users\Ryzen 5\Downloads\vitamīns b6.pptx
2021-04-09 10:03 - 2021-04-09 10:03 - 008225674 _____ C:\Users\Ryzen 5\Downloads\YouCut_20210326_085457832.mp4
2021-04-08 20:19 - 2021-04-08 20:20 - 159982756 _____ C:\Users\Ryzen 5\Downloads\TechnoMagic-20210408T171820Z-001.zip
2021-04-08 12:53 - 2021-04-08 12:53 - 000044002 _____ C:\Users\Ryzen 5\Downloads\Drausmigs.labs_piemers.pptx
2021-04-08 12:14 - 2021-04-08 12:14 - 039336116 _____ C:\Users\Ryzen 5\Downloads\Counter-Strike_ Global Offensive 2021-04-08 11-47-02.mp4
2021-04-07 14:51 - 2021-04-07 14:51 - 000000000 ____D C:\Users\Ryzen 5\AppData\Local\PAYDAY 2
2021-04-07 14:51 - 2021-04-07 14:51 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2021-04-07 14:51 - 2021-04-07 14:51 - 000000000 ____D C:\Program Files (x86)\AGEIA Technologies
2021-04-06 22:20 - 2021-04-06 22:20 - 079748042 _____ C:\Users\Ryzen 5\Downloads\48f0f114-ea4c-4be8-b635-ad8351827f27.dem.gz
2021-04-06 15:44 - 2021-04-14 21:05 - 000000000 ____D C:\Users\Ryzen 5\Downloads\PopcornTime
2021-04-06 15:42 - 2021-04-06 15:42 - 000001266 _____ C:\Users\Public\Desktop\Popcorn Time.lnk
2021-04-06 15:42 - 2021-04-06 15:42 - 000001266 _____ C:\ProgramData\Desktop\Popcorn Time.lnk
2021-04-04 16:08 - 2021-04-04 16:08 - 258924457 _____ C:\Users\Ryzen 5\Downloads\Сборка #ОтЗимыДоЗимы.rar
2021-04-03 11:13 - 2021-04-03 11:25 - 000000000 ____D C:\Users\Ryzen 5\Documents\Sound recordings
2021-04-01 08:22 - 2021-04-01 08:22 - 010738224 _____ C:\Users\Ryzen 5\Downloads\favade.zip
2021-04-01 08:21 - 2021-04-01 08:21 - 006967417 _____ C:\Users\Ryzen 5\Downloads\video0.mov
2021-03-29 18:26 - 2021-03-29 18:26 - 000000000 ____D C:\Users\Ryzen 5\AppData\Local\OneDrive
2021-03-29 13:04 - 2021-04-20 14:39 - 000003798 _____ C:\Windows\system32\Tasks\Opera GX scheduled assistant Autoupdate 1617012262
2021-03-28 10:48 - 2021-03-28 10:48 - 021623637 _____ C:\Users\Ryzen 5\Downloads\Presentation.pptx
2021-03-27 12:52 - 2021-03-27 12:52 - 000234253 _____ C:\Users\Ryzen 5\Downloads\WhatsApp Image 2021-03-27 at 10.52.07.jpeg
2021-03-26 12:45 - 2021-03-26 12:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2021-03-26 12:45 - 2021-03-26 12:45 - 000000000 ____D C:\Program Files\Speccy
2021-03-26 12:05 - 2021-04-20 14:39 - 000002374 _____ C:\Windows\system32\Tasks\StartCNBM
2021-03-26 12:04 - 2021-04-20 14:43 - 000003130 _____ C:\Windows\system32\Tasks\AMDInstallLauncher
2021-03-26 12:04 - 2021-03-26 12:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Software
2021-03-26 12:04 - 2021-03-26 12:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Bug Report Tool
2021-03-26 12:04 - 2021-03-10 22:43 - 002241008 _____ (AMD Inc.) C:\Windows\SysWOW64\AMDBugReportTool.exe
2021-03-26 12:02 - 2021-03-23 21:21 - 001857224 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2021-03-26 12:02 - 2021-03-23 21:21 - 001857224 _____ C:\Windows\system32\vulkaninfo.exe
2021-03-26 12:02 - 2021-03-23 21:21 - 001437920 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-03-26 12:02 - 2021-03-23 21:21 - 001437920 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2021-03-26 12:02 - 2021-03-23 21:21 - 001093104 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2021-03-26 12:02 - 2021-03-23 21:21 - 001093104 _____ C:\Windows\system32\vulkan-1.dll
2021-03-26 12:02 - 2021-03-23 21:21 - 000946272 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2021-03-26 12:02 - 2021-03-23 21:21 - 000946272 _____ C:\Windows\SysWOW64\vulkan-1.dll
2021-03-26 12:02 - 2021-03-23 21:21 - 000798928 _____ (AMD) C:\Windows\system32\atieclxx.exe
2021-03-26 12:02 - 2021-03-23 21:21 - 000735952 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Rapidfire64.dll
2021-03-26 12:02 - 2021-03-23 21:21 - 000620240 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\Rapidfire.dll
2021-03-26 12:02 - 2021-03-23 21:21 - 000495840 _____ C:\Windows\system32\GameManager64.dll
2021-03-26 12:02 - 2021-03-23 21:21 - 000492240 _____ C:\Windows\system32\dgtrayicon.exe
2021-03-26 12:02 - 2021-03-23 21:21 - 000467664 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2021-03-26 12:02 - 2021-03-23 21:21 - 000455376 _____ C:\Windows\system32\atieah64.exe
2021-03-26 12:02 - 2021-03-23 21:21 - 000431824 _____ C:\Windows\system32\EEURestart.exe
2021-03-26 12:02 - 2021-03-23 21:21 - 000379104 _____ C:\Windows\SysWOW64\GameManager32.dll
2021-03-26 12:02 - 2021-03-23 21:21 - 000350928 _____ C:\Windows\SysWOW64\atieah32.exe
2021-03-26 12:02 - 2021-03-23 21:21 - 000345808 _____ C:\Windows\system32\clinfo.exe
2021-03-26 12:02 - 2021-03-23 21:21 - 000244432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2021-03-26 12:02 - 2021-03-23 21:21 - 000212176 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2021-03-26 12:02 - 2021-03-23 21:21 - 000186064 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2021-03-26 12:02 - 2021-03-23 21:21 - 000166096 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2021-03-26 12:02 - 2021-03-23 21:21 - 000165584 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2021-03-26 12:02 - 2021-03-23 21:21 - 000155856 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2021-03-26 12:02 - 2021-03-23 21:21 - 000141536 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2021-03-26 12:02 - 2021-03-23 21:21 - 000139984 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2021-03-26 12:02 - 2021-03-23 21:21 - 000134864 _____ (AMD) C:\Windows\system32\atimuixx.dll
2021-03-26 12:02 - 2021-03-23 21:21 - 000124624 _____ C:\Windows\system32\atidxx64.dll
2021-03-26 12:02 - 2021-03-23 21:21 - 000106704 _____ C:\Windows\SysWOW64\atidxx32.dll
2021-03-26 12:02 - 2021-03-23 21:21 - 000089808 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mcl64.dll
2021-03-26 12:02 - 2021-03-23 21:21 - 000074448 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mcl32.dll
2021-03-26 12:02 - 2021-03-23 21:21 - 000045768 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\RapidFireServer64.dll
2021-03-26 12:02 - 2021-03-23 21:21 - 000042696 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\RapidFireServer.dll
2021-03-26 12:02 - 2021-03-23 21:21 - 000019248 _____ (Microsoft Corporation) C:\Windows\system32\detoured.dll
2021-03-26 12:02 - 2021-03-23 21:21 - 000019240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\detoured.dll
2021-03-26 12:02 - 2021-03-23 21:20 - 081414864 _____ C:\Windows\system32\amd_comgr.dll
2021-03-26 12:02 - 2021-03-23 21:20 - 066865360 _____ C:\Windows\SysWOW64\amd_comgr32.dll
2021-03-26 12:02 - 2021-03-23 21:20 - 005221584 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amfrt64.dll
2021-03-26 12:02 - 2021-03-23 21:20 - 001492176 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiacm64.dll
2021-03-26 12:02 - 2021-03-23 21:20 - 001338592 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2021-03-26 12:02 - 2021-03-23 21:20 - 001338592 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2021-03-26 12:02 - 2021-03-23 21:20 - 000940240 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2021-03-26 12:02 - 2021-03-23 21:20 - 000767696 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2021-03-26 12:02 - 2021-03-23 21:20 - 000465616 _____ C:\Windows\system32\amdlogum.exe
2021-03-26 12:02 - 2021-03-23 21:20 - 000181472 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2021-03-26 12:02 - 2021-03-23 21:20 - 000157728 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2021-03-26 12:02 - 2021-03-23 21:20 - 000149200 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2021-03-26 12:02 - 2021-03-23 21:20 - 000129744 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2021-03-26 12:02 - 2021-03-23 21:20 - 000121552 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdxc64.dll
2021-03-26 12:02 - 2021-03-23 21:20 - 000106192 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdxc32.dll
2021-03-26 12:02 - 2021-03-23 21:20 - 000069328 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ati2erec.dll
2021-03-26 12:02 - 2021-03-23 21:19 - 072437968 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdhip64.dll
2021-03-26 12:02 - 2021-03-23 21:19 - 001685080 _____ (AMD) C:\Windows\system32\amf-mft-mjpeg-decoder64.dll
2021-03-26 12:02 - 2021-03-23 21:19 - 001364432 _____ (AMD) C:\Windows\SysWOW64\amf-mft-mjpeg-decoder32.dll
2021-03-26 12:02 - 2021-03-23 21:19 - 000546256 _____ C:\Windows\system32\amdmiracast.dll
2021-03-26 12:02 - 2021-03-23 21:19 - 000488656 _____ C:\Windows\system32\amdgfxinfo64.dll
2021-03-26 12:02 - 2021-03-23 21:19 - 000379088 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2021-03-26 12:02 - 2021-03-23 21:19 - 000135376 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2021-03-26 12:02 - 2021-03-23 21:19 - 000129696 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2021-03-26 12:02 - 2021-03-23 21:19 - 000129696 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2021-03-26 12:02 - 2021-03-23 21:19 - 000119744 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2021-03-26 12:02 - 2021-03-23 21:19 - 000107712 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2021-03-26 12:02 - 2021-03-23 21:19 - 000107712 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2021-03-26 12:02 - 2021-03-23 19:48 - 058675112 _____ C:\Windows\system32\amdxc64.so
2021-03-26 12:02 - 2021-03-23 19:48 - 003471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2021-03-26 12:02 - 2021-03-23 19:48 - 003437632 _____ C:\Windows\system32\atiumd6a.cap
2021-03-26 12:02 - 2021-03-23 19:48 - 000556128 _____ C:\Windows\SysWOW64\atiapfxx.blb
2021-03-26 12:02 - 2021-03-23 19:48 - 000556128 _____ C:\Windows\system32\atiapfxx.blb

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-20 14:59 - 2021-02-12 12:29 - 000000000 ____D C:\Users\Ryzen 5\AppData\Roaming\discord
2021-04-20 14:47 - 2021-02-12 17:29 - 000000000 ____D C:\Users\Ryzen 5\AppData\Roaming\FACEIT
2021-04-20 14:47 - 2021-02-12 12:29 - 000000000 ____D C:\Users\Ryzen 5\AppData\Local\Discord
2021-04-20 14:43 - 2021-03-14 13:48 - 000000000 ____D C:\Users\Ryzen 5\AppData\Roaming\WTablet
2021-04-20 14:43 - 2021-02-28 11:57 - 000003114 _____ C:\Windows\system32\Tasks\AMDLinkUpdate
2021-04-20 14:43 - 2021-02-12 12:43 - 000003530 _____ C:\Windows\system32\Tasks\HyperXRamApp
2021-04-20 14:43 - 2021-02-12 11:31 - 000000000 ___RD C:\Users\Ryzen 5\OneDrive
2021-04-20 14:43 - 2019-12-07 12:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-04-20 14:42 - 2021-02-12 14:32 - 000000000 ____D C:\Program Files (x86)\Steam
2021-04-20 14:42 - 2021-02-12 11:42 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2021-04-20 14:42 - 2020-09-27 17:34 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-04-20 14:42 - 2020-09-27 17:33 - 000008192 ___SH C:\DumpStack.log.tmp
2021-04-20 14:42 - 2019-12-07 12:03 - 000524288 _____ C:\Windows\system32\config\BBI
2021-04-20 14:39 - 2021-02-28 11:57 - 000002672 _____ C:\Windows\system32\Tasks\ModifyLinkUpdate
2021-04-20 14:39 - 2021-02-28 11:57 - 000002202 _____ C:\Windows\system32\Tasks\StartCN
2021-04-20 14:39 - 2021-02-28 11:57 - 000002122 _____ C:\Windows\system32\Tasks\StartDVR
2021-04-20 14:39 - 2021-02-14 00:13 - 000003096 _____ C:\Windows\system32\Tasks\updater
2021-04-20 14:39 - 2021-02-12 12:09 - 000003534 _____ C:\Windows\system32\Tasks\Opera GX scheduled Autoupdate 1613120943
2021-04-20 14:39 - 2021-02-12 11:59 - 000003310 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{23313F3D-82CB-4521-89F6-B6D688F62E51}
2021-04-20 14:39 - 2021-02-12 11:31 - 000002854 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2659368783-938232062-148181124-1001
2021-04-20 14:39 - 2021-02-12 11:27 - 000002850 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2659368783-938232062-148181124-500
2021-04-20 14:39 - 2020-09-27 17:36 - 000003408 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-20 14:39 - 2020-09-27 17:36 - 000003184 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-04-20 12:13 - 2020-09-27 17:33 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-04-20 09:17 - 2021-02-12 11:40 - 000795738 _____ C:\Windows\system32\PerfStringBackup.INI
2021-04-20 09:17 - 2019-12-07 12:13 - 000000000 ____D C:\Windows\INF
2021-04-20 09:09 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\LiveKernelReports
2021-04-20 07:53 - 2019-12-07 12:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-04-19 23:26 - 2021-02-12 12:09 - 000001502 _____ C:\Users\Ryzen 5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera GX Browser.lnk
2021-04-19 23:23 - 2021-02-12 11:30 - 000000000 ____D C:\Users\Ryzen 5
2021-04-19 23:23 - 2019-12-07 12:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-04-19 23:23 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\AppReadiness
2021-04-19 20:59 - 2019-12-07 12:03 - 000000000 ____D C:\Windows\CbsTemp
2021-04-19 17:50 - 2021-02-12 12:00 - 000000000 ____D C:\Users\Ryzen 5\AppData\Local\AMD_Common
2021-04-19 17:27 - 2021-02-12 13:21 - 000000000 ____D C:\Users\Ryzen 5\Desktop\⠀
2021-04-19 16:57 - 2020-09-27 17:33 - 000299536 _____ C:\Windows\system32\FNTCACHE.DAT
2021-04-19 16:56 - 2019-12-07 12:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-04-19 16:56 - 2019-12-07 12:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2021-04-19 16:56 - 2019-12-07 12:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-04-19 16:56 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\SystemResources
2021-04-19 16:56 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\system32\setup
2021-04-19 16:56 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\system32\oobe
2021-04-19 16:56 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\system32\lv-LV
2021-04-19 16:56 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\system32\lt-LT
2021-04-19 16:56 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\system32\et-EE
2021-04-19 16:56 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\system32\es-MX
2021-04-19 16:56 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\Provisioning
2021-04-19 16:56 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2021-04-19 16:56 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\bcastdvr
2021-04-19 16:54 - 2021-02-14 22:28 - 000000000 ____D C:\Users\Ryzen 5\AppData\Local\Battle.net
2021-04-19 16:24 - 2021-03-05 01:42 - 000000000 ____D C:\Users\Ryzen 5\AppData\Local\CrashDumps
2021-04-19 15:11 - 2021-02-12 11:30 - 000000000 ____D C:\Users\Ryzen 5\AppData\Local\Packages
2021-04-18 03:11 - 2021-02-12 12:28 - 000000000 ____D C:\Program Files\Microsoft Office
2021-04-18 01:47 - 2021-02-18 13:59 - 000000000 ____D C:\Users\Ryzen 5\AppData\Roaming\Leppsoft
2021-04-16 17:55 - 2020-09-27 17:36 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-04-15 23:15 - 2020-09-27 17:36 - 002877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2021-04-15 23:10 - 2021-02-12 11:37 - 000000000 ____D C:\Windows\system32\MRT
2021-04-15 23:08 - 2021-02-12 11:37 - 131963968 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-04-14 19:33 - 2021-02-12 11:51 - 000000000 ____D C:\Users\Ryzen 5\AppData\Local\D3DSCache
2021-04-14 19:28 - 2021-02-12 14:54 - 000000000 ____D C:\Users\Ryzen 5\AppData\Roaming\.minecraft
2021-04-11 22:27 - 2020-09-27 17:34 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-04-11 22:06 - 2021-03-01 13:37 - 000000000 ____D C:\Users\Ryzen 5\AppData\Local\Ubisoft Game Launcher
2021-04-11 20:58 - 2021-02-12 14:38 - 000000000 ____D C:\Users\Ryzen 5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-04-11 10:45 - 2021-02-12 17:33 - 010913184 _____ C:\Windows\system32\Drivers\FACEIT.sys
2021-04-06 15:42 - 2021-02-17 18:07 - 000000000 ____D C:\Program Files (x86)\Popcorn Time
2021-04-06 14:22 - 2021-02-19 10:17 - 000002374 _____ C:\Users\Ryzen 5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-04-06 13:18 - 2021-03-17 09:32 - 000000000 ____D C:\Users\Ryzen 5\Desktop\soundpad
2021-04-06 12:08 - 2021-02-12 11:30 - 000002369 _____ C:\Users\Ryzen 5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-03 04:03 - 2021-02-12 17:29 - 000000000 ____D C:\Users\Ryzen 5\AppData\Local\FACEITApp
2021-04-01 18:04 - 2021-02-14 22:26 - 000000000 ____D C:\Program Files (x86)\Battle.net
2021-04-01 10:40 - 2021-02-12 12:42 - 000000000 ____D C:\Users\Ryzen 5\AppData\Local\PlaceholderTileLogoFolder
2021-03-26 12:07 - 2021-02-12 11:51 - 000000000 ____D C:\Users\Ryzen 5\AppData\Local\AMD
2021-03-26 12:05 - 2021-02-12 11:59 - 000000000 ____D C:\Users\Ryzen 5\AppData\LocalLow\AMD
2021-03-26 12:05 - 2021-02-12 11:41 - 000000000 ____D C:\Program Files\AMD
2021-03-26 12:02 - 2021-02-28 11:52 - 000000000 ____D C:\AMD
2021-03-23 21:20 - 2021-02-12 00:08 - 004986592 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amfrt32.dll
2021-03-23 21:20 - 2021-02-12 00:08 - 001766608 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2021-03-23 21:20 - 2021-02-12 00:08 - 000201512 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdihk64.dll
2021-03-23 21:20 - 2021-02-12 00:08 - 000169064 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdihk32.dll
2021-03-22 11:58 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\system32\Sysprep

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 

Addition.txt

Link to post
Share on other sites

Hiya KyoujinN,

Thanks for the FRST logs,  AdwCleaner log is not correct, can you get correct log, logs are saved to C:\AdwCleaner\logs folder. file will be appended [S00] for scan and [C00] for cleaning option log. The numerals in the appended brackets will change as number of scans increases

Thank you,

Kevin..

Link to post
Share on other sites
  • Solution

Hiya KyoujinN,

Thanks for those logs, continue:

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.

NOTE. It's important that both files, FRST or FRSTEnglish, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed.

The following directories are emptied:
 
  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin


Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

user posted image

The system will be rebooted after the fix has run.

Next,

Download "Microsoft's Safety Scanner" and save direct to the desktop

Ensure to get the correct version for your system....

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download


Right click on the Tool, select Run as Administrator the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.


Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\msert.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

Let me see those logs in your reply...

Thank you,

Kevin...

fixlist.txt

Link to post
Share on other sites

Here is the following fixlog. To add, it did not seem that any cookies were deleted, since I opened the browser, all my previously closed tabs reappeared and I was either logged in, or was prompted to use the credentials for those sites.

Fixlog.txt

Link to post
Share on other sites

Yes, I use Opera GX, but I am not experiencing any issues with the browser, I was just a little confused by the fact that none of the cookies were deleted since that was one of the things mentioned after the FRST fix. 
Here is the log for from MSRT :
 

Microsoft Safety Scanner v1.335, (build 1.335.1390.0)
Started On Thu Apr 22 11:46:43 2021

Engine: 1.1.18000.5
Signatures: 1.335.1390.0
MpGear: 1.1.16330.1
Run Mode: Interactive Graphical Mode

Quick Scan Results:
-------------------
Threat Detected: VirTool:Win32/DefenderTamperingRestore and Removed!
  Action: Remove, Result: 0x00000000
    regkeyvalue://hklm\software\microsoft\windows defender\\DisableAntiSpyware
        SigSeq: 0x0000055555C57273

Results Summary:
----------------
Found VirTool:Win32/DefenderTamperingRestore and Removed!
Successfully Submitted MAPS Report
Successfully Submitted Heartbeat Report
Microsoft Safety Scanner Finished On Thu Apr 22 11:51:42 2021


Return code: 6 (0x6)

Link to post
Share on other sites

Hiya KyoujinN,

Yes I understand your confusion regarding cookies, I maybe should have clarified that point in the FRST script. Not all cookies are classed as malicious, the only ones I personally block are classed as 3rd party, I also clear all cookies and data when I close out my browser. I do not use Opera, I prefer FireFox...

With Opera you should open  “Settings” click “Advanced” Click “Privacy & Security” > “Site settings” > “Cookies and site data” You can toggle “Allow sites to save and read cookie data,” “Block third-party cookies,” and “Clear cookies and site data when you quit Opera” on or off.

Have a read at the following link regarding 1st, 2nd and 3rd party cookies...

https://cookie-script.com/all-you-need-to-know-about-third-party-cookies.html

What is the current status of your PC, do you have any remaining issues or concerns...

Thank you,

Kevin..

Link to post
Share on other sites

I consider most of my problems fixed, but there are 2 things but they are nitpicky:
1. Everytime I open task manager the CPU usage jumps to high 90% (I've read that this is just task manager loading up app info and the CPU handling it so doubt it is anything noteworthy)
2. Everytime I select with the selection tool (the blue thing) it stays hanging even if I unclick when I keep moving my mouse (Probably a windows bug, but better shown on a recording since its hard to explain).
Other than that there are no other noticeable problems.

Link to post
Share on other sites

Hiya KyoujinN,

Yes the TaskManager issue is very common and not really a problem, it seems to be a Windows 10 gliche...

Regarding the short video of the selection or blue thing as you describe, I`m not really sure what is happening. i`ve tried create the same thing on my desktop through mouse and touchpad settings, unfortunately I cannot get that to happen on my PC... Maybe is worthwhile posting a thread to the General Windows PC help forum, attach the video you created maybe one of the Windows guys will have the answer...

 
Continue to clean up:
 
Right click on FRST here: C:\Users\Ryzen 5\Desktop\FRST\FRST.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator"

If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST to uninstall

That action will remove FRST and all created files and folders...

Next,

Remove all System Restore Points: https://www.tenforums.com/tutorials/33593-delete-system-restore-points-windows-10-a.html#option2

Create clean fresh Restore Point: http://www.thewindowsclub.com/create-system-restore-point

Run Windows Disk Clean Up Utility - https://neosmart.net/wiki/disk-cleanup/

Condsider the following:

Malwarebytes Browser Guard (Free) for Firefox: https://addons.mozilla.org/en-GB/firefox/addon/malwarebytes/

Malwarebytes Browser Guard (Free) for Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee This link can also be used for Opera and Edge...

PatchMyPC, keep all your software upto date - https://patchmypc.com/home-updater#download

From there you should be good to go...

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
 
 
Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.