Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Problem starting StartupCheckLibrary.dll [Solved]

Started by Soggyyy , Dec 16 2019 11:09 PM

This topic is locked

#1
Soggyyy

Posted 16 December 2019 - 11:09 PM

Member

Member
14 posts

I have some sort of virus on my computer that I got from downloading something from a sketchy site. I tried rebooting my computer but there was an error, and currently im trying to get rid of the virus.

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-12-2019

Ran by sam (administrator) on DESKTOP-DHQVSUB (Dell Inc. Inspiron 5680) (16-12-2019 20:44:07)

Running from C:\Users\sam\Desktop

Loaded Profiles: sam (Available Profiles: sam)

Platform: Windows 10 Home Version 1809 17763.864 (X64) Language: English (United States)

Default browser: Chrome

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe

(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe

(Adobe Systems Incorporated -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe

(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12102.3.43028.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe

(Bad Panda, Inc. -> Bad Panda, Inc.) C:\Users\sam\AppData\Local\Programs\badpanda-react\Gif Your Game.exe

(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\DiscoverySrv.exe

(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe

(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdagent.exe

(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdredline.exe

(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe

(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsserv.exe

(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe

(Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe

(Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe

(Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe

(Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe

(Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\nvapiw.exe

(Dell Inc -> Dell Inc.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe

(Dell Inc -> Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe

(Dell Inc. -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe

(Digital Communications Inc -> Digital Communications Inc) C:\Program Files (x86)\Segurazo\SegurazoUninstaller.exe

(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler.exe

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler64.exe

(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_5061a185bda56841\RstMwService.exe

(Intel® Software Development Products -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_fd0b4b97d35097fa\aesm_service.exe

(Intel® Trust Services -> Intel® Corporation) C:\Program Files\Intel\Intel® Management Engine Components\iCLS\SocketHeciServer.exe

(LogMeIn, Inc. -> LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

(LogMeIn, Inc. -> LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe

(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe

(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\mcafee\WebAdvisor\servicehost.exe

(Mega Limited -> Mega Limited) C:\Users\sam\AppData\Local\MEGAsync\MEGAsync.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wuapihost.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe

(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvddi.inf_amd64_2324095c456594ca\Display.NvContainer\NVDisplay.Container.exe

(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7033.2285\DSAPI.exe

(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7033.2285\pcdrwi.exe

(ProtonVPN AG -> ) C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe

(Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe

(Qualcomm Atheros -> Windows ® Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe

(Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\Synapse3\UserProcess\Razer Synapse Service Process.exe

(Razer USA Ltd. -> Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe

(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe

(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe

(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe

(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe

(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe

(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

(Rivet Networks LLC -> CloudBees, Inc.) C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe

(Rivet Networks LLC -> DELL) C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe

(Rivet Networks LLC -> Rivet Networks LLC) C:\Program Files\Rivet Networks\SmartByte\RNDBWM.exe

(Rivet Networks LLC -> Rivet Networks) C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe

(Skillbrains) [File not signed] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.exe

(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235936 2017-08-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493992 2017-08-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

HKLM\...\Run: [DellMobileConnectWelcome] => C:\Program Files\Dell\DellMobileConnectDrivers\DellMobileConnectWStartup.exe [313064 2018-10-04] (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [319520 2018-08-29] (Intel® Rapid Storage Technology -> Intel Corporation)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)

HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)

HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2410960 2019-03-01] (Adobe Systems Incorporated -> Adobe Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645456 2019-04-01] (Oracle America, Inc. -> Oracle Corporation)

HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] (OOO Lightshot -> )

HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5890504 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)

HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133216 2017-03-23] (Wondershare Technology Co.,Ltd -> Wondershare)

HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1

HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1

HKLM\...\Policies\Explorer: [HideSCAHealth] 1

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION

HKU\S-1-5-21-3762797259-1065414235-235543805-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3289040 2019-12-05] (Valve -> Valve Corporation)

HKU\S-1-5-21-3762797259-1065414235-235543805-1001\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3508464 2019-11-18] (Razer USA Ltd. -> Razer Inc.)

HKU\S-1-5-21-3762797259-1065414235-235543805-1001\...\Run: [BakkesMod] => C:\Users\sam\Desktop\BakkesMod.exe [11271168 2019-04-01] () [File not signed]

HKU\S-1-5-21-3762797259-1065414235-235543805-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35960720 2019-11-09] (Epic Games Inc. -> Epic Games, Inc.)

HKU\S-1-5-21-3762797259-1065414235-235543805-1001\...\Run: [Spotify] => C:\Users\sam\AppData\Roaming\Spotify\Spotify.exe [22051232 2019-12-05] (Spotify AB -> Spotify Ltd)

HKU\S-1-5-21-3762797259-1065414235-235543805-1001\...\Run: [Gif Your Game] => C:\Users\sam\AppData\Local\Programs\badpanda-react\Gif Your Game.exe [80204208 2019-12-09] (Bad Panda, Inc. -> Bad Panda, Inc.)

HKU\S-1-5-21-3762797259-1065414235-235543805-1001\...\Run: [Discord] => C:\Users\sam\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.)

HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3508464 2019-11-18] (Razer USA Ltd. -> Razer Inc.)

HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.108\Installer\chrmstp.exe [2019-11-20] (Google LLC -> Google LLC)

Startup: C:\Users\sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2019-11-22]

ShortcutTarget: MEGAsync.lnk -> C:\Users\sam\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited)

Startup: C:\Users\sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2019-05-16]

ShortcutTarget: Twitch.lnk -> C:\Users\sam\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc. -> Twitch Interactive, Inc.)

FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01BA3712-033F-427C-998E-2A87A874CC1E} - System32\Tasks\GoogleUpdateTaskMachineUA1d57d7ff93a809 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-03] (Google Inc -> Google Inc.)

Task: {030A5240-1E02-4C1E-A383-E5300F75516B} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4639280 2018-12-02] (McAfee, Inc. -> McAfee, Inc.)

Task: {0F7C3D9F-F9C3-4725-B2F2-B27EDBA27CF2} - System32\Tasks\Opera scheduled Autoupdate 1559497199 => C:\Users\sam\AppData\Local\Programs\Opera\launcher.exe [1528344 2019-12-12] (Opera Software AS -> Opera Software)

Task: {1464154B-6349-41BB-B127-843498DA7FF8} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [791232 2019-12-14] (Kaspersky Lab -> AO Kaspersky Lab)

"C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION

Task: {18F30367-9158-4BB7-AE20-5EE5F1BFBCA7} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} "C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe"

Task: {1B3B0682-E4C8-40D1-89C2-DF4F4B680199} - System32\Tasks\update-S-1-5-21-3762797259-1065414235-235543805-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)

Task: {26A91335-78E3-41CB-A818-650B2DC612B7} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [913720 2019-10-24] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {3827D8FB-CC90-4F8A-85F4-8AB0A0A18327} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-03] (Google Inc -> Google Inc.)

Task: {42F69B01-7D15-45EC-A0C2-290116A65F18} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.1.207\DADUpdater.exe

Task: {44660127-690A-4368-88C9-541CE454B531} - System32\Tasks\Red Giant Link => C:\Program [Argument = Files (x86)\Red Giant Link\Red Giant Link.exe]

Task: {5299D29D-F17C-4987-996B-B406CDCE0635} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133368 2019-10-24] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {544845D7-298D-4ADB-A455-74E278B545C0} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [654456 2019-10-24] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {567D657E-DCE6-433A-9565-D3AEB217F442} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-28] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {658DC323-0E56-4886-A101-4E000EF6F5AA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-28] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {6635E7D4-7E55-462A-BCFC-A675077DB027} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)

Task: {6BCB0B97-9E66-458B-AC66-7AA71622445D} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION

Task: {6BFC9AE9-AE70-499D-BE0C-5F066419A1E0} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3301928 2019-10-25] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {7619CE78-CD89-4924-93A9-1F4CC9892F23} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)

Task: {7991CC28-8290-49F4-99C4-4DEBD1B3C9C9} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133368 2019-10-24] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {79DAE953-BE4D-4F9E-B4D4-137AA6C9096A} - System32\Tasks\SmartByte Telemetry => C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe [32448 2018-04-25] (Rivet Networks LLC -> DELL)

Task: {8C2D4AA0-C2CB-4DA5-8507-D93934C0B365} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133368 2019-10-24] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {8D56C7D1-5411-437B-95A6-07F0ED3AB4A0} - System32\Tasks\GoogleUpdateTaskMachineCore1d57d7fe6c967f => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-03] (Google Inc -> Google Inc.)

Task: {991E2B00-8079-4C8B-8A07-B5F29E95B6E0} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [726488 2019-09-10] (Dell Inc. -> Dell Inc.)

Task: {9F17804F-E3B7-4C79-909A-1231DA72BA2C} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1873288 2019-12-14] (AVAST Software s.r.o. -> AVAST Software)

Task: {C77F7A5E-3BD4-4065-B3C9-6AD049CB25ED} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-09-27] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {CCBB5C87-45CA-40DE-8A25-7047C61136AA} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} "C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe"

Task: {D1403994-9260-40D1-B28C-032D27DE6F63} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [488760 2019-07-15] (Bitdefender SRL -> Bitdefender)

Task: {D643E1A0-4E43-46CE-B20C-BBE56BBF9E55} - System32\Tasks\AdobeGCInvoker-1.0-DESKTOP-DHQVSUB-sam => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)

Task: {D86B3FB9-AAF6-4AB5-B88C-565A5A681C90} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-09-27] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {DA521B6D-B3E7-48B3-A6E7-108DD672E142} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-28] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {DCCDA64D-6E6F-4DE5-B94D-3B4E73599F07} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-28] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {E2102924-1A8B-4094-9367-49DD56CEFEF7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-03] (Google Inc -> Google Inc.)

Task: {F4EBC9D5-8A97-4C58-83D7-96B5176FC90E} - System32\Tasks\McAfeeLogon => C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe

Task: {F952A02E-2C46-4149-A027-9EC1C9DF2DC6} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133368 2019-10-24] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {FEA89522-779D-4F39-9302-9A4119FE9296} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [913720 2019-10-24] (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\update-S-1-5-21-3762797259-1065414235-235543805-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

Tcpip\..\Interfaces\{6e164ccb-710a-4219-9a7d-a1fc77fd0be5}: [DhcpNameServer] 10.13.109.99

Tcpip\..\Interfaces\{8f921205-9c22-4e1e-b52c-d7c7e11973c7}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =

HKU\S-1-5-21-3762797259-1065414235-235543805-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_fjnhltxzm_19_50_ssg00&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzz0C0E0CyE0Bzy0ByBtAtAzyzzyBzzzytN0D0Tzu0StBzytDtCtN1L2XzuyEtFyDyBtFtDtFtCtDzytN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyDzytC0BtAtD0EtAtGtBzyzy0BtGyDzyyB0EtGtByD0AtAtGzy0CzytBtCyDzzyD0D0A0D0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy1PtA1R1QzzyEzztGyC1TyCyBtGyE1O1Q1RtG1TtAyB1StG1SzzyEtAyBtC1RyC1PzzyBzy2QtN0A0LzutBtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyByCtCtDyDyEzyzy%26cr%3D555724871%26a%3Dwsg_fjnhltxzm_19_50_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome

SearchScopes: HKU\S-1-5-21-3762797259-1065414235-235543805-1001 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_fjnhltxzm_19_50_ssg00&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzz0C0E0CyE0Bzy0ByBtAtAzyzzyBzzzytN0D0Tzu0StBzytDtCtN1L2XzuyEtFyDyBtFtDtFtCtDzytN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyDzytC0BtAtD0EtAtGtBzyzy0BtGyDzyyB0EtGtByD0AtAtGzy0CzytBtCyDzzyD0D0A0D0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy1PtA1R1QzzyEzztGyC1TyCyBtGyE1O1Q1RtG1TtAyB1StG1SzzyEtAyBtC1RyC1PzzyBzy2QtN0A0LzutBtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyByCtCtDyDyEzyzy%26cr%3D555724871%26a%3Dwsg_fjnhltxzm_19_50_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}

SearchScopes: HKU\S-1-5-21-3762797259-1065414235-235543805-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_fjnhltxzm_19_50_ssg00&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzz0C0E0CyE0Bzy0ByBtAtAzyzzyBzzzytN0D0Tzu0StBzytDtCtN1L2XzuyEtFyDyBtFtDtFtCtDzytN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyDzytC0BtAtD0EtAtGtBzyzy0BtGyDzyyB0EtGtByD0AtAtGzy0CzytBtCyDzzyD0D0A0D0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy1PtA1R1QzzyEzztGyC1TyCyBtGyE1O1Q1RtG1TtAyB1StG1SzzyEtAyBtC1RyC1PzzyBzy2QtN0A0LzutBtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyByCtCtDyDyEzyzy%26cr%3D555724871%26a%3Dwsg_fjnhltxzm_19_50_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}

SearchScopes: HKU\S-1-5-21-3762797259-1065414235-235543805-1001 -> {D096DFE0-4A88-4155-AEB6-DECED1988D66} URL =

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_211\bin\ssv.dll [2019-05-12] (Oracle America, Inc. -> Oracle Corporation)

BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_211\bin\jp2ssv.dll [2019-05-12] (Oracle America, Inc. -> Oracle Corporation)

BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File

FireFox:

========

FF DefaultProfile: qomgciiy.default

FF ProfilePath: C:\Users\sam\AppData\Roaming\Mozilla\Firefox\Profiles\qomgciiy.default [2019-12-16]

FF ProfilePath: C:\Users\sam\AppData\Roaming\Mozilla\Firefox\Profiles\uafj1ahb.default-release [2019-12-16]

FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\sam\AppData\Roaming\Mozilla\Firefox\Profiles\uafj1ahb.default-release\Extensions\[email protected] [2019-12-14]

FF Extension: (Search Manager) - C:\Users\sam\AppData\Roaming\Mozilla\Firefox\Profiles\uafj1ahb.default-release\Extensions\{24436206-088d-4a1a-8d0e-cf93ca7a2d23}.xpi [2019-12-11] [UpdateUrl:hxxps://qupotomu.com/update?x=restype=ffjson]

FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi

FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2019-03-03]

FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSKHKLM => not found

FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi

FF Plugin: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll [2019-05-12] (Oracle America, Inc. -> Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-05-12] (Oracle America, Inc. -> Oracle Corporation)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-03-01] (Adobe Systems Incorporated -> Adobe Systems)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-13] (Google LLC -> Google LLC)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-13] (Google LLC -> Google LLC)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-03-01] (Adobe Systems Incorporated -> Adobe Systems)

Chrome:

=======

CHR DefaultSearchURL: Default -> hxxp://srchbar.com/?q={searchTerms}

CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}

CHR Notifications: Default -> hxxps://vvb6.mentprocester.info

CHR Profile: C:\Users\sam\AppData\Local\Google\Chrome\User Data\Default [2019-12-16]

CHR DownloadDir: C:\Users\sam\Desktop

CHR Extension: (Slides) - C:\Users\sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-03-03]

CHR Extension: (Adblocker for Chrome - NoAds) - C:\Users\sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\alplpnakfeabeiebipdmaenpmbgknjce [2019-06-10]

CHR Extension: (Docs) - C:\Users\sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-03-03]

CHR Extension: (Google Drive) - C:\Users\sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-03-03]

CHR Extension: (Search Manager) - C:\Users\sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhoagceacaklimpcejjofabngcjkebfg [2019-12-11]

CHR Extension: (YouTube) - C:\Users\sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-03-03]

CHR Extension: (Honey) - C:\Users\sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2019-11-21]

CHR Extension: (Tampermonkey) - C:\Users\sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2019-11-30]

CHR Extension: (Sheets) - C:\Users\sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-03-03]

CHR Extension: (Google Docs Offline) - C:\Users\sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-03-03]

CHR Extension: (AdBlock — best ad blocker) - C:\Users\sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-12-06]

CHR Extension: (Grammarly for Chrome) - C:\Users\sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2019-12-12]

CHR Extension: (Search Manager) - C:\Users\sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nccfgpamboionigdpfjmijhlgmgdbael [2019-12-11]

CHR Extension: (Chrome Web Store Payments) - C:\Users\sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-05]

CHR Extension: (SAG) - C:\Users\sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\piljlfgibadchadlhlcfoecfbpdeiemd [2019-12-15]

CHR Extension: (Gmail) - C:\Users\sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29]

CHR Extension: (Chrome Media Router) - C:\Users\sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-10-28]

CHR HKLM\...\Chrome\Extension: [bhoagceacaklimpcejjofabngcjkebfg]

CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

CHR HKLM\...\Chrome\Extension: [nccfgpamboionigdpfjmijhlgmgdbael]

CHR HKU\S-1-5-21-3762797259-1065414235-235543805-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bhoagceacaklimpcejjofabngcjkebfg]

CHR HKU\S-1-5-21-3762797259-1065414235-235543805-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nccfgpamboionigdpfjmijhlgmgdbael]

CHR HKLM-x32\...\Chrome\Extension: [bhoagceacaklimpcejjofabngcjkebfg]

CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [nccfgpamboionigdpfjmijhlgmgdbael]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2019-03-01] (Adobe Systems Incorporated -> Adobe Inc.)

R2 AESMService; C:\WINDOWS\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_fd0b4b97d35097fa\aesm_service.exe [716824 2019-09-22] (Intel® Software Development Products -> Intel Corporation)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3147344 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2914896 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)

R2 AtherosSvc; C:\WINDOWS\System32\drivers\AdminService.exe [424288 2018-05-23] (Qualcomm Atheros -> Windows ® Win 7 DDK provider)

R2 bdredline; C:\Program Files\Bitdefender Antivirus Free\bdredline.exe [2500144 2019-03-27] (Bitdefender SRL -> Bitdefender)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8395968 2019-11-02] (BattlEye Innovations e.K. -> )

R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [209448 2019-05-21] (Dell Inc -> Dell Inc.)

R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3373600 2019-05-21] (Dell Inc -> Dell Inc.)

R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [218144 2019-05-21] (Dell Inc -> Dell Inc.)

R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7033.2285\DSAPI.exe [1050952 2019-09-13] (PC-Doctor, Inc. -> PC-Doctor, Inc.)

R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [293528 2018-10-20] (Dell Inc -> Dell Inc.)

R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [35976 2019-04-03] (Dell Inc -> )

S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2019-04-27] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)

R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3361736 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)

S3 iaStorAfsService; C:\WINDOWS\System32\iaStorAfsService.exe [2789792 2018-08-29] (Intel® Rapid Storage Technology -> Intel Corporation)

R3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel® Management Engine Components\iCLS\SocketHeciServer.exe [743728 2017-11-08] (Intel® Trust Services -> Intel® Corporation)

S2 Intel® TPM Provisioning Service; C:\Program Files\Intel\Intel® Management Engine Components\iCLS\TPMProvisioningService.exe [720184 2017-11-08] (Intel® Trust Services -> Intel® Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [213648 2017-11-22] (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation)

R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc. -> LogMeIn, Inc.)

R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [899640 2019-03-03] (McAfee, Inc. -> McAfee, Inc.)

S3 mracsvc; C:\WINDOWS\System32\mracsvc.exe [18953880 2019-09-26] (Mail.Ru LLC -> LLC Mail.Ru)

R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-09-27] (NVIDIA Corporation -> NVIDIA Corporation)

S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-09-27] (NVIDIA Corporation -> NVIDIA Corporation)

R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1291888 2019-07-15] (Bitdefender SRL -> Bitdefender)

R2 ProtonVPN Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe [88888 2019-04-23] (ProtonVPN AG -> )

R2 QcomWlanSrv; C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe [190296 2018-05-23] (Qualcomm Atheros -> Qualcomm Technologies Inc.)

R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [974936 2019-11-14] (Razer USA Ltd. -> Razer Inc.)

R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [1457240 2019-11-14] (Razer USA Ltd. -> Razer Inc.)

R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [253776 2019-10-01] (Razer USA Ltd. -> Razer Inc)

R2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [287472 2019-11-18] (Razer USA Ltd. -> Razer Inc.)

R2 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [64184 2018-04-25] (Rivet Networks LLC -> CloudBees, Inc.)

S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)

R2 RstMwService; C:\WINDOWS\System32\DriverStore\FileRepository\iastorac.inf_amd64_5061a185bda56841\RstMwService.exe [1970592 2018-08-29] (Intel® Rapid Storage Technology -> Intel Corporation)

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324576 2017-08-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [532864 2019-10-28] (Razer USA Ltd. -> Razer Inc.)

R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [290864 2019-12-04] (Razer USA Ltd. -> Razer Inc.)

R2 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2114248 2018-04-25] (Rivet Networks LLC -> Rivet Networks)

R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [48600 2019-09-10] (Dell Inc. -> Dell Inc.)

R2 updatesrv; C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [238376 2019-11-22] (Bitdefender SRL -> Bitdefender)

R2 vsserv; C:\Program Files\Bitdefender Antivirus Free\vsserv.exe [238376 2019-11-22] (Bitdefender SRL -> Bitdefender)

R2 vsservppl; C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [238376 2019-11-22] (Bitdefender SRL -> Bitdefender)

S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\NisSrv.exe [3201616 2019-10-28] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Video Converter Ultimate\Transfer\DriverInstall.exe [107760 2019-09-26] (Wondershare Technology Co.,Ltd -> Wondershare)

S3 wuauserv; C:\WINDOWS\system32\svchost.exe [51696 2018-09-14] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)

S3 wuauserv; C:\WINDOWS\SysWOW64\svchost.exe [45448 2018-09-14] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)

S2 0310251551642761mcinstcleanup; C:\WINDOWS\TEMP\031025~1.EXE -cleanup -nolog [X]

S3 McAWFwk; "c:\Program Files\Common Files\mcafee\actwiz\McAWFwk.exe" [X]

S2 mccspsvc; "C:\Program Files\Common Files\McAfee\CSP\3.0.127.0\\McCSPServiceHost.exe" [X]

S2 mfemms; "C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe" [X]

S2 ModuleCoreService; "C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe" [X]

R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvddi.inf_amd64_2324095c456594ca\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvddi.inf_amd64_2324095c456594ca\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

S2 PEFService; "C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [1693368 2019-09-23] (Bitdefender SRL -> Bitdefender S.R.L. Bucharest, ROMANIA)

R1 BadlionAnticheat; C:\WINDOWS\system32\drivers\BadlionAnticheat.sys [2490088 2019-09-30] (Microsoft Windows Hardware Compatibility Publisher -> <Turtle Entertainment>)

R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [739024 2019-11-13] (Bitdefender SRL -> Bitdefender)

S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [22960 2019-03-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)

R3 CyUcmClient_Device; C:\WINDOWS\System32\drivers\CyUcmClient.sys [133480 2017-06-22] (Cypress Semiconductor Corporation -> Cypress Semiconductor Corporation)

R3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [36728 2019-05-21] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)

R3 edrsensor; C:\WINDOWS\System32\DRIVERS\edrsensor.sys [309144 2019-10-30] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)

R0 FACEIT; C:\WINDOWS\System32\Drivers\FACEIT.sys [16198008 2019-06-20] (FACE IT LIMITED -> )

R1 Gemma; C:\WINDOWS\System32\DRIVERS\gemma.sys [564136 2019-11-18] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)

R0 gzflt; C:\WINDOWS\System32\drivers\gzflt.sys [188384 2018-11-28] (Bitdefender SRL -> BitDefender LLC)

S3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [45680 2019-04-02] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)

R3 HfAudio; C:\WINDOWS\System32\drivers\HfAudio.sys [91200 2018-10-04] (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)

R0 iaStorAC; C:\WINDOWS\System32\drivers\iaStorAC.sys [1094048 2018-08-29] (Intel® Rapid Storage Technology -> Intel Corporation)

S3 iaStorAfs; C:\WINDOWS\System32\drivers\iaStorAfs.sys [74656 2018-08-29] (Intel® Rapid Storage Technology -> Intel Corporation)

S3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [506384 2018-10-03] (McAfee, Inc. -> McAfee, LLC)

S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108848 2018-10-02] (McAfee, Inc. -> McAfee LLC.)

S3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [115728 2018-10-03] (McAfee, Inc. -> McAfee, LLC)

S3 mracdrv; C:\WINDOWS\System32\drivers\mracdrv.sys [18189864 2019-09-26] (Mail.Ru LLC -> LLC Mail.Ru)

R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)

R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvddi.inf_amd64_2324095c456594ca\nvlddmkm.sys [23231744 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)

S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-07-23] (NVIDIA Corporation -> NVIDIA Corporation)

S3 NVSWCFilter; C:\WINDOWS\System32\drivers\nvswcfilter.sys [45152 2018-10-04] (NVIDIA Corporation -> NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69840 2019-03-18] (NVIDIA Corporation -> NVIDIA Corporation)

R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [75600 2019-04-16] (NVIDIA Corporation -> NVIDIA Corporation)

S3 ProtonVPNSplitTunnelCalloutDriver; C:\Program Files (x86)\Proton Technologies\ProtonVPN\Resources\64-bit\win10\ProtonVPNSplitTunnelCalloutDriver.Sys [48664 2019-04-03] (Microsoft Windows Hardware Compatibility Publisher -> )

R3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2358112 2018-05-23] (Qualcomm Atheros -> Qualcomm Atheros, Inc.)

R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1009120 2017-09-19] (Realtek Semiconductor Corp. -> Realtek )

R3 RzCommon; C:\WINDOWS\System32\drivers\RzCommon.sys [50240 2019-09-19] (Razer USA Ltd. -> Razer Inc)

R3 RzDev_005c; C:\WINDOWS\System32\drivers\RzDev_005c.sys [51992 2019-10-10] (Razer USA Ltd. -> Razer Inc)

R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)

R3 ScrHIDDriver2; C:\WINDOWS\System32\drivers\ScrHIDDriver2.sys [75800 2018-10-04] (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)

S3 SilvrLnk; C:\WINDOWS\System32\drivers\silvrlnk.sys [129536 2012-03-07] (Microsoft Windows Hardware Compatibility Publisher -> Texas Instruments)

R3 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [120008 2018-04-25] (Rivet Networks LLC -> Rivet Networks, LLC.)

R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2017-07-28] (Valve Corp. -> )

R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2017-07-20] (Valve Corp. -> )

R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)

R3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [44976 2018-09-06] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)

S3 TIEHDUSB; C:\WINDOWS\System32\drivers\tiehdusb.sys [128512 2012-03-07] (Microsoft Windows Hardware Compatibility Publisher -> Texas Instruments)

R2 trufos; C:\WINDOWS\System32\drivers\trufos.sys [637112 2019-10-22] (Bitdefender SRL -> Bitdefender)

S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46472 2019-10-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [351968 2019-10-28] (Microsoft Windows -> Microsoft Corporation)

S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53984 2019-10-28] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-12-16 20:44 - 2019-12-16 20:46 - 000047765 _____ C:\Users\sam\Desktop\FRST.txt

2019-12-16 20:43 - 2019-12-16 20:43 - 002264064 _____ (Farbar) C:\Users\sam\Desktop\FRST64.exe

2019-12-16 20:41 - 2019-12-16 20:45 - 000000000 ____D C:\FRST

2019-12-16 20:41 - 2019-12-16 20:41 - 002264064 _____ (Farbar) C:\Users\sam\Downloads\FRST64.exe

2019-12-16 20:04 - 2019-12-16 20:04 - 000075292 _____ C:\ProgramData\agent.update.1576555427.bdinstall.v2.bin

2019-12-16 17:33 - 2019-12-16 17:33 - 000001194 _____ C:\Users\sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free.lnk

2019-12-16 17:32 - 2019-03-20 23:12 - 000022960 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys

2019-12-16 17:30 - 2019-12-16 17:30 - 000001209 _____ C:\Users\Public\Desktop\Bitdefender Antivirus Free.lnk

2019-12-16 17:30 - 2019-12-16 17:30 - 000001209 _____ C:\ProgramData\Desktop\Bitdefender Antivirus Free.lnk

2019-12-16 17:30 - 2019-12-16 17:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free

2019-12-16 17:30 - 2019-12-16 17:30 - 000000000 ____D C:\ProgramData\Bitdefender

2019-12-16 17:30 - 2019-10-30 08:45 - 000309144 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\edrsensor.sys

2019-12-16 17:30 - 2019-10-22 12:38 - 000637112 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\trufos.sys

2019-12-16 17:30 - 2018-11-28 05:45 - 000188384 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys

2019-12-16 17:29 - 2019-11-18 19:08 - 000564136 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\gemma.sys

2019-12-16 17:29 - 2019-11-13 17:32 - 000739024 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bddci.sys

2019-12-16 17:29 - 2019-09-23 09:43 - 001693368 _____ (Bitdefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\atc.sys

2019-12-16 17:22 - 2019-12-16 17:22 - 000003802 _____ C:\WINDOWS\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864

2019-12-16 17:20 - 2019-12-16 20:52 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free

2019-12-16 17:18 - 2019-12-16 20:04 - 000000000 ____D C:\Program Files\Bitdefender Agent

2019-12-16 17:18 - 2019-12-16 17:18 - 010527368 _____ C:\Users\sam\Downloads\bitdefender_online.exe

2019-12-16 17:18 - 2019-12-16 17:18 - 000103384 _____ C:\ProgramData\agent.1576545530.bdinstall.v2.bin

2019-12-16 17:18 - 2019-12-16 17:18 - 000000000 ____D C:\ProgramData\Bitdefender Agent

2019-12-16 17:13 - 2019-12-16 17:13 - 019255000 _____ (Microsoft Corporation) C:\Users\sam\Downloads\MediaCreationTool1909 (1).exe

2019-12-16 17:13 - 2019-12-16 17:13 - 000000000 ___HD C:\$Windows.~WS

2019-12-16 17:12 - 2019-12-16 17:18 - 000000000 ____D C:\ESD

2019-12-16 17:10 - 2019-12-16 17:10 - 019255000 _____ (Microsoft Corporation) C:\Users\sam\Downloads\MediaCreationTool1909.exe

2019-12-16 16:49 - 2019-12-16 16:49 - 000000000 ____D C:\WINDOWS\SysWOW64\%Data%

2019-12-16 15:48 - 2019-12-16 16:29 - 000000000 ___HD C:\$SysReset

2019-12-14 19:35 - 2019-12-16 17:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection

2019-12-14 19:35 - 2019-12-14 19:35 - 000003240 _____ C:\WINDOWS\system32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}

2019-12-14 19:33 - 2019-12-16 17:25 - 000000000 ____D C:\ProgramData\Kaspersky Lab

2019-12-14 19:27 - 2019-12-14 19:28 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files

2019-12-14 19:27 - 2019-12-14 19:27 - 002881472 _____ (Kaspersky Lab) C:\Users\sam\Downloads\ks3.020.0.14.1085aen_es_fr_19095.exe

2019-12-14 19:22 - 2019-12-14 19:23 - 000161544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys

2019-12-14 19:16 - 2019-12-14 19:16 - 000000000 ____D C:\Program Files\Common Files\AVAST Software

2019-12-14 19:16 - 2019-12-14 19:15 - 000854696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys.157637981318708

2019-12-14 19:15 - 2019-12-14 19:31 - 000000000 ____D C:\ProgramData\AVAST Software

2019-12-14 19:14 - 2019-12-14 19:14 - 000230080 _____ (AVAST Software) C:\Users\sam\Downloads\avast_free_antivirus_setup_online.exe

2019-12-14 16:55 - 2019-12-14 16:55 - 000652848 _____ (Shark Labs) C:\Users\sam\Downloads\VoiceChanger64f(1.10).exe

2019-12-14 16:55 - 2019-12-14 16:55 - 000002164 _____ C:\Users\Public\Desktop\ClownfishVoiceChanger.lnk

2019-12-14 16:55 - 2019-12-14 16:55 - 000002164 _____ C:\ProgramData\Desktop\ClownfishVoiceChanger.lnk

2019-12-14 16:55 - 2019-12-14 16:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClownfishVoiceChanger

2019-12-13 15:53 - 2019-12-13 15:53 - 000001905 _____ C:\Users\Public\Desktop\Alpha Console.lnk

2019-12-13 15:53 - 2019-12-13 15:53 - 000001905 _____ C:\ProgramData\Desktop\Alpha Console.lnk

2019-12-13 15:52 - 2019-12-14 19:16 - 000000000 ____D C:\avast! sandbox

2019-12-13 15:51 - 2019-12-13 15:51 - 035678645 _____ (AlphaConsole ) C:\Users\sam\Downloads\AlphaConsole_Setup_9.15.4.0.exe

2019-12-12 17:46 - 2019-12-14 19:16 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software

2019-12-11 17:33 - 2019-12-11 17:33 - 029156400 _____ C:\Users\sam\Downloads\Reality PSD.psd

2019-12-11 15:19 - 2019-12-11 15:19 - 000000000 ___HD C:\$AV_AVG

2019-12-11 15:15 - 2019-12-11 15:19 - 000000000 ____D C:\Program Files (x86)\PremierOpinion

2019-12-11 15:09 - 2019-12-13 18:43 - 000000000 ____D C:\Users\sam\AppData\Local\AVG

2019-12-11 15:05 - 2019-12-11 15:12 - 000000000 ____D C:\Users\sam\AppData\Local\22a66be3f8029028

2019-12-11 15:05 - 2019-12-11 15:06 - 000000000 ____D C:\ProgramData\{DF03E33F-F72B-9B47-AF73-B36F479B6BB7}

2019-12-11 15:05 - 2019-12-11 15:05 - 000001359 _____ C:\Users\sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HowToRemove.lnk

2019-12-11 15:05 - 2019-12-11 15:05 - 000000000 ____D C:\Users\sam\AppData\Local\{D923EF7F-FD8B-83C7-9013-A62FB47B5AB7}

2019-12-11 15:04 - 2019-12-16 20:19 - 000000000 ____D C:\Program Files (x86)\Segurazo

2019-12-11 15:04 - 2019-12-13 18:43 - 000000000 ____D C:\ProgramData\AVG

2019-12-11 15:04 - 2019-12-11 15:04 - 003055328 _____ (Pokibagel ) C:\Users\sam\Downloads\SpotifyFullSetup_0886379966.exe

2019-12-11 14:06 - 2019-12-11 14:06 - 000032670 _____ C:\Users\sam\Downloads\LongEssay_F2019.pdf

2019-12-11 00:04 - 2019-12-11 00:04 - 032250312 _____ C:\Users\sam\Downloads\18 Views of Plane Impact in South Tower 911 World Trade Center [HD DOWNLOAD].mp4

2019-12-10 23:58 - 2019-12-10 23:58 - 000395790 _____ C:\Users\sam\Downloads\Explosion croma key green screen with explosion sound effect!.mp4

2019-12-10 23:53 - 2019-12-10 23:53 - 003551186 _____ C:\Users\sam\Downloads\Lego flash bang Granade.mp4

2019-12-10 23:37 - 2019-12-10 23:38 - 000560760 _____ C:\Users\sam\Downloads\Neck crack.mp4

2019-12-10 23:35 - 2019-12-10 23:35 - 000343146 _____ C:\Users\sam\Downloads\YOU DIED (HD).mp4

2019-12-10 23:32 - 2019-12-10 23:32 - 000109450 _____ C:\Users\sam\Downloads\hydro.mp4

2019-12-10 21:54 - 2019-12-10 21:55 - 000000000 ____D C:\WINDOWS\LastGood

2019-12-10 21:38 - 2019-12-08 07:30 - 011843728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll

2019-12-10 21:38 - 2019-12-08 07:30 - 001729232 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe

2019-12-10 21:38 - 2019-12-08 07:30 - 001729232 _____ C:\WINDOWS\system32\vulkaninfo.exe

2019-12-10 21:38 - 2019-12-08 07:30 - 001329360 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe

2019-12-10 21:38 - 2019-12-08 07:30 - 001329360 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe

2019-12-10 21:38 - 2019-12-08 07:30 - 001078992 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll

2019-12-10 21:38 - 2019-12-08 07:30 - 001078992 _____ C:\WINDOWS\system32\vulkan-1.dll

2019-12-10 21:38 - 2019-12-08 07:30 - 000937680 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll

2019-12-10 21:38 - 2019-12-08 07:30 - 000937680 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll

2019-12-10 21:38 - 2019-12-08 07:30 - 000451440 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll

2019-12-10 21:38 - 2019-12-08 07:30 - 000352504 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll

2019-12-10 21:38 - 2019-12-08 07:29 - 010167744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll

2019-12-10 21:38 - 2019-12-08 07:29 - 001001408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll

2019-12-10 21:38 - 2019-12-08 07:29 - 000824256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll

2019-12-10 21:38 - 2019-12-08 07:29 - 000676608 _____ C:\WINDOWS\system32\nvofapi64.dll

2019-12-10 21:38 - 2019-12-08 07:29 - 000545296 _____ C:\WINDOWS\SysWOW64\nvofapi.dll

2019-12-10 21:38 - 2019-12-08 07:28 - 017462400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll

2019-12-10 21:38 - 2019-12-08 07:28 - 015030896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll

2019-12-10 21:38 - 2019-12-08 07:28 - 005382232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll

2019-12-10 21:38 - 2019-12-08 07:28 - 004717656 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll

2019-12-10 21:38 - 2019-12-08 07:28 - 001568504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll

2019-12-10 21:38 - 2019-12-08 07:28 - 001483712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll

2019-12-10 21:38 - 2019-12-08 07:28 - 001371648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll

2019-12-10 21:38 - 2019-12-08 07:28 - 001146880 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll

2019-12-10 21:38 - 2019-12-08 07:28 - 001064840 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll

2019-12-10 21:38 - 2019-12-08 07:28 - 000812800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll

2019-12-10 21:38 - 2019-12-08 07:28 - 000684992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll

2019-12-10 21:38 - 2019-12-08 07:28 - 000573176 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe

2019-12-10 21:38 - 2019-12-08 07:28 - 000557072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll

2019-12-10 21:38 - 2019-12-08 07:28 - 000452720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe

2019-12-10 21:38 - 2019-12-08 07:27 - 040510424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll

2019-12-10 21:38 - 2019-12-08 07:27 - 035380264 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll

2019-12-10 21:38 - 2019-12-08 07:27 - 004224176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll

2019-12-10 21:38 - 2019-12-08 07:27 - 000858712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe

2019-12-10 21:38 - 2019-12-06 20:31 - 000075706 _____ C:\WINDOWS\system32\nvinfo.pb

2019-12-09 21:00 - 2019-12-09 21:00 - 000000024 _____ C:\WINDOWS\system32\WinUpdates105.dat

2019-12-09 21:00 - 2019-12-09 21:00 - 000000003 _____ C:\WINDOWS\system32\wdbcache.tmp

2019-12-09 21:00 - 2019-12-01 14:06 - 000024512 _____ C:\WINDOWS\system32\7B296FC0-376B-497d-B013-58F4D9633A22-5P-1.B5841A4C-A289-439d-8115-50AB69CD450

2019-12-05 20:09 - 2019-12-05 20:17 - 096244677 _____ C:\Users\sam\Desktop\History of Cameras_1.mp4

2019-12-03 22:15 - 2019-12-03 22:15 - 000000219 _____ C:\Users\sam\Desktop\Team Fortress 2.url

2019-12-03 17:33 - 2019-12-03 17:33 - 000000039 _____ C:\Users\sam\AppData\Local\kritadisplayrc

2019-12-03 17:02 - 2019-12-03 17:33 - 000016144 _____ C:\Users\sam\AppData\Local\kritarc

2019-12-03 17:02 - 2019-12-03 17:02 - 000000000 ____D C:\Users\sam\AppData\Roaming\krita

2019-12-03 17:02 - 2019-12-03 17:02 - 000000000 ____D C:\Users\sam\AppData\Local\krita

2019-12-01 21:49 - 2019-12-01 21:49 - 000000000 ____D C:\Users\sam\AppData\LocalLow\HFM Games

2019-12-01 21:41 - 2019-12-01 21:41 - 000000222 _____ C:\Users\sam\Desktop\Hand Simulator.url

2019-12-01 16:54 - 2019-12-01 16:55 - 000000598 _____ C:\ProgramData\ClownfishVoiceChanger.ini

2019-12-01 16:54 - 2019-12-01 16:54 - 000000000 ____D C:\ProgramData\ClownfishSoundTemp

2019-12-01 16:54 - 2019-12-01 16:54 - 000000000 ____D C:\ProgramData\Clownfish_VST_cfg

2019-12-01 16:52 - 2019-12-01 16:52 - 000002225 _____ C:\Users\sam\Desktop\Discord.lnk

2019-12-01 16:51 - 2019-12-01 16:52 - 000000000 ____D C:\Users\sam\AppData\Local\Discord

2019-12-01 16:51 - 2019-12-01 16:51 - 061370712 _____ (Discord Inc.) C:\Users\sam\Downloads\DiscordSetup (2).exe

2019-12-01 16:46 - 2019-12-14 19:06 - 000000000 ____D C:\Users\sam\AppData\Roaming\Discord

2019-12-01 15:22 - 2019-12-01 15:22 - 061370712 _____ (Discord Inc.) C:\Users\sam\Downloads\DiscordSetup (1).exe

2019-12-01 14:06 - 2019-12-01 14:06 - 000024512 _____ C:\WINDOWS\system32\7B296FC0-376B-497d-B013-58F4D9633A22-5P-1.B5841A4C-A289-439d-8115-50AB69CD450B

2019-12-01 14:06 - 2019-12-01 14:06 - 000000000 _____ C:\WINDOWS\system32\setup4.2.6.tmp

2019-12-01 13:55 - 2019-12-05 19:26 - 000000000 ____D C:\Users\sam\Desktop\History of Cameras Pictures

2019-11-30 15:52 - 2019-12-11 00:08 - 000000000 ____D C:\Users\sam\Desktop\GYG Montage

2019-11-23 14:58 - 2019-11-23 14:58 - 000634400 _____ (Shark Labs) C:\Users\sam\Downloads\VoiceChanger64(1.10).exe

2019-11-23 14:00 - 2019-11-23 14:00 - 000000000 ____D C:\Users\sam\AppData\Local\Prominence

2019-11-22 18:53 - 2019-11-22 18:54 - 041525176 _____ C:\Users\sam\Desktop\soggy aecfinal_Trim_Trim.mp4

2019-11-22 18:52 - 2019-11-22 18:52 - 232380651 _____ C:\Users\sam\Desktop\soggy aecfinal_Trim.mp4

2019-11-22 17:58 - 2019-12-03 17:23 - 000000000 ____D C:\Users\sam\Documents\MEGAsync Downloads

2019-11-22 17:57 - 2019-11-22 17:57 - 000000000 ___RD C:\Users\sam\Documents\MEGAsync

2019-11-22 17:55 - 2019-11-22 17:55 - 000001121 _____ C:\Users\sam\Desktop\MEGAsync.lnk

2019-11-22 17:55 - 2019-11-22 17:55 - 000000000 ____D C:\Users\sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync

2019-11-22 17:55 - 2019-11-22 17:55 - 000000000 ____D C:\Users\sam\AppData\Local\MEGAsync

2019-11-22 17:55 - 2019-11-22 17:55 - 000000000 ____D C:\Users\sam\AppData\Local\Mega Limited

2019-11-22 17:51 - 2019-11-22 17:52 - 033424624 _____ (MEGA Limited) C:\Users\sam\Downloads\MEGAsyncSetup.exe

2019-11-22 17:49 - 2019-11-22 17:49 - 000001654 _____ C:\Users\sam\Downloads\READ BEFORE DOWNLOADING CLIPS.txt

2019-11-21 22:13 - 2019-11-21 22:13 - 000047271 _____ C:\Users\sam\Downloads\History of Cameras.pdf

2019-11-21 20:46 - 2019-11-21 20:46 - 000270378 _____ C:\Users\sam\Downloads\Lab 6 CHM130LL Empirical Formula of Magnesium Oxide w answers.pdf

2019-11-21 19:11 - 2019-11-21 19:11 - 000000222 _____ C:\Users\sam\Desktop\Prominence Poker.url

2019-11-21 19:10 - 2019-11-21 19:10 - 000000222 _____ C:\Users\sam\Desktop\Downtown Casino Texas Hold'em Poker.url

2019-11-18 18:31 - 2019-11-18 18:31 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf

2019-11-18 18:27 - 2019-11-18 18:27 - 000000000 ____D C:\Program Files (x86)\WondershareUpdate

2019-11-18 18:26 - 2019-11-18 18:29 - 000000000 ____D C:\Wondershare UniConverter

2019-11-18 18:26 - 2019-11-18 18:26 - 000000000 ____D C:\Users\sam\AppData\Roaming\Wondershare

2019-11-18 18:26 - 2019-11-18 18:26 - 000000000 ____D C:\ProgramData\GraphicsType

2019-11-18 18:25 - 2019-11-18 18:26 - 000000000 ____D C:\Users\sam\AppData\Local\Wondershare

2019-11-18 18:25 - 2019-11-18 18:25 - 000001304 _____ C:\Users\Public\Desktop\Wondershare UniConverter.lnk

2019-11-18 18:25 - 2019-11-18 18:25 - 000001304 _____ C:\ProgramData\Desktop\Wondershare UniConverter.lnk

2019-11-18 18:25 - 2019-11-18 18:25 - 000000000 ____D C:\ProgramData\Wondershare MediaServer

2019-11-18 18:25 - 2019-11-18 18:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare

2019-11-18 18:24 - 2019-11-18 18:27 - 000000000 ____D C:\ProgramData\Wondershare

2019-11-18 18:24 - 2019-11-18 18:24 - 000000000 ____D C:\Users\sam\AppData\Roaming\TransferSupport

2019-11-18 18:24 - 2019-11-18 18:24 - 000000000 ____D C:\Program Files (x86)\Wondershare

2019-11-18 18:23 - 2019-11-18 18:26 - 000000000 ____D C:\Users\Public\Documents\Wondershare

2019-11-18 18:23 - 2019-11-18 18:26 - 000000000 ____D C:\ProgramData\Documents\Wondershare

2019-11-18 18:23 - 2019-11-18 18:23 - 000990312 _____ C:\Users\sam\Downloads\video-converter-ultimate_setup_full495.exe

2019-11-18 18:13 - 2019-11-18 18:13 - 094328396 _____ C:\Users\sam\Downloads\Luke_TD-Jesuit (1).MOV

2019-11-18 18:12 - 2019-11-18 18:12 - 094328396 _____ C:\Users\sam\Downloads\Luke_TD-Jesuit.MOV

2019-11-18 18:09 - 2019-11-18 18:09 - 002177265 _____ C:\Users\sam\Desktop\slow mo effect.mp4

2019-11-18 18:07 - 2019-11-18 18:07 - 016254245 _____ C:\Users\sam\Downloads\Top 5 Slow Motion Sound Effects.mp4

2019-11-16 22:12 - 2019-11-16 22:14 - 003333764 _____ C:\Users\sam\Downloads\attachments.zip

2019-11-16 20:20 - 2019-12-16 20:02 - 000001206 _____ C:\ProgramData\NvcDispCorePlugin.log_backup1

2019-11-16 20:20 - 2019-11-16 20:20 - 000000000 ____D C:\WINDOWS\LastGood.Tmp

2019-11-16 20:15 - 2019-11-06 20:23 - 000081581 _____ C:\WINDOWS\system32\nvidia-smi.1.pdf

2019-11-16 17:08 - 2019-11-16 20:29 - 000000000 ____D C:\Program Files (x86)\Call of Duty Modern Warfare

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-12-16 20:42 - 2019-03-02 23:54 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2019-12-16 20:20 - 2019-03-02 23:47 - 000032768 _____ C:\WINDOWS\system32\config\ELAM

2019-12-16 20:20 - 2019-01-04 03:27 - 000000000 ____D C:\ProgramData\NVIDIA

2019-12-16 20:17 - 2019-09-30 18:01 - 000000000 ____D C:\Users\sam\AppData\Roaming\badpanda-react

2019-12-16 20:17 - 2019-09-07 15:45 - 000000000 ____D C:\Users\sam\AppData\Local\LogMeIn Hamachi

2019-12-16 20:16 - 2019-03-03 00:27 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT

2019-12-16 20:15 - 2019-04-24 17:14 - 000021827 _____ C:\ProgramData\NVDisplayContainerWatchdog.log_backup1

2019-12-16 20:15 - 2019-04-24 17:14 - 000017982 _____ C:\ProgramData\NVDisplay.ContainerLocalSystem.log_backup1

2019-12-16 20:15 - 2019-04-24 17:14 - 000017502 _____ C:\ProgramData\DisplaySessionContainer1.log_backup1

2019-12-16 20:15 - 2019-03-02 23:47 - 000786432 _____ C:\WINDOWS\system32\config\BBI

2019-12-16 20:02 - 2019-03-03 00:33 - 000000000 ____D C:\Users\sam

2019-12-16 20:02 - 2019-03-03 00:11 - 000000000 ____D C:\WINDOWS\system32\SleepStudy

2019-12-16 17:33 - 2019-03-02 23:54 - 000000000 ___HD C:\WINDOWS\ELAMBKUP

2019-12-16 17:25 - 2019-03-02 23:53 - 000000000 ____D C:\WINDOWS\INF

2019-12-16 17:24 - 2019-01-04 03:34 - 000000000 ____D C:\Program Files\Common Files\av

2019-12-16 17:14 - 2019-08-28 19:27 - 000026087 _____ C:\WINDOWS\diagwrn.xml

2019-12-16 17:14 - 2019-08-28 19:27 - 000020958 _____ C:\WINDOWS\diagerr.xml

2019-12-16 17:14 - 2019-03-13 15:54 - 000000000 ____D C:\Users\sam\AppData\Local\CrashDumps

2019-12-16 17:14 - 2019-03-02 23:47 - 000000000 ____D C:\WINDOWS\Panther

2019-12-16 17:10 - 2019-03-18 23:02 - 000000000 ____D C:\$WINDOWS.~BT

2019-12-16 16:29 - 2019-03-02 23:49 - 000000000 ____D C:\WINDOWS\CbsTemp

2019-12-16 14:30 - 2019-06-02 09:40 - 000001395 _____ C:\Users\sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk

2019-12-15 23:16 - 2019-03-03 10:23 - 000000000 ____D C:\Users\sam\AppData\Local\Spotify

2019-12-15 23:13 - 2019-03-03 00:38 - 000000000 ____D C:\Program Files (x86)\Steam

2019-12-15 22:43 - 2019-03-03 10:23 - 000000000 ____D C:\Users\sam\AppData\Roaming\Spotify

2019-12-15 22:22 - 2019-03-26 17:31 - 000000619 _____ C:\Users\sam\Documents\ClownfishVoiceChanger.ini

2019-12-14 19:06 - 2019-03-03 10:30 - 000000000 ____D C:\Users\sam\AppData\Local\D3DSCache

2019-12-14 16:55 - 2019-05-20 10:43 - 000000000 ____D C:\Program Files (x86)\ClownfishVoiceChanger

2019-12-13 18:43 - 2019-06-25 11:03 - 000000416 _____ C:\WINDOWS\Tasks\update-sys.job

2019-12-13 18:43 - 2019-06-25 11:03 - 000000416 _____ C:\WINDOWS\Tasks\update-S-1-5-21-3762797259-1065414235-235543805-1001.job

2019-12-13 18:34 - 2019-10-07 18:21 - 000003376 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA1d57d7ff93a809

2019-12-13 18:34 - 2019-10-07 18:21 - 000003152 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore1d57d7fe6c967f

2019-12-13 18:34 - 2019-10-02 17:35 - 000002608 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0

2019-12-13 18:34 - 2019-05-29 14:46 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2019-12-13 18:34 - 2019-05-29 14:46 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2019-12-13 18:34 - 2019-05-29 14:46 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2019-12-13 18:34 - 2019-05-29 14:46 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2019-12-13 18:34 - 2019-03-03 00:55 - 000003398 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2019-12-13 18:34 - 2019-03-03 00:55 - 000003196 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2019-12-13 18:34 - 2019-03-03 00:55 - 000003152 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2019-12-13 18:34 - 2019-03-03 00:55 - 000002914 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2019-12-13 18:34 - 2019-03-03 00:27 - 000002984 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2019-12-13 18:34 - 2019-03-03 00:27 - 000002744 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2019-12-12 17:52 - 2019-03-03 01:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer Cortex

2019-12-12 14:15 - 2019-10-02 17:35 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData

2019-12-12 14:15 - 2019-10-02 17:35 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData

2019-12-10 23:33 - 2019-03-03 00:57 - 000000000 ____D C:\Users\sam\AppData\Local\NVIDIA

2019-12-09 20:57 - 2019-09-30 18:00 - 000002346 _____ C:\Users\sam\Desktop\Gif Your Game.lnk

2019-12-08 17:45 - 2019-07-28 19:49 - 000000000 ____D C:\Users\sam\Documents\Lightshot

2019-12-08 16:28 - 2019-03-25 18:42 - 000001429 _____ C:\Users\sam\Desktop\Roblox Player.lnk

2019-12-08 16:28 - 2019-03-25 18:42 - 000001244 _____ C:\Users\sam\Desktop\Roblox Studio.lnk

2019-12-08 16:28 - 2019-03-25 18:42 - 000000000 ____D C:\Users\sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox

2019-12-08 15:34 - 2019-03-02 23:54 - 000000000 ___RD C:\Program Files\Windows Defender

2019-12-08 07:28 - 2019-05-09 18:23 - 002076064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll

2019-12-08 07:28 - 2019-03-21 16:31 - 000659152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll

2019-12-08 07:27 - 2019-02-08 20:12 - 004957288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll

2019-12-08 00:13 - 2019-04-24 20:45 - 000013781 _____ C:\ProgramData\DisplaySessionContainer2.log_backup1

2019-12-05 19:36 - 2019-05-17 13:28 - 000000000 ____D C:\Users\sam\AppData\Roaming\slobs-client

2019-12-05 19:23 - 2019-05-14 10:23 - 000000000 ____D C:\Program Files\Streamlabs OBS

2019-12-05 17:23 - 2019-03-02 23:54 - 000000000 ___HD C:\Program Files\WindowsApps

2019-12-05 17:23 - 2019-03-02 23:54 - 000000000 ____D C:\WINDOWS\AppReadiness

2019-12-04 23:17 - 2019-04-25 20:02 - 000013112 _____ C:\ProgramData\DisplaySessionContainer3.log_backup1

2019-12-03 22:15 - 2019-03-03 00:45 - 000000000 ____D C:\Users\sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

2019-12-01 16:52 - 2019-03-03 00:40 - 000000000 ____D C:\Users\sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc

2019-12-01 16:52 - 2019-03-03 00:40 - 000000000 ____D C:\Users\sam\AppData\Local\SquirrelTemp

2019-12-01 14:03 - 2019-03-19 19:37 - 000000000 ___RD C:\Users\sam\Creative Cloud Files

2019-11-30 22:41 - 2019-03-03 01:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer

2019-11-30 22:39 - 2019-03-03 00:59 - 000000000 ____D C:\Program Files (x86)\Razer Chroma SDK

2019-11-29 22:24 - 2019-04-30 20:10 - 000013451 _____ C:\ProgramData\DisplaySessionContainer7.log_backup1

2019-11-28 13:52 - 2019-04-29 19:25 - 000013513 _____ C:\ProgramData\DisplaySessionContainer6.log_backup1

2019-11-27 16:37 - 2019-04-28 20:06 - 000013108 _____ C:\ProgramData\DisplaySessionContainer5.log_backup1

2019-11-26 22:08 - 2019-04-28 09:53 - 000013046 _____ C:\ProgramData\DisplaySessionContainer4.log_backup1

2019-11-25 21:28 - 2019-03-09 18:07 - 000000000 ____D C:\Users\sam\AppData\Roaming\DS4Windows

2019-11-24 15:56 - 2019-07-18 08:52 - 000002359 _____ C:\Users\sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2019-11-24 15:56 - 2019-03-03 00:37 - 000000000 ___RD C:\Users\sam\OneDrive

2019-11-23 14:00 - 2019-03-10 16:33 - 000000000 ____D C:\Users\sam\AppData\Local\UnrealEngine

2019-11-20 16:24 - 2019-03-03 00:37 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2019-11-20 16:24 - 2019-03-03 00:37 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2019-11-20 16:24 - 2019-03-03 00:37 - 000002262 _____ C:\ProgramData\Desktop\Google Chrome.lnk

2019-11-18 19:59 - 2019-03-03 00:11 - 000310528 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2019-11-16 23:49 - 2019-09-11 16:42 - 000000000 ____D C:\Users\sam\AppData\Local\Battle.net

2019-11-16 22:14 - 2019-11-10 15:47 - 000000000 ____D C:\Users\sam\Desktop\Kendama 1 month clips

2019-11-16 20:20 - 2019-03-03 00:12 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation

2019-11-16 20:12 - 2019-03-03 00:57 - 000001445 _____ C:\Users\Public\Desktop\GeForce Experience.lnk

2019-11-16 20:12 - 2019-03-03 00:57 - 000001445 _____ C:\ProgramData\Desktop\GeForce Experience.lnk

2019-11-16 20:12 - 2019-03-03 00:12 - 000000000 ____D C:\ProgramData\NVIDIA Corporation

2019-11-16 20:11 - 2019-01-04 03:27 - 000000000 ____D C:\Program Files\NVIDIA Corporation

2019-11-16 20:11 - 2019-01-04 03:27 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation

2019-11-16 20:08 - 2019-09-19 15:19 - 000000000 ____D C:\Users\sam\Documents\Call of Duty Modern Warfare

2019-11-16 17:11 - 2019-09-11 16:40 - 000000000 ____D C:\Program Files (x86)\Battle.net

2019-11-16 17:07 - 2019-06-09 12:01 - 000000000 ____D C:\Users\sam\AppData\Local\Ubisoft Game Launcher

==================== Files in the root of some directories ========

2019-12-03 17:02 - 2019-12-03 17:33 - 000015320 _____ () C:\Users\sam\AppData\Local\krita.log

2019-12-03 17:33 - 2019-12-03 17:33 - 000000039 _____ () C:\Users\sam\AppData\Local\kritadisplayrc

2019-12-03 17:02 - 2019-12-03 17:33 - 000016144 _____ () C:\Users\sam\AppData\Local\kritarc

2019-03-19 19:33 - 2019-03-19 19:33 - 000000410 _____ () C:\Users\sam\AppData\Local\oobelibMkey.log

2019-08-24 10:03 - 2019-08-24 10:03 - 000000881 _____ () C:\Users\sam\AppData\Local\recently-used.xbel

2019-06-25 11:03 - 2019-06-25 11:03 - 000000003 _____ () C:\Users\sam\AppData\Local\updater.log

2019-06-25 11:03 - 2019-06-25 11:03 - 000000425 _____ () C:\Users\sam\AppData\Local\UserProducts.xml

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2019

Ran by sam (16-12-2019 20:58:55)

Running from C:\Users\sam\Desktop

Windows 10 Home Version 1809 17763.864 (X64) (2019-03-03 08:28:45)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3762797259-1065414235-235543805-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-3762797259-1065414235-235543805-503 - Limited - Disabled)

Guest (S-1-5-21-3762797259-1065414235-235543805-501 - Limited - Disabled)

sam (S-1-5-21-3762797259-1065414235-235543805-1001 - Administrator - Enabled) => C:\Users\sam

WDAGUtilityAccount (S-1-5-21-3762797259-1065414235-235543805-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {EA21BCE8-A461-99C3-3A0D-4C964E75494E}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {51405D0C-825B-964D-00BD-77E435F203F3}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Action! (HKLM-x32\...\Mirillis Action!) (Version: 3.9.3 - Mirillis)

Adobe After Effects 2019 (HKLM-x32\...\AEFT_16_1_1) (Version: 16.1.1 - Adobe Systems Incorporated)

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.9.0.504 - Adobe Systems Incorporated)

Adobe Photoshop CC 2019 (HKLM-x32\...\PHSP_20_0_4) (Version: 20.0.4 - Adobe Systems Incorporated)

Adobe Photoshop CS6 version 13.0.1 (HKLM-x32\...\{A724DC44-6241-42D3-BA57-778B178ABC17}_is1) (Version: 13.0.1 - Adobe Systems, Inc.)

Adobe Premiere Pro 2019 (HKLM-x32\...\PPRO_13_1_3) (Version: 13.1.3 - Adobe Systems Incorporated)

AlphaConsole version 9.15.4.0 (All users) (HKLM-x32\...\{CCCDBFCF-CD8B-4728-915A-DCB71C1118BE}_is1) (Version: 9.15.4.0 - AlphaConsole)

AlphaConsole version 9.9.14.0 (HKU\S-1-5-21-3762797259-1065414235-235543805-1001\...\{CCCDBFCF-CD8B-4728-915A-DCB71C1118BE}_is1) (Version: 9.9.14.0 - AlphaConsole)

Antares Autotune Evo VST RTAS v6.0.9 (HKLM-x32\...\Antares Autotune Evo VST RTAS_is1) (Version: - )

ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)

Atom (HKU\S-1-5-21-3762797259-1065414235-235543805-1001\...\atom) (Version: 1.40.1 - GitHub Inc.)

Audacity 2.3.0 (HKLM-x32\...\Audacity_is1) (Version: 2.3.0 - Audacity Team)

Badlion Client 2.9.3 (HKLM\...\{1de14785-dd8c-5cd2-aae8-d4a376f81d78}) (Version: 2.9.3 - Badlion)

Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)

Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 1.0.1 - Bitdefender)

Bitdefender Antivirus Free (HKLM\...\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}) (Version: 1.0.16.146 - Bitdefender)

Bitsonic Keyzone Classic 1.0 (HKLM\...\{88888ED7-TBF6-9E32-C2C5-KF14615389C8}_is1) (Version: 1.0 - Bitsonic LP)

Call of Duty Modern Warfare Beta (HKLM-x32\...\Call of Duty Modern Warfare Beta) (Version: - Blizzard Entertainment)

Clownfish Voice Changer (HKLM\...\ClownfishVoiceChanger) (Version: - )

Dell Digital Delivery Service (HKLM-x32\...\{DD47FCB3-5038-40CE-A02A-85F51BA03F37}) (Version: 3.6.1012.0 - Dell Products, LP)

Dell Mobile Connect Drivers (HKLM\...\{04DF02C6-E3D7-4D26-A44C-6F8A2E218D2C}) (Version: 1.3.6844 - Screenovate Technologies Ltd.)

Dell SupportAssist (HKLM\...\{95BD6E30-2B18-4FB0-B5AE-8250E5584831}) (Version: 3.3.3.13 - Dell Inc.)

Dell SupportAssist Remediation (HKLM\...\{03C35F56-A9AD-4B59-B061-B8CE41C4C22B}) (Version: 4.1.0.6830 - Dell Inc.) Hidden

Dell SupportAssist Remediation (HKLM-x32\...\{f4ee83d8-d901-4c1a-b5a2-288427598fe2}) (Version: 4.1.0.6830 - Dell Inc.)

Dell Update - SupportAssist Update Plugin (HKLM\...\{9BEF4D9A-592C-4073-B202-30234347B3DA}) (Version: 4.1.0.6830 - Dell Inc.) Hidden

Dell Update - SupportAssist Update Plugin (HKLM-x32\...\{286db51f-336c-4d5e-b1e2-3fbc3becd693}) (Version: 4.1.0.6830 - Dell Inc.)

Dell Update for Windows 10 (HKLM\...\{70E9F8CC-A23E-4C25-B292-C86C1821587C}) (Version: 3.0.1 - Dell, Inc.)

Discord (HKU\S-1-5-21-3762797259-1065414235-235543805-1001\...\Discord) (Version: 0.0.305 - Discord Inc.)

Epic Games Launcher (HKLM-x32\...\{19BC09B5-F319-4A61-A878-475E7F7054EA}) (Version: 1.1.195.0 - Epic Games, Inc.)

Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden

FACEIT (HKU\S-1-5-21-3762797259-1065414235-235543805-1001\...\FACEITApp) (Version: 1.22.5 - FACEIT Ltd.)

FACEIT AC version 1.0 (HKLM\...\{1419E44C-0EF4-4822-9194-9F1A4D43973D}_is1) (Version: 1.0 - FACEIT LTD)

FL Studio 20 (HKLM-x32\...\FL Studio 20) (Version: - Image-Line)

FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line)

Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )

Gif Your Game 2.1.4 (HKU\S-1-5-21-3762797259-1065414235-235543805-1001\...\d4bdf6df-7a5c-51e4-b6d0-4309a13db14d) (Version: 2.1.4 - Bad Panda, Inc.)

GIMP 2.10.12 (HKU\S-1-5-21-3762797259-1065414235-235543805-1001\...\GIMP-2_is1) (Version: 2.10.12 - The GIMP Team)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.108 - Google LLC)

Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden

HandBrake 1.2.2 (HKLM-x32\...\HandBrake) (Version: 1.2.2 - )

HitFilm Express (HKLM\...\{30792CB5-3EBA-483C-98E3-BF08A3CC6B83}) (Version: 12.3.8815.07201 - FXHOME)

Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)

Intel® Chipset Device Software (HKLM-x32\...\{17408817-d415-4768-a160-ae6d46d6bdb0}) (Version: 10.1.1.44 - Intel® Corporation) Hidden

Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1058 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.7.1.1012 - Intel Corporation)

Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.48.139.0 - Intel Corporation) Hidden

Intel® Trusted Connect Services Client (HKLM-x32\...\{fd62de85-bda9-4280-a95b-fa2f86e0dc58}) (Version: 1.48.139.0 - Intel Corporation) Hidden

Ironsight version 1.0 (HKLM-x32\...\Ironsight_is1) (Version: 1.0 - Aeria Games)

Java 8 Update 211 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180211F0}) (Version: 8.0.2110.12 - Oracle Corporation)

Krita (x64) 4.2.7.1 (HKLM\...\Krita_x64) (Version: 4.2.7.1 - Krita Foundation)

LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )

Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden

Lightshot-5.4.0.35 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.35 - Skillbrains)

LMMS 1.2.0 (HKLM-x32\...\LMMS) (Version: 1.2.0 - LMMS Developers)

LogMeIn Hamachi (HKLM-x32\...\{ECC0FA07-863E-44BC-8B1D-DA22F96E5FB7}) (Version: 2.2.0.633 - LogMeIn, Inc.) Hidden

LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.633 - LogMeIn, Inc.)

MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)

Microsoft OneDrive (HKU\S-1-5-21-3762797259-1065414235-235543805-1001\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)

Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)

Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)

Minecraft Launcher (HKLM-x32\...\{E154B2C8-2F3E-4763-B3D5-E7D34AE39C6B}) (Version: 1.0.0.0 - Mojang)

Mozilla Firefox 68.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 68.0.2 (x64 en-US)) (Version: 68.0.2 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 68.0.2 - Mozilla)

NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)

NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.19 - NVIDIA Corporation) Hidden

NVIDIA GeForce Experience 3.20.1.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.1.57 - NVIDIA Corporation)

NVIDIA Graphics Driver 441.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 441.66 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.38.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.21 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)

Opera Stable 65.0.3467.72 (HKU\S-1-5-21-3762797259-1065414235-235543805-1001\...\Opera 65.0.3467.72) (Version: 65.0.3467.72 - Opera Software)

osu! (HKLM-x32\...\{d79dee71-be57-43f8-8bb6-549e8b3860be}) (Version: latest - ppy Pty Ltd)

PbPLauncher (HKLM-x32\...\{A5FD8264-C689-4FF6-8712-9BCB4E6D231D}) (Version: 1.0.0 - Pixel by Pixel Studios Inc.)

ProtonVPN (HKLM-x32\...\{2F7C9F34-7064-4637-8CCA-A7BA72E88257}) (Version: 1.8.1 - ProtonVPN AG) Hidden

ProtonVPN (HKLM-x32\...\ProtonVPN 1.8.1) (Version: 1.8.1 - ProtonVPN AG)

ProtonVPNTap (HKLM-x32\...\{C23BCE3A-FD25-48BA-948E-2CE94576F983}) (Version: 1.0.1 - ProtonVPN AG)

PvPLounge Launcher (HKLM\...\ad8f9f29-9001-57dc-871c-20ee37a85c88) (Version: 0.1.8 - Digital Ingot, Inc.)

Qualcomm 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{E7086B15-806E-4519-A876-DBA9FDDE9A13}) (Version: 11.0.0.10480 - Qualcomm)

Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 9.6.34.1043 - Razer Inc.)

Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.4.1112.111915 - Razer Inc.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8228 - Realtek Semiconductor Corp.)

Roblox Player for sam (HKU\S-1-5-21-3762797259-1065414235-235543805-1001\...\roblox-player) (Version: - Roblox Corporation)

Roblox Studio for sam (HKU\S-1-5-21-3762797259-1065414235-235543805-1001\...\roblox-studio) (Version: - Roblox Corporation)

Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.4.1 - Rockstar Games)

Search Powered by Yahoo! (HKLM-x32\...\{6DB68576-3D36-54F6-8CB6-24765C36F7F6}) (Version: - )

SmartByte Drivers and Services (HKLM\...\{C4F38455-B9B0-48C7-BC4C-8D4F4A27506E}) (Version: 2.0.613 - Rivet Networks)

SoundBridge (64 bit) (HKU\S-1-5-21-3762797259-1065414235-235543805-1001\...\{22BB2C21-AD40-4159-93C8-496ED8341B63}) (Version: 1.10 - SoundBridge)

Spotify (HKU\S-1-5-21-3762797259-1065414235-235543805-1001\...\Spotify) (Version: 1.1.21.1654.g282a2807 - Spotify AB)

StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

Streamlabs OBS 0.14.1 (HKLM\...\029c4619-0385-5543-9426-46f9987161d9) (Version: 0.14.1 - General Workings, Inc.)

SUPERHOT (HKLM-x32\...\1456141688_is1) (Version: 2.5.0.9 - GOG.com)

TI Connect™ (HKLM-x32\...\{D06BA64C-4447-49B4-B99D-E85BEA9E1035}) (Version: 4.0.0.218 - Texas Instruments Inc.)

Trapcode Suite (HKLM\...\Trapcode Suite v15.1.3) (Version: - Red Giant LLC)

Twitch (HKU\S-1-5-21-3762797259-1065414235-235543805-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 8.0.0 - Twitch Interactive, Inc.)

Uplay (HKLM-x32\...\Uplay) (Version: 73.0 - Ubisoft)

WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)

WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)

Wondershare Helper Compact 2.5.3 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.3 - Wondershare)

Wondershare UniConverter(Build 11.5.1.0) (HKLM-x32\...\UniConverter_is1) (Version: 11.5.1.0 - Wondershare Software)

Packages:

=========

Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.26.7.0_x86__kgqvnymyfvs32 [2019-11-28] (king.com)

Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1652.1.0_x86__kgqvnymyfvs32 [2019-12-02] (king.com)

Cooking Fever -> C:\Program Files\WindowsApps\NORDCURRENT.COOKINGFEVER_7.0.0.2_x86__m9bz608c1b9ra [2019-12-05] (Nordcurrent)

Dell Customer Connect -> C:\Program Files\WindowsApps\DellInc.DellCustomerConnect_5.2.17.0_x64__htrsf667h5kn2 [2019-03-03] (Dell Inc)

Dell Digital Delivery -> C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_4.0.41.0_x64__htrsf667h5kn2 [2019-10-24] (Dell Inc)

Dell Mobile Connect -> C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_2.0.8168.0_x64__0vhbc3ng4wbp0 [2019-05-01] (Screenovate Technologies) [Startup Task]

Dell SupportAssist for PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.3.8.0_x64__htrsf667h5kn2 [2019-09-13] (Dell Inc)

Dell Update -> C:\Program Files\WindowsApps\DellInc.DellUpdate_3.0.160.0_x64__htrsf667h5kn2 [2019-03-03] (Dell Inc)

Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.2.0_x64__xbfy0k16fey96 [2019-10-01] (Dropbox Inc.)

Fitbit Coach -> C:\Program Files\WindowsApps\Fitbit.FitbitCoach_4.4.133.0_x64__6mqt6hf9g46tw [2019-03-03] (Fitbit)

HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_105.1.623.0_x64__v10z8vjag6ke6 [2019-11-15] (HP Inc.)

iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12102.3.43028.0_x64__nzyj5cx40ttqa [2019-10-29] (Apple Inc.) [Startup Task]

LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2019-03-03] (LinkedIn)

Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12228.20276.0_x64__8wekyb3d8bbwe [2019-11-25] (Microsoft Corporation) [MS Ad]

McAfee® Personal Security -> C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.16.0_x64__wafk5atnkzcwy [2019-10-08] (McAfee Inc.)

Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.12228.20332.0_x86__8wekyb3d8bbwe [2019-12-05] (Microsoft Corporation)

Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-03-03] (Microsoft Corporation) [MS Ad]

Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-03-03] (Microsoft Corporation) [MS Ad]

Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.12228.20332.0_x86__8wekyb3d8bbwe [2019-12-05] (Microsoft Corporation)

Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.33.13094.0_x64__8wekyb3d8bbwe [2019-11-13] (Microsoft Corporation) [MS Ad]

Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.12228.20332.0_x86__8wekyb3d8bbwe [2019-12-05] (Microsoft Corporation)

Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12228.20332.0_x86__8wekyb3d8bbwe [2019-12-05] (Microsoft Corporation)

Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.12228.20332.0_x86__8wekyb3d8bbwe [2019-12-05] (Microsoft Corporation)

Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.12228.20332.0_x86__8wekyb3d8bbwe [2019-12-05] (Microsoft Corporation)

Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.11052.0_x64__8wekyb3d8bbwe [2019-11-10] (Microsoft Studios) [MS Ad]

Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.12228.20332.0_x86__8wekyb3d8bbwe [2019-12-05] (Microsoft Corporation)

Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.13.105.0_x64__8wekyb3d8bbwe [2019-11-12] (Microsoft Studios)

MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-09-24] (Microsoft Corporation)

MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.33.13253.0_x64__8wekyb3d8bbwe [2019-11-23] (Microsoft Corporation) [MS Ad]

My Dell -> C:\Program Files\WindowsApps\DellInc.MyDell_1.2.38.0_x64__htrsf667h5kn2 [2019-07-31] (Dell Inc)

Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.95.602.0_x64__mcm4njqhnhss8 [2019-10-24] (Netflix, Inc.)

Phototastic Collage -> C:\Program Files\WindowsApps\ThumbmunkeysLtd.PhototasticCollage_2.2.16.0_x64__nfy108tqq3p12 [2019-09-26] (Thumbmunkeys Ltd) [MS Ad]

Plex -> C:\Program Files\WindowsApps\CAF9E577.Plex_3.2.20.0_x64__aam28m9va5cke [2019-03-03] (Plex)

Sea of Thieves -> C:\Program Files\WindowsApps\Microsoft.SeaofThieves_2.87.8848.2_x64__8wekyb3d8bbwe [2019-11-22] (ms-resource:PublisherDisplayName)

SmartByte -> C:\Program Files\WindowsApps\RivetNetworks.SmartByte_2.5.713.0_x64__rh07ty8m5nkag [2019-04-23] (Rivet Networks LLC)

SoundCloud for Windows (Beta) -> C:\Program Files\WindowsApps\SoundcloudLtd.SoundCloudforWindowsBeta_1.1.36.0_x64__2xc63xn306dnw [2019-06-08] (Soundcloud Ltd.)

Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2019-08-01] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3762797259-1065414235-235543805-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-711CA632D15D} -> [Creative Cloud Files] => C:\Users\sam\Creative Cloud Files [2019-03-19 19:37]

CustomCLSID: HKU\S-1-5-21-3762797259-1065414235-235543805-1001_Classes\CLSID\{B38AEB62-DF93-43DA-91B6-B8E42C8EC580} -> [MEGAsync] => C:\Users\sam\Documents\MEGAsync [2019-11-22 17:57]

CustomCLSID: HKU\S-1-5-21-3762797259-1065414235-235543805-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)

ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\sam\AppData\Local\MEGAsync\ShellExtX64.dll [2019-09-05] (Mega Limited -> )

ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\sam\AppData\Local\MEGAsync\ShellExtX64.dll [2019-09-05] (Mega Limited -> )

ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\sam\AppData\Local\MEGAsync\ShellExtX64.dll [2019-09-05] (Mega Limited -> )

ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )

ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )

ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File

ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File

ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\sam\AppData\Local\MEGAsync\ShellExtX64.dll [2019-09-05] (Mega Limited -> )

ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\sam\AppData\Local\MEGAsync\ShellExtX64.dll [2019-09-05] (Mega Limited -> )

ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\sam\AppData\Local\MEGAsync\ShellExtX64.dll [2019-09-05] (Mega Limited -> )

ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )

ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\sam\AppData\Local\MEGAsync\ShellExtX64.dll [2019-09-05] (Mega Limited -> )

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\sam\AppData\Local\MEGAsync\ShellExtX64.dll [2019-09-05] (Mega Limited -> )

ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\sam\AppData\Local\MEGAsync\ShellExtX64.dll [2019-09-05] (Mega Limited -> )

ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\sam\AppData\Local\MEGAsync\ShellExtX64.dll [2019-09-05] (Mega Limited -> )

ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvddi.inf_amd64_2324095c456594ca\nvshext.dll [2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)

ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )

ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.FICV] => C:\Windows\system32\ficvdec_x64.dll [652288 2013-05-28] () [File not signed]

HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\system32\frapsv64.dll [71680 2013-02-25] (Beepa P/L) [File not signed]

HKLM\...\Drivers32: [VIDC.FICV] => C:\Windows\SysWOW64\ficvdec_x86.dll [641024 2013-05-28] () [File not signed]

HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [65536 2013-02-25] (Beepa P/L) [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2019-12-16 20:17 - 2019-12-16 20:17 - 000218112 _____ () [File not signed] \\?\C:\Users\sam\AppData\Local\Temp\40ff6fa7-3097-44e3-9ce9-6686f593d657.tmp.node

2019-12-16 20:17 - 2019-12-16 20:17 - 000218112 _____ () [File not signed] \\?\C:\Users\sam\AppData\Local\Temp\805982a9-034c-4f7d-b905-854a211858c6.tmp.node

2019-12-16 20:17 - 2019-12-16 20:17 - 000358400 _____ () [File not signed] \\?\C:\Users\sam\AppData\Local\Temp\a1a66c9a-7795-46bc-8c6f-9d2137af649b.tmp.node

2019-12-16 20:18 - 2019-12-16 20:18 - 001065984 _____ () [File not signed] \\?\C:\Users\sam\AppData\Local\Temp\b3fc91e9-95f9-4e37-9626-a19a660d4503.tmp.node

2019-12-16 20:17 - 2019-12-16 20:17 - 000137728 _____ () [File not signed] \\?\C:\Users\sam\AppData\Local\Temp\c028047e-8a5e-4764-8ac2-829275d6d9a5.tmp.node

2019-12-16 20:17 - 2019-12-16 20:17 - 000358400 _____ () [File not signed] \\?\C:\Users\sam\AppData\Local\Temp\d645c9e0-f6ec-46b9-bd0f-5b52b3c389c2.tmp.node

2019-12-16 20:17 - 2019-12-16 20:17 - 000143872 _____ () [File not signed] \\?\C:\Users\sam\AppData\Local\Temp\e294223c-f0cc-4afb-80d1-08ef4e456ea0.tmp.node

2019-11-18 18:25 - 2016-07-21 10:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll

2019-11-18 18:25 - 2017-03-23 09:49 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll

2019-04-08 02:58 - 2019-04-08 02:58 - 000152064 _____ () [File not signed] C:\Program Files (x86)\Proton Technologies\ProtonVPN\Resources\64-bit\SplitTunnel.dll

2019-04-23 23:54 - 2019-04-23 23:54 - 000483328 _____ () [File not signed] C:\Program Files (x86)\Proton Technologies\ProtonVPN\x64\IPFilter.dll

2019-09-30 18:00 - 2019-12-09 15:54 - 001987072 _____ () [File not signed] C:\Users\sam\AppData\Local\Programs\badpanda-react\ffmpeg.dll

2019-09-30 18:00 - 2019-12-09 15:54 - 000117248 _____ () [File not signed] C:\Users\sam\AppData\Local\Programs\badpanda-react\swiftshader\libegl.dll

2019-09-30 18:00 - 2019-12-09 15:54 - 002253312 _____ () [File not signed] C:\Users\sam\AppData\Local\Programs\badpanda-react\swiftshader\libglesv2.dll

2018-04-25 10:28 - 2018-04-25 10:28 - 000100864 _____ (Rivet Networks) [File not signed] C:\Program Files\Rivet Networks\SmartByte\KillerNetworkServicePS.dll

2019-06-25 11:03 - 2017-05-23 11:59 - 000494080 _____ (Skillbrains) [File not signed] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.dll

2019-06-25 11:03 - 2017-05-23 11:59 - 000256000 _____ (Skillbrains) [File not signed] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\uploader.dll

2017-09-13 22:37 - 2017-09-13 22:37 - 000026112 _____ (The Qt Company Ltd) [File not signed] C:\Users\sam\AppData\Local\MEGAsync\imageformats\qgif.dll

2017-09-13 22:42 - 2017-09-13 22:42 - 000033280 _____ (The Qt Company Ltd) [File not signed] C:\Users\sam\AppData\Local\MEGAsync\imageformats\qicns.dll

2017-09-13 22:37 - 2017-09-13 22:37 - 000027648 _____ (The Qt Company Ltd) [File not signed] C:\Users\sam\AppData\Local\MEGAsync\imageformats\qico.dll

2017-09-13 22:37 - 2017-09-13 22:37 - 000245760 _____ (The Qt Company Ltd) [File not signed] C:\Users\sam\AppData\Local\MEGAsync\imageformats\qjpeg.dll

2017-09-13 22:42 - 2017-09-13 22:42 - 000021504 _____ (The Qt Company Ltd) [File not signed] C:\Users\sam\AppData\Local\MEGAsync\imageformats\qsvg.dll

2017-09-13 22:42 - 2017-09-13 22:42 - 000020992 _____ (The Qt Company Ltd) [File not signed] C:\Users\sam\AppData\Local\MEGAsync\imageformats\qtga.dll

2017-09-13 22:42 - 2017-09-13 22:42 - 000316416 _____ (The Qt Company Ltd) [File not signed] C:\Users\sam\AppData\Local\MEGAsync\imageformats\qtiff.dll

2017-09-13 22:42 - 2017-09-13 22:42 - 000019968 _____ (The Qt Company Ltd) [File not signed] C:\Users\sam\AppData\Local\MEGAsync\imageformats\qwbmp.dll

2017-09-13 22:42 - 2017-09-13 22:42 - 000322560 _____ (The Qt Company Ltd) [File not signed] C:\Users\sam\AppData\Local\MEGAsync\imageformats\qwebp.dll

2017-09-13 22:37 - 2017-09-13 22:37 - 001010688 _____ (The Qt Company Ltd) [File not signed] C:\Users\sam\AppData\Local\MEGAsync\platforms\qwindows.dll

2019-11-18 18:25 - 2017-03-23 09:52 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [472]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-09-14 23:31 - 2018-09-14 23:31 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64\compiler;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Razer Chroma SDK\bin;C:\Program Files\Razer Chroma SDK\bin;C:\Program Files (x86)\Razer\ChromaBroadcast\bin;C:\Program Files\Razer\ChromaBroadcast\bin;C:\Program Files (x86)\Intel\Intel® Management Engine Components\iCLS\;C:\Program Files\Intel\Intel® Management Engine Components\iCLS\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Users\sam\AppData\Local\Microsoft\WindowsApps;C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\WindowsApps;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR

HKU\S-1-5-21-3762797259-1065414235-235543805-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\sam\Downloads\Logo-New-York-Giants-Wallpapers.jpg

DNS Servers: 75.75.75.75 - 75.75.76.76

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"

HKLM\...\StartupApproved\Run: => "DellMobileConnectWelcome"

HKLM\...\StartupApproved\Run: => "RTHDVCPL"

HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"

HKLM\...\StartupApproved\Run32: => "RazerCortex"

HKU\S-1-5-21-3762797259-1065414235-235543805-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk"

HKU\S-1-5-21-3762797259-1065414235-235543805-1001\...\StartupApproved\Run: => "Discord"

HKU\S-1-5-21-3762797259-1065414235-235543805-1001\...\StartupApproved\Run: => "OneDrive"

HKU\S-1-5-21-3762797259-1065414235-235543805-1001\...\StartupApproved\Run: => "Synapse3"

HKU\S-1-5-21-3762797259-1065414235-235543805-1001\...\StartupApproved\Run: => "Spotify"

HKU\S-1-5-21-3762797259-1065414235-235543805-1001\...\StartupApproved\Run: => "Steam"

HKU\S-1-5-21-3762797259-1065414235-235543805-1001\...\StartupApproved\Run: => "BakkesMod"

HKU\S-1-5-21-3762797259-1065414235-235543805-1001\...\StartupApproved\Run: => "EpicGamesLauncher"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{463CB25C-954E-4192-8148-F6A605069D7C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16040.10730.20103.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe No File

FirewallRules: [{3CBB3342-BF30-40A3-96B4-ECC2D82ED950}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_1.3.6718.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe No File

FirewallRules: [{2F4E5B21-63AB-4501-9523-B4019596760A}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_1.3.6718.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe No File

FirewallRules: [{9110F57E-2351-46FA-B224-44C056353AA3}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe No File

FirewallRules: [{01778FCD-F116-4644-9236-81BA01ECEC51}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe No File

FirewallRules: [{73101ADF-4E5D-4CC8-A64B-D0DD087FA6E7}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe No File

FirewallRules: [{F603CB82-9A5B-4DDD-8447-D18983ADDACC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)

FirewallRules: [{5090168E-6A34-489B-9933-463D7AE59810}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)

FirewallRules: [{FCCDA176-49B3-4368-8582-EE7C9B621B71}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File

FirewallRules: [{19DC50B6-3465-4CC5-97D5-4D282C693EC8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File

FirewallRules: [{28D3D222-3C35-401A-8DBF-3D559FEDE37A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{53BFE407-CB78-4B60-8AA8-6DB8025E2D12}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{495D980E-8867-4A9B-9708-7C0A3E773162}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe () [File not signed]

FirewallRules: [{76B5C987-6F8C-42A1-BDA3-B20B40FB69FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe () [File not signed]

FirewallRules: [TCP Query User{29FCB897-E677-4BB1-92A9-A6A503992E87}C:\users\sam\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sam\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [UDP Query User{74C2B9D5-2559-4359-9E07-B7A179FFFEB6}C:\users\sam\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sam\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{DA63CAEA-6730-4FE6-9F19-FE13E9AB370C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)

FirewallRules: [{B5BC25A4-2328-4DF7-9B2C-89394D412A6F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)

FirewallRules: [{C716D37F-9560-48AA-8E7E-8A529467E759}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe (Psyonix, Inc) [File not signed]

FirewallRules: [{92108D44-5BA8-49D1-A291-83F8B79341A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe (Psyonix, Inc) [File not signed]

FirewallRules: [{2097F252-E73A-49F9-87A0-9A518F799994}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe () [File not signed]

FirewallRules: [{24D8450D-720A-43C7-AE61-3185CFD934FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe () [File not signed]

FirewallRules: [{4A96E04F-11DB-4892-8D70-0430DE4EB43D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe () [File not signed]

FirewallRules: [{54113CF0-9DB1-42DC-B670-21F04C7B62DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe () [File not signed]

FirewallRules: [{A987F98C-9B40-4BFE-A51B-480A547B245A}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_2.0.8168.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.) [File not signed]

FirewallRules: [{05B4A13A-A3E9-4402-A19B-AFE57F73840E}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_2.0.8168.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.) [File not signed]

FirewallRules: [{FB4BF9FD-07D3-4ABD-B737-44174959E1D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\A Story About My Uncle\Binaries\Win32\ASAMU-Win32-Shipping.exe No File

FirewallRules: [{790AD5C9-72F9-408F-A3B1-55B03F62F129}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\A Story About My Uncle\Binaries\Win32\ASAMU-Win32-Shipping.exe No File

FirewallRules: [{56115CDD-0CFA-4771-8388-62422D522D76}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deceit\bin\win_x64\Deceit.exe No File

FirewallRules: [{6A9BA1EF-C14F-4AB9-A871-B2B7AEE23161}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deceit\bin\win_x64\Deceit.exe No File

FirewallRules: [{8324F641-C9D2-449F-9EDC-35C3E164BB8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ball 3D\Ball 3D.exe () [File not signed]

FirewallRules: [{E6CF99E1-4755-4539-A03F-5E9D7D572E43}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ball 3D\Ball 3D.exe () [File not signed]

FirewallRules: [TCP Query User{C70305B5-21F9-4D74-B889-98D95449C809}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe

FirewallRules: [UDP Query User{52C17D39-CF97-4309-9730-8AFB8D62F065}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe

FirewallRules: [TCP Query User{EDDE347B-C225-4DC8-A3DF-7F4AC7C43C74}C:\program files\java\jre1.8.0_211\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_211\bin\javaw.exe

FirewallRules: [UDP Query User{213D72E2-E3D7-4AE1-A275-C31AC354415F}C:\program files\java\jre1.8.0_211\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_211\bin\javaw.exe

FirewallRules: [TCP Query User{C434EF00-1E5E-4B18-BBF4-85EBE004B902}C:\programdata\badlionclient\jre\bin\javaw.exe] => (Allow) C:\programdata\badlionclient\jre\bin\javaw.exe

FirewallRules: [UDP Query User{23B9FA7A-0A0C-4A1D-89DB-67EB744A95D5}C:\programdata\badlionclient\jre\bin\javaw.exe] => (Allow) C:\programdata\badlionclient\jre\bin\javaw.exe

FirewallRules: [{669DEE32-C8F8-4254-8E6F-0D30206DB42E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SCP022\Hope\Binaries\Win64\Hope.exe No File

FirewallRules: [{01A7121B-A3BD-4846-B8B3-3949EFA91893}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SCP022\Hope\Binaries\Win64\Hope.exe No File

FirewallRules: [TCP Query User{7B6D3407-5523-493F-BB1E-5A0BE3BBFE1A}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe No File

FirewallRules: [UDP Query User{B0558E15-E6C0-4062-A967-59143952ED47}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe No File

FirewallRules: [TCP Query User{104A4CD6-41F1-42A4-9F92-093A65E4FE7C}C:\users\sam\appdata\roaming\.pvplounge\launcher.exe] => (Allow) C:\users\sam\appdata\roaming\.pvplounge\launcher.exe (Digital Ingot, Inc. -> )

FirewallRules: [UDP Query User{52D11923-515D-4751-A2DA-571F0F042859}C:\users\sam\appdata\roaming\.pvplounge\launcher.exe] => (Allow) C:\users\sam\appdata\roaming\.pvplounge\launcher.exe (Digital Ingot, Inc. -> )

FirewallRules: [{70B53957-6700-40AF-BA14-A76BCD8699FC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

FirewallRules: [{E77AC705-0EA5-40AE-989D-959A83998607}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

FirewallRules: [TCP Query User{1E2A241E-3202-4C73-89FD-29FAC2228239}C:\program files (x86)\starcraft ii\versions\base76114\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base76114\sc2_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)

FirewallRules: [UDP Query User{D422E0A0-391A-4CF3-9F28-1CB4BC97AC84}C:\program files (x86)\starcraft ii\versions\base76114\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base76114\sc2_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)

FirewallRules: [{2071EE9F-9F2A-4614-95E7-C5DA8DA3AB41}] => (Block) C:\program files (x86)\starcraft ii\versions\base76114\sc2_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)

FirewallRules: [{90C01C14-6B70-4CEA-8270-A06C9E6B0186}] => (Block) C:\program files (x86)\starcraft ii\versions\base76114\sc2_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)

FirewallRules: [TCP Query User{9AE5808C-B248-490B-B878-91FAB70067BD}C:\users\sam\desktop\new folder (2)\hl.exe] => (Allow) C:\users\sam\desktop\new folder (2)\hl.exe (Valve) [File not signed]

FirewallRules: [UDP Query User{3877D2CA-1801-4C7D-B86A-28EC8E6C1062}C:\users\sam\desktop\new folder (2)\hl.exe] => (Allow) C:\users\sam\desktop\new folder (2)\hl.exe (Valve) [File not signed]

FirewallRules: [{00B3034C-AA93-471B-9D63-E1509EE57DEA}] => (Block) C:\users\sam\desktop\new folder (2)\hl.exe (Valve) [File not signed]

FirewallRules: [{267FC301-41F6-4F00-A489-9178CBCC6C4C}] => (Block) C:\users\sam\desktop\new folder (2)\hl.exe (Valve) [File not signed]

FirewallRules: [TCP Query User{7759C59D-9F9D-4074-A67E-9E3B3B11A070}C:\users\sam\desktop\new folder (2)\hltv.exe] => (Block) C:\users\sam\desktop\new folder (2)\hltv.exe (Valve) [File not signed]

FirewallRules: [UDP Query User{A4F96245-964B-435F-9B04-70C4556BD20C}C:\users\sam\desktop\new folder (2)\hltv.exe] => (Block) C:\users\sam\desktop\new folder (2)\hltv.exe (Valve) [File not signed]

FirewallRules: [TCP Query User{0659F1A1-9B13-4FEC-884A-DF57A2F8E0D8}C:\program files (x86)\call of duty modern warfare beta\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare beta\modernwarfare.exe (Activision Publishing Inc -> Activision)

FirewallRules: [UDP Query User{E4272A67-6105-430E-A9B6-F9B590182C0D}C:\program files (x86)\call of duty modern warfare beta\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare beta\modernwarfare.exe (Activision Publishing Inc -> Activision)

FirewallRules: [{EA859718-A176-496B-99B8-298FC83138EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\scram\scram.exe () [File not signed]

FirewallRules: [{526027C7-B9B5-411F-949E-42F6A3138F95}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\scram\scram.exe () [File not signed]

FirewallRules: [TCP Query User{CF8AB14B-4433-44C6-889C-BA3DB488F872}C:\program files (x86)\steam\steamapps\common\warface\gamecenter\gamecenter.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\warface\gamecenter\gamecenter.exe No File

FirewallRules: [UDP Query User{6EFC9BBC-801A-45B4-BB01-A3F7F3E1F82A}C:\program files (x86)\steam\steamapps\common\warface\gamecenter\gamecenter.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\warface\gamecenter\gamecenter.exe No File

FirewallRules: [TCP Query User{53C95986-9862-481C-8534-CA5BBF77CDC7}C:\program files (x86)\steam\steamapps\common\warface\warface\bin64release\game.exe] => (Block) C:\program files (x86)\steam\steamapps\common\warface\warface\bin64release\game.exe No File

FirewallRules: [UDP Query User{3F740C46-538F-499F-95B1-A5BF9EA467B7}C:\program files (x86)\steam\steamapps\common\warface\warface\bin64release\game.exe] => (Block) C:\program files (x86)\steam\steamapps\common\warface\warface\bin64release\game.exe No File

FirewallRules: [{9E1B2AF9-FB31-4B2D-A28D-94671FA99A99}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fishing Planet\FishingPlanet.exe () [File not signed]

FirewallRules: [{5E953F20-5AC0-4DF0-9566-70948CB8B4F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fishing Planet\FishingPlanet.exe () [File not signed]

FirewallRules: [{F10E5657-1DBF-427E-A8AE-C4D745A5C4FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )

FirewallRules: [{D8DA97BE-1EC1-4B3C-9A73-89F3DA67B14D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )

FirewallRules: [{B3AD3033-73A8-41B8-9225-15BB36527F69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe (Valve -> )

FirewallRules: [{5EFB597A-9C32-4880-84F0-FF7DFF8833C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe (Valve -> )

FirewallRules: [{FDAD0BA6-E47B-4879-B716-70083A39ECDA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe (Psyonix, Inc) [File not signed]

FirewallRules: [{BB81C729-1E47-4117-A24E-8714A2B3B433}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe (Psyonix, Inc) [File not signed]

FirewallRules: [{2594D628-87AF-450A-B9E5-DE2564E90550}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PickCrafter\PickCrafter\PickCrafter.exe () [File not signed]

FirewallRules: [{70E7B84A-2FA4-4E73-8E43-AD20F1E461EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PickCrafter\PickCrafter\PickCrafter.exe () [File not signed]

FirewallRules: [{F29FD2F5-5150-4DDF-BCD8-E37FE757DC88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Real Pool 3D\Poolians.exe () [File not signed]

FirewallRules: [{F96F50F3-F30A-4917-89D9-411A07680C51}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Real Pool 3D\Poolians.exe () [File not signed]

FirewallRules: [TCP Query User{98A528C4-F1CF-4697-AB9F-169F03B72D50}C:\users\sam\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sam\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [UDP Query User{149EF81B-E616-4408-92AC-5B41485FC733}C:\users\sam\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sam\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{299B843E-FC05-4E27-8A43-818CB5A86C43}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12102.3.43028.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{47927953-D882-4B13-8B0A-64510E974B7F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12102.3.43028.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{E5344634-684D-4D35-9F70-D7D38CCD48AF}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12102.3.43028.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{DA162BE0-835D-468B-AB1C-57F7FC703F6B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12102.3.43028.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{79C58F57-9DB1-43E3-AB53-358612C627DE}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12102.3.43028.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{619A317F-8FD4-4AA6-AD74-D8A50A1D8DF6}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12102.3.43028.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{060C9F1A-3EEA-491E-B6CC-B506D6199ED1}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12102.3.43028.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{816B64BD-AB49-4C0D-A4EC-516BD7DB6A26}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12102.3.43028.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{7507AF71-377C-4E46-8AB9-0C1FD08192F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe () [File not signed]

FirewallRules: [{27893103-D1BA-4A37-8D02-8B0CF59179D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe () [File not signed]

FirewallRules: [{7B516515-4280-4367-BAFA-310625103101}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{57C904E1-92B5-49E3-8710-F496ADABF647}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{D457D773-1483-4B96-946F-4CBF5E62ACEE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{1A775A99-58E3-4C75-B11E-DFCA43493688}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [TCP Query User{7779369A-CA6B-402D-AAD5-402FD5B3BCAC}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Block) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe (Activision Publishing Inc -> Activision)

FirewallRules: [UDP Query User{6073776B-E4E8-44B5-8B6F-0CA88040098C}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Block) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe (Activision Publishing Inc -> Activision)

FirewallRules: [{65A0294B-FF6F-432E-A4AD-0A1D45AB2AE9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

FirewallRules: [{771FEF6A-441F-4B72-A4AF-3C17EB01373B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Downtown Casino Poker\dtcpoker_win.exe () [File not signed]

FirewallRules: [{7572788F-2C8D-4256-BE0C-7C90F0700883}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Downtown Casino Poker\dtcpoker_win.exe () [File not signed]

FirewallRules: [{9AC15B14-310E-4E00-9C8B-F078257519BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prominence Poker\Prominence\Binaries\Win64\Prominence-Win64-Shipping.exe (505 Games) [File not signed]

FirewallRules: [{8E7E9A6A-C9CE-4BBC-B02A-FF2DA9AF38FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prominence Poker\Prominence\Binaries\Win64\Prominence-Win64-Shipping.exe (505 Games) [File not signed]

FirewallRules: [{8CDBC848-C76E-48A2-A679-77AFEA0C6827}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PickCrafter\PickCrafter\PickCrafter.exe () [File not signed]

FirewallRules: [{8FD6D27E-1C97-44A1-A55C-3A0820DF29AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PickCrafter\PickCrafter\PickCrafter.exe () [File not signed]

FirewallRules: [{85245014-A20D-4716-8ACC-585C7682F4D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hand Simulator\Hand Simulator.exe () [File not signed]

FirewallRules: [{1E4E99CD-666D-48AF-92CD-4C0919C206C7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hand Simulator\Hand Simulator.exe () [File not signed]

FirewallRules: [{E636A024-D7BE-4872-A5A5-37D9FDD36953}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe (Valve -> )

FirewallRules: [{66198E1C-A573-4422-A829-E5F9F4265132}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe (Valve -> )

FirewallRules: [{FB84DB28-7676-4789-A8E5-4A07DD3BBD68}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12228.20332.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{7E249E7C-29BD-4914-9805-12079EC6A418}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe (Valve -> )

FirewallRules: [{7C913416-14D7-453E-8519-F6771C612A63}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe (Valve -> )

FirewallRules: [{C2BA280F-E0E4-42EC-98D5-ED57FF80EFEF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe (Psyonix, Inc) [File not signed]

FirewallRules: [{45F504CC-66B2-4224-A683-53EF94B6655D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe (Psyonix, Inc) [File not signed]

==================== Restore Points =========================

==================== Faulty Device Manager Devices ============

Name: LogMeIn Hamachi Virtual Ethernet Adapter

Description: LogMeIn Hamachi Virtual Ethernet Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: LogMeIn Inc.

Service: Hamachi

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Kaspersky Security Data Escort Adapter

Description: Kaspersky Security Data Escort Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Kaspersky Security Data Escort Provider

Service: kltap

Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)

Resolution: A registry problem was detected.

This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

==================== Event log errors: ========================

Application errors:

==================

Error: (12/16/2019 08:16:09 PM) (Source: SmartByte Network Service) (EventID: 16) (User: )

Description: Event-ID 16

Error: (12/16/2019 08:16:09 PM) (Source: SmartByte Network Service) (EventID: 16) (User: )

Description: Event-ID 16

Error: (12/16/2019 08:16:09 PM) (Source: SmartByte Network Service) (EventID: 16) (User: )

Description: Event-ID 16

Error: (12/16/2019 08:16:09 PM) (Source: SmartByte Network Service) (EventID: 16) (User: )

Description: Event-ID 16

Error: (12/16/2019 08:16:09 PM) (Source: SmartByte Network Service) (EventID: 16) (User: )

Description: Event-ID 16

Error: (12/16/2019 08:16:09 PM) (Source: SmartByte Network Service) (EventID: 16) (User: )

Description: Event-ID 16

Error: (12/16/2019 08:06:45 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program Gif Your Game.exe version 2.1.4.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 196c

Start Time: 01d5b48f07c6614a

Termination Time: 4294967295

Application Path: C:\Users\sam\AppData\Local\Programs\badpanda-react\Gif Your Game.exe

Report Id: d4997f4b-0d99-41b8-9b74-c1e8fb161829

Faulting package full name:

Faulting package-relative application ID:

Hang type: Top level window is idle

Error: (12/16/2019 08:02:43 PM) (Source: SmartByte Network Service) (EventID: 16) (User: )

Description: Event-ID 16

System errors:

=============

Error: (12/16/2019 09:03:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The wuauserv service terminated with the following error:

The system cannot find the file specified.

Error: (12/16/2019 09:01:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}

and APPID

{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/16/2019 09:01:36 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)

Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (12/16/2019 08:59:36 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The wuauserv service terminated with the following error:

The system cannot find the file specified.

Error: (12/16/2019 08:59:36 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-DHQVSUB)

Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (12/16/2019 08:57:36 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The wuauserv service terminated with the following error:

The system cannot find the file specified.

Error: (12/16/2019 08:57:36 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)

Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (12/16/2019 08:55:36 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The wuauserv service terminated with the following error:

The system cannot find the file specified.

Windows Defender:

===================================

Date: 2019-12-03 16:20:58.812

Description:

Windows Defender Antivirus scan has been stopped before completion.

Scan ID: {6106915B-BC0A-484D-92A8-BFFFE5F0F1F8}

Scan Type: Antimalware

Scan Parameters: Quick Scan

Date: 2019-12-03 16:16:01.521

Description:

Windows Defender Antivirus scan has been stopped before completion.

Scan ID: {521FE192-4370-4EF1-B16D-31AB297CE3C3}

Scan Type: Antimalware

Scan Parameters: Quick Scan

Date: 2019-12-02 19:06:31.214

Description:

Windows Defender Antivirus scan has been stopped before completion.

Scan ID: {41E6DD71-F075-4BB1-B33C-BDD9CC8F1DFE}

Scan Type: Antimalware

Scan Parameters: Quick Scan

Date: 2019-12-02 18:08:32.542

Description:

Windows Defender Antivirus scan has been stopped before completion.

Scan ID: {3246382B-B850-47B9-93F6-159D268A66BE}

Scan Type: Antimalware

Scan Parameters: Quick Scan

Date: 2019-12-02 16:07:12.809

Description:

Windows Defender Antivirus scan has been stopped before completion.

Scan ID: {E9349FE9-6E2C-4E00-AC93-8E1171BA9886}

Scan Type: Antimalware

Scan Parameters: Quick Scan

Date: 2019-11-06 16:17:08.834

Description:

Windows Defender Antivirus has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.305.1417.0

Update Source: Microsoft Update Server

Signature Type: AntiVirus

Update Type: Full

Current Engine Version:

Previous Engine Version: 1.1.16500.1

Error code: 0x80240438

Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-10-29 16:03:27.058

Description:

Windows Defender Antivirus has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.305.871.0

Update Source: Microsoft Update Server

Signature Type: AntiVirus

Update Type: Full

Current Engine Version:

Previous Engine Version: 1.1.16500.1

Error code: 0x80240016

Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-10-22 18:19:53.655

Description:

Windows Defender Antivirus has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.305.416.0

Update Source: Microsoft Update Server

Signature Type: AntiVirus

Update Type: Full

Current Engine Version:

Previous Engine Version: 1.1.16500.1

Error code: 0x80240016

Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:

===================================

Date: 2019-12-16 19:33:22.910

Description:

Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Segurazo\SInspector.dll that did not meet the Microsoft signing level requirements.

Date: 2019-12-16 19:25:55.262

Description:

Date: 2019-12-16 19:18:38.171

Description:

Date: 2019-12-16 19:10:48.659

Description:

Date: 2019-12-16 19:02:27.770

Description:

Date: 2019-12-16 18:54:15.165

Description:

Date: 2019-12-16 18:46:03.531

Description:

Date: 2019-12-16 18:37:42.125

Description:

==================== Memory info ===========================

BIOS: Dell Inc. 1.3.2 07/18/2018

Motherboard: Dell Inc. 0PXWHK

Processor: Intel® Core™ i5-8400 CPU @ 2.80GHz

Percentage of memory in use: 67%

Total physical RAM: 8078.64 MB

Available physical RAM: 2608.89 MB

Total Virtual: 19342.64 MB

Available Virtual: 11041.36 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:916.68 GB) (Free:203.84 GB) NTFS

Drive d: (JAQUISSE) (Removable) (Total:7.45 GB) (Free:7.3 GB) FAT32

\\?\Volume{eaa67931-51ed-46e8-85f5-c5816993e514}\ (WINRETOOLS) (Fixed) (Total:0.97 GB) (Free:0.52 GB) NTFS

\\?\Volume{71654026-b739-4068-8a8d-15e0866211d3}\ (Image) (Fixed) (Total:11.98 GB) (Free:0.16 GB) NTFS

\\?\Volume{2721d5d5-cf0b-4966-899c-70e441d83060}\ (DELLSUPPORT) (Fixed) (Total:1.12 GB) (Free:0.44 GB) NTFS

\\?\Volume{f0b5d685-8311-49f5-8284-714ad87218e9}\ (ESP) (Fixed) (Total:0.63 GB) (Free:0.56 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================

Disk: 0 (Size: 931.5 GB) (Disk ID: A488730F)

Partition: GPT.

==========================================================

Disk: 1 (Size: 7.5 GB) (Disk ID: 8B51E992)

Partition 1: (Not Active) - (Size=7.5 GB) - (Type=0B)

==================== End of Addition.txt =======================

#2
iMacg3

Posted 17 December 2019 - 10:26 AM

GeekU PowerPC G3

GeekU Moderator
1,921 posts

Welcome.

Please give me some time to go over your logs and I will get back to you as soon as possible.

#3
iMacg3

Posted 19 December 2019 - 10:08 PM

GeekU PowerPC G3

GeekU Moderator
1,921 posts

Hi Soggyyy, welcome to the Geeks to Go malware removal forum.

I am iMacg3 and will be helping you with your computer problems.

Please keep the following information in mind before we begin:

Back up any important data before we continue.
- Back up any important data on your computer to external media. I will not knowingly suggest any steps that will damage your computer; however, malware infections are often unpredictable and it may be necessary to reformat and reinstall your operating system depending on the infection.
Do not install any new software or run any fixes/tools on your system unless I request that you do so.
- Running additional tools on your system can interfere with the clean-up process, or cause issues such as false positives.
Please read all instructions carefully, and complete them in the order listed.
- Items that are especially important will be highlighted in bold or red.
If your computer seems to start working normally, please don't abandon the topic.
- Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
If you have pirated or illegal software on your computer, uninstall it now before proceeding.
- Using pirated/cracked software is an easy way to infect your computer - almost as easy as intentionally downloading malware. Therefore, please remove any, if present, before we begin the clean-up.
If you don't respond to your topic in 4 days, it will be closed.
- If your topic is closed and you still need assistance, send me a Personal Message with a link to your topic.
If you have questions at any time during the cleanup, feel free to ask.

---------------------------------------------------

Do you recognize the following registry entries?

HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1

---------------------------------------------------
McAfee Removal Tool

Download MCPR (McAfee Consumer Product Removal Tool) and save it to your desktop

Right-click MCPR.exe and click Run as Administrator.
At the "McAfee Software Removal" window, click Next.
Accept the license agreement.
Complete the "Security Validation" question and click Next.
You will receive a message that the removal of McAfee products is complete.
Restart the computer.

---------------------------------------------------

Download and run the Avast Uninstall Utility.

---------------------------------------------------
Uninstall a Program

Press the Windows Key + R.
Type appwiz.cpl in the Run box and click OK.
The Add/Remove Programs list will open. Locate the following program(s) on the list:
Search Powered by Yahoo!
Select the above program(s) and click Uninstall.
Restart the computer if prompted.

---------------------------------------------------
Uninstall Chrome Extension(s)

Open Google Chrome. Type chrome://extensions in the address bar and press Enter.
Click the trash can icon next to the following extension(s):
Search Manager
A confirmation dialog will appear. Click Remove.

---------------------------------------------------
Farbar Recovery Scan Tool - Fix

Highlight the contents of the below code box and press Ctrl + C on your keyboard:

Start::
CreateRestorePoint:
CloseProcesses:
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
Task: {6BCB0B97-9E66-458B-AC66-7AA71622445D} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3762797259-1065414235-235543805-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_fjnhltxzm_19_50_ssg00&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzz0C0E0CyE0Bzy0ByBtAtAzyzzyBzzzytN0D0Tzu0StBzytDtCtN1L2XzuyEtFyDyBtFtDtFtCtDzytN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyDzytC0BtAtD0EtAtGtBzyzy0BtGyDzyyB0EtGtByD0AtAtGzy0CzytBtCyDzzyD0D0A0D0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy1PtA1R1QzzyEzztGyC1TyCyBtGyE1O1Q1RtG1TtAyB1StG1SzzyEtAyBtC1RyC1PzzyBzy2QtN0A0LzutBtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyByCtCtDyDyEzyzy%26cr%3D555724871%26a%3Dwsg_fjnhltxzm_19_50_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
SearchScopes: HKU\S-1-5-21-3762797259-1065414235-235543805-1001 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_fjnhltxzm_19_50_ssg00&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzz0C0E0CyE0Bzy0ByBtAtAzyzzyBzzzytN0D0Tzu0StBzytDtCtN1L2XzuyEtFyDyBtFtDtFtCtDzytN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyDzytC0BtAtD0EtAtGtBzyzy0BtGyDzyyB0EtGtByD0AtAtGzy0CzytBtCyDzzyD0D0A0D0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy1PtA1R1QzzyEzztGyC1TyCyBtGyE1O1Q1RtG1TtAyB1StG1SzzyEtAyBtC1RyC1PzzyBzy2QtN0A0LzutBtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyByCtCtDyDyEzyzy%26cr%3D555724871%26a%3Dwsg_fjnhltxzm_19_50_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3762797259-1065414235-235543805-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_fjnhltxzm_19_50_ssg00&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzz0C0E0CyE0Bzy0ByBtAtAzyzzyBzzzytN0D0Tzu0StBzytDtCtN1L2XzuyEtFyDyBtFtDtFtCtDzytN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyDzytC0BtAtD0EtAtGtBzyzy0BtGyDzyyB0EtGtByD0AtAtGzy0CzytBtCyDzzyD0D0A0D0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy1PtA1R1QzzyEzztGyC1TyCyBtGyE1O1Q1RtG1TtAyB1StG1SzzyEtAyBtC1RyC1PzzyBzy2QtN0A0LzutBtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyByCtCtDyDyEzyzy%26cr%3D555724871%26a%3Dwsg_fjnhltxzm_19_50_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3762797259-1065414235-235543805-1001 -> {D096DFE0-4A88-4155-AEB6-DECED1988D66} URL = 
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
FF Extension: (Search Manager) - C:\Users\sam\AppData\Roaming\Mozilla\Firefox\Profiles\uafj1ahb.default-release\Extensions\{24436206-088d-4a1a-8d0e-cf93ca7a2d23}.xpi [2019-12-11] [UpdateUrl:hxxps://qupotomu.com/update?x=restype=ffjson]
CHR DefaultSearchURL: Default -> hxxp://srchbar.com/?q={searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Notifications: Default -> hxxps://vvb6.mentprocester.info
CHR HKLM\...\Chrome\Extension: [bhoagceacaklimpcejjofabngcjkebfg]
CHR HKLM\...\Chrome\Extension: [nccfgpamboionigdpfjmijhlgmgdbael]
CHR HKU\S-1-5-21-3762797259-1065414235-235543805-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bhoagceacaklimpcejjofabngcjkebfg]
CHR HKU\S-1-5-21-3762797259-1065414235-235543805-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nccfgpamboionigdpfjmijhlgmgdbael]
CHR HKLM-x32\...\Chrome\Extension: [bhoagceacaklimpcejjofabngcjkebfg]
CHR HKLM-x32\...\Chrome\Extension: [nccfgpamboionigdpfjmijhlgmgdbael]
2019-12-11 15:19 - 2019-12-11 15:19 - 000000000 ___HD C:\$AV_AVG
2019-12-11 15:15 - 2019-12-11 15:19 - 000000000 ____D C:\Program Files (x86)\PremierOpinion
2019-12-11 15:09 - 2019-12-13 18:43 - 000000000 ____D C:\Users\sam\AppData\Local\AVG
2019-12-11 15:05 - 2019-12-11 15:12 - 000000000 ____D C:\Users\sam\AppData\Local\22a66be3f8029028
2019-12-11 15:05 - 2019-12-11 15:06 - 000000000 ____D C:\ProgramData\{DF03E33F-F72B-9B47-AF73-B36F479B6BB7}
2019-12-11 15:05 - 2019-12-11 15:05 - 000001359 _____ C:\Users\sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HowToRemove.lnk
2019-12-11 15:05 - 2019-12-11 15:05 - 000000000 ____D C:\Users\sam\AppData\Local\{D923EF7F-FD8B-83C7-9013-A62FB47B5AB7}
2019-12-11 15:04 - 2019-12-16 20:19 - 000000000 ____D C:\Program Files (x86)\Segurazo
2019-12-11 15:04 - 2019-12-13 18:43 - 000000000 ____D C:\ProgramData\AVG
2019-12-11 15:04 - 2019-12-11 15:04 - 003055328 _____ (Pokibagel ) C:\Users\sam\Downloads\SpotifyFullSetup_0886379966.exe
2019-12-09 21:00 - 2019-12-09 21:00 - 000000024 _____ C:\WINDOWS\system32\WinUpdates105.dat
2019-12-09 21:00 - 2019-12-09 21:00 - 000000003 _____ C:\WINDOWS\system32\wdbcache.tmp
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [472]
FirewallRules: [{463CB25C-954E-4192-8148-F6A605069D7C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16040.10730.20103.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe No File
FirewallRules: [{3CBB3342-BF30-40A3-96B4-ECC2D82ED950}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_1.3.6718.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe No File
FirewallRules: [{2F4E5B21-63AB-4501-9523-B4019596760A}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_1.3.6718.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe No File
FirewallRules: [{9110F57E-2351-46FA-B224-44C056353AA3}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe No File
FirewallRules: [{01778FCD-F116-4644-9236-81BA01ECEC51}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{73101ADF-4E5D-4CC8-A64B-D0DD087FA6E7}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{FCCDA176-49B3-4368-8582-EE7C9B621B71}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{19DC50B6-3465-4CC5-97D5-4D282C693EC8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{FB4BF9FD-07D3-4ABD-B737-44174959E1D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\A Story About My Uncle\Binaries\Win32\ASAMU-Win32-Shipping.exe No File
FirewallRules: [{790AD5C9-72F9-408F-A3B1-55B03F62F129}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\A Story About My Uncle\Binaries\Win32\ASAMU-Win32-Shipping.exe No File
FirewallRules: [{56115CDD-0CFA-4771-8388-62422D522D76}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deceit\bin\win_x64\Deceit.exe No File
FirewallRules: [{6A9BA1EF-C14F-4AB9-A871-B2B7AEE23161}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deceit\bin\win_x64\Deceit.exe No File
FirewallRules: [{669DEE32-C8F8-4254-8E6F-0D30206DB42E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SCP022\Hope\Binaries\Win64\Hope.exe No File
FirewallRules: [{01A7121B-A3BD-4846-B8B3-3949EFA91893}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SCP022\Hope\Binaries\Win64\Hope.exe No File
FirewallRules: [TCP Query User{7B6D3407-5523-493F-BB1E-5A0BE3BBFE1A}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe No File
FirewallRules: [UDP Query User{B0558E15-E6C0-4062-A967-59143952ED47}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe No File
FirewallRules: [TCP Query User{CF8AB14B-4433-44C6-889C-BA3DB488F872}C:\program files (x86)\steam\steamapps\common\warface\gamecenter\gamecenter.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\warface\gamecenter\gamecenter.exe No File
FirewallRules: [UDP Query User{6EFC9BBC-801A-45B4-BB01-A3F7F3E1F82A}C:\program files (x86)\steam\steamapps\common\warface\gamecenter\gamecenter.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\warface\gamecenter\gamecenter.exe No File
FirewallRules: [TCP Query User{53C95986-9862-481C-8534-CA5BBF77CDC7}C:\program files (x86)\steam\steamapps\common\warface\warface\bin64release\game.exe] => (Block) C:\program files (x86)\steam\steamapps\common\warface\warface\bin64release\game.exe No File
FirewallRules: [UDP Query User{3F740C46-538F-499F-95B1-A5BF9EA467B7}C:\program files (x86)\steam\steamapps\common\warface\warface\bin64release\game.exe] => (Block) C:\program files (x86)\steam\steamapps\common\warface\warface\bin64release\game.exe No File
Folder: C:\ProgramData\GraphicsType
Folder: C:\Users\sam\AppData\Roaming\TransferSupport
VirusTotal: C:\WINDOWS\System32\mracsvc.exe;C:\WINDOWS\System32\drivers\mracdrv.sys;C:\WINDOWS\system32\7B296FC0-376B-497d-B013-58F4D9633A22-5P-1.B5841A4C-A289-439d-8115-50AB69CD450
EmptyTemp:
End::

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Double-click FRST.exe/FRST64.exe to run it.
Press the Fix button just once and wait.
Note: No need to paste the script into FRST.
Restart the computer if prompted.
When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
Please copy and paste its contents into your reply.

---------------------------------------------------
Farbar Service Scanner

Download Farbar Service Scanner and save it to your desktop.

Right-click FSS.exe and select Run as Administrator.

Check the following boxes:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

---------------------------------------------------

In your next reply, please include:

Fixlog.txt
FSS.txt
Let me know if the issue persists.

#4
Soggyyy

Posted 20 December 2019 - 02:59 PM

Member

Topic Starter
Member
14 posts

It said that I did not have permission to download Farbar Service Scanner, I tried many different things but could not get it to work, all I could get was the fixlog

FixLog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-12-2019

Ran by sam (20-12-2019 11:32:18) Run:1

Running from C:\Users\sam\Desktop

Loaded Profiles: sam (Available Profiles: sam)

Boot Mode: Normal

==============================================

fixlist content:

*****************

CreateRestorePoint:

CloseProcesses: