Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Suspected Spyware [Solved]


  • This topic is locked This topic is locked

#1
Dohnovan

Dohnovan

    Member

  • Member
  • PipPip
  • 95 posts

Hello again, I had a problem this morning with someone logging into my Black Desert game account. I have never shared my password with anyone. I suspect my pc has spyware on it!

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-11-2022
Ran by darks (administrator) on DOHNOVAN (iBuypower INTEL) (22-11-2022 09:59:17)
Running from C:\Users\darks\OneDrive\Desktop
Loaded Profiles: darks
Platform: Microsoft Windows 11 Home Version 22H2 22621.819 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe ->) (ASUSTeK COMPUTER INC. -> ) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent\ArmourySwAgent.exe
(C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe ->) (ASUSTeK COMPUTER INC. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmouryHtmlDebugServer.exe
(C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe ->) (Razer USA Ltd. -> The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe <5>
(C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
(C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe ->) (Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\Synapse3\UserProcess\Razer Synapse Service Process.exe
(C:\Program Files (x86)\Steam\steam.exe ->) (BOHEMIA INTERACTIVE a.s. -> Bohemia Interactive) C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe
(C:\Program Files (x86)\Steam\steam.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.UserSessionHelper.exe
(C:\Program Files\Corsair\CORSAIR iCUE 4 Software\Corsair.Service.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files\Corsair\CORSAIR iCUE 4 Software\Corsair.Service.CpuIdRemote64.exe
(C:\Program Files\Corsair\CORSAIR iCUE 4 Software\Corsair.Service.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files\Corsair\CORSAIR iCUE 4 Software\Corsair.Service.DisplayAdapter.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MpCopyAccelerator.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files\Corsair\CORSAIR iCUE 4 Software\iCUE.exe
(Discord Inc. -> Discord Inc.) C:\Users\darks\AppData\Local\Discord\app-1.0.9007\Discord.exe <7>
(explorer.exe ->) (ADLICE -> ) C:\Program Files\UCheck\UCheck64.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <30>
(explorer.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_11.2209.6.0_x64__8wekyb3d8bbwe\Notepad\Notepad.exe <4>
(explorer.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
(explorer.exe ->) (Support.com, Inc. -> SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(explorer.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler64.exe
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUS Inc.) C:\Program Files (x86)\ASUS\GameSDK Service\GameSDK.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.) C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\2.03.19\AsusFanControlService.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AXSP\4.02.22\atkexComSvc.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.) C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) C:\Program Files (x86)\LightingService\LightingService.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe
(services.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files\Corsair\CORSAIR iCUE 4 Software\Corsair.Service.exe
(services.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files\Corsair\CORSAIR iCUE 4 Software\CueLLAccessService.exe
(services.exe ->) (Corsair Memory, Inc. -> Corsair) C:\Program Files\Corsair\CORSAIR iCUE 4 Software\iCUEDevicePluginHost.exe <8>
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorvd.inf_amd64_4644c24027cfb2ed\RstMwService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_21e0cf0737fd48af\WMIRegistrationService.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.) C:\Windows\System32\CorsairGamingAudioCfgService64.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\NisSrv.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\System32\Sgrm\SgrmBroker.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_009debfbd2e1619b\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Razer USA Ltd. -> Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzChromaStreamServer.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_74518f403e753586\RtkAudUService64.exe <2>
(services.exe ->) (Samsung Electronics Co., Ltd. -> Clonix & CottonCandy) C:\Program Files (x86)\Samsung\Samsung Magician\MigrationService\MigrationService.exe
(services.exe ->) (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagicianSVC.exe
(services.exe ->) (SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(services.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\steamservice.exe
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ) C:\Program Files\ASUS\KINGSTON_Aac_DRAM\AacKingstonDramHal_x64.exe
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ) C:\Program Files\ASUS\KINGSTON_Aac_DRAM\AacKingstonDramHal_x86.exe
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek Compputer Inc.) C:\Program Files\ASUS\AacMB\Aac3572MbHal_x64.exe
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek Compputer Inc.) C:\Program Files\ASUS\AacMB\Aac3572MbHal_x86.exe <2>
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe <7>
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.) C:\Program Files\ASUS\AacExtCard\extensionCardHal_x64.exe
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.) C:\Program Files\ASUS\AacExtCard\extensionCardHal_x86.exe
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.) C:\Program Files\ASUS\ASUS_Aac_DRAM\Aac3572DramHal_x64.exe
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.) C:\Program Files\ASUS\ASUS_Aac_DRAM\Aac3572DramHal_x86.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22092.211.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.765.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> ) C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(svchost.exe ->) (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe <4>
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_74518f403e753586\RtkAudUService64.exe [1219312 2020-12-23] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [CORSAIR iCUE 4 Software] => C:\Program Files\Corsair\CORSAIR iCUE 4 Software\iCUE Launcher.exe [185384 2022-09-19] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [50312608 2022-05-06] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [50312608 2022-05-06] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2689038970-3992290621-3382473883-1001\...\Run: [UCheck] => C:\Program Files\UCheck\UCheck64.exe [30783416 2022-08-25] (ADLICE -> )
HKU\S-1-5-21-2689038970-3992290621-3382473883-1001\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3542032 2022-11-07] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-5-21-2689038970-3992290621-3382473883-1001\...\Run: [Discord] => C:\Users\darks\AppData\Local\Discord\Update.exe [1525032 2022-08-08] (Discord Inc. -> GitHub)
HKU\S-1-5-21-2689038970-3992290621-3382473883-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4245352 2022-11-16] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-2689038970-3992290621-3382473883-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [10994528 2022-04-20] (Support.com, Inc. -> SUPERAntiSpyware)
HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3542032 2022-11-07] (Razer USA Ltd. -> Razer Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\107.0.5304.107\Installer\chrmstp.exe [2022-11-10] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\107.1.45.127\Installer\chrmstp.exe [2022-11-15] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {20669D6A-E174-4A1A-AF80-6C3D8C104474} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655864 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {213CE4C0-3DD0-472F-B277-24912D5A576E} - System32\Tasks\GoogleUpdateTaskMachineCore{4D22B583-B4EE-4B47-9584-B34A7D9D570B} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [168632 2022-08-28] (Google LLC -> Google LLC)
Task: {320D25CF-BFC4-4BA4-8DD5-EDC3D22991F9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MpCmdRun.exe [1567360 2022-11-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {35FA15B3-E9E5-42BB-9079-31EE6DC040FD} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655864 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {36427B2F-C38B-43FE-B0EA-9BD55DC60397} - System32\Tasks\ASUS\ASUSUpdateTaskMachineCore1d8bb63a07775bd => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [153112 2022-08-28] (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.)
Task: {36EDDED6-3929-4078-92AC-2AAF200FE2BA} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [121595976 2022-09-01] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
Task: {46FE2B0B-8FF1-4027-B036-6CC81AE499A4} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA{1370C601-2902-40DC-9B3B-ADDF709B7765} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174976 2022-08-28] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {494ECCD4-FC7D-4605-B5E4-6E270FA9DC53} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655864 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {499FA41B-6FBC-439B-BEC4-F56270558303} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MpCmdRun.exe [1567360 2022-11-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {508A3306-E0B9-453C-8715-94AF5A892157} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-2689038970-3992290621-3382473883-1001 => {201600D8-6EFF-48CE-B842-E14D37A0682D} C:\WINDOWS\System32\wpninprc.dll [65536 2022-05-06] (Microsoft Windows -> Microsoft Corporation)
Task: {528AF5DC-CC76-4FAB-8925-B2495C63F55A} - System32\Tasks\Microsoft\Windows\PI\SecureBootEncodeUEFI => C:\WINDOWS\system32\SecureBootEncodeUEFI.exe [94208 2022-11-09] (Microsoft Windows -> )
Task: {5EDAC36E-A689-4C15-BD2E-56692D3D11C1} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-08-30] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {73A0A2DD-9416-40E7-8B92-B20A82523FF4} - System32\Tasks\GoogleUpdateTaskMachineUA{8F13E3E6-FD2B-413D-8C27-D5B596938092} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [168632 2022-08-28] (Google LLC -> Google LLC)
Task: {754427AA-7D54-4301-8DE0-C80F926A73AF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MpCmdRun.exe [1567360 2022-11-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {79F512FC-B195-4371-9539-656EDD39758D} - System32\Tasks\ASUS\ASUSUpdateTaskMachineUA => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [153112 2022-08-28] (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.)
Task: {84C8F0E9-F262-4B7E-864F-06F7D1C0EB19} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655864 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {878A0B4E-66A3-46D7-9FE3-C2700B6B83D2} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342376 2022-10-16] (Nvidia Corporation -> NVIDIA Corporation)
Task: {881F5EF7-C734-4E84-8E83-E14455B1C55D} - System32\Tasks\ASUS\Framework Service => C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe [43797544 2022-09-01] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
Task: {9D6AED2B-B02D-4373-ACA5-C68C1EE7F663} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908856 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {A0906CB9-83A7-4A47-993E-2F85ADECBCDA} - System32\Tasks\ASUS\ArmourySocketServer => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe [1858920 2022-09-27] (ASUSTeK COMPUTER INC. -> ASUS)
Task: {BD41E4AF-F0E0-4B4A-8E13-792A8BC9E2C7} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [804328 2022-09-13] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
Task: {C2EF009D-B9EC-4A57-8912-0AA61F556A63} - System32\Tasks\ASUS\AcPowerNotification => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe [309608 2022-09-27] (ASUSTeK COMPUTER INC. -> ASUS)
Task: {C8A01508-624C-4818-A422-09EC4204D9C3} - System32\Tasks\ASUS\NoiseCancelingEngine => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\NoiseCancelingEngine.exe [1254760 2022-09-29] (ASUSTeK COMPUTER INC. -> ASUS)
Task: {D7632C05-0937-448B-9579-3A1D5BA35EDA} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\sc.exe start InventorySvc
Task: {D7885ADC-510B-4493-A94F-DD191FC59BDB} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe (No File)
Task: {DE6B5ACA-5EF9-420C-BCF4-5AA901D1B9ED} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649784 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {E06FA572-4C6C-4861-B46C-08633AE1D0E1} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908856 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {F3E16804-2D8F-4776-8D62-BFC9C0FBCA16} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MpCmdRun.exe [1567360 2022-11-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F958EC2B-4A1F-4093-827E-21FDC182764B} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\WINDOWS\system32\MusNotification.exe (No File)
Task: {FE18A1BC-5687-4FE7-8A80-328EB4F39B89} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore{4958F240-7F5A-44D0-90E3-F43FC160065F} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174976 2022-08-28] (Brave Software, Inc. -> BraveSoftware Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{20a639cd-3aaf-4f43-8f68-c55a95ee6a33}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{24cb3435-4502-4301-be1f-3117abc998e4}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\darks\AppData\Local\Microsoft\Edge\User Data\Default [2022-11-09]
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\darks\AppData\Local\Google\Chrome\User Data\Default [2022-08-29]
CHR Extension: (Google Docs Offline) - C:\Users\darks\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-08-28]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\darks\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-08-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\darks\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-08-28]
CHR Profile: C:\Users\darks\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-11-22]
CHR Profile: C:\Users\darks\AppData\Local\Google\Chrome\User Data\Profile 1 [2022-11-22]
CHR Extension: (Just Black) - C:\Users\darks\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aghfnjkcakhmadgdomlmlhhaocbkloab [2022-08-29]
CHR Extension: (Google Docs Offline) - C:\Users\darks\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-11-03]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\darks\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-11-17]
CHR Extension: (MetaMask) - C:\Users\darks\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2022-11-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\darks\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-08-29]
CHR Profile: C:\Users\darks\AppData\Local\Google\Chrome\User Data\System Profile [2022-11-22]
 
Brave: 
=======
BRA Profile: C:\Users\darks\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2022-11-15]
BRA DefaultSearchKeyword: Default -> :g
BRA Extension: (Brave Local Data Files Updater) - C:\Users\darks\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2022-11-15]
BRA Extension: (Brave NTP background images) - C:\Users\darks\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2022-08-28]
BRA Extension: (Wallet Data Files Updater) - C:\Users\darks\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2022-11-15]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\darks\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2022-11-15]
BRA Extension: (Brave NTP sponsored images) - C:\Users\darks\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2022-11-15]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\darks\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2022-08-28]
BRA Extension: (Brave Ad Block Updater (Easylist-Cookie List - Filter Obtrusive Cookie Notices)) - C:\Users\darks\AppData\Local\BraveSoftware\Brave-Browser\User Data\lfgnenkkneohplacnfabidofpgcdpofm [2022-11-15]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\darks\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2022-11-15]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2021-01-09] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 ArmouryCrateService; C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe [394864 2022-09-28] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.02.22\atkexComSvc.exe [894824 2022-10-31] (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.)
S2 asus; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [153112 2022-08-28] (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.)
R2 AsusCertService; C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe [558104 2022-07-11] (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\2.03.19\AsusFanControlService.exe [1722216 2022-11-01] (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.)
S3 asusm; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [153112 2022-08-28] (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.)
S2 AsusUpdateCheck; C:\WINDOWS\System32\AsusUpdateCheck.exe [845256 2022-11-19] (ASUSTeK Computer Inc. -> )
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8885112 2022-11-01] (BattlEye Innovations e.K. -> )
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174976 2022-08-28] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174976 2022-08-28] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 CMigrationService; C:\Program Files (x86)\Samsung\Samsung Magician\MigrationService\MigrationService.exe [761416 2022-09-01] (Samsung Electronics Co., Ltd. -> Clonix & CottonCandy)
R2 CorsairGamingAudioConfig; C:\WINDOWS\system32\CorsairGamingAudioCfgService64.exe [613928 2022-08-18] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAService; C:\Program Files\Corsair\CORSAIR iCUE 4 Software\CueLLAccessService.exe [238632 2022-09-19] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
R2 CorsairService; C:\Program Files\Corsair\CORSAIR iCUE 4 Software\Corsair.Service.exe [84008 2022-09-19] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
S2 CorsairUniwillService; C:\Program Files\Corsair\CORSAIR iCUE 4 Software\CueUniwillService.exe [108072 2022-09-19] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [810984 2022-08-29] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [347408 2022-08-29] (Underwriters Laboratories Inc. -> Futuremark)
R2 GameSDK Service; C:\Program Files (x86)\ASUS\GameSDK Service\GameSDK.exe [397544 2022-05-31] (ASUSTeK COMPUTER INC. -> ASUS Inc.)
R3 iCUEDevicePluginHost; C:\Program Files\Corsair\CORSAIR iCUE 4 Software\iCUEDevicePluginHost.exe [459304 2022-09-19] (Corsair Memory, Inc. -> Corsair)
S3 InventorySvc; C:\WINDOWS\system32\inventorysvc.dll [304480 2022-10-11] (Microsoft Windows -> Microsoft Corporation)
R2 LightingService; C:\Program Files (x86)\LightingService\LightingService.exe [3887976 2022-09-26] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8879024 2022-11-19] (Malwarebytes Inc. -> Malwarebytes)
R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [1994664 2022-10-25] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [485296 2022-11-04] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Chroma Stream Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzChromaStreamServer.exe [1354192 2022-10-12] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [254224 2021-11-15] (Razer USA Ltd. -> Razer Inc)
R2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [300552 2022-11-06] (Razer USA Ltd. -> Razer Inc.)
R2 ROG Live Service; C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe [6739056 2022-09-21] (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [537912 2022-10-23] (Razer USA Ltd. -> Razer Inc.)
R2 SamsungMagicianSVC; C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagicianSVC.exe [371784 2022-09-01] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 SgrmBroker; C:\WINDOWS\system32\Sgrm\SgrmBroker.exe [414632 2022-05-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TextInputManagementService; C:\WINDOWS\System32\TabSvc.dll [266240 2022-10-11] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\NisSrv.exe [3191272 2022-11-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MsMpEng.exe [133544 2022-11-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 wuauserv; C:\WINDOWS\system32\wuauserv.dll [137544 2022-11-09] (Microsoft Windows -> Microsoft Corporation)
S3 BraveElevationService; "C:\Program Files\BraveSoftware\Brave-Browser\Application\107.1.45.127\elevation_service.exe" [X]
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_009debfbd2e1619b\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_009debfbd2e1619b\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Asusgio2; C:\WINDOWS\system32\drivers\AsIO2.sys [34384 2022-02-10] (ASUSTeK Computer Inc. -> )
R1 Asusgio3; C:\WINDOWS\system32\drivers\AsIO3.sys [49232 2022-07-11] (ASUSTeK COMPUTER INC. -> )
R2 bfs; C:\WINDOWS\system32\drivers\bfs.sys [91480 2022-10-11] (Microsoft Windows -> Microsoft Corporation)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [532480 2022-08-15] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [184320 2022-08-15] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [106496 2022-08-15] (Microsoft Corporation) [File not signed]
R3 CorsairGamingAudioService; C:\WINDOWS\system32\DRIVERS\CorsairGamingAudio64.sys [63008 2022-08-18] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAccessC2D033F14715AA7325305EA42FBFC65BF867CC1D; C:\Program Files\Corsair\CORSAIR iCUE 4 Software\CorsairLLAccess64.sys [21752 2022-08-18] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [47032 2022-08-01] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [22968 2022-08-01] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 cpuz153; C:\WINDOWS\temp\cpuz153\cpuz153_x64.sys [36864 2022-11-19] (Microsoft Windows Hardware Compatibility Publisher -> CPUID)
R3 cpuz154; C:\WINDOWS\temp\cpuz154\cpuz154_x64.sys [40976 2022-11-19] (Microsoft Windows Hardware Compatibility Publisher -> CPUID)
R1 CTIAIO; C:\WINDOWS\system32\drivers\CtiAIo64.sys [32320 2022-09-14] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Innovation Co., LTd.)
S0 GenPass; C:\WINDOWS\System32\DriverStore\FileRepository\genpass.inf_amd64_bef88a423225ecdc\genpass.sys [62800 2022-05-06] (Microsoft Windows -> Microsoft Corporation)
R3 iaLPSS2_GPIO2_ADL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_adl.inf_amd64_774a66f35d00ad3d\iaLPSS2_GPIO2_ADL.sys [140960 2022-06-22] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_ADL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_adl.inf_amd64_1ebed6f33a1c1014\iaLPSS2_I2C_ADL.sys [210600 2022-06-22] (Intel Corporation -> Intel Corporation)
R0 iaStorVD; C:\WINDOWS\System32\drivers\iaStorVD.sys [1605296 2022-07-12] (Intel Corporation -> Intel Corporation)
R3 IOMap; C:\WINDOWS\system32\drivers\IOMap64.sys [35344 2022-09-28] (ASUSTEK COMPUTER INC. -> ASUSTeK Computer Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-10-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-08-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-10-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R1 MSIO; C:\WINDOWS\system32\drivers\MsIo64.sys [18496 2022-06-08] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd)
R3 NvModuleTracker; C:\WINDOWS\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2022-07-13] (Nvidia Corporation -> NVIDIA Corporation)
S0 pvscsi; C:\WINDOWS\System32\drivers\pvscsii.sys [45408 2022-05-06] (Microsoft Windows -> VMware, Inc.)
S3 RoutePolicy; C:\WINDOWS\System32\drivers\RoutePolicy.sys [98304 2022-05-06] (Microsoft Windows -> )
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [36824 2020-07-13] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
S3 rtcx21; C:\WINDOWS\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_516e5c9b75c49dc2\rtcx21x64.sys [539648 2022-05-06] (Microsoft Windows -> Realtek)
R3 RzCommon; C:\WINDOWS\System32\drivers\RzCommon.sys [64168 2022-08-18] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_0067; C:\WINDOWS\System32\drivers\RzDev_0067.sys [54152 2020-08-24] (Razer USA Ltd. -> Razer Inc)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49616 2022-11-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [469288 2022-11-10] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [95520 2022-11-10] (Microsoft Windows -> Microsoft Corporation)
R2 wtd; C:\WINDOWS\System32\drivers\wtd.sys [118784 2022-10-11] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-11-22 09:58 - 2022-11-22 09:59 - 000000000 ____D C:\FRST
2022-11-18 11:20 - 2022-11-18 11:20 - 000000000 ____D C:\Users\darks\OneDrive\Documents\Arma 3 - Other Profiles
2022-11-18 10:21 - 2022-11-21 12:18 - 000000000 ____D C:\Users\darks\AppData\Local\Arma 3
2022-11-18 10:21 - 2022-11-18 10:46 - 000000000 ____D C:\Users\darks\OneDrive\Documents\Arma 3
2022-11-18 10:21 - 2022-11-18 10:21 - 000000000 ____D C:\Users\darks\AppData\Local\BattlEye
2022-11-18 10:21 - 2022-11-18 10:21 - 000000000 ____D C:\ProgramData\Bohemia Interactive
2022-11-18 10:19 - 2022-11-21 07:10 - 000000000 ____D C:\Users\darks\AppData\Local\Arma 3 Launcher
2022-11-18 10:19 - 2022-11-18 10:19 - 000000000 ____D C:\Users\darks\AppData\Local\Bohemia_Interactive
2022-11-17 18:27 - 2022-11-17 18:27 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2022-11-17 18:24 - 2022-11-14 22:53 - 002236992 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2022-11-17 18:24 - 2022-11-14 22:53 - 002236992 _____ C:\WINDOWS\system32\vulkaninfo.exe
2022-11-17 18:24 - 2022-11-14 22:53 - 001642560 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2022-11-17 18:24 - 2022-11-14 22:53 - 001642560 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2022-11-17 18:24 - 2022-11-14 22:53 - 001487872 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2022-11-17 18:24 - 2022-11-14 22:53 - 001444408 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2022-11-17 18:24 - 2022-11-14 22:53 - 001444408 _____ C:\WINDOWS\system32\vulkan-1.dll
2022-11-17 18:24 - 2022-11-14 22:53 - 001226736 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2022-11-17 18:24 - 2022-11-14 22:53 - 001168960 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2022-11-17 18:24 - 2022-11-14 22:53 - 001168960 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2022-11-17 18:24 - 2022-11-14 22:49 - 001532424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2022-11-17 18:24 - 2022-11-14 22:49 - 001191936 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2022-11-17 18:24 - 2022-11-14 22:49 - 000671792 _____ C:\WINDOWS\system32\nvofapi64.dll
2022-11-17 18:24 - 2022-11-14 22:49 - 000507432 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2022-11-17 18:24 - 2022-11-14 22:48 - 002162688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2022-11-17 18:24 - 2022-11-14 22:48 - 001618936 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2022-11-17 18:24 - 2022-11-14 22:48 - 000950280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2022-11-17 18:24 - 2022-11-14 22:48 - 000738312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2022-11-17 18:24 - 2022-11-14 22:47 - 012453896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2022-11-17 18:24 - 2022-11-14 22:47 - 010220552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2022-11-17 18:24 - 2022-11-14 22:47 - 005891080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2022-11-17 18:24 - 2022-11-14 22:47 - 005857280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcudadebugger.dll
2022-11-17 18:24 - 2022-11-14 22:47 - 005817336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2022-11-17 18:24 - 2022-11-14 22:47 - 000458240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2022-11-17 18:24 - 2022-11-13 05:23 - 000100633 _____ C:\WINDOWS\system32\nvinfo.pb
2022-11-17 18:23 - 2022-11-14 22:46 - 000853016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2022-11-15 08:07 - 2022-11-15 08:07 - 000000000 ____D C:\Users\darks\OneDrive\Documents\Zoom
2022-11-15 08:06 - 2022-11-15 08:06 - 000000000 ____D C:\Users\darks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2022-11-15 08:06 - 2022-11-15 08:06 - 000000000 ____D C:\Users\darks\AppData\Local\Zoom
2022-11-11 12:52 - 2022-11-11 12:52 - 000000000 ____D C:\ProgramData\Blizzard Entertainment
2022-11-10 19:06 - 2022-11-14 22:48 - 000734720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2022-11-10 18:58 - 2022-11-10 18:58 - 000018944 _____ C:\GetDeviceStatus.xml
2022-11-10 09:14 - 2022-11-10 09:14 - 000062723 _____ C:\Users\darks\Downloads\cbt-triangle.pdf
2022-11-09 06:34 - 2022-11-09 06:34 - 000094208 _____ C:\WINDOWS\system32\SecureBootEncodeUEFI.exe
2022-11-09 06:34 - 2022-11-09 06:34 - 000062832 _____ C:\WINDOWS\system32\AppInstallerBackgroundUpdate.exe
2022-11-09 06:34 - 2022-11-09 06:34 - 000016519 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-11-09 06:32 - 2022-11-09 06:33 - 000000000 ___HD C:\$WinREAgent
2022-11-04 13:29 - 2022-11-04 13:29 - 000100135 _____ C:\Users\darks\Downloads\Star Method practice.pdf
2022-10-29 11:15 - 2022-10-29 11:15 - 000007602 _____ C:\Users\darks\AppData\Local\Resmon.ResmonCfg
2022-10-26 23:43 - 2022-10-26 23:43 - 000218088 _____ (Razer Inc.) C:\WINDOWS\system32\RzChromaConnectAPI64.dll
2022-10-26 23:43 - 2022-10-26 23:43 - 000173552 _____ (Razer Inc.) C:\WINDOWS\system32\RzChromaBroadcastManager64.dll
2022-10-26 23:42 - 2022-10-26 23:42 - 000193512 _____ (Razer Inc.) C:\WINDOWS\SysWOW64\RzChromaConnectAPI.dll
2022-10-26 23:42 - 2022-10-26 23:42 - 000157680 _____ (Razer Inc.) C:\WINDOWS\SysWOW64\RzChromaBroadcastManager.dll
2022-10-26 23:42 - 2022-10-26 23:42 - 000049128 _____ (Razer Inc.) C:\WINDOWS\system32\RzChromaBroadcastAPI64.dll
2022-10-26 23:42 - 2022-10-26 23:42 - 000041960 _____ (Razer Inc.) C:\WINDOWS\SysWOW64\RzChromaBroadcastAPI.dll
2022-10-26 06:25 - 2022-10-26 06:25 - 000027088 _____ (EasyAntiCheat Oy) C:\WINDOWS\system32\eac_usermode_171140935239148.dll
2022-10-25 16:41 - 2022-10-25 16:41 - 000000000 ____D C:\Users\darks\AppData\Roaming\NVIDIA
