Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Problem starting StartupCheckLibrary.dll

Started by Mingo_TTV , Nov 18 2020 02:04 AM

Please log in to reply

#1
Mingo_TTV

Posted 18 November 2020 - 02:04 AM

Member

Member
17 posts

Afternoon. I've recently run into a couple issues on startup when using my built PC. For around a month, I've received a popup box on startup saying "There was a problem starting StartupCheckLibrary.dll" and "The specified module could not be found". Otherwise there haven't been any issues until early this week.

My 2 most recent startups have had a new issue. I am first brought to my log-in screen as per normal. Then, once I have entered my password and brought to my desktop, both monitors flicker black rapidly and the previously mentioned pop-up box opens. I am unable to click on anything in the flashing taskbar or bring up the start menu with the windows key. I am able hit ctrl+alt+delete and am brought to that screen without issue or flickering. I can then bring up the task manager and use that, however the desktop behind it continues to flicker. This goes on for about 2 minutes until finally my desktop background loads and then I am able to use my PC as per normal until the next reboot.

I have attached both logs as when pasted, the post was too long to submit.

Attached Files

FRST.txt 383.6KB 199 downloads
Addition.txt 74.76KB 9397 downloads

#2
DR M

Posted 18 November 2020 - 03:10 AM

The Grecian Geek

Malware Removal
4,096 posts

Hi, Mingo_TTV.

Welcome to Geeks to Go Forums.

I will be assisting you with your computer's issues. I am still in training and my fixes have to be approved by my instructor, so there may be a slight delay in my replies. Look at it as a good thing though, since you will have two people looking at your problem.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting! Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Please, copy all the content of the required logs and paste it inside your post. Do not attach any log or other file, unless directed otherwise.

4. If your computer seems to start working normally, please don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within four days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.

========================================================

I am currently reviewing your logs and will be back to you as soon as I can.

#3
Mingo_TTV

Posted 18 November 2020 - 03:24 AM

Member

Topic Starter
Member
17 posts

Thanks for looking into this for me DR M

#4
DR M

Posted 19 November 2020 - 07:21 AM

The Grecian Geek

Malware Removal
4,096 posts

Hi, Mingo_TTV.

These are my comments/instructions regarding your logs:

1. Hosts file

You are using a method to bypass activation of some programs. Therefore, the specific programs are pirated. Using pirated/cracked software is an easy way to infect your computer - almost as easy as intentionally downloading malware. If you don't remove them, have in mind that my instructions will ask you to remove the method you use, and your programs may stop working properly.

2. P2P programs

You have μTorrent and uTorrent installed in your computer. These are P2P programs. P2P programs form a direct conduit on to a computer. They have always been a target of malware writers and are increasingly so of late. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program. If you don't uninstall it, your computer will probably get infected again, as soon as you use it again. But it is your computer and of course your decision.

If you decide to keep them, DON'T use them during the cleaning procedure.
If you decide to uninstall them, then do the following:

Uninstall P2P programs

Press the Windows Key + R.
Type appwiz.cpl in the Run box and click OK.
The Add/Remove Programs list will open. Locate the following programs on the list:

µTorrent 
uTorrent Web

Select the above programs, one at a time, and click Uninstall.
Restart the computer.

3. Notifications

Did you intentionally enable notifications from the following sites?

www.cashrewards.com.au;
hxxps://www.guilded.gg

4. Web Companion

Did you intentionally installe Web Companion (Lavasoft)? It is supposed to be a legitimate program, but it also may have been bundled with a third party software, and has to be uninstalled. If you decide to uninstall it, please do that using the instructions in step 2 above.

5. FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.

Start::
CreateRestorePoint:
CloseProcesses:
Task: {EBA86AD4-FC9A-4961-B8F6-50811DB3689F} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION
FF Homepage: Mozilla\Firefox\Profiles\a559bv13.default -> hxxps://searchdefault.co/homepage?hp=1&bitmask=9996&pId=BT171001&iDate=2019-12-25 10:02:22&bName=
FF NewTab: Mozilla\Firefox\Profiles\a559bv13.default -> hxxps://searchdefault.co/homepage?hp=1&bitmask=9996&pId=BT171001&iDate=2019-12-25 10:02:22&bName=
FF Homepage: Mozilla\Firefox\Profiles\w11yp6xr.default-release -> hxxps://searchdefault.co/homepage?hp=1&bitmask=9996&pId=BT171001&iDate=2019-12-25 10:02:22&bName=
FF NewTab: Mozilla\Firefox\Profiles\w11yp6xr.default-release -> hxxps://searchdefault.co/homepage?hp=1&bitmask=9996&pId=BT171001&iDate=2019-12-25 10:02:22&bName=
EmptyTemp:
End::

Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
Press the Fix button once and wait.
FRST will process fixlist.txt
When finished, it will produce a log fixlog.txt on your Desktop.
Please post the log in your next reply.

6. Search with FRST

Double-click FRST.exe/FRST64.exe to run it.
Copy and paste the following into the Search: box:
```
StartupCheckLibrary.dll
```
Press the Search Files button.
When complete, FRST will generate a log, named Search.txt, in the same location it was run from.
Please copy and paste its contents into your reply.

7. Fresh FRST logs

Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
Press Scan button and wait for a while.
The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
Please copy and paste the content of these two logs in your next reply.

In your next reply please post:

Your reply about Notifications and Web Companion.
The fixlog.txt
The Search.txt
The new FRST.txt and Addition.txt

#5
DR M

Posted 21 November 2020 - 03:34 AM

The Grecian Geek

Malware Removal
4,096 posts

Hi, Mingo_TTV.

Do you need any help regarding the above?

#6
Mingo_TTV

Posted 21 November 2020 - 05:19 AM

Member

Topic Starter
Member
17 posts

Hi DR M

Thank you so much for all of the help so far with this one.

In regards to the notifications, yes, I have manually approved both of those sites but can appreciate the concern. As for the Web Companion, no, I don't ever recall installing it so I have uninstalled it as per your instructions.

Since running the Fix I have restarted my PC once and it is still flickering for around 2 minutes before becoming good again. However, the startup .dll doesn't display as missing on startup which is good.

I have attached the requested logs again as it said my post was too long when pasting it in the post.

Attached Files

Fixlog.txt 2.64KB 204 downloads
FRST.txt 381.99KB 206 downloads
Addition.txt 79.92KB 2579 downloads
Search.txt 252bytes 188 downloads

#7
DR M

Posted 21 November 2020 - 06:00 AM

The Grecian Geek

Malware Removal
4,096 posts

Hi, Mingo_TTV.

Thank you for the logs.

We are first going to deal with the infections and then with everything else.

I will be back.

#8
DR M

Posted 22 November 2020 - 04:19 PM

The Grecian Geek

Malware Removal
4,096 posts

Hi, Mingo_TTV.

I apologize for the delay.

Please, proceed with the following:

1. FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.

Start::
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\Run: [utweb] => "C:\Users\origi\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED
HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
GroupPolicy: Restriction ? <==== ATTENTION
FF NewTab: Mozilla\Firefox\Profiles\a559bv13.default -> hxxps://searchdefault.co/homepage?hp=1&bitmask=9996&pId=BT171001&iDate=2019-12-25 10:02:22&bName=
FF SearchPlugin: C:\Users\origi\AppData\Roaming\Mozilla\Firefox\Profiles\a559bv13.default\searchplugins\bing-lavasoft-ff59.xml [2020-11-11]
FF SearchPlugin: C:\Users\origi\AppData\Roaming\Mozilla\Firefox\Profiles\w11yp6xr.default-release\searchplugins\bing-lavasoft-ff59.xml [2020-11-11]
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
C:\Program Files (x86)\Lavasoft
Hosts:
EmptyTemp:
End::

Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
Press the Fix button once and wait.
FRST will process fixlist.txt
When finished, it will produce a log fixlog.txt on your Desktop.
Please post the log in your next reply.

2. Run AdwCleaner

Download AdwCleaner and save it to your desktop.

Double click AdwCleaner.exe to run it.
Click Scan Now.
- When the scan has finished, a Scan Results window will open.
- Click Cancel (at this point do not attempt to Quarantine anything that is found)
Now click the Log Files tab.
- Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
- A Notepad file will open containing the results of the scan.
- Please post the contents of the file in your next reply.

3. Run Malwarebytes

Download Malwarebytes and save it to your Desktop.
Once downloaded, close all programs and Windows on your computer.
Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
Follow the instructions to install the program.
When finished, double click the program's icon created on your Desktop.

Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:

Under the title Scan Options, all the options are checked.Under the title Windows Security Center (Premium only) is unchecked.Under the title Potentially unwanted items are set to Always.

Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
When finished, you will see the Thread Scan Summary window open.

If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.

Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
Find the report with the most recent date and double click on it.
Click on Export and then Copy to Clipboard.
Paste its content here, in your next reply.

4. Antivirus

Your logs show that both Kaspersky and Defender are enabled as your antivirus software. It's preferable to run only one antivirus at a time to avoid conflicts. If you want to keep Kaspersky, I will give you instructions to disable Defender.

In your next reply, please post:

The fixlog
The AdwCleaner[S0*].txt
The Malwarebytes report
Your reply about the antivirus

#9
Mingo_TTV

Posted 23 November 2020 - 03:39 AM

Member

Topic Starter
Member
17 posts

Thank you again DR M.

I initially downloaded Kapersky when I got my PC but have mainly been relying on Windows Defender. If you don't mind, which of the two would you recommend? I don't have the paid version of Kapersky at this stage.

I've included the created logs below;

Fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-11-2020 01

Ran by origi (23-11-2020 20:09:47) Run:2

Running from C:\Users\origi\Desktop

Loaded Profiles: origi

Boot Mode: Normal

==============================================

fixlist content:

*****************

CreateRestorePoint:

CloseProcesses:

HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\Run: [utweb] => "C:\Users\origi\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED

HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize

GroupPolicy: Restriction ? <==== ATTENTION

FF NewTab: Mozilla\Firefox\Profiles\a559bv13.default -> hxxps://searchdefault.co/homepage?hp=1&bitmask=9996&pId=BT171001&iDate=2019-12-25 10:02:22&bName=

FF SearchPlugin: C:\Users\origi\AppData\Roaming\Mozilla\Firefox\Profiles\a559bv13.default\searchplugins\bing-lavasoft-ff59.xml [2020-11-11]

FF SearchPlugin: C:\Users\origi\AppData\Roaming\Mozilla\Firefox\Profiles\w11yp6xr.default-release\searchplugins\bing-lavasoft-ff59.xml [2020-11-11]

IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com

C:\Program Files (x86)\Lavasoft

Hosts:

EmptyTemp:

*****************

Restore point was successfully created.

Processes closed successfully.

"HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\Software\Microsoft\Windows\CurrentVersion\Run\\utweb" => removed successfully

"HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Web Companion" => removed successfully

C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully

C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully

"Firefox newtab" => removed successfully

C:\Users\origi\AppData\Roaming\Mozilla\Firefox\Profiles\a559bv13.default\searchplugins\bing-lavasoft-ff59.xml => moved successfully

C:\Users\origi\AppData\Roaming\Mozilla\Firefox\Profiles\w11yp6xr.default-release\searchplugins\bing-lavasoft-ff59.xml => moved successfully

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => removed successfully

"C:\Program Files (x86)\Lavasoft" => not found

C:\Windows\System32\Drivers\etc\hosts => moved successfully

Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B

DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14902169 B

Java, Flash, Steam htmlcache => 0 B

Windows/system/drivers => 63564206 B

Edge => 0 B

Chrome => 392208818 B

Firefox => 0 B

Opera => 0 B

Temp, IE cache, history, cookies, recent:

Default => 0 B

Users => 0 B

ProgramData => 0 B

Public => 0 B

systemprofile => 0 B

systemprofile32 => 0 B

LocalService => 0 B

NetworkService => 2986 B

origi => 2254655293 B

RecycleBin => 945324 B

EmptyTemp: => 2.5 GB temporary data Removed.

================================

The system needed a reboot.

==== End 2 Fixlog 20:10:26 ====

AdwCleaner[S00].txt:

# -------------------------------

# Malwarebytes AdwCleaner 8.0.8.0

# -------------------------------

# Build: 10-08-2020

# Database: 2020-11-12.1 (Cloud)

# Support: https://www.malwarebytes.com/support

# -------------------------------

# Mode: Scan

# -------------------------------

# Start: 11-23-2020

# Duration: 00:00:17

# OS: Windows 10 Pro

# Scanned: 31909

# Detected: 8

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Conduit HKCU\Software\Microsoft\Internet Explorer\Main|Start Page

PUP.Optional.Conduit HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion

PUP.Optional.Legacy HKLM\System\Setup\FirstBoot\Services\WCAssistantService

PUP.Optional.WebCompanion HKCU\Software\Lavasoft\Web Companion

PUP.Optional.WebCompanion HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

PUP.Optional.WebCompanion HKLM\Software\Wow6432Node\Lavasoft\Web Companion

PUP.Optional.WebCompanion HKU\.DEFAULT\Software\Mozilla\NativeMessagingHosts\com.webcompanion.native

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

Malwarebytes report:

Malwarebytes

www.malwarebytes.com

-Log Details-

Scan Date: 11/23/20

Scan Time: 8:29 PM

Log File: 65fac326-2d6e-11eb-9dfe-b42e9988d824.json

-Software Information-

Version: 4.2.3.96

Components Version: 1.0.1104

Update Package Version: 1.0.33306

License: Trial

-System Information-

OS: Windows 10 (Build 19041.630)

CPU: x64

File System: NTFS

User: DESKTOP-Q4STC4U\origi

-Scan Summary-

Scan Type: Threat Scan

Scan Initiated By: Manual

Result: Completed

Objects Scanned: 345632

Threats Detected: 24

Threats Quarantined: 0

Time Elapsed: 3 min, 12 sec

-Scan Options-

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Detect

PUM: Detect

-Scan Details-

Process: 0

(No malicious items detected)

Module: 0

(No malicious items detected)

Registry Key: 4

PUP.Optional.Conduit, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, No Action By User, 193, 236865, , , , , ,

PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, No Action By User, 193, 236865, , , , , ,

PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, No Action By User, 193, 236865, , , , , ,

PUP.Optional.Conduit, HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, No Action By User, 193, 236865, 1.0.33306, , ame, , ,

Registry Value: 2

PUP.Optional.Conduit, HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, No Action By User, 193, 236865, 1.0.33306, , ame, , ,

PUP.Optional.Conduit, HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TOPRESULTURL, No Action By User, 193, 236865, 1.0.33306, , ame, , ,

Registry Data: 1

PUP.Optional.Conduit, HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, No Action By User, 193, 293058, 1.0.33306, , ame, , ,

Data Stream: 0

(No malicious items detected)

Folder: 4

PUP.Optional.PushNotifications.Generic, C:\USERS\ORIGI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, No Action By User, 201, 838845, , , , , ,

File: 13

PUP.Optional.GameHack, C:\PROGRAM FILES\CHEAT ENGINE 7.1\STANDALONEPHASE1.DAT, No Action By User, 7995, 393793, 1.0.33306, , ame, , EB339EECEC8AA8C0FD3B08D39799D4D8, 88BB94C3CE727DB13B77ABDBDB75A4C878E91D651692F3618178DEC5BBB7080C

PUP.Optional.PushNotifications.Generic, C:\Users\origi\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb, No Action By User, 201, 838845, , , , , CDD524D995F243D631502C37CB9C0782, 2004F077A0053DEE8273AF44502DF1850E00318538DC6EF53EAFD8940F580D79

PUP.Optional.PushNotifications.Generic, C:\Users\origi\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.log, No Action By User, 201, 838845, , , , , 29DE7A816BB78BA36C9F37F311044C23, D5E15C22C69007A3C00D7D693C538123AE1BC291B6C0D64014CAEF2FDCAA3D88

PUP.Optional.PushNotifications.Generic, C:\Users\origi\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000008.ldb, No Action By User, 201, 838845, , , , , 30D9EE442BBFCB2B05E371065C773B9F, C48330A5DF98021D89DCD1358F6FFD54CE9D61B6C12FF61658EC0291C8CB52C3

PUP.Optional.PushNotifications.Generic, C:\Users\origi\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, No Action By User, 201, 838845, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443

PUP.Optional.PushNotifications.Generic, C:\Users\origi\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, No Action By User, 201, 838845, , , , , ,

PUP.Optional.PushNotifications.Generic, C:\Users\origi\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, No Action By User, 201, 838845, , , , , 92496B1AA1639608A8434683ADDB7C50, 17C07E562081C58EDFE738F3F1598804CAEC09FEAD8633EDF1FAA1369413496F

PUP.Optional.PushNotifications.Generic, C:\Users\origi\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, No Action By User, 201, 838845, , , , , FEB9FE0004EAB87AFD6CCD276CAE568D, B6C212AB1A6096432FDF251E1AC491BBCB79296DFA07BF358A4BCA8C3B9EB0BF

PUP.Optional.PushNotifications.Generic, C:\Users\origi\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, No Action By User, 201, 838845, , , , , AD4A88C5B444BEF570E260AC9ECFE093, 78D1F164486A3A975306707A0B6D204FDBF26BB70B5B75574F45E0E42A05CD24

PUP.Optional.PushNotifications.Generic, C:\USERS\ORIGI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, 201, 838845, 1.0.33306, , ame, , 9B4D46DA4CEB803F1CDCA16B58A151EC, 5C91DA7CD2DDA9BFEAF5CC8699ED6CF95DE4144BE5405BD9D07103544F5619C5

Physical Sector: 0

(No malicious items detected)

WMI: 0

(No malicious items detected)

(end)

#10
DR M

Posted 23 November 2020 - 10:54 AM

The Grecian Geek

Malware Removal
4,096 posts

Hi, Mingo_TTV.

1. Run AdwCleaner (Clean mode)

Double click AdwCleaner.exe on your Desktop, to run it as you did before.
Click Scan Now.
When the scan has finished a Scan Results window will open.
Please check all threads found and then click Quarantine.

Click Next.
- If any pre-installed software was found on your machine, a prompt window will open (Note: previous scan showed no pre-installed software in your machine, so you can skip these sub steps).
  - Click OK to close it.
- Check any pre-installed software items you want to remove (previous scan showed no pre-installed software in your machine, so you can skip this).
- Click Quarantine.
A prompt to save your work will appear.
- Click Continue when you're ready to proceed.
A prompt to restart your computer will appear.
- Click Restart Now.
Once your computer has restarted:
- If it doesn't open automatically, please start ADWCleaner.
- Click the Log Files tab.
- Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
- A Notepad file will open containing the results of the removal.
- Please post the contents of the file in your next reply.

2. Run Malwarebytes (Clean mode)

Double click the program's icon on your Desktop, as you did before.

Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:

Under the title Scan Options, all the options are checked.
Under the title Windows Security Center (Premium only) the option is unchecked.
Under the title Potentially unwanted items both options are set to Always.

Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
When finished, you will see the Thread Scan Summary window open.
Since threats were found, make sure that all threats are selected, and click on Quarantine/Remove selected.
You may need to restart the computer.
Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
Find the report with the most recent date and double click on it.
Click on Export and then Copy to Clipboard.
Paste its content here, in your next reply.

3. Antivirus

Actually staying with the built-in Windows 10 antivirus solution, Microsoft Defender, is a really good choice. It can keep you safe, assuming that you follow the safe computing rules. It's your choice of course.

If you want to uninstall Kaspersky, please read here how you can do it using the Removal Tool. Uninstall all the Kaspersky products in the computer:

Kaspersky Secure Connection
Kaspersky Total Security

Make sure you restart the computer every time you deal with a product.

4. Run FSS

Please download Farbar Service Scanner and save it on your Desktop.
Right click on the tool icon and run it as administrator.
Make sure all the options are checked.
Click on the Scan button.
It will create a log (FSS.txt) on your Desktop.
Copy and paste the log's content to your next reply.

In your next reply, please post:

The AdwCleaner[C0*].txt
The Malwarebytes report
Your decision about the antivirus
FSS.txt

#11
Mingo_TTV

Posted 24 November 2020 - 03:31 AM

Member

Topic Starter
Member
17 posts

Hi DR M,

Just finished running through your instructions again. As an update, I am still running into the issue of the black screen and the flashing task bar for 2 minutes on every restart.

I have also uninstalled Kapersky from my computer. FYI the link you provided me regarding removing Kapersky didn't work for me, however I still managed.

The requested logs are below;

AdwCleaner:

# -------------------------------

# Malwarebytes AdwCleaner 8.0.8.0

# -------------------------------

# Build: 10-08-2020

# Database: 2020-11-23.1 (Cloud)

# Support: https://www.malwarebytes.com/support

# -------------------------------

# Mode: Clean

# -------------------------------

# Start: 11-24-2020

# Duration: 00:00:01

# OS: Windows 10 Pro

# Cleaned: 9

# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Lavasoft\Web Companion

Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Start Page

Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion

Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion

Deleted HKLM\System\Setup\FirstBoot\Services\WCAssistantService

Deleted HKU\.DEFAULT\Software\Mozilla\NativeMessagingHosts\com.webcompanion.native

Deleted HKU\S-1-5-18\SOFTWARE\Mozilla\NativeMessagingHosts\com.webcompanion.native

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete Tracing Keys

[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2188 octets] - [23/11/2020 20:16:41]

AdwCleaner[S01].txt - [2357 octets] - [24/11/2020 19:36:59]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

Malewarebytes:

Malwarebytes

www.malwarebytes.com

-Log Details-

Scan Date: 11/24/20

Scan Time: 7:43 PM

Log File: 2709a952-2e31-11eb-803b-b42e9988d824.json

-Software Information-

Version: 4.2.3.96

Components Version: 1.0.1104

Update Package Version: 1.0.33342

License: Trial

-System Information-

OS: Windows 10 (Build 19041.630)

CPU: x64

File System: NTFS

User: System

-Scan Summary-

Scan Type: Threat Scan

Scan Initiated By: Scheduler

Result: Completed

Objects Scanned: 346399

Threats Detected: 17

Threats Quarantined: 17

Time Elapsed: 8 min, 21 sec

-Scan Options-

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Detect

PUM: Detect

-Scan Details-

Process: 0

(No malicious items detected)

Module: 0

(No malicious items detected)

Registry Key: 0

(No malicious items detected)

Registry Value: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Data Stream: 0

(No malicious items detected)

Folder: 4

PUP.Optional.PushNotifications.Generic, C:\USERS\ORIGI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 201, 838845, , , , , ,

File: 13

PUP.Optional.GameHack, C:\PROGRAM FILES\CHEAT ENGINE 7.1\STANDALONEPHASE1.DAT, Quarantined, 7996, 393793, 1.0.33342, , ame, , EB339EECEC8AA8C0FD3B08D39799D4D8, 88BB94C3CE727DB13B77ABDBDB75A4C878E91D651692F3618178DEC5BBB7080C

PUP.Optional.PushNotifications.Generic, C:\Users\origi\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb, Quarantined, 201, 838845, , , , , CDD524D995F243D631502C37CB9C0782, 2004F077A0053DEE8273AF44502DF1850E00318538DC6EF53EAFD8940F580D79

PUP.Optional.PushNotifications.Generic, C:\Users\origi\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.log, Quarantined, 201, 838845, , , , , 09C736BEFAC89D52272B7DB6A11DAD79, C57383A833996C0DAE6237C285A6BD258C8A3F211D18137404601369943AA1C2

PUP.Optional.PushNotifications.Generic, C:\Users\origi\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000008.ldb, Quarantined, 201, 838845, , , , , 30D9EE442BBFCB2B05E371065C773B9F, C48330A5DF98021D89DCD1358F6FFD54CE9D61B6C12FF61658EC0291C8CB52C3

PUP.Optional.PushNotifications.Generic, C:\Users\origi\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, Quarantined, 201, 838845, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443

PUP.Optional.PushNotifications.Generic, C:\Users\origi\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, Quarantined, 201, 838845, , , , , ,

PUP.Optional.PushNotifications.Generic, C:\Users\origi\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, Quarantined, 201, 838845, , , , , 5F5AE6C4E35F125E7370B90285995284, E9799E36C41811FB14423C1013219A385FADE06CFFC22727A495A1CAD96953C0

PUP.Optional.PushNotifications.Generic, C:\Users\origi\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, Quarantined, 201, 838845, , , , , D027FDF9C27323A93234D5D12AF9CF59, 51624243C8AEA0154AF51E010481B92BE6032F281F93A566210D2B0A2C8A029B

PUP.Optional.PushNotifications.Generic, C:\Users\origi\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, Quarantined, 201, 838845, , , , , AD4A88C5B444BEF570E260AC9ECFE093, 78D1F164486A3A975306707A0B6D204FDBF26BB70B5B75574F45E0E42A05CD24

PUP.Optional.PushNotifications.Generic, C:\USERS\ORIGI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, 201, 838845, 1.0.33342, , ame, , 6795C9F031DC3D1A35BF59817FF3FC9F, F5864CD8D061E6EC35781EED8F18A2D26A354829B9CCB8F1B64BEA9EB792DF39

Physical Sector: 0

(No malicious items detected)

WMI: 0

(No malicious items detected)

(end)

FSS:

Farbar Service Scanner Version: 09-11-2020

Ran by origi (administrator) on 24-11-2020 at 19:55:50

Running from "C:\Users\origi\Desktop"

Microsoft Windows 10 Pro (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Policy:

========================

Windows Security:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

Other Services:

==============

File Check:

========

C:\Windows\System32\nsisvc.dll => File is digitally signed

C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed

C:\Windows\System32\Drivers\afd.sys => File is digitally signed

C:\Windows\System32\Drivers\tdx.sys => File is digitally signed

C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed

C:\Windows\System32\dnsrslvr.dll => File is digitally signed

C:\Windows\System32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\System32\mpssvc.dll => File is digitally signed

C:\Windows\System32\bfe.dll => File is digitally signed

C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed

C:\Windows\System32\SDRSVC.dll => File is digitally signed

C:\Windows\System32\vssvc.exe => File is digitally signed

C:\Windows\System32\SecurityHealthService.exe => File is digitally signed

C:\Windows\System32\wscsvc.dll => File is digitally signed

C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed

C:\Windows\System32\wuaueng.dll => File is digitally signed

C:\Windows\System32\qmgr.dll => File is digitally signed

C:\Windows\System32\es.dll => File is digitally signed

C:\Windows\System32\cryptsvc.dll => File is digitally signed

C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed

C:\Windows\System32\ipnathlp.dll => File is digitally signed

C:\Windows\System32\iphlpsvc.dll => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

#12
DR M

Posted 24 November 2020 - 03:54 AM

The Grecian Geek

Malware Removal
4,096 posts

Hi.

The logs seem good.

As for the Kaspersky link you mean that it didn't open? It works fine for me.

Let's see fresh FRST logs now:

Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
Press Scan button and wait for a while.
The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
Please copy and paste the content of these two logs in your next reply.

#13
Mingo_TTV

Posted 27 November 2020 - 01:53 AM

Member

Topic Starter
Member
17 posts

Hi,

Sorry, I didn't see that you had replied until now.

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-11-2020

Ran by origi (administrator) on DESKTOP-Q4STC4U (Gigabyte Technology Co., Ltd. Z390 UD) (27-11-2020 18:41:18)

Running from C:\Users\origi\Desktop

Loaded Profiles: origi

Platform: Windows 10 Pro Version 20H2 19042.630 (X64) Language: English (United States)

Default browser: Chrome

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(CloudBees, Inc.) [File not signed] C:\Program Files (x86)\GIGABYTE\AORUS LCD Panel Setting\MonitorService-exec.exe

(Discord Inc. -> Discord Inc.) C:\Users\origi\AppData\Local\Discord\app-0.0.308\Discord.exe <7>

(Epic Games Inc. -> Epic Games, Inc.) E:\Program Files\Epic Games\Launcher\Engine\Binaries\Win64\UnrealCEFSubProcess.exe <3>

(Epic Games Inc. -> Epic Games, Inc.) E:\Program Files\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe

(GIGA-BYTE TECHNOLOGY CO., LTD. -> ) C:\Program Files (x86)\GIGABYTE\RGBFusion\RGBFusion.exe

(GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGABYTE Technology Co.,Ltd.) C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\AORUS.exe

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <55>

(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe

(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe

(LogMeIn, Inc. -> LogMeIn Inc.) E:\Program Files\x64\hamachi-2.exe

(LogMeIn, Inc. -> LogMeIn, Inc.) E:\Program Files\x64\LMIGuardianSvc.exe

(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.47.10001.0_x64__8wekyb3d8bbwe\GamingServices.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.47.10001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsMaps_10.2011.4.0_x64__8wekyb3d8bbwe\Maps.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.11102.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\fodhelper.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\PickerHost.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe <2>

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.621_none_e7694895260e0b6d\TiWorker.exe

(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2010.7-0\MsMpEng.exe

(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2010.7-0\NisSrv.exe

(NVIDIA Corporation -> ) C:\Program Files\NVIDIA Corporation\FrameViewSDK\bin\nvrla.exe

(NVIDIA Corporation -> ) C:\Program Files\NVIDIA Corporation\FrameViewSDK\bin\PresentMon_x64.exe

(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5dcb5bbf5c3edcf2\Display.NvContainer\NVDisplay.Container.exe <2>

(NVIDIA Corporation -> NVIDIA) C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe

(Plex, Inc. -> Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe

(Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\Synapse3\UserProcess\Razer Synapse Service Process.exe

(Razer USA Ltd. -> Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe

(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe

(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe

(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe

(Rockstar Games, Inc. -> Rockstar Games) E:\Program Files\Rockstar Games\Launcher\Launcher.exe

(Rockstar Games, Inc. -> Rockstar Games) E:\Program Files\Rockstar Games\Launcher\RockstarService.exe

(Rockstar Games, Inc. -> Take-Two Interactive Software, Inc.) C:\Program Files\Rockstar Games\Social Club\SocialClubHelper.exe <3>

(Spotify AB -> Spotify Ltd) C:\Users\origi\AppData\Roaming\Spotify\Spotify.exe <5>

(Ubisoft Entertainment Sweden AB -> Ubisoft) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe

(Ubisoft Entertainment Sweden AB -> Ubisoft) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UplayWebCore.exe

(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>

(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe

(WeMod LLC -> Daring Development Inc.) C:\Users\origi\AppData\Local\WeMod\app-6.3.11\resources\app.asar.unpacked\static\unpacked\auxiliary\WeModAuxiliaryService.exe

(WeMod LLC -> WeMod) C:\Users\origi\AppData\Local\WeMod\app-6.3.11\WeMod.exe <4>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [856288 2019-10-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [331064 2020-07-24] (Apple Inc. -> Apple Inc.)

HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => E:\Program Files\hamachi-2-ui.exe [5890504 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [710264 2020-06-18] (Oracle America, Inc. -> Oracle Corporation)

HKLM-x32\...\RunOnce: [SelLed] => C:\Program Files (x86)\GIGABYTE\RGBFusion\RunLed.exe [50096 2019-04-29] (GIGA-BYTE TECHNOLOGY CO., LTD. -> )

HKLM\...\Policies\Explorer: [HideSCAHealth] 1

HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3424032 2020-10-29] (Valve -> Valve Corporation)

HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\Run: [Spotify] => C:\Users\origi\AppData\Roaming\Spotify\Spotify.exe [23232232 2020-11-16] (Spotify AB -> Spotify Ltd)

HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\Run: [Discord] => C:\Users\origi\AppData\Local\Discord\app-0.0.307\Discord.exe [91023672 2020-08-04] (Discord Inc. -> Discord Inc.)

HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\Run: [EpicGamesLauncher] => E:\Program Files\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [33102224 2020-11-06] (Epic Games Inc. -> Epic Games, Inc.)

HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [24625144 2020-02-19] (Plex, Inc. -> Plex, Inc.)

HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\Run: [LGHUB] => C:\Program Files\LGHUB\lghub.exe [104586376 2020-11-21] (Logitech Inc -> Logitech, Inc.)

HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\origi\AppData\Local\Microsoft\Teams\Update.exe [2350776 2020-06-12] (Microsoft 3rd Party Application Component -> Microsoft Corporation)

HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\Run: [GogGalaxy] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [14766664 2020-10-03] (GOG Sp. z o.o. -> GOG.com)

HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-05-07] (Apple Inc. -> Apple Inc.)

HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2020-05-07] (Apple Inc. -> Apple Inc.)

HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3514096 2020-10-19] (Razer USA Ltd. -> Razer Inc.)

HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.198\Installer\chrmstp.exe [2020-11-17] (Google LLC -> Google LLC)

Startup: C:\Users\origi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AORUS ENGINE.lnk [2020-11-18]

ShortcutTarget: AORUS ENGINE.lnk -> C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\autorun.exe () [File not signed]

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {059ACACA-6610-4154-B0B9-1A814E39B8C0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2019-12-19] (Google LLC -> Google LLC)

Task: {05AC1BC4-DF43-4C90-8C4B-4D12C1BDD8D5} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22939528 2020-11-04] (Microsoft Corporation -> Microsoft Corporation)

Task: {07471E98-CE11-41B9-8E9C-F87637FF5892} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {0F70B12F-62ED-4511-A9ED-81246B0BE16A} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe

Task: {41457A5F-3A9B-4270-9E29-88D63C659B66} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MpCmdRun.exe [541576 2020-11-07] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {4EFA01D9-BD05-4C48-851F-56B7628B1B5E} - System32\Tasks\Launcher GIGABYTE AORUS GRAPHICS ENGINE => C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\AORUS.exe [33903328 2020-11-05] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGABYTE Technology Co.,Ltd.)

Task: {55AA047D-959B-4DB7-9C39-4C91A7EE2E19} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MpCmdRun.exe [541576 2020-11-07] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {5CFA99A2-D0F8-4F7A-A306-8A9BC8BF63F0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2019-12-19] (Google LLC -> Google LLC)

Task: {5F2BA33A-8616-424C-AB9D-3217745A09E1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MpCmdRun.exe [541576 2020-11-07] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {7778467F-4FC4-48CF-B33A-C9CA872D2C1B} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\program files (x86)\microsoft visual studio\installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe [65440 2020-07-22] (Microsoft Corporation -> Microsoft)

Task: {81C207F1-0636-4A3C-8FD6-BB5186762748} - System32\Tasks\Agent Activation Runtime\S-1-5-21-1797817695-3140524087-3623043744-1001 => C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe [13312 2020-11-17] (Microsoft Windows -> )

Task: {911E10DD-1AE9-4692-8751-0D0151258971} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144744 2020-11-15] (Microsoft Corporation -> Microsoft Corporation)

Task: {9A362EF8-91BE-4938-AD25-3A5E6B5DDB25} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {AB423A2B-41E4-4192-9DAB-2ECE36C25C6A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5153176 2020-10-31] (Microsoft Corporation -> Microsoft Corporation)

Task: {AC31F993-D52B-4E9B-8ACA-77AEB8F34F25} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {B12C15E3-4031-40A8-9434-75B0B6EE2047} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22939528 2020-11-04] (Microsoft Corporation -> Microsoft Corporation)

Task: {BB812079-3B97-46E1-A5E8-8D60F2DE7894} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [752136 2020-10-17] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.) <==== ATTENTION

Task: {C0093AFA-6E4B-4565-9BD9-6CFD85292586} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel® Trust Services -> Intel® Corporation)

Task: {C04310FD-E714-4DC4-9084-F7A7E8BCE848} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)

Task: {C38684F7-90AB-4E69-B4DC-FEA8387E48B5} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {C6CA24E4-A723-4698-8CC1-4956551F3DE5} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {CA711F0A-2238-446C-BC5E-2B42D4E33790} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MpCmdRun.exe [541576 2020-11-07] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {D3C431D0-6611-4ADA-9CEB-0106933773B2} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646456 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {DD6F9B9D-C2B5-4B40-953B-BBDB50753853} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_303_Plugin.exe [1457720 2019-12-20] (Adobe Inc. -> Adobe)

Task: {DDACF7FE-8A0A-4373-8372-CA5A26F6DC02} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-18] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log

Task: {E677DACB-D605-4FF2-AF1E-E4DDC6A1CD80} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-18] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log

Task: {E79C0B2C-BEAF-4FEA-9662-EE2C274784DC} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3301176 2020-10-21] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {E91294D4-094C-447E-8B68-B432F2C28B5B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5153176 2020-10-31] (Microsoft Corporation -> Microsoft Corporation)

Task: {EB6B852A-45DE-4C1D-8911-973F4D8CAC40} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144744 2020-11-15] (Microsoft Corporation -> Microsoft Corporation)

Task: {F0D61D05-4EDE-4B80-A447-CD4A7AE01BA0} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [667856 2020-11-11] (Mozilla Corporation -> Mozilla Foundation)

Task: {F6396AAE-D305-4B73-8FD3-5D2804D888DF} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{d67f30f0-0c71-4697-9b7d-1371f23a70e1}: [DhcpNameServer] 192.168.0.1

Edge:

======

Edge Profile: C:\Users\origi\AppData\Local\Microsoft\Edge\User Data\Default [2020-11-16]

FireFox:

========

FF DefaultProfile: a559bv13.default

FF ProfilePath: C:\Users\origi\AppData\Roaming\Mozilla\Firefox\Profiles\a559bv13.default [2020-11-23]

FF NewTab: Mozilla\Firefox\Profiles\a559bv13.default -> hxxps://searchdefault.co/homepage?hp=1&bitmask=9996&pId=BT171001&iDate=2019-12-25 10:02:22&bName=

FF ProfilePath: C:\Users\origi\AppData\Roaming\Mozilla\Firefox\Profiles\w11yp6xr.default-release [2020-11-27]

FF Extension: (Reddit Enhancement Suite) - C:\Users\origi\AppData\Roaming\Mozilla\Firefox\Profiles\w11yp6xr.default-release\Extensions\[email protected] [2020-10-03]

FF Extension: (Adblock Plus - free ad blocker) - C:\Users\origi\AppData\Roaming\Mozilla\Firefox\Profiles\w11yp6xr.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2020-11-27]

FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\FFExt\light_plugin_firefox\addon.xpi => not found

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\FFExt\light_plugin_firefox\addon.xpi => not found

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_303.dll [2019-12-20] (Adobe Inc. -> )

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-09-13] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=3.0.8 -> E:\Program Files\VLC\npvlc.dll [2019-08-15] (VideoLAN -> VideoLAN)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_303.dll [2019-12-20] (Adobe Inc. -> )

FF Plugin-x32: @java.com/DTPlugin,version=11.261.2 -> C:\Program Files (x86)\Java\jre1.8.0_261\bin\dtplugin\npDeployJava1.dll [2020-09-16] (Oracle America, Inc. -> Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.261.2 -> C:\Program Files (x86)\Java\jre1.8.0_261\bin\plugin2\npjp2.dll [2020-09-16] (Oracle America, Inc. -> Oracle Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2020-09-13] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-09-13] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-11-19] (Adobe Inc. -> Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-1797817695-3140524087-3623043744-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\origi\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-04-05] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2019-12-19] <==== ATTENTION (Points to *.cfg file)

FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2019-12-19] <==== ATTENTION

Chrome:

=======

CHR Profile: C:\Users\origi\AppData\Local\Google\Chrome\User Data\Default [2020-11-27]

CHR DownloadDir: E:\Downloads

CHR Notifications: Default -> hxxps://www.cashrewards.com.au; hxxps://www.guilded.gg

CHR Extension: (Honey) - C:\Users\origi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2020-11-18]

CHR Extension: (uBlock Origin) - C:\Users\origi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2020-10-26]

CHR Extension: (Dark Mode) - C:\Users\origi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmghijelimhndkbmpgbldicpogfkceaj [2020-11-12]

CHR Extension: (Adobe Acrobat) - C:\Users\origi\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-09-26]

CHR Extension: (Kaspersky Protection) - C:\Users\origi\AppData\Local\Google\Chrome\User Data\Default\Extensions\elhpdacimkjpccooodognopfhbdgnpbk [2020-07-01]

CHR Extension: (Cashrewards) - C:\Users\origi\AppData\Local\Google\Chrome\User Data\Default\Extensions\foehlpanophbpagddidofdpeiappcmgf [2020-11-12]

CHR Extension: (Google Docs Offline) - C:\Users\origi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-12]

CHR Extension: (Hola Free VPN Proxy Unblocker - Best VPN) - C:\Users\origi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2020-11-12]

CHR Extension: (Windscribe - Free Proxy and Ad Blocker) - C:\Users\origi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmpcagpplmpfojmgmnngilcnanddlhb [2020-11-27]

CHR Extension: (Reddit Enhancement Suite) - C:\Users\origi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2020-11-03]

CHR Extension: (Chrome Web Store Payments) - C:\Users\origi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-12-19]

CHR Extension: (Netflix Party is now Teleparty) - C:\Users\origi\AppData\Local\Google\Chrome\User Data\Default\Extensions\oocalimimngaihdkbihfgmpkcpnmlaoa [2020-10-26]

CHR Extension: (Chrome Media Router) - C:\Users\origi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-12]

CHR Extension: (HMA VPN Proxy Unblocker) - C:\Users\origi\AppData\Local\Google\Chrome\User Data\Default\Extensions\poeojclicodamonabcabmapamjkkmnnk [2020-07-19]

CHR Extension: (Nohat) - E:\Downloads\NohatExt_3\NohatExt_3 [2020-08-01]

CHR HKLM\...\Chrome\Extension: [elhpdacimkjpccooodognopfhbdgnpbk] - hxxps://chrome.google.com/webstore/detail/elhpdacimkjpccooodognopfhbdgnpbk

CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

CHR HKLM-x32\...\Chrome\Extension: [elhpdacimkjpccooodognopfhbdgnpbk] - hxxps://chrome.google.com/webstore/detail/elhpdacimkjpccooodognopfhbdgnpbk

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)

R2 AORUS LCD Panel Service; C:\Program Files (x86)\GIGABYTE\AORUS LCD Panel Setting\MonitorService-exec.exe [360960 2018-12-21] (CloudBees, Inc.) [File not signed]

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-05-20] (Apple Inc. -> Apple Inc.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8736880 2020-11-19] (BattlEye Innovations e.K. -> )

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9057136 2020-11-04] (Microsoft Corporation -> Microsoft Corporation)

S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803952 2020-10-08] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)

R3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [287720 2020-10-19] (NVIDIA Corporation -> NVIDIA)

S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [1728072 2020-10-03] (GOG Sp. z o.o. -> GOG.com)

S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6821960 2020-02-26] (GOG Sp. z o.o. -> GOG.com)

R2 Hamachi2Svc; E:\Program Files\x64\hamachi-2.exe [3361736 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)

R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [10887816 2020-11-21] (Logitech Inc -> Logitech, Inc.)

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7269976 2020-11-23] (Malwarebytes Inc -> Malwarebytes)

R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [2148856 2020-02-19] (Plex, Inc. -> Plex, Inc.)

R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [253776 2020-06-24] (Razer USA Ltd. -> Razer Inc)

R2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [294128 2020-10-19] (Razer USA Ltd. -> Razer Inc.)

R3 Rockstar Service; E:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1382016 2020-11-27] (Rockstar Games, Inc. -> Rockstar Games)

R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [533376 2020-09-23] (Razer USA Ltd. -> Razer Inc.)

S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5101992 2020-11-17] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [147392 2019-05-01] (Microsoft Corporation -> Microsoft Corporation)

R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\NisSrv.exe [2467088 2020-11-07] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MsMpEng.exe [128376 2020-11-07] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5dcb5bbf5c3edcf2\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5dcb5bbf5c3edcf2\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdTools64; C:\WINDOWS\System32\drivers\AmdTools64.sys [58216 2018-03-23] (Advanced Micro Devices Inc. -> Advanced Micro Devices)

R2 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv_bgp.sys [315976 2020-04-07] (Bluestack Systems, Inc -> Bluestack System Inc.)

R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [246912 2019-02-16] (Kaspersky Lab -> AO Kaspersky Lab)

R1 EneTechIo; C:\WINDOWS\system32\drivers\ene.sys [20992 2020-05-12] (Microsoft Windows Hardware Compatibility Publisher -> )

R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-11-23] (Malwarebytes Corporation -> Malwarebytes)

R3 gdrv2; C:\WINDOWS\gdrv2.sys [32600 2020-11-18] (GIGA-BYTE Technology Co., Ltd. -> GIGA-BYTE TECHNOLOGY CO., LTD.)

R3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2019-04-02] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)

R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [79696 2019-12-19] (Kaspersky Lab -> AO Kaspersky Lab)

R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [145304 2019-12-19] (Kaspersky Lab -> AO Kaspersky Lab)

R1 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [93312 2019-03-12] (Kaspersky Lab -> AO Kaspersky Lab)

S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [37816 2019-01-24] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)

R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [251512 2019-10-28] (Kaspersky Lab -> AO Kaspersky Lab)

R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [998016 2019-10-28] (Kaspersky Lab -> AO Kaspersky Lab)

R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [58192 2019-03-19] (Kaspersky Lab -> AO Kaspersky Lab)

R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [79184 2019-03-18] (Kaspersky Lab -> AO Kaspersky Lab)

R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [59512 2019-03-18] (Kaspersky Lab -> AO Kaspersky Lab)

R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [51328 2019-03-13] (Kaspersky Lab -> AO Kaspersky Lab)

S3 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [45904 2019-03-10] (Kaspersky Lab -> AO Kaspersky Lab)

R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [105600 2019-03-05] (Kaspersky Lab -> AO Kaspersky Lab)

R1 klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [211048 2019-12-19] (Kaspersky Lab -> AO Kaspersky Lab)

R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [232272 2019-03-19] (Kaspersky Lab -> AO Kaspersky Lab)

R2 LGHUBTemperatureService; C:\ProgramData\LGHUB\depots\70065\driver_cpu_temperature\logi_core_temp.sys [25448 2020-11-21] (Logitech Inc. -> Logitech)

R3 logi_joy_bus_enum; C:\WINDOWS\system32\drivers\logi_joy_bus_enum.sys [38136 2020-10-30] (Logitech Inc -> Logitech)

S3 logi_joy_vir_hid; C:\WINDOWS\system32\drivers\logi_joy_vir_hid.sys [26672 2020-10-30] (Logitech Inc -> Logitech)

R3 logi_joy_xlcore; C:\WINDOWS\system32\drivers\logi_joy_xlcore.sys [66808 2020-10-30] (Logitech Inc -> Logitech)

R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220160 2020-11-26] (Malwarebytes Inc -> Malwarebytes)

S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-11-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)

R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [197792 2020-11-26] (Malwarebytes Inc -> Malwarebytes)

R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2020-11-26] (Malwarebytes Inc -> Malwarebytes)

R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-11-26] (Malwarebytes Inc -> Malwarebytes)

R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [138904 2020-11-26] (Malwarebytes Inc -> Malwarebytes)

R3 MpKsl0f53becd; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1D9677F7-E130-4FE7-8BE9-3105A03F2511}\MpKslDrv.sys [47336 2020-11-27] (Microsoft Windows -> Microsoft Corporation)

S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2020-01-15] (Apple Inc.) [File not signed]

R3 VBAudioVACMME; C:\WINDOWS\System32\drivers\vbaudio_cable64_win7.sys [41192 2014-09-02] (Vincent Burel -> Windows ® Win 7 DDK provider)

S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-11-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429288 2020-11-07] (Microsoft Windows -> Microsoft Corporation)

R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [71912 2020-11-07] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-11-27 18:41 - 2020-11-27 18:41 - 000033779 _____ C:\Users\origi\Desktop\FRST.txt

2020-11-27 13:36 - 2020-11-27 13:36 - 000000000 ____D C:\Users\origi\AppData\Local\WeMod

2020-11-26 23:32 - 2020-11-26 23:32 - 000197792 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys

2020-11-26 22:35 - 2020-11-26 22:36 - 000000000 ____D C:\Users\origi\AppData\LocalLow\SUPERHOT_Team

2020-11-24 20:22 - 2020-11-26 23:32 - 000138904 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys

2020-11-24 20:22 - 2020-11-26 23:32 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys

2020-11-24 19:55 - 2020-11-24 19:55 - 000909824 _____ (Farbar) C:\Users\origi\Desktop\FSS.exe

2020-11-23 20:27 - 2020-11-27 15:55 - 000000000 ____D C:\Users\origi\AppData\LocalLow\IGDump

2020-11-23 20:26 - 2020-11-26 23:32 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys

2020-11-23 20:26 - 2020-11-26 23:32 - 000220160 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys

2020-11-23 20:26 - 2020-11-23 20:26 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys

2020-11-23 20:26 - 2020-11-23 20:26 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys

2020-11-23 20:26 - 2020-11-23 20:26 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk

2020-11-23 20:26 - 2020-11-23 20:26 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk

2020-11-23 20:26 - 2020-11-23 20:26 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk

2020-11-23 20:26 - 2020-11-23 20:26 - 000000000 ____D C:\Users\origi\AppData\Local\mbam

2020-11-23 20:26 - 2020-11-23 20:26 - 000000000 ____D C:\ProgramData\Malwarebytes

2020-11-23 20:21 - 2020-11-23 20:21 - 000000000 ____D C:\Program Files\Malwarebytes

2020-11-23 20:20 - 2020-11-23 20:17 - 002076624 _____ (Malwarebytes) C:\Users\origi\Desktop\MBSetup.exe

2020-11-23 20:16 - 2020-11-24 19:37 - 000000000 ____D C:\AdwCleaner

2020-11-23 20:15 - 2020-11-23 20:15 - 008447152 _____ (Malwarebytes) C:\Users\origi\Desktop\AdwCleaner.exe

2020-11-23 20:09 - 2020-11-27 18:40 - 000000000 ____D C:\Users\origi\Desktop\FRST-OlderVersion

2020-11-22 23:14 - 2020-11-22 23:14 - 000000233 _____ C:\Users\origi\Desktop\Tom Clancy's Rainbow Six Siege.url

2020-11-22 23:14 - 2020-11-22 23:14 - 000000233 _____ C:\Users\origi\Desktop\Tom Clancy's Rainbow Six Siege - Vulkan.url

2020-11-21 20:08 - 2020-11-21 20:08 - 000000650 _____ C:\Users\Public\Desktop\Logitech G HUB.lnk

2020-11-21 20:08 - 2020-11-21 20:08 - 000000650 _____ C:\ProgramData\Desktop\Logitech G HUB.lnk

2020-11-21 20:08 - 2020-11-21 20:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi

2020-11-21 20:08 - 2020-11-21 20:08 - 000000000 ____D C:\Program Files\LGHUB

2020-11-19 21:27 - 2020-11-19 21:30 - 000000000 ____D C:\Users\origi\Documents\Assassin's Creed Valhalla

2020-11-19 20:23 - 2020-11-19 20:23 - 000000235 _____ C:\Users\origi\Desktop\Assassin's Creed Valhalla.url

2020-11-19 19:22 - 2020-11-19 19:22 - 000000234 _____ C:\Users\origi\Desktop\Watch Dogs Legion.url

2020-11-18 18:46 - 2020-11-27 18:41 - 000000000 ____D C:\FRST

2020-11-18 18:46 - 2020-11-27 18:40 - 002290176 _____ (Farbar) C:\Users\origi\Desktop\FRST64.exe

2020-11-18 18:32 - 2020-11-18 18:32 - 000000000 ____D C:\Users\Public\Documents\Creative

2020-11-18 18:32 - 2020-11-18 18:32 - 000000000 ____D C:\ProgramData\Documents\Creative

2020-11-18 18:31 - 2020-11-18 18:31 - 000032600 ____N (GIGA-BYTE TECHNOLOGY CO., LTD.) C:\WINDOWS\gdrv2.sys

2020-11-18 18:31 - 2020-11-18 18:31 - 000002206 _____ C:\Users\Public\Desktop\RGBFusion 2.0.lnk

2020-11-18 18:31 - 2020-11-18 18:31 - 000002206 _____ C:\ProgramData\Desktop\RGBFusion 2.0.lnk

2020-11-18 18:31 - 2020-11-18 18:31 - 000000000 ____D C:\Users\origi\AppData\Local\Downloaded Installations

2020-11-18 18:31 - 2020-11-18 18:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AORUS

2020-11-18 18:31 - 2020-11-18 18:31 - 000000000 ____D C:\Program Files\Patriot

2020-11-18 18:31 - 2020-11-18 18:31 - 000000000 ____D C:\Program Files\ENE

2020-11-18 18:31 - 2020-11-18 18:31 - 000000000 ____D C:\Program Files (x86)\ENE

2020-11-18 18:31 - 2020-05-12 01:28 - 000020992 _____ C:\WINDOWS\system32\Drivers\ene.sys

2020-11-18 18:30 - 2020-11-18 18:32 - 000000000 ____D C:\Program Files (x86)\GIGABYTE

2020-11-18 18:30 - 2020-11-18 18:30 - 000003464 _____ C:\WINDOWS\system32\Tasks\Launcher GIGABYTE AORUS GRAPHICS ENGINE

2020-11-18 18:30 - 2020-11-18 18:30 - 000001243 _____ C:\Users\Public\Desktop\AORUS ENGINE.lnk

2020-11-18 18:30 - 2020-11-18 18:30 - 000001243 _____ C:\ProgramData\Desktop\AORUS ENGINE.lnk

2020-11-18 18:30 - 2020-11-18 18:30 - 000000000 ____D C:\Users\origi\Documents\temp

2020-11-18 18:30 - 2020-11-18 18:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE

2020-11-18 18:15 - 2020-11-08 04:41 - 001769688 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe

2020-11-18 18:15 - 2020-11-08 04:41 - 001769688 _____ C:\WINDOWS\system32\vulkaninfo.exe

2020-11-18 18:15 - 2020-11-08 04:41 - 001370328 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe

2020-11-18 18:15 - 2020-11-08 04:41 - 001370328 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe

2020-11-18 18:15 - 2020-11-08 04:41 - 001054944 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll

2020-11-18 18:15 - 2020-11-08 04:41 - 001054944 _____ C:\WINDOWS\system32\vulkan-1.dll

2020-11-18 18:15 - 2020-11-08 04:41 - 000917728 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll

2020-11-18 18:15 - 2020-11-08 04:41 - 000917728 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll

2020-11-18 18:15 - 2020-11-08 04:41 - 000455408 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll

2020-11-18 18:15 - 2020-11-08 04:41 - 000349936 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll

2020-11-18 18:15 - 2020-11-08 04:38 - 002096880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll

2020-11-18 18:15 - 2020-11-08 04:38 - 001585560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll

2020-11-18 18:15 - 2020-11-08 04:38 - 001506032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll

2020-11-18 18:15 - 2020-11-08 04:38 - 001159920 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll

2020-11-18 18:15 - 2020-11-08 04:38 - 001027992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll

2020-11-18 18:15 - 2020-11-08 04:38 - 000816368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll

2020-11-18 18:15 - 2020-11-08 04:38 - 000813464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll

2020-11-18 18:15 - 2020-11-08 04:38 - 000674712 _____ C:\WINDOWS\system32\nvofapi64.dll

2020-11-18 18:15 - 2020-11-08 04:38 - 000670616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll

2020-11-18 18:15 - 2020-11-08 04:38 - 000590576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe

2020-11-18 18:15 - 2020-11-08 04:38 - 000556440 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll

2020-11-18 18:15 - 2020-11-08 04:38 - 000543128 _____ C:\WINDOWS\SysWOW64\nvofapi.dll

2020-11-18 18:15 - 2020-11-08 04:37 - 007707544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll

2020-11-18 18:15 - 2020-11-08 04:37 - 006858992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll

2020-11-18 18:15 - 2020-11-08 04:37 - 004175256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll

2020-11-18 18:15 - 2020-11-08 04:37 - 002509720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll

2020-11-18 18:15 - 2020-11-08 04:37 - 000849648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe

2020-11-18 18:15 - 2020-11-08 04:37 - 000445848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe

2020-11-18 18:15 - 2020-11-08 04:36 - 005976296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll

2020-11-18 18:15 - 2020-11-07 15:01 - 000080930 _____ C:\WINDOWS\system32\nvinfo.pb

2020-11-18 18:13 - 2020-11-18 18:13 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime

2020-11-18 18:09 - 2020-11-18 18:09 - 000003840 _____ C:\WINDOWS\system32\Tasks\Intel PTT EK Recertification

2020-11-17 13:47 - 2020-11-16 18:53 - 000000000 ____D C:\Windows.old

2020-11-17 13:45 - 2020-11-17 13:47 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate

2020-11-17 13:44 - 2020-11-17 13:45 - 000000000 ____D C:\WINDOWS\ServiceProfiles

2020-11-17 13:44 - 2020-11-17 13:44 - 000008192 _____ C:\WINDOWS\system32\config\userdiff

2020-11-17 13:43 - 2020-11-17 13:43 - 000000000 ____D C:\ProgramData\ssh

2020-11-17 13:41 - 2020-11-17 13:41 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll

2020-11-17 13:41 - 2020-11-17 13:41 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb

2020-11-17 13:41 - 2020-11-17 13:41 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb

2020-11-17 13:41 - 2020-11-17 13:41 - 001309504 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi

2020-11-17 13:41 - 2020-11-17 13:41 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll

2020-11-17 13:41 - 2020-11-17 13:41 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll

2020-11-17 13:41 - 2020-11-17 13:41 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll

2020-11-17 13:41 - 2020-11-17 13:41 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl

2020-11-17 13:41 - 2020-11-17 13:41 - 000580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr

2020-11-17 13:41 - 2020-11-17 13:41 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr

2020-11-17 13:41 - 2020-11-17 13:41 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl

2020-11-17 13:41 - 2020-11-17 13:41 - 000467968 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll

2020-11-17 13:41 - 2020-11-17 13:41 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax

2020-11-17 13:41 - 2020-11-17 13:41 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl

2020-11-17 13:41 - 2020-11-17 13:41 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax

2020-11-17 13:41 - 2020-11-17 13:41 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl

2020-11-17 13:41 - 2020-11-17 13:41 - 000137016 _____ C:\WINDOWS\system32\HvsiManagementApi.dll

2020-11-17 13:41 - 2020-11-17 13:41 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\activeds.tlb

2020-11-17 13:41 - 2020-11-17 13:41 - 000111616 _____ C:\WINDOWS\system32\RDVGHelper.exe

2020-11-17 13:41 - 2020-11-17 13:41 - 000101688 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll

2020-11-17 13:41 - 2020-11-17 13:41 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl

2020-11-17 13:41 - 2020-11-17 13:41 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx

2020-11-17 13:41 - 2020-11-17 13:41 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx

2020-11-17 13:41 - 2020-11-17 13:41 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll

2020-11-17 13:41 - 2020-11-17 13:41 - 000045880 _____ C:\WINDOWS\system32\HvSocket.dll

2020-11-17 13:41 - 2020-11-17 13:41 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll

2020-11-17 13:41 - 2020-11-17 13:41 - 000009265 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim

2020-11-17 13:40 - 2020-11-17 13:40 - 004898144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll

2020-11-17 13:40 - 2020-11-17 13:40 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin

2020-11-17 13:40 - 2020-11-17 13:40 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll

2020-11-17 13:40 - 2020-11-17 13:40 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll

2020-11-17 13:40 - 2020-11-17 13:40 - 001822256 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi

2020-11-17 13:40 - 2020-11-17 13:40 - 001393472 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi

2020-11-17 13:40 - 2020-11-17 13:40 - 001354080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll

2020-11-17 13:40 - 2020-11-17 13:40 - 001333248 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll

2020-11-17 13:40 - 2020-11-17 13:40 - 001162240 _____ C:\WINDOWS\system32\MBR2GPT.EXE

2020-11-17 13:40 - 2020-11-17 13:40 - 001091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll

2020-11-17 13:40 - 2020-11-17 13:40 - 001032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll

2020-11-17 13:40 - 2020-11-17 13:40 - 000707544 _____ C:\WINDOWS\system32\TextShaping.dll

2020-11-17 13:40 - 2020-11-17 13:40 - 000645120 _____ C:\WINDOWS\system32\WindowManagementAPI.dll

2020-11-17 13:40 - 2020-11-17 13:40 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll

2020-11-17 13:40 - 2020-11-17 13:40 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv

2020-11-17 13:40 - 2020-11-17 13:40 - 000455168 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll

2020-11-17 13:40 - 2020-11-17 13:40 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll

2020-11-17 13:40 - 2020-11-17 13:40 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv

2020-11-17 13:40 - 2020-11-17 13:40 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll

2020-11-17 13:40 - 2020-11-17 13:40 - 000306176 _____ C:\WINDOWS\system32\HeatCore.dll

2020-11-17 13:40 - 2020-11-17 13:40 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll

2020-11-17 13:40 - 2020-11-17 13:40 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl

2020-11-17 13:40 - 2020-11-17 13:40 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll

2020-11-17 13:40 - 2020-11-17 13:40 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl

2020-11-17 13:40 - 2020-11-17 13:40 - 000197632 _____ C:\WINDOWS\system32\IHDS.dll

2020-11-17 13:40 - 2020-11-17 13:40 - 000165376 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe

2020-11-17 13:40 - 2020-11-17 13:40 - 000152576 _____ C:\WINDOWS\system32\EoAExperiences.exe

2020-11-17 13:40 - 2020-11-17 13:40 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\activeds.tlb

2020-11-17 13:40 - 2020-11-17 13:40 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl

2020-11-17 13:40 - 2020-11-17 13:40 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll

2020-11-17 13:40 - 2020-11-17 13:40 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll

2020-11-17 13:40 - 2020-11-17 13:40 - 000064552 _____ C:\WINDOWS\system32\umpdc.dll

2020-11-17 13:40 - 2020-11-17 13:40 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe

2020-11-17 13:40 - 2020-11-17 13:40 - 000056672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll

2020-11-17 13:40 - 2020-11-17 13:40 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll

2020-11-17 13:40 - 2020-11-17 13:40 - 000047472 _____ C:\WINDOWS\SysWOW64\umpdc.dll

2020-11-17 13:40 - 2020-11-17 13:40 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.drv

2020-11-17 13:40 - 2020-11-17 13:40 - 000029696 _____ (The ICU Project) C:\WINDOWS\system32\icuuc.dll

2020-11-17 13:40 - 2020-11-17 13:40 - 000025088 _____ (The ICU Project) C:\WINDOWS\system32\icuin.dll

2020-11-17 13:40 - 2020-11-17 13:40 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.drv

2020-11-17 13:40 - 2020-11-17 13:40 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe

2020-11-17 13:36 - 2020-11-17 13:47 - 000000000 ____D C:\Program Files (x86)\MSBuild

2020-11-17 13:36 - 2020-11-17 13:36 - 000000000 ____D C:\Program Files\Reference Assemblies

2020-11-17 13:36 - 2020-11-17 13:36 - 000000000 ____D C:\Program Files\MSBuild

2020-11-17 13:36 - 2020-11-17 13:36 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies

2020-11-17 09:52 - 2020-11-17 09:52 - 000000000 ____D C:\Users\origi\AppData\Roaming\HelloGames

2020-11-17 09:37 - 2020-11-17 09:37 - 000000629 _____ C:\Users\Public\Desktop\No Man's Sky.lnk

2020-11-17 09:37 - 2020-11-17 09:37 - 000000629 _____ C:\ProgramData\Desktop\No Man's Sky.lnk

2020-11-17 09:36 - 2020-11-27 11:54 - 000000000 ____D C:\Users\origi\AppData\Roaming\SUPERHOTMCD

2020-11-17 09:34 - 2020-11-17 09:34 - 000000669 _____ C:\Users\Public\Desktop\SUPERHOT - MIND CONTROL DELETE.lnk

2020-11-17 09:34 - 2020-11-17 09:34 - 000000669 _____ C:\ProgramData\Desktop\SUPERHOT - MIND CONTROL DELETE.lnk

2020-11-16 18:57 - 2020-11-18 18:16 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2020-11-16 18:56 - 2020-11-16 18:56 - 000000000 ____D C:\ProgramData\Microsoft OneDrive

2020-11-16 18:53 - 2020-11-24 20:22 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT

2020-11-16 18:53 - 2020-11-24 19:37 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task

2020-11-16 18:53 - 2020-11-16 18:53 - 000007623 _____ C:\WINDOWS\diagwrn.xml

2020-11-16 18:53 - 2020-11-16 18:53 - 000007623 _____ C:\WINDOWS\diagerr.xml

2020-11-16 18:53 - 2020-11-16 18:53 - 000003710 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier

2020-11-16 18:53 - 2020-11-16 18:53 - 000003408 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA

2020-11-16 18:53 - 2020-11-16 18:53 - 000003398 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2020-11-16 18:53 - 2020-11-16 18:53 - 000003346 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA

2020-11-16 18:53 - 2020-11-16 18:53 - 000003196 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2020-11-16 18:53 - 2020-11-16 18:53 - 000003184 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore

2020-11-16 18:53 - 2020-11-16 18:53 - 000003152 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2020-11-16 18:53 - 2020-11-16 18:53 - 000003122 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore

2020-11-16 18:53 - 2020-11-16 18:53 - 000002984 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2020-11-16 18:53 - 2020-11-16 18:53 - 000002966 _____ C:\WINDOWS\system32\Tasks\BlueStacksHelper

2020-11-16 18:53 - 2020-11-16 18:53 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2020-11-16 18:53 - 2020-11-16 18:53 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2020-11-16 18:53 - 2020-11-16 18:53 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2020-11-16 18:53 - 2020-11-16 18:53 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2020-11-16 18:53 - 2020-11-16 18:53 - 000002914 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2020-11-16 18:53 - 2020-11-16 18:53 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1797817695-3140524087-3623043744-1001

2020-11-16 18:53 - 2020-11-16 18:53 - 000002744 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2020-11-16 18:53 - 2020-11-16 18:53 - 000002638 _____ C:\WINDOWS\system32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}

2020-11-16 18:53 - 2020-11-16 18:53 - 000000020 ___SH C:\Users\origi\ntuser.ini

2020-11-16 18:53 - 2020-11-16 18:53 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla

2020-11-16 18:49 - 2020-11-25 22:18 - 000000000 ____D C:\Users\origi

2020-11-16 18:49 - 2019-12-07 20:10 - 000001105 _____ C:\Users\origi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2020-11-16 18:47 - 2020-11-27 18:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy

2020-11-16 18:47 - 2020-11-24 20:22 - 000008192 ___SH C:\DumpStack.log.tmp

2020-11-16 18:47 - 2020-11-16 18:47 - 000443608 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2020-11-16 17:40 - 2020-11-16 18:53 - 000000000 ___DC C:\WINDOWS\Panther

2020-11-16 17:36 - 2020-11-16 17:36 - 000000000 ___HD C:\$WinREAgent

2020-11-16 17:31 - 2020-08-03 22:37 - 000065910 _____ C:\Users\origi\Documents\Tom Leys - CV.pdf

2020-11-16 17:30 - 2020-11-23 21:07 - 000000000 ____D C:\Users\origi\Documents\My Games

2020-11-15 20:11 - 2020-11-15 20:11 - 000000000 ____D C:\Users\origi\Downloads\Django Unchained 2012 BluRay 720p [Hindi 2.0 + English 5.1] AAC x264 ESub - mkvCinemas [Telly]

2020-11-14 12:43 - 2020-11-14 12:43 - 000000000 ____D C:\Users\origi\AppData\LocalLow\Hopoo Games, LLC

2020-11-14 12:40 - 2020-11-14 12:40 - 000000573 _____ C:\Users\Public\Desktop\Risk of Rain 2.lnk

2020-11-14 12:40 - 2020-11-14 12:40 - 000000573 _____ C:\ProgramData\Desktop\Risk of Rain 2.lnk

2020-11-14 12:37 - 2020-11-14 12:37 - 000000000 ____D C:\Users\origi\AppData\Local\Mordhau

2020-11-14 12:13 - 2020-11-14 12:13 - 000000487 _____ C:\Users\Public\Desktop\Mordhau.lnk

2020-11-14 12:13 - 2020-11-14 12:13 - 000000487 _____ C:\ProgramData\Desktop\Mordhau.lnk

2020-11-11 23:27 - 2020-11-11 23:27 - 000042673 _____ C:\Users\origi\Documents\Book1.xlsx

2020-11-11 17:23 - 2020-11-27 16:25 - 000000000 ____D C:\Program Files\Mozilla Firefox

2020-11-06 21:31 - 2020-11-06 21:31 - 000000807 _____ C:\Users\Public\Desktop\Sniper - Ghost Warrior Contracts.lnk

2020-11-06 21:31 - 2020-11-06 21:31 - 000000807 _____ C:\ProgramData\Desktop\Sniper - Ghost Warrior Contracts.lnk

2020-11-06 16:22 - 2020-11-16 18:49 - 000000000 ____D C:\Users\origi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server

2020-11-06 16:22 - 2020-11-09 21:46 - 000000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server

2020-11-04 21:19 - 2020-11-27 18:36 - 000000000 ____D C:\Users\origi\AppData\Roaming\WeMod

2020-11-04 21:19 - 2020-11-27 13:36 - 000002159 _____ C:\Users\origi\Desktop\WeMod.lnk

2020-11-04 21:19 - 2020-11-27 13:36 - 000000000 ____D C:\Users\origi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WeMod

2020-11-04 17:20 - 2020-11-04 17:20 - 000000000 ____D C:\Users\origi\AppData\Roaming\CreamAPI

2020-11-04 15:29 - 2020-11-04 15:35 - 000000000 ____D C:\Users\origi\AppData\Roaming\Sekiro

2020-11-04 15:12 - 2020-11-04 15:12 - 000000617 _____ C:\Users\Public\Desktop\Sekiro - Shadows Die Twice.lnk

2020-11-04 15:12 - 2020-11-04 15:12 - 000000617 _____ C:\ProgramData\Desktop\Sekiro - Shadows Die Twice.lnk

2020-11-04 14:56 - 2020-11-04 14:56 - 000000000 ____D C:\Users\origi\Documents\DyingLight

2020-11-04 14:29 - 2020-11-04 17:33 - 000000703 _____ C:\Users\Public\Desktop\Dying Light - Ultimate Collection.lnk

2020-11-04 14:29 - 2020-11-04 17:33 - 000000703 _____ C:\ProgramData\Desktop\Dying Light - Ultimate Collection.lnk

2020-11-04 14:27 - 2020-11-04 14:27 - 000001760 _____ C:\WINDOWS\system32\Drivers\etc\hosts.rollback

2020-11-04 14:27 - 2019-03-19 15:49 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.backup

2020-11-04 14:03 - 2020-11-04 14:03 - 000000553 _____ C:\Users\Public\Desktop\Hades.lnk

2020-11-04 14:03 - 2020-11-04 14:03 - 000000553 _____ C:\Users\Public\Desktop\Hades (x86).lnk

2020-11-04 14:03 - 2020-11-04 14:03 - 000000553 _____ C:\ProgramData\Desktop\Hades.lnk

2020-11-04 14:03 - 2020-11-04 14:03 - 000000553 _____ C:\ProgramData\Desktop\Hades (x86).lnk

2020-11-03 17:25 - 2020-11-03 21:15 - 000000000 ____D C:\Users\origi\Documents\Teardown

2020-11-03 16:42 - 2020-11-03 16:42 - 000000000 ____D C:\Users\origi\AppData\LocalLow\noio

2020-11-01 22:07 - 2020-11-08 21:52 - 000000000 ____D C:\Users\origi\AppData\Roaming\EasyAntiCheat

2020-10-30 23:58 - 2020-10-30 23:58 - 000066808 _____ (Logitech) C:\WINDOWS\system32\Drivers\logi_joy_xlcore.sys

2020-10-30 23:58 - 2020-10-30 23:58 - 000038136 _____ (Logitech) C:\WINDOWS\system32\Drivers\logi_joy_bus_enum.sys

2020-10-30 23:58 - 2020-10-30 23:58 - 000026672 _____ (Logitech) C:\WINDOWS\system32\Drivers\logi_joy_vir_hid.sys

2020-10-30 23:14 - 2020-10-23 07:19 - 000222112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys

2020-10-30 23:14 - 2020-10-23 07:19 - 000067456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys

2020-10-30 23:14 - 2020-10-23 07:19 - 000038632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhdap64.dll

2020-10-30 23:12 - 2020-11-08 04:38 - 000656112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll

2020-10-30 23:12 - 2020-11-08 04:36 - 007005008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll

2020-10-30 23:12 - 2020-10-28 14:49 - 005519600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll

2020-10-28 22:20 - 2020-10-19 16:42 - 000069608 _____ C:\WINDOWS\system32\FvSDK_x64.dll

2020-10-28 22:20 - 2020-10-19 16:42 - 000058344 _____ C:\WINDOWS\SysWOW64\FvSDK_x86.dll

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-11-27 18:32 - 2019-12-18 20:58 - 000000000 ____D C:\Program Files (x86)\Steam

2020-11-27 18:30 - 2019-12-07 20:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2020-11-27 18:27 - 2020-01-28 13:17 - 000000000 ____D C:\Users\origi\AppData\Local\Battle.net

2020-11-27 18:03 - 2019-12-18 21:56 - 000000000 ____D C:\Users\origi\AppData\Roaming\Discord

2020-11-27 17:38 - 2019-12-19 12:33 - 000000000 ____D C:\ProgramData\NVIDIA

2020-11-27 17:35 - 2019-12-18 20:59 - 000000000 ____D C:\Users\origi\AppData\Roaming\Spotify

2020-11-27 17:31 - 2020-01-19 15:25 - 000000000 ____D C:\Program Files\Rockstar Games

2020-11-27 17:31 - 2020-01-19 15:25 - 000000000 ____D C:\Program Files (x86)\Rockstar Games

2020-11-27 17:28 - 2020-05-03 16:32 - 000000000 ____D C:\Users\origi\AppData\Local\Ubisoft Game Launcher

2020-11-27 17:28 - 2019-12-19 12:36 - 000000000 ____D C:\ProgramData\Package Cache

2020-11-27 17:26 - 2019-12-19 23:41 - 000000000 ____D C:\Users\origi\AppData\LocalLow\Mozilla

2020-11-27 13:36 - 2019-12-18 21:56 - 000000000 ____D C:\Users\origi\AppData\Local\SquirrelTemp

2020-11-27 13:31 - 2019-12-25 21:04 - 000000000 ____D C:\Users\origi\AppData\Roaming\uTorrent

2020-11-26 23:26 - 2019-12-07 20:14 - 000000000 ____D C:\WINDOWS\AppReadiness

2020-11-26 18:39 - 2019-12-18 20:59 - 000000000 ____D C:\Users\origi\AppData\Local\Spotify

2020-11-26 00:06 - 2019-12-07 20:14 - 000000000 ___HD C:\Program Files\WindowsApps

2020-11-25 22:08 - 2020-08-12 20:56 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk

2020-11-25 22:08 - 2020-08-12 20:56 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk

2020-11-25 22:08 - 2020-08-12 20:56 - 000002276 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk

2020-11-24 20:25 - 2019-12-23 16:45 - 000000000 ____D C:\Users\origi\AppData\Local\CrashDumps

2020-11-24 20:21 - 2019-12-19 12:24 - 000000000 ____D C:\ProgramData\Kaspersky Lab

2020-11-24 20:21 - 2019-12-07 20:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI

2020-11-24 20:21 - 2019-12-07 20:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM

2020-11-24 19:52 - 2020-10-08 22:14 - 000000000 ____D C:\Program Files\Cheat Engine 7.1

2020-11-24 19:36 - 2020-08-03 21:29 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

2020-11-23 21:07 - 2019-12-26 16:49 - 000000000 ____D C:\Users\origi\AppData\Local\BattlEye

2020-11-23 20:26 - 2019-12-07 20:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP

2020-11-23 20:11 - 2020-09-06 23:33 - 000000008 __RSH C:\ProgramData\ntuser.pol

2020-11-23 20:09 - 2019-03-19 15:52 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy

2020-11-22 19:48 - 2019-12-18 22:45 - 000000000 ____D C:\Users\origi\AppData\Local\D3DSCache

2020-11-21 21:42 - 2020-10-03 13:35 - 000000000 ____D C:\Users\origi\AppData\LocalLow\Temp

2020-11-21 21:41 - 2020-04-16 22:50 - 000000000 ____D C:\Users\origi\AppData\Roaming\LGHUB

2020-11-21 21:39 - 2019-12-07 20:13 - 000000000 ____D C:\WINDOWS\INF

2020-11-21 21:34 - 2020-04-17 17:59 - 000000000 ____D C:\Users\origi\AppData\Local\LGHUB

2020-11-19 23:07 - 2019-12-07 20:03 - 000000000 ____D C:\WINDOWS\CbsTemp

2020-11-19 20:43 - 2020-05-03 16:40 - 000000000 ____D C:\Users\origi\AppData\Local\My Games

2020-11-19 19:17 - 2020-05-03 16:32 - 000001310 _____ C:\Users\origi\Desktop\Ubisoft Connect.lnk

2020-11-19 19:17 - 2020-05-03 16:32 - 000000000 ____D C:\Users\origi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft

2020-11-19 17:57 - 2020-07-21 23:22 - 000000000 ____D C:\Battlestate Games

2020-11-19 08:36 - 2019-12-18 21:28 - 001562560 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll

2020-11-19 08:35 - 2020-04-18 17:06 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll

2020-11-19 08:35 - 2019-12-18 21:28 - 000170424 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll

2020-11-19 08:35 - 2019-12-18 21:28 - 000158136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll

2020-11-19 08:35 - 2019-12-18 21:28 - 000154032 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy.dll

2020-11-19 08:35 - 2019-12-18 21:28 - 000033728 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamemodcontrol.exe

2020-11-18 19:48 - 2019-12-19 12:36 - 000000000 ____D C:\Users\origi\AppData\Local\NVIDIA

2020-11-18 18:19 - 2019-12-19 12:36 - 000000000 ____D C:\Users\origi\AppData\Local\NVIDIA Corporation

2020-11-18 18:13 - 2020-07-19 23:19 - 000000000 ___RD C:\Users\origi\iCloudDrive

2020-11-18 14:35 - 2019-12-25 21:02 - 000000000 ____D C:\Users\origi\AppData\Local\BitTorrentHelper

2020-11-17 13:47 - 2020-10-08 22:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.1

2020-11-17 13:47 - 2020-10-03 14:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deus Ex - Mankind Divided [GOG.com]

2020-11-17 13:47 - 2020-10-01 00:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer

2020-11-17 13:47 - 2020-09-16 00:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2020-11-17 13:47 - 2020-09-06 23:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2020-11-17 13:47 - 2020-08-10 01:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda.net Launcher

2020-11-17 13:47 - 2020-08-04 22:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity 2019.4.6f1 (64-bit)

2020-11-17 13:47 - 2020-07-23 00:44 - 000000000 ____D C:\WINDOWS\SysWOW64\3082

2020-11-17 13:47 - 2020-07-23 00:44 - 000000000 ____D C:\WINDOWS\SysWOW64\1055

2020-11-17 13:47 - 2020-07-23 00:44 - 000000000 ____D C:\WINDOWS\SysWOW64\1049

2020-11-17 13:47 - 2020-07-23 00:44 - 000000000 ____D C:\WINDOWS\SysWOW64\1046

2020-11-17 13:47 - 2020-07-23 00:44 - 000000000 ____D C:\WINDOWS\SysWOW64\1045

2020-11-17 13:47 - 2020-07-23 00:44 - 000000000 ____D C:\WINDOWS\SysWOW64\1040

2020-11-17 13:47 - 2020-07-23 00:44 - 000000000 ____D C:\WINDOWS\SysWOW64\1036

2020-11-17 13:47 - 2020-07-23 00:44 - 000000000 ____D C:\WINDOWS\SysWOW64\1033

2020-11-17 13:47 - 2020-07-23 00:44 - 000000000 ____D C:\WINDOWS\SysWOW64\1029

2020-11-17 13:47 - 2020-07-23 00:44 - 000000000 ____D C:\WINDOWS\system32\3082

2020-11-17 13:47 - 2020-07-23 00:44 - 000000000 ____D C:\WINDOWS\system32\1055

2020-11-17 13:47 - 2020-07-23 00:44 - 000000000 ____D C:\WINDOWS\system32\1049

2020-11-17 13:47 - 2020-07-23 00:44 - 000000000 ____D C:\WINDOWS\system32\1046

2020-11-17 13:47 - 2020-07-23 00:44 - 000000000 ____D C:\WINDOWS\system32\1045

2020-11-17 13:47 - 2020-07-23 00:44 - 000000000 ____D C:\WINDOWS\system32\1040

2020-11-17 13:47 - 2020-07-23 00:44 - 000000000 ____D C:\WINDOWS\system32\1036

2020-11-17 13:47 - 2020-07-23 00:44 - 000000000 ____D C:\WINDOWS\system32\1033

2020-11-17 13:47 - 2020-07-23 00:44 - 000000000 ____D C:\WINDOWS\system32\1029

2020-11-17 13:47 - 2020-07-23 00:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSCodium

2020-11-17 13:47 - 2020-07-22 23:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js

2020-11-17 13:47 - 2020-07-21 23:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlestate Games

2020-11-17 13:47 - 2020-07-19 23:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud

2020-11-17 13:47 - 2020-06-16 00:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Divinity - Original Sin 2 [GOG.com]

2020-11-17 13:47 - 2020-05-30 05:39 - 000000000 ____D C:\Program Files\UNP

2020-11-17 13:47 - 2020-04-17 16:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools

2020-11-17 13:47 - 2020-04-11 17:42 - 000000000 ____D C:\WINDOWS\system32\Catroot2.old

2020-11-17 13:47 - 2020-04-04 20:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

2020-11-17 13:47 - 2020-03-15 19:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty Modern Warfare

2020-11-17 13:47 - 2020-02-24 22:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server

2020-11-17 13:47 - 2020-01-28 13:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net

2020-11-17 13:47 - 2020-01-25 00:33 - 000000000 ____D C:\WINDOWS\ShellNew

2020-11-17 13:47 - 2020-01-25 00:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey

2020-11-17 13:47 - 2020-01-13 20:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi

2020-11-17 13:47 - 2020-01-11 13:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black Tree Gaming Ltd

2020-11-17 13:47 - 2020-01-11 12:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher 3 - Wild Hunt [GOG.com]

2020-11-17 13:47 - 2020-01-02 03:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auto Clicker

2020-11-17 13:47 - 2020-01-01 13:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

2020-11-17 13:47 - 2019-12-30 01:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mod Organizer

2020-11-17 13:47 - 2019-12-23 17:15 - 000000000 ____D C:\ProgramData\regid.1995-09.com.example

2020-11-17 13:47 - 2019-12-23 17:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UWPHook

2020-11-17 13:47 - 2019-12-19 12:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

2020-11-17 13:47 - 2019-12-19 12:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security

2020-11-17 13:47 - 2019-12-19 12:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection

2020-11-17 13:47 - 2019-12-18 23:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

2020-11-17 13:47 - 2019-12-18 22:13 - 000000000 ____D C:\WINDOWS\system32\Samsung

2020-11-17 13:47 - 2019-12-18 21:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft Launcher

2020-11-17 13:47 - 2019-12-18 20:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam

2020-11-17 13:47 - 2019-12-07 20:18 - 000000000 ____D C:\WINDOWS\Setup

2020-11-17 13:47 - 2019-12-07 20:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template

2020-11-17 13:47 - 2019-12-07 20:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed

2020-11-17 13:47 - 2019-12-07 20:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase

2020-11-17 13:47 - 2019-12-07 20:14 - 000000000 ____D C:\WINDOWS\system32\spool

2020-11-17 13:47 - 2019-12-07 20:14 - 000000000 ____D C:\WINDOWS\system32\NDF

2020-11-17 13:47 - 2019-12-07 20:14 - 000000000 ____D C:\WINDOWS\system32\Macromed

2020-11-17 13:47 - 2019-12-07 20:14 - 000000000 ____D C:\WINDOWS\system32\AppLocker

2020-11-17 13:47 - 2019-12-07 20:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports

2020-11-17 13:47 - 2019-12-07 20:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared

2020-11-17 13:47 - 2019-03-19 15:52 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated

2020-11-17 13:47 - 2019-03-19 15:52 - 000000000 ____D C:\WINDOWS\system32\MsDtc

2020-11-17 13:47 - 2019-03-19 15:52 - 000000000 ____D C:\WINDOWS\system32\Catroot2.bak

2020-11-17 13:45 - 2020-07-24 00:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017

2020-11-17 13:45 - 2020-07-22 23:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2019

2020-11-17 13:45 - 2020-02-15 10:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com

2020-11-17 13:43 - 2019-12-07 20:54 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll

2020-11-17 13:43 - 2019-12-07 20:54 - 000020908 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml

2020-11-17 13:43 - 2019-12-07 20:54 - 000000000 ___SD C:\WINDOWS\system32\AppV

2020-11-17 13:43 - 2019-12-07 20:54 - 000000000 ____D C:\Program Files\Windows Photo Viewer

2020-11-17 13:43 - 2019-12-07 20:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection

2020-11-17 13:43 - 2019-12-07 20:54 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer

2020-11-17 13:43 - 2019-12-07 20:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12

2020-11-17 13:43 - 2019-12-07 20:14 - 000000000 ___SD C:\WINDOWS\system32\UNP

2020-11-17 13:43 - 2019-12-07 20:14 - 000000000 ___SD C:\WINDOWS\system32\F12

2020-11-17 13:43 - 2019-12-07 20:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs

2020-11-17 13:43 - 2019-12-07 20:14 - 000000000 ___RD C:\WINDOWS\PrintDialog

2020-11-17 13:43 - 2019-12-07 20:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel

2020-11-17 13:43 - 2019-12-07 20:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata

2020-11-17 13:43 - 2019-12-07 20:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup

2020-11-17 13:43 - 2019-12-07 20:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe

2020-11-17 13:43 - 2019-12-07 20:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz

2020-11-17 13:43 - 2019-12-07 20:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism

2020-11-17 13:43 - 2019-12-07 20:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com

2020-11-17 13:43 - 2019-12-07 20:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers

2020-11-17 13:43 - 2019-12-07 20:14 - 000000000 ____D C:\WINDOWS\SystemResources

2020-11-17 13:43 - 2019-12-07 20:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata

2020-11-17 13:43 - 2019-12-07 20:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns

2020-11-17 13:43 - 2019-12-07 20:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform

2020-11-17 13:43 - 2019-12-07 20:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep

2020-11-17 13:43 - 2019-12-07 20:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences

2020-11-17 13:43 - 2019-12-07 20:14 - 000000000 ____D C:\WINDOWS\system32\setup

2020-11-17 13:43 - 2019-12-07 20:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation

2020-11-17 13:43 - 2019-12-07 20:14 - 000000000 ____D C:\WINDOWS\system32\migwiz

2020-11-17 13:43 - 2019-12-07 20:14 - 000000000 ____D C:\WINDOWS\system32\es-MX

2020-11-17 13:43 - 2019-12-07 20:14 - 000000000 ____D C:\WINDOWS\system32\Dism

2020-11-17 13:43 - 2019-12-07 20:14 - 000000000 ____D C:\WINDOWS\system32\Com

2020-11-17 13:43 - 2019-12-07 20:14 - 000000000 ____D C:\WINDOWS\system32\appraiser

2020-11-17 13:43 - 2019-12-07 20:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers

2020-11-17 13:43 - 2019-12-07 20:14 - 000000000 ____D C:\WINDOWS\ShellExperiences

2020-11-17 13:43 - 2019-12-07 20:14 - 000000000 ____D C:\WINDOWS\ShellComponents

2020-11-17 13:43 - 2019-12-07 20:14 - 000000000 ____D C:\WINDOWS\Provisioning

2020-11-17 13:43 - 2019-12-07 20:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions

2020-11-17 13:43 - 2019-12-07 20:14 - 000000000 ____D C:\WINDOWS\DiagTrack

2020-11-17 13:43 - 2019-12-07 20:14 - 000000000 ____D C:\WINDOWS\bcastdvr

2020-11-17 13:43 - 2019-12-07 20:14 - 000000000 ____D C:\Program Files\Common Files\System

2020-11-17 13:43 - 2019-12-07 20:03 - 000000000 ____D C:\WINDOWS\servicing

2020-11-17 13:37 - 2019-12-07 20:52 - 000000000 ____D C:\WINDOWS\OCR

2020-11-17 08:35 - 2019-12-07 20:14 - 000000000 ____D C:\WINDOWS\appcompat

2020-11-17 08:33 - 2019-12-19 12:22 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2020-11-17 08:33 - 2019-12-19 12:22 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2020-11-17 08:33 - 2019-12-19 12:22 - 000002260 _____ C:\ProgramData\Desktop\Google Chrome.lnk

2020-11-17 01:58 - 2019-12-19 12:13 - 000000000 ____D C:\Users\origi\AppData\Local\Packages

2020-11-17 01:58 - 2019-12-19 12:11 - 000000000 ____D C:\ProgramData\Packages

2020-11-16 18:56 - 2020-04-11 16:47 - 000000000 ____D C:\Users\origi\AppData\LocalLow\uTorrent

2020-11-16 18:56 - 2019-12-19 12:13 - 000000000 __RHD C:\Users\Public\AccountPictures

2020-11-16 18:54 - 2019-12-19 12:13 - 000000000 ___RD C:\Users\origi\3D Objects

2020-11-16 18:53 - 2019-12-07 20:14 - 000000000 ____D C:\WINDOWS\system32\oobe

2020-11-16 18:53 - 2019-12-07 20:14 - 000000000 ____D C:\ProgramData\USOPrivate

2020-11-16 18:53 - 2019-12-07 20:14 - 000000000 ____D C:\Program Files\Windows Defender

2020-11-16 18:51 - 2019-12-07 20:14 - 000000000 __RHD C:\Users\Public\Libraries

2020-11-16 18:50 - 2020-07-19 23:19 - 000000000 ____D C:\Users\origi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud

2020-11-16 18:49 - 2020-09-23 13:48 - 000000000 ____D C:\Users\origi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 2.7

2020-11-16 18:49 - 2020-09-23 13:31 - 000000000 ____D C:\Users\origi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.8

2020-11-16 18:49 - 2020-07-25 21:44 - 000000000 ____D C:\Users\origi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Macroplant LLC

2020-11-16 18:49 - 2020-07-01 20:46 - 000000000 ____D C:\Users\origi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SnakeBite

2020-11-16 18:49 - 2020-06-23 19:27 - 000000000 ____D C:\Users\origi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Terraria Tweaker 2

2020-11-16 18:49 - 2020-06-23 18:53 - 000000000 ____D C:\Users\origi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Terraria Tweaker 2 for Terraria 1.3.5.3

2020-11-16 18:49 - 2020-04-05 21:00 - 000000000 ____D C:\Users\origi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom

2020-11-16 18:49 - 2020-01-19 15:22 - 000000000 ____D C:\Users\origi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rockstar Games

2020-11-16 18:49 - 2020-01-01 13:58 - 000000000 ____D C:\Users\origi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

2020-11-16 18:49 - 2019-12-18 21:56 - 000000000 ____D C:\Users\origi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc

2020-11-16 18:48 - 2019-12-19 12:11 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation

2020-11-16 18:47 - 2019-12-07 20:14 - 000000000 ____D C:\WINDOWS\ServiceState

2020-11-16 17:26 - 2019-12-19 12:14 - 000000000 ___RD C:\Users\origi\OneDrive

2020-11-16 17:16 - 2019-12-19 23:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2020-11-16 17:16 - 2019-03-19 15:52 - 000000000 ____D C:\WINDOWS\TextInput

2020-11-15 22:06 - 2019-12-18 23:53 - 000000000 ____D C:\Users\origi\AppData\Roaming\Twitch

2020-11-15 18:10 - 2020-04-17 16:39 - 000000000 ____D C:\Program Files\Microsoft Office

2020-11-14 22:25 - 2020-04-04 20:44 - 000000000 ____D C:\Users\origi\AppData\Roaming\vlc

2020-11-14 12:37 - 2019-12-29 23:33 - 000000000 ____D C:\Users\origi\AppData\Local\UnrealEngine

2020-11-14 11:00 - 2020-07-21 23:23 - 000000791 _____ C:\Users\Public\Desktop\Battlestate Games Launcher.lnk

2020-11-14 11:00 - 2020-07-21 23:23 - 000000791 _____ C:\ProgramData\Desktop\Battlestate Games Launcher.lnk

2020-11-12 01:44 - 2019-12-23 14:33 - 133736600 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2020-11-12 01:44 - 2019-12-23 14:33 - 000000000 ____D C:\WINDOWS\system32\MRT

2020-11-11 23:33 - 2019-12-19 23:40 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk

2020-11-07 00:04 - 2019-12-19 11:58 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd

2020-11-04 14:27 - 2020-06-28 23:21 - 000000000 ____D C:\Users\origi\AppData\Local\GameAnalytics

2020-11-04 10:57 - 2019-12-19 23:13 - 000000000 ____D C:\Users\origi\AppData\LocalLow\MCC

2020-10-31 13:53 - 2020-08-17 00:43 - 000000000 ____D C:\websymbols

2020-10-31 00:03 - 2020-09-06 23:41 - 000795000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

2020-10-28 22:20 - 2019-12-19 12:36 - 000001447 _____ C:\Users\Public\Desktop\GeForce Experience.lnk

2020-10-28 22:20 - 2019-12-19 12:36 - 000001447 _____ C:\ProgramData\Desktop\GeForce Experience.lnk

2020-10-28 22:20 - 2019-12-19 12:36 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation

2020-10-28 22:20 - 2019-12-19 12:11 - 000000000 ____D C:\ProgramData\NVIDIA Corporation

2020-10-28 22:20 - 2019-12-19 12:11 - 000000000 ____D C:\Program Files\NVIDIA Corporation

2020-10-28 00:20 - 2019-12-19 12:15 - 000000000 ____D C:\Users\origi\AppData\Local\PlaceholderTileLogoFolder

==================== Files in the root of some directories ========

2020-08-27 23:25 - 2020-08-27 23:26 - 000000190 _____ () C:\Users\origi\AppData\Roaming\modthegungeon.conf

2020-08-06 21:25 - 2020-08-06 21:25 - 000013981 _____ () C:\Users\origi\AppData\Local\recently-used.xbel

2020-01-21 23:21 - 2020-07-22 00:33 - 000007601 _____ () C:\Users\origi\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-11-2020

Ran by origi (27-11-2020 18:43:00)

Running from C:\Users\origi\Desktop

Windows 10 Pro Version 20H2 19042.630 (X64) (2020-11-16 07:53:44)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1797817695-3140524087-3623043744-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-1797817695-3140524087-3623043744-503 - Limited - Disabled)

Guest (S-1-5-21-1797817695-3140524087-3623043744-501 - Limited - Disabled)

origi (S-1-5-21-1797817695-3140524087-3623043744-1001 - Administrator - Enabled) => C:\Users\origi

WDAGUtilityAccount (S-1-5-21-1797817695-3140524087-3623043744-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Kaspersky Total Security (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}

FW: Kaspersky Total Security (Enabled) {32888857-01C3-7AB6-E095-11CC1854D0A3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.013.20066 - Adobe Systems Incorporated)

Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.303 - Adobe)

AltServer (HKLM-x32\...\{6CC7EBC1-2C38-4717-B13D-CB0A478552EF}) (Version: 1.3.2 - Riley Testut)

AORUS ENGINE (HKLM-x32\...\AORUS ENGINE_is1) (Version: 1.9.2.0 - GIGABYTE Technology Co.,Inc.)

AORUS LCD Panel Setting (HKLM-x32\...\{82026686-454E-4233-83E3-4045BC3FB31C}_is1) (Version: 1.0.3.1 - GIGABYTE Technology Co.,Inc.)

Apple Application Support (32-bit) (HKLM-x32\...\{9738288C-21BC-4F54-AB4F-72F059339376}) (Version: 8.6 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{DEB339C1-2687-43AB-816A-8714F3E26846}) (Version: 8.6 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{C788AE25-3D4E-4D18-811B-3219F778487E}) (Version: 13.5.1.2 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)

Assassin's Creed Valhalla (HKLM-x32\...\Uplay Install 13504) (Version: - Ubisoft)

Audacity 2.4.1 (HKLM-x32\...\Audacity_is1) (Version: 2.4.1 - Audacity Team)

Auto Clicker by Shocker (HKLM-x32\...\Auto Clicker by Shocker_is1) (Version: V3.0.1 - shockingsoft.com)

AutoHotkey 1.1.32.00 (HKLM\...\AutoHotkey) (Version: 1.1.32.00 - Lexikos)

Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)

Battlestate Games Launcher 10.4.2.1226 (HKLM-x32\...\{B0FDA062-7581-4D67-B085-C4E7C358037F}_is1) (Version: 10.4.2.1226 - Battlestate Games)

Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.66.0 - Bethesda Softworks)

BlueStacks App Player (HKLM\...\BlueStacks) (Version: 4.205.0.1006 - BlueStack Systems, Inc.)

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

Call of Duty Modern Warfare (HKLM-x32\...\Call of Duty Modern Warfare) (Version: - Blizzard Entertainment)

Cheat Engine 7.1 (HKLM\...\Cheat Engine_is1) (Version: - Cheat Engine)

ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{0243F145-076D-423A-8F77-218DC8840261}) (Version: 4.8.04119 - Microsoft Corporation) Hidden

Deus Ex: Mankind Divided (HKLM-x32\...\1296690054_is1) (Version: 1.19 hotfix - GOG.com)

Deus Ex: Mankind Divided™ DLC - Season Pass (HKLM-x32\...\1753119582_is1) (Version: 1.19 hotfix - GOG.com)

DiagnosticsHub_CollectionService (HKLM\...\{1F3C3AAC-9F7A-47DA-A082-0ACE770041BE}) (Version: 16.1.28901 - Microsoft Corporation) Hidden

Discord (HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\Discord) (Version: 0.0.308 - Discord Inc.)

Divinity: Original Sin 2 (HKLM-x32\...\1584823040_is1) (Version: 3.6.69.4648 - GOG.com)

Dying Light: Ultimate Collection (HKLM-x32\...\Dying Light: Ultimate Collection_is1) (Version: - )

ENE IO Driver (HKLM-x32\...\{D0512FFD-6194-4D2E-967E-25B82A3322FF}) (Version: 3.3.0 - ENE TECHNOLOGY INC.) Hidden

ENE_AIC_Marvell_HAL (HKLM\...\{085E2365-0A70-4230-B664-02D5E4FE7E9C}) (Version: 1.0.7.0 - ENE TECHNOLOGY INC.) Hidden

ENE_AIC_Marvell_HAL (HKLM-x32\...\{887e18fb-6bc3-4cd4-b34e-32d9ff71bbae}) (Version: 1.0.7.0 - ENE TECHNOLOGY INC.) Hidden

ENE_DRAM_RGB_AIO (HKLM\...\{1745D314-9077-46C9-8562-1C62BAE189B7}) (Version: 1.0.0.9 - Ene Tech.) Hidden

ENE_DRAM_RGB_AIO (HKLM-x32\...\{8bcd6161-a822-4c5a-9711-472cb32c7adf}) (Version: 1.0.0.9 - Ene Tech.) Hidden

ENE_EHD_M2_HAL (HKLM\...\{37A48B7F-D4EA-4863-844E-A284E2AA3C5D}) (Version: 1.0.6.0 - ENE TECHNOLOGY INC.) Hidden

ENE_EHD_M2_HAL (HKLM-x32\...\{d8516682-de60-4332-ad6f-49373754b677}) (Version: 1.0.6.0 - ENE TECHNOLOGY INC.) Hidden

ENE_EHD_SSS_HAL (HKLM\...\{CF703694-01C6-4062-B797-84DB215662BC}) (Version: 1.0.2.0 - ENE TECHNOLOGY INC.) Hidden

ENE_EHD_SSS_HAL (HKLM-x32\...\{9eeadf99-713b-4ab5-9ccd-bf9c1c4d9daf}) (Version: 1.0.2.0 - ENE TECHNOLOGY INC.) Hidden

Entity Framework 6.2.0 Tools for Visual Studio 2019 (HKLM-x32\...\{7C2070BF-8E07-4B5F-A182-FADB0B95AB39}) (Version: 6.2.0.0 - Microsoft Corporation) Hidden

Epic Games Launcher (HKLM-x32\...\{C69A2919-0662-4390-9418-67C931B44C18}) (Version: 1.1.236.0 - Epic Games, Inc.)

Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden

Escape from Tarkov (HKLM-x32\...\EscapeFromTarkov) (Version: 0.12.8.9819 - Battlestate Games)

Fallout 4 GOTY (HKLM\...\Fallout 4 GOTY_is1) (Version: 1.10.82.0 - )

GameInput Redistributable (HKLM-x32\...\{7E52156F-18FE-B953-BEA9-6BE6A77AFDFF}) (Version: 10.1.19041.3906 - Microsoft Corporation)

GIMP 2.10.18 (HKLM\...\GIMP-2_is1) (Version: 2.10.18 - The GIMP Team)

GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 86.0.4240.198 - Google LLC)

Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.31 - Google LLC) Hidden

Grand Theft Auto V (HKLM-x32\...\{5EFC6C07-6B87-43FC-9524-F9E967241741}) (Version: 1.0.2060.1 - Rockstar Games)

Hades (HKLM-x32\...\Hades_is1) (Version: - )

icecap_collection_neutral (HKLM-x32\...\{2A00DCB3-752F-446C-B3B3-1B6ADFBFF3E3}) (Version: 16.6.30014 - Microsoft Corporation) Hidden

icecap_collection_x64 (HKLM\...\{BE5E54C4-6B68-4AE3-A7F4-45F0D29D48D3}) (Version: 16.6.30014 - Microsoft Corporation) Hidden

icecap_collectionresources (HKLM-x32\...\{1E6E5904-E97F-41F7-B3DB-0C8CD3180E3C}) (Version: 16.6.30014 - Microsoft Corporation) Hidden

icecap_collectionresourcesx64 (HKLM-x32\...\{7FD392DF-51A1-4DC1-9C6F-BF7C58A576AC}) (Version: 16.6.30014 - Microsoft Corporation) Hidden

iCloud (HKLM\...\{F0AD317D-AE18-45D0-BE5B-30074AFE6740}) (Version: 7.19.0.10 - Apple Inc.)

iExplorer (HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\2ee35ebaf226322a) (Version: 4.3.4.0 - Macroplant LLC)

Installer (HKLM\...\{E9675998-9B12-4560-8E98-A6CCCDE0BE18}) (Version: 1.0.0 - Default Company Name)

IntelliTraceProfilerProxy (HKLM-x32\...\{7D94CF67-6666-4111-B027-D7AB7F189F70}) (Version: 15.0.18198.01 - Microsoft Corporation) Hidden

iTunes (HKLM\...\{65A59264-DFCE-498D-A091-D124C6EFB6FF}) (Version: 12.10.8.5 - Apple Inc.)

Java 8 Update 261 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180261F0}) (Version: 8.0.2610.12 - Oracle Corporation)

Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden

Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden

LazyClicker (HKLM-x32\...\{FB523953-2434-4FB2-A027-F42B395659F8}) (Version: 1.1.0.27 - LazyClicker)

Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: - Logitech)

LogMeIn Hamachi (HKLM-x32\...\{ECC0FA07-863E-44BC-8B1D-DA22F96E5FB7}) (Version: 2.2.0.633 - LogMeIn, Inc.) Hidden

LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.633 - LogMeIn, Inc.)

Malwarebytes version 4.2.3.96 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.2.3.96 - Malwarebytes)

Microsoft .NET Core SDK 3.1.302 (x64) from Visual Studio (HKLM\...\{539053B2-E414-46BC-B4CD-365E79AFEA79}) (Version: 3.1.302.015188 - Microsoft Corporation)

Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.13328.20356 - Microsoft Corporation)

Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.47 - Microsoft Corporation)

Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.137.99 - )

Microsoft OneDrive (HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0006 - Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM\...\{8D7CE3B0-5379-46FE-9F4B-A65D9F4CC1F1}) (Version: 15.0.1200.24 - Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM-x32\...\{725CC962-98BD-42C7-87D8-51C680FB1779}) (Version: 15.0.1200.24 - Microsoft Corporation)

Microsoft Teams (HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\Teams) (Version: 1.3.00.13565 - Microsoft Corporation)

Microsoft Update Health Tools (HKLM\...\{97238E8A-4919-4A1E-965A-C6C36938F4CE}) (Version: 2.68.0.0 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29112 (HKLM-x32\...\{0f770e99-3916-4b0c-8f9b-83822826bcbf}) (Version: 14.27.29112.0 - Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)

Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 2.6.2037.624 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)

Minecraft Launcher (HKLM-x32\...\{810F1419-7760-402E-8772-B4054FAA2B72}) (Version: 1.0.0.0 - Mojang)

Mordhau (HKLM-x32\...\Mordhau_is1) (Version: - )

Mozilla Firefox 82.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 82.0.3 (x64 en-US)) (Version: 82.0.3 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 71.0 - Mozilla)

No Man's Sky (HKLM-x32\...\No Man's Sky_is1) (Version: - )

Node.js (HKLM\...\{97FD2F60-C3CD-417D-A5F6-C538B37054CC}) (Version: 12.16.3 - Node.js Foundation)

Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.8.6 - Notepad++ Team)

NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden

NVIDIA FrameView SDK 1.1.4923.29214634 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29214634 - NVIDIA Corporation)

NVIDIA GeForce Experience 3.20.5.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.5.70 - NVIDIA Corporation)

NVIDIA Graphics Driver 457.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 457.30 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.38.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.35 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)

NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden

Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13328.20340 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13328.20340 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13328.20340 - Microsoft Corporation) Hidden

Patriot Viper M2 SSD RGB (HKLM\...\{0886A906-0625-4A43-930D-AA92F6665AF4}) (Version: 1.00.04 - Patriot Memory) Hidden

Patriot Viper M2 SSD RGB (HKLM-x32\...\{ebb7013c-0b03-497c-bed1-1e48e806a593}) (Version: 1.00.04 - Patriot Memory)

PlanetSide 2 (HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\DG0-PlanetSide 2) (Version: - Sony Online Entertainment)

Plex Media Server (HKLM-x32\...\{203FDA60-7969-4EB3-BD69-4D1752B3C6F9}) (Version: 1.18.2438 - Plex, Inc.) Hidden

Plex Media Server (HKLM-x32\...\{440398c3-62c1-4e0e-b558-5ca3f78e1d94}) (Version: 1.18.7.2438 - Plex, Inc.)

Python 2.7.18 (64-bit) (HKLM\...\{A5F504DF-2ED9-4A2D-A2F3-9D2750DD42D6}) (Version: 2.7.18150 - Python Software Foundation)

Python 3.8.5 (32-bit) (HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\{44a59e57-34e2-4d86-93ba-a2588bfac760}) (Version: 3.8.5150.0 - Python Software Foundation)

Python 3.8.5 Add to Path (32-bit) (HKLM-x32\...\{2D01141A-8022-4100-B256-02EFB0F1830B}) (Version: 3.8.5150.0 - Python Software Foundation) Hidden

Python 3.8.5 Core Interpreter (32-bit) (HKLM-x32\...\{31F7FCA7-1F15-48FD-BFB9-91FE58FC2F07}) (Version: 3.8.5150.0 - Python Software Foundation) Hidden

Python 3.8.5 Development Libraries (32-bit) (HKLM-x32\...\{657AEF25-7BC3-4E93-A08C-ECD14E8A74AE}) (Version: 3.8.5150.0 - Python Software Foundation) Hidden

Python 3.8.5 Documentation (32-bit) (HKLM-x32\...\{F7A293EB-21B8-45DE-85A5-8ADEB68B9EFB}) (Version: 3.8.5150.0 - Python Software Foundation) Hidden

Python 3.8.5 Executables (32-bit) (HKLM-x32\...\{F6156224-C882-453A-9046-EFCD31982E68}) (Version: 3.8.5150.0 - Python Software Foundation) Hidden

Python 3.8.5 pip Bootstrap (32-bit) (HKLM-x32\...\{71C0D67F-EF42-4C5C-A2AE-04FD8B38AB1C}) (Version: 3.8.5150.0 - Python Software Foundation) Hidden

Python 3.8.5 Standard Library (32-bit) (HKLM-x32\...\{4D147A72-5C01-47B2-8789-1D1969F6AC32}) (Version: 3.8.5150.0 - Python Software Foundation) Hidden

Python 3.8.5 Tcl/Tk Support (32-bit) (HKLM-x32\...\{653FBD26-2D1A-48C1-AAB1-0AB6F2A3749B}) (Version: 3.8.5150.0 - Python Software Foundation) Hidden

Python 3.8.5 Test Suite (32-bit) (HKLM-x32\...\{DE45C740-8250-4A49-8B81-FE347C70E6BA}) (Version: 3.8.5150.0 - Python Software Foundation) Hidden

Python 3.8.5 Utility Scripts (32-bit) (HKLM-x32\...\{9450D936-1E4F-44EF-A0D4-92C471229B98}) (Version: 3.8.5150.0 - Python Software Foundation) Hidden

Python Launcher (HKLM-x32\...\{CEEAEA02-2472-4BF6-8994-52D6783F5575}) (Version: 3.8.7140.0 - Python Software Foundation)

Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.5.1030.101917 - Razer Inc.)

Red Dead Redemption 2 (HKLM-x32\...\Red Dead Redemption 2) (Version: 1.0.1311.27 - Rockstar Games)

RGB Fusion (HKLM-x32\...\{FFA8F1FA-3C2C-4A94-AC0B-0DF47272C25F}) (Version: 3.20.1105.1 - GIGABYTE)

Risk of Rain 2 (HKLM-x32\...\Risk of Rain 2_is1) (Version: - )

RivaTuner Statistics Server 7.2.3 (HKLM-x32\...\RTSS) (Version: 7.2.3 - Unwinder)

Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.32.316 - Rockstar Games)

Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.7.5 - Rockstar Games)

Sekiro: Shadows Die Twice (HKLM-x32\...\Sekiro: Shadows Die Twice_is1) (Version: - )

Sniper: Ghost Warrior Contracts (HKLM-x32\...\Sniper: Ghost Warrior Contracts_is1) (Version: - )

Spotify (HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\Spotify) (Version: 1.1.46.916.g416cacf1 - Spotify AB)

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

Stopping Plex (HKLM-x32\...\{B5747469-E9CA-4F7C-A964-0A32DF449B24}) (Version: 1.18.2438 - Plex, Inc.) Hidden

superhot: mind control delete (HKLM-x32\...\superhot: mind control delete_is1) (Version: - )

Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.4461 - Microsoft Corporation)

Terraria Tweaker 2 (HKLM-x32\...\TiberiumFusion Terraria Tweaker 2) (Version: "2.3.1405.0" - TiberiumFusion)

Terraria Tweaker 2 for Terraria 1.3.5.3 (HKLM-x32\...\TiberiumFusion Terraria Tweaker 2 for Terraria 1.3.5.3) (Version: "2.2.1353.0" - TiberiumFusion)

The Witcher 3 - Wild Hunt (HKLM-x32\...\1495134320_is1) (Version: 2.0.0.51 - GOG.com)

thriXXX 3DKink-500.001 (HKLM-x32\...\3DKink-500.001) (Version: - thriXXX Software GmbH)

Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Uplay Install 635) (Version: - Ubisoft Montreal)

Twitch (HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 8.0.0 - Twitch Interactive, Inc.)

Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 103.2 - Ubisoft)

UE4 Prerequisites (x64) (HKLM-x32\...\{4e242cc8-5e3c-4b08-9d55-dbc62ddd1208}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden

Unity (HKLM-x32\...\Unity) (Version: 2019.4.6f1 - Unity Technologies ApS)

Unity Hub 2.3.2 (HKLM\...\{Unity Technologies - Hub}) (Version: 2.3.2 - Unity Technologies Inc.)

Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)

UWPHok (HKLM-x32\...\UWPHook 2.5.1) (Version: 2.5.1 - Briano)

UWPHook (HKLM-x32\...\{52B9D66E-8B17-4E82-94EE-9664614B67A2}) (Version: 2.5.1 - Briano) Hidden

VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version: - VB-Audio Software)

vcpp_crt.redist.clickonce (HKLM-x32\...\{B2AC4CE4-2533-4485-B3B5-2F645C2DD325}) (Version: 14.26.28808 - Microsoft Corporation) Hidden

Visual Studio Community 2019 (HKLM-x32\...\2a34e2d9) (Version: 16.6.30320.27 - Microsoft Corporation)

Visual Studio Team Explorer 2017 (HKLM-x32\...\b0a2d319) (Version: 15.9.28307.1216 - Microsoft Corporation)

VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)

Vortex (HKLM\...\57979c68-f490-55b8-8fed-8b017a5af2fe) (Version: 1.3.4 - Black Tree Gaming Ltd.)

VS Immersive Activate Helper (HKLM-x32\...\{A71406B5-E487-4B01-8E59-D466841350F5}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden

VS JIT Debugger (HKLM\...\{C7E8A4F2-EF09-42A8-B892-69D5ED99D965}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden

vs_BlendMsi (HKLM-x32\...\{B5E3A3E1-1529-4D5A-9E95-34971FA07825}) (Version: 16.0.28329 - Microsoft Corporation) Hidden

vs_clickoncebootstrappermsi (HKLM-x32\...\{BAF91847-0A64-405E-98EC-A0BA6FB4BC4E}) (Version: 16.0.28329 - Microsoft Corporation) Hidden

vs_clickoncebootstrappermsires (HKLM-x32\...\{271F1F42-B547-4498-825F-590DBB1774F7}) (Version: 16.0.28329 - Microsoft Corporation) Hidden

vs_clickoncesigntoolmsi (HKLM-x32\...\{30D97A69-3C0F-4552-9A72-60E591B210C7}) (Version: 16.0.28329 - Microsoft Corporation) Hidden

vs_communitymsi (HKLM-x32\...\{2CCEC45B-1462-4FFD-8214-90E3C25000F7}) (Version: 16.6.30014 - Microsoft Corporation) Hidden

vs_communitymsires (HKLM-x32\...\{95E79BBC-97FD-4FEB-91B5-CC0231324812}) (Version: 16.0.28329 - Microsoft Corporation) Hidden

vs_devenvmsi (HKLM-x32\...\{AD0C92A4-1514-4BC1-A723-A272A8343924}) (Version: 16.0.28329 - Microsoft Corporation) Hidden

vs_filehandler_amd64 (HKLM-x32\...\{7A991159-9069-471D-B85F-89B1E4E66822}) (Version: 16.6.30014 - Microsoft Corporation) Hidden

vs_filehandler_x86 (HKLM-x32\...\{16E73A5A-339C-4177-A0BD-04278C06625C}) (Version: 16.6.30014 - Microsoft Corporation) Hidden

vs_FileTracker_Singleton (HKLM-x32\...\{C8E7C1FC-925C-4163-BAB3-769E6C7961D2}) (Version: 16.6.30014 - Microsoft Corporation) Hidden

vs_minshellinteropmsi (HKLM-x32\...\{27B16914-BC5D-4018-8074-071262A27F6D}) (Version: 16.2.28917 - Microsoft Corporation) Hidden

vs_minshellmsi (HKLM-x32\...\{68B8AD33-CE97-4C3D-9583-669C39D21BA5}) (Version: 15.9.28302 - Microsoft Corporation) Hidden

vs_minshellmsi (HKLM-x32\...\{DA7AB063-D1A3-4D5A-8221-598ACF4574B4}) (Version: 16.6.30014 - Microsoft Corporation) Hidden

vs_minshellmsires (HKLM-x32\...\{EC04CD66-C03A-470D-B0D2-4BBC87F6382D}) (Version: 16.0.28329 - Microsoft Corporation) Hidden

vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{0A54CADD-CBA1-4BC9-A134-6C9F91F41B9A}) (Version: 16.5.29521 - Microsoft Corporation) Hidden

vs_tipsmsi (HKLM-x32\...\{E208E682-50EE-4F2F-9860-C91B906B8A03}) (Version: 16.0.28329 - Microsoft Corporation) Hidden

vs_vswebprotocolselectormsi (HKLM-x32\...\{5F2E2347-2042-4340-BBDD-262BB1791EC7}) (Version: 16.6.30014 - Microsoft Corporation) Hidden

VSCodium (HKLM\...\{D77B7E06-80BA-4137-BCF4-654B95CCEBC5}_is1) (Version: 1.47.2 - Microsoft Corporation)

Watch Dogs Legion (HKLM-x32\...\Uplay Install 3353) (Version: - Ubisoft)

WATCH_DOGS2 (HKLM-x32\...\Uplay Install 2688) (Version: - Ubisoft)

WeMod (HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\WeMod) (Version: 6.3.11 - WeMod)

WinRAR 5.80 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.80.0 - win.rar GmbH)

Zoom (HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\ZoomUMX) (Version: 4.6 - Zoom Video Communications, Inc.)

Packages:

=========

Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.47.2.0_x86__kgqvnymyfvs32 [2020-11-25] (king.com)

Clustertruck -> C:\Program Files\WindowsApps\tinyBuildGames.3289435C1E20_1.0.3.0_x86__3sz1pp2ynv2xe [2020-01-04] (tinyBuild Games)

Death's Gambit -> C:\Program Files\WindowsApps\CartoonInteractiveGroupIn.DeathsGambit_1.0.0.0_x64__6c1aaymwt3dwm [2020-02-18] (Cartoon Interactive Group Inc.)

Farm Heroes Saga -> C:\Program Files\WindowsApps\king.com.FarmHeroesSaga_5.48.4.0_x86__kgqvnymyfvs32 [2020-11-07] (king.com)

FTL: Faster Than Light -> C:\Program Files\WindowsApps\Mutable\SubsetGames.FTLFasterThanLight_1.6.13.0_x86__gvagsjwfgyhyc [2020-01-10] (Subset Games)

Golf With Your Friends -> C:\Program Files\WindowsApps\Team17DigitalLimited.GolfWithYourFriendsWin10_1.0.12.0_x64__j5x4vj4y67jhc [2020-10-29] (Team17 Digital Limited)

Halo: The Master Chief Collection -> C:\Program Files\WindowsApps\Mutable\Microsoft.Chelan_1.1955.0.0_x64__8wekyb3d8bbwe [2020-11-21] (Microsoft Studios)

Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-12-19] (Microsoft Corporation) [MS Ad]

Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-12-19] (Microsoft Corporation) [MS Ad]

Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2020-10-24] (Microsoft Studios) [MS Ad]

My Friend Pedro Win10 -> C:\Program Files\WindowsApps\DevolverDigital.MyFriendPedroWin10_1.0.6.0_x64__6kzv4j18v0c96 [2020-05-06] (Devolver Digital)

NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.958.0_x64__56jybvy8sckqj [2020-06-25] (NVIDIA Corp.)

Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.3.180.0_x64__dt26b99r8h8gj [2020-04-14] (Realtek Semiconductor Corp)

The Master Chief Collection: Halo 2 -> C:\Program Files\WindowsApps\Microsoft.MCCHalo2_1.1448.0.0_x64__8wekyb3d8bbwe [2020-10-26] (Microsoft Studios)

The Master Chief Collection: Halo 3 -> C:\Program Files\WindowsApps\Microsoft.MCCHalo3_1.12.0.0_x64__8wekyb3d8bbwe [2020-10-26] (Microsoft Studios)

The Master Chief Collection: Halo 3: ODST -> C:\Program Files\WindowsApps\Microsoft.MCCHalo3ODST_1.12.0.0_x64__8wekyb3d8bbwe [2020-10-26] (Microsoft Studios)

The Master Chief Collection: Halo CE -> C:\Program Files\WindowsApps\Microsoft.HaloCombatEvolved_1.1367.0.0_x64__8wekyb3d8bbwe [2020-10-26] (Microsoft Studios)

The Master Chief Collection: REACH -> C:\Program Files\WindowsApps\Microsoft.TheMasterChiefCollectionREACH_1.1.0.0_x64__8wekyb3d8bbwe [2020-10-26] (Microsoft Studios)

Totally Accurate Battle Simulator (Game Preview) -> C:\Program Files\WindowsApps\LandfallGames.TotallyAccurateBattleSimulator_1.0.24.0_x64__r2vq7k2y0v9ct [2020-09-01] (Landfall Games)

UNDERTALE -> C:\Program Files\WindowsApps\8-4Ltd.Undertale-Windows10_1.1.0.0_x86__c74r4999cqbdr [2020-01-04] (8-4, Ltd.)

West of Loathing -> C:\Program Files\WindowsApps\Asymmetric.WestofLoathing_1.1111.1111.0_x64__y20smdktffva2 [2020-04-30] (Asymmetric Publications, LLC)

Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2020-04-24] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1797817695-3140524087-3623043744-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\origi\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20091.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1797817695-3140524087-3623043744-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\origi\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20091.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => E:\Program Files\7-Zip\7-zip.dll [2019-02-22] (Igor Pavlov) [File not signed]

ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2020-04-22] (Notepad++ -> )

ContextMenuHandlers1: [Kaspersky Anti-Virus 20.0] -> {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\ShellEx.dll -> No File

ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-05-07] (Apple Inc. -> Apple Inc.)

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => E:\Program Files\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => E:\Program Files\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers2: [Kaspersky Anti-Virus 20.0] -> {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\ShellEx.dll -> No File

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-11-23] (Malwarebytes Corporation -> Malwarebytes)

ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => E:\Program Files\7-Zip\7-zip.dll [2019-02-22] (Igor Pavlov) [File not signed]

ContextMenuHandlers4: [Kaspersky Anti-Virus 20.0] -> {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\ShellEx.dll -> No File

ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5dcb5bbf5c3edcf2\nvshext.dll [2020-11-08] (NVIDIA Corporation -> NVIDIA Corporation)

ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => E:\Program Files\7-Zip\7-zip.dll [2019-02-22] (Igor Pavlov) [File not signed]

ContextMenuHandlers6: [Kaspersky Anti-Virus 20.0] -> {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\ShellEx.dll -> No File

ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-11-23] (Malwarebytes Corporation -> Malwarebytes)

ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => E:\Program Files\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => E:\Program Files\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-29] () [File not signed]

HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-29] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\origi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --force-dark-mode

==================== Loaded Modules (Whitelisted) =============

2020-11-18 18:30 - 2019-08-05 13:26 - 000025088 _____ () [File not signed] C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\BSL430.dll

2020-11-18 18:30 - 2019-08-05 13:26 - 000225792 _____ () [File not signed] C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\GvFireware.dll

2019-08-05 19:50 - 2019-08-05 19:50 - 000009216 _____ () [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\Phison.dll

2020-02-27 04:16 - 2020-02-27 04:16 - 085372416 _____ () [File not signed] C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\libcef.dll

2020-02-27 04:16 - 2020-02-27 04:16 - 000043520 _____ () [File not signed] C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\libUbiCustomEvent.dll

2019-12-29 23:33 - 2019-12-29 23:33 - 098275328 _____ () [File not signed] E:\Program Files\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libcef.dll

2019-12-29 23:33 - 2019-12-29 23:33 - 000092672 _____ () [File not signed] E:\Program Files\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libEGL.dll

2019-12-29 23:33 - 2019-12-29 23:33 - 003922432 _____ () [File not signed] E:\Program Files\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libGLESv2.dll

2020-11-18 18:30 - 2019-08-05 13:27 - 002010112 _____ (GIGA-BYTE TECHNOLOGY CO., LTD.) [File not signed] C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\GbtCpuLib.dll

2020-11-18 18:30 - 2019-08-05 13:27 - 000155648 _____ (GIGA-BYTE TECHNOLOGY CO., LTD.) [File not signed] C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\yccV2.dll

2019-04-15 16:24 - 2019-04-15 16:24 - 000155648 _____ (GIGA-BYTE TECHNOLOGY CO., LTD.) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\yccV2.DLL

2020-11-18 18:30 - 2019-12-09 17:27 - 000289792 _____ (GIGABYTE Technology Co.,Ltd.) [File not signed] C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\GVBIOSLib.dll

2020-11-18 18:30 - 2019-08-05 13:26 - 000628736 _____ (GIGABYTE Technology Co.,Ltd.) [File not signed] C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\GvComW.dll

2020-11-18 18:30 - 2019-08-05 13:26 - 000013312 _____ (GIGABYTE Technology Co.,Ltd.) [File not signed] C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\GvCrypt.dll

2020-11-18 18:30 - 2020-10-23 11:27 - 000474624 _____ (GIGABYTE Technology Co.,Ltd.) [File not signed] C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\GVDisplay.dll

2020-11-18 18:30 - 2019-08-05 13:26 - 000240640 _____ (GIGABYTE Technology Co.,Ltd.) [File not signed] C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\GvIllumLib.dll

2020-11-18 18:30 - 2019-08-05 13:26 - 000218112 _____ (GIGABYTE Technology Co.,Ltd.) [File not signed] C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\GvOrderLib.dll

2020-11-18 18:32 - 2020-09-14 09:07 - 000472576 _____ (GIGABYTE Technology Co.,Ltd.) [File not signed] C:\Program Files (x86)\GIGABYTE\AORUS LCD Panel Setting\GVDisplay.dll

2020-07-08 10:49 - 2020-07-08 10:49 - 000474624 _____ (GIGABYTE Technology Co.,Ltd.) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\GVDisplay.dll

2020-11-05 14:16 - 2020-11-05 14:16 - 000268800 _____ (GIGABYTE Technology Co.,Ltd.) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\GvIllumLib.dll

2020-11-05 07:49 - 2020-11-05 07:49 - 002057728 _____ (GIGABYTE) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\AACDDR_Lib.dll

2020-11-05 07:49 - 2020-11-05 07:49 - 002057728 _____ (GIGABYTE) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\AACPCIeSSD_Lib.dll

2020-11-05 07:49 - 2020-11-05 07:49 - 002057728 _____ (GIGABYTE) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\AACSSD_Lib.dll

2020-11-18 18:30 - 2019-08-05 13:27 - 001079808 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\MFC80U.DLL

2018-08-30 16:26 - 2018-08-30 16:26 - 000053760 _____ (MS) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\MsIo32_Galax.dll

2020-02-27 04:16 - 2020-02-27 04:16 - 000518144 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\chrome_elf.dll

2019-12-29 23:33 - 2019-12-29 23:33 - 000547840 _____ (The Chromium Authors) [File not signed] E:\Program Files\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\chrome_elf.dll

2020-11-18 18:30 - 2019-08-27 13:22 - 000224256 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\GvAutoUpdate.dll

2017-10-05 15:26 - 2017-10-05 15:26 - 002247168 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\CRtive.dll

2018-12-08 08:22 - 2018-12-08 08:22 - 002059264 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\GHidApi.dll

2020-11-05 15:15 - 2020-11-05 15:15 - 000492544 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\GvLedLib.dll

2020-10-22 15:05 - 2020-10-22 15:05 - 002107392 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\SMBCtrl.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

SearchScopes: HKU\S-1-5-21-1797817695-3140524087-3623043744-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2020-09-13] (Microsoft Corporation -> Microsoft Corporation)

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-09-13] (Microsoft Corporation -> Microsoft Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_261\bin\ssv.dll [2020-09-16] (Oracle America, Inc. -> Oracle Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_261\bin\jp2ssv.dll [2020-09-16] (Oracle America, Inc. -> Oracle Corporation)

Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)

Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)

Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)

Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost

IE trusted site: HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\download.microsoft.com -> hxxp://download.microsoft.com

IE trusted site: HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\download.windowsupdate.com -> hxxp://download.windowsupdate.com

IE trusted site: HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\download.windowsupdate.com -> hxxps://download.windowsupdate.com

IE trusted site: HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\localhost -> localhost

IE trusted site: HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\microsoft.com -> hxxp://ntservicepack.microsoft.com

IE trusted site: HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\ntservicepack.microsoft.com -> hxxp://ntservicepack.microsoft.com

IE trusted site: HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\sharepoint.com -> hxxps://mqoutlook-files.sharepoint.com

IE trusted site: HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\update.microsoft.com -> hxxp://update.microsoft.com

IE trusted site: HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\update.microsoft.com -> hxxps://update.microsoft.com

IE trusted site: HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\windows.com -> hxxp://wustat.windows.com

IE trusted site: HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\windowsupdate.com -> hxxp://download.windowsupdate.com

IE trusted site: HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\windowsupdate.com -> hxxps://download.windowsupdate.com

IE trusted site: HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\windowsupdate.microsoft.com -> hxxp://windowsupdate.microsoft.com

IE trusted site: HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\ws.microsoft.com -> hxxp://ws.microsoft.com

IE trusted site: HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\ws.microsoft.com -> hxxps://ws.microsoft.com

IE trusted site: HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\wustat.windows.com -> hxxp://wustat.windows.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 15:49 - 2020-11-23 20:09 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\nodejs\;C:\Program Files\VSCodium\bin;C:\Program Files\dotnet\

HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\Control Panel\Desktop\\Wallpaper -> E:\Pictures\Wallpapers\RGB Circles.jpg

DNS Servers: 192.168.0.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "iTunesHelper"

HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"

HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"

HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk"

HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\StartupApproved\Run: => "utweb"

HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\StartupApproved\Run: => "EpicGamesLauncher"

HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\StartupApproved\Run: => "GogGalaxy"

HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\StartupApproved\Run: => "OneDrive"

HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"

HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\StartupApproved\Run: => "Plex Media Server"

HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\StartupApproved\Run: => "Synapse3"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{F10D8E68-791F-40DA-B562-571EC41B5850}E:\games\risk of rain 2\risk of rain 2.exe] => (Allow) E:\games\risk of rain 2\risk of rain 2.exe () [File not signed]

FirewallRules: [TCP Query User{940071B3-1041-4A24-9CD6-36A0502F8418}E:\games\risk of rain 2\risk of rain 2.exe] => (Allow) E:\games\risk of rain 2\risk of rain 2.exe () [File not signed]

FirewallRules: [{44B75A98-6FC8-40C6-9EBF-C16D01755B28}] => (Allow) E:\Battlestate Games\BsgLauncher\BsgLauncher.exe (Battlestate Games Ltd -> Battlestate Games)

FirewallRules: [{A933E254-B7CE-4C1A-888A-C3E35222C782}] => (Allow) E:\Battlestate Games\BsgLauncher\BsgLauncher.exe (Battlestate Games Ltd -> Battlestate Games)

FirewallRules: [UDP Query User{B6446B56-F82C-4ABC-BB1F-637DEC2B7F89}E:\games\sniper - ghost warrior contracts\win_x64\sgwcontracts.exe] => (Allow) E:\games\sniper - ghost warrior contracts\win_x64\sgwcontracts.exe (CI Games S.A.) [File not signed]

FirewallRules: [TCP Query User{6D2A8BAA-6BB1-4876-9122-F48193FF86BF}E:\games\sniper - ghost warrior contracts\win_x64\sgwcontracts.exe] => (Allow) E:\games\sniper - ghost warrior contracts\win_x64\sgwcontracts.exe (CI Games S.A.) [File not signed]

FirewallRules: [UDP Query User{C4763C34-DCA4-4E02-B3D0-A49C58951873}E:\games\dying light - ultimate collection\dyinglightgame.exe] => (Allow) E:\games\dying light - ultimate collection\dyinglightgame.exe (Techland) [File not signed]

FirewallRules: [TCP Query User{19752260-5051-43C3-B0BA-962487E1C33F}E:\games\dying light - ultimate collection\dyinglightgame.exe] => (Allow) E:\games\dying light - ultimate collection\dyinglightgame.exe (Techland) [File not signed]

FirewallRules: [{08A7615C-013D-445F-8E0E-E7BD1ED90D6E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{027D44AF-D56D-4483-963E-AC5795B19E62}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{7A193A34-7EFE-4DFA-A067-4E753DB615F7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{7187FD66-B038-40AA-9455-58B0BDE2B267}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [UDP Query User{54D767F1-03F2-4457-948B-AF0FB9A293E0}E:\program files\modifiablewindowsapps\halomcc\mcc\binaries\win64\mcc-win64-shipping-winstore.exe] => (Allow) E:\program files\modifiablewindowsapps\halomcc\mcc\binaries\win64\mcc-win64-shipping-winstore.exe (343 Industries (Microsoft Corporation) -> Microsoft Corporation)

FirewallRules: [TCP Query User{95179F55-D539-4CCD-A60D-E65966490B8D}E:\program files\modifiablewindowsapps\halomcc\mcc\binaries\win64\mcc-win64-shipping-winstore.exe] => (Allow) E:\program files\modifiablewindowsapps\halomcc\mcc\binaries\win64\mcc-win64-shipping-winstore.exe (343 Industries (Microsoft Corporation) -> Microsoft Corporation)

FirewallRules: [UDP Query User{F0FD4D93-F6DE-411F-86C9-C69D2BCB6794}E:\program files\call of duty black ops cold war beta\blackopscoldwar.exe] => (Allow) E:\program files\call of duty black ops cold war beta\blackopscoldwar.exe => No File

FirewallRules: [TCP Query User{A3134F08-16BE-4B7D-89F4-48A33035CF54}E:\program files\call of duty black ops cold war beta\blackopscoldwar.exe] => (Allow) E:\program files\call of duty black ops cold war beta\blackopscoldwar.exe => No File

FirewallRules: [UDP Query User{D7ED7EBC-65F4-44DE-9E4B-129A75F9D25B}E:\program files\epic games\rs2v\binaries\win64\risingstorm2.exe] => (Allow) E:\program files\epic games\rs2v\binaries\win64\risingstorm2.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)

FirewallRules: [TCP Query User{60E24A6F-4970-4D38-A294-E392C7E62792}E:\program files\epic games\rs2v\binaries\win64\risingstorm2.exe] => (Allow) E:\program files\epic games\rs2v\binaries\win64\risingstorm2.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)

FirewallRules: [UDP Query User{325DCF6B-91C0-4783-A4CE-8E1F092F642D}E:\program files\epic games\killingfloor2\binaries\win64\kfgame.exe] => (Allow) E:\program files\epic games\killingfloor2\binaries\win64\kfgame.exe => No File

FirewallRules: [TCP Query User{78C9547E-474E-4F31-A8E0-D8386AA715C4}E:\program files\epic games\killingfloor2\binaries\win64\kfgame.exe] => (Allow) E:\program files\epic games\killingfloor2\binaries\win64\kfgame.exe => No File

FirewallRules: [{F44F34B3-9256-463E-A5EF-AD01CA3B2D4D}] => (Allow) E:\SteamLibrary\steamapps\common\D.R.O.N.E. The Game\D.R.O.N.E. Launcher.exe (Five Studios Interactive SL -> Five Studios Interactive)

FirewallRules: [{CB509D4A-F2C1-400A-822A-F96E6F84A3AB}] => (Allow) E:\SteamLibrary\steamapps\common\D.R.O.N.E. The Game\D.R.O.N.E. Launcher.exe (Five Studios Interactive SL -> Five Studios Interactive)

FirewallRules: [UDP Query User{A2390B05-03FD-4FF0-9D91-AD3EC97BD96D}C:\users\origi\twitch\minecraft\install\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\users\origi\twitch\minecraft\install\runtime\jre-x64\bin\javaw.exe

FirewallRules: [TCP Query User{6B3FA829-0710-45F7-A03A-3FD37AEAF171}C:\users\origi\twitch\minecraft\install\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\users\origi\twitch\minecraft\install\runtime\jre-x64\bin\javaw.exe

FirewallRules: [{864D0893-5D28-4E25-97DF-788A8F24600D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{43EC5C06-C5C2-437A-B078-B86D69973A3F}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [UDP Query User{C36AEA6D-181B-4149-AEF0-24A28DF74D3C}E:\emutarkov 12.7.8445\server\server.exe] => (Allow) E:\emutarkov 12.7.8445\server\server.exe (Node.js) [File not signed]

FirewallRules: [TCP Query User{F318B14C-86A2-4A84-9CE2-BCA4DB71EC71}E:\emutarkov 12.7.8445\server\server.exe] => (Allow) E:\emutarkov 12.7.8445\server\server.exe (Node.js) [File not signed]

FirewallRules: [{B13B0A28-5CD1-4D3E-960A-FABE2F743E12}] => (Allow) E:\SteamLibrary\steamapps\common\Aim Lab\AimLab_tb.exe () [File not signed]

FirewallRules: [{BAD16577-D190-4412-98F0-FEFA6098F3EE}] => (Allow) E:\SteamLibrary\steamapps\common\Aim Lab\AimLab_tb.exe () [File not signed]

FirewallRules: [{34020297-0BDC-4BC0-BFD5-3687EAA12AE5}] => (Block) E:\Program Files\Unity\Hub\Editor\2019.4.6f1\Editor\Unity.exe (Unity Technologies Aps -> Unity Technologies ApS)

FirewallRules: [{87219C25-F2EC-40E1-97FC-5D4D41F4338F}] => (Allow) E:\Program Files\Unity\Hub\Editor\2019.4.6f1\Editor\Unity.exe (Unity Technologies Aps -> Unity Technologies ApS)

FirewallRules: [UDP Query User{33DFD611-4C4E-4B7C-B1DA-622AFE290435}E:\program files\unity hub\unity hub.exe] => (Allow) E:\program files\unity hub\unity hub.exe (Unity Technologies SF -> Unity Technologies Inc.)

FirewallRules: [TCP Query User{8D1BB9DB-4E7F-4D46-A3D6-FDDD22AF366C}E:\program files\unity hub\unity hub.exe] => (Allow) E:\program files\unity hub\unity hub.exe (Unity Technologies SF -> Unity Technologies Inc.)

FirewallRules: [{F7861289-6A85-4C72-BDBA-083871DE2E4A}] => (Allow) E:\Program Files\Unity Hub\Unity Hub.exe (Unity Technologies SF -> Unity Technologies Inc.)

FirewallRules: [UDP Query User{45A508BD-343A-4D9E-945F-70CC137AC76C}C:\program files\vscodium\vscodium.exe] => (Allow) C:\program files\vscodium\vscodium.exe (Microsoft Corporation) [File not signed]

FirewallRules: [TCP Query User{BB29CB11-64CD-4DF4-B66E-A95E49B1CFDB}C:\program files\vscodium\vscodium.exe] => (Allow) C:\program files\vscodium\vscodium.exe (Microsoft Corporation) [File not signed]

FirewallRules: [{FD2C0B71-4D0F-4808-8575-3745905AD28B}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [UDP Query User{42B6660B-5ED1-4BDF-ACE0-BCE07F03781E}C:\program files (x86)\altserver\altserver.exe] => (Allow) C:\program files (x86)\altserver\altserver.exe (AltStore LLC) [File not signed]

FirewallRules: [TCP Query User{2E6F1D60-AAEB-48C7-A51E-38370BF4EF6D}C:\program files (x86)\altserver\altserver.exe] => (Allow) C:\program files (x86)\altserver\altserver.exe (AltStore LLC) [File not signed]

FirewallRules: [{306AADBD-AAB4-48E8-B6BE-1D07B1664146}] => (Allow) E:\SteamLibrary\steamapps\common\Portal 2\portal2.exe () [File not signed]

FirewallRules: [{14214BC4-7917-4BE6-8A67-A2CFBA885D72}] => (Allow) E:\SteamLibrary\steamapps\common\Portal 2\portal2.exe () [File not signed]

FirewallRules: [{0AA59250-7B8C-4F0B-B5D8-E7ED64852855}] => (Allow) E:\Program Files\Ubisoft\Ubisoft Game Launcher\Games\WATCH_DOGS2\EAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)

FirewallRules: [{7894A19D-2B41-4099-9E03-82B6D3308E9D}] => (Allow) E:\Program Files\Ubisoft\Ubisoft Game Launcher\Games\WATCH_DOGS2\EAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)

FirewallRules: [{25104F42-C5A8-4AE5-9A08-42298714AADB}] => (Allow) E:\Program Files\Ubisoft\Ubisoft Game Launcher\Games\WATCH_DOGS2\bin_plus\WatchDogs2.exe (Blue Byte GmbH -> Ubisoft Entertainment)

FirewallRules: [{99B4E8E8-1893-45F4-B5B0-AAD3BF112D6F}] => (Allow) E:\Program Files\Ubisoft\Ubisoft Game Launcher\Games\WATCH_DOGS2\bin_plus\WatchDogs2.exe (Blue Byte GmbH -> Ubisoft Entertainment)

FirewallRules: [{D74360E7-C50A-46DF-AD5E-2C9688CF483A}] => (Allow) E:\Program Files\Ubisoft\Ubisoft Game Launcher\Games\WATCH_DOGS2\bin\WatchDogs2.exe (Blue Byte GmbH -> Ubisoft Entertainment)

FirewallRules: [{CCB71434-5169-4097-BA00-7690F3C94336}] => (Allow) E:\Program Files\Ubisoft\Ubisoft Game Launcher\Games\WATCH_DOGS2\bin\WatchDogs2.exe (Blue Byte GmbH -> Ubisoft Entertainment)

FirewallRules: [{902D3AF8-D32A-49DF-BAE8-1CE4254B49EA}] => (Allow) E:\SteamLibrary\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe => No File

FirewallRules: [{FD22DB00-BAB7-421D-A3E1-FE4A6BE12D4B}] => (Allow) E:\SteamLibrary\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe => No File

FirewallRules: [{59509B66-C71C-40E8-B222-A05CF7ADA902}] => (Allow) E:\SteamLibrary\steamapps\common\MGS_TPP\mgsvtpp.exe (Konami Digital Entertainment) [File not signed]

FirewallRules: [{917C14FA-FDFF-4937-BCAE-39FB92079AAC}] => (Allow) E:\SteamLibrary\steamapps\common\MGS_TPP\mgsvtpp.exe (Konami Digital Entertainment) [File not signed]

FirewallRules: [{CEABD935-8832-494B-A277-AD723C16E8F8}] => (Allow) E:\SteamLibrary\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe (Keen Software House s.r.o. -> Keen Software House)

FirewallRules: [{B0039ED2-34D8-4DFB-B8EB-41154C09EB05}] => (Allow) E:\SteamLibrary\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe (Keen Software House s.r.o. -> Keen Software House)

FirewallRules: [{7415C043-6DD1-4770-A6C8-153E8015635A}] => (Allow) E:\SteamLibrary\steamapps\common\BloonsTD6\BloonsTD6.exe () [File not signed]

FirewallRules: [{34EFECF9-D2DC-414B-A068-4E4C11EB15A0}] => (Allow) E:\SteamLibrary\steamapps\common\BloonsTD6\BloonsTD6.exe () [File not signed]

FirewallRules: [{9D3CB140-B85C-431D-851D-33EBBB64EC4B}] => (Allow) E:\SteamLibrary\steamapps\common\Stardew Valley\Stardew Valley.exe (ConcernedApe) [File not signed]

FirewallRules: [{F7A51524-6680-4817-93B3-4FB20321B983}] => (Allow) E:\SteamLibrary\steamapps\common\Stardew Valley\Stardew Valley.exe (ConcernedApe) [File not signed]

FirewallRules: [{3C65C792-A8A6-4101-8CBF-FAD144FE474C}] => (Allow) E:\SteamLibrary\steamapps\common\The Forest\TheForestVR.exe () [File not signed]

FirewallRules: [{76D91F81-F31B-43C4-9177-0E98E20133F9}] => (Allow) E:\SteamLibrary\steamapps\common\The Forest\TheForestVR.exe () [File not signed]

FirewallRules: [{231FB57E-6AF9-4F2C-8C54-DF7F8F2A6C50}] => (Allow) E:\SteamLibrary\steamapps\common\The Forest\TheForest.exe () [File not signed]

FirewallRules: [{501753C0-C5BD-4D9D-839B-268FE5CB0B86}] => (Allow) E:\SteamLibrary\steamapps\common\The Forest\TheForest.exe () [File not signed]

FirewallRules: [{14C03299-DCF1-4508-9CD7-1930CFE6A274}] => (Allow) E:\SteamLibrary\steamapps\common\KingdomComeDeliverance\Bin\Win64\KingdomCome.exe (Warhorse Studios sro) [File not signed]

FirewallRules: [{D2E7ADDF-1589-4FD8-B3FC-B3D85A9B6F5A}] => (Allow) E:\SteamLibrary\steamapps\common\KingdomComeDeliverance\Bin\Win64\KingdomCome.exe (Warhorse Studios sro) [File not signed]

FirewallRules: [UDP Query User{8258957B-DCB5-458C-A270-134327AF3811}E:\program files\gog galaxy\games\divinity - original sin 2\defed\bin\eocapp.exe] => (Allow) E:\program files\gog galaxy\games\divinity - original sin 2\defed\bin\eocapp.exe () [File not signed]

FirewallRules: [TCP Query User{12EB542A-9BFF-47E6-87D3-6F1FF5E34FC6}E:\program files\gog galaxy\games\divinity - original sin 2\defed\bin\eocapp.exe] => (Allow) E:\program files\gog galaxy\games\divinity - original sin 2\defed\bin\eocapp.exe () [File not signed]

FirewallRules: [UDP Query User{C3C791EF-22BA-4F59-BC25-51D0DB5E0278}E:\program files\epic games\sidmeierscivilizationvi\base\binaries\win64eos\civilizationvi.exe] => (Allow) E:\program files\epic games\sidmeierscivilizationvi\base\binaries\win64eos\civilizationvi.exe => No File

FirewallRules: [TCP Query User{6CB92D7C-7DC3-4EF9-8A37-9CF84197A520}E:\program files\epic games\sidmeierscivilizationvi\base\binaries\win64eos\civilizationvi.exe] => (Allow) E:\program files\epic games\sidmeierscivilizationvi\base\binaries\win64eos\civilizationvi.exe => No File

FirewallRules: [{4DF7FE8E-0264-44E6-996A-3EA5A94F8F1E}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)

FirewallRules: [UDP Query User{3EB1A1BC-42C9-44A0-89E2-F9549E72F139}E:\steamlibrary\steamapps\common\terraria\terrariaserver.exe] => (Allow) E:\steamlibrary\steamapps\common\terraria\terrariaserver.exe (Re-Logic) [File not signed]

FirewallRules: [TCP Query User{FFD736D3-BF75-404F-824A-E87DD328C3C6}E:\steamlibrary\steamapps\common\terraria\terrariaserver.exe] => (Allow) E:\steamlibrary\steamapps\common\terraria\terrariaserver.exe (Re-Logic) [File not signed]

FirewallRules: [{479AD954-D64B-46EF-B046-3A916A2EC95F}] => (Allow) E:\SteamLibrary\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed]

FirewallRules: [{8B221CFE-47F8-4418-8A2E-7C501FB79A01}] => (Allow) E:\SteamLibrary\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed]

FirewallRules: [UDP Query User{2BF9EA75-998A-4D25-8EED-266FBB0A448E}E:\program files\epic games\gtav\gta5.exe] => (Allow) E:\program files\epic games\gtav\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)

FirewallRules: [TCP Query User{75B083B5-47D8-4A9F-918B-8CF993A4005E}E:\program files\epic games\gtav\gta5.exe] => (Allow) E:\program files\epic games\gtav\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)

FirewallRules: [UDP Query User{FE0709B9-6DEE-484F-95D1-8F53EEEB9016}E:\program files\rockstar games\red dead redemption 2\rdr2.exe] => (Allow) E:\program files\rockstar games\red dead redemption 2\rdr2.exe (Rockstar Games, Inc. -> Rockstar Games)

FirewallRules: [TCP Query User{80301D8A-7F60-4685-836F-B3CA6609C81A}E:\program files\rockstar games\red dead redemption 2\rdr2.exe] => (Allow) E:\program files\rockstar games\red dead redemption 2\rdr2.exe (Rockstar Games, Inc. -> Rockstar Games)

FirewallRules: [UDP Query User{5A6BBD9F-E23D-49EF-8003-E642669DC7E8}E:\program files\epic games\breakpointdemo\grb.exe] => (Allow) E:\program files\epic games\breakpointdemo\grb.exe => No File

FirewallRules: [TCP Query User{666556D2-4339-4484-ADBA-D27818139021}E:\program files\epic games\breakpointdemo\grb.exe] => (Allow) E:\program files\epic games\breakpointdemo\grb.exe => No File

FirewallRules: [{F5195C8B-3C8F-4A3E-8A2C-09EAA4D02842}] => (Allow) E:\Program Files\Epic Games\BreakpointDemo\GRB_BE.exe => No File

FirewallRules: [{AA3F5F3A-F171-441A-BBE7-4FE7B3C3C54D}] => (Allow) E:\Program Files\Epic Games\BreakpointDemo\GRB_BE.exe => No File

FirewallRules: [{9AB356E3-1C49-45D0-92D7-21143CECE733}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

FirewallRules: [{CF43DDDA-4442-4233-92D0-7B28CA43BE7F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

FirewallRules: [{D32F1D5B-BD93-4F80-84D4-A6F24F3169AF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{A112E236-9BD0-4F0E-8E86-3BD9995DA22A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{DB41F1CC-4157-4B2E-A46B-7773491713E3}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{8FC6E254-4932-44EE-8D54-F26D58C8CDB8}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{FE17E754-D40D-4F7B-B445-04F317D4BA55}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{238925C4-1354-4AA1-865D-9620EE84EE56}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [TCP Query User{56B0067E-EA09-4D6F-83E3-866094057A59}C:\users\origi\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\origi\appdata\roaming\utorrent\utorrent.exe => No File

FirewallRules: [UDP Query User{B4288E7E-F78B-45DB-9477-1BCF095B4053}C:\users\origi\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\origi\appdata\roaming\utorrent\utorrent.exe => No File

FirewallRules: [{FB7BE848-FDE0-4D65-854D-A34E5904B18B}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve -> Valve Corporation)

FirewallRules: [{2E58401E-54F3-4071-9DD0-8A3A3B1F7D5B}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve -> Valve Corporation)

FirewallRules: [{55F4F4E4-6DE8-4FF7-B391-C1E19A1E0988}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)

FirewallRules: [{625B937E-C165-4A10-ABEC-6739A4F19C76}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)

FirewallRules: [{EC3D6E3F-D22B-45FF-86FD-73A42E37BC01}] => (Allow) E:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )

FirewallRules: [{FCE58226-D93B-44EF-B104-E9B412434148}] => (Allow) E:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )

FirewallRules: [TCP Query User{B3D20E8A-DAC4-4319-9B5C-13D59B6BC4D8}C:\users\origi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\origi\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [UDP Query User{FEE9CE96-58F4-4030-88CB-5B5EE3B47F3A}C:\users\origi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\origi\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [TCP Query User{03684179-A6B7-408B-A2B0-41545EC96826}C:\program files (x86)\plex\plex media server\plex media server.exe] => (Allow) C:\program files (x86)\plex\plex media server\plex media server.exe (Plex, Inc. -> Plex, Inc.)

FirewallRules: [UDP Query User{655C2BD9-62B4-4B6D-BD3A-72C4AEC22A73}C:\program files (x86)\plex\plex media server\plex media server.exe] => (Allow) C:\program files (x86)\plex\plex media server\plex media server.exe (Plex, Inc. -> Plex, Inc.)

FirewallRules: [TCP Query User{BE68303A-CA83-45AF-AA41-E58A9D8245F3}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)

FirewallRules: [UDP Query User{32E8EDC4-0755-42CB-8BD0-1A4EB166C618}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)

FirewallRules: [TCP Query User{410561EF-AB33-4577-B74F-B67E1FC6DF4F}E:\program files\call of duty modern warfare\modernwarfare.exe] => (Allow) E:\program files\call of duty modern warfare\modernwarfare.exe (Activision Publishing Inc -> Activision)

FirewallRules: [UDP Query User{B2E877D3-5FF6-4FCA-BB52-BC96F1D944F6}E:\program files\call of duty modern warfare\modernwarfare.exe] => (Allow) E:\program files\call of duty modern warfare\modernwarfare.exe (Activision Publishing Inc -> Activision)

FirewallRules: [TCP Query User{16B1414A-FE63-4C3A-B9C7-5587D7AC39D2}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)

FirewallRules: [UDP Query User{68E21DC7-8280-4F29-80E2-E6BB9677AFC1}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)

FirewallRules: [TCP Query User{79D1F9F0-DBCB-4B21-8FA6-69D2F2F2E332}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)

FirewallRules: [UDP Query User{08C2D746-BDCB-45BF-80E3-DDCDDD0EE60C}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)

FirewallRules: [{420E550E-47C4-4454-A99A-8EE7BBCA1EDA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

FirewallRules: [{8079971B-C0B8-4E0A-9744-6D2A1973AF10}] => (Allow) E:\Program Files\Ubisoft\Ubisoft Game Launcher\Games\New folder\Watch Dogs Legion\bin\WatchDogsLegion.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment)

FirewallRules: [{BCDE392E-AEFB-43AC-AC45-EBCA7CBD289E}] => (Allow) E:\Program Files\Ubisoft\Ubisoft Game Launcher\Games\New folder\Watch Dogs Legion\bin\WatchDogsLegion.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment)

FirewallRules: [{15887DF6-8639-4AAB-A645-BC33B1BACC1D}] => (Allow) E:\Program Files\Ubisoft\Ubisoft Game Launcher\Games\Assassin's Creed Valhalla\ACValhalla_Plus.exe (UBISOFT ENTERTAINMENT INC. -> )

FirewallRules: [{465FB64B-5046-4360-9AEE-EF848A8994D0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{32EAD7C7-073D-4808-8491-BB3BC3B0B971}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{FA6EA858-6A11-4455-8ABF-32AD4BA524C7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{BBD423BF-4015-4ACF-9104-6B0F247AE9E1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{7544C042-590A-40EC-BD55-3CF5B74790E4}] => (Allow) E:\Program Files\Ubisoft\Ubisoft Game Launcher\Games\Tom Clancy's Rainbow Six Siege\rainbowsix_be.exe (BattlEye Innovations e.K. -> BattlEye Innovations)

FirewallRules: [{8767F310-C7B1-4FF3-98AD-F83BF76E2F02}] => (Allow) E:\Program Files\Ubisoft\Ubisoft Game Launcher\Games\Tom Clancy's Rainbow Six Siege\rainbowsix_be.exe (BattlEye Innovations e.K. -> BattlEye Innovations)

FirewallRules: [{F143E14A-ED9B-49A4-BEEF-027B7A355C9C}] => (Allow) E:\Program Files\Ubisoft\Ubisoft Game Launcher\Games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)

FirewallRules: [{7EADD2C3-3F8F-4CAA-B403-E0814133A116}] => (Allow) E:\Program Files\Ubisoft\Ubisoft Game Launcher\Games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)

==================== Restore Points =========================

23-11-2020 21:06:16 Installed DirectX

27-11-2020 17:28:15 Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29112

==================== Faulty Device Manager Devices ============

Name: Kaspersky Security Data Escort Adapter

Description: Kaspersky Security Data Escort Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Kaspersky Security Data Escort Provider

Service: kltap

Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)

Resolution: A registry problem was detected.

This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

==================== Event log errors: ========================

Application errors:

==================

Error: (11/25/2020 12:01:46 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )

Description: The storage optimizer couldn't complete retrim on \\?\Volume{9a8732ff-18d5-0322-1c0f-0df7da13f473}\ because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (11/25/2020 12:01:46 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )

Description: The storage optimizer couldn't complete retrim on \\?\Volume{6f91f53b-c14a-3a64-b8d5-75033d930404}\ because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (11/24/2020 08:25:36 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: explorer.exe, version: 10.0.19041.610, time stamp: 0xab30c679

Faulting module name: ucrtbase.dll, version: 10.0.19041.546, time stamp: 0x43cbc11d

Exception code: 0xc0000409

Fault offset: 0x000000000007287e

Faulting process id: 0x20dc

Faulting application start time: 0x01d6c243c3c81070

Faulting application path: C:\WINDOWS\explorer.exe

Faulting module path: C:\WINDOWS\System32\ucrtbase.dll

Report Id: 62479c28-105e-4e80-adbb-cd6cd7a63d33

Faulting package full name:

Faulting package-relative application ID:

Error: (11/24/2020 08:25:35 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: explorer.exe, version: 10.0.19041.610, time stamp: 0xab30c679

Faulting module name: ucrtbase.dll, version: 10.0.19041.546, time stamp: 0x43cbc11d

Exception code: 0xc0000409

Fault offset: 0x000000000007287e

Faulting process id: 0x1060

Faulting application start time: 0x01d6c243c351cb9e

Faulting application path: C:\WINDOWS\explorer.exe

Faulting module path: C:\WINDOWS\System32\ucrtbase.dll

Report Id: 8dd8dd82-e66a-41e2-95e3-70ec3aec38fd

Faulting package full name:

Faulting package-relative application ID:

Error: (11/24/2020 08:25:34 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: explorer.exe, version: 10.0.19041.610, time stamp: 0xab30c679

Faulting module name: ucrtbase.dll, version: 10.0.19041.546, time stamp: 0x43cbc11d

Exception code: 0xc0000409

Fault offset: 0x000000000007287e

Faulting process id: 0xcc8

Faulting application start time: 0x01d6c243c2dd2f8e

Faulting application path: C:\WINDOWS\explorer.exe

Faulting module path: C:\WINDOWS\System32\ucrtbase.dll

Report Id: 0783a1f3-ceb6-4e65-85d4-87a69114e06b

Faulting package full name:

Faulting package-relative application ID:

Error: (11/24/2020 08:25:33 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: explorer.exe, version: 10.0.19041.610, time stamp: 0xab30c679

Faulting module name: ucrtbase.dll, version: 10.0.19041.546, time stamp: 0x43cbc11d

Exception code: 0xc0000409

Fault offset: 0x000000000007287e

Faulting process id: 0x8e8

Faulting application start time: 0x01d6c243c2680fa4

Faulting application path: C:\WINDOWS\explorer.exe

Faulting module path: C:\WINDOWS\System32\ucrtbase.dll

Report Id: a315d439-23f7-4c2a-aa2e-adb2a5276891

Faulting package full name:

Faulting package-relative application ID:

Error: (11/24/2020 08:25:32 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: explorer.exe, version: 10.0.19041.610, time stamp: 0xab30c679

Faulting module name: ucrtbase.dll, version: 10.0.19041.546, time stamp: 0x43cbc11d

Exception code: 0xc0000409

Fault offset: 0x000000000007287e

Faulting process id: 0x1968

Faulting application start time: 0x01d6c243c1f320f2

Faulting application path: C:\WINDOWS\explorer.exe

Faulting module path: C:\WINDOWS\System32\ucrtbase.dll

Report Id: 2d098043-ea4b-4339-9381-3ca9127dd020

Faulting package full name:

Faulting package-relative application ID:

Error: (11/24/2020 08:25:32 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: explorer.exe, version: 10.0.19041.610, time stamp: 0xab30c679

Faulting module name: ucrtbase.dll, version: 10.0.19041.546, time stamp: 0x43cbc11d

Exception code: 0xc0000409

Fault offset: 0x000000000007287e

Faulting process id: 0x1460

Faulting application start time: 0x01d6c243c17bbe03

Faulting application path: C:\WINDOWS\explorer.exe

Faulting module path: C:\WINDOWS\System32\ucrtbase.dll

Report Id: 4b6139a1-5477-4c9d-88cd-c85a9374e367

Faulting package full name:

Faulting package-relative application ID:

System errors:

=============

Error: (11/24/2020 08:21:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The AORUS LCD Panel Service service terminated unexpectedly. It has done this 1 time(s).

Error: (11/24/2020 07:41:01 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80240017: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.327.1458.0).

Error: (11/24/2020 07:37:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Razer Synapse Service service terminated unexpectedly. It has done this 1 time(s).

Error: (11/24/2020 07:37:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (11/24/2020 07:37:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (11/24/2020 07:37:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The NVIDIA LocalSystem Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.

Error: (11/24/2020 07:37:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The AORUS LCD Panel Service service terminated unexpectedly. It has done this 1 time(s).

Error: (11/24/2020 07:37:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The NVIDIA FrameView SDK service service terminated unexpectedly. It has done this 1 time(s).

Windows Defender:

===================================

Date: 2020-11-27 13:39:54.2010000Z

Description:

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

https://go.microsoft...93&enterprise=0

Name: Trojan:Win32/Wacatac.DE!ml

ID: 2147757793

Severity: Severe

Category: Trojan

Path: file:_C:\Users\origi\AppData\Roaming\WeMod\App\trainers\download\Trainer_30650_e93ea0d06e.dll.1606444777686.tmp

Detection Origin: Local machine

Detection Type: FastPath

Detection Source: Real-Time Protection

Process Name: C:\Users\origi\AppData\Local\WeMod\app-6.3.11\WeMod.exe

Security intelligence Version: AV: 1.327.1600.0, AS: 1.327.1600.0, NIS: 1.327.1600.0

Engine Version: AM: 1.1.17600.5, NIS: 1.1.17600.5

Date: 2020-11-27 13:39:45.1350000Z

Description:

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

https://go.microsoft...93&enterprise=0

Name: Trojan:Win32/Wacatac.DE!ml

ID: 2147757793

Severity: Severe

Category: Trojan

Path: file:_C:\Users\origi\AppData\Roaming\WeMod\App\trainers\download\Trainer_30650_e93ea0d06e.dll.1606444777686.tmp

Detection Origin: Local machine

Detection Type: FastPath

Detection Source: Real-Time Protection

Process Name: C:\Users\origi\AppData\Local\WeMod\app-6.3.11\WeMod.exe

Security intelligence Version: AV: 1.327.1600.0, AS: 1.327.1600.0, NIS: 1.327.1600.0

Engine Version: AM: 1.1.17600.5, NIS: 1.1.17600.5

Date: 2020-11-27 13:39:37.7120000Z

Description:

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

https://go.microsoft...93&enterprise=0

Name: Trojan:Win32/Wacatac.DE!ml

ID: 2147757793

Severity: Severe

Category: Trojan

Path: file:_C:\Users\origi\AppData\Roaming\WeMod\App\trainers\download\Trainer_30650_e93ea0d06e.dll.1606444770255.tmp

Detection Origin: Local machine

Detection Type: FastPath

Detection Source: Real-Time Protection

Process Name: C:\Users\origi\AppData\Local\WeMod\app-6.3.11\WeMod.exe

Security intelligence Version: AV: 1.327.1600.0, AS: 1.327.1600.0, NIS: 1.327.1600.0

Engine Version: AM: 1.1.17600.5, NIS: 1.1.17600.5

Date: 2020-11-27 13:39:13.9190000Z

Description:

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

https://go.microsoft...93&enterprise=0

Name: Trojan:Win32/Wacatac.DE!ml

ID: 2147757793

Severity: Severe

Category: Trojan

Path: file:_C:\Users\origi\AppData\Roaming\WeMod\App\trainers\download\Trainer_30650_e93ea0d06e.dll.1606444736970.tmp

Detection Origin: Local machine

Detection Type: FastPath

Detection Source: Real-Time Protection

Process Name: C:\Users\origi\AppData\Local\WeMod\app-6.3.11\WeMod.exe

Security intelligence Version: AV: 1.327.1600.0, AS: 1.327.1600.0, NIS: 1.327.1600.0

Engine Version: AM: 1.1.17600.5, NIS: 1.1.17600.5

Date: 2020-11-27 13:39:04.4280000Z

Description:

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

https://go.microsoft...93&enterprise=0

Name: Trojan:Win32/Wacatac.DE!ml

ID: 2147757793

Severity: Severe

Category: Trojan

Path: file:_C:\Users\origi\AppData\Roaming\WeMod\App\trainers\download\Trainer_30650_e93ea0d06e.dll.1606444736970.tmp

Detection Origin: Local machine

Detection Type: FastPath

Detection Source: Real-Time Protection

Process Name: C:\Users\origi\AppData\Local\WeMod\app-6.3.11\WeMod.exe

Security intelligence Version: AV: 1.327.1600.0, AS: 1.327.1600.0, NIS: 1.327.1600.0

Engine Version: AM: 1.1.17600.5, NIS: 1.1.17600.5

CodeIntegrity:

===================================

Date: 2020-11-24 20:01:15.8600000Z

Description:

Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.

Date: 2020-11-24 20:01:11.2530000Z

Description:

Date: 2020-11-24 20:01:11.2390000Z

Description:

Date: 2020-11-24 19:55:43.5890000Z

Description:

Date: 2020-11-24 19:55:43.5750000Z

Description:

Date: 2020-11-24 19:51:51.2970000Z

Description:

Date: 2020-11-24 19:51:51.2810000Z

Description:

Date: 2020-11-24 19:40:43.2850000Z

Description:

==================== Memory info ===========================

BIOS: American Megatrends Inc. F8 05/24/2019

Motherboard: Gigabyte Technology Co., Ltd. Z390 UD

Processor: Intel® Core™ i7-9700KF CPU @ 3.60GHz

Percentage of memory in use: 62%

Total physical RAM: 16315.74 MB

Available physical RAM: 6106.4 MB

Total Virtual: 32699.74 MB

Available Virtual: 15884.63 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:476.31 GB) (Free:123.7 GB) NTFS

Drive e: (General Data) (Fixed) (Total:1863 GB) (Free:23.54 GB) NTFS

\\?\Volume{b980258e-7d1d-4849-9afc-62f134671dbe}\ () (Fixed) (Total:0.52 GB) (Free:0.09 GB) NTFS

\\?\Volume{6f91f53b-c14a-3a64-b8d5-75033d930404}\ () (Fixed) (Total:134.04 GB) (Free:0 GB) NTFS

\\?\Volume{9a8732ff-18d5-0322-1c0f-0df7da13f473}\ () (Fixed) (Total:0.38 GB) (Free:0 GB) NTFS

\\?\Volume{5b1288a7-6dfa-3ed5-2a67-433444f12d55}\ () (Fixed) (Total:0.23 GB) (Free:0 GB) NTFS

\\?\Volume{a0c79aa4-df4d-c91a-9b4d-d792d91b3c8f}\ () (Fixed) (Total:0.12 GB) (Free:0 GB) NTFS

\\?\Volume{80d34bf8-f98b-51da-b17a-8eba6eddd503}\ () (Fixed) (Total:0.66 GB) (Free:0 GB) NTFS

\\?\Volume{0b93ca05-ce54-9fb7-26ea-9bfb7aa697a4}\ () (Fixed) (Total:3.6 GB) (Free:0 GB) NTFS

\\?\Volume{3db56128-1cef-3089-2d29-5603c1d1e215}\ () (Fixed) (Total:3.01 GB) (Free:0 GB) NTFS

\\?\Volume{fef99fd2-93ea-80ca-9155-61e105c116a9}\ () (Fixed) (Total:0 GB) (Free:0 GB) NTFS

\\?\Volume{6c13b06c-a0dc-e5f8-ab8a-7be7b50dd034}\ () (Fixed) (Total:0 GB) (Free:0 GB) NTFS

\\?\Volume{39facdf8-c027-8a74-e579-ac7250cc7dc1}\ () (Fixed) (Total:0 GB) (Free:0 GB) NTFS

\\?\Volume{e930a4ec-d1bd-3b79-11a2-3df525ee525a}\ () (Fixed) (Total:0 GB) (Free:0 GB) NTFS

\\?\Volume{a7537661-921f-ed59-a758-f2ff8a6db369}\ () (Fixed) (Total:0 GB) (Free:0 GB) NTFS

\\?\Volume{eaca5632-2c1b-ac1d-f709-31a4953839c1}\ () (Fixed) (Total:3.45 GB) (Free:0 GB) NTFS

\\?\Volume{68f7e57c-6419-88e0-5f5a-c90c1a5bf2f9}\ () (Fixed) (Total:0.39 GB) (Free:0 GB) NTFS

\\?\Volume{0fa0f211-8bd9-4599-9a11-04caf0476453}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

Attempted reading MBR returned 0 bytes.

Could not read MBR for disk 4.

Attempted reading MBR returned 0 bytes.

Could not read MBR for disk 5.

Attempted reading MBR returned 0 bytes.

Could not read MBR for disk 6.

Attempted reading MBR returned 0 bytes.

Could not read MBR for disk 7.

Attempted reading MBR returned 0 bytes.

Could not read MBR for disk 8.

Attempted reading MBR returned 0 bytes.

Could not read MBR for disk 9.

Attempted reading MBR returned 0 bytes.

Could not read MBR for disk 10.

Attempted reading MBR returned 0 bytes.

Could not read MBR for disk 11.

Attempted reading MBR returned 0 bytes.

Could not read MBR for disk 12.

Attempted reading MBR returned 0 bytes.

Could not read MBR for disk 13.

Attempted reading MBR returned 0 bytes.

Could not read MBR for disk 14.

Attempted reading MBR returned 0 bytes.

Could not read MBR for disk 15.

==================== End of Addition.txt =======================

#14
Mingo_TTV

Posted 27 November 2020 - 01:54 AM

Member

Topic Starter
Member
17 posts