Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

suspected virus, also can't open Discord

Started by Lucky Dearly , Dec 07 2020 08:21 PM

  • Please log in to reply

#1
Lucky Dearly
Posted 07 December 2020 - 08:21 PM

Lucky Dearly

    Member

  • Member
  • PipPipPip
  • 349 posts

hey guys, this morning I started to find some trouble in my pc. I noticed the Discord chat app wouldn't open and would give the error message "The application was unable to start correctly (0xc0000005). click ok to close the application"

here's a FRST scan. I had ran a malware bytes scan on my pc and caught a lot of malware, sadly both my telegram app and steam apps got deleted and those need to be reinstalled. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-12-2020
Ran by mewtw_000 (administrator) on GAMERPC2 (MSI MS-7A39) (07-12-2020 17:51:27)
Running from C:\Users\mewtw_000\Desktop
Loaded Profiles: mewtw_000
Platform: Windows 10 Home Version 20H2 19042.630 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPUF.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0359518.inf_amd64_ddc5c961c2795261\B359297\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0359518.inf_amd64_ddc5c961c2795261\B359297\atiesrxx.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(cFos Software GmbH -> cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
(cFos Software GmbH -> cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\UnrealCEFSubProcess.exe
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(LogMeIn, Inc. -> LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <11>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2011.11613.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe <5>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Toast Server\MSIToastServer.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <8>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Razer USA Ltd. -> Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe <6>
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2045440 2010-09-02] (Microsoft Windows Hardware Compatibility Publisher -> Eastman Kodak Company)
HKLM\...\Run: [XFast LAN] => C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [2088872 2015-09-09] (cFos Software GmbH -> cFos Software GmbH)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [19677472 2020-06-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [337720 2020-11-12] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) [File not signed]
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [60074328 2018-12-22] (Discord Inc. -> Discord Inc.)
HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe [285544 2020-10-14] (IDSA Production signing key -> Intel)
HKU\S-1-5-21-3857839104-3952859072-2417217460-1004\...\Run: [Amazon Music] => C:\Users\mewtw_000\AppData\Local\Amazon Music\Amazon Music Helper.exe [5886784 2015-05-07] (Amazon Services LLC -> )
HKU\S-1-5-21-3857839104-3952859072-2417217460-1004\...\Run: [AIM for Windows] => C:\Users\mewtw_000\AppData\Local\AOL\AIM\aim.exe [1075608 2016-10-03] (AOL Inc. -> AOL Inc.)
HKU\S-1-5-21-3857839104-3952859072-2417217460-1004\...\Run: [Google Update] => C:\Users\mewtw_000\AppData\Local\Google\Update\1.3.36.52\GoogleUpdateCore.exe [219592 2020-12-03] (Google LLC -> Google LLC)
HKU\S-1-5-21-3857839104-3952859072-2417217460-1004\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-3857839104-3952859072-2417217460-1004\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [729704 2018-05-30] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-3857839104-3952859072-2417217460-1004\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [90952552 2020-11-12] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-3857839104-3952859072-2417217460-1004\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32281272 2020-11-10] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3857839104-3952859072-2417217460-1004\...\Run: [GameCompanion] => C:\Users\mewtw_000\AppData\Roaming\GameCompanion\GameCompanion.exe [484408 2013-10-12] () [File not signed]
HKU\S-1-5-21-3857839104-3952859072-2417217460-1004\...\Run: [AMDDVR] => C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe [2489528 2020-03-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKU\S-1-5-21-3857839104-3952859072-2417217460-1004\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [33138576 2020-12-07] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3857839104-3952859072-2417217460-1004\...\Run: [ManyCam] => C:\Program Files (x86)\ManyCam\ManyCam.exe [23335904 2020-10-28] (ManyCam (VISICOM MÉDIA INC.) -> Visicom Media Inc.)
HKU\S-1-5-21-3857839104-3952859072-2417217460-1004\...\Run: [uTorrent] => C:\Users\mewtw_000\AppData\Roaming\uTorrent\uTorrent.exe [2113240 2020-11-06] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-3857839104-3952859072-2417217460-1004\...\Run: [Discord] => C:\Users\mewtw_000\AppData\Local\Discord\Update.exe --processStart Discord.exe
HKU\S-1-5-21-3857839104-3952859072-2417217460-1004\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3421984 2020-12-07] (Valve -> Valve Corporation)
HKU\S-1-5-21-3857839104-3952859072-2417217460-1004\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-3857839104-3952859072-2417217460-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [580096 2020-07-17] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\KODAK EASYSHARE All-in-One Printer: C:\Windows\System32\spool\prtprocs\x64\EKIJ5000PPR.dll [232960 2010-09-02] (Microsoft Windows Hardware Compatibility Publisher -> Eastman Kodak Company)
HKLM\...\Print\Monitors\KODAK EASYSHARE All-in-One Printer: C:\Windows\system32\EKIJ5000MON.dll [612352 2010-09-02] (Microsoft Windows Hardware Compatibility Publisher -> Eastman Kodak Company)
HKLM\Software\...\AppCompatFlags\InstalledSDB\{a53dd3e5-0283-4ab3-b77c-7bd1bc7550c6}: [DatabasePath] -> C:\Windows\AppPatch\Custom\{a53dd3e5-0283-4ab3-b77c-7bd1bc7550c6}.sdb
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.88\Installer\chrmstp.exe [2020-12-02] (Google LLC -> Google LLC)
AppInit_DLLs-x32: C:\PROGRA~1\COMMON~1\System\symsrv.dll => C:\Program Files\Common Files\System\symsrv.dll [69337 2020-12-07] (Microsoft Corporation) [File not signed] <==== ATTENTION
Startup: C:\Users\mewtw_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-08-24]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\mewtw_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk [2019-09-12]
ShortcutTarget: Telegram.lnk -> C:\Users\mewtw_000\AppData\Roaming\Telegram Desktop\Telegram.exe (Telegram FZ-LLC) [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {01BF5165-A0C1-48E8-95F1-FA324B833513} - System32\Tasks\IObitSelfCheckTask => C:\Program Files (x86)\IObit\Smart Defrag\IObitSelfCheck.exe
Task: {119E0283-3C39-4D01-914C-D23D8160F140} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {188F58BC-F948-4FB4-89D4-D9AA5AC72B93} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {18D74226-F812-4445-8A46-85860F5FADE1} - System32\Tasks\Opera scheduled Autoupdate 1592177058 => C:\Users\mewtw_000\AppData\Local\Programs\Opera\launcher.exe [1721368 2020-11-24] (Opera Software AS -> Opera Software)
Task: {1E50346E-D168-490C-8703-29314C37A2DA} - System32\Tasks\cFos\Registration Tasks\Open Browser => c:\program files (x86)\microsoft\edge\application\msedge.exe [2964368 2020-12-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {242C6426-724C-4EE9-ACB1-D2D1A96542D7} - System32\Tasks\Agent Activation Runtime\S-1-5-21-3857839104-3952859072-2417217460-1004 => C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe [13312 2020-10-13] (Microsoft Windows -> )
Task: {25AADE8D-DCEB-4C59-AF2A-92BCD192C1EB} - System32\Tasks\MSI_Toast_Server => C:\Program Files (x86)\MSI\MSI Toast Server\MSIToastServer.exe [30648 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
Task: {288BD941-4EC3-4C27-92C9-1959C9001898} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26781880 2020-11-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {310985A9-0507-4E35-A02B-B903E5CC23A0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3CEE3290-2DC8-42BE-A843-93E48096574D} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {45A6E21F-4382-4C1C-AB5B-725940059E5E} - System32\Tasks\{E454B194-C458-4524-875A-BBDD341E9245} => C:\Windows\system32\pcalua.exe -a C:\Users\mario\Downloads\FirmwareFlashLauncher(3).exe -d C:\Users\mario\Downloads
Task: {47F88C44-2DD6-4E0C-9838-4C46D1127997} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {49D36591-3FC5-4126-B6F2-15EE8F466C4D} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [3031824 2020-07-07] (IObit Information Technology -> IObit)
Task: {4D0E675A-FA1D-4C9F-ABB5-FC7EAE815EA8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [231447 2017-12-05] (Google Inc.) [File not signed]
Task: {5EAA5B40-11EA-4E0E-AE68-C4B917E454D6} - System32\Tasks\{98850D8D-D672-45FA-99AD-029F06250334} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\WBFS\WBFS Manager 3.0\WBFSManager.exe" -d C:\Users\mewtw_000\Desktop
Task: {649A63A7-76CC-49C6-A879-EB864EFB7A90} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6CDDBA91-726C-4ADC-B126-9EB8BF74F108} - System32\Tasks\ASC_SkipUac_mewtw_000 => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {6E66C15F-086E-4943-B62C-53C50CD8D281} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {768AD179-E48F-429D-B21D-59D59484B3E5} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1149336 2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {82C4ABA5-2DFD-47DA-8107-F7C9868C4D93} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [116584 2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {873E6C9D-8348-4FF4-B8BC-EC5F05AA430E} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [69304 2020-03-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {8AC79E55-11E0-456E-8663-1C68F7435B6D} - System32\Tasks\Opera scheduled assistant Autoupdate 1592177072 => C:\Users\mewtw_000\AppData\Local\Programs\Opera\launcher.exe [1721368 2020-11-24] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\mewtw_000\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {8F1C983E-E536-4D43-B94A-9EBBDF347F92} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [782320 2019-10-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
Task: {8F78C466-564D-4C90-90E1-99F3DA0F85C9} - System32\Tasks\ASC_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
Task: {91949731-B0CA-4D7E-8D7C-E537E6D6BEB6} - System32\Tasks\{F39B6A7A-9212-4FE4-99F7-580C5E3B634F} => C:\Windows\system32\pcalua.exe -a C:\Users\mewtw_000\Desktop\dgca_v110.exe -d C:\Users\mewtw_000\Desktop
Task: {9F9C6169-66F9-4C6F-BD3D-12346E9DC9FB} - System32\Tasks\Fake Fullscreen => C:\Program Files (x86)\Steam\steamapps\common\Fallout 3 goty\FakeFullscreen.exe
Task: {A2AE4D1D-4FDE-4DEB-856A-4FCE26A4167A} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A64DEBF1-A72D-4BBA-BFA1-21BF594616E8} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_453_Plugin.exe [1502776 2020-11-10] (Adobe Inc. -> Adobe)
Task: {AC552665-E719-4405-9186-713556EF1591} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [231447 2017-12-05] (Google Inc.) [File not signed]
Task: {B3B4C3AB-B484-40BE-A758-8436FA4D026F} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {BBEB78B4-5D0E-4A20-9012-A33937084426} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [5938960 2020-10-27] (IObit Information Technology -> IObit)
Task: {BCEF23F9-6E1A-4F17-A80A-A0E23B469BCF} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [116584 2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {C49967AE-2C17-4165-87DE-7E6F2E012A6E} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-03-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {CA87B026-A07A-4225-A61B-888A5A3E5BD8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {D8F62EF4-4D4E-4EF9-9260-06E22BFC1277} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {DA2C2E8F-FE2A-49EC-A6FC-85BFA6699877} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1741416 2020-09-17] (Avast Software s.r.o. -> Avast Software)
Task: {DAD43C07-7077-4E41-A111-9BD54B725AA2} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23054216 2020-12-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {DFF2716A-9978-4791-98AE-2BF5C363692A} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {E744E851-2AD8-4C07-95A1-6EBB82AF2394} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-11-10] (Adobe Inc. -> Adobe)
Task: {E7F81A66-67D2-4C72-8A23-130CAF0667CA} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3301176 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E8A69D7A-3013-48F5-808A-64437B8247BA} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {ECBCFBEF-40C3-4A6A-B308-B1AE033867DA} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1628160 2020-03-17] (Advanced Micro Devices, Inc.) [File not signed]
Task: {EDB8D6B6-D0F6-4AA6-8A8C-DB7C2DB427F6} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_453_pepper.exe [1498680 2020-11-10] (Adobe Inc. -> Adobe)
Task: {F0060515-9863-4613-BD11-C1BD0EEBA9DC} - System32\Tasks\Driver Easy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [3817392 2020-06-18] (Easeware Technology Limited -> Easeware)
Task: {F2AB3E1C-74A2-4231-AB1B-1BDE3FC24EEA} - System32\Tasks\StartCNBM => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-03-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {F8194146-C4A2-487C-87EA-5896345BD1E3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F93E2654-F014-4F19-828E-87A3D166D727} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FB09ACF0-A598-4358-9375-1933B00E11A5} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23054216 2020-12-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {FC06B909-808E-43B2-9E89-69327F92E982} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {FE679D04-0972-4DEE-8D99-515F2DA05CE8} - System32\Tasks\LaunchChromeTask111 => C:\Program Files\FileZilla FTP Client\FileZilla.exe [13135528 2017-11-06] (Tim Kosse -> FileZilla Project)
Task: {FF370F45-BECF-44BD-BD18-41D8366C79D7} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1628160 2020-03-17] (Advanced Micro Devices, Inc.) [File not signed]
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Driver Easy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{414d8f97-7b89-435e-96db-7782dc537395}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{50474d97-8078-467b-b411-eda12ed350b4}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{6a3289c7-bd23-427e-bdc4-302ef88a4a73}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{b0fe0bb4-e96f-4581-af43-3fbc3f340851}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{d554030d-c919-4e80-8a80-32394b3d22f9}: [DhcpNameServer] 192.168.1.1
 
Edge: 
======
DownloadDir: C:\Users\mewtw_000\Downloads
Edge HomeButtonPage: HKU\S-1-5-21-3857839104-3952859072-2417217460-1004 -> hxxp://www.wwe.com/
Edge Notifications: HKU\S-1-5-21-3857839104-3952859072-2417217460-1004 -> hxxps://aminoapps.com
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.19.0_neutral__d55gg7py3s0m0 [2020-02-13]
Edge DefaultProfile: Default
Edge Profile: C:\Users\mewtw_000\AppData\Local\Microsoft\Edge\User Data\Default [2020-12-07]
Edge DownloadDir: C:\Users\mewtw_000\Downloads
Edge Notifications: Default -> hxxps://aminoapps.com; hxxps://anotepad.com; hxxps://bleedingcool.com; hxxps://floof.me; hxxps://pomf.tv; hxxps://tii.ai; hxxps://www.reddit.com; hxxps://www.tapatalk.com; hxxps://www.youtube.com; hxxps://www1a.delmarmora.pro; hxxps://www1a.michellehardin.pro; hxxps://www1a.moshemartin.pro; hxxps://www1a.samcunningham.pro
Edge HomePage: Default -> hxxp://www.wwe.com/
Edge StartupUrls: Default -> "hxxp://www.wwe.com/"
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\mewtw_000\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2020-11-20]
 
FireFox:
========
FF DefaultProfile: ig34uzeg.default
FF ProfilePath: C:\Users\mewtw_000\AppData\Roaming\Mozilla\Firefox\Profiles\ig34uzeg.default [2020-12-07]
FF user.js: detected! => C:\Users\mewtw_000\AppData\Roaming\Mozilla\Firefox\Profiles\ig34uzeg.default\user.js [2020-11-12]
FF Notifications: Mozilla\Firefox\Profiles\ig34uzeg.default -> hxxps://discordbots.org; hxxps://top.gg
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\mewtw_000\AppData\Roaming\Mozilla\Firefox\Profiles\ig34uzeg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2020-11-18]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_453.dll [2020-11-10] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-10-27] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-10-27] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_453.dll [2020-11-10] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-30] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-10-27] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-10-27] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-09-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.10 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin HKU\S-1-5-21-3857839104-3952859072-2417217460-1004: @citrixonline.com/appdetectorplugin -> C:\Users\mewtw_000\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-11-16] (Citrix Online -> Citrix Online)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\mewtw_000\AppData\Local\Google\Chrome\User Data\Default [2020-12-07]
CHR HomePage: Default -> hxxp://www.wwe.com/
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\mewtw_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-10-11]
CHR Extension: (Tampermonkey) - C:\Users\mewtw_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2020-05-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mewtw_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]
CHR Extension: (Chrome Media Router) - C:\Users\mewtw_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-10-27]
CHR HKLM-x32\...\Chrome\Extension: [dofoafnmdocgkdphpkdooahjkhpmakjd]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]
 
Opera: 
=======
OPR Extension: (AdBlock) - C:\Users\mewtw_000\AppData\Roaming\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj [2020-06-14]
OPR Extension: (Rich Hints Agent) - C:\Users\mewtw_000\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2020-10-24]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-11-10] (Adobe Inc. -> Adobe)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-09-24] (Apple Inc. -> Apple Inc.)
R2 AUEPLauncher; C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe [60600 2020-03-17] (Advanced Micro Devices, Inc. -> AMD)
R2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [726952 2015-09-09] (cFos Software GmbH -> cFos Software GmbH)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9105800 2020-11-23] (Microsoft Corporation -> Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [3638888 2018-05-30] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [287720 2020-10-18] (NVIDIA Corporation -> NVIDIA)
S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [231447 2017-12-05] (Google Inc.) [File not signed]
S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [231447 2017-12-05] (Google Inc.) [File not signed]
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3361736 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)
S3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc. -> LogMeIn, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7269976 2020-11-15] (Malwarebytes Inc -> Malwarebytes)
S3 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [506960 2015-12-26] (Sony Corporation -> Sony Corporation)
R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [147792 2017-06-15] (Razer USA Ltd. -> Razer Inc)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1711232 2020-07-01] (Rockstar Games, Inc. -> Rockstar Games)
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [183680 2017-04-13] (Razer USA Ltd. -> Razer Inc.)
S3 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [252176 2017-06-21] (Razer USA Ltd. -> Razer Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
S3 wampapache64; c:\wamp64\bin\apache\apache2.4.23\bin\httpd.exe [29696 2016-07-01] (Apache Software Foundation) [File not signed]
S3 wampmysqld64; c:\wamp64\bin\mysql\mysql5.7.14\bin\mysqld.exe [39885824 2016-07-12] () [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 A6100; C:\WINDOWS\System32\drivers\A6100.sys [5004560 2016-02-17] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
S3 ADSPIDEREX; C:\WINDOWS\system32\drivers\adspiderex.sys [55664 2015-12-27] (digitalonnet -> (주)디지탈온넷)
S3 AMDSoundWireAudioService; C:\WINDOWS\System32\drivers\amdsndwireafd.sys [374248 2019-09-06] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
S1 cfosspeed; C:\WINDOWS\system32\DRIVERS\cfosspeed6.sys [2004904 2015-09-09] (cFos Software GmbH -> cFos Software GmbH)
S3 CySmb; C:\WINDOWS\System32\drivers\cysmb.sys [10752 2016-03-08] (Cypress Semiconductor, Inc.) [File not signed]
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-09-06] (Disc Soft Ltd -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-09-06] (Disc Soft Ltd -> Disc Soft Ltd)
S3 dtproscsibus; C:\WINDOWS\System32\drivers\dtproscsibus.sys [30352 2015-03-02] (Disc Soft Ltd -> Disc Soft Ltd)
S3 ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft Inc. -> SlySoft, Inc.)
S3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft Inc. -> SlySoft, Inc.)
R3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2015-11-12] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
S3 ipadtst; C:\Program Files (x86)\MSI\Super Charger\ipadtst_64.sys [20464 2013-11-11] (MICRO-STAR INTERNATIONAL CO., LTD. -> Windows ® Win 7 DDK provider)
S3 ipadtst2; C:\Program Files (x86)\MSI\Super Charger\ipadtst2_64.sys [16336 2016-07-29] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 libusb0; C:\WINDOWS\system32\DRIVERS\libusb0.sys [52832 2020-03-26] (Travis Lee Robinson -> hxxp://libusb-win32.sourceforge.net)
S3 libusbK; C:\WINDOWS\System32\drivers\libusbK.sys [47928 2020-06-30] (Travis Lee Robinson -> hxxp://libusb-win32.sourceforge.net)
R3 ManyCam; C:\WINDOWS\system32\DRIVERS\mcvidrv.sys [66952 2018-07-29] (ManyCam (VISICOM MÉDIA INC.) -> Visicom Media Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220160 2020-11-27] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-11-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-11-25] (Malwarebytes Inc -> Malwarebytes)
R3 mcaudrv_simple; C:\WINDOWS\system32\drivers\mcaudrv_x64.sys [35960 2014-12-28] (ManyCam -> Visicom Media Inc.)
S3 mcdevice; C:\WINDOWS\system32\DRIVERS\mcdevice.sys [334400 2015-07-17] (Hefei GreenXin Technology Co. Ltd. -> ShiningMorning Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [137840 2016-08-10] (Razer Inc. -> Razer, Inc.)
S3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-18] (Bruce James -> Scarlet.Crush Productions)
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [30744 2017-03-09] (IObit Information Technology -> IObit)
R2 speedfan; C:\WINDOWS\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2016-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [50688 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
S3 AscFileFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileFilter.sys [X]
S3 AscRegistryFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscRegistryFilter.sys [X]
S3 cpuz145; \??\C:\WINDOWS\temp\cpuz145\cpuz145_x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-12-07 17:51 - 2020-12-07 17:56 - 000039823 _____ C:\Users\mewtw_000\Desktop\FRST.txt
2020-12-07 17:44 - 2020-12-07 17:55 - 000000000 ____D C:\FRST
2020-12-07 17:39 - 2020-12-07 17:40 - 002288640 _____ (Farbar) C:\Users\mewtw_000\Desktop\FRST64.exe
2020-12-07 17:16 - 2020-12-07 17:16 - 000001090 _____ C:\Users\mewtw_000\Desktop\Telegram.lnk
2020-12-07 17:07 - 2020-12-07 17:53 - 000000000 ____D C:\Program Files (x86)\Steam
2020-12-07 17:07 - 2020-12-07 17:07 - 000001036 _____ C:\Users\Public\Desktop\Steam.lnk
2020-12-07 17:07 - 2020-12-07 17:07 - 000001036 _____ C:\ProgramData\Desktop\Steam.lnk
2020-12-07 17:07 - 2020-12-07 17:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2020-12-07 16:44 - 2020-12-07 16:45 - 068900607 _____ (Discord Inc.) C:\Users\mewtw_000\Desktop\DiscordSetup.exe
2020-12-07 16:44 - 2020-12-07 16:45 - 068822328 ___SH (Discord Inc.) C:\Users\mewtw_000\Desktop\DiscordSetup.exe.dat
2020-12-07 16:43 - 2020-12-07 16:44 - 025814072 _____ (Telegram FZ-LLC ) C:\Users\mewtw_000\Desktop\tsetup.2.4.7.exe
2020-12-07 16:41 - 2020-12-07 16:41 - 000001391 _____ C:\Users\Public\Desktop\Skype.lnk
2020-12-07 16:41 - 2020-12-07 16:41 - 000001391 _____ C:\ProgramData\Desktop\Skype.lnk
2020-12-07 16:26 - 2020-12-07 16:26 - 000003120 _____ C:\WINDOWS\system32\Tasks\AMDInstallLauncher
2020-12-07 12:59 - 2020-12-07 12:59 - 000079098 _____ C:\Users\mewtw_000\Documents\cc_20201207_125912.reg
2020-12-07 12:28 - 2020-12-07 12:28 - 000003136 _____ C:\WINDOWS\system32\Tasks\MSIAfterburner
2020-12-07 12:27 - 2020-12-07 16:19 - 000000000 ____D C:\Program Files (x86)\Outbyte
2020-12-03 03:13 - 2020-12-03 03:13 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2020-12-03 03:10 - 2020-11-23 06:40 - 001769688 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2020-12-03 03:10 - 2020-11-23 06:40 - 001769688 _____ C:\WINDOWS\system32\vulkaninfo.exe
2020-12-03 03:10 - 2020-11-23 06:40 - 001370328 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2020-12-03 03:10 - 2020-11-23 06:40 - 001370328 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2020-12-03 03:10 - 2020-11-23 06:40 - 001054944 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2020-12-03 03:10 - 2020-11-23 06:40 - 001054944 _____ C:\WINDOWS\system32\vulkan-1.dll
2020-12-03 03:10 - 2020-11-23 06:40 - 000917728 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2020-12-03 03:10 - 2020-11-23 06:40 - 000917728 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2020-12-03 03:10 - 2020-11-23 06:40 - 000456600 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2020-12-03 03:10 - 2020-11-23 06:40 - 000349936 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2020-12-03 03:10 - 2020-11-23 06:38 - 002096880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2020-12-03 03:10 - 2020-11-23 06:38 - 001585560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2020-12-03 03:10 - 2020-11-23 06:38 - 001507224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2020-12-03 03:10 - 2020-11-23 06:38 - 001159920 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2020-12-03 03:10 - 2020-11-23 06:38 - 000816368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2020-12-03 03:10 - 2020-11-23 06:38 - 000813464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2020-12-03 03:10 - 2020-11-23 06:38 - 000674712 _____ C:\WINDOWS\system32\nvofapi64.dll
2020-12-03 03:10 - 2020-11-23 06:38 - 000670616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2020-12-03 03:10 - 2020-11-23 06:38 - 000656112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2020-12-03 03:10 - 2020-11-23 06:38 - 000556440 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2020-12-03 03:10 - 2020-11-23 06:38 - 000543128 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2020-12-03 03:10 - 2020-11-23 06:37 - 007706352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2020-12-03 03:10 - 2020-11-23 06:37 - 006860184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2020-12-03 03:10 - 2020-11-23 06:37 - 004175256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2020-12-03 03:10 - 2020-11-23 06:37 - 002508528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2020-12-03 03:10 - 2020-11-23 06:37 - 001733016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6445751.dll
2020-12-03 03:10 - 2020-11-23 06:37 - 001482992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6445751.dll
2020-12-03 03:10 - 2020-11-23 06:32 - 007006712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2020-12-03 03:10 - 2020-11-23 06:32 - 005978008 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2020-12-03 03:10 - 2020-11-22 05:29 - 000058620 _____ C:\WINDOWS\system32\nvinfo.pb
2020-12-01 09:17 - 2020-12-01 09:17 - 000004196 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1592177058
2020-12-01 09:17 - 2020-12-01 09:17 - 000001459 _____ C:\Users\mewtw_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2020-11-30 20:21 - 2020-11-30 21:32 - 000000000 ____D C:\Users\mewtw_000\AppData\Roaming\Vortex
2020-11-27 10:03 - 2020-11-27 10:03 - 000220160 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-11-26 11:29 - 2020-12-07 16:15 - 000000000 ____D C:\Users\mewtw_000\AppData\LocalLow\IGDump
2020-11-26 11:22 - 2020-11-26 11:22 - 000004458 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1592177072
2020-11-25 13:13 - 2020-11-25 13:13 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-11-22 20:11 - 2020-11-22 20:11 - 000000000 ____D C:\Users\mewtw_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citra
2020-11-20 17:26 - 2020-11-20 17:26 - 000001776 _____ C:\Users\Public\Desktop\iTunes.lnk
2020-11-20 17:26 - 2020-11-20 17:26 - 000001776 _____ C:\ProgramData\Desktop\iTunes.lnk
2020-11-20 17:26 - 2020-11-20 17:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2020-11-20 03:36 - 2020-11-20 03:36 - 134688768 _____ C:\WINDOWS\system32\config\SOFTWARE.iobit
2020-11-20 03:36 - 2020-11-20 03:36 - 004714496 _____ C:\WINDOWS\system32\config\DEFAULT.iobit
2020-11-20 03:36 - 2020-11-20 03:36 - 000151552 _____ C:\WINDOWS\system32\config\SAM.iobit
2020-11-20 03:36 - 2020-11-20 03:36 - 000040960 _____ C:\WINDOWS\system32\config\SECURITY.iobit
2020-11-19 05:41 - 2020-11-19 05:41 - 000000000 ____D C:\Users\mewtw_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citra Canary
2020-11-18 20:56 - 2020-11-18 20:56 - 000002217 _____ C:\Users\mewtw_000\Desktop\WeMod.lnk
2020-11-18 20:55 - 2020-11-18 20:56 - 000000000 ____D C:\Users\mewtw_000\AppData\Local\WeMod
2020-11-17 18:33 - 2020-11-18 12:32 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2020-11-15 11:54 - 2020-11-15 11:54 - 000009265 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2020-11-15 11:53 - 2020-11-15 11:53 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-11-15 11:52 - 2020-11-15 11:52 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-11-15 11:52 - 2020-11-15 11:52 - 000197632 _____ C:\WINDOWS\system32\IHDS.dll
2020-11-15 11:52 - 2020-11-15 11:52 - 000152576 _____ C:\WINDOWS\system32\EoAExperiences.exe
2020-11-15 02:22 - 2020-11-15 02:21 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2020-11-09 06:16 - 2020-10-27 17:26 - 001731824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6445709.dll
2020-11-09 06:16 - 2020-10-27 17:26 - 001484184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6445709.dll
2020-11-09 04:31 - 2020-11-09 04:31 - 000003976 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-11-09 04:31 - 2020-10-20 04:56 - 002797552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2020-11-09 04:31 - 2020-10-20 04:56 - 002154984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2020-11-09 04:31 - 2020-10-18 21:42 - 000069608 _____ C:\WINDOWS\system32\FvSDK_x64.dll
2020-11-09 04:31 - 2020-10-18 21:42 - 000058344 _____ C:\WINDOWS\SysWOW64\FvSDK_x86.dll
2020-11-09 04:30 - 2020-11-09 04:30 - 000004308 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-11-09 04:30 - 2020-11-09 04:30 - 000004106 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-11-09 04:30 - 2020-11-09 04:30 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-11-09 04:30 - 2020-11-09 04:30 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-11-09 04:30 - 2020-11-09 04:30 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-11-09 04:30 - 2020-11-09 04:30 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-11-09 04:29 - 2020-11-09 04:29 - 000003894 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-11-09 04:29 - 2020-11-09 04:29 - 000003654 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-11-08 12:17 - 2020-11-08 12:17 - 000003106 _____ C:\WINDOWS\system32\Tasks\IObitSelfCheckTask
2020-11-08 12:17 - 2020-11-08 12:17 - 000001239 _____ C:\Users\Public\Desktop\Smart Defrag 6.lnk
2020-11-08 12:17 - 2020-11-08 12:17 - 000001239 _____ C:\ProgramData\Desktop\Smart Defrag 6.lnk
2020-11-08 12:17 - 2019-09-12 09:59 - 000178960 _____ (IObit) C:\WINDOWS\system32\IObitSmartDefragExtension.dll
2020-11-08 12:17 - 2017-03-09 13:53 - 000030744 _____ (IObit) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
2020-11-07 11:33 - 2020-12-04 16:41 - 000000000 ____D C:\Program Files\Cheat Engine 7.2
2020-11-07 11:33 - 2020-11-07 11:33 - 000000901 _____ C:\Users\mewtw_000\Desktop\Cheat Engine.lnk
2020-11-07 11:33 - 2020-11-07 11:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.2
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-12-07 17:52 - 2016-11-20 00:56 - 000000000 ____D C:\Users\mewtw_000\AppData\LocalLow\Mozilla
2020-12-07 17:51 - 2018-06-14 00:16 - 000000000 ____D C:\Users\mewtw_000\AppData\Local\D3DSCache
2020-12-07 17:46 - 2015-02-25 23:39 - 000000000 ____D C:\ProgramData\Mozilla
2020-12-07 17:41 - 2019-12-07 01:14 - 000000000 ____D C:\Program Files\Common Files\System
2020-12-07 17:39 - 2019-12-07 01:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-12-07 17:16 - 2017-02-28 22:51 - 000000000 ____D C:\Users\mewtw_000\AppData\Roaming\Telegram Desktop
2020-12-07 17:16 - 2017-02-28 22:51 - 000000000 ____D C:\Users\mewtw_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop
2020-12-07 17:15 - 2015-06-02 01:35 - 000000000 ____D C:\Users\mewtw_000\AppData\Local\CrashDumps
2020-12-07 16:57 - 2015-02-26 03:53 - 000000000 ____D C:\Program Files\WinRAR
2020-12-07 16:51 - 2018-12-22 13:01 - 000000000 ____D C:\Users\mewtw_000\AppData\Roaming\discord
2020-12-07 16:51 - 2016-04-18 13:41 - 000000000 ____D C:\Users\mewtw_000\AppData\Local\SquirrelTemp
2020-12-07 16:50 - 2017-08-08 16:29 - 000000000 ____D C:\Users\mewtw_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2020-12-07 16:42 - 2015-02-26 13:43 - 000000000 ____D C:\Users\mewtw_000\Desktop\Emulators
2020-12-07 16:41 - 2018-07-20 20:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2020-12-07 16:28 - 2019-07-06 19:27 - 000000000 ____D C:\Users\mewtw_000\Desktop\DesktopOK
2020-12-07 16:27 - 2018-10-22 12:24 - 000000000 ____D C:\Program Files\CCleaner
2020-12-07 16:26 - 2019-08-08 02:29 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2020-12-07 16:24 - 2019-08-28 01:35 - 000000000 ____D C:\ProgramData\NVIDIA
2020-12-07 16:23 - 2020-09-13 04:25 - 000008192 ___SH C:\DumpStack.log.tmp
2020-12-07 16:23 - 2020-07-17 04:03 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-12-07 16:23 - 2020-07-17 02:58 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-12-07 16:23 - 2020-07-14 20:56 - 000000000 ____D C:\Users\mewtw_000\AppData\Local\citra2
2020-12-07 16:23 - 2019-04-03 20:51 - 000000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2020-12-07 16:23 - 2016-08-01 18:14 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2020-12-07 14:16 - 2018-06-13 21:53 - 000000000 ____D C:\Users\mewtw_000\AppData\Local\LogMeIn Hamachi
2020-12-07 12:49 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-12-07 12:17 - 2018-06-13 21:53 - 000000000 ____D C:\Users\mewtw_000\AppData\Roaming\IObit
2020-12-07 12:17 - 2015-02-26 00:29 - 000000000 ____D C:\ProgramData\IObit
2020-12-07 12:10 - 2019-12-07 01:03 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2020-12-07 12:10 - 2018-06-13 21:53 - 000000000 ____D C:\Users\alex\AppData\Roaming\IObit
2020-12-07 12:10 - 2015-04-17 03:58 - 000000000 ____D C:\Users\alex\AppData\LocalLow\IObit
2020-12-07 12:10 - 2015-02-26 19:04 - 000000000 ____D C:\Users\mewtw_000\AppData\LocalLow\IObit
2020-12-07 12:10 - 2015-02-26 00:29 - 000000000 ____D C:\Program Files (x86)\IObit
2020-12-07 11:51 - 2019-12-07 01:13 - 000000000 ____D C:\WINDOWS\INF
2020-12-07 11:47 - 2019-12-07 01:14 - 000000000 ___HD C:\Program Files\WindowsApps
2020-12-07 10:38 - 2015-02-25 23:52 - 000000000 ___RD C:\Users\mewtw_000\OneDrive
2020-12-07 10:34 - 2016-10-24 13:00 - 000000000 ____D C:\ProgramData\ProductData
2020-12-06 19:50 - 2015-07-07 22:09 - 000000000 ____D C:\Users\mewtw_000\AppData\LocalLow\Adblock Plus for IE
2020-12-06 02:11 - 2015-02-26 03:31 - 000000000 ____D C:\Users\mewtw_000\Documents\Nexus Mod Manager
2020-12-05 20:42 - 2015-11-11 23:02 - 000000000 ____D C:\Users\mewtw_000\AppData\Local\Fallout4
2020-12-05 10:14 - 2020-06-21 13:47 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-12-05 10:14 - 2020-06-21 13:47 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-12-05 10:14 - 2020-06-21 13:47 - 000002278 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-12-05 09:56 - 2016-08-11 12:41 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2020-12-04 15:04 - 2019-09-15 01:47 - 000000000 ____D C:\Users\mewtw_000\AppData\Roaming\WeMod
2020-12-04 10:57 - 2019-08-28 01:51 - 000000000 ____D C:\Users\mewtw_000\AppData\Local\NVIDIA
2020-12-04 09:54 - 2018-02-27 23:22 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-12-03 18:58 - 2020-07-17 04:03 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-12-03 18:58 - 2020-07-17 04:03 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-12-02 21:03 - 2017-04-04 22:43 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-12-02 18:17 - 2017-12-05 13:00 - 000000000 ____D C:\Users\mewtw_000\AppData\Local\Packages
2020-12-02 12:28 - 2016-10-27 17:11 - 000000000 ____D C:\Users\mewtw_000\AppData\Local\Skyrim Special Edition
2020-12-01 16:45 - 2015-11-19 17:23 - 000000000 ____D C:\Users\mewtw_000\Desktop\Game Trainers
2020-11-30 22:47 - 2019-12-07 01:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-11-30 21:33 - 2018-06-21 18:38 - 000000000 ____D C:\Program Files\Black Tree Gaming Ltd
2020-11-29 05:42 - 2020-07-17 03:04 - 000000000 ____D C:\Users\mewtw_000
2020-11-28 03:30 - 2017-02-28 23:01 - 000000000 ____D C:\Users\mewtw_000\Downloads\Telegram Desktop
2020-11-27 20:37 - 2020-07-17 04:03 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-11-27 20:37 - 2020-07-17 04:03 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-11-27 11:13 - 2019-05-22 20:45 - 000000000 ____D C:\Users\mewtw_000\Desktop\Steam Games
2020-11-27 11:12 - 2015-02-26 03:09 - 000000000 ____D C:\Users\mewtw_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2020-11-27 10:35 - 2018-12-24 05:06 - 000000000 ____D C:\Users\alex\AppData\Roaming\discord
2020-11-27 10:27 - 2020-07-17 04:03 - 000004152 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{3AA3E72E-62AD-49C2-84DE-DDBC88CD9C80}
2020-11-27 10:07 - 2015-02-27 12:00 - 000000000 ___RD C:\Users\alex\OneDrive
2020-11-27 10:06 - 2018-06-13 21:53 - 000000000 ____D C:\Users\alex\AppData\Local\LogMeIn Hamachi
2020-11-26 11:14 - 2015-08-23 17:46 - 000000000 ____D C:\Users\alex\AppData\Local\CrashDumps
2020-11-26 06:54 - 2017-12-05 13:04 - 000000000 ____D C:\Users\alex\AppData\Local\Packages
2020-11-26 02:53 - 2019-04-23 16:04 - 000000000 ____D C:\Users\mewtw_000\AppData\Local\MK11
2020-11-25 10:55 - 2017-05-01 23:47 - 000000000 ____D C:\Users\mewtw_000\Desktop\Gamejolt games
2020-11-25 10:54 - 2015-06-21 23:54 - 000000000 ____D C:\Users\mewtw_000\AppData\Roaming\MMFApplications
2020-11-24 12:05 - 2020-02-28 20:21 - 000000000 ____D C:\Users\mewtw_000\Desktop\NEW9.1.0CFW
2020-11-22 20:39 - 2018-08-06 03:14 - 000000000 ____D C:\Users\mewtw_000\AppData\Local\Citra
2020-11-22 01:45 - 2020-09-29 21:15 - 005510968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2020-11-22 01:45 - 2020-09-29 21:15 - 002636264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2020-11-22 01:45 - 2020-09-29 21:15 - 001759032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2020-11-22 01:45 - 2020-09-29 21:15 - 000991032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2020-11-22 01:45 - 2020-09-29 21:15 - 000194360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2020-11-22 01:45 - 2020-09-29 21:15 - 000121144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2020-11-22 01:45 - 2020-09-29 21:15 - 000084456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2020-11-20 22:35 - 2020-07-17 22:29 - 000000000 ____D C:\Users\mewtw_000\AppData\Local\ManyCam
2020-11-20 22:35 - 2018-06-16 15:42 - 000000000 ____D C:\Users\mewtw_000\AppData\Roaming\ManyCam
2020-11-20 17:26 - 2015-10-04 10:24 - 000000000 ____D C:\Program Files\iTunes
2020-11-20 17:26 - 2015-10-04 10:24 - 000000000 ____D C:\Program Files\iPod
2020-11-20 02:26 - 2017-08-25 13:14 - 000000000 ____D C:\Users\mewtw_000\AppData\Roaming\vlc
2020-11-19 21:22 - 2018-11-03 23:31 - 000000000 ____D C:\Users\mewtw_000\Desktop\MKP4.1_S2.9_Ultimate_Update
2020-11-18 20:56 - 2019-09-15 01:47 - 000000000 ____D C:\Users\mewtw_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WeMod
2020-11-18 12:32 - 2015-02-25 23:39 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-11-18 01:53 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-11-18 00:01 - 2018-10-28 01:33 - 000001238 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-11-17 11:27 - 2020-07-17 03:22 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-11-17 05:28 - 2020-07-17 02:57 - 005141000 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-11-17 05:22 - 2019-12-07 01:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2020-11-17 05:22 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2020-11-17 05:22 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SystemResources
2020-11-17 05:22 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2020-11-17 05:22 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\setup
2020-11-17 05:22 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2020-11-17 05:22 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-11-17 05:22 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-11-17 05:22 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2020-11-17 05:22 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-11-16 22:29 - 2018-10-14 23:31 - 000000000 ____D C:\Users\mewtw_000\AppData\Local\Randovania
2020-11-16 22:09 - 2016-09-26 02:22 - 000000000 ____D C:\Users\mewtw_000\Desktop\randomizers
2020-11-15 11:52 - 2020-07-17 03:03 - 002876928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2020-11-15 02:22 - 2020-07-04 13:24 - 000001997 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-11-15 02:22 - 2019-12-07 01:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-11-15 02:22 - 2019-07-05 16:02 - 000001985 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-11-15 02:22 - 2019-07-05 16:02 - 000001985 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-11-15 02:21 - 2019-07-05 16:02 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-11-12 13:33 - 2018-12-11 13:25 - 000000000 ____D C:\WINDOWS\system32\MpEngineStore
2020-11-12 13:33 - 2015-02-28 03:19 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-11-12 13:11 - 2015-02-28 03:19 - 133736600 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-11-12 06:25 - 2015-08-17 17:17 - 000000000 ____D C:\Users\mewtw_000\AppData\Local\yabause
2020-11-12 00:16 - 2015-08-03 02:11 - 000000000 ____D C:\Users\mewtw_000\AppData\Roaming\uTorrent
2020-11-10 16:07 - 2020-10-13 10:56 - 000842296 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2020-11-10 16:07 - 2020-10-13 10:56 - 000175160 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2020-11-10 16:07 - 2020-07-17 04:03 - 000004594 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
2020-11-10 16:07 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-11-10 16:07 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-11-10 15:07 - 2020-07-17 04:03 - 000004582 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-11-09 22:09 - 2018-07-01 23:36 - 000000000 ____D C:\Users\mewtw_000\AppData\Local\AM2R
2020-11-09 13:57 - 2018-10-22 12:24 - 000000825 _____ C:\Users\Public\Desktop\CCleaner.lnk
2020-11-09 13:57 - 2018-10-22 12:24 - 000000825 _____ C:\ProgramData\Desktop\CCleaner.lnk
2020-11-09 04:31 - 2019-09-11 00:02 - 000001439 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2020-11-09 04:31 - 2019-09-11 00:02 - 000001439 _____ C:\ProgramData\Desktop\GeForce Experience.lnk
2020-11-09 04:31 - 2017-05-08 16:59 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2020-11-09 04:31 - 2017-05-08 16:58 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2020-11-09 04:30 - 2017-05-08 16:58 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2020-11-08 12:17 - 2016-04-28 10:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag
2020-11-07 11:26 - 2020-05-31 00:05 - 000000000 ____D C:\Program Files\Cheat Engine 7.1
2020-11-07 10:39 - 2015-03-16 13:28 - 000000000 ____D C:\Users\mewtw_000\AppData\Local\ElevatedDiagnostics
2020-11-07 00:48 - 2019-07-07 22:36 - 000000000 ____D C:\Users\mewtw_000\AppData\Local\BitTorrentHelper
 
==================== Files in the root of some directories ========
 
2017-07-10 19:44 - 2017-07-10 19:44 - 000286720 _____ () C:\Program Files\AlphaFS.dll
2018-06-18 14:54 - 2018-06-18 14:54 - 000053760 _____ () C:\Program Files\AxInterop.WMPLib.dll
2017-09-07 19:24 - 2017-09-07 19:24 - 000086016 _____ (Be) C:\Program Files\Be.Windows.Forms.HexBox.dll
2017-07-10 19:44 - 2017-07-10 19:44 - 000008192 _____ () C:\Program Files\CommonCompressors.dll
2018-06-18 14:54 - 2018-06-18 14:54 - 000060416 _____ (MaximeC) C:\Program Files\DokanNet.dll
2018-06-18 14:54 - 2018-06-18 14:54 - 000012800 _____ () C:\Program Files\HelperChat.dll
2017-11-24 04:36 - 2017-11-24 04:36 - 000134656 _____ (Simon Mourier) C:\Program Files\HtmlAgilityPack.dll
2018-06-18 14:54 - 2018-06-18 14:54 - 000330752 _____ ( ) C:\Program Files\Interop.WMPLib.dll
2017-07-10 19:44 - 2017-07-10 19:44 - 000123904 _____ () C:\Program Files\LibEveryFileExplorer.dll
2018-06-18 14:54 - 2018-06-18 14:54 - 000152064 _____ () C:\Program Files\LiveCharts.dll
2018-06-18 14:54 - 2018-06-18 14:54 - 000019456 _____ () C:\Program Files\LiveCharts.WinForms.dll
2018-06-18 14:54 - 2018-06-18 14:54 - 000217600 _____ () C:\Program Files\LiveCharts.Wpf.dll
2017-03-26 21:22 - 2017-03-26 21:22 - 000370070 _____ () C:\Program Files\logo2T.png.ico
2017-03-26 21:22 - 2017-07-10 19:44 - 000105984 _____ (Microsoft) C:\Program Files\Microsoft.WindowsAPICodePack.dll
2017-03-26 21:22 - 2017-07-10 19:44 - 000542720 _____ (Microsoft) C:\Program Files\Microsoft.WindowsAPICodePack.Shell.dll
2017-06-30 16:36 - 2018-06-18 14:54 - 000894976 _____ (MonoGame Team) C:\Program Files\MonoGame.Framework.dll
2017-03-26 21:22 - 2017-07-10 19:44 - 000169472 _____ () C:\Program Files\NBug.dll
2017-03-26 21:22 - 2017-07-10 19:44 - 000653824 _____ (Newtonsoft) C:\Program Files\Newtonsoft.Json.dll
2017-03-26 21:22 - 2017-11-24 04:36 - 000456192 _____ (Adam Hathcock) C:\Program Files\SharpCompress.dll
2017-06-30 16:36 - 2018-06-18 14:54 - 000507904 _____ (Alexandre Mutel) C:\Program Files\SharpDX.Direct2D1.dll
2017-06-30 16:36 - 2018-06-18 14:54 - 000285696 _____ (Alexandre Mutel) C:\Program Files\SharpDX.Direct3D11.dll
2017-06-30 16:36 - 2018-06-18 14:54 - 000347136 _____ (Alexandre Mutel) C:\Program Files\SharpDX.Direct3D9.dll
2017-06-30 16:36 - 2018-06-18 14:54 - 000276992 _____ (Alexandre Mutel) C:\Program Files\SharpDX.dll
2017-06-30 16:36 - 2018-06-18 14:54 - 000140800 _____ (Alexandre Mutel) C:\Program Files\SharpDX.DXGI.dll
2018-06-18 14:54 - 2018-06-18 14:54 - 000220672 _____ (Alexandre Mutel) C:\Program Files\SharpDX.Mathematics.dll
2017-06-30 16:36 - 2018-06-18 14:54 - 000546304 _____ (Alexandre Mutel) C:\Program Files\SharpDX.MediaFoundation.dll
2017-06-30 16:36 - 2018-06-18 14:54 - 000094208 _____ (Alexandre Mutel) C:\Program Files\SharpDX.XAudio2.dll
2017-06-30 16:36 - 2018-06-18 14:54 - 000013824 _____ (Alexandre Mutel) C:\Program Files\SharpDX.XInput.dll
2018-06-18 14:54 - 2018-06-18 14:54 - 000005120 _____ () C:\Program Files\SharpSteam.dll
2018-06-18 14:54 - 2018-06-18 14:54 - 000006656 _____ (Andrey Shchekin) C:\Program Files\StringInterpolationBridge.dll
2017-06-30 16:36 - 2017-06-30 16:36 - 000026624 _____ (Paloma) C:\Program Files\TargaImage.dll
2018-06-18 14:54 - 2018-06-18 14:54 - 000658944 _____ (Telerik AD) C:\Program Files\Telerik.WinControls.ChartView.dll
2017-03-26 21:22 - 2017-06-30 16:36 - 003476992 _____ (Telerik AD) C:\Program Files\Telerik.WinControls.dll
2017-03-26 21:22 - 2017-06-30 16:36 - 001654784 _____ (Telerik AD) C:\Program Files\Telerik.WinControls.GridView.dll
2017-03-26 21:22 - 2017-06-30 16:36 - 000920576 _____ (Telerik AD) C:\Program Files\Telerik.WinControls.RadDock.dll
2017-03-26 21:22 - 2017-06-30 16:36 - 004888064 _____ (Telerik AD) C:\Program Files\Telerik.WinControls.UI.dll
2017-03-26 21:22 - 2017-06-30 16:36 - 000343040 _____ (Telerik AD) C:\Program Files\TelerikCommon.dll
2017-03-26 21:22 - 2018-06-18 22:02 - 000000001 _____ () C:\Program Files\test
2017-03-26 21:22 - 2018-06-18 15:08 - 001540096 _____ (Hikari06) C:\Program Files\Updater.exe
2018-06-18 14:54 - 2018-06-18 14:54 - 000014336 _____ (27labs) C:\Program Files\VDFParser.dll
2017-03-26 21:22 - 2018-06-18 22:02 - 000000009 _____ () C:\Program Files\ver
2017-03-26 21:22 - 2018-06-18 14:54 - 020484608 _____ (Hikari06) C:\Program Files\WiiU_USB_Helper.exe
2017-03-26 21:22 - 2018-06-18 14:54 - 000006903 _____ () C:\Program Files\WiiU_USB_Helper.exe.config
2020-05-02 03:20 - 2020-05-02 03:20 - 000000000 _____ () C:\Program Files (x86)\014CD6AA.log
2020-05-02 03:22 - 2020-05-02 03:22 - 000000008 _____ () C:\Program Files (x86)\014E43F5.log
2015-04-03 01:18 - 2015-04-03 01:18 - 000000132 _____ () C:\Users\mewtw_000\AppData\Roaming\Adobe BMP Format CS6 Prefs
2017-01-14 21:22 - 2017-01-14 21:26 - 000000132 _____ () C:\Users\mewtw_000\AppData\Roaming\Adobe GIF Format CS6 Prefs
2015-03-18 03:18 - 2018-12-05 01:50 - 000000132 _____ () C:\Users\mewtw_000\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-03-31 21:17 - 2017-02-24 00:21 - 000000132 _____ () C:\Users\mewtw_000\AppData\Roaming\Adobe Targa Format CS6 Prefs
2015-11-05 03:42 - 2017-10-28 11:04 - 000000032 _____ () C:\Users\mewtw_000\AppData\Roaming\com.gendou.ff6_ram_editor.prefs
2016-02-04 16:46 - 2018-02-18 21:44 - 000000043 _____ () C:\Users\mewtw_000\AppData\Roaming\com.gendou.som_ram_editor.prefs
2016-09-09 02:50 - 2016-10-23 01:35 - 000000170 _____ () C:\Users\mewtw_000\AppData\Roaming\default.rss
2015-04-06 16:16 - 2015-04-06 16:16 - 000000107 _____ () C:\Users\mewtw_000\AppData\Roaming\Editroid.config
2017-06-04 22:21 - 2017-06-04 22:22 - 000004608 _____ () C:\Users\mewtw_000\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-10-31 13:48 - 2018-10-31 13:48 - 001065984 _____ () C:\Users\mewtw_000\AppData\Local\file__0.localstorage
2015-07-27 01:39 - 2015-07-27 01:39 - 000000000 _____ () C:\Users\mewtw_000\AppData\Local\Temp.dat
2018-06-26 15:28 - 2018-06-26 15:28 - 000000002 _____ () C:\Users\mewtw_000\AppData\Local\WMI.ini
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================

addition.txt is attached below

Attached Files


  • 0

Advertisements

#2
RKinner
Posted 08 December 2020 - 07:40 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Did you install TeamViewer and LogMeIn?  Both allow your PC to be controlled remotely.

 

 
Download the attached fixlist.txt to the same location as FRST
 
Attached File  fixlist.txt   3.84KB   190 downloads
 
Run FRST and press Fix (May take up to 25 minutes to complete.  Be patient.  Will reboot when done.)
A fix log will be generated please post that 
 
Reboot if the fix doesn't reboot it for you
 
 
See if you can get ESET's online scan to work.  Will take a few hours:
Click on one-time scan
Save file then right click go to download folder, right click on file and run as admin.  Follow the instructions.  (Will go faster if you can pause your anti-virus).  Let it remove anything it finds.
 
 
 
Run FRST again but this time make sure Addition.txt is checked and hit Scan.  Post both logs.
 

  • 0

#3
Lucky Dearly
Posted 08 December 2020 - 08:19 PM

Lucky Dearly

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 349 posts

okay, i'll be performing the scans as soon as I can

i was able to do the FRST scan and have the log but the ESET scanner ran into a problem. it says it can't download the update module and won't continue on. 


Edited by Lucky Dearly, 09 December 2020 - 12:29 AM.

  • 0

#4
Lucky Dearly
Posted 09 December 2020 - 02:29 PM

Lucky Dearly

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 349 posts

something else to add in. every time I log in I notice that adware cleaner pops up, problem is that it's not even on my desktop. 


  • 0

#5
RKinner
Posted 09 December 2020 - 04:48 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

OK we will try something else later.  Post your fixlog and then do a FRST scan and post both its log and the addition.txt

 

NOTE:  DO NOT EDIT LOGS (except to fix typos and such).  I do not get notified of edits - just of new posts.


  • 0

#6
Lucky Dearly
Posted 09 December 2020 - 09:06 PM

Lucky Dearly

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 349 posts

okay here's the logs.

 

Attached Files


  • 0

#7
RKinner
Posted 09 December 2020 - 11:38 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

FRST removed it but it came back again.

 

The main infection is:

 

AppInit_DLLs-x32: C:\PROGRA~1\COMMON~1\System\symsrv.dll => C:\Program Files\Common Files\System\symsrv.dll [69337 2020-12-07] (Microsoft Corporation) [File not signed] <==== ATTENTION

and probably this policy since it also came back.

 

Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

 

I had FRST submit C:\Program Files\Common Files\System\symsrv.dll to virustotal and got 60 detections so it is definitely the cause of our problem.

 

Let's try again.  This time I am going to tell FRST to close all programs first and I will also create a dummy file in place of the bad file.  Sometimes  Malwarebytes will object to being closed and cause FRST to hang.

Might be better to uninstall it first.

 

AdwareCleaner is popping up on reboot because of this task:

Task: {E48B989B-767B-436E-BBDB-98DFFDA9321F} - System32\Tasks\AdwCleaner_onReboot => C:\Users\mewtw_000\Desktop\AdwCleaner.exe [8525431 2020-12-07] (Malwarebytes) [File not signed]
I will have FRST remove the task. 

 

I see you have RogueKiller running.  Does it find anything?

 

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   2.49KB   184 downloads

Run FRST and press Fix (This should be much quicker than last time but it will still need to reboot)
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again but this time make sure Addition.txt is checked and hit Scan.  Post both logs.


 


  • 0

#8
Lucky Dearly
Posted 10 December 2020 - 12:38 AM

Lucky Dearly

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 349 posts

I'll get these scans a go. as for RougeKiller it hasn't detected anything 


  • 0

#9
Lucky Dearly
Posted 10 December 2020 - 04:47 AM

Lucky Dearly

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 349 posts

here the logs 

as I logged back in, skype gave me the (0xc0000005) error code. 

Attached Files


Edited by Lucky Dearly, 10 December 2020 - 04:48 AM.

  • 0

#10
RKinner
Posted 10 December 2020 - 06:17 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

We managed to keep it from using symsrv.dll that time so it switched to dlcoer.dll.  Playing whack-a-mole now.  Normally I would have you go into Safe Mode and try again but Win 10 likes to get stuck in safe mode.  Do you normally use a PIN to log on?  If you do do you know your password?

 

Have you ever done an edit on the Registry?

 

Windows Safety Scanner claims it can get rid of this beast so let's try that first:

 

https://docs.microso...canner-download

(Best to right click on the downloaded file and Run as Admin)

This is what they say about the virus in case you are interested.

https://www.microsof...us:Win32/Floxif

 

Trend Micro recommends using Process Explorer to stop the virus processes so let's get a process explorer log:

 

Get Process Explorer

https://live.sysinte...com/procexp.exe

Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


 


  • 0

Advertisements

#11
Lucky Dearly
Posted 10 December 2020 - 12:39 PM

Lucky Dearly

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 349 posts

actually I don't use a pin to log in, I just use my user password to log into my pc account.

and I'll give those scans a go, as for registry editing I don't believe I've done any editing to it


Edited by Lucky Dearly, 10 December 2020 - 12:46 PM.

  • 0

#12
RKinner
Posted 10 December 2020 - 12:56 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

If all else fails we may need to try changing permissions on one of the registry keys.  If the safety scan seems to run OK then reboot and make a new FRST scan so I can see if it really worked.  If the safety scan doesn't help  we can try a fixlist in Safe Mode since you use a password.  Stupidly enough the PIN method doesn't work in Safe Mode as I found out the hard way the other day.  We will also turn on the hidden administrator account before we do it just to make sure we can get in.


  • 0

#13
Lucky Dearly
Posted 10 December 2020 - 07:00 PM

Lucky Dearly

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 349 posts

ah, so far the safety scan has been running good so far. might take a few more hours to complete, it's going on 5 hours as we speak


Edited by Lucky Dearly, 10 December 2020 - 07:01 PM.

  • 0

#14
RKinner
Posted 10 December 2020 - 10:19 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Hopefully it is not in a loop.  I've never run it myself so have no idea how long it should take but the Avast boot-time scan took over 6 hours the last time I ran it so it may be normal.


  • 0

#15
Lucky Dearly
Posted 11 December 2020 - 01:07 AM

Lucky Dearly

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 349 posts

I think I know why it's scanning as long as it is. it's also looking in my expansion drive as well. so far it's almost done. I'll run the second scan after this one and post the log hopefully soon. 


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP