This topic is locked
I'm just wanting to make sure theres nothing bad on my pc, I've downloaded different things on my pc within the last couple months. One thing that stood out was Exitlag, when I was downloading it cmd opened up a couple times, other than that I just wanna make sure theres no viruses or malware on my pc. The "one month" option was enabled by default for the frst64 scan, not sure if that matters.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-03-2021
Ran by Dohnovan (administrator) on DESKTOP-LBHF8BQ (Micro-Star International Co., Ltd MS-7A38) (17-03-2021 17:35:58)
Running from C:\Users\Dohnovan\Desktop
Loaded Profiles: Dohnovan
Platform: Windows 10 Home Version 2004 19041.867 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Advanced Micro Devices, Inc. -> ) C:\Program Files\AMD\Performance Profile Client\RyzenMaster\AUEPRyzenMasterAC.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPUF.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0361132.inf_amd64_1f7832db1fb1721f\B361196\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0361132.inf_amd64_1f7832db1fb1721f\B361196\atiesrxx.exe
(A-Volute -> ) C:\Program Files\SteelSeries\SS Audio\Foundation\SSAudioSvc32.exe
(A-Volute -> ) C:\Program Files\SteelSeries\SS Audio\Foundation\x64\SSAudioSvc64.exe
(Discord Inc. -> Discord Inc.) C:\Users\Dohnovan\AppData\Local\Discord\app-0.0.309\Discord.exe <6>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <27>
(Intel Corporation -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2101.10.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\NisSrv.exe
(Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\Synapse3\UserProcess\Razer Synapse Service Process.exe
(Razer USA Ltd. -> Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
(Razer USA Ltd. -> The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe <2>
(SKOWSAND SERVICOS DE PROVEDORES E INTERNET LTDA -> ) C:\Program Files (x86)\ExitLag\ExitLag.exe
(SteelSeries ApS -> SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(SurfRight B.V. -> SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe <2>
Failed to access process -> Wow.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [68822328 2020-12-09] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3412696 2021-02-12] (Valve -> Valve Corporation)
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [915848 2020-03-30] (Nota Inc. -> Nota Inc.)
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3514920 2021-02-17] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Run: [Discord] => C:\Users\Dohnovan\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Run: [MicrosoftEdgeAutoLaunch_00A5886472D738EB72DDF8FA2142FB70] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window /prefetch:5
HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3514920 2021-02-17] (Razer USA Ltd. -> Razer Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [OpenVPN_UserSetup] -> reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OPENVPN-GUI /f
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.90\Installer\chrmstp.exe [2021-03-15] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\89.1.21.77\Installer\chrmstp.exe [2021-03-16] (Brave Software, Inc. -> Brave Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2021-03-04]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS -> SteelSeries ApS)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0637FEC9-06AC-449A-BF4E-E6BED95DCC3A} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {08E5B611-4DA5-4724-BF5F-CEB73F9E0C7D} - System32\Tasks\SSAudioSvc64Run => C:\Program Files\Steelseries\SS Audio\Foundation\x64\SSAudioSvc64.exe [797088 2020-01-08] (A-Volute -> )
Task: {0928E190-F287-4F5C-B4C2-C91EBEF0A617} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [6785448 2020-03-30] (Nota Inc. -> Nota Inc.)
Task: {2056852B-7FD2-4A15-B3BB-A572538B873D} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141136 2021-03-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {2AFE60A3-3C00-4AF5-BFF5-8D96C9C8F860} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [155848 2020-09-19] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {3CC61B8F-270F-4917-8C77-21D41ED095BC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3CDC5251-0B55-4A4A-9579-2488F886DFF1} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [69304 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {40A3F6A7-F257-4902-A390-7DCFD5A91E29} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23079792 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {4C2698A0-2081-41C8-BED8-AC4ED59CE7D4} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141136 2021-03-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {505D63DD-6A8F-45D9-85F7-1EC3191CFFC0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {568E4EEF-5E99-4C66-B8E9-DA74BFF2DCA1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-01-14] (Google Inc -> Google Inc.)
Task: {72272DFC-049E-46D5-8C98-9563407B5D9D} - System32\Tasks\SSAudioSvc32Run => C:\Program Files\Steelseries\SS Audio\Foundation\SSAudioSvc32.exe [1299872 2020-01-08] (A-Volute -> )
Task: {74179A8A-C0E8-414F-A534-60A61959BC6F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7D175ED4-61FE-450C-9073-38242E442B00} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [6785448 2020-03-30] (Nota Inc. -> Nota Inc.)
Task: {7D484749-46DF-40A9-AF50-007BE595726C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-01-14] (Google Inc -> Google Inc.)
Task: {90BC0D96-AECB-403D-9A9C-3A89920BEF3F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9FF808B4-FEF0-4422-BECB-E25DFD0F53E5} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Dohnovan\Downloads\esetonlinescanner_enu.exe [15019488 2021-02-21] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {A51BF9E0-8AF7-4CB0-8349-B9473E451198} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710464 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {B6928123-FBFA-4D0E-91EA-C81EB0C167C8} - System32\Tasks\StartCNBM => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {BC2173B5-C39F-40B2-99E4-F41B28F26961} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [155848 2020-09-19] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {BEAB7D25-06AE-4903-8869-D1451610EAE1} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23079792 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {C79BF558-573A-4BB0-A5A6-A6C79E3FC83F} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Dohnovan\Downloads\esetonlinescanner_enu.exe [15019488 2021-02-21] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {E90C32A5-7EE5-42DC-97BD-B7CEDA264326} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710464 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{1a8f5a04-83c8-490b-b4bc-64e8c2c6fd6d}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{1cd6b0cf-5059-4ef2-9609-a8d02c0c81b4}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{3c01823b-a919-4197-a2ce-b7ef6cd5d03a}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{57a5de9c-d2e2-48be-96b9-44b1389dcc84}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{8f09853e-c450-47d3-b7bc-5aedbe848278}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{dad6bf82-733a-495c-84a7-154afa6ad446}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{e0510115-42dc-46d8-842a-cc54eeda8aa9}: [DhcpNameServer] 10.0.1.1
Edge:
=======
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.19.0_neutral__d55gg7py3s0m0 [2020-02-12]
Edge Extension: (AdGuard AdBlocker) -> EdgeExtension_AdguardAdguardAdBlocker_m055xr0c82818 => C:\Program Files\WindowsApps\Adguard.AdguardAdBlocker_3.3.8.0_neutral__m055xr0c82818 [2020-01-11]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Dohnovan\AppData\Local\Microsoft\Edge\User Data\Default [2021-03-17]
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\Dohnovan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2021-02-05]
Edge Extension: (AdGuard AdBlocker) - C:\Users\Dohnovan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pdffkfellgipmhklpdmokmckkkfcopbh [2020-12-24]
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll [No File]
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=3 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2020-09-19] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=9 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2020-09-19] (Brave Software, Inc. -> BraveSoftware Inc.)
Chrome:
=======
CHR Profile: C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default [2021-03-17]
CHR Notifications: Default -> hxxps://www.youtube.com
CHR HomePage: Default -> hxxps://www.google.com/
CHR Extension: (Slides) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-14]
CHR Extension: (Docs) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-14]
CHR Extension: (Google Drive) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-22]
CHR Extension: (YouTube) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-14]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-01-29]
CHR Extension: (Sheets) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-14]
CHR Extension: (Google Docs Offline) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-11]
CHR Extension: (MetaMask) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2021-03-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-14]
Brave:
=======
BRA Profile: C:\Users\Dohnovan\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-01-02]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\Dohnovan\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2020-12-27]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\Dohnovan\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2020-12-27]
BRA Extension: (Brave NTP sponsored images) - C:\Users\Dohnovan\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2020-12-27]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\Dohnovan\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2020-09-19]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\Dohnovan\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2021-01-02]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ArcService; C:\Program Files (x86)\Arc\ArcService.exe [125488 2020-05-26] (Perfect World Entertainment -> Perfect World Entertainment Inc)
R2 AUEPLauncher; C:\Program Files\AMD\CIM\..\Performance Profile Client\AUEPLauncher.exe [61832 2020-11-13] (Advanced Micro Devices, Inc. -> AMD)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8403672 2019-04-17] (BattlEye Innovations e.K. -> )
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [155848 2020-09-19] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [155848 2020-09-19] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8988552 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [810928 2021-02-26] (EasyAntiCheat Oy -> Epic Games, Inc)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [5136328 2020-12-21] (SurfRight B.V. -> SurfRight B.V.)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-02-21] (Malwarebytes Inc -> Malwarebytes)
R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [449664 2018-08-28] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [942720 2018-09-12] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [253776 2020-12-01] (Razer USA Ltd. -> Razer Inc)
R2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [294440 2021-02-17] (Razer USA Ltd. -> Razer Inc.)
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [533808 2021-01-29] (Razer USA Ltd. -> Razer Inc.)
S3 SteelSeriesUpdateService; C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesUpdateService.exe [32912 2021-03-03] (SteelSeries ApS -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\NisSrv.exe [2483616 2021-03-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MsMpEng.exe [128376 2021-03-16] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [62056 2020-07-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 cpuz149; C:\Users\Dohnovan\AppData\Local\Temp\cpuz149\cpuz149_x64.sys [44320 2021-03-15] (CPUID S.A.R.L.U. -> CPUID) <==== ATTENTION
S3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2019-04-02] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
R1 hmpalert; C:\WINDOWS\system32\drivers\hmpalert.sys [429800 2020-12-21] (SurfRight B.V. -> SurfRight B.V.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220616 2021-03-15] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-02-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-03-15] (Malwarebytes Inc -> Malwarebytes)
R1 ndextlag; C:\WINDOWS\system32\DRIVERS\ndextlag.sys [48640 2018-04-11] (Mainline Net Holdings Limited -> SKOWSAND SERVICOS DE PROVEDORES E INTERNET LTDA - ME)
S3 ocznvme; C:\WINDOWS\System32\drivers\ocznvme.sys [99592 2016-06-10] (Toshiba America Electronic Components, Inc. -> TOSHIBA CORPORATION)
S3 ocztrimfilter; C:\WINDOWS\System32\drivers\ocztrimfilter.sys [29064 2016-06-10] (Toshiba America Electronic Components, Inc. -> TOSHIBA CORPORATION)
R3 RzCommon; C:\WINDOWS\System32\drivers\RzCommon.sys [53656 2020-11-15] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_0067; C:\WINDOWS\System32\drivers\RzDev_0067.sys [54152 2020-08-24] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_024e; C:\WINDOWS\System32\drivers\RzDev_024e.sys [54168 2020-08-24] (Razer USA Ltd. -> Razer Inc)
S3 secnvme; C:\WINDOWS\System32\drivers\secnvme.sys [135688 2016-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd)
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [48848 2020-09-25] (SteelSeries ApS -> SteelSeries ApS)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [47920 2020-02-20] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [24064 2019-12-07] (Microsoft Corporation) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-03-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [420072 2021-03-16] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72952 2021-03-16] (Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [47096 2018-02-18] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2019-06-19] (Zemana Ltd. -> Zemana Ltd.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-03-17 17:35 - 2021-03-17 17:38 - 000024619 _____ C:\Users\Dohnovan\Desktop\FRST.txt
2021-03-17 15:39 - 2021-03-17 15:47 - 000000000 ____D C:\Users\Dohnovan\Desktop\World of Warcraft 3.3.5a (no install) - Copy
2021-03-17 15:24 - 2021-03-17 15:24 - 000000000 ____D C:\Users\Dohnovan\AppData\Local\Glitchy_Inc
2021-03-17 15:20 - 2021-03-17 15:20 - 000000000 ____D C:\Users\Dohnovan\Desktop\ModelSwapper
2021-03-17 14:56 - 2021-03-17 14:57 - 004573374 _____ C:\Users\Dohnovan\Downloads\T-morph.zip
2021-03-17 14:02 - 2021-03-17 14:02 - 000000000 ____D C:\Users\Dohnovan\Desktop\Bartender4
2021-03-17 13:53 - 2021-03-17 14:13 - 000000000 ____D C:\Users\Dohnovan\Desktop\AddOns
2021-03-17 13:52 - 2021-03-17 13:53 - 003521778 _____ C:\Users\Dohnovan\Downloads\AddOns.rar
2021-03-17 13:06 - 2021-03-17 13:06 - 000008741 _____ C:\Users\Dohnovan\Desktop\Weakauras imports.txt
2021-03-16 09:43 - 2021-03-16 09:43 - 002533420 _____ C:\Users\Dohnovan\Downloads\Order_Proposed Plea Agreement.pdf
2021-03-15 19:05 - 2021-03-15 19:05 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-03-15 19:05 - 2021-03-15 19:05 - 000220616 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-03-15 11:14 - 2021-03-15 11:15 - 006650778 _____ C:\Users\Dohnovan\Downloads\WeakAuras-WotLK-master.zip
2021-03-11 00:12 - 2021-03-11 00:12 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-03-11 00:11 - 2021-03-11 00:11 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-03-11 00:11 - 2021-03-11 00:11 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-03-11 00:11 - 2021-03-11 00:11 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-03-11 00:11 - 2021-03-11 00:11 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-03-11 00:11 - 2021-03-11 00:11 - 000011359 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-03-11 00:10 - 2021-03-11 00:10 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-03-11 00:10 - 2021-03-11 00:10 - 001394024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-03-11 00:10 - 2021-03-11 00:10 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll
2021-03-11 00:10 - 2021-03-11 00:10 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-03-11 00:10 - 2021-03-11 00:10 - 000091136 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-03-09 11:44 - 2021-03-09 11:44 - 011726229 _____ C:\Users\Dohnovan\Desktop\2021-03-09_103532.pdf
2021-03-08 23:22 - 2021-03-08 23:22 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\7223659E.sys
2021-03-08 12:03 - 2021-03-08 12:03 - 009214514 _____ C:\Users\Dohnovan\Desktop\2021-03-08_105557.pdf
2021-03-03 18:48 - 2021-03-03 18:48 - 000051385 _____ C:\Users\Dohnovan\Downloads\_NPCScan-3.3.5.5.zip
2021-03-01 22:07 - 2021-03-17 08:27 - 000000000 ____D C:\Users\Dohnovan\AppData\Local\ExitLag
2021-03-01 22:07 - 2021-03-01 22:31 - 000000000 ____D C:\Users\Dohnovan\AppData\Roaming\ExitLag
2021-03-01 21:55 - 2021-03-02 12:22 - 000000000 ____D C:\Program Files (x86)\ExitLag
2021-03-01 21:55 - 2021-03-01 21:55 - 000001079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExitLag.lnk
2021-03-01 21:55 - 2021-03-01 21:55 - 000001067 _____ C:\ProgramData\Desktop\ExitLag.lnk
2021-03-01 21:55 - 2018-04-11 14:42 - 000048640 _____ (SKOWSAND SERVICOS DE PROVEDORES E INTERNET LTDA - ME) C:\WINDOWS\system32\Drivers\ndextlag.sys
2021-03-01 21:54 - 2021-03-01 21:54 - 017616504 _____ (ExitLag ) C:\Users\Dohnovan\Downloads\SetupExitLag_v4952.exe
2021-03-01 21:52 - 2021-03-01 21:52 - 000000022 _____ C:\Users\Dohnovan\Desktop\exitlag.txt
2021-03-01 20:52 - 2021-03-08 23:19 - 000007598 _____ C:\Users\Dohnovan\AppData\Local\Resmon.ResmonCfg
2021-02-26 20:21 - 2021-02-26 20:21 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2021-02-26 19:04 - 2021-02-26 19:04 - 000000907 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black Desert.lnk
2021-02-26 19:04 - 2021-02-26 19:04 - 000000875 _____ C:\ProgramData\Desktop\Black Desert.lnk
2021-02-26 19:04 - 2021-02-26 19:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black Desert
2021-02-26 19:04 - 2021-02-26 19:04 - 000000000 ____D C:\Pearlabyss
2021-02-26 19:03 - 2021-02-26 19:03 - 030787048 _____ (PearlAbyss Corp. ) C:\Users\Dohnovan\Downloads\BlackDesert_Installer_NA.exe
2021-02-25 18:51 - 2021-02-25 18:51 - 000030948 _____ C:\Users\Dohnovan\Downloads\PreformAVEnabler2.5.zip
2021-02-23 20:06 - 2021-02-24 14:25 - 000000618 _____ C:\Users\Dohnovan\Desktop\Passwords.txt
2021-02-21 16:31 - 2021-02-21 16:31 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-02-21 16:31 - 2021-02-21 16:31 - 000002028 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-02-21 16:31 - 2021-02-21 16:30 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-02-21 16:31 - 2021-02-21 16:30 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-02-21 16:30 - 2021-02-21 16:30 - 000000000 ____D C:\Program Files\Malwarebytes
2021-02-21 16:29 - 2021-02-21 16:29 - 002084016 _____ (Malwarebytes) C:\Users\Dohnovan\Downloads\MBSetup.exe
2021-02-20 17:45 - 2021-02-20 17:45 - 000000026 _____ C:\Users\Dohnovan\Desktop\d&d message from orcs.txt
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-03-17 17:41 - 2020-12-09 20:01 - 000000000 ____D C:\Users\Dohnovan\AppData\Roaming\discord
2021-03-17 17:40 - 2019-06-19 15:48 - 005756776 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2021-03-17 17:37 - 2019-06-19 20:30 - 000000000 ____D C:\FRST
2021-03-17 17:35 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-03-17 17:34 - 2019-06-19 20:29 - 002300928 _____ (Farbar) C:\Users\Dohnovan\Desktop\FRST64.exe
2021-03-17 15:52 - 2020-06-03 11:41 - 000000000 ____D C:\Users\Dohnovan\Desktop\World of Warcraft 3.3.5a (no install)
2021-03-17 15:50 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-03-17 09:26 - 2020-06-18 15:49 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-03-17 09:26 - 2019-12-07 03:13 - 000000000 ____D C:\WINDOWS\INF
2021-03-17 08:26 - 2021-01-04 11:37 - 000000000 ____D C:\Users\Dohnovan\AppData\Local\AMD_Common
2021-03-17 08:22 - 2020-12-20 10:43 - 000003132 _____ C:\WINDOWS\system32\Tasks\AMDInstallLauncher
2021-03-17 08:16 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-03-16 21:05 - 2020-06-18 14:32 - 000000000 ____D C:\Users\Dohnovan
2021-03-16 20:50 - 2020-06-18 16:04 - 000004172 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{4C0E0C52-0BCF-4545-B5E0-AA2D9A8EA0A4}
2021-03-16 15:17 - 2020-06-18 15:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-03-16 08:18 - 2017-12-13 05:05 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-03-16 00:04 - 2020-09-19 15:59 - 000002371 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2021-03-16 00:04 - 2020-09-19 15:59 - 000002330 _____ C:\ProgramData\Desktop\Brave.lnk
2021-03-15 14:03 - 2018-01-14 11:42 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-03-15 14:03 - 2018-01-14 11:42 - 000002267 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-03-15 09:16 - 2019-12-07 03:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-03-15 08:39 - 2020-06-13 10:56 - 000002428 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-03-15 08:39 - 2020-06-13 10:56 - 000002266 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-03-15 08:13 - 2020-06-18 16:04 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-03-15 08:13 - 2020-06-18 15:39 - 000008192 ___SH C:\DumpStack.log.tmp
2021-03-14 18:16 - 2020-06-18 16:04 - 000003384 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2108490749-413910539-1021375685-1003
2021-03-14 18:15 - 2020-06-18 14:32 - 000002379 _____ C:\Users\Dohnovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-03-14 18:15 - 2017-12-09 11:39 - 000000000 ___RD C:\Users\Dohnovan\OneDrive
2021-03-14 17:50 - 2020-06-18 16:04 - 000003824 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2021-03-14 17:50 - 2020-06-18 16:04 - 000003382 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2021-03-14 17:50 - 2019-06-20 10:43 - 000000808 _____ C:\Users\Dohnovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-03-14 12:05 - 2019-06-19 15:54 - 000000000 ____D C:\ProgramData\HitmanPro.Alert
2021-03-14 12:04 - 2019-12-07 03:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-03-14 12:04 - 2017-04-11 10:49 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2021-03-14 12:00 - 2017-03-18 15:03 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-03-14 11:56 - 2017-12-09 15:53 - 000000000 ____D C:\Users\Dohnovan\AppData\Roaming\steelseries-engine-3-client
2021-03-14 11:55 - 2018-04-14 10:45 - 000000000 ____D C:\Users\Dohnovan\AppData\Local\CrashDumps
2021-03-13 22:34 - 2019-12-07 03:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-03-13 22:34 - 2017-04-07 15:15 - 000000000 ____D C:\Program Files\Microsoft Office
2021-03-11 00:46 - 2020-06-18 15:39 - 000436016 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-03-11 00:43 - 2019-12-07 03:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-03-11 00:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-03-11 00:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-03-11 00:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-03-11 00:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-03-11 00:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-03-11 00:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-03-11 00:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-03-11 00:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-03-11 00:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-03-11 00:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-03-11 00:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-03-11 00:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-03-11 00:20 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-03-10 23:30 - 2017-12-09 11:41 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-03-10 23:25 - 2017-12-09 11:40 - 131005360 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-03-09 11:32 - 2017-12-09 19:50 - 000000000 ____D C:\Users\Dohnovan\AppData\Local\Packages
2021-03-09 11:27 - 2019-04-05 09:21 - 000000000 ____D C:\Users\Dohnovan\Desktop\mbar
2021-03-09 11:27 - 2019-04-05 09:21 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2021-03-03 21:52 - 2020-11-02 10:08 - 000003510 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA1d6b1325f7ebb04
2021-03-03 21:52 - 2020-11-02 10:07 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6b1323b307d96
2021-03-02 18:27 - 2018-03-13 16:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2021-03-01 22:33 - 2020-09-21 18:28 - 000000680 _____ C:\Users\Dohnovan\Desktop\ESET Online Scanner.lnk
2021-03-01 16:28 - 2018-05-21 16:36 - 000000000 ____D C:\Users\Dohnovan\AppData\Local\D3DSCache
2021-03-01 13:59 - 2017-12-08 22:06 - 000000000 ____D C:\Program Files (x86)\Steam
2021-02-26 22:10 - 2018-05-21 16:18 - 000000000 ____D C:\Users\Dohnovan\AppData\Local\AMD
2021-02-26 20:21 - 2019-06-13 02:11 - 000000000 ____D C:\Users\Dohnovan\AppData\Roaming\EasyAntiCheat
2021-02-26 19:05 - 2017-12-11 11:45 - 000000000 ____D C:\Users\Dohnovan\Documents\Black Desert
2021-02-24 14:16 - 2019-04-17 13:07 - 000000000 ____D C:\Users\Dohnovan\Desktop\Wotlk addons
2021-02-24 13:24 - 2020-11-29 18:56 - 000000000 ____D C:\Users\Dohnovan\Desktop\Genshin Impact
2021-02-23 13:55 - 2021-01-06 14:50 - 000000090 _____ C:\Users\Dohnovan\Desktop\black desert.txt
2021-02-21 18:50 - 2019-06-20 10:47 - 015019488 _____ (ESET spol. s r.o.) C:\Users\Dohnovan\Downloads\esetonlinescanner_enu.exe
2021-02-21 16:31 - 2019-12-07 03:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-02-20 07:09 - 2020-11-20 01:36 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
==================== Files in the root of some directories ========
2017-12-18 14:43 - 2017-12-18 14:43 - 018102328 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2021-03-01 20:52 - 2021-03-08 23:19 - 000007598 _____ () C:\Users\Dohnovan\AppData\Local\Resmon.ResmonCfg
2019-12-02 20:28 - 2019-12-02 20:28 - 000000000 _____ () C:\Users\Dohnovan\AppData\Local\{2E790E1A-D8C4-4654-B4E8-3C78CC7E0B81}
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-03-2021
Ran by Dohnovan (17-03-2021 17:42:28)
Running from C:\Users\Dohnovan\Desktop
Windows 10 Home Version 2004 19041.867 (X64) (2020-06-18 22:05:25)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2108490749-413910539-1021375685-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2108490749-413910539-1021375685-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2108490749-413910539-1021375685-1002 - Limited - Disabled)
Dohnovan (S-1-5-21-2108490749-413910539-1021375685-1003 - Administrator - Enabled) => C:\Users\Dohnovan
Guest (S-1-5-21-2108490749-413910539-1021375685-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2108490749-413910539-1021375685-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Spybot - Search and Destroy (Disabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {51405D0C-825B-964D-00BD-77E435F203F3}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 20.11.2 - Advanced Micro Devices, Inc.)
APOInstallerMSISetup (HKLM\...\{5C4734F8-9AF3-4324-A36E-DC147853B2F5}) (Version: 1.2.1101 - Steelseries) Hidden
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.1.0.17816 - Perfect World Entertainment)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.36.1 - Asmedia Technology)
AudioDeviceFXPluginSampleUIMSISetup (HKLM\...\{C9BA81B6-4A0F-454A-B331-81A45A57573E}) (Version: 1.2.1101 - Steelseries) Hidden
Belarc Advisor 9.0 (HKLM-x32\...\Belarc Advisor) (Version: 9.0.0.0 - Belarc Inc.)
Black Desert (HKLM-x32\...\BlackDesert_NA_is1) (Version: 1.0 - PearlAbyss Corp.)
Branding64 (HKLM\...\{856DA29A-EA4A-468B-BBC2-B5F60DD75BFE}) (Version: 1.00.0002 - Advanced Micro Devices, Inc.) Hidden
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 89.1.21.77 - Brave Software Inc)
Discord (HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Discord) (Version: 0.0.309 - Discord Inc.)
ExitLag version 4 (HKLM-x32\...\{B3117F72-F22D-4DA7-B554-B3F4EDBB408F}_is1) (Version: 4 - ExitLag)
Genshin Impact (HKLM\...\Genshin Impact) (Version: 2.6.1.0 - miHoYo Co.,Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.90 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
Gyazo 4.1.2.0 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
HitmanPro.Alert 3 (HKLM\...\HitmanPro.Alert) (Version: 3.8.8.889 - SurfRight B.V.)
Intel® Wireless Bluetooth® (HKLM-x32\...\{0E13241D-76B0-4A4C-9665-3969F55C08D5}) (Version: 19.40.1702.1091 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{263d87d0-9772-40be-ab36-eabbdbff49f7}) (Version: 21.20.1 - Intel Corporation)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.13801.20294 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.54 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 89.0.774.54 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\OneDriveSetup.exe) (Version: 21.030.0211.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 2.1.0 - Nexon)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13801.20274 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13801.20294 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13801.20274 - Microsoft Corporation) Hidden
OldSchool RuneScape Launcher 1.2.7 (HKLM-x32\...\{FEDDCE73-34B8-4980-90B8-8619A78C902C}) (Version: 1.2.7 - Jagex Ltd)
Path of Building version 1.4.137 (HKLM-x32\...\{72FA9AB7-189F-4BDE-8856-72DEB90C157B}_is1) (Version: 1.4.137 - Openarl)
ProductDaemonSetup (HKLM\...\{C31282E4-C1A3-433C-A803-D9ED4A99DC8F}) (Version: 1.2.1101 - Steelseries) Hidden
Razer Chroma SDK (HKLM-x32\...\Razer Chroma SDK) (Version: 2.21.1 - Razer Inc.)
Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.6.0228.021813 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.4.1 - Rockstar Games)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
SSAudio (HKLM-x32\...\{1c112a1f-1120-415d-85ab-7a3de5b0a9c2}) (Version: 1.2.1101 - Steelseries)
SSAudioDaemonMSISetup (HKLM\...\{CDEA766D-38C5-448B-8316-02D01C842E1E}) (Version: 1.2.1101 - Steelseries) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.19.2 (HKLM\...\SteelSeries Engine 3) (Version: 3.19.2 - SteelSeries ApS)
TeamSpeak 3 Client (HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\TeamSpeak 3 Client) (Version: 3.1.6 - TeamSpeak Systems GmbH)
The Witcher 3 Mod Manager (HKLM\...\{B8F09437-C8B5-4DFD-B655-C93E8C05A8DE}) (Version: 0.6.4 - stefan3372)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F14FB68A-9188-4036-AD0D-D054BC9C9291}) (Version: 2.59.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0-3) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
Packages:
=========
9 zip -> C:\Program Files\WindowsApps\184MagikHub.9zip_3.3.75.0_x64__hvr7qkvwfhvx6 [2020-07-19] (Magik Hub) [MS Ad]
Adblock Plus -> C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.19.0_neutral__d55gg7py3s0m0 [2020-02-12] (eyeo GmbH)
AdGuard AdBlocker -> C:\Program Files\WindowsApps\Adguard.AdguardAdBlocker_3.3.8.0_neutral__m055xr0c82818 [2020-01-11] (Performix)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-06] (Autodesk Inc.)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.2.36.0_x86__kgqvnymyfvs32 [2021-02-18] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.188.300.0_x86__kgqvnymyfvs32 [2021-03-03] (king.com)
Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_5.8.13.0_x86__h6adky7gbf63m [2021-03-15] (Gameloft SE)
Hidden City: Hidden Object Adventure -> C:\Program Files\WindowsApps\828B5831.HiddenCityMysteryofShadows_1.40.4001.0_x86__ytsefhwckbdv6 [2021-03-03] (G5 Entertainment AB)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_122.3.838.0_x64__v10z8vjag6ke6 [2021-03-03] (HP Inc.)
March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_5.4.2.1_x86__h6adky7gbf63m [2021-03-15] (Gameloft SE)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-20] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-20] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-01-27] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.16.21005.0_x64__8wekyb3d8bbwe [2021-03-10] (Microsoft Studios)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-04-05] (Microsoft Corporation)
Plex -> C:\Program Files\WindowsApps\CAF9E577.Plex_3.2.20.0_x64__aam28m9va5cke [2017-12-09] (Plex)
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2017-12-27] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [HitmanPro.Alert Shell Extension] -> {6FAC02B7-77D6-418B-AC11-962C65CDE8DD} => C:\WINDOWS\system32\hmpshell.dll [2020-12-21] (SurfRight B.V. -> SurfRight B.V.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-21] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2020-11-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-21] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2020-07-27 15:14 - 2020-07-27 15:14 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 003567616 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2020-03-19 06:40 - 2020-03-19 06:40 - 000912896 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-core.dll
2020-03-19 06:40 - 2020-03-19 06:40 - 003109888 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-s3.dll
2015-02-19 01:13 - 2015-02-19 01:13 - 000817152 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\Device.dll
2015-02-19 01:13 - 2015-02-19 01:13 - 003650560 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\Platform.dll
2020-11-13 15:48 - 2020-11-13 15:48 - 001470976 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\WVR\OpenVR\bin\win64\driver_amdwvr.dll
2021-03-01 21:55 - 2020-10-02 12:28 - 002180096 _____ (Google Inc.) [File not signed] C:\Program Files (x86)\ExitLag\libprotobuf.dll
2019-12-23 10:49 - 2019-12-23 10:49 - 002146304 _____ (Holtek Semiconductor Inc.) [File not signed] C:\Program Files\SteelSeries\SteelSeries Engine 3\HIDDLL.dll
2019-12-23 10:49 - 2019-12-23 10:49 - 002284032 _____ (Holtek) [File not signed] C:\Program Files\SteelSeries\SteelSeries Engine 3\ISPDLL.dll
2021-03-01 21:55 - 2020-10-02 12:26 - 000104960 _____ (SKOWSAND SERVICOS DE PROVEDORES E INTERNET LTDA - ME) [File not signed] C:\Program Files (x86)\ExitLag\ndisapi.dll
2021-03-01 21:55 - 2019-09-17 14:14 - 002153472 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\ExitLag\libcrypto-1_1.dll
2021-03-01 21:55 - 2019-09-17 14:14 - 000499712 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\ExitLag\libssl-1_1.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000039424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000414720 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000024576 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000532992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 001441792 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 001189888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000134656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\styles\qwindowsvistastyle.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000058880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt\labs\folderlistmodel\qmlfolderlistmodelplugin.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 006184448 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 006867456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 001104896 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000325120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 003668480 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000517120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlModels.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000051712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlWorkerScript.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 004228608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000171008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickControls2.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 001085440 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickTemplates2.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000205824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000329728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000127488 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000390656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 095598080 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 005587968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000462848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000188928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 002878464 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000055808 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQml\qmlplugin.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000284160 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000333824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000136704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000090112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000313856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2020-11-13 16:00 - 2020-11-13 16:00 - 000091648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtWebEngine\qtwebengineplugin.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://oem17win10.msn.com/?pc=NMTE
SearchScopes: HKU\S-1-5-21-2108490749-413910539-1021375685-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-2108490749-413910539-1021375685-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-2108490749-413910539-1021375685-1003 -> {DFAEECB9-2C31-4635-BFCD-485BAEABDD31} URL =
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll => No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2019-01-25] (Belarc, Inc. -> Belarc, Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-03-18 15:03 - 2020-12-29 17:04 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Razer Chroma SDK\bin;C:\Program Files\Razer Chroma SDK\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Users\Dohnovan\AppData\Local\Microsoft\WindowsApps;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\WindowsApps;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
Network Binding:
=============
Wi-Fi: ExitLag Game Booster -> nt_ndextlag (enabled)
Local Area Connection: ExitLag Game Booster -> nt_ndextlag (enabled)
Ethernet 2: ExitLag Game Booster -> nt_ndextlag (enabled)
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run32: => "Discord"
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\StartupApproved\Run: => "Gyazo"
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\StartupApproved\Run: => "BitTorrent"
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\StartupApproved\Run: => "OPENVPN-GUI"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{F0412D97-2B69-47C9-BBFB-2ED8469D7CE2}] => (Block) C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe (Take-Two Interactive Software, Inc.) [File not signed]
FirewallRules: [{54B9FF3F-545D-4E04-86D8-EA8F5621F500}] => (Block) C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe (Take-Two Interactive Software, Inc.) [File not signed]
FirewallRules: [UDP Query User{A0E149A6-970C-44C4-AFFC-02FC91A4CB96}C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe (Take-Two Interactive Software, Inc.) [File not signed]
FirewallRules: [TCP Query User{C8177E75-DFAB-46C2-B950-CE420F73D664}C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe (Take-Two Interactive Software, Inc.) [File not signed]
FirewallRules: [{1A19CF1E-D116-42F0-B9A7-384643F19007}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BorderlandsGOTYEnhanced\Binaries\Win64\Launcher.exe (Gearbox Software) [File not signed]
FirewallRules: [{EB032B57-B507-45D3-A36B-2EB7427FE64F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BorderlandsGOTYEnhanced\Binaries\Win64\Launcher.exe (Gearbox Software) [File not signed]
FirewallRules: [{8B20679D-6B13-4526-A9F9-DA769BDB75F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Real Pool 3D\Poolians.exe () [File not signed]
FirewallRules: [{6194837C-5728-41B2-9102-A3C8FA70A4DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Real Pool 3D\Poolians.exe () [File not signed]
FirewallRules: [{E246DB11-0299-4E9E-BAF1-F9600C9E1E87}] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{F01FBF58-567C-4C2D-9E09-69501E7126D0}] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{0C6F481E-F930-4C76-AE5C-202166C80AE3}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{3A8F03ED-1DF4-4EFC-AB24-470F3D8E2A04}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{A73A6A68-3D6E-4ACB-BB1C-69891D2BC2E1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{D98FA1A5-1463-4F80-B944-62DCFE82B0DA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{21FC1428-1EFB-47FF-BF78-DB5B1945382E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{A8E5B1A0-6D7D-4D9C-96E1-B72039726CC2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{3D351B8C-C55C-4E63-8639-18CAD54C17A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe (Bethesda Softworks -> ZeniMax Media Inc.)
FirewallRules: [{F51AAC48-DBDB-4C61-8F51-A45DA1FA8EB5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe (Bethesda Softworks -> ZeniMax Media Inc.)
FirewallRules: [{778DC5E1-C574-45F8-B392-C78E46DEBF4C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex Mankind Divided\retail\DXMD.exe () [File not signed]
FirewallRules: [{9D6CABF9-DFDA-4F3C-9AC8-6092BAA007E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex Mankind Divided\retail\DXMD.exe () [File not signed]
FirewallRules: [{8D6BD339-6DB0-4B01-B064-950E1CB534FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored2\Dishonored2.exe (Arkane Studios) [File not signed]
FirewallRules: [{D37551E3-AE21-495A-90C1-0CE6907D3259}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored2\Dishonored2.exe (Arkane Studios) [File not signed]
FirewallRules: [{47CDB22F-7783-4CED-BF1C-D9ACDD81E0D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe (Grinding Gear Games Limited -> )
FirewallRules: [{7F676C03-41AA-4617-AA13-BC0B88A05086}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe (Grinding Gear Games Limited -> )
FirewallRules: [{F2E459D0-8C52-44F9-B805-AFDA263B500D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win64\PaladinsEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{AE0EC883-ECC1-4257-9241-1C9586835901}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win64\PaladinsEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [TCP Query User{2C813A9F-F998-4D44-8B34-6963CF481A47}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [UDP Query User{355EBCE9-2330-4B92-8E46-C7C76C402DA4}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [TCP Query User{4F7CACBF-BBB5-428E-B6EE-D1163044D084}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Block) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [UDP Query User{31B319D4-01B2-48FE-81A7-51110CE771B7}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Block) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [{732F52FA-463B-4228-8163-A5EC1E0B8C73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [{50E286A9-EC43-4A42-82B3-B541B6893C62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [{1F8ED8C6-7BC4-4A9D-A0C4-CB325EFD5D6B}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Wireless Connectivity Solutions -> )
FirewallRules: [{E1E9BDFC-BB39-4D5E-B9CC-F37AA903F734}] => (Allow) C:\Users\Dohnovan\AppData\Roaming\BitTorrent\BitTorrent.exe => No File
FirewallRules: [{C00B9E7C-48C9-403C-A6C7-EF0F869BEEC6}] => (Allow) C:\Users\Dohnovan\AppData\Roaming\BitTorrent\BitTorrent.exe => No File
FirewallRules: [TCP Query User{A233F08F-5982-4711-85E2-A5AB6B2413D6}C:\users\dohnovan\desktop\tauri launcher\launcher.exe] => (Allow) C:\users\dohnovan\desktop\tauri launcher\launcher.exe => No File
FirewallRules: [UDP Query User{67787C8A-6E03-4C10-A39A-B801F1DA8CC1}C:\users\dohnovan\desktop\tauri launcher\launcher.exe] => (Allow) C:\users\dohnovan\desktop\tauri launcher\launcher.exe => No File
FirewallRules: [{10E915F4-B060-41ED-9099-5EF5FEDC51B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe (Tripwire Interactive, LLC.) [File not signed]
FirewallRules: [{A1107BB9-D07D-4538-921E-DD81D2AEECB1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe (Tripwire Interactive, LLC.) [File not signed]
FirewallRules: [TCP Query User{1CCF9CB6-5616-4D68-9F54-857142823256}C:\users\dohnovan\desktop\tauri launcher\launcher.exe] => (Allow) C:\users\dohnovan\desktop\tauri launcher\launcher.exe => No File
FirewallRules: [UDP Query User{1E7F3146-2404-4722-94C4-BF984C21F99B}C:\users\dohnovan\desktop\tauri launcher\launcher.exe] => (Allow) C:\users\dohnovan\desktop\tauri launcher\launcher.exe => No File
FirewallRules: [{B9560637-801F-41CE-A17C-F3FDC19C0A25}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C3962E0D-CDF1-4C1F-8433-70CA4D2E8E5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe (Tripwire Interactive, LLC.) [File not signed]
FirewallRules: [{9C079169-4035-4C47-9C96-D876628FC9B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe (Tripwire Interactive, LLC.) [File not signed]
FirewallRules: [{BE5EC272-EEEF-4A15-B949-0B4AA4DF9A49}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EA284918-D546-44FC-90DB-F67C0A01F451}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F99F2C57-33C0-4429-8589-6EA1F26FE6B5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{90608AD6-5A3D-4F73-BB7B-228D13F18FB6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2DDA88AE-D073-4B3F-B7A0-7B4FD068EBE8}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\89.0.774.54\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E619D90D-C5F3-40ED-8654-29CC2D7D08FC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{304858AA-A688-487C-A602-D1C56977B327}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{3C8259D2-1A91-44B8-8DFA-BBD1A4168051}] => (Allow) c:\program files (x86)\exitlag\exitlag.exe (SKOWSAND SERVICOS DE PROVEDORES E INTERNET LTDA -> )
FirewallRules: [{FE4ABDBA-043A-4FAD-9F87-06E0960521B1}] => (Allow) c:\program files (x86)\exitlag\exitlag.exe (SKOWSAND SERVICOS DE PROVEDORES E INTERNET LTDA -> )
==================== Restore Points =========================
28-02-2021 22:14:21 Scheduled Checkpoint
10-03-2021 22:27:10 Scheduled Checkpoint
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (03/17/2021 10:56:36 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Wow.exe version 3.3.5.12340 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 3344
Start Time: 01d71b3ea7e4e14c
Termination Time: 14
Application Path: C:\Users\Dohnovan\Desktop\World of Warcraft 3.3.5a (no install)\Wow.exe
Report Id: 517579c0-5d33-4065-a21f-536687a2f104
Faulting package full name:
Faulting package-relative application ID:
Hang type: Unknown
Error: (03/17/2021 08:22:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program GameBar.exe version 5.521.2012.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 17a8
Start Time: 01d71b37985c2a74
Termination Time: 4294967295
Application Path: C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.521.2012.0_x64__8wekyb3d8bbwe\GameBar.exe
Report Id: 3c724c15-e40e-4164-9683-9f155a7eff1a
Faulting package full name: Microsoft.XboxGamingOverlay_5.521.2012.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App
Hang type: Navigation
Error: (03/16/2021 03:56:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Wow.exe version 3.3.5.12340 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 243c
Start Time: 01d71aab5104b321
Termination Time: 10
Application Path: C:\Users\Dohnovan\Desktop\World of Warcraft 3.3.5a (no install)\Wow.exe
Report Id: 63b60fc6-6c72-4f02-a04b-398c8bb2a644
Faulting package full name:
Faulting package-relative application ID:
Hang type: Unknown
Error: (03/15/2021 11:26:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Wow.exe version 3.3.5.12340 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 2d9c
Start Time: 01d719c02926a01d
Termination Time: 9
Application Path: C:\Users\Dohnovan\Desktop\World of Warcraft 3.3.5a (no install)\Wow.exe
Report Id: 27dffeda-7556-4464-a889-0f4e8d5fd537
Faulting package full name:
Faulting package-relative application ID:
Hang type: Unknown
Error: (03/15/2021 09:32:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchApp.exe version 10.0.19041.844 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: bf8
Start Time: 01d719b034dacbc4
Termination Time: 4294967295
Application Path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Report Id: 2d269dc0-94c9-4cb2-9f6f-afc326825b03
Faulting package full name: Microsoft.Windows.Search_1.14.0.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
Hang type: Activation
Error: (03/15/2021 09:29:25 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Wow.exe version 3.3.5.12340 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 398c
Start Time: 01d719afbc55b003
Termination Time: 12
Application Path: C:\Users\Dohnovan\Desktop\World of Warcraft 3.3.5a (no install)\Wow.exe
Report Id: 49c4af0e-9d16-4b96-8a4c-a26b1454cd8b
Faulting package full name:
Faulting package-relative application ID:
Hang type: Unknown
Error: (03/15/2021 09:26:30 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Wow.exe version 3.3.5.12340 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 23bc
Start Time: 01d719abbb44fc0c
Termination Time: 48
Application Path: C:\Users\Dohnovan\Desktop\World of Warcraft 3.3.5a (no install)\Wow.exe
Report Id: 61f1a132-0c03-46e7-83e6-6dfe58c20a09
Faulting package full name:
Faulting package-relative application ID:
Hang type: Unknown
Error: (03/14/2021 11:55:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BlackDesert64.exe, version: 0.0.0.0, time stamp: 0x6049a1a4
Faulting module name: BlackDesert64.exe, version: 0.0.0.0, time stamp: 0x6049a1a4
Exception code: 0xc0000005
Fault offset: 0x00000000017ffb64
Faulting process id: 0x112c
Faulting application start time: 0x01d718f7b4a82dcf
Faulting application path: C:\Pearlabyss\BlackDesert\bin64\BlackDesert64.exe
Faulting module path: C:\Pearlabyss\BlackDesert\bin64\BlackDesert64.exe
Report Id: c02edaef-139e-42ad-9ee4-33c4c951e46f
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (03/16/2021 09:06:23 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Razer Synapse Service service.
Error: (03/16/2021 09:05:37 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-LBHF8BQ)
Description: The server {5F7F3F7B-1177-4D4B-B1DB-BC6F671B8F25} did not register with DCOM within the required timeout.
Error: (03/15/2021 08:13:39 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The NcbService service terminated with the following error:
A device attached to the system is not functioning.
Error: (03/15/2021 08:13:18 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:25:09 AM on 3/15/2021 was unexpected.
Error: (03/14/2021 06:03:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading
Error: (03/14/2021 06:03:26 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Dohnovan\AppData\Local\Temp\ehdrv.sys
Error: (03/14/2021 06:03:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading
Error: (03/14/2021 06:03:25 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Dohnovan\AppData\Local\Temp\ehdrv.sys
Windows Defender:
================
Date: 2021-03-17 15:48:55
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-03-14 10:46:12
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-03-13 21:15:08
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-03-12 09:18:35
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-03-10 12:49:53
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-03-06 08:27:05
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.331.2515.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17800.5
Error code: 0x8050a003
Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
Date: 2021-03-06 08:27:05
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.331.2515.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17800.5
Error code: 0x8050a003
Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
Date: 2021-03-06 08:27:05
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.331.2515.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17800.5
Error code: 0x8050a003
Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
Date: 2021-03-06 08:25:41
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.331.2350.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17800.5
Error code: 0x80070643
Error description: Fatal error during installation.
CodeIntegrity:
===============
Date: 2020-12-31 15:28:25
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender Antivirus Free\bdamsi\264983736925672704\antimalware_provider64.dll that did not meet the Microsoft signing level requirements.
Date: 2020-12-31 04:40:22
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender Antivirus Free\bdamsi\264983736925672704\antimalware_provider64.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. 1.51 05/02/2017
Motherboard: Micro-Star International Co., Ltd B350M BAZOOKA (MS-7A38)
Processor: AMD Ryzen 5 1400 Quad-Core Processor
Percentage of memory in use: 80%
Total physical RAM: 8144.69 MB
Available physical RAM: 1554.68 MB
Total Virtual: 17360.69 MB
Available Virtual: 5053.55 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:930.91 GB) (Free:122.08 GB) NTFS
\\?\Volume{34b487b2-1f24-455b-888b-88fe24145180}\ () (Fixed) (Total:0.49 GB) (Free:0.04 GB) NTFS
\\?\Volume{7c6e70a3-6b38-47db-a32a-880393128539}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1BA58450)
Partition: GPT.
==================== End of Addition.txt =======================
Sign In
Create Account
