Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Had a RAT, re installed windows 10 and cleaned the drive. Is it gone f

RAT windows10

  • Please log in to reply

#1
-Kyle-

-Kyle-

    New Member

  • Member
  • Pip
  • 9 posts

Title should say gone for good, not sure what happened there.

 

So yesterday I was sitting in my chair, just messing around on my ipad and phone, my pc had been idle for like 20 mins. out of the corner of my eye I saw my mouse begin to move with intent. it went to amazon and was attempting to go into my profile. I noticed it and cut the wifi before it went any further and shut it down.

I tried to do some scans but decided after looking into it I was better off grabbing my important files and wiping it all clean.

 

So I might be ok now, in theory, but I don't know that for a fact. I would like some peace of mind that no backdoors are still open.

 

I'll be the first to admit I don't have the best browsing habits when it comes to downloading from shady places. But I'm not even sure where I got this one. My best guess is that it happened when I was looking for a free alternative to the app "duet" that lets you remotely access your pc and/or use one as a second display.  I tried, I think 2 free programs that technically worked but wasn't happy with. I eventually would just pay the 10 dollars for duet, but I have a feeling it could have been one of the other two programs I tried. one was called spacedesk, and I don't remember what the other one was. I probably deleted it.

But I vaguely remember one reviewer attempting to warn others about a rat being attached  that I should've taken more seriously.

 

I have begun the process of changing passwords but it will take some time to finish as I have a lot. I dont know how long I've been watched like this.

 

But yeah, can someone tell me with any certainty that that its gone from my pc? I would think nothing could survive a full reinstall of windows and data wipe, but then again I did bring some files over so who knows.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-01-2022
Ran by kyler (administrator) on DESKTOP-5CGP19Q (Acer Predator G1-710) (15-01-2022 22:08:43)
Running from C:\Users\kyler\Downloads
Loaded Profiles: kyler
Platform: Microsoft Windows 10 Home Version 21H2 19044.1466 (X64) Language: English (United States)
Default browser: "C:\Program Files\Firefox Developer Edition\firefox.exe" -osint -url "%1"
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(©2020 Datacolor) [File not signed] C:\Program Files (x86)\Datacolor\SpyderXPro\Utility\SpyderUtility.exe
() [File not signed] C:\Program Files (x86)\ACER Predator M11SFL\PREDATOR RGB MECHANICAL GAMING KEYBOARD\HID.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\PredatorSense\PSSvc.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\PredatorSense\PSSysSvc.exe
(Acer Incorporated -> acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files (x86)\Samson\SoundDeck\SoundDeck.exe
(Andrea Electronics -> Andrea Electronics Corporation) C:\Windows\System32\AESMSr64.exe
(Code Sector -> ) C:\Program Files\TeraCopy\TeraCopyService.exe
(Discord Inc. -> Discord Inc.) C:\Users\kyler\AppData\Local\Discord\app-1.0.9003\Discord.exe <6>
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel® Software -> Intel® Corporation) C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Firefox Developer Edition\firefox.exe <22>
(Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_015fa42d67826549\Display.NvContainer\NVDisplay.Container.exe <2>
(Open Source Developer, Robin Krom -> Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Qualcomm Atheros -> Windows ® Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\Synapse3\UserProcess\Razer Synapse Service Process.exe
(Razer USA Ltd. -> Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
(Razer USA Ltd. -> The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Rivet Networks) [File not signed] C:\Program Files\Killer Networking\Network Manager\KillerService.exe
(Rivet Networks) [File not signed] C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe
(Safer-Networking Limited -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Limited -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Limited -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Stanislav Polshyn -> Stanislav Polshyn & Trend Micro Inc.) C:\Users\kyler\Downloads\HiJackThis_test\HiJackThis.exe
(Wacom Co., Ltd. -> ) C:\Program Files\Tablet\Wacom\Wacom_UpdateUtil.exe
(Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Wacom Technology Corp. -> Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(win.rar GmbH -> Alexander Roshal) C:\Program Files\WinRAR\WinRAR.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16697352 2016-08-25] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [323040 2015-11-17] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\MBCfg64.dll [41088 2014-02-21] (Creative Technology Ltd -> Creative Technology Ltd.)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [527792 2017-08-09] (Open Source Developer, Robin Krom -> Greenshot)
HKLM-x32\...\Run: [ione] => C:\Program Files (x86)\ACER Predator M11SFL\PREDATOR RGB MECHANICAL GAMING KEYBOARD\HID.exe [6165504 2016-02-26] () [File not signed]
HKLM-x32\...\Run: [Sound Blaster X-Fi MB5] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB5\Sound Blaster X-Fi MB5\SBXFIMB5.exe [871424 2015-09-10] (Creative Technology Ltd) [File not signed]
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) [File not signed]
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [82973864 2022-01-15] (Discord Inc. -> Discord Inc.)
HKLM-x32\...\Run: [SoundDeck] => C:\Program Files (x86)\Samson\SoundDeck\SoundDeck.exe [2969288 2015-10-16] (Andrea Electronics -> Andrea Electronics Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5204968 2021-11-16] (Safer-Networking Limited -> Safer-Networking Ltd.)
HKU\S-1-5-21-1166628886-3428355240-1532972468-1001\...\Run: [Discord] => C:\Users\kyler\AppData\Local\Discord\Update.exe [1512608 2021-09-21] (Discord Inc. -> GitHub)
HKU\S-1-5-21-1166628886-3428355240-1532972468-1001\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3524216 2021-12-09] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-5-21-1166628886-3428355240-1532972468-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35373696 2021-12-07] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\97.0.4692.71\Installer\chrmstp.exe [2022-01-15] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2017-01-10]
ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SpyderUtility.lnk [2022-01-15]
ShortcutTarget: SpyderUtility.lnk -> C:\Program Files (x86)\Datacolor\SpyderXPro\Utility\SpyderUtility.exe (©2020 Datacolor) [File not signed]
BootExecute: autocheck autochk * sdnclean64.exe

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {003F51E9-D157-4F2F-9411-AB203E4857DB} - \Microsoft\Windows\UpdateOrchestrator\Maintenance Install -> No File <==== ATTENTION
Task: {0E6680C4-65BD-4498-86A8-0291850EC248} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot -> No File <==== ATTENTION
Task: {194ECAF6-DF0B-46AB-82CB-CB0A4D985868} - \BacKGroundAgent -> No File <==== ATTENTION
Task: {25A6C02B-DBD6-422E-B49D-20D3A7A6D534} - \UbtFrameworkService -> No File <==== ATTENTION
Task: {25EE2F81-9D54-4E0F-B506-7F7A1384E774} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-01-15] (Google LLC -> Google LLC)
Task: {317107BF-13F6-48B4-AA5A-BA0B03A02F4B} - \Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate -> No File <==== ATTENTION
Task: {370A418B-9C04-435D-AF0E-F142FFD55843} - System32\Tasks\Mozilla\Firefox Developer Edition Default Browser Agent CA9422711AE1A81C => C:\Program Files\Firefox Developer Edition\default-browser-agent.exe do-task "CA9422711AE1A81C"
Task: {40C1CAFC-A6B9-4E20-A3DA-A56391018297} - System32\Tasks\Mozilla\Firefox Developer Edition Background Update CA9422711AE1A81C => C:\Program Files\Firefox Developer Edition\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\CA9422711AE1A81C\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {448BE024-BED7-4842-BAA3-2B5DA5074DB4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5629064 2021-11-23] (Safer-Networking Limited -> Safer-Networking Ltd.)
Task: {48A98229-5C8E-4DDD-8139-CF35F7262A95} - \Microsoft\Windows\Plug and Play\Plug and Play Cleanup -> No File <==== ATTENTION
Task: {540B16C4-CDB1-47A6-854B-40AA0211E6C3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-01-15] (Google LLC -> Google LLC)
Task: {5587F1DC-15D0-4331-A673-6EF75E5CD9C0} - \Microsoft\Windows\AppID\SmartScreenSpecific -> No File <==== ATTENTION
Task: {6B408D67-910D-455E-9995-2280423FD307} - System32\Tasks\AcerCMUpdateTask2.1.16258 => C:\Program Files (x86)\Acer\Amundsen\2.1.16258\AWC.exe [152880 2016-09-20] (Acer Incorporated -> )
Task: {71E53243-3A2D-47EE-9DAB-6D71B2366657} - \Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate -> No File <==== ATTENTION
Task: {7204A0E9-83CE-4F8B-A0A0-B131FB057CF9} - \Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask -> No File <==== ATTENTION
Task: {80A81454-5159-4B83-83A1-75D8425C70D6} - \FUBTrackingByPLD -> No File <==== ATTENTION
Task: {9567E270-199F-4972-89A3-D7F6816C5917} - \Microsoft\Windows\UpdateOrchestrator\Policy Install -> No File <==== ATTENTION
Task: {9D234FD7-F99A-4D5A-B99B-FE3EC9195F6B} - System32\Tasks\CCleanerSkipUAC - kyler => C:\Program Files\CCleaner\CCleaner.exe [29442688 2021-12-07] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {A64BA182-3038-43B5-995A-6E777A400893} - \Software Update Application -> No File <==== ATTENTION
Task: {B2342E59-72B1-41F2-9F73-5978C04930B9} - System32\Tasks\Opera scheduled Autoupdate 1642296634 => C:\Users\kyler\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {B86D0D12-6EBD-4DE3-B966-2CC8D36E719C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-12-07] (Piriform Software Ltd -> Piriform)
Task: {C349BB67-3672-4975-AE02-517BAD9318EE} - \Microsoft\Windows\WindowsUpdate\sih -> No File <==== ATTENTION
Task: {C53D54BC-1CF1-4819-8276-1694DADC49C1} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display -> No File <==== ATTENTION
Task: {F90EE3F6-D113-45AA-889F-249BCF5D0A87} - System32\Tasks\Oem\AcerJumpstartTask => C:\Program Files (x86)\Acer\Acer Jumpstart\hermes.exe [65064 2020-03-16] (Acer Incorporated -> Acer)
Task: {FA625267-66E0-464A-AE95-8754007E78AD} - \Microsoft\Windows\UpdateOrchestrator\Reboot -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{fb50ff60-da2e-4e7b-b251-7ceabed2dfc4}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge Profile: C:\Users\kyler\AppData\Local\Microsoft\Edge\User Data\Default [2022-01-15]

FireFox:
========
FF DefaultProfile: sl8t6aka.default
FF ProfilePath: C:\Users\kyler\AppData\Roaming\Mozilla\Firefox\Profiles\t2jmo5ja.dev-edition-default [2022-01-15]
FF Notifications: Mozilla\Firefox\Profiles\t2jmo5ja.dev-edition-default -> hxxps://www.ignboards.com; hxxps://www.rangerboard.com
FF Extension: (uBlock Origin) - C:\Users\kyler\AppData\Roaming\Mozilla\Firefox\Profiles\t2jmo5ja.dev-edition-default\Extensions\[email protected] [2022-01-15]
FF ProfilePath: C:\Users\kyler\AppData\Roaming\Mozilla\Firefox\Profiles\sl8t6aka.default [2022-01-15]
FF Extension: (Amazon Assistant for Firefox) - C:\Users\kyler\AppData\Roaming\Mozilla\Firefox\Profiles\sl8t6aka.default\Extensions\[email protected] [2022-01-15] [Legacy]
FF Extension: (English (US) Language Pack) - C:\Users\kyler\AppData\Roaming\Mozilla\Firefox\Profiles\sl8t6aka.default\Extensions\[email protected] [2022-01-15] [Legacy]
FF Extension: (Mozilla Partner Defaults) - C:\Users\kyler\AppData\Roaming\Mozilla\Firefox\Profiles\sl8t6aka.default\Extensions\[email protected] [2022-01-15] [Legacy]
FF Extension: (Amazon Assistant for Firefox) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\[email protected] [2022-01-15] [Legacy]
FF Extension: (English (US) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\[email protected] [2022-01-15] [Legacy]
FF Extension: (Mozilla Partner Defaults) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\[email protected] [2022-01-15] [Legacy]
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-25] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-25] (Intel® Identity Protection Technology Software -> Intel Corporation)
StartMenuInternet: Firefox-CA9422711AE1A81C - C:\Program Files\Firefox Developer Edition\firefox.exe

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESMFilters; C:\WINDOWS\system32\AESMSr64.exe [103112 2015-03-02] (Andrea Electronics -> Andrea Electronics Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2858336 2015-07-23] (Acer Incorporated -> Acer Incorporated)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [448000 2015-12-18] (Rivet Networks) [File not signed]
R2 PSSvc; C:\Program Files (x86)\Acer\PredatorSense\PSSvc.exe [544672 2016-03-17] (Acer Incorporated -> Acer Incorporated)
R2 PSSysSvc; C:\Program Files (x86)\Acer\PredatorSense\PSSysSvc.exe [522656 2016-03-17] (Acer Incorporated -> Acer Incorporated)
R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [254224 2021-11-15] (Razer USA Ltd. -> Razer Inc)
R2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [294520 2021-12-09] (Razer USA Ltd. -> Razer Inc.)
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [533824 2021-10-21] (Razer USA Ltd. -> Razer Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2782080 2021-11-16] (Safer-Networking Limited -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4605312 2021-11-16] (Safer-Networking Limited -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [940976 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182296 2021-06-22] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 TeraCopyService; C:\Program Files\TeraCopy\TeraCopyService.exe [112200 2021-03-22] (Code Sector -> )
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [291232 2016-02-01] (Acer Incorporated -> acer)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\NisSrv.exe [2876152 2022-01-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MsMpEng.exe [128360 2022-01-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_015fa42d67826549\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_015fa42d67826549\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R1 BfLwf; C:\WINDOWS\system32\DRIVERS\bwcW10x64.sys [143944 2015-12-11] (Rivet Networks LLC -> Rivet Networks, LLC.)
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus2.sys [159760 2021-06-22] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 duetbus; C:\WINDOWS\System32\DriverStore\FileRepository\duetbus.inf_amd64_66e44262fc0dd065\duetbus.sys [41736 2020-11-17] (Duet, Inc. -> Duet, Inc.)
R3 DuetWPDFilter; C:\WINDOWS\System32\drivers\DuetWPDFilter.sys [21992 2021-02-16] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 FTSER2K; C:\WINDOWS\system32\drivers\ftser2k.sys [79872 2014-09-09] (Microsoft Windows Hardware Compatibility Publisher -> FTDI Ltd.)
S3 HidGuardian; C:\WINDOWS\System32\drivers\HidGuardian.sys [37280 2018-07-25] (Microsoft Windows Hardware Compatibility Publisher -> Benjamin Höglinger-Stelzer)
R3 ITEflashIO; C:\Windows\system32\drivers\ITEflashIO.SYS [13856 2022-01-15] (ITE Tech. Inc. -> Windows ® Codename Longhorn DDK provider)
R3 R0RazerSynapseService; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.sys [14544 2022-01-15] (Noriyuki MIYAZAKI -> OpenLibSys.org)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [337920 2017-05-07] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
R3 RzCommon; C:\WINDOWS\System32\drivers\RzCommon.sys [54632 2021-03-30] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_006e; C:\WINDOWS\System32\drivers\RzDev_006e.sys [56152 2021-03-22] (Razer USA Ltd. -> Razer Inc)
S3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [42856 2018-07-25] (Open Source Developer, Benjamin Höglinger-Stelzer -> Nefarius Software Solutions)
S3 spacedeskKtmInputMouse; C:\WINDOWS\System32\drivers\spacedeskKtmInputMouse.sys [36800 2021-07-13] (Datronicsoft, Inc. -> )
S0 Spybot3ELAM; C:\WINDOWS\System32\drivers\Spybot3ELAM.sys [19904 2019-06-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Windows ® Win 7 DDK provider)
S3 ssudcdf; C:\WINDOWS\System32\drivers\ssudcdf.sys [36608 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [65048 2021-06-22] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated)
S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [43528 2021-06-22] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43536 2021-06-22] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 ViGEmBus; C:\WINDOWS\System32\drivers\ViGEmBus.sys [69168 2019-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Benjamin Höglinger-Stelzer)
S3 vjoy; C:\WINDOWS\System32\drivers\vjoy.sys [67448 2019-07-14] (On-site Dental Systems (Justin Shafer) -> Shaul Eizikovich)
S3 WacHidRouterPro; C:\WINDOWS\System32\drivers\wachidrouter.sys [131288 2021-11-19] (WDKTestCert dant_ppxe9ny,132779414088034662 -> Wacom Technology, Corp.)
S3 wacomrouterfilter; C:\WINDOWS\System32\drivers\wacomrouterfilter.sys [29368 2021-11-19] (WDKTestCert dant_ppxe9ny,132779414088034662 -> Wacom Technology, Corp.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2022-01-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [435432 2022-01-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86248 2022-01-15] (Microsoft Windows -> Microsoft Corporation)
S3 NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-01-15 22:08 - 2022-01-15 22:09 - 000024145 _____ C:\Users\kyler\Downloads\FRST.txt
2022-01-15 22:08 - 2022-01-15 22:08 - 000000000 ____D C:\FRST
2022-01-15 22:07 - 2022-01-15 22:07 - 002311680 _____ (Farbar) C:\Users\kyler\Downloads\FRST64.exe
2022-01-15 21:11 - 2022-01-15 21:11 - 000000000 ____D C:\WINDOWS\ABR
2022-01-15 21:07 - 2022-01-15 21:11 - 000000000 ____D C:\Users\kyler\Downloads\HiJackThis_test
2022-01-15 21:06 - 2022-01-15 21:06 - 002240614 _____ C:\Users\kyler\Downloads\HiJackThis_test.zip
2022-01-15 20:54 - 2022-01-15 20:54 - 000000000 ____D C:\WINDOWS\system32\Tasks\Safer-Networking
2022-01-15 20:45 - 2015-10-30 02:21 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20220115-204514.backup
2022-01-15 20:30 - 2022-01-15 20:56 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2022-01-15 20:30 - 2022-01-15 20:51 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2022-01-15 20:30 - 2022-01-15 20:31 - 000000000 ____D C:\Users\kyler\AppData\Roaming\Opera Software
2022-01-15 20:30 - 2022-01-15 20:31 - 000000000 ____D C:\Users\kyler\AppData\Local\Opera Software
2022-01-15 20:30 - 2022-01-15 20:30 - 000004210 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1642296634
2022-01-15 20:30 - 2022-01-15 20:30 - 000001468 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2022-01-15 20:30 - 2022-01-15 20:30 - 000001456 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2022-01-15 20:30 - 2022-01-15 20:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2022-01-15 20:30 - 2019-06-21 07:34 - 000019904 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\Spybot3ELAM.sys
2022-01-15 20:30 - 2018-02-06 18:04 - 000032168 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe
2022-01-15 20:27 - 2022-01-15 20:28 - 065427184 _____ (Safer-Networking Ltd. ) C:\Users\kyler\Downloads\spybotsd-2.9.82.0.exe
2022-01-15 20:22 - 2022-01-15 20:58 - 000000000 ____D C:\Program Files\CCleaner
2022-01-15 20:22 - 2022-01-15 20:22 - 036572352 _____ (Piriform Software Ltd) C:\Users\kyler\Downloads\ccsetup588.exe
2022-01-15 20:22 - 2022-01-15 20:22 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2022-01-15 20:22 - 2022-01-15 20:22 - 000002904 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - kyler
2022-01-15 20:22 - 2022-01-15 20:22 - 000000867 _____ C:\Users\Public\Desktop\CCleaner.lnk
2022-01-15 20:22 - 2022-01-15 20:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2022-01-15 19:44 - 2022-01-15 19:44 - 000000016 _____ C:\Users\kyler\AppData\Roaming\obs-virtualcam.txt
2022-01-15 19:12 - 2022-01-15 19:12 - 000002619 _____ C:\ProgramData\Microsoft\Windows\Start Menu\FUJIFILM X Webcam 2.lnk
2022-01-15 19:12 - 2022-01-15 19:12 - 000002613 _____ C:\Users\Public\Desktop\FUJIFILM X Webcam 2.lnk
2022-01-15 19:12 - 2022-01-15 19:12 - 000000000 ____D C:\Program Files\FUJIFILM X Webcam
2022-01-15 19:12 - 2022-01-15 19:12 - 000000000 ____D C:\Program Files (x86)\FUJIFILM X Webcam
2022-01-15 18:51 - 2022-01-15 19:55 - 000000000 ____D C:\Users\kyler\AppData\Roaming\obs-studio
2022-01-15 18:45 - 2022-01-15 18:45 - 000001056 _____ C:\Users\Public\Desktop\OBS Studio.lnk
2022-01-15 18:45 - 2022-01-15 18:45 - 000000000 ____D C:\ProgramData\obs-studio-hook
2022-01-15 18:45 - 2022-01-15 18:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2022-01-15 18:45 - 2022-01-15 18:45 - 000000000 ____D C:\Program Files\obs-studio
2022-01-15 18:44 - 2022-01-15 18:44 - 090640720 _____ (obsproject.com) C:\Users\kyler\Downloads\OBS-Studio-27.1.3-Full-Installer-x64.exe
2022-01-15 18:41 - 2022-01-15 18:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HandBrake
2022-01-15 18:41 - 2022-01-15 18:41 - 000000000 ____D C:\Program Files\HandBrake
2022-01-15 18:40 - 2022-01-15 18:40 - 000000000 ____D C:\ProgramData\FUJIFILM X Webcam
2022-01-15 18:39 - 2022-01-15 18:39 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2022-01-15 18:28 - 2022-01-15 18:28 - 004187128 _____ C:\Users\kyler\Downloads\XWebcamIns210.zip
2022-01-15 18:22 - 2022-01-15 20:24 - 000000000 ____D C:\Users\kyler\AppData\Local\CrashDumps
2022-01-15 18:22 - 2022-01-15 18:28 - 000000000 ____D C:\Users\kyler\Downloads\XWebcamIns210
2022-01-15 18:22 - 2022-01-15 18:22 - 000000000 ____D C:\Users\kyler\AppData\Roaming\WinRAR
2022-01-15 18:18 - 2022-01-15 20:56 - 000000000 ____D C:\Users\kyler\AppData\Roaming\WTablet
2022-01-15 18:18 - 2022-01-15 18:18 - 000000000 ____D C:\Users\kyler\.android
2022-01-15 18:16 - 2022-01-15 18:16 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
2022-01-15 18:16 - 2022-01-15 18:16 - 000000000 ____D C:\Program Files\Tablet
2022-01-15 18:16 - 2021-11-19 13:24 - 002544576 _____ (Wacom Co. Ltd.) C:\WINDOWS\system32\Wacom_Tablet.dll
2022-01-15 18:16 - 2021-11-19 13:24 - 002537408 _____ (Wacom Co. Ltd.) C:\WINDOWS\system32\Wacom_Touch_Tablet.dll
2022-01-15 18:16 - 2021-11-19 13:24 - 002386880 _____ (Wacom Co. Ltd.) C:\WINDOWS\system32\WacomMT.dll
2022-01-15 18:16 - 2021-11-19 13:24 - 002359744 _____ (Wacom Co. Ltd.) C:\WINDOWS\system32\Wintab32.dll
2022-01-15 18:16 - 2021-11-19 13:24 - 002086336 _____ (Wacom Co. Ltd.) C:\WINDOWS\SysWOW64\Wacom_Tablet.dll
2022-01-15 18:16 - 2021-11-19 13:24 - 002079168 _____ (Wacom Co. Ltd.) C:\WINDOWS\SysWOW64\Wacom_Touch_Tablet.dll
2022-01-15 18:16 - 2021-11-19 13:24 - 001925568 _____ (Wacom Co. Ltd.) C:\WINDOWS\SysWOW64\WacomMT.dll
2022-01-15 18:16 - 2021-11-19 13:24 - 001894848 _____ (Wacom Co. Ltd.) C:\WINDOWS\SysWOW64\Wintab32.dll
2022-01-15 18:15 - 2022-01-15 18:15 - 030909896 _____ (Wacom Technology, Corp.) C:\Users\kyler\Downloads\WacomTablet_6.3.45-1.exe
2022-01-15 17:14 - 2022-01-15 17:15 - 000000000 ____D C:\Users\kyler\AppData\Local\Datacolor
2022-01-15 17:14 - 2022-01-15 17:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Datacolor
2022-01-15 17:14 - 2004-03-29 16:23 - 000090112 _____ (MindVision Software) C:\WINDOWS\unvise32.exe
2022-01-15 17:13 - 2022-01-15 17:14 - 000000000 ____D C:\Program Files (x86)\Datacolor
2022-01-15 17:12 - 2022-01-15 17:12 - 143477824 _____ C:\Users\kyler\Downloads\SpyderXPro_5.6_Setup.exe
2022-01-15 16:35 - 2022-01-15 16:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samson
2022-01-15 16:35 - 2003-03-20 16:11 - 000073728 _____ C:\WINDOWS\SysWOW64\AEWave.ax
2022-01-15 16:34 - 2022-01-15 16:35 - 000000000 ____D C:\Program Files (x86)\Samson
2022-01-15 16:16 - 2022-01-15 16:16 - 000000000 ____D C:\Users\kyler\AppData\Local\CEF
2022-01-15 16:15 - 2022-01-15 20:23 - 000000000 ____D C:\temp
2022-01-15 16:15 - 2022-01-15 16:16 - 000000000 ____D C:\Users\kyler\AppData\Local\Razer
2022-01-15 16:15 - 2022-01-15 16:15 - 000000000 ____D C:\Users\kyler\AppData\Roaming\Synapse3
2022-01-15 16:15 - 2022-01-15 16:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2022-01-15 16:11 - 2022-01-15 16:11 - 006688016 _____ (Razer Inc.) C:\Users\kyler\Downloads\RazerSynapseInstaller_V1.1.193.237.exe
2022-01-15 14:58 - 2022-01-15 14:58 - 000000000 ____D C:\Users\kyler\AppData\Roaming\vlc
2022-01-15 14:31 - 2022-01-15 14:31 - 000425304 _____ (Secure By Design Inc.) C:\Users\kyler\Downloads\Ninite Blender Discord FastStone HandBrake NET 48 Installer(2).exe
2022-01-15 14:22 - 2022-01-15 14:22 - 000000000 ___HD C:\Users\kyler\AppData\Roaming\Obsidium x64
2022-01-15 14:22 - 2022-01-15 14:22 - 000000000 ___HD C:\Users\kyler\.obs64
2022-01-15 14:19 - 2022-01-15 14:19 - 000000000 ____D C:\Users\kyler\AppData\Roaming\Greenshot
2022-01-15 14:19 - 2022-01-15 14:19 - 000000000 ____D C:\Users\kyler\AppData\Local\Greenshot
2022-01-15 14:17 - 2022-01-15 14:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greenshot
2022-01-15 14:17 - 2022-01-15 14:17 - 000000000 ____D C:\Program Files\Greenshot
2022-01-15 14:16 - 2022-01-15 14:16 - 001783200 _____ (Greenshot ) C:\Users\kyler\Downloads\Greenshot-INSTALLER-1.2.10.6-RELEASE.exe
2022-01-15 14:15 - 2022-01-15 14:15 - 000425304 _____ (Secure By Design Inc.) C:\Users\kyler\Downloads\Ninite Blender Discord FastStone HandBrake NET 48 Installer(1).exe
2022-01-15 14:12 - 2022-01-15 16:36 - 000000000 ____D C:\Users\kyler\AppData\Local\Acer
2022-01-15 14:12 - 2022-01-15 14:12 - 000000000 ____D C:\Users\kyler\AppData\Local\AOP SDK
2022-01-15 14:11 - 2022-01-15 14:11 - 000000000 ____D C:\WINDOWS\oem
2022-01-15 14:11 - 2022-01-15 14:11 - 000000000 ____D C:\Users\kyler\AppData\Local\Google
2022-01-15 14:09 - 2022-01-10 18:54 - 000078544 _____ C:\WINDOWS\system32\FvSDK_x64.dll
2022-01-15 14:09 - 2022-01-10 18:54 - 000068296 _____ C:\WINDOWS\SysWOW64\FvSDK_x86.dll
2022-01-15 14:08 - 2022-01-15 14:09 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2022-01-15 14:07 - 2022-01-10 18:54 - 000039080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhdap64.dll
2022-01-15 14:05 - 2022-01-11 03:51 - 001879784 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2022-01-15 14:05 - 2022-01-11 03:51 - 001879784 _____ C:\WINDOWS\system32\vulkaninfo.exe
2022-01-15 14:05 - 2022-01-11 03:51 - 001466792 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2022-01-15 14:05 - 2022-01-11 03:51 - 001454824 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2022-01-15 14:05 - 2022-01-11 03:51 - 001454824 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2022-01-15 14:05 - 2022-01-11 03:51 - 001206384 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2022-01-15 14:05 - 2022-01-11 03:51 - 001115368 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2022-01-15 14:05 - 2022-01-11 03:51 - 001115368 _____ C:\WINDOWS\system32\vulkan-1.dll
2022-01-15 14:05 - 2022-01-11 03:51 - 000969448 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2022-01-15 14:05 - 2022-01-11 03:51 - 000969448 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2022-01-15 14:05 - 2022-01-11 03:49 - 000798168 _____ C:\WINDOWS\system32\nvofapi64.dll
2022-01-15 14:05 - 2022-01-11 03:48 - 001528440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2022-01-15 14:05 - 2022-01-11 03:48 - 001179096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2022-01-15 14:05 - 2022-01-11 03:48 - 000711848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2022-01-15 14:05 - 2022-01-11 03:48 - 000710824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2022-01-15 14:05 - 2022-01-11 03:48 - 000638936 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2022-01-15 14:05 - 2022-01-11 03:47 - 008609912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2022-01-15 14:05 - 2022-01-11 03:47 - 007713408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2022-01-15 14:05 - 2022-01-11 03:47 - 005098112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2022-01-15 14:05 - 2022-01-11 03:47 - 002935776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2022-01-15 14:05 - 2022-01-11 03:47 - 002120872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2022-01-15 14:05 - 2022-01-11 03:47 - 001602216 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2022-01-15 14:05 - 2022-01-11 03:47 - 000983208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2022-01-15 14:05 - 2022-01-11 03:47 - 000455800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2022-01-15 14:05 - 2022-01-11 03:46 - 005733504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2022-01-15 14:05 - 2022-01-11 03:45 - 000849016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2022-01-15 14:05 - 2022-01-11 03:44 - 006455824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2022-01-15 14:05 - 2022-01-10 18:54 - 000089178 _____ C:\WINDOWS\system32\nvinfo.pb
2022-01-15 14:02 - 2022-01-15 14:04 - 835852352 _____ (NVIDIA Corporation) C:\Users\kyler\Downloads\511.23-desktop-win10-win11-64bit-international-dch-whql.exe
2022-01-15 13:51 - 2022-01-15 13:51 - 000425304 _____ (Secure By Design Inc.) C:\Users\kyler\Downloads\Ninite Blender Discord FastStone HandBrake NET 48 Installer.exe
2022-01-15 13:51 - 2022-01-15 13:51 - 000000000 ____D C:\Program Files\dotnet
2022-01-15 13:51 - 2022-01-15 13:51 - 000000000 ____D C:\Program Files (x86)\dotnet
2022-01-15 13:46 - 2022-01-15 22:08 - 000000000 ____D C:\Users\kyler\AppData\Roaming\discord
2022-01-15 13:46 - 2022-01-15 21:57 - 000000000 ____D C:\Users\kyler\AppData\Local\Discord
2022-01-15 13:46 - 2022-01-15 13:46 - 000000000 ____D C:\Users\kyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2022-01-15 13:46 - 2022-01-15 13:46 - 000000000 ____D C:\Users\kyler\AppData\Local\SquirrelTemp
2022-01-15 13:46 - 2022-01-15 13:46 - 000000000 ____D C:\ProgramData\SquirrelMachineInstalls
2022-01-15 13:46 - 2022-01-15 13:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2022-01-15 13:46 - 2022-01-15 13:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\blender
2022-01-15 13:46 - 2022-01-15 13:46 - 000000000 ____D C:\Program Files\Blender Foundation
2022-01-15 13:45 - 2022-01-15 14:22 - 000000000 ____D C:\Users\kyler\AppData\Roaming\TeraCopy
2022-01-15 13:45 - 2022-01-15 13:45 - 000002251 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-01-15 13:45 - 2022-01-15 13:45 - 000001729 _____ C:\ProgramData\Microsoft\Windows\Start Menu\TeraCopy.lnk
2022-01-15 13:45 - 2022-01-15 13:45 - 000000869 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2022-01-15 13:45 - 2022-01-15 13:45 - 000000000 ____D C:\Users\kyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2022-01-15 13:45 - 2022-01-15 13:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2022-01-15 13:45 - 2022-01-15 13:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
2022-01-15 13:45 - 2022-01-15 13:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer
2022-01-15 13:45 - 2022-01-15 13:45 - 000000000 ____D C:\Program Files\WinRAR
2022-01-15 13:45 - 2022-01-15 13:45 - 000000000 ____D C:\Program Files\VideoLAN
2022-01-15 13:45 - 2022-01-15 13:45 - 000000000 ____D C:\Program Files\TeraCopy
2022-01-15 13:45 - 2022-01-15 13:45 - 000000000 ____D C:\Program Files\Audacity
2022-01-15 13:45 - 2022-01-15 13:45 - 000000000 ____D C:\Program Files (x86)\WinDirStat
2022-01-15 13:45 - 2022-01-15 13:45 - 000000000 ____D C:\Program Files (x86)\FastStone Image Viewer
2022-01-15 13:44 - 2022-01-15 21:55 - 000000000 ____D C:\Program Files (x86)\Google
2022-01-15 13:44 - 2022-01-15 13:50 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2022-01-15 13:44 - 2022-01-15 13:50 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2022-01-15 13:44 - 2022-01-15 13:44 - 000425304 _____ (Secure By Design Inc.) C:\Users\kyler\Downloads\Ninite Audacity Blender Chrome Discord FastStone Installer.exe
2022-01-15 13:44 - 2022-01-15 13:44 - 000000000 ____D C:\Program Files\Google
2022-01-15 13:27 - 2022-01-15 13:27 - 000000000 ____D C:\Users\kyler\AppData\Roaming\Acer Incorporated
2022-01-15 13:26 - 2022-01-15 21:02 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-01-15 13:26 - 2022-01-15 21:01 - 000000000 ____D C:\Users\kyler\AppData\LocalLow\Mozilla
2022-01-15 13:26 - 2022-01-15 13:26 - 000001079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Developer Edition.lnk
2022-01-15 13:26 - 2022-01-15 13:26 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-01-15 13:26 - 2022-01-15 13:26 - 000000000 ____D C:\Program Files\Firefox Developer Edition
2022-01-15 13:25 - 2022-01-15 13:25 - 000328176 _____ (Mozilla) C:\Users\kyler\Downloads\Firefox Installer.exe
2022-01-15 13:24 - 2022-01-15 14:11 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2022-01-15 13:13 - 2022-01-15 13:13 - 000000000 ____D C:\Users\kyler\AppData\Local\Mozilla
2022-01-15 13:12 - 2022-01-15 13:12 - 014233600 _____ C:\Users\kyler\Downloads\WindowsPCHealthCheckSetup.msi
2022-01-15 13:12 - 2022-01-15 13:12 - 000001353 _____ C:\Users\kyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2022-01-15 13:12 - 2022-01-15 13:12 - 000000000 ____D C:\Users\kyler\AppData\Local\PCHealthCheck
2022-01-15 12:58 - 2022-01-15 12:58 - 000000000 ___HD C:\$WinREAgent
2022-01-15 12:58 - 2022-01-15 12:58 - 000000000 ____D C:\Users\kyler\AppData\Local\Comms
2022-01-15 12:57 - 2022-01-15 12:57 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-01-15 12:55 - 2022-01-15 12:56 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-01-15 12:55 - 2022-01-15 12:55 - 000000000 ____H C:\Users\kyler\Documents\Default.rdp
2022-01-15 12:51 - 2022-01-15 12:51 - 000000000 ____D C:\Users\kyler\AppData\Roaming\Intel Corporation
2022-01-15 12:51 - 2022-01-15 12:51 - 000000000 ____D C:\Users\kyler\AppData\Local\NVIDIA Corporation
2022-01-15 12:50 - 2022-01-15 17:59 - 000000000 ____D C:\Users\kyler\AppData\Local\PlaceholderTileLogoFolder
2022-01-15 12:50 - 2022-01-15 16:16 - 000000000 ____D C:\Users\kyler\AppData\Local\NVIDIA
2022-01-15 12:50 - 2022-01-15 12:50 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1166628886-3428355240-1532972468-1001
2022-01-15 12:50 - 2022-01-15 12:50 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1166628886-3428355240-1532972468-1001
2022-01-15 12:50 - 2022-01-15 12:50 - 000000000 ___RD C:\Users\kyler\OneDrive
2022-01-15 12:49 - 2022-01-15 20:59 - 000000000 ____D C:\Users\kyler\AppData\Local\Packages
2022-01-15 12:49 - 2022-01-15 14:11 - 000000000 ____D C:\Users\kyler\AppData\Local\ConnectedDevicesPlatform
2022-01-15 12:49 - 2022-01-15 14:09 - 000000000 ____D C:\ProgramData\Packages
2022-01-15 12:49 - 2022-01-15 13:35 - 000000000 ____D C:\WINDOWS\system32\Tasks\Oem
2022-01-15 12:49 - 2022-01-15 12:51 - 000000000 ____D C:\Users\kyler\AppData\Local\D3DSCache
2022-01-15 12:49 - 2022-01-15 12:49 - 000004890 _____ C:\WINDOWS\system32\Tasks\AcerCMUpdateTask2.1.16258
2022-01-15 12:49 - 2022-01-15 12:49 - 000000000 ___RD C:\Users\kyler\3D Objects
2022-01-15 12:49 - 2022-01-15 12:49 - 000000000 ___HD C:\ProgramData\O949
2022-01-15 12:49 - 2022-01-15 12:49 - 000000000 ____D C:\Users\kyler\AppData\Roaming\Adobe
2022-01-15 12:49 - 2022-01-15 12:49 - 000000000 ____D C:\Users\kyler\AppData\Local\VirtualStore
2022-01-15 12:49 - 2022-01-15 12:49 - 000000000 ____D C:\Users\kyler\AppData\Local\Publishers
2022-01-15 12:49 - 2022-01-15 12:49 - 000000000 ____D C:\Users\kyler\AppData\Local\OEM
2022-01-15 12:49 - 2022-01-15 12:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Acer
2022-01-15 12:43 - 2022-01-15 18:18 - 000000000 ____D C:\Users\kyler
2022-01-15 12:43 - 2022-01-15 12:50 - 000002371 _____ C:\Users\kyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-01-15 12:43 - 2022-01-15 12:43 - 000000020 ___SH C:\Users\kyler\ntuser.ini
2022-01-15 09:33 - 2022-01-15 09:33 - 000022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2022-01-15 09:33 - 2022-01-15 09:33 - 000000000 _SHDL C:\Users\Default User
2022-01-15 09:33 - 2022-01-15 09:33 - 000000000 _SHDL C:\Users\All Users
2022-01-15 09:33 - 2022-01-15 09:33 - 000000000 _SHDL C:\Documents and Settings
2022-01-15 09:26 - 2022-01-15 09:26 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2022-01-15 09:24 - 2022-01-15 20:56 - 000008192 ___SH C:\DumpStack.log.tmp
2022-01-15 09:24 - 2022-01-15 20:56 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-01-15 09:24 - 2022-01-15 20:56 - 000000000 ____D C:\ProgramData\NVIDIA
2022-01-15 09:24 - 2022-01-15 16:16 - 000000000 ____D C:\ProgramData\Razer
2022-01-15 09:24 - 2022-01-15 15:31 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-01-15 09:24 - 2022-01-15 14:07 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2022-01-15 09:24 - 2022-01-15 13:28 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-01-15 09:24 - 2022-01-15 12:40 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-01-15 09:24 - 2022-01-15 12:39 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-01-15 09:24 - 2022-01-15 12:39 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-01-15 09:24 - 2022-01-15 09:24 - 000258688 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-01-15 09:24 - 2022-01-15 09:24 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2022-01-15 09:24 - 2022-01-15 09:24 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2022-01-15 09:24 - 2022-01-15 09:24 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2022-01-15 09:24 - 2022-01-15 09:24 - 000000000 ____D C:\WINDOWS\system32\lxss
2022-01-15 09:24 - 2022-01-15 09:24 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2022-01-15 09:24 - 2022-01-15 09:24 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2022-01-15 09:24 - 2022-01-15 09:24 - 000000000 ____D C:\Program Files\Realtek
2022-01-15 09:21 - 2022-01-15 09:21 - 000000112 ___SH C:\bootTel.dat
2022-01-15 07:29 - 2022-01-15 20:24 - 000000000 ____D C:\WINDOWS\Panther
2022-01-15 07:29 - 2022-01-15 12:56 - 000000000 ___HD C:\OEM
2022-01-15 07:26 - 2022-01-15 09:34 - 000000000 ____D C:\Windows.old
2022-01-15 07:25 - 2022-01-15 16:14 - 000000000 ____D C:\Program Files (x86)\Razer
2022-01-15 07:25 - 2022-01-15 07:25 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2022-01-15 07:25 - 2022-01-15 07:25 - 000000000 ____D C:\WINDOWS\system32\Samsung
2022-01-15 07:24 - 2022-01-15 09:34 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2022-01-15 07:24 - 2022-01-15 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2022-01-15 07:24 - 2022-01-15 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2022-01-15 07:24 - 2022-01-15 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2022-01-15 07:24 - 2022-01-15 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2022-01-15 07:24 - 2022-01-15 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2022-01-15 07:24 - 2022-01-15 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2022-01-15 07:24 - 2022-01-15 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2022-01-15 07:24 - 2022-01-15 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
2022-01-15 07:24 - 2022-01-15 07:24 - 000000000 ____D C:\WINDOWS\system32\winrm
2022-01-15 07:24 - 2022-01-15 07:24 - 000000000 ____D C:\WINDOWS\system32\WCN
2022-01-15 07:24 - 2022-01-15 07:24 - 000000000 ____D C:\WINDOWS\system32\slmgr
2022-01-15 07:24 - 2022-01-15 07:24 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2022-01-15 07:24 - 2022-01-15 07:24 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2022-01-15 07:24 - 2022-01-15 07:24 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2022-01-15 07:24 - 2022-01-15 07:24 - 000000000 ____D C:\WINDOWS\system32\0409
2022-01-15 07:24 - 2022-01-15 07:24 - 000000000 ____D C:\WINDOWS\Setup
2022-01-15 07:24 - 2022-01-15 07:24 - 000000000 ____D C:\WINDOWS\OCR
2022-01-15 07:24 - 2022-01-15 07:24 - 000000000 ____D C:\WINDOWS\DigitalLocker
2022-01-15 07:24 - 2022-01-15 07:24 - 000000000 ____D C:\WINDOWS\addins
2022-01-15 07:24 - 2022-01-15 07:24 - 000000000 ____D C:\ProgramData\ssh
2022-01-15 07:24 - 2022-01-15 07:24 - 000000000 ____D C:\Program Files\Reference Assemblies
2022-01-15 07:24 - 2022-01-15 07:24 - 000000000 ____D C:\Program Files\MSBuild
2022-01-15 07:24 - 2022-01-15 07:24 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2022-01-15 07:24 - 2022-01-15 07:24 - 000000000 ____D C:\Program Files (x86)\MSBuild
2022-01-15 07:22 - 2022-01-15 21:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-01-15 07:22 - 2022-01-15 21:03 - 000000000 ____D C:\WINDOWS\INF
2022-01-15 07:22 - 2022-01-15 21:00 - 000000000 ___RD C:\Program Files (x86)
2022-01-15 07:22 - 2022-01-15 20:59 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-01-15 07:22 - 2022-01-15 14:09 - 000000000 ___HD C:\Program Files\WindowsApps
2022-01-15 07:22 - 2022-01-15 14:07 - 000000000 ____D C:\WINDOWS\Help
2022-01-15 07:22 - 2022-01-15 13:28 - 000000000 ____D C:\Program Files\Windows Defender
2022-01-15 07:22 - 2022-01-15 13:05 - 000000000 ___RD C:\WINDOWS\PrintDialog
2022-01-15 07:22 - 2022-01-15 13:05 - 000000000 ____D C:\WINDOWS\ServiceState
2022-01-15 07:22 - 2022-01-15 12:49 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-01-15 07:22 - 2022-01-15 09:35 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2022-01-15 07:22 - 2022-01-15 09:34 - 000000000 ____D C:\WINDOWS\Registration
2022-01-15 07:22 - 2022-01-15 09:33 - 000000000 __RHD C:\Users\Public\Libraries
2022-01-15 07:22 - 2022-01-15 09:29 - 000000000 ____D C:\WINDOWS\system32\spool
2022-01-15 07:22 - 2022-01-15 09:29 - 000000000 ____D C:\WINDOWS\Resources
2022-01-15 07:22 - 2022-01-15 09:27 - 000000000 ____D C:\ProgramData\USOPrivate
2022-01-15 07:22 - 2022-01-15 09:24 - 000000000 ____D C:\WINDOWS\system32\config\TxR
2022-01-15 07:22 - 2022-01-15 09:24 - 000000000 ____D C:\WINDOWS\appcompat
2022-01-15 07:22 - 2022-01-15 07:29 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-01-15 07:22 - 2022-01-15 07:27 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2022-01-15 07:22 - 2022-01-15 07:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2022-01-15 07:22 - 2022-01-15 07:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2022-01-15 07:22 - 2022-01-15 07:24 - 000000000 ___SD C:\WINDOWS\system32\F12
2022-01-15 07:22 - 2022-01-15 07:24 - 000000000 ___SD C:\WINDOWS\system32\dsc
2022-01-15 07:22 - 2022-01-15 07:24 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2022-01-15 07:22 - 2022-01-15 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2022-01-15 07:22 - 2022-01-15 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2022-01-15 07:22 - 2022-01-15 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2022-01-15 07:22 - 2022-01-15 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-01-15 07:22 - 2022-01-15 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2022-01-15 07:22 - 2022-01-15 07:24 - 000000000 ____D C:\WINDOWS\SystemResources
2022-01-15 07:22 - 2022-01-15 07:24 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2022-01-15 07:22 - 2022-01-15 07:24 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2022-01-15 07:22 - 2022-01-15 07:24 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2022-01-15 07:22 - 2022-01-15 07:24 - 000000000 ____D C:\WINDOWS\system32\setup
2022-01-15 07:22 - 2022-01-15 07:24 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2022-01-15 07:22 - 2022-01-15 07:24 - 000000000 ____D C:\WINDOWS\system32\MUI
2022-01-15 07:22 - 2022-01-15 07:24 - 000000000 ____D C:\WINDOWS\system32\migwiz
2022-01-15 07:22 - 2022-01-15 07:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-01-15 07:22 - 2022-01-15 07:24 - 000000000 ____D C:\WINDOWS\system32\Com
2022-01-15 07:22 - 2022-01-15 07:24 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-01-15 07:22 - 2022-01-15 07:24 - 000000000 ____D C:\WINDOWS\IME
2022-01-15 07:22 - 2022-01-15 07:24 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2022-01-15 07:22 - 2022-01-15 07:24 - 000000000 ____D C:\Program Files\Windows NT
2022-01-15 07:22 - 2022-01-15 07:24 - 000000000 ____D C:\Program Files\Common Files\System
2022-01-15 07:22 - 2022-01-15 07:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2022-01-15 07:22 - 2022-01-15 07:24 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2022-01-15 07:22 - 2022-01-15 07:24 - 000000000 ____D C:\Program Files (x86)\Windows NT
2022-01-15 07:22 - 2022-01-15 07:24 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 __SHD C:\Program Files\Windows Sidebar
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 __RSD C:\WINDOWS\Media
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ___SD C:\WINDOWS\system32\UNP
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ___SD C:\WINDOWS\system32\Nui
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ___SD C:\WINDOWS\system32\Configuration
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ___HD C:\WINDOWS\LanguageOverlayCache
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\Web
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\WaaS
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\Vss
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\tracing
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\TAPI
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\SystemTemp
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\SystemApps
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\system32\winevt
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\system32\ti-et
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\system32\ta-lk
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\system32\ta-in
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\system32\si-lk
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\system32\ras
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\system32\PointOfService
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\system32\osa-Osge-001
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\system32\my-mm
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\system32\Macromed
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\system32\Keywords
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\system32\Ipmi
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\system32\IME
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\system32\icsxml
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\system32\ias
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\system32\Hydrogen
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\system32\ff-Adlm-SN
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\system32\DriverState
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\system32\downlevel
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\system32\DDFs
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\system32\ContainerSettingsProviders
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\system32\config\Journal
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\system32\appraiser
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\system32\am-et
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\System
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\SKB
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\ShellComponents
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\security
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\schemas
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\SchCache
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\rescache
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\Provisioning
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\PLA
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\Performance
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\ModemLogs
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\L2Schemas
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\InputMethod
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\IdentityCRL
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\Globalization
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\DiagTrack
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\Cursors
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\Containers
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\Branding
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\ProgramData\WindowsHolographicDevices
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\ProgramData\USOShared
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\Program Files\Windows Security
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\Program Files\Windows Portable Devices
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\Program Files\ModifiableWindowsApps
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\Program Files\Common Files\Services
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2022-01-15 07:22 - 2022-01-15 07:22 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2022-01-15 07:22 - 2022-01-15 07:21 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2022-01-15 07:22 - 2022-01-15 07:21 - 000215943 _____ C:\WINDOWS\system32\dssec.dat
2022-01-15 07:22 - 2022-01-15 07:21 - 000020908 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2022-01-15 07:22 - 2022-01-15 07:21 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2022-01-15 07:22 - 2022-01-15 07:21 - 000003103 _____ C:\WINDOWS\SysWOW64\mmc.exe.config
2022-01-15 07:22 - 2022-01-15 07:21 - 000003103 _____ C:\WINDOWS\system32\mmc.exe.config
2022-01-15 07:22 - 2022-01-15 07:21 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2022-01-15 07:22 - 2022-01-15 07:21 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2022-01-15 07:22 - 2022-01-15 07:21 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT
2022-01-15 07:19 - 2022-01-15 20:55 - 088866816 _____ C:\WINDOWS\system32\config\SOFTWARE
2022-01-15 07:19 - 2022-01-15 20:55 - 019136512 _____ C:\WINDOWS\system32\config\SYSTEM
2022-01-15 07:19 - 2022-01-15 20:55 - 005242880 _____ C:\WINDOWS\system32\config\DEFAULT
2022-01-15 07:19 - 2022-01-15 20:55 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-01-15 07:19 - 2022-01-15 20:55 - 000131072 _____ C:\WINDOWS\system32\config\SAM
2022-01-15 07:19 - 2022-01-15 20:55 - 000032768 _____ C:\WINDOWS\system32\config\SECURITY
2022-01-15 07:19 - 2022-01-15 13:04 - 000000000 ____D C:\WINDOWS\servicing
2022-01-15 07:19 - 2022-01-15 13:04 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-01-15 07:19 - 2022-01-15 12:57 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2022-01-15 07:19 - 2022-01-15 07:22 - 000000000 ____D C:\WINDOWS\system32\SMI
2022-01-15 04:14 - 2022-01-15 07:29 - 000000000 ___HD C:\$SysReset
2022-01-14 22:59 - 2018-07-17 13:41 - 000000000 ____D C:\Users\kyler\AppData\Roaming\Mozilla
2022-01-13 18:35 - 2022-01-13 18:35 - 000523776 ____N (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-01-13 18:35 - 2022-01-13 18:35 - 000464384 ____N (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-01-13 18:35 - 2022-01-13 18:35 - 000011797 ____N C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-12-16 22:02 - 2021-12-16 22:02 - 000223744 ____N C:\WINDOWS\SysWOW64\TpmTool.exe
2021-12-16 22:01 - 2021-12-16 22:01 - 000272384 ____N C:\WINDOWS\system32\TpmTool.exe
2021-12-16 22:01 - 2021-12-16 22:01 - 000162816 ____N C:\WINDOWS\system32\DataStoreCacheDumpTool.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-01-15 21:03 - 2016-06-14 00:24 - 000842414 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-01-15 20:56 - 2017-01-10 10:37 - 000013856 _____ (Windows ® Codename Longhorn DDK provider) C:\WINDOWS\SysWOW64\Drivers\ITEflashIO.SYS
2022-01-15 20:56 - 2017-01-10 10:37 - 000013856 _____ (Windows ® Codename Longhorn DDK provider) C:\WINDOWS\system32\Drivers\ITEflashIO.SYS
2022-01-15 18:45 - 2016-06-14 00:20 - 000000000 ____D C:\ProgramData\Package Cache
2022-01-15 16:35 - 2017-01-10 10:24 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2022-01-15 15:39 - 2017-01-10 10:24 - 000000000 ____D C:\ProgramData\Killer
2022-01-15 14:13 - 2016-06-14 00:20 - 000000000 ____D C:\ProgramData\Acer
2022-01-15 14:13 - 2016-06-14 00:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2022-01-15 14:13 - 2016-06-14 00:19 - 000000000 ____D C:\Program Files (x86)\Acer
2022-01-15 14:12 - 2016-06-14 00:20 - 000000000 ____D C:\ProgramData\OEM
2022-01-15 14:11 - 2016-06-14 00:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-01-15 14:09 - 2017-01-10 10:27 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2022-01-15 14:07 - 2017-01-10 10:28 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2022-01-15 13:35 - 2016-06-14 00:20 - 000000000 ____D C:\Program Files\Acer
2022-01-15 12:57 - 2017-01-10 10:36 - 000000000 ____D C:\Users\Public\CyberLink
2022-01-15 12:57 - 2017-01-10 10:36 - 000000000 ____D C:\ProgramData\CyberLink
2022-01-15 12:50 - 2016-02-13 08:20 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-01-15 09:33 - 2017-01-10 10:20 - 000840598 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2022-01-15 09:33 - 2015-10-30 02:24 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2022-01-15 09:29 - 2017-01-10 09:52 - 000000000 ____D C:\WINDOWS\NAPP_Dism_Log
2022-01-15 09:29 - 2015-10-30 02:24 - 000000000 ___RD C:\WINDOWS\PurchaseDialog
2022-01-15 09:29 - 2015-10-30 02:24 - 000000000 ___RD C:\WINDOWS\DesktopTileResources
2022-01-15 09:27 - 2017-01-10 10:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warships
2022-01-15 09:27 - 2017-01-10 10:36 - 000000000 ____D C:\ProgramData\Temp
2022-01-15 09:27 - 2017-01-10 10:36 - 000000000 ____D C:\ProgramData\install_clap
2022-01-15 09:27 - 2017-01-10 10:36 - 000000000 ____D C:\ProgramData\CLSK
2022-01-15 09:27 - 2017-01-10 10:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PREDATOR RGB MECHANICAL GAMING KEYBOARD
2022-01-15 09:27 - 2017-01-10 10:34 - 000000000 ____D C:\Program Files (x86)\ACER Predator M11SFL
2022-01-15 09:27 - 2017-01-10 10:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2022-01-15 09:27 - 2017-01-10 10:31 - 000000000 ____D C:\ProgramData\Creative
2022-01-15 09:27 - 2017-01-10 10:31 - 000000000 ____D C:\Program Files (x86)\Creative
2022-01-15 09:27 - 2017-01-10 10:30 - 000000000 ____D C:\Program Files (x86)\Intel
2022-01-15 09:27 - 2017-01-10 10:29 - 000000000 ____D C:\Program Files (x86)\Realtek
2022-01-15 09:27 - 2017-01-10 10:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Killer Networking
2022-01-15 09:27 - 2017-01-10 10:24 - 000000000 ____D C:\ProgramData\Downloaded Installations
2022-01-15 09:27 - 2017-01-10 10:22 - 000000000 ____D C:\ProgramData\DriverSetupUtility
2022-01-15 09:27 - 2017-01-10 10:21 - 000000000 ____D C:\Program Files (x86)\Bluetooth Suite
2022-01-15 09:27 - 2017-01-10 10:20 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2022-01-15 09:27 - 2017-01-10 10:20 - 000000000 ____D C:\ProgramData\Intel
2022-01-15 09:27 - 2016-02-13 08:20 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2022-01-15 09:26 - 2017-01-10 10:37 - 000000000 ___HD C:\Intel
2022-01-15 09:26 - 2017-01-10 10:24 - 000000000 ____D C:\Program Files\Killer Networking
2022-01-15 09:26 - 2017-01-10 10:22 - 000000000 ____D C:\Program Files\DriverSetupUtility
2022-01-15 09:26 - 2017-01-10 10:21 - 000000000 ____D C:\Program Files\Common Files\QCA_Bluetooth
2022-01-15 09:26 - 2017-01-10 10:20 - 000000000 ____D C:\Program Files\Intel
2022-01-15 09:26 - 2016-02-13 08:03 - 000000000 ____D C:\Program Files\Windows Journal
2022-01-15 07:21 - 2020-09-15 00:44 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2022-01-11 03:47 - 2021-11-17 13:34 - 000793768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2022-01-11 03:44 - 2021-11-17 13:34 - 007609160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2022-01-10 18:54 - 2021-11-17 13:35 - 000118952 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys

==================== Files in the root of some directories ========

2022-01-15 19:44 - 2022-01-15 19:44 - 000000016 _____ () C:\Users\kyler\AppData\Roaming\obs-virtualcam.txt

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2022
Ran by kyler (15-01-2022 22:09:44)
Running from C:\Users\kyler\Downloads
Microsoft Windows 10 Home Version 21H2 19044.1466 (X64) (2022-01-15 14:34:22)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1166628886-3428355240-1532972468-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1166628886-3428355240-1532972468-503 - Limited - Disabled)
Guest (S-1-5-21-1166628886-3428355240-1532972468-501 - Limited - Disabled)
kyler (S-1-5-21-1166628886-3428355240-1532972468-1001 - Administrator - Enabled) => C:\Users\kyler
WDAGUtilityAccount (S-1-5-21-1166628886-3428355240-1532972468-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Spybot - Search and Destroy (Enabled - Up to date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Configuration Manager (HKLM-x32\...\{414D554E-4453-454E-0201-000000016258}) (Version: 2.1.16258 - Acer)
Acer Jumpstart (HKLM-x32\...\{E3930B59-5669-4BAB-A329-D56C1427C613}) (Version: 3.3.19180.100 - Acer)
Acer UEIP Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 3.01.3001 - Acer Incorporated)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.09.2004.0 - Acer Incorporated)
Audacity 3.1.3 (HKLM\...\Audacity_is1) (Version: 3.1.3 - Audacity Team)
blender (HKLM\...\{8E411BEA-E05E-4E73-B9D3-A89A3084D67D}) (Version: 3.0.0 - Blender Foundation)
CCleaner (HKLM\...\CCleaner) (Version: 5.88 - Piriform)
Discord (HKU\S-1-5-21-1166628886-3428355240-1532972468-1001\...\Discord) (Version: 1.0.9003 - Discord Inc.)
DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3013 - Acer Incorporated)
FastStone Image Viewer 7.5 (HKLM-x32\...\FastStone Image Viewer) (Version: 7.5 - FastStone Soft)
Firefox Developer Edition (x64 en-US) (HKLM\...\Firefox Developer Edition 97.0 (x64 en-US)) (Version: 97.0 - Mozilla)
FUJIFILM X Webcam 2.1 (HKLM\...\{98A8A9A8-D2D7-4440-8875-930E2EA8AFB2}) (Version: 2.1.0 - FUJIFILM)
Google Chrome (HKLM\...\{8093212B-7D0A-353D-8E41-3094713E73C5}) (Version: 97.0.4692.71 - Google LLC)
Greenshot 1.2.10.6 (HKLM\...\Greenshot_is1) (Version: 1.2.10.6 - Greenshot)
HandBrake 1.5.1 (HKLM-x32\...\HandBrake) (Version: 1.5.1 - )
Intel® Chipset Device Software (HKLM-x32\...\{fb610cea-ba50-4d4b-a717-cf025419035c}) (Version: 10.1.1.13 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1173 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.1.1043 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.63.1519.7 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Killer Bandwidth Control Filter Driver (HKLM\...\{298948A2-8A4F-403F-9254-67A742EEAEDD}) (Version: 1.1.57.1111 - Rivet Networks) Hidden
Killer E240x Drivers (HKLM\...\{8917DE50-5B49-4E6C-A260-154F9AAA4B44}) (Version: 1.1.57.1111 - Rivet Networks) Hidden
Killer Network Manager (HKLM\...\{BA7A5E7D-044A-4B15-8A27-5E706B8AD44C}) (Version: 1.1.57.1111 - Rivet Networks) Hidden
Killer Network Manager Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.57.1111 - Rivet Networks)
Killer Wireless Drivers (HKLM-x32\...\{2C123D48-77CE-4870-92F2-759DCBF5E404}) (Version: 1.1.57.1110 - Rivet Networks)
Killer Wireless-AC 1535 Drivers (HKLM\...\{3E828805-C8B2-41DA-89A1-89E2FE84388A}) (Version: 1.1.57.1110 - Rivet Networks) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 97.0.1072.62 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1166628886-3428355240-1532972468-1001\...\OneDriveSetup.exe) (Version: 21.220.1024.0005 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E876418F-BE59-4D8C-B9A5-74B056B676FA}) (Version: 2.93.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29325 (HKLM-x32\...\{33628a12-6787-4b9f-95a1-92449f69fae0}) (Version: 14.28.29325.2 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29914 (HKLM-x32\...\{1b5476d9-ab8e-4b0d-b004-059a1bd5568b}) (Version: 14.28.29914.0 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.13 (x64) (HKLM-x32\...\{e2d1ae32-dd1d-4ad7-a298-10e42e7840fc}) (Version: 5.0.13.30717 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.13 (x86) (HKLM-x32\...\{90d6e4fa-5611-4c73-a0ab-58daa849d84a}) (Version: 5.0.13.30717 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 6.0.1 (x64) (HKLM-x32\...\{7037b699-7382-448c-89a7-4765961d2537}) (Version: 6.0.1.30718 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 6.0.1 (x86) (HKLM-x32\...\{511cc7ac-6403-4689-8539-1cd87542e172}) (Version: 6.0.1.30718 - Microsoft Corporation)
Mozilla Firefox 47.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.2 (x86 en-US)) (Version: 47.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 97.0 - Mozilla)
NVIDIA FrameView SDK 1.2.4999.30397803 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.2.4999.30397803 - NVIDIA Corporation)
NVIDIA Graphics Driver 511.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 511.23 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.39.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.39.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 27.1.3 - OBS Project)
PREDATOR RGB MECHANICAL GAMING KEYBOARD (HKLM-x32\...\{06C123DC-D0B6-4EB7-9F7B-EAF0C0212979}}_is1) (Version: 0.1.0 - )
PredatorSense (HKLM-x32\...\{0B205756-4A11-4E9D-93A3-70D973B08A83}) (Version: 1.00.3004 - Acer Incorporated)
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.191 - Qualcomm Atheros)
Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.6.1215.121004 - Razer Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.29092 - Realtek Semiconduct Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7917 - Realtek Semiconductor Corp.)
Samson Sound Deck (HKLM-x32\...\{ABEAC23D-3C40-4D5D-8018-82C255B941F0}) (Version:  - Samson)
Samson USB Audio Professional (HKLM-x32\...\{74E1767C-6DA4-448C-ABE9-FA8D2A740048}) (Version:  - Samson)
Sound Blaster X-Fi MB5 (HKLM-x32\...\{918A4598-866C-4B8F-8901-13F8593EBED6}) (Version: 1.00.14 - Creative Technology Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.9.82.0 - Safer-Networking Ltd.)
SpyderXPro (HKLM-x32\...\SpyderXPro) (Version:  - )
TeraCopy version 3.8.2 (HKLM\...\TeraCopy_is1) (Version: 3.8.2 - Code Sector)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.45-1 - Wacom Technology Corp.)
WinDirStat 1.1.2 (HKU\S-1-5-21-1166628886-3428355240-1532972468-1001\...\WinDirStat) (Version:  - )
Windows PC Health Check (HKLM\...\{014B7442-C784-45D3-A152-F7D2C651F28A}) (Version: 3.3.2110.22002 - Microsoft Corporation)
WinRAR 6.02 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.02.0 - win.rar GmbH)

Packages:
=========
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2022-01-15] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2022-01-15] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe [2022-01-15] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2022-01-15] (NVIDIA Corp.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers1: [TeraCopy] -> {2386CB87-96FF-473D-A009-957E3BFE6F88} => C:\Program Files\TeraCopy\Context.dll [2021-03-22] (Code Sector -> Code Sector)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers2: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers2: [TeraCopy] -> {2386CB87-96FF-473D-A009-957E3BFE6F88} => C:\Program Files\TeraCopy\Context.dll [2021-03-22] (Code Sector -> Code Sector)
ContextMenuHandlers3: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers3: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers4: [TeraCopy] -> {2386CB87-96FF-473D-A009-957E3BFE6F88} => C:\Program Files\TeraCopy\Context.dll [2021-03-22] (Code Sector -> Code Sector)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_015fa42d67826549\nvshext.dll [2022-01-11] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers6: [TeraCopy] -> {2386CB87-96FF-473D-A009-957E3BFE6F88} => C:\Program Files\TeraCopy\Context.dll [2021-03-22] (Code Sector -> Code Sector)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\kyler\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox Developer Edition.lnk -> C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Developer Edition.lnk -> C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation)

==================== Loaded Modules (Whitelisted) =============

2017-01-10 10:34 - 2013-01-16 12:06 - 000061952 _____ () [File not signed] C:\Program Files (x86)\ACER Predator M11SFL\PREDATOR RGB MECHANICAL GAMING KEYBOARD\HidDevice.dll
2019-11-18 15:54 - 2020-04-03 17:15 - 000435712 _____ () [File not signed] C:\Program Files (x86)\Datacolor\SpyderXPro\Utility\SpyderUtility Libs\CGamma.dll
2019-11-18 15:54 - 2020-04-03 17:15 - 000196096 _____ () [File not signed] C:\Program Files (x86)\Datacolor\SpyderXPro\Utility\SpyderUtility Libs\CSensor.dll
2017-01-10 10:31 - 2015-07-31 20:33 - 000366080 _____ () [File not signed] C:\Windows\SYSTEM32\APOMgr64.DLL
2017-01-10 10:31 - 2015-07-31 20:34 - 000089600 _____ () [File not signed] C:\Windows\SYSTEM32\CmdRtr64.DLL
2019-11-18 15:54 - 2020-01-23 17:08 - 000054272 _____ (Datacolor) [File not signed] C:\Program Files (x86)\Datacolor\SpyderXPro\Utility\dccmtr.dll
2022-01-15 20:30 - 2021-06-19 01:55 - 001079909 _____ (SQLite Development Team) [File not signed] C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2022-01-15 20:30 - 2018-11-22 16:48 - 001374208 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Spybot - Search & Destroy 2\libeay32.dll
2022-01-15 20:30 - 2018-11-22 16:48 - 000337920 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Spybot - Search & Destroy 2\ssleay32.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-1166628886-3428355240-1532972468-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.msn.com

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7942 more sites.

IE restricted site: HKU\S-1-5-21-1166628886-3428355240-1532972468-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1166628886-3428355240-1532972468-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1166628886-3428355240-1532972468-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1166628886-3428355240-1532972468-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1166628886-3428355240-1532972468-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1166628886-3428355240-1532972468-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1166628886-3428355240-1532972468-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1166628886-3428355240-1532972468-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1166628886-3428355240-1532972468-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1166628886-3428355240-1532972468-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1166628886-3428355240-1532972468-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1166628886-3428355240-1532972468-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1166628886-3428355240-1532972468-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1166628886-3428355240-1532972468-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1166628886-3428355240-1532972468-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1166628886-3428355240-1532972468-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1166628886-3428355240-1532972468-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1166628886-3428355240-1532972468-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1166628886-3428355240-1532972468-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1166628886-3428355240-1532972468-1001\...\123simsen.com -> www.123simsen.com

There are 7942 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 02:24 - 2022-01-15 21:11 - 000454392 ____N C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1    008i.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com
127.0.0.1    123simsen.com
127.0.0.1    www.123simsen.com
127.0.0.1    123topsearch.com
127.0.0.1    www.123topsearch.com
127.0.0.1    125sms.co.uk
127.0.0.1    www.125sms.co.uk

There are 15596 more lines.


==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\dotnet\;C:\Program Files\dotnet\
HKU\S-1-5-21-1166628886-3428355240-1532972468-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\kyler\Downloads\61e351e33a673.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
Wi-Fi: Killer Bandwidth Control -> bf_ndislwf (enabled)
Ethernet: Killer Bandwidth Control -> bf_ndislwf (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{145CF5CF-94C9-4DCA-8DC9-B074A7276EDA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{46D59F08-58A8-4C2E-A042-5C8AFBFD3060}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DF8149CD-1645-4C24-985F-AAE47FBC5D63}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2BCA8E6B-6D5A-4835-8553-E2F3DA74EB13}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E51280A8-5DD8-4A95-9FC6-84FB6B2DFE68}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{A2060F00-58F3-404B-80D3-60020AEAE05E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{A87CD2F5-9FF2-46CE-BC99-C9C9269B77C8}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe (Acer Incorporated -> Acer Cloud Technology)
FirewallRules: [{A8A9C5DA-D0B2-406F-9F24-C95EBA68F996}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe (Acer Incorporated -> Acer Cloud Technology)
FirewallRules: [{970267DF-864C-4693-A60A-ABFB3F367CD0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{FF2B5E61-9C42-48C8-9F9F-0027A94FD07B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5CE16C1F-33D3-485D-B2F9-0C3BA6E1B6DB}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{7837E2D0-1CB8-4BAB-90B7-694078E09D80}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8305EC54-9056-4938-B557-A1FAA2C8D56F}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{D001A5F1-5C64-4150-8CD5-EC2CF59B09F3}] => (Allow) C:\Users\kyler\AppData\Local\Programs\Opera\82.0.4227.58\opera.exe => No File
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service

==================== Restore Points =========================

15-01-2022 12:57:20 Configured PowerDVD

==================== Faulty Device Manager Devices ============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (01/15/2022 08:55:20 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.

Error: (01/15/2022 08:55:20 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (01/15/2022 06:35:53 PM) (Source: MsiInstaller) (EventID: 11904) (User: DESKTOP-5CGP19Q)
Description: Product: FUJIFILM X Webcam 2.1 -- Error 1904. Module C:\Program Files\FUJIFILM X Webcam\fujivcam.dll failed to register.  HRESULT -2147024770.  Contact your support personnel.

Error: (01/15/2022 06:35:51 PM) (Source: MsiInstaller) (EventID: 11904) (User: DESKTOP-5CGP19Q)
Description: Product: FUJIFILM X Webcam 2.1 -- Error 1904. Module C:\Program Files\FUJIFILM X Webcam\fujivcam.dll failed to register.  HRESULT -2147024770.  Contact your support personnel.

Error: (01/15/2022 06:35:51 PM) (Source: MsiInstaller) (EventID: 11904) (User: DESKTOP-5CGP19Q)
Description: Product: FUJIFILM X Webcam 2.1 -- Error 1904. Module C:\Program Files\FUJIFILM X Webcam\fujivcam.dll failed to register.  HRESULT -2147024770.  Contact your support personnel.

Error: (01/15/2022 06:35:50 PM) (Source: MsiInstaller) (EventID: 11904) (User: DESKTOP-5CGP19Q)
Description: Product: FUJIFILM X Webcam 2.1 -- Error 1904. Module C:\Program Files\FUJIFILM X Webcam\fujivcam.dll failed to register.  HRESULT -2147024770.  Contact your support personnel.

Error: (01/15/2022 06:35:50 PM) (Source: MsiInstaller) (EventID: 11904) (User: DESKTOP-5CGP19Q)
Description: Product: FUJIFILM X Webcam 2.1 -- Error 1904. Module C:\Program Files\FUJIFILM X Webcam\fujivcam.dll failed to register.  HRESULT -2147024770.  Contact your support personnel.

Error: (01/15/2022 06:35:50 PM) (Source: MsiInstaller) (EventID: 11904) (User: DESKTOP-5CGP19Q)
Description: Product: FUJIFILM X Webcam 2.1 -- Error 1904. Module C:\Program Files\FUJIFILM X Webcam\fujivcam.dll failed to register.  HRESULT -2147024770.  Contact your support personnel.


System errors:
=============
Error: (01/15/2022 09:11:40 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (01/15/2022 08:54:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot Security Center Integration Service service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (01/15/2022 08:54:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot Security Center Integration Service service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (01/15/2022 08:24:11 PM) (Source: DCOM) (EventID: 10000) (User: DESKTOP-5CGP19Q)
Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:
"2147942767"
Happened while starting this command:
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (01/15/2022 06:36:06 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-5CGP19Q)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (01/15/2022 06:36:06 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-5CGP19Q)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (01/15/2022 06:16:40 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-5CGP19Q)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (01/15/2022 09:33:24 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} did not register with DCOM within the required timeout.


Windows Defender:
================Event[0]:

Date: 2022-01-15 14:56:18
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 0.0.0.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 0.0.0.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2022-01-15 14:56:18
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 0.0.0.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 0.0.0.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2022-01-15 14:56:18
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 0.0.0.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 0.0.0.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2022-01-15 14:56:18
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 0.0.0.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 0.0.0.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2022-01-15 14:56:18
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 0.0.0.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 0.0.0.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===============
Date: 2022-01-15 20:56:21
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDLicense.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-01-15 20:54:41
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

BIOS: American Megatrends Inc. R01-A1 04/22/2016
Motherboard: Acer IPMSL-GM
Processor: Intel® Core™ i7-6700 CPU @ 3.40GHz
Percentage of memory in use: 33%
Total physical RAM: 16335 MB
Available physical RAM: 10861.65 MB
Total Virtual: 19279 MB
Available Virtual: 10876.68 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:476.34 GB) (Free:429.48 GB) NTFS
Drive d: (TI10673200G) (Fixed) (Total:688.42 GB) (Free:52.08 GB) NTFS
Drive e: (Data) (Fixed) (Total:1863.02 GB) (Free:18.67 GB) NTFS
Drive f: (My Book) (Fixed) (Total:7452 GB) (Free:6187.83 GB) exFAT
Drive g: (My Book) (Fixed) (Total:3725.99 GB) (Free:8.89 GB) NTFS

\\?\Volume{b6fc4ac2-153b-4d8d-9498-8310564b3791}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.05 GB) NTFS
\\?\Volume{ad2c70b9-b8f2-11e4-a334-a458c536da07}\ (System) (Fixed) (Total:1 GB) (Free:0.55 GB) NTFS
\\?\Volume{1b090757-69ea-4416-b55c-42db23c1ab67}\ () (Fixed) (Total:0.83 GB) (Free:0.4 GB) NTFS
\\?\Volume{052e0587-697e-11e3-a60d-008cfaa2ecd9}\ (Recovery) (Fixed) (Total:8.16 GB) (Free:0.77 GB) NTFS
\\?\Volume{cfb9ed98-6a14-4413-9e2e-57c4feed8ad9}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32
\\?\Volume{c4b4975e-d533-11e6-838f-008cfaa2ecd9}\ () (Fixed) (Total:0.09 GB) (Free:0.05 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 084D0B5A)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 698.6 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 2 (Size: 1863 GB) (Disk ID: 084D0B3E)

Partition: GPT.

==========================================================
Disk: 3 (Size: 7452 GB) (Disk ID: 16F2A91F)

Partition: GPT.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 4.

==================== End of Addition.txt =======================

 

 

 

I already see something fishy in some of those entries, I dont even know how, I've barely started to do anything on it since reinstalling. Theres no pirated software, or anything I didnt get legitimately.


Edited by -Kyle-, Yesterday, 10:02 PM.

  • 0

Advertisements


#2
icotonev

icotonev

    Trusted Helper

  • Malware Removal
  • 241 posts

I already see something fishy in some of those entries, I dont even know how, I've barely started to do anything on it since reinstalling. Theres no pirated software, or anything I didnt get legitimately.

 
Hi, -Kyle-  and welcome to the Geeks to Go malware removal forum.!  :) 
 
Looking over your logs now..! This may take some time. I'll be back when I've finished. :)


  • 0

#3
icotonev

icotonev

    Trusted Helper

  • Malware Removal
  • 241 posts

+

 

SecurityCheck by glax24

I would like you to run a tool named SecurityCheck to inquire about the current-security-update status of some applications.
 

  • Download SecurityCheck by glax24 from here
  • and save the tool on the desktop.
  • If Windows's SmartScreen block that with a message-window, then
  • Click on the MORE INFO spot and over-ride that and allow it to proceed.
  • This tool is safe. Smartscreen is overly sensitive.
  • Right-click with your mouse on the Securitycheck.exe and select "Run as administrator" and reply YES to allow to run & go forward
  • Wait for the scan to finish. It will open in a text file named SecurityCheck.txt. Close the file. Attach it with your next reply.
  • You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

  • 0

#4
-Kyle-

-Kyle-

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

SecurityCheck by glax24 & Severnyj v.1.4.0.54 [06.12.21]
WebSite: www.safezone.cc
DateLog: 16.01.2022 04:58:23
Path starting: C:\Users\kyler\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: kyler
VersionXML: 9.42is-15.01.2022
___________________________________________________________________________

Windows 10(6.3.19044) (x64) Core Release: 2009 Lang: English(0409)
Installation date OS: 15.01.2022 14:34:22
LicenseStatus: Windows®, Core edition The machine is permanently activated.
LicenseStatus: Office 16, Office16ProPlusVL_KMS_Client edition Volume activation will expire : 186386 minutes
Boot Mode: Normal
Default Browser: C:\Program Files\Firefox Developer Edition\firefox.exe
SystemDrive: C: FS: [NTFS] Capacity: [476.3 Gb] Used: [46.8 Gb] Free: [429.5 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.789.19041.0
User Account Control enabled
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Spybot - Search and Destroy (enabled and up to date)
Windows Defender (disabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Defender Firewall (mpssvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (enabled and up to date)
-------------------------- [ SecurityUtilities ] --------------------------
Spybot - Search & Destroy v.2.9.82.0
------------------------------- [ Backup ] --------------------------------
Microsoft OneDrive v.21.220.1024.0005 Warning! Download Update
------------------------------ [ ArchAndFM ] ------------------------------
WinRAR 6.02 (64-bit) v.6.02.0
------------------------------- [ Imaging ] -------------------------------
blender v.3.0.0
FastStone Image Viewer 7.5 v.7.5
-------------------------- [ IMAndCollaborate ] ---------------------------
Discord v.1.0.9003
-------------------------------- [ Media ] --------------------------------
Audacity 3.1.3 v.3.1.3
VLC media player v.3.0.16
HandBrake 1.5.1 v.1.5.1
------------------------------- [ Browser ] -------------------------------
Google Chrome v.97.0.4692.71
Microsoft Edge v.97.0.1072.62
Mozilla Firefox 47.0.2 (x86 en-US) v.47.0.2 Warning! Download Update
------------------ [ AntivirusFirewallProcessServices ] -------------------
Spybot-S&D 2 Scanner Service (SDScannerService) - The service is running
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe v.2.9.82.220
Spybot Security Center Integration Service (SDWSCService) - The service is running
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe v.2.8.66.0
Spybot-S&D 2 Updating Service (SDUpdateService) - The service is running
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe v.2.9.82.83
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe v.2.9.82.129
Microsoft Defender Antivirus Service (WinDefend) - The service has stopped
Microsoft Defender Antivirus Network Inspection Service (WdNisSvc) - The service has stopped
---------------------------- [ UnwantedApps ] -----------------------------
CCleaner v.5.88 Warning! Suspected demo version of anti-spyware, driver updater or optimizer. If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware. Possible you became a victim of fraud or social engineering. Computer experts no longer recommend this program.
----------------------------- [ End of Log ] ------------------------------

 


  • 0

#5
icotonev

icotonev

    Trusted Helper

  • Malware Removal
  • 241 posts

Farbar Recovery Scan Tool - Fix

 

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press Ctrl+y (Ctrl and y keys at the same time)
  • A blank randomly named .txt Notepad file will open.
  • Copy and paste the following into it (don't include Code: Select all) ....
Start::
CreateRestorePoint:
CloseProcesses:
(Stanislav Polshyn -> Stanislav Polshyn & Trend Micro Inc.) C:\Users\kyler\Downloads\HiJackThis_test\HiJackThis.exe
Task: {003F51E9-D157-4F2F-9411-AB203E4857DB} - \Microsoft\Windows\UpdateOrchestrator\Maintenance Install -> No File <==== ATTENTION
Task: {0E6680C4-65BD-4498-86A8-0291850EC248} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot -> No File <==== ATTENTION
Task: {194ECAF6-DF0B-46AB-82CB-CB0A4D985868} - \BacKGroundAgent -> No File <==== ATTENTION
Task: {25A6C02B-DBD6-422E-B49D-20D3A7A6D534} - \UbtFrameworkService -> No File <==== ATTENTION
Task: {317107BF-13F6-48B4-AA5A-BA0B03A02F4B} - \Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate -> No File <==== ATTENTION
Task: {48A98229-5C8E-4DDD-8139-CF35F7262A95} - \Microsoft\Windows\Plug and Play\Plug and Play Cleanup -> No File <==== ATTENTION
Task: {5587F1DC-15D0-4331-A673-6EF75E5CD9C0} - \Microsoft\Windows\AppID\SmartScreenSpecific -> No File <==== ATTENTION
Task: {71E53243-3A2D-47EE-9DAB-6D71B2366657} - \Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate -> No File <==== ATTENTION
Task: {7204A0E9-83CE-4F8B-A0A0-B131FB057CF9} - \Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask -> No File <==== ATTENTION
Task: {80A81454-5159-4B83-83A1-75D8425C70D6} - \FUBTrackingByPLD -> No File <==== ATTENTION
Task: {9567E270-199F-4972-89A3-D7F6816C5917} - \Microsoft\Windows\UpdateOrchestrator\Policy Install -> No File <==== ATTENTION
Task: {A64BA182-3038-43B5-995A-6E777A400893} - \Software Update Application -> No File <==== ATTENTION
Task: {B2342E59-72B1-41F2-9F73-5978C04930B9} - System32\Tasks\Opera scheduled Autoupdate 1642296634 => C:\Users\kyler\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {C349BB67-3672-4975-AE02-517BAD9318EE} - \Microsoft\Windows\WindowsUpdate\sih -> No File <==== ATTENTION
Task: {C53D54BC-1CF1-4819-8276-1694DADC49C1} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display -> No File <==== ATTENTION
Task: {FA625267-66E0-464A-AE95-8754007E78AD} - \Microsoft\Windows\UpdateOrchestrator\Reboot -> No File <==== ATTENTION
S3 NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [X]
2022-01-15 21:07 - 2022-01-15 21:11 - 000000000 ____D C:\Users\kyler\Downloads\HiJackThis_test
2022-01-15 21:06 - 2022-01-15 21:06 - 002240614 _____ C:\Users\kyler\Downloads\HiJackThis_test.zip
FirewallRules: [{E51280A8-5DD8-4A95-9FC6-84FB6B2DFE68}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{A2060F00-58F3-404B-80D3-60020AEAE05E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
Hosts:
EmptyTemp:
Reboot:
End::
  • Press Ctrl+s to save fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log

  • 0

#6
-Kyle-

-Kyle-

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

One thing that confused me was this bit

(don't include Code: Select all)

 

so I'm not sure I did this correctly, but this is what the log says

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-01-2022
Ran by kyler (16-01-2022 05:15:57) Run:1
Running from C:\Users\kyler\Downloads
Loaded Profiles: kyler
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
(Stanislav Polshyn -> Stanislav Polshyn & Trend Micro Inc.) C:\Users\kyler\Downloads\HiJackThis_test\HiJackThis.exe
Task: {003F51E9-D157-4F2F-9411-AB203E4857DB} - \Microsoft\Windows\UpdateOrchestrator\Maintenance Install -> No File <==== ATTENTION
Task: {0E6680C4-65BD-4498-86A8-0291850EC248} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot -> No File <==== ATTENTION
Task: {194ECAF6-DF0B-46AB-82CB-CB0A4D985868} - \BacKGroundAgent -> No File <==== ATTENTION
Task: {25A6C02B-DBD6-422E-B49D-20D3A7A6D534} - \UbtFrameworkService -> No File <==== ATTENTION
Task: {317107BF-13F6-48B4-AA5A-BA0B03A02F4B} - \Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate -> No File <==== ATTENTION
Task: {48A98229-5C8E-4DDD-8139-CF35F7262A95} - \Microsoft\Windows\Plug and Play\Plug and Play Cleanup -> No File <==== ATTENTION
Task: {5587F1DC-15D0-4331-A673-6EF75E5CD9C0} - \Microsoft\Windows\AppID\SmartScreenSpecific -> No File <==== ATTENTION
Task: {71E53243-3A2D-47EE-9DAB-6D71B2366657} - \Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate -> No File <==== ATTENTION
Task: {7204A0E9-83CE-4F8B-A0A0-B131FB057CF9} - \Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask -> No File <==== ATTENTION
Task: {80A81454-5159-4B83-83A1-75D8425C70D6} - \FUBTrackingByPLD -> No File <==== ATTENTION
Task: {9567E270-199F-4972-89A3-D7F6816C5917} - \Microsoft\Windows\UpdateOrchestrator\Policy Install -> No File <==== ATTENTION
Task: {A64BA182-3038-43B5-995A-6E777A400893} - \Software Update Application -> No File <==== ATTENTION
Task: {B2342E59-72B1-41F2-9F73-5978C04930B9} - System32\Tasks\Opera scheduled Autoupdate 1642296634 => C:\Users\kyler\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {C349BB67-3672-4975-AE02-517BAD9318EE} - \Microsoft\Windows\WindowsUpdate\sih -> No File <==== ATTENTION
Task: {C53D54BC-1CF1-4819-8276-1694DADC49C1} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display -> No File <==== ATTENTION
Task: {FA625267-66E0-464A-AE95-8754007E78AD} - \Microsoft\Windows\UpdateOrchestrator\Reboot -> No File <==== ATTENTION
S3 NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [X]
2022-01-15 21:07 - 2022-01-15 21:11 - 000000000 ____D C:\Users\kyler\Downloads\HiJackThis_test
2022-01-15 21:06 - 2022-01-15 21:06 - 002240614 _____ C:\Users\kyler\Downloads\HiJackThis_test.zip
FirewallRules: [{E51280A8-5DD8-4A95-9FC6-84FB6B2DFE68}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{A2060F00-58F3-404B-80D3-60020AEAE05E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
Hosts:
EmptyTemp:
Reboot:

*****************

Restore point was successfully created.
Processes closed successfully.
C:\Users\kyler\Downloads\HiJackThis_test\HiJackThis.exe => No running process found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{003F51E9-D157-4F2F-9411-AB203E4857DB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{003F51E9-D157-4F2F-9411-AB203E4857DB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Maintenance Install" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E6680C4-65BD-4498-86A8-0291850EC248}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E6680C4-65BD-4498-86A8-0291850EC248}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{194ECAF6-DF0B-46AB-82CB-CB0A4D985868}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{194ECAF6-DF0B-46AB-82CB-CB0A4D985868}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BacKGroundAgent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{25A6C02B-DBD6-422E-B49D-20D3A7A6D534}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25A6C02B-DBD6-422E-B49D-20D3A7A6D534}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UbtFrameworkService" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{317107BF-13F6-48B4-AA5A-BA0B03A02F4B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{317107BF-13F6-48B4-AA5A-BA0B03A02F4B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{48A98229-5C8E-4DDD-8139-CF35F7262A95}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48A98229-5C8E-4DDD-8139-CF35F7262A95}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Plug and Play\Plug and Play Cleanup" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5587F1DC-15D0-4331-A673-6EF75E5CD9C0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5587F1DC-15D0-4331-A673-6EF75E5CD9C0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\AppID\SmartScreenSpecific" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{71E53243-3A2D-47EE-9DAB-6D71B2366657}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71E53243-3A2D-47EE-9DAB-6D71B2366657}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7204A0E9-83CE-4F8B-A0A0-B131FB057CF9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7204A0E9-83CE-4F8B-A0A0-B131FB057CF9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{80A81454-5159-4B83-83A1-75D8425C70D6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80A81454-5159-4B83-83A1-75D8425C70D6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FUBTrackingByPLD" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9567E270-199F-4972-89A3-D7F6816C5917}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9567E270-199F-4972-89A3-D7F6816C5917}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Policy Install" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A64BA182-3038-43B5-995A-6E777A400893}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A64BA182-3038-43B5-995A-6E777A400893}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Software Update Application" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B2342E59-72B1-41F2-9F73-5978C04930B9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2342E59-72B1-41F2-9F73-5978C04930B9}" => removed successfully
C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1642296634 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 1642296634" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C349BB67-3672-4975-AE02-517BAD9318EE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C349BB67-3672-4975-AE02-517BAD9318EE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsUpdate\sih" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C53D54BC-1CF1-4819-8276-1694DADC49C1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C53D54BC-1CF1-4819-8276-1694DADC49C1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA625267-66E0-464A-AE95-8754007E78AD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA625267-66E0-464A-AE95-8754007E78AD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot" => removed successfully
HKLM\System\CurrentControlSet\Services\NvStreamKms => removed successfully
NvStreamKms => service removed successfully
C:\Users\kyler\Downloads\HiJackThis_test => moved successfully
C:\Users\kyler\Downloads\HiJackThis_test.zip => moved successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E51280A8-5DD8-4A95-9FC6-84FB6B2DFE68}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A2060F00-58F3-404B-80D3-60020AEAE05E}" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 1572864 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8559186 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 1882911 B
Edge => 0 B
Chrome => 0 B
Firefox => 178441644 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 16150 B
NetworkService => 17308 B
kyler => 13471258 B

RecycleBin => 0 B
EmptyTemp: => 194.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 05:16:12 ====


  • 0

#7
icotonev

icotonev

    Trusted Helper

  • Malware Removal
  • 241 posts

Very good..!  :thumbsup:  Are there any changes after executing the fix ..?

 

Run AdwCleaner (Scan mode)


Download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

 

 

Fresh FRST Scan

 

You should still have FRST64.exe on your Desktop, if it is not here, copy it here!

  • Please close all open programs and windows.
  • Right-click FRST64.exe and select "Run as administrator..." to run it.
  • When the tool opens click Yes to the disclaimer if it is occurred.
  • Please be sure that 90 Days Files check box under Optional Scan section is checked.
  • Please be sure that Addition.txt check box under Optional Scan section is checked.
  • Press Scan button. When finished a two logs FRST.txt. and Addition.txt will be created and opened in Notepad.
  • Please post the content of the both FRST.txt and Addition.txt in your next reply.

 

In your next reply please post:

  1. Content of the  AdwCleaner[S0*].txt
  2. Contents of the FRST.txt log file after fresh FRST scan
  3. Contents of the Addition.txt log file after fresh FRST scan

  • 0






Similar Topics


Also tagged with one or more of these keywords: RAT, windows10

2 user(s) are reading this topic

1 members, 1 guests, 0 anonymous users


    -Kyle-

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP