Windows 10 OS hijack and privilege escalation making PC life impossible!

CarrotKomii · May 19, 2021

I recently installed linux to post this because these people are in some way re routing my posts so I only have my farbar logs that are unchanged to work with. I can access the windows partition at any time but doing so exposes me I hope that copy and pasting my farbar scan will be alright and not be a dealbreaker for help.

I have ran other scans with NoVirusThanks Malware scanner and Hijack Hunter. They all point towards an OS hijack or a hijack. I know IE explorer is opened by default at start to a very modified search page and winlogin is in HKEY registry so something including persistence, is going on there before I even log in. This has been a very persistent threat through the year and I was hoping this program would help me but it found nothing. I believe there is a reverse shell of some type to communicate to the C2 but I have no idea how to navigate registry keys and values. The only thing that keeps me relatively safe is a software firewall, OS armor, and a system hardener. The most damning evidence is a lot of WAN virtual hardware components in device manager.

I also note shells on the registry with associations to notepad and wordpad as well as possible hijack threats with alternate data streams.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-05-2021

Ran by Enraged Komii (administrator) on DESKTOP-XIVLOV (ASUS System Product Name) (17-05-2021 06:18:31)

Running from C:\Users\Enraged Komii\Desktop

Loaded Profiles: Enraged Komii

Platform: Windows 10 Home Version 20H2 19042.631 (X64) Language: English (United States)

Default browser: Chrome

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0360470.inf_amd64_35c64671e7fac064\B360357\atieclxx.exe

(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0360470.inf_amd64_35c64671e7fac064\B360357\atiesrxx.exe

(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe

(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avrestart.exe

(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe

(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe

(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe

(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe

(FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderUpdateService.exe

(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <92>

(Malwarebytes Inc -> Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe

(Malwarebytes Inc -> Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe

(Malwarebytes Inc -> Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe

(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Windows Firewall Control\wfc.exe

(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Windows Firewall Control\wfcs.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\WinStore.App.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe <2>

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe

(Microsoft Windows Publisher -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(Microsoft Windows Publisher -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe

(NoVirusThanks Company Srl -> NoVirusThanks Company Srl) C:\Program Files (x86)\NoVirusThanks\NVT License Manager\NVTLicenseManager.exe

(NoVirusThanks Company Srl -> NoVirusThanks Company Srl) C:\Program Files\NoVirusThanks\AntiAutoExecSvc\AntiAutoExecSvc.exe

(NoVirusThanks Company Srl -> NoVirusThanks Company Srl) C:\Program Files\NoVirusThanks\OSArmorDevSvc\NVTHelperProcess.exe

(NoVirusThanks Company Srl -> NoVirusThanks Company Srl) C:\Program Files\NoVirusThanks\OSArmorDevSvc\OSArmorDevSvc.exe

(NoVirusThanks Company Srl -> NoVirusThanks Company Srl) C:\Program Files\NoVirusThanks\OSArmorDevSvc\OSArmorDevUI.exe

(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe

(Support.com Inc -> SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

(Tweaking LLC -> Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe

(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <4>

(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Malwarebytes Windows Firewall Control] => C:\Program Files\Malwarebytes\Windows Firewall Control\wfc.exe [644784 2021-05-16] (Malwarebytes Inc -> Malwarebytes)

HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files\KeePass Password Safe 2\KeePass.exe [3160256 2021-05-10] (Open Source Developer, Dominik Reichl -> Dominik Reichl)

HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [706192 2021-04-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2481832 2021-03-09] (Malwarebytes Inc -> Malwarebytes Corporation)

HKLM\...\Policies\Explorer: [NoAutorun] 1

HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1

HKU\S-1-5-21-493650543-2281245640-4285239019-1001\...\Run: [NoVirusThanks Malware Remover Free Startup] => [X]

HKU\S-1-5-21-493650543-2281245640-4285239019-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4087528 2021-04-12] (Valve -> Valve Corporation)

HKU\S-1-5-21-493650543-2281245640-4285239019-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [11221496 2021-04-19] (Support.com Inc -> SUPERAntiSpyware)

HKU\S-1-5-21-493650543-2281245640-4285239019-1001\...\Policies\Explorer: [NoAutorun] 1

HKU\S-1-5-21-493650543-2281245640-4285239019-1001\...\Policies\Explorer: [NoSetActiveDesktop] 0

HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\90.0.4430.212\Installer\chrmstp.exe [2021-05-16] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07B8B7F3-371A-402C-8969-31C52CD77640} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-05-16] (Google LLC -> Google LLC)

Task: {2CF881B7-48BA-4589-8BA6-F1864202C62F} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [220816 2019-09-30] (Tweaking LLC -> Tweaking.com)

Task: {46E56351-8432-463E-86F1-53EFD7D053B3} - System32\Tasks\Revo Uninstaller Pro Hunter Mode => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe [24815632 2021-03-04] (VS Revo Group Ltd. -> VS Revo Group)

Task: {BA348972-E5E5-43E4-8979-DF79218C4730} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-493650543-2281245640-4285239019-500 => C:\Users\Enraged Komii\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe

Task: {D13E9ADB-DE10-4C2C-8B57-31E0C3B3DEB8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-05-16] (Google LLC -> Google LLC)

Task: {DC035AFE-DA1E-4DA1-AA4C-A696B771C592} - System32\Tasks\SUPERAntiSpyware Scheduled Task 6e198372-aefd-4e19-a834-40ad6eb804eb => C:\Program Files\SUPERAntiSpyware\SASTask.exe [49944 2021-01-09] (SUPERAntiSpyware.com -> SUPERAdBlocker.com) -> "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:6e198372-aefd-4e19-a834-40ad6eb804eb

Task: {E258F94E-FD8E-4311-B42A-454062FDF8FF} - System32\Tasks\SUPERAntiSpyware Scheduled Task eb71569e-56ad-4c9e-9e9f-bc80b3e75112 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [49944 2021-01-09] (SUPERAntiSpyware.com -> SUPERAdBlocker.com) -> "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:eb71569e-56ad-4c9e-9e9f-bc80b3e75112

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 6e198372-aefd-4e19-a834-40ad6eb804eb.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task eb71569e-56ad-4c9e-9e9f-bc80b3e75112.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{f2b765da-57f9-4533-8a95-50052688a5fb}: [NameServer] 208.67.222.222,208.67.220.220

Tcpip\..\Interfaces\{f2b765da-57f9-4533-8a95-50052688a5fb}: [DhcpNameServer] 192.168.0.1

Edge:

=======

Edge Profile: C:\Users\Enraged Komii\AppData\Local\Microsoft\Edge\User Data\Default [2021-05-16]

FireFox:

========

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2021-04-26] (FOXIT SOFTWARE INC. -> Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2021-04-26] (FOXIT SOFTWARE INC. -> Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2021-04-26] (FOXIT SOFTWARE INC. -> Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2021-04-26] (FOXIT SOFTWARE INC. -> Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2021-04-26] (FOXIT SOFTWARE INC. -> Foxit Corporation)

Chrome:

=======

CHR DefaultProfile: Profile 1

CHR Profile: C:\Users\Enraged Komii\AppData\Local\Google\Chrome\User Data\Default [2021-05-17]

CHR Extension: (Google Docs Offline) - C:\Users\Enraged Komii\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-05-16]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Enraged Komii\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-05-16]

CHR Extension: (Chrome Media Router) - C:\Users\Enraged Komii\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-05-16]

CHR Profile: C:\Users\Enraged Komii\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-05-17]

CHR Profile: C:\Users\Enraged Komii\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-05-17]

CHR DownloadDir: E:\

CHR Notifications: Profile 1 -> hxxps://mail.google.com

CHR Extension: (Cluster - Window & Tab Manager) - C:\Users\Enraged Komii\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aadahadfdmiibmdhfmpbeeebejmjnkef [2021-05-16]

CHR Extension: (Slides) - C:\Users\Enraged Komii\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-05-16]

CHR Extension: (No-Script Suite Lite) - C:\Users\Enraged Komii\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ahnanjpbkghcdgmlchbcfoiefnifjeni [2021-05-16]

CHR Extension: (Docs) - C:\Users\Enraged Komii\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2021-05-16]

CHR Extension: (Google Drive) - C:\Users\Enraged Komii\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-05-16]

CHR Extension: (AdGuard AdBlocker) - C:\Users\Enraged Komii\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2021-05-16]

CHR Extension: (YouTube) - C:\Users\Enraged Komii\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-05-16]

CHR Extension: (Sheets) - C:\Users\Enraged Komii\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-05-16]

CHR Extension: (HTTPS Everywhere) - C:\Users\Enraged Komii\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2021-05-16]

CHR Extension: (Google Docs Offline) - C:\Users\Enraged Komii\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-05-16]

CHR Extension: (Black carbon + silver metal) - C:\Users\Enraged Komii\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lodhggoaglindpoejnjldimdlikkphph [2021-05-16]

CHR Extension: (Save to Pocket) - C:\Users\Enraged Komii\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2021-05-16]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Enraged Komii\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-05-16]

CHR Extension: (Gmail) - C:\Users\Enraged Komii\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-05-16]

CHR Extension: (Chrome Media Router) - C:\Users\Enraged Komii\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-05-16]

CHR Extension: (Privacy Badger) - C:\Users\Enraged Komii\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2021-05-16]

CHR Profile: C:\Users\Enraged Komii\AppData\Local\Google\Chrome\User Data\System Profile [2021-05-17]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2021-01-09] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)

R2 AntiAutoExecSvc; C:\Program Files\NoVirusThanks\AntiAutoExecSvc\AntiAutoExecSvc.exe [2241768 2018-10-24] (NoVirusThanks Company Srl -> NoVirusThanks Company Srl)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1208432 2021-03-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

S2 AntivirProtectedService; C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe [537472 2021-03-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [484904 2021-03-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [484904 2021-03-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

S4 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [575776 2021-02-24] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

S2 AsusUpdateCheck; C:\Windows\System32\AsusUpdateCheck.exe [838760 2021-05-17] (ASUSTeK Computer Inc. -> )

R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [634768 2021-04-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

R2 FoxitReaderUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderUpdateService.exe [2356800 2021-04-20] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)

R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [152744 2021-03-09] (Malwarebytes Inc -> Malwarebytes Corporation)

R2 NVTLicenseManager; C:\Program Files (x86)\NoVirusThanks\NVT License Manager\NVTLicenseManager.exe [4417680 2021-01-03] (NoVirusThanks Company Srl -> NoVirusThanks Company Srl)

R2 OSArmorDevSvc; C:\Program Files\NoVirusThanks\OSArmorDevSvc\OSArmorDevSvc.exe [7117264 2021-04-15] (NoVirusThanks Company Srl -> NoVirusThanks Company Srl)

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 wfcs; C:\Program Files\Malwarebytes\Windows Firewall Control\wfcs.exe [125104 2021-05-16] (Malwarebytes Inc -> Malwarebytes)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)

S2 edgeupdate; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc [X]

S3 edgeupdatem; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 akbmojne; C:\Windows\system32\drivers\akbmojne.sys [50416 2021-05-17] (Microsoft Windows -> Microsoft Corporation)

S1 akggoapm; C:\Windows\system32\drivers\akggoapm.sys [50416 2021-05-17] (Microsoft Windows -> Microsoft Corporation)

U5 AntiAutoExecDrv; C:\Windows\system32\drivers\AntiAutoExecDrv.sys [26576 2021-05-17] (NoVirusThanks Company Srl -> NoVirusThanks Company Srl)

R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [78936 2019-06-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [209744 2021-03-25] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [199312 2021-02-09] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [46704 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [89736 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [45472 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [199128 2021-03-09] (Malwarebytes Inc -> Malwarebytes)

U5 NVTInjDrv; C:\Windows\system32\drivers\NVTInjDrv.sys [15480 2021-05-16] (NoVirusThanks Company Srl -> NoVirusThanks Company Srl)

U5 osadevprotect; C:\Windows\system32\drivers\osadevprotect.sys [25440 2021-05-17] (NoVirusThanks Company Srl -> NoVirusThanks Company Srl)

U5 OSArmorDevDrv; C:\Windows\system32\drivers\OSArmorDevDrv.sys [26576 2021-05-17] (NoVirusThanks Company Srl -> NoVirusThanks Company Srl)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)

S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

U4 diagtrack; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-17 06:18 - 2021-05-17 06:18 - 000019864 _____ C:\Users\Enraged Komii\Desktop\FRST.txt

2021-05-17 06:18 - 2021-05-17 06:18 - 000000000 ____D C:\FRST

2021-05-17 06:14 - 2021-05-17 06:14 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Enraged Komii\Desktop\rkill.exe

2021-05-17 06:13 - 2021-05-17 06:13 - 002299392 _____ (Farbar) C:\Users\Enraged Komii\Desktop\FRST64.exe

2021-05-17 06:12 - 2021-05-17 06:12 - 002023440 _____ C:\Users\Enraged Komii\Desktop\dixmlsetup.exe

2021-05-17 06:07 - 2021-05-17 06:07 - 000380928 _____ C:\Users\Enraged Komii\Desktop\osv0wuom.exe

2021-05-17 06:00 - 2021-05-17 06:00 - 000062023 _____ C:\black_list.pdf

2021-05-17 05:28 - 2021-05-17 05:28 - 068157440 _____ C:\Windows\system32\config\SOFTWARE

2021-05-17 05:25 - 2021-05-17 05:28 - 000000000 ____D C:\Windows\Microsoft Antimalware

2021-05-17 04:30 - 2021-05-17 04:30 - 000000112 ___SH C:\bootTel.dat

2021-05-17 04:12 - 2021-05-17 04:12 - 000000830 _____ C:\Users\Enraged Komii\Desktop\New Text Document.txt

2021-05-17 04:01 - 2021-05-17 04:01 - 000000138 _____ C:\Users\Enraged Komii\Desktop\Torchlight III.url

2021-05-17 03:55 - 2021-05-17 03:55 - 000000000 ____D C:\Users\Enraged Komii\Desktop\newfold

2021-05-17 03:52 - 2021-05-17 03:52 - 000000000 ____D C:\Users\Enraged Komii\AppData\Roaming\Curiolab

2021-05-17 03:13 - 2021-05-17 04:17 - 000000000 ____D C:\Program Files\Exterminate It!

2021-05-17 03:13 - 2021-05-17 03:13 - 000000927 _____ C:\Users\Public\Desktop\Exterminate It!.lnk

2021-05-17 03:13 - 2021-05-17 03:13 - 000000927 _____ C:\ProgramData\Desktop\Exterminate It!.lnk

2021-05-17 03:13 - 2021-05-17 03:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exterminate It!

2021-05-17 03:12 - 2021-05-17 03:12 - 021919064 _____ (Curio Systems GmbH) C:\Users\Enraged Komii\Desktop\ExterminateItSetup (1).exe

2021-05-17 03:11 - 2021-05-17 03:11 - 021919064 _____ (Curio Systems GmbH) C:\Users\Enraged Komii\Desktop\ExterminateItSetup.exe

2021-05-17 03:08 - 2021-05-17 03:08 - 005659583 _____ (Swearware) C:\Users\Enraged Komii\Desktop\ComboFix.exe

2021-05-17 03:02 - 2021-05-17 03:02 - 000410316 _____ C:\Users\Enraged Komii\Desktop\Fixdows-1.2.zip

2021-05-17 03:00 - 2021-05-17 03:00 - 000050688 _____ (Atribune.org) C:\Users\Enraged Komii\Desktop\ATF-Cleaner.exe

2021-05-17 02:02 - 2021-05-17 02:02 - 821044114 _____ C:\Windows\MEMORY.DMP

2021-05-17 02:02 - 2021-05-17 02:02 - 000859124 _____ C:\Windows\Minidump\051721-12109-01.dmp

2021-05-17 02:02 - 2021-05-17 02:02 - 000000000 ____D C:\Windows\Minidump

2021-05-17 01:50 - 2021-05-17 02:02 - 000000556 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task eb71569e-56ad-4c9e-9e9f-bc80b3e75112.job

2021-05-17 01:50 - 2021-05-17 02:02 - 000000556 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 6e198372-aefd-4e19-a834-40ad6eb804eb.job

2021-05-17 01:50 - 2021-05-17 01:50 - 000003810 _____ C:\Windows\system32\Tasks\SUPERAntiSpyware Scheduled Task eb71569e-56ad-4c9e-9e9f-bc80b3e75112

2021-05-17 01:50 - 2021-05-17 01:50 - 000003728 _____ C:\Windows\system32\Tasks\SUPERAntiSpyware Scheduled Task 6e198372-aefd-4e19-a834-40ad6eb804eb

2021-05-17 01:50 - 2021-05-17 01:50 - 000000000 ____D C:\Users\Enraged Komii\AppData\Roaming\SUPERAntiSpyware.com

2021-05-17 01:47 - 2021-05-17 01:48 - 000000000 ____D C:\Windows\SoftwareDistribution.old

2021-05-17 01:44 - 2021-05-17 01:44 - 000001109 _____ C:\Users\Enraged Komii\Desktop\Win Update Fixer.lnk

2021-05-17 01:11 - 2021-05-17 02:06 - 000000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit

2021-05-17 01:11 - 2021-05-17 01:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit

2021-05-17 01:11 - 2021-05-17 01:11 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit

2021-05-16 17:47 - 2021-05-16 15:45 - 005711824 _____ (COMODO) C:\Users\Enraged Komii\Desktop\cfw_installer.exe

2021-05-16 17:47 - 2021-05-16 15:34 - 002106568 _____ (Malwarebytes ) C:\Users\Enraged Komii\Desktop\mbae-setup-1.13.1.345.exe

2021-05-16 17:47 - 2021-05-16 15:31 - 000295520 _____ (Kaspersky Lab ZAO) C:\Users\Enraged Komii\Desktop\salitykiller.exe

2021-05-16 17:43 - 2021-05-16 17:43 - 000000137 _____ C:\Users\Enraged Komii\Desktop\Grim Dawn.url

2021-05-16 17:30 - 2021-05-16 17:30 - 000000396 _____ C:\Users\Enraged Komii\Desktop\itshur.txtgggg.html

2021-05-16 17:30 - 2021-05-16 17:30 - 000000131 _____ C:\Users\Enraged Komii\Desktop\itshur.txt

2021-05-16 17:25 - 2021-05-17 01:40 - 000795738 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2021-05-16 17:22 - 2021-05-16 17:22 - 000000207 _____ C:\Windows\tweaking.com-regbackup-DESKTOP-XIVLOV-Windows-10-Home-(64-bit).dat

2021-05-16 17:22 - 2021-05-16 17:22 - 000000000 ____D C:\RegBackup

2021-05-16 17:18 - 2021-05-16 17:19 - 000000000 ____D C:\AdwCleaner

2021-05-16 17:10 - 2021-05-17 01:33 - 000000000 ____D C:\Users\Enraged Komii\AppData\Local\ElevatedDiagnostics

2021-05-16 17:08 - 2021-05-17 01:42 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job

2021-05-16 17:08 - 2021-05-16 17:08 - 000000000 ____D C:\Users\Enraged Komii\AppData\Local\MicrosoftEdge

2021-05-16 16:55 - 2021-05-17 01:44 - 000662706 _____ C:\Windows\ntbtlog.txt

2021-05-16 16:46 - 2021-05-16 16:46 - 000000137 _____ C:\Users\Enraged Komii\Desktop\OUTRIDERS.url

2021-05-16 16:45 - 2021-05-16 16:45 - 000000222 _____ C:\Users\Enraged Komii\Desktop\Pillars of Eternity.url

2021-05-16 16:44 - 2021-05-16 16:44 - 000000223 _____ C:\Users\Enraged Komii\Desktop\Hades.url

2021-05-16 16:44 - 2021-05-16 16:44 - 000000222 _____ C:\Users\Enraged Komii\Desktop\Slay the Spire.url

2021-05-16 16:44 - 2021-05-16 16:44 - 000000222 _____ C:\Users\Enraged Komii\Desktop\DARK SOULS™ II Scholar of the First Sin.url

2021-05-16 16:43 - 2021-05-17 04:01 - 000000000 ____D C:\Users\Enraged Komii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

2021-05-16 16:43 - 2021-05-16 16:43 - 000002471 _____ C:\Users\Public\Desktop\FINAL FANTASY XIV ONLINE.lnk

2021-05-16 16:43 - 2021-05-16 16:43 - 000002471 _____ C:\ProgramData\Desktop\FINAL FANTASY XIV ONLINE.lnk

2021-05-16 16:43 - 2021-05-16 16:43 - 000000222 _____ C:\Users\Enraged Komii\Desktop\Darkest Dungeon®.url

2021-05-16 16:43 - 2021-05-16 16:43 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2021-05-16 16:43 - 2021-05-16 16:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQUARE ENIX

2021-05-16 16:43 - 2021-05-16 16:43 - 000000000 ____D C:\Program Files (x86)\SquareEnix

2021-05-16 16:39 - 2021-05-16 16:39 - 000001189 _____ C:\Users\Public\Desktop\Avira.lnk

2021-05-16 16:39 - 2021-05-16 16:39 - 000001189 _____ C:\ProgramData\Desktop\Avira.lnk

2021-05-16 16:38 - 2021-05-16 16:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2021-05-16 16:38 - 2021-05-16 16:38 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf

2021-05-16 16:38 - 2021-05-16 16:38 - 000000000 ____D C:\ProgramData\Avira

2021-05-16 16:38 - 2021-05-16 16:38 - 000000000 ____D C:\Program Files (x86)\Avira

2021-05-16 16:38 - 2021-03-25 17:05 - 000209744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2021-05-16 16:38 - 2021-02-09 18:03 - 000199312 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2021-05-16 16:38 - 2019-06-07 15:09 - 000078936 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avdevprot.sys

2021-05-16 16:38 - 2019-03-20 18:50 - 000089736 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2021-05-16 16:38 - 2019-03-20 18:50 - 000046704 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys

2021-05-16 16:38 - 2019-03-20 18:50 - 000045472 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys

2021-05-16 16:38 - 2019-03-20 18:50 - 000022336 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avelam.sys

2021-05-16 16:37 - 2021-05-16 16:38 - 000000000 ____D C:\Program Files\SUPERAntiSpyware

2021-05-16 16:37 - 2021-05-16 16:37 - 000001849 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

2021-05-16 16:37 - 2021-05-16 16:37 - 000001849 _____ C:\ProgramData\Desktop\SUPERAntiSpyware Free Edition.lnk

2021-05-16 16:37 - 2021-05-16 16:37 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com

2021-05-16 16:37 - 2021-05-16 16:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

2021-05-16 16:37 - 2021-05-16 16:36 - 000000963 _____ C:\Users\Public\Desktop\KeePass 2.lnk

2021-05-16 16:37 - 2021-05-16 16:36 - 000000963 _____ C:\ProgramData\Desktop\KeePass 2.lnk

2021-05-16 16:36 - 2021-05-16 16:36 - 000001890 _____ C:\Users\Enraged Komii\Desktop\Spotify.lnk

2021-05-16 16:36 - 2021-05-16 16:36 - 000001876 _____ C:\Users\Enraged Komii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk

2021-05-16 16:36 - 2021-05-16 16:36 - 000001424 _____ C:\Users\Public\Desktop\Foxit Reader.lnk

2021-05-16 16:36 - 2021-05-16 16:36 - 000001424 _____ C:\ProgramData\Desktop\Foxit Reader.lnk

2021-05-16 16:36 - 2021-05-16 16:36 - 000000963 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk

2021-05-16 16:36 - 2021-05-16 16:36 - 000000907 _____ C:\Users\Public\Desktop\qBittorrent.lnk

2021-05-16 16:36 - 2021-05-16 16:36 - 000000907 _____ C:\ProgramData\Desktop\qBittorrent.lnk

2021-05-16 16:36 - 2021-05-16 16:36 - 000000000 ____D C:\Users\Public\Foxit Software

2021-05-16 16:36 - 2021-05-16 16:36 - 000000000 ____D C:\Users\Enraged Komii\Documents\My Games

2021-05-16 16:36 - 2021-05-16 16:36 - 000000000 ____D C:\Users\Enraged Komii\AppData\Roaming\Spotify

2021-05-16 16:36 - 2021-05-16 16:36 - 000000000 ____D C:\Users\Enraged Komii\AppData\Roaming\Foxit Software

2021-05-16 16:36 - 2021-05-16 16:36 - 000000000 ____D C:\Users\Enraged Komii\AppData\Roaming\Foxit AgentInformation

2021-05-16 16:36 - 2021-05-16 16:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent

2021-05-16 16:36 - 2021-05-16 16:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader

2021-05-16 16:36 - 2021-05-16 16:36 - 000000000 ____D C:\ProgramData\Foxit Software

2021-05-16 16:36 - 2021-05-16 16:36 - 000000000 ____D C:\ProgramData\Foxit ContentPlatform

2021-05-16 16:36 - 2021-05-16 16:36 - 000000000 ____D C:\Program Files\qBittorrent

2021-05-16 16:36 - 2021-05-16 16:36 - 000000000 ____D C:\Program Files\KeePass Password Safe 2

2021-05-16 16:36 - 2021-05-16 16:36 - 000000000 ____D C:\Program Files (x86)\Foxit Software

2021-05-16 16:35 - 2021-05-16 16:35 - 000001946 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk

2021-05-16 16:35 - 2021-05-16 16:35 - 000001934 _____ C:\Users\Public\Desktop\ImgBurn.lnk

2021-05-16 16:35 - 2021-05-16 16:35 - 000001934 _____ C:\ProgramData\Desktop\ImgBurn.lnk

2021-05-16 16:35 - 2021-05-16 16:35 - 000001100 _____ C:\Users\Public\Desktop\WinDirStat.lnk

2021-05-16 16:35 - 2021-05-16 16:35 - 000001100 _____ C:\ProgramData\Desktop\WinDirStat.lnk

2021-05-16 16:35 - 2021-05-16 16:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat

2021-05-16 16:35 - 2021-05-16 16:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn

2021-05-16 16:35 - 2021-05-16 16:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

2021-05-16 16:35 - 2021-05-16 16:35 - 000000000 ____D C:\Program Files\Classic Shell

2021-05-16 16:35 - 2021-05-16 16:35 - 000000000 ____D C:\Program Files\7-Zip

2021-05-16 16:35 - 2021-05-16 16:35 - 000000000 ____D C:\Program Files (x86)\WinDirStat

2021-05-16 16:35 - 2021-05-16 16:35 - 000000000 ____D C:\Program Files (x86)\ImgBurn

2021-05-16 16:23 - 2021-05-16 17:22 - 000002232 _____ C:\Users\Enraged Komii\Desktop\Tweaking.com - Windows Repair.lnk

2021-05-16 16:23 - 2021-05-16 16:23 - 000003798 _____ C:\Windows\system32\Tasks\Tweaking.com - Windows Repair Tray Icon

2021-05-16 16:23 - 2021-05-16 16:23 - 000001392 _____ C:\Users\Enraged Komii\Desktop\TCP Port Interrogator.lnk

2021-05-16 16:23 - 2021-05-16 16:23 - 000001066 _____ C:\Users\Enraged Komii\Desktop\IP Extractor.lnk

2021-05-16 16:23 - 2021-05-16 16:23 - 000000000 ____D C:\Users\Enraged Komii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com

2021-05-16 16:22 - 2021-05-17 04:30 - 000026576 _____ (NoVirusThanks Company Srl) C:\Windows\system32\Drivers\AntiAutoExecDrv.sys

2021-05-16 16:22 - 2021-05-16 16:23 - 000477120 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt

2021-05-16 16:22 - 2021-05-16 16:22 - 000000000 ____D C:\Program Files (x86)\Tweaking.com

2021-05-16 16:22 - 2021-05-16 08:01 - 001229952 _____ (NoVirusThanks Company Srl ) C:\Users\Enraged Komii\Desktop\anti-autoexec_setup.exe

2021-05-16 16:22 - 2020-11-25 22:14 - 008447152 _____ (Malwarebytes) C:\Users\Enraged Komii\Desktop\adwcleaner_8.0.8.exe

2021-05-16 16:21 - 2021-05-17 01:36 - 000000000 ____D C:\Windows\Panther

2021-05-16 16:21 - 2021-05-16 08:04 - 001862960 _____ (NoVirusThanks Company Srl ) C:\Users\Enraged Komii\Desktop\deletion_extension_monitor_setup.exe

2021-05-16 16:21 - 2021-05-16 08:04 - 001456008 _____ (NoVirusThanks Company Srl ) C:\Users\Enraged Komii\Desktop\ip_extractor_setup.exe

2021-05-16 16:20 - 2021-05-16 16:20 - 000000000 ____D C:\Users\Enraged Komii\AppData\Local\Steam

2021-05-16 16:20 - 2021-05-16 16:20 - 000000000 ____D C:\Users\Enraged Komii\AppData\Local\CEF

2021-05-16 16:17 - 2021-05-17 04:31 - 000000000 ____D C:\Program Files (x86)\Steam

2021-05-16 16:17 - 2021-05-16 16:17 - 000001032 _____ C:\Users\Public\Desktop\Steam.lnk

2021-05-16 16:17 - 2021-05-16 16:17 - 000001032 _____ C:\ProgramData\Desktop\Steam.lnk

2021-05-16 16:17 - 2021-05-16 16:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam

2021-05-16 16:15 - 2021-05-16 16:15 - 000003240 _____ C:\Windows\system32\Tasks\Revo Uninstaller Pro Hunter Mode

2021-05-16 16:10 - 2021-05-16 16:10 - 000001122 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk

2021-05-16 16:10 - 2021-05-16 16:10 - 000001122 _____ C:\ProgramData\Desktop\Revo Uninstaller Pro.lnk

2021-05-16 16:10 - 2021-05-16 16:10 - 000000000 ____D C:\Users\Enraged Komii\AppData\Local\VS Revo Group

2021-05-16 16:10 - 2021-05-16 16:10 - 000000000 ____D C:\ProgramData\VS Revo Group

2021-05-16 16:10 - 2021-05-16 16:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro

2021-05-16 16:10 - 2021-05-16 16:10 - 000000000 ____D C:\Program Files\VS Revo Group

2021-05-16 15:59 - 2021-05-16 16:03 - 000002450 _____ C:\Users\Enraged Komii\Desktop\Mike (Chaos CONE) - Chrome.lnk

2021-05-16 15:59 - 2021-05-16 15:59 - 000002406 _____ C:\Users\Enraged Komii\Desktop\Person 1 - Chrome.lnk

2021-05-16 15:53 - 2021-05-16 15:53 - 000015480 _____ (NoVirusThanks Company Srl) C:\Windows\system32\Drivers\NVTInjDrv.sys

2021-05-16 15:53 - 2021-05-16 15:53 - 000000000 ____D C:\ProgramData\NoVirusThanks

2021-05-16 15:49 - 2021-05-16 15:49 - 000000000 ____D C:\Users\Enraged Komii\AppData\Local\Comms

2021-05-16 15:45 - 2021-05-16 15:45 - 000006593 _____ C:\Users\Enraged Komii\Desktop\baselineSW.ini

2021-05-16 15:39 - 2021-05-17 06:19 - 000000012 _____ C:\ProgramData\oianbuax.xrl

2021-05-16 15:39 - 2021-05-17 06:19 - 000000012 _____ C:\ProgramData\nwckvbae.sbg

2021-05-16 15:39 - 2021-05-17 04:31 - 000026576 _____ (NoVirusThanks Company Srl) C:\Windows\system32\Drivers\OSArmorDevDrv.sys

2021-05-16 15:39 - 2021-05-17 04:31 - 000025440 _____ (NoVirusThanks Company Srl) C:\Windows\system32\Drivers\osadevprotect.sys

2021-05-16 15:39 - 2021-05-16 15:39 - 000001100 _____ C:\Users\Public\Desktop\OSArmor UI.lnk

2021-05-16 15:39 - 2021-05-16 15:39 - 000001100 _____ C:\ProgramData\Desktop\OSArmor UI.lnk

2021-05-16 15:39 - 2021-05-16 15:39 - 000000016 _____ C:\ProgramData\rtmeslt

2021-05-16 15:39 - 2021-05-16 15:39 - 000000012 _____ C:\ProgramData\tdcwanbf.gos

2021-05-16 15:39 - 2021-05-16 15:39 - 000000012 _____ C:\ProgramData\jjpoqeig.pvf

2021-05-16 15:39 - 2021-05-16 15:39 - 000000008 _____ C:\ProgramData\okekxhuw.kxh

2021-05-16 15:39 - 2021-05-16 15:39 - 000000008 _____ C:\ProgramData\ewmjdrdx.ejw

2021-05-16 15:38 - 2021-05-16 16:39 - 000000000 ____D C:\ProgramData\Package Cache

2021-05-16 15:38 - 2021-05-16 15:38 - 050652304 _____ (NoVirusThanks Company Srl ) C:\Users\Enraged Komii\Downloads\osarmor-personal-setup.exe

2021-05-16 15:37 - 2021-05-17 02:07 - 000000000 ____D C:\Users\Enraged Komii\AppData\Local\D3DSCache

2021-05-16 15:37 - 2021-05-17 01:44 - 000000000 ____D C:\Program Files\NoVirusThanks

2021-05-16 15:37 - 2021-05-16 16:20 - 000000000 ____D C:\Users\Enraged Komii\AppData\Local\AMD

2021-05-16 15:37 - 2021-05-16 15:37 - 000001134 _____ C:\Users\Enraged Komii\Desktop\AutoRun.Inf Remover.lnk

2021-05-16 15:37 - 2021-05-16 15:37 - 000001118 _____ C:\Users\Enraged Komii\Desktop\Deletion Extension Monitor.lnk

2021-05-16 15:37 - 2021-05-16 15:37 - 000001059 _____ C:\Users\Enraged Komii\Desktop\SysHardener.lnk

2021-05-16 15:37 - 2021-05-16 15:37 - 000000000 ____D C:\Users\Enraged Komii\AppData\LocalLow\AMD

2021-05-16 15:36 - 2021-05-17 04:25 - 000065536 _____ C:\Windows\system32\spu_storage.bin

2021-05-16 15:36 - 2021-05-17 01:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NoVirusThanks

2021-05-16 15:36 - 2021-05-16 17:09 - 000001299 _____ C:\Users\Public\Desktop\NoVirusThanks Malware Remover Free.lnk

2021-05-16 15:36 - 2021-05-16 17:09 - 000001299 _____ C:\ProgramData\Desktop\NoVirusThanks Malware Remover Free.lnk

2021-05-16 15:36 - 2021-05-16 17:09 - 000001237 _____ C:\Users\Enraged Komii\Desktop\NoVirusThanks Anti-Rootkit (Free Edition).lnk

2021-05-16 15:36 - 2021-05-16 17:08 - 000001199 _____ C:\Users\Public\Desktop\Hijack Hunter.lnk

2021-05-16 15:36 - 2021-05-16 17:08 - 000001199 _____ C:\ProgramData\Desktop\Hijack Hunter.lnk

2021-05-16 15:36 - 2021-05-16 16:23 - 000000000 ____D C:\Program Files (x86)\NoVirusThanks

2021-05-16 15:36 - 2021-05-16 15:36 - 000000000 ____D C:\Windows\system32\AMD

2021-05-16 15:36 - 2021-05-16 15:36 - 000000000 ____D C:\Program Files\AMD

2021-05-16 15:36 - 2020-10-29 13:33 - 001783920 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe

2021-05-16 15:36 - 2020-10-29 13:33 - 001783920 _____ C:\Windows\system32\vulkaninfo.exe

2021-05-16 15:36 - 2020-10-29 13:33 - 001374320 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe

2021-05-16 15:36 - 2020-10-29 13:33 - 001374320 _____ C:\Windows\SysWOW64\vulkaninfo.exe

2021-05-16 15:36 - 2020-10-29 13:33 - 001085360 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll

2021-05-16 15:36 - 2020-10-29 13:33 - 001085360 _____ C:\Windows\system32\vulkan-1.dll

2021-05-16 15:36 - 2020-10-29 13:33 - 000944208 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll

2021-05-16 15:36 - 2020-10-29 13:33 - 000944208 _____ C:\Windows\SysWOW64\vulkan-1.dll

2021-05-16 15:36 - 2020-10-29 13:33 - 000736880 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Rapidfire64.dll

2021-05-16 15:36 - 2020-10-29 13:33 - 000046704 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\RapidFireServer64.dll

2021-05-16 15:36 - 2020-10-29 13:33 - 000043632 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\RapidFireServer.dll

2021-05-16 15:36 - 2020-10-29 13:32 - 064809072 _____ C:\Windows\system32\amd_comgr.dll

2021-05-16 15:36 - 2020-10-29 13:32 - 053684848 _____ C:\Windows\SysWOW64\amd_comgr32.dll

2021-05-16 15:36 - 2020-10-29 13:32 - 004630640 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amfrt64.dll

2021-05-16 15:36 - 2020-10-29 13:32 - 004141168 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amfrt32.dll

2021-05-16 15:36 - 2020-10-29 13:32 - 001774192 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll

2021-05-16 15:36 - 2020-10-29 13:32 - 001341552 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll

2021-05-16 15:36 - 2020-10-29 13:32 - 001341552 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll

2021-05-16 15:36 - 2020-10-29 13:32 - 000760432 _____ (AMD) C:\Windows\system32\atieclxx.exe

2021-05-16 15:36 - 2020-10-29 13:32 - 000621168 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\Rapidfire.dll

2021-05-16 15:36 - 2020-10-29 13:32 - 000496752 _____ C:\Windows\system32\GameManager64.dll

2021-05-16 15:36 - 2020-10-29 13:32 - 000493168 _____ C:\Windows\system32\dgtrayicon.exe

2021-05-16 15:36 - 2020-10-29 13:32 - 000468592 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll

2021-05-16 15:36 - 2020-10-29 13:32 - 000456304 _____ C:\Windows\system32\atieah64.exe

2021-05-16 15:36 - 2020-10-29 13:32 - 000432752 _____ C:\Windows\system32\EEURestart.exe

2021-05-16 15:36 - 2020-10-29 13:32 - 000380016 _____ C:\Windows\SysWOW64\GameManager32.dll

2021-05-16 15:36 - 2020-10-29 13:32 - 000351856 _____ C:\Windows\SysWOW64\atieah32.exe

2021-05-16 15:36 - 2020-10-29 13:32 - 000339568 _____ C:\Windows\system32\clinfo.exe

2021-05-16 15:36 - 2020-10-29 13:32 - 000245360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll

2021-05-16 15:36 - 2020-10-29 13:32 - 000213104 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll

2021-05-16 15:36 - 2020-10-29 13:32 - 000186992 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll

2021-05-16 15:36 - 2020-10-29 13:32 - 000182392 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll

2021-05-16 15:36 - 2020-10-29 13:32 - 000167024 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll

2021-05-16 15:36 - 2020-10-29 13:32 - 000166512 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll

2021-05-16 15:36 - 2020-10-29 13:32 - 000158656 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll

2021-05-16 15:36 - 2020-10-29 13:32 - 000156784 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll

2021-05-16 15:36 - 2020-10-29 13:32 - 000142448 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll

2021-05-16 15:36 - 2020-10-29 13:32 - 000140912 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll

2021-05-16 15:36 - 2020-10-29 13:32 - 000135792 _____ (AMD) C:\Windows\system32\atimuixx.dll

2021-05-16 15:36 - 2020-10-29 13:32 - 000134768 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll

2021-05-16 15:36 - 2020-10-29 13:32 - 000125552 _____ C:\Windows\system32\atidxx64.dll

2021-05-16 15:36 - 2020-10-29 13:32 - 000122480 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdxc64.dll

2021-05-16 15:36 - 2020-10-29 13:32 - 000120432 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll

2021-05-16 15:36 - 2020-10-29 13:32 - 000107632 _____ C:\Windows\SysWOW64\atidxx32.dll

2021-05-16 15:36 - 2020-10-29 13:32 - 000107120 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdxc32.dll

2021-05-16 15:36 - 2020-10-29 13:32 - 000090736 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mcl64.dll

2021-05-16 15:36 - 2020-10-29 13:32 - 000075376 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mcl32.dll

2021-05-16 15:36 - 2020-10-29 13:32 - 000070256 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ati2erec.dll

2021-05-16 15:36 - 2020-10-29 13:32 - 000019784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\detoured.dll

2021-05-16 15:36 - 2020-10-29 13:32 - 000019784 _____ (Microsoft Corporation) C:\Windows\system32\detoured.dll

2021-05-16 15:36 - 2020-10-29 13:31 - 071030384 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdhip64.dll

2021-05-16 15:36 - 2020-10-29 13:31 - 001686016 _____ (AMD) C:\Windows\system32\amf-mft-mjpeg-decoder64.dll

2021-05-16 15:36 - 2020-10-29 13:31 - 001365368 _____ (AMD) C:\Windows\SysWOW64\amf-mft-mjpeg-decoder32.dll

2021-05-16 15:36 - 2020-10-29 13:31 - 000941168 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll

2021-05-16 15:36 - 2020-10-29 13:31 - 000768624 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll

2021-05-16 15:36 - 2020-10-29 13:31 - 000553584 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmcl64.dll

2021-05-16 15:36 - 2020-10-29 13:31 - 000546800 _____ C:\Windows\system32\amdmiracast.dll

2021-05-16 15:36 - 2020-10-29 13:31 - 000489584 _____ C:\Windows\system32\amdgfxinfo64.dll

2021-05-16 15:36 - 2020-10-29 13:31 - 000466544 _____ C:\Windows\system32\amdlogum.exe

2021-05-16 15:36 - 2020-10-29 13:31 - 000383600 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmcl32.dll

2021-05-16 15:36 - 2020-10-29 13:31 - 000380016 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll

2021-05-16 15:36 - 2020-10-29 13:31 - 000198312 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdihk64.dll

2021-05-16 15:36 - 2020-10-29 13:31 - 000167400 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdihk32.dll

2021-05-16 15:36 - 2020-10-29 13:31 - 000135928 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll

2021-05-16 15:36 - 2020-10-29 13:31 - 000130232 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll

2021-05-16 15:36 - 2020-10-29 13:31 - 000130232 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll

2021-05-16 15:36 - 2020-10-29 13:31 - 000120264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll

2021-05-16 15:36 - 2020-10-29 13:31 - 000108248 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll

2021-05-16 15:36 - 2020-10-29 13:31 - 000108248 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll

2021-05-16 15:36 - 2020-10-29 13:31 - 000107560 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\amdkmpfd.sys

2021-05-16 15:36 - 2020-10-29 12:29 - 000154384 _____ C:\Windows\system32\samu_krnl_ci.sbin

2021-05-16 15:36 - 2020-10-29 12:29 - 000138832 _____ C:\Windows\system32\samu_krnl_isv_ci.sbin

2021-05-16 15:36 - 2020-10-29 12:29 - 000125488 _____ C:\Windows\system32\kapp_ci.sbin

2021-05-16 15:36 - 2020-10-29 12:29 - 000121168 _____ C:\Windows\system32\kapp_si.sbin

2021-05-16 15:36 - 2020-10-29 12:28 - 003471376 _____ C:\Windows\SysWOW64\atiumdva.cap

2021-05-16 15:36 - 2020-10-29 12:28 - 003437632 _____ C:\Windows\system32\atiumd6a.cap

2021-05-16 15:36 - 2020-10-29 12:28 - 000544256 _____ C:\Windows\SysWOW64\atiapfxx.blb

2021-05-16 15:36 - 2020-10-29 12:28 - 000544256 _____ C:\Windows\system32\atiapfxx.blb

2021-05-16 15:36 - 2020-10-29 12:28 - 000204952 _____ C:\Windows\SysWOW64\ativvsvl.dat

2021-05-16 15:36 - 2020-10-29 12:28 - 000204952 _____ C:\Windows\system32\ativvsvl.dat

2021-05-16 15:36 - 2020-10-29 12:28 - 000157144 _____ C:\Windows\SysWOW64\ativvsva.dat

2021-05-16 15:36 - 2020-10-29 12:28 - 000157144 _____ C:\Windows\system32\ativvsva.dat

2021-05-16 15:36 - 2020-10-29 12:28 - 000069770 _____ C:\Windows\system32\AMDKernelEvents.man

2021-05-16 15:35 - 2021-05-16 16:54 - 000000000 ____D C:\ProgramData\HitmanPro

2021-05-16 15:35 - 2021-05-16 16:21 - 000000000 ____D C:\Users\Enraged Komii\AppData\Local\Google

2021-05-16 15:35 - 2021-05-16 16:15 - 000003406 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA

2021-05-16 15:35 - 2021-05-16 16:15 - 000003182 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore

2021-05-16 15:35 - 2021-05-16 15:35 - 000002319 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2021-05-16 15:35 - 2021-05-16 15:35 - 000002278 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2021-05-16 15:35 - 2021-05-16 15:35 - 000002278 _____ C:\ProgramData\Desktop\Google Chrome.lnk

2021-05-16 15:35 - 2021-05-16 15:35 - 000001368 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Malwarebytes Windows Firewall Control.lnk

2021-05-16 15:35 - 2021-05-16 15:35 - 000001362 _____ C:\Users\Public\Desktop\Malwarebytes Windows Firewall Control.lnk

2021-05-16 15:35 - 2021-05-16 15:35 - 000001362 _____ C:\ProgramData\Desktop\Malwarebytes Windows Firewall Control.lnk

2021-05-16 15:35 - 2021-05-16 15:35 - 000000000 ____D C:\Users\Enraged Komii\AppData\Local\PlaceholderTileLogoFolder

2021-05-16 15:35 - 2021-05-16 15:35 - 000000000 ____D C:\ProgramData\Razer

2021-05-16 15:35 - 2021-05-16 15:35 - 000000000 ____D C:\Program Files\Malwarebytes

2021-05-16 15:35 - 2021-05-16 15:35 - 000000000 ____D C:\Program Files\Google

2021-05-16 15:35 - 2021-05-16 15:35 - 000000000 ____D C:\Program Files (x86)\Razer

2021-05-16 15:35 - 2021-05-16 15:35 - 000000000 ____D C:\Program Files (x86)\Google

2021-05-16 15:35 - 2020-10-20 23:31 - 000079376 _____ (Razer Inc) C:\Windows\system32\RazerS2S3Coinstaller.dll

2021-05-16 15:34 - 2021-05-16 15:35 - 011291072 _____ (SurfRight B.V.) C:\Users\Enraged Komii\Desktop\HitmanPro_x64.exe

2021-05-16 15:34 - 2021-05-16 15:34 - 000338272 _____ () C:\Windows\system32\AsusDownLoadLicense.exe

2021-05-16 15:34 - 2021-05-16 15:34 - 000000000 ___RD C:\Users\Enraged Komii\OneDrive

2021-05-16 15:34 - 2021-05-16 08:05 - 001337944 _____ (NoVirusThanks Company Srl ) C:\Users\Enraged Komii\Desktop\win_update_fixer_setup.exe

2021-05-16 15:34 - 2021-05-16 08:05 - 000906168 _____ (NoVirusThanks Company Srl ) C:\Users\Enraged Komii\Desktop\tcp_port_interrogator_setup.exe

2021-05-16 15:34 - 2021-04-07 20:49 - 001304160 _____ (Google LLC) C:\Users\Enraged Komii\Desktop\ChromeSetup.exe

2021-05-16 15:34 - 2020-11-25 22:13 - 000397824 _____ () C:\Users\Enraged Komii\Desktop\DWS.exe

2021-05-16 15:32 - 2021-05-17 01:27 - 000000000 ____D C:\Users\Enraged Komii\AppData\Local\Packages

2021-05-16 15:32 - 2021-05-16 15:32 - 000000000 ___RD C:\Users\Enraged Komii\3D Objects

2021-05-16 15:32 - 2021-05-16 15:32 - 000000000 ____D C:\Users\Enraged Komii\AppData\Roaming\Adobe

2021-05-16 15:32 - 2021-05-16 15:32 - 000000000 ____D C:\Users\Enraged Komii\AppData\Local\VirtualStore

2021-05-16 15:32 - 2021-05-16 15:32 - 000000000 ____D C:\Users\Enraged Komii\AppData\Local\Publishers

2021-05-16 15:32 - 2021-05-16 15:32 - 000000000 ____D C:\Users\Enraged Komii\AppData\Local\ConnectedDevicesPlatform

2021-05-16 15:31 - 2021-05-16 15:34 - 000000000 ____D C:\Users\Enraged Komii

2021-05-16 15:31 - 2021-05-16 15:31 - 000000020 ___SH C:\Users\Enraged Komii\ntuser.ini

2021-05-16 15:27 - 2021-05-17 04:35 - 000795738 _____ C:\Windows\system32\PerfStringBackup.INI

2021-05-16 15:23 - 2021-05-16 15:23 - 000000000 _SHDL C:\Documents and Settings

2021-05-16 15:21 - 2021-05-17 04:30 - 000877320 _____ C:\Windows\system32\wpbbin.exe

2021-05-16 15:21 - 2021-05-17 04:30 - 000838760 _____ C:\Windows\system32\AsusUpdateCheck.exe

2021-05-16 15:21 - 2021-05-17 04:30 - 000008192 ___SH C:\DumpStack.log.tmp

2021-05-16 15:21 - 2021-05-16 16:15 - 000002914 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-493650543-2281245640-4285239019-500

2021-05-16 15:21 - 2021-05-16 15:21 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf

2021-05-16 15:21 - 2021-05-16 15:21 - 000000000 ____D C:\ProgramData\ASUS

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-17 05:06 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\AppReadiness

2021-05-17 05:01 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2021-05-17 04:35 - 2019-12-07 02:13 - 000000000 ____D C:\Windows\INF

2021-05-17 04:30 - 2020-11-19 00:30 - 000000006 ____H C:\Windows\Tasks\SA.DAT

2021-05-17 04:25 - 2019-12-07 02:03 - 000262144 _____ C:\Windows\system32\config\BBI

2021-05-17 04:18 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\appcompat

2021-05-17 03:58 - 2019-12-07 02:03 - 000000000 ____D C:\Windows\CbsTemp

2021-05-17 02:36 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\AppLocker

2021-05-17 01:47 - 2020-11-19 00:30 - 000257824 _____ C:\Windows\system32\FNTCACHE.DAT

2021-05-17 01:36 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\MsDtc

2021-05-17 01:33 - 2019-12-07 02:14 - 000000219 _____ C:\Windows\system.ini

2021-05-17 00:57 - 2020-11-19 00:30 - 000000000 ____D C:\Windows\system32\SleepStudy

2021-05-16 17:31 - 2019-12-07 02:14 - 000019279 _____ C:\Windows\system32\Drivers\etc\hosts_bak_759

2021-05-16 17:19 - 2019-12-07 02:14 - 000000852 _____ C:\Windows\system32\Drivers\etc\hosts_bak_8

2021-05-16 16:38 - 2019-12-07 02:14 - 000000000 ___HD C:\Windows\ELAMBKUP

2021-05-16 16:21 - 2019-12-07 02:14 - 000028672 _____ C:\Windows\system32\config\BCD-Template

2021-05-16 15:48 - 2019-12-07 02:14 - 000000000 ___HD C:\Program Files\WindowsApps

2021-05-16 15:32 - 2020-11-19 00:33 - 000000000 __RHD C:\Users\Public\AccountPictures

2021-05-16 15:29 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\USOPrivate

2021-05-16 15:25 - 2019-12-07 02:50 - 000000000 ____D C:\Windows\system32\FxsTmp

2021-05-16 15:23 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\ServiceState

2021-05-16 15:21 - 2019-12-07 02:14 - 000000000 ___RD C:\Windows\PrintDialog

2021-05-16 15:21 - 2019-12-07 02:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

ATTENTION: ==> Could not access BCD. ->

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-05-2021

Ran by Enraged Komii (17-05-2021 06:19:16)

Running from C:\Users\Enraged Komii\Desktop

Windows 10 Home Version 20H2 19042.631 (X64) (2021-05-16 22:23:26)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-493650543-2281245640-4285239019-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-493650543-2281245640-4285239019-503 - Limited - Disabled)

Enraged Komii (S-1-5-21-493650543-2281245640-4285239019-1001 - Administrator - Enabled) => C:\Users\Enraged Komii

Guest (S-1-5-21-493650543-2281245640-4285239019-501 - Limited - Disabled)

WDAGUtilityAccount (S-1-5-21-493650543-2281245640-4285239019-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {88AE6B46-DC3C-455A-A21B-085F285A3546}

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)

Avira (HKLM-x32\...\{21098ed5-59e9-4203-b79e-63f3c373e022}) (Version: 1.2.155.4877 - Avira Operations GmbH & Co. KG)

Avira (HKLM-x32\...\{2CA8B2E7-B4B7-4553-83E6-448A543EA5AD}) (Version: 1.2.155.4877 - Avira Operations GmbH & Co. KG) Hidden

Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.2104.2083 - Avira Operations GmbH & Co. KG)

Exterminate It! (HKLM-x32\...\Exterminate It!) (Version: 2.21.0.28 - Curio Systems GmbH)

FINAL FANTASY XIV ONLINE (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)

Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 10.1.4.37651 - Foxit Software Inc.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 90.0.4430.212 - Google LLC)

Hijack Hunter 1.8.4.1 (HKLM-x32\...\{616A9B24-448B-4DF3-926A-C4141FCD692C}_is1) (Version: - NoVirusThanks Company Srl)

ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)

KeePass Password Safe 2.48.1 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.48.1 - Dominik Reichl)

Malwarebytes Anti-Exploit version 1.13.1.345 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.13.1.345 - Malwarebytes)

Malwarebytes Windows Firewall Control (HKLM\...\Windows Firewall Control) (Version: 6.4.0.0 - BiniSoft.org)

Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.27.29016 (HKLM-x32\...\{1aaa01ad-3069-4288-9c6f-37a140a8f6c7}) (Version: 14.27.29016.0 - Microsoft Corporation)

NoVirusThanks Anti-AutoExec v1.2 (HKLM\...\NoVirusThanks Anti-AutoExec_is1) (Version: 1.2.0.0 - NoVirusThanks Company Srl)

NoVirusThanks Anti-Rootkit (Free Edition) v1.2 (HKLM-x32\...\NoVirusThanks Anti-Rootkit (Free Edition)_is1) (Version: 1.2.0.0 - NoVirusThanks Company Srl)

NoVirusThanks AutoRun.Inf Remover v1.1 (HKLM\...\NoVirusThanks AutoRun.Inf Remover_is1) (Version: 1.1.0.0 - NoVirusThanks Company Srl)

NoVirusThanks Deletion Extension Monitor v1.6.0 (HKLM\...\NoVirusThanks Deletion Extension Monitor_is1) (Version: 1.6.0.0 - NoVirusThanks Company Srl)

NoVirusThanks IP Extractor v1.0 (HKLM\...\NoVirusThanks IP Extractor_is1) (Version: 1.0.0.0 - NoVirusThanks Company Srl)

NoVirusThanks License Manager v1.2 (HKLM-x32\...\NoVirusThanks License Manager_is1) (Version: 1.2.0.0 - NoVirusThanks Company Srl)

NoVirusThanks Malware Remover Free 3.1 (HKLM-x32\...\{C206F5C2-9C03-4FA1-8927-055E6D90488B}_is1) (Version: - NoVirusThanks Company Srl)

NoVirusThanks OSArmor (PERSONAL) v1.5.7 (HKLM\...\NoVirusThanks OSArmor_is1) (Version: 1.5.7.0 - NoVirusThanks Company Srl)

NoVirusThanks SysHardener v1.5 (HKLM\...\NoVirusThanks SysHardener_is1) (Version: 1.5.0.0 - NoVirusThanks Company Srl)

NoVirusThanks TCP Port Interrogator v1.0 (HKLM-x32\...\NoVirusThanks TCP Port Interrogator_is1) (Version: 1.0.0.0 - NoVirusThanks Company Srl)

NoVirusThanks Win Update Fixer v1.0 (HKLM\...\NoVirusThanks Win Update Fixer_is1) (Version: 1.0.0.0 - NoVirusThanks Company Srl)

qBittorrent 4.3.5 (HKLM-x32\...\qBittorrent) (Version: 4.3.5 - The qBittorrent project)

Revo Uninstaller Pro 4.4.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 4.4.2 - VS Revo Group, Ltd.)

Spotify (HKU\S-1-5-21-493650543-2281245640-4285239019-1001\...\Spotify) (Version: 1.1.58.820.g2ae50076 - Spotify AB)

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 10.0.1224 - SUPERAntiSpyware.com)

Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.10.1 - Tweaking.com)

WinDirStat 1.1.2 (HKU\S-1-5-21-493650543-2281245640-4285239019-1001\...\WinDirStat) (Version: - )

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File

ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File

ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File

ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File

ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File

ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File

ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]

ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2021-02-24] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File

ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]

ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File

ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File

ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]

ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File

ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File

ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2020-09-28] (VS Revo Group Ltd. -> VS Revo Group)

ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2021-02-24] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Enraged Komii\Desktop\Mike (Chaos CONE) - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"

ShortcutWithArgument: C:\Users\Enraged Komii\Desktop\Person 1 - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"

==================== Loaded Modules (Whitelisted) =============

2021-05-16 15:38 - 2020-12-28 09:15 - 001050624 _____ (Cryptlex, LLC.) [File not signed] C:\Program Files (x86)\NoVirusThanks\NVT License Manager\LexActivator.dll

2021-05-16 16:35 - 2019-02-21 09:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll

2021-05-16 15:38 - 2011-04-07 13:42 - 001421312 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\NoVirusThanks\OSArmorDevSvc\libeay32.dll

2021-05-16 15:38 - 2011-04-07 13:42 - 000274944 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\NoVirusThanks\OSArmorDevSvc\ssleay32.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\system32\Drivers\akbmojne.sys:changelist [978]

AlternateDataStreams: C:\Windows\system32\Drivers\akggoapm.sys:changelist [978]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 02:14 - 2021-05-17 01:41 - 000000855 _____ C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-493650543-2281245640-4285239019-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img3.jpg

DNS Servers: 208.67.222.222 - 208.67.220.220

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5AB7D740-20E1-4EE2-8432-73CFB0ABFC50}] => (Allow) C:\Program Files\Malwarebytes\Windows Firewall Control\wfc.exe (Malwarebytes Inc -> Malwarebytes)

FirewallRules: [{C42B90EE-728A-4A0B-A78A-A2A488EBC9BA}] => (Block) C:\windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)

FirewallRules: [{D2E10BF1-B3B9-49EE-92F5-D67175ADD653}] => (Block) C:\windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)

FirewallRules: [{1E3F12C4-BD7A-47D7-A8B0-45CABB9547EC}] => (Allow) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)

FirewallRules: [{3DF6E1B9-55EF-4D71-969D-1BA1DA80A382}] => (Allow) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)

FirewallRules: [{D0B09F14-6282-42A7-BD0E-B1B73F3A53F4}] => (Allow) C:\Program Files\Malwarebytes\Windows Firewall Control\wfc.exe (Malwarebytes Inc -> Malwarebytes)

FirewallRules: [{BB987C34-7278-4E48-B60D-5B50F36E50CF}] => (Block) C:\Windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)

FirewallRules: [{62EBDEEE-B752-45F0-A8B0-F678999E8D7A}] => (Block) C:\windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)

FirewallRules: [{D0A4824A-2CD8-40EE-9F42-A41B66A55053}] => (Block) C:\windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)

FirewallRules: [{96633564-FA95-49BD-8DA2-CCB3D883F8F3}] => (Block) C:\program files\novirusthanks\osarmordevsvc\osarmordevsvc.exe (NoVirusThanks Company Srl -> NoVirusThanks Company Srl)

FirewallRules: [{ECF245C3-7D9F-4728-8D74-5E1307721BBF}] => (Block) C:\program files\novirusthanks\osarmordevsvc\osarmordevsvc.exe (NoVirusThanks Company Srl -> NoVirusThanks Company Srl)

FirewallRules: [{7C28CB8B-0258-408F-8C9C-0EB68F060DF1}] => (Block) C:\program files\windows defender\msmpeng.exe (Microsoft Windows Publisher -> Microsoft Corporation)

FirewallRules: [{859586FD-7F08-4AC6-98A9-CFBCCD8CEDCB}] => (Allow) C:\windows\system32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [{748F07F4-AE2F-45EC-BF63-977011EAC945}] => (Allow) C:\windows\system32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [{39DF3184-F344-41BF-AB4C-328664831CEE}] => (Block) C:\program files (x86)\avira\antivirus\avguard.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

FirewallRules: [{B9DEBD8E-562E-4BBB-BCC2-FEEEDD56AECD}] => (Block) C:\program files (x86)\avira\antivirus\avguard.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

FirewallRules: [{62BE05AF-CB07-42B7-9DB6-85080616E255}] => (Allow) C:\users\enraged komii\desktop\frst64.exe (Farbar) [File not signed]

FirewallRules: [{DDC034BA-E892-48DC-8D52-DA3EAF9D0476}] => (Allow) C:\users\enraged komii\desktop\frst64.exe (Farbar) [File not signed]

==================== Restore Points =========================

16-05-2021 09:39:16 Installed TinyWall

16-05-2021 14:04:27 Tweaking.com - Windows Repair 2021

16-05-2021 16:10:42 Revo Uninstaller Pro's restore point - Microsoft Edge

16-05-2021 16:27:00 Windows Backup

16-05-2021 16:28:00 Yis

16-05-2021 16:29:32 Yisa2

17-05-2021 01:23:48 Revo Uninstaller Pro's restore point - Sticky Notes

17-05-2021 01:29:11 Windows Modules Installer

17-05-2021 02:48:14 Revo Uninstaller Pro's restore point - Actual Keylogger

==================== Faulty Device Manager Devices ============

Name: PCI Encryption/Decryption Controller

Description: PCI Encryption/Decryption Controller

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Device

Description: PCI Device

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Device

Description: PCI Device

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: ========================

Application errors:

==================

Error: (05/17/2021 04:32:02 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)

Description: SCEP Certificate enrollment initialization for WORKGROUP\DESKTOP-XIVLOV$ via https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(12094ms)

Stage: GetCACaps

The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (05/17/2021 03:56:05 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Fixdows.exe, version: 1.2.0.0, time stamp: 0xe598479d

Faulting module name: KERNELBASE.dll, version: 10.0.19041.572, time stamp: 0x1183946c

Exception code: 0xe0434352

Fault offset: 0x0000000000023e49

Faulting process id: 0x36d8

Faulting application start time: 0x01d74b0b245e05c7

Faulting application path: C:\Users\Enraged Komii\Desktop\newfold\Fixdows.exe

Faulting module path: C:\Windows\System32\KERNELBASE.dll

Report Id: b8f1a33f-e99f-4f8d-acd5-9091a07cce70

Faulting package full name:

Faulting package-relative application ID:

Error: (05/17/2021 03:56:04 AM) (Source: .NET Runtime) (EventID: 1026) (User: )

Description: Application: Fixdows.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.ComponentModel.Win32Exception

at System.Diagnostics.Process.StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)

at System.Diagnostics.Process.Start(System.Diagnostics.ProcessStartInfo)

at Fixdows.MainWindow.Hyperlink_RequestNavigate(System.Object, System.Windows.Navigation.RequestNavigateEventArgs)

at System.Windows.RoutedEventArgs.InvokeHandler(System.Delegate, System.Object)

at System.Windows.RoutedEventHandlerInfo.InvokeHandler(System.Object, System.Windows.RoutedEventArgs)

at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean)

at System.Windows.UIElement.RaiseEventImpl(System.Windows.DependencyObject, System.Windows.RoutedEventArgs)

at System.Windows.Documents.Hyperlink.NavigateToUri(System.Windows.IInputElement, System.Uri, System.String)

at System.Windows.Documents.Hyperlink.DoNavigation(System.Object)

at System.Windows.Documents.Hyperlink.OnClick()

at System.Windows.Documents.Hyperlink.DoUserInitiatedNavigation(System.Object)

at System.Windows.Documents.Hyperlink.OnMouseLeftButtonUp(System.Object, System.Windows.Input.MouseButtonEventArgs)

at System.Windows.RoutedEventArgs.InvokeHandler(System.Delegate, System.Object)

at System.Windows.RoutedEventHandlerInfo.InvokeHandler(System.Object, System.Windows.RoutedEventArgs)

at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean)

at System.Windows.UIElement.ReRaiseEventAs(System.Windows.DependencyObject, System.Windows.RoutedEventArgs, System.Windows.RoutedEvent)

at System.Windows.UIElement.OnMouseUpThunk(System.Object, System.Windows.Input.MouseButtonEventArgs)

at System.Windows.RoutedEventArgs.InvokeHandler(System.Delegate, System.Object)

at System.Windows.RoutedEventHandlerInfo.InvokeHandler(System.Object, System.Windows.RoutedEventArgs)

at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean)

at System.Windows.UIElement.RaiseEventImpl(System.Windows.DependencyObject, System.Windows.RoutedEventArgs)

at System.Windows.ContentElement.RaiseTrustedEvent(System.Windows.RoutedEventArgs)

at System.Windows.Input.InputManager.ProcessStagingArea()

at System.Windows.Input.InputManager.ProcessInput(System.Windows.Input.InputEventArgs)

at System.Windows.Input.InputProviderSite.ReportInput(System.Windows.Input.InputReport)

at System.Windows.Interop.HwndMouseInputProvider.ReportInput(IntPtr, System.Windows.Input.InputMode, Int32, System.Windows.Input.RawMouseActions, Int32, Int32, Int32)

at System.Windows.Interop.HwndMouseInputProvider.FilterMessage(IntPtr, MS.Internal.Interop.WindowMessage, IntPtr, IntPtr, Boolean ByRef)

at System.Windows.Interop.HwndSource.InputFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)

at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)

at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)

at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)

at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)

at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)

at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)

at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)

at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)

at System.Windows.Application.RunDispatcher(System.Object)

at System.Windows.Application.RunInternal(System.Windows.Window)

at Fixdows.App.Main()

Error: (05/17/2021 02:48:13 AM) (Source: VSS) (EventID: 8194) (User: )

Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.

.

This is often caused by incorrect security settings in either the writer or requestor process.

Operation:

Gathering Writer Data

Context:

Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

Writer Name: System Writer

Writer Instance ID: {26a7325e-039d-4a4c-8bd2-5ced0483afe3}

Error: (05/17/2021 02:28:49 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program SUPERAntiSpyware.exe version 10.0.0.1224 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1df4

Start Time: 01d74afeb89d68af

Termination Time: 15

Application Path: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

Report Id: 6ed1be1b-fa42-4a8b-bbdb-dd659ed4dd2c

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown

Error: (05/17/2021 02:22:24 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)

Description: SCEP Certificate enrollment initialization for WORKGROUP\DESKTOP-XIVLOV$ via https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(31ms)

Stage: GetCACaps

The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (05/17/2021 02:16:04 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: SystemSettings.exe, version: 10.0.19041.610, time stamp: 0x07896577

Faulting module name: msvcrt.dll, version: 7.0.19041.546, time stamp: 0x564f9f39

Exception code: 0x40000015

Fault offset: 0x000000000000ae22

Faulting process id: 0x308

Faulting application start time: 0x01d74afc539c87b0

Faulting application path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe

Faulting module path: C:\Windows\System32\msvcrt.dll

Report Id: 48c88784-899e-4304-ac38-4bdfe8b63a8a

Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel

Error: (05/17/2021 02:09:04 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)

Description: SCEP Certificate enrollment initialization for WORKGROUP\DESKTOP-XIVLOV$ via https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(47ms)

Stage: GetCACaps

The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

System errors:

=============

Error: (05/17/2021 05:01:03 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-XIVLOV)

Description: The server Microsoft.MicrosoftEdge_44.19041.423.0_neutral__8wekyb3d8bbwe!MicrosoftEdge.AppX9zvsr9qeth9e9a03yr0g7rpdrcrwgn5r.mca did not register with DCOM within the required timeout.

Error: (05/17/2021 04:41:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Avira Protected Service service failed to start due to the following error:

Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (05/17/2021 04:38:03 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-XIVLOV)

Description: The server Microsoft.MicrosoftEdge_44.19041.423.0_neutral__8wekyb3d8bbwe!MicrosoftEdge.AppXg58n4jqcxjfvb6epaz8mmvfjtq8mhj65.mca did not register with DCOM within the required timeout.

Error: (05/17/2021 04:36:03 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-XIVLOV)

Description: The server Microsoft.MicrosoftEdge_44.19041.423.0_neutral__8wekyb3d8bbwe!MicrosoftEdge.AppXg58n4jqcxjfvb6epaz8mmvfjtq8mhj65.mca did not register with DCOM within the required timeout.

Error: (05/17/2021 04:31:27 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-XIVLOV)

Description: The server Microsoft.MicrosoftEdge_44.19041.423.0_neutral__8wekyb3d8bbwe!MicrosoftEdge did not register with DCOM within the required timeout.

Error: (05/17/2021 04:31:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The AntivirProtectedService service failed to start due to the following error:

Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (05/17/2021 04:31:01 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The WMPNetworkSvc service terminated with the following error:

An attempt was made to reference a token that does not exist.

Error: (05/17/2021 04:31:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The AntivirProtectedService service failed to start due to the following error:

Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 0310 09/01/2020

Motherboard: Asus PRIME B450M-A II

Processor: AMD Ryzen 5 3600 6-Core Processor

Percentage of memory in use: 50%

Total physical RAM: 16301.06 MB

Available physical RAM: 8149.28 MB

Total Virtual: 19245.06 MB

Available Virtual: 7693.38 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:476.94 GB) (Free:438.43 GB) NTFS

Drive d: (Run for cover) (Fixed) (Total:222.97 GB) (Free:204.02 GB) NTFS

Drive e: (Lockn) (Fixed) (Total:1863.01 GB) (Free:1688.78 GB) NTFS

\\?\Volume{dc9097ad-7de7-4a0b-84a1-cb9533092298}\ () (Fixed) (Total:0.49 GB) (Free:0.19 GB) NTFS

\\?\Volume{8b3f0c5f-e8be-49e0-8bad-fb09198ed44e}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================

Disk: 0 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: 5BC8972A)

Partition: GPT.

==========================================================

Disk: 1 (Size: 1863 GB) (Disk ID: 5BC896C5)

Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==========================================================

Disk: 2 (Size: 476.9 GB) (Disk ID: 5BC8973E)

Partition: GPT.

==================== End of Addition.txt =======================

Sign In

Windows 10 OS hijack and privilege escalation making PC life impossible!

Recommended Posts

CarrotKomii

Link to post

Share on other sites

Recently Browsing 0 members

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information