2022-10-25 16:39 - 2022-10-25 16:39 - 000000000 ____D C:\Users\darks\Downloads\MSIAfterburnerSetup
2022-10-25 16:39 - 2022-10-25 16:39 - 000000000 ____D C:\Users\darks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2022-10-25 16:38 - 2022-10-25 16:38 - 055532428 _____ C:\Users\darks\Downloads\MSIAfterburnerSetup.zip
2022-10-25 16:36 - 2022-10-06 20:01 - 000041984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhdap64.dll
2022-10-25 16:31 - 2022-10-25 16:43 - 000000000 ____D C:\Users\darks\AppData\Local\NVIDIA Corporation
2022-10-25 16:31 - 2022-10-25 16:31 - 000004308 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-10-25 16:31 - 2022-10-25 16:31 - 000003976 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-10-25 16:31 - 2022-10-25 16:31 - 000003940 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-10-25 16:31 - 2022-10-25 16:31 - 000003894 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-10-25 16:31 - 2022-10-25 16:31 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-10-25 16:31 - 2022-10-25 16:31 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-10-25 16:31 - 2022-10-25 16:31 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-10-25 16:31 - 2022-10-25 16:31 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-10-25 16:31 - 2022-10-25 16:31 - 000003654 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-10-25 16:31 - 2022-10-25 16:31 - 000001454 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2022-10-25 16:31 - 2022-10-25 16:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2022-10-25 16:31 - 2022-10-16 23:25 - 002890296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2022-10-25 16:31 - 2022-10-16 23:25 - 002224696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2022-10-25 16:31 - 2022-10-16 23:25 - 001297464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2022-10-25 16:31 - 2022-09-07 07:56 - 000086568 _____ C:\WINDOWS\system32\FvSDK_x64.dll
2022-10-25 16:31 - 2022-09-07 07:56 - 000075304 _____ C:\WINDOWS\SysWOW64\FvSDK_x86.dll
2022-10-25 16:31 - 2022-08-30 03:43 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2022-10-25 16:31 - 2022-07-22 20:17 - 000169512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2022-10-25 16:31 - 2022-07-22 20:17 - 000148520 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2022-10-25 16:31 - 2022-07-15 09:59 - 000059368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2022-10-25 16:28 - 2022-10-25 16:28 - 130774504 _____ (NVIDIA Corporation) C:\Users\darks\Downloads\GeForce_Experience_v3.26.0.154.exe
2022-10-25 16:26 - 2022-11-17 18:28 - 000000000 ____D C:\Users\darks\AppData\Local\NVIDIA
2022-10-25 16:25 - 2022-11-14 22:49 - 000851480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2022-10-25 16:25 - 2022-11-14 22:47 - 003334664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2022-10-25 16:25 - 2022-11-14 22:45 - 007643384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2022-10-25 16:25 - 2022-11-14 22:45 - 006511856 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2022-10-25 16:25 - 2022-10-25 16:25 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2022-10-25 15:34 - 2022-10-25 15:34 - 000000000 ____D C:\Users\darks\AppData\Local\ElevatedDiagnostics
2022-10-25 11:36 - 2022-10-25 11:36 - 000667872 _____ C:\Users\darks\Downloads\Feelings+Wheel.pdf
2022-10-25 00:49 - 2022-10-25 00:49 - 000309672 _____ (Razer Inc.) C:\WINDOWS\system32\RzChromaSDK64.dll
2022-10-25 00:45 - 2022-10-25 00:45 - 000253864 _____ (Razer Inc.) C:\WINDOWS\SysWOW64\RzChromaSDK.dll
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-11-22 09:59 - 2022-08-28 21:52 - 000000000 ____D C:\Users\darks\AppData\Roaming\discord
2022-11-22 09:56 - 2022-09-14 20:37 - 000000000 ____D C:\Program Files (x86)\Steam
2022-11-22 09:22 - 2022-08-28 21:11 - 000000000 ____D C:\Program Files (x86)\Google
2022-11-22 09:13 - 2022-08-28 21:52 - 000000000 ____D C:\Users\darks\AppData\Local\Discord
2022-11-22 08:09 - 2022-08-28 21:57 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-11-22 06:58 - 2022-08-28 21:57 - 000000000 ____D C:\WINDOWS\SystemTemp
2022-11-22 06:58 - 2022-08-28 21:01 - 000000000 ____D C:\ProgramData\NVIDIA
2022-11-22 00:33 - 2022-08-28 21:57 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-11-21 17:55 - 2022-08-28 21:58 - 000000000 ____D C:\Program Files\ASUS
2022-11-20 21:57 - 2022-08-28 21:57 - 000000000 ____D C:\WINDOWS\INF
2022-11-20 21:53 - 2022-08-28 21:56 - 000000000 ____D C:\Users\darks\AppData\Local\CrashDumps
2022-11-19 22:19 - 2022-08-28 21:09 - 000000000 ____D C:\Users\darks\AppData\Local\D3DSCache
2022-11-19 22:19 - 2022-08-28 21:01 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-11-19 19:33 - 2022-08-28 21:57 - 000000000 ___HD C:\Program Files\WindowsApps
2022-11-19 17:56 - 2022-08-28 21:09 - 000804976 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-11-19 17:53 - 2022-10-11 07:04 - 000000000 ____D C:\Users\darks\AppData\Roaming\Samsung Magician
2022-11-19 17:53 - 2022-08-28 21:07 - 000000000 ____D C:\Users\darks
2022-11-19 17:52 - 2022-09-11 20:29 - 000003128 _____ C:\WINDOWS\system32\Tasks\MSIAfterburner
2022-11-19 17:52 - 2022-08-28 21:57 - 000000000 ____D C:\WINDOWS\ServiceState
2022-11-19 17:52 - 2022-08-28 21:01 - 000901328 _____ () C:\WINDOWS\system32\wpbbin.exe
2022-11-19 17:52 - 2022-08-28 21:01 - 000845256 _____ C:\WINDOWS\system32\AsusUpdateCheck.exe
2022-11-19 17:52 - 2022-08-28 21:01 - 000012288 ___SH C:\DumpStack.log.tmp
2022-11-19 17:52 - 2022-08-28 21:01 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-11-19 06:18 - 2022-08-28 21:01 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-11-19 06:18 - 2022-08-28 21:01 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-11-18 10:19 - 2022-08-28 21:20 - 000000000 ____D C:\ProgramData\Package Cache
2022-11-18 06:19 - 2022-09-14 22:54 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2022-11-17 19:25 - 2022-08-28 21:55 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-11-17 18:37 - 2022-08-28 21:58 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2022-11-17 18:37 - 2022-08-28 21:55 - 000000000 ____D C:\Program Files (x86)\ASUS
2022-11-17 18:37 - 2022-08-28 21:09 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-11-17 18:37 - 2022-08-28 21:01 - 000000000 ____D C:\ProgramData\ASUS
2022-11-16 09:41 - 2022-09-24 13:31 - 000000000 ____D C:\Users\darks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2022-11-15 21:57 - 2022-08-28 21:41 - 000002371 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2022-11-15 21:57 - 2022-08-28 21:41 - 000002330 _____ C:\Users\Public\Desktop\Brave.lnk
2022-11-15 08:06 - 2022-10-18 13:31 - 000000000 ____D C:\Users\darks\AppData\Roaming\Zoom
2022-11-14 15:47 - 2022-08-28 21:10 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2689038970-3992290621-3382473883-1001
2022-11-14 15:47 - 2022-08-28 21:10 - 000003366 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2689038970-3992290621-3382473883-1001
2022-11-14 15:47 - 2022-08-28 21:10 - 000002390 _____ C:\Users\darks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-11-12 03:12 - 2022-08-28 21:01 - 000003612 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA{59EC460E-56C0-4513-B710-315B86B1A8CD}
2022-11-12 03:12 - 2022-08-28 21:01 - 000003488 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore{180BC0F2-3FD5-419D-87CD-99E42585F144}
2022-11-11 12:53 - 2022-08-28 21:10 - 000000000 ___RD C:\Users\darks\OneDrive
2022-11-10 19:22 - 2022-08-29 07:06 - 000001623 _____ C:\WINDOWS\system32\config\VSMIDK
2022-11-10 19:03 - 2022-08-28 21:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2022-11-10 19:02 - 2022-08-28 21:44 - 000000000 ____D C:\Program Files (x86)\Razer Chroma SDK
2022-11-10 17:22 - 2022-08-28 21:12 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-11-10 17:22 - 2022-08-28 21:12 - 000002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-11-10 14:46 - 2022-08-28 21:01 - 000294600 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-11-10 14:45 - 2022-08-28 21:57 - 000000000 ____D C:\WINDOWS\UUS
2022-11-10 14:45 - 2022-08-28 21:57 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2022-11-10 14:45 - 2022-08-28 21:57 - 000000000 ____D C:\WINDOWS\SystemResources
2022-11-10 14:45 - 2022-08-28 21:57 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2022-11-10 14:45 - 2022-08-28 21:57 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2022-11-10 14:45 - 2022-08-28 21:57 - 000000000 ____D C:\WINDOWS\system32\appraiser
2022-11-10 14:45 - 2022-08-28 21:57 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-11-10 14:45 - 2022-08-28 21:57 - 000000000 ____D C:\WINDOWS\ShellComponents
2022-11-10 14:45 - 2022-08-28 21:57 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-11-10 14:29 - 2022-08-28 21:01 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-11-09 06:41 - 2022-08-28 22:08 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-11-09 06:40 - 2022-08-28 22:08 - 146960040 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-11-09 06:35 - 2022-08-28 21:56 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-11-09 06:34 - 2022-08-28 21:04 - 003212288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-11-08 07:41 - 2022-10-06 21:42 - 000000000 ____D C:\_temp
2022-11-08 07:41 - 2022-08-28 21:20 - 000000000 ____D C:\Users\darks\ansel
2022-10-27 23:16 - 2022-10-01 02:42 - 000000000 ____D C:\Users\darks\AppData\Local\Notepad
2022-10-25 16:39 - 2022-08-28 21:57 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2022-10-25 16:37 - 2022-08-28 21:20 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2022-10-25 16:35 - 2022-08-28 21:01 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2022-10-25 16:31 - 2022-08-28 21:20 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2022-10-25 15:22 - 2022-08-28 21:57 - 000000000 ____D C:\WINDOWS\LiveKernelReports
 
==================== Files in the root of some directories ========
 
2022-08-29 21:52 - 2022-09-14 23:44 - 001065984 _____ () C:\Users\darks\AppData\Local\file__0.localstorage
2022-10-29 11:15 - 2022-10-29 11:15 - 000007602 _____ () C:\Users\darks\AppData\Local\Resmon.ResmonCfg
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-11-2022
Ran by darks (22-11-2022 09:59:50)
Running from C:\Users\darks\OneDrive\Desktop
Microsoft Windows 11 Home Version 22H2 22621.819 (X64) (2022-08-29 04:03:49)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-2689038970-3992290621-3382473883-500 - Administrator - Disabled)
darks (S-1-5-21-2689038970-3992290621-3382473883-1001 - Administrator - Enabled) => C:\Users\darks
DefaultAccount (S-1-5-21-2689038970-3992290621-3382473883-503 - Limited - Disabled)
Guest (S-1-5-21-2689038970-3992290621-3382473883-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2689038970-3992290621-3382473883-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
3DMark (HKLM\...\{23759845-E30A-4716-B054-843A28B6F927}) (Version: 2.22.7359.0 - UL) Hidden
3DMark (HKLM-x32\...\{d59513e6-b2d6-45b4-ba61-708b8d91941b}) (Version: 2.22.7359.0 - UL)
ARMOURY CRATE Lite Service (HKLM\...\{EF3944FF-2501-4568-B15C-5701E726719E}) (Version: 5.3.3 - ASUS)
ASUS AIOFan HAL (HKLM\...\{EAE80DED-1A39-41C5-9F60-87CC947F6454}) (Version: 1.1.50.0 - ASUSTek COMPUTER INC.) Hidden
ASUS AIOFan HAL (HKLM-x32\...\{6aabd550-b97f-4b87-8c12-fb271d7c8047}) (Version: 1.1.50.0 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA Extension Card HAL (HKLM\...\{237E1CAC-1708-4940-AC34-DF15C079AB70}) (Version: 1.1.0.18 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Extension Card HAL (HKLM-x32\...\{4e2b05b0-eb08-41e5-9eb3-cdcc43d6bee0}) (Version: 1.1.0.18 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Motherboard HAL (HKLM\...\{4EBEAC95-76BC-46A8-8644-6E2F1C87CF70}) (Version: 1.3.7.0 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Motherboard HAL (HKLM-x32\...\{98ff4518-0cc2-45ec-8152-eeba51c7881a}) (Version: 1.3.7.0 - ASUSTeK COMPUTER INC.) Hidden
ASUS Aura SDK (HKLM\...\{CF8E6E00-9C03-4440-81C0-21FACB921A6B}) (Version: 3.04.19 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA VGA Component (HKLM\...\{71BB96A6-EAC4-45AE-A17D-D3ED43FF1D14}) (Version: 0.0.4.3 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA VGA Component (HKLM-x32\...\{7a0d5159-cb5e-4f66-91f8-bab46f864f14}) (Version: 0.0.4.3 - ASUSTek COMPUTER INC. ) Hidden
ASUS Framework Service (HKLM-x32\...\{339A6383-7862-46DA-8A9D-E84180EF9424}) (Version: 3.1.1.0 - ASUSTeK Computer Inc.)
ASUS Motherboard (HKLM-x32\...\{93795eb8-bd86-4d4d-ab27-ff80f9467b37}) (Version: 3.03.04 - ASUSTek Computer Inc.)
ASUS Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.107.93 - ASUSTeK Computer Inc.) Hidden
AURA DRAM Component (HKLM\...\{6FB66775-BB93-4D0A-9871-4CC9B2E87BF3}) (Version: 1.1.23 - ASUS) Hidden
AURA DRAM Component (HKLM-x32\...\{179f415f-2ff3-4db1-bcc1-d5730f746db8}) (Version: 1.1.23 - ASUS) Hidden
AURA lighting effect add-on (HKLM-x32\...\{1E2EA04B-FCA7-457E-B6F4-F33E1858E859}) (Version: 0.0.24 - ASUS)
AURA lighting effect add-on x64 (HKLM\...\{C5A4A164-4428-4931-B728-96EEF0FA3C44}) (Version: 0.0.24 - ASUS)
AURA Service (HKLM-x32\...\{0760271b-d7d2-407b-a2ec-f17c8ce203c7}) (Version: 3.05.78 - ASUSTeK Computer Inc.)
AURA Service (HKLM-x32\...\{0E536061-3B55-4D45-BF58-0BDA261C94B0}) (Version: 3.05.78 - ASUSTeK Computer Inc.) Hidden
Black Desert (HKLM-x32\...\BlackDesert_NA_is1) (Version: 22.08.23.1 - PearlAbyss Corp.)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 107.1.45.127 - Brave Software Inc)
CORSAIR iCUE 4 Software (HKLM\...\{37449C06-3EEB-4900-A331-3BD3D9D364CC}) (Version: 4.28.177 - Corsair)
CPUID ASUS CPU-Z 1.97 (HKLM\...\CPUID ASUS CPU-Z_is1) (Version: 1.97 - CPUID, Inc.)
Discord (HKU\S-1-5-21-2689038970-3992290621-3382473883-1001\...\Discord) (Version: 1.0.9006 - Discord Inc.)
Dynamic Application Loader Host Interface Service (HKLM\...\{B8F67CAD-D16A-4AC8-B4F1-3AE8A9FF22F5}) (Version: 1.0.0.0 - Intel Corporation) Hidden
ENE RGB HAL (HKLM\...\{E050E98C-5524-4AFB-9E53-97700BEF2C02}) (Version: 1.1.40.3 - Ene Tech.) Hidden
ENE RGB HAL (HKLM-x32\...\{7f329536-2468-4b20-88dc-5e2defcd5ff3}) (Version: 1.1.40.3 - Ene Tech.) Hidden
ENE_EHD_M2_HAL (HKLM\...\{37A48B7F-D4EA-4863-844E-A284E2AA3C5D}) (Version: 1.0.9.12 - ENE TECHNOLOGY INC.) Hidden
ENE_EHD_M2_HAL (HKLM-x32\...\{97f3a665-a91b-4def-91e2-97fec9f22bfa}) (Version: 1.0.9.12 - ENE TECHNOLOGY INC.) Hidden
Futuremark SystemInfo (HKLM-x32\...\{82A27EBD-F221-43DB-A7CB-89C5D1497B30}) (Version: 5.51.1126.0 - Futuremark)
GameSDK Service (HKLM-x32\...\{021d69c3-d686-4a94-8fb5-fd1ee782fb14}) (Version: 1.0.5.0 - ASUSTek COMPUTER INC.)
GameSDK Service (HKLM-x32\...\{7160DA8D-3F25-4F6E-ABC8-F693551D82FA}) (Version: 1.0.5.0 - ASUSTek COMPUTER INC.) Hidden
Geeks3D FurMark 1.31.0.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: 1.31.0.0 - Geeks3D)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 107.0.5304.107 - Google LLC)
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
Intel® Chipset Device Software (HKLM\...\{C6A1126A-6ED6-4231-BA48-4DA77986FA1C}) (Version: 10.1.18950.8298 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{db747e10-c752-4e5a-b099-922800123b36}) (Version: 10.1.18950.8298 - Intel® Corporation)
Intel® Management Engine Components (HKLM\...\{1B2B12B8-AE77-4104-97FE-904274D21B6C}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2230.3.19.0 - Intel Corporation)
Intel® Management Engine Driver (HKLM\...\{5F953BF8-C54E-4335-B7C9-873508D2CE1A}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® ME WMI Provider (HKLM\...\{2D7D4B84-FDD2-42BC-9B5B-ADAB4E31AC5E}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Serial IO (HKLM\...\{8BB1B6E6-25C3-4B53-A8C4-4EB25E1FD1AB}) (Version: 30.100.2221.20 - Intel Corporation) Hidden
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.2221.20 - Intel Corporation)
Kingston AURA DRAM Component (HKLM\...\{965CDF5F-901C-476F-B3A8-7396701B1129}) (Version: 1.1.16 - KINGSTON COMPONENTS INC.) Hidden
Kingston AURA DRAM Component (HKLM-x32\...\{39014df0-ccd5-4c61-8e9d-836af9ef56fd}) (Version: 1.1.16 - KINGSTON COMPONENTS INC.) Hidden
Malwarebytes version 4.5.17.221 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.17.221 - Malwarebytes)
Microsoft .NET Host - 5.0.14 (x64) (HKLM\...\{61A6E3A7-F406-418A-B2A6-0606DB55B325}) (Version: 40.56.30907 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.14 (x64) (HKLM\...\{8D88F0E2-CE9B-4A6D-8309-FDC562195F5B}) (Version: 40.56.30907 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.14 (x64) (HKLM\...\{B810ACDF-1C0C-4108-9B92-12F1674FA444}) (Version: 40.56.30907 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 107.0.1418.52 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 107.0.1418.52 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2689038970-3992290621-3382473883-1001\...\OneDriveSetup.exe) (Version: 22.225.1026.0001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30133 (HKLM-x32\...\{38b2c744-ad08-4d5b-91a2-3fb6f739ff3e}) (Version: 14.29.30133.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.30.30708 (HKLM-x32\...\{ee198d9f-cfe1-4f8a-bf5f-7b1be355b63d}) (Version: 14.30.30708.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.29.30133 (HKLM-x32\...\{42667D2E-B054-46C1-9D46-2EE1332C14C1}) (Version: 14.29.30133 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.29.30133 (HKLM-x32\...\{EC9807DE-B577-47B1-A024-0251805ACF24}) (Version: 14.29.30133 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.30.30708 (HKLM\...\{12A2980B-E47B-491B-92F5-0BC703841ED4}) (Version: 14.30.30708 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.30.30708 (HKLM\...\{AE043016-3897-41D4-870B-1DAEE62CF152}) (Version: 14.30.30708 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 5.0.14 (x64) (HKLM\...\{4CD6FFC6-FA14-4016-A7A6-B7E3D6286331}) (Version: 40.56.30911 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 5.0.14 (x64) (HKLM-x32\...\{d21a4f20-968a-4b0c-bf04-a38da5f06e41}) (Version: 5.0.14.30911 - Microsoft Corporation)
MSI Afterburner 4.6.5 Beta 2 (HKLM-x32\...\Afterburner) (Version: 4.6.5 Beta 2 - MSI Co., LTD)
NVIDIA FrameView SDK 1.3.8107.31782123 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8107.31782123 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.26.0.154 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.26.0.154 - NVIDIA Corporation)
NVIDIA Graphics Driver 526.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 526.98 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.39.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.39.16 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
Patriot Viper DRAM RGB (HKLM\...\{1F9C282E-CCB4-4D8E-A5CB-7B74DFCD8C95}) (Version: 1.0.9.5 - Patriot Memory) Hidden
Patriot Viper DRAM RGB (HKLM-x32\...\{31850f16-ce9f-4dec-81ca-222c617a9115}) (Version: 1.0.9.5 - Patriot Memory) Hidden
Patriot Viper M2 SSD RGB (HKLM\...\{8B4C0A3D-C135-4E1F-98D8-3926494B4D61}) (Version: 1.1.0.2 - Patriot Memory) Hidden
Patriot Viper M2 SSD RGB (HKLM-x32\...\{959e5696-0edd-4896-b1d8-54aaa725f770}) (Version: 1.1.0.2 - Patriot Memory) Hidden
PHISON HAL (HKLM\...\{966E33F0-6786-4B38-AA29-C1B3F6C1955D}) (Version: 1.0.9.0 - PHISON Electronics Corp.) Hidden
PHISON HAL (HKLM-x32\...\{549da357-1b81-456b-83f2-dcc47c41dfff}) (Version: 1.0.9.0 - PHISON Electronics Corp.) Hidden
Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.7.1103.110716 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.50.511.2021 - Realtek)
ROG FAN XPERT 4 (HKLM-x32\...\{2dfe216d-3481-4684-ad4d-2566bd7cfe4f}) (Version: 2.02.02 - ASUSTek Computer Inc.)
ROG Live Service (HKLM-x32\...\{2D87BFB6-C184-4A59-9BBE-3E20CE797631}) (Version: 1.6.4.0 - ASUSTek COMPUTER INC.)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 7.2.0.930 - Samsung Electronics)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
SpywareBlaster 6.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 6.0.0 - BrightFort LLC)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 10.0.1246 - SUPERAntiSpyware.com)
UCheck version 4.5.0.0 (HKLM\...\C4E7EE54-826F-41C4-BE3C-375CC70DC1D8_is1) (Version: 4.5.0.0 - Adlice Software)
Universal Holtek RGB DRAM (HKLM\...\{826388E4-E31F-4514-948B-3BB954FB3EAF}) (Version: 1.0.0.4 - PD) Hidden
Universal Holtek RGB DRAM (HKLM-x32\...\{c8b4688a-f5d4-4236-aec4-df260a88ccc4}) (Version: 1.0.0.4 - PD) Hidden
WD_BLACK AN1500 (HKLM\...\{085E2365-0A70-4230-B664-02D5E4FE7E9C}) (Version: 1.0.14.0 - ENE TECHNOLOGY INC.) Hidden
WD_BLACK AN1500 (HKLM-x32\...\{e42c5874-37b0-4977-9e8d-70bf006e1f76}) (Version: 1.0.14.0 - ENE TECHNOLOGY INC.) Hidden
Zoom (HKU\S-1-5-21-2689038970-3992290621-3382473883-1001\...\ZoomUMX) (Version: 5.12.8 (10232) - Zoom Video Communications, Inc.)
 
Packages:
=========
ARMOURY CRATE -> C:\Program Files\WindowsApps\B9ECED6F.ArmouryCrate_5.3.4.0_x64__qmba6cd70vzyy [2022-09-28] (ASUSTeK COMPUTER INC.)
Cinebench -> C:\Program Files\WindowsApps\MAXONComputerGmbH.Cinebench_23.2.0.0_x64__rsne5bsk8s7tj [2022-08-29] (MAXON Computer GmbH)
Clipchamp -> C:\Program Files\WindowsApps\Clipchamp.Clipchamp_2.5.5.0_neutral__yxz26nhyzhsrt [2022-11-17] (Microsoft Corp.)
Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_1.42.5.0_x64__6rarf9sa4v8jt [2022-11-17] (Disney)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.15.667.0_x64__rz1tebttyb220 [2022-11-05] (Dolby Laboratories)
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_19.0.1034.0_x64__8j3eq9eme6ctt [2022-10-10] (INTEL CORP)
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.37.0_x64__8wekyb3d8bbwe [2022-11-13] (Microsoft Corp.)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.14.9130.0_x64__8wekyb3d8bbwe [2022-09-16] (Microsoft Studios) [MS Ad]
ms-resource:app_name_ms_todo -> C:\Program Files\WindowsApps\Microsoft.Todos_2.83.53132.0_x64__8wekyb3d8bbwe [2022-11-17] (Microsoft Corporation) [Startup Task]
ms-resource:APP_WINDOW_NAME -> C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.9.0_x64__8wekyb3d8bbwe [2022-09-02] (Microsoft Corp.)
ms-resource:AppStoreName -> C:\Program Files\WindowsApps\Microsoft.RawImageExtension_2.1.32791.0_x64__8wekyb3d8bbwe [2022-11-10] (Microsoft Corporation)
ms-resource:AppxManifest_DisplayName -> C:\Windows\SystemApps\Microsoft.Windows.PrintQueueActionCenter_cw5n1h2txyewy [2022-08-28] (Microsoft Corporation)
ms-resource:ProductPkgDisplayName -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.Core_cw5n1h2txyewy [2022-11-10] (ms-resource:ProductPublisherDisplayName)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.963.0_x64__56jybvy8sckqj [2022-11-17] (NVIDIA Corp.)
Power Automate -> C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_10.0.5148.0_x64__8wekyb3d8bbwe [2022-11-17] (Microsoft Corporation) [Startup Task]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-08-28] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_009debfbd2e1619b\nvshext.dll [2022-11-14] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-08-28] (Malwarebytes Inc. -> Malwarebytes)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2022-11-01 06:33 - 2022-11-01 06:33 - 000433664 _____ ( Bohemia Interactive) [File not signed] [File is in use] C:\Program Files (x86)\Steam\steamapps\common\Arma 3\Launcher\SteamLayerWrap.dll
2022-10-23 22:03 - 2022-08-08 20:52 - 001427968 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.Core.Runtime.dll
2022-10-06 21:33 - 2022-09-01 08:47 - 000522240 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\ac_node_addon\prebuilds\win32-ia32\node.napi.node
2022-10-06 21:33 - 2022-09-01 08:47 - 000520192 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\ffi-napi\prebuilds\win32-ia32\node.napi.node
2022-10-06 21:33 - 2022-09-01 08:47 - 000483328 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\node-system-fonts\build\Release\system-fonts.node
2022-10-06 21:33 - 2022-09-01 08:47 - 000510464 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\ref-napi\prebuilds\win32-ia32\node.napi.node
2022-10-06 21:33 - 2022-09-01 08:47 - 000786432 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\usb-detection\prebuilds\win32-ia32\node.napi.node
2022-10-06 21:33 - 2022-06-08 09:33 - 000081920 _____ () [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\WindowID\WindowID.dll
2022-09-13 23:34 - 2022-09-13 23:34 - 000232960 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2022-09-13 23:34 - 2022-09-13 23:34 - 000057344 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2022-09-13 23:35 - 2022-09-13 23:35 - 000668672 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2022-09-13 23:34 - 2022-09-13 23:34 - 000074240 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2022-09-13 23:34 - 2022-09-13 23:34 - 000371712 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2022-10-11 07:15 - 2022-09-01 19:13 - 002566656 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung Magician\ffmpeg.dll
2022-10-11 07:15 - 2022-09-01 19:13 - 000357888 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung Magician\libegl.dll
2022-10-11 07:15 - 2022-09-01 19:13 - 006829568 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung Magician\libglesv2.dll
2022-10-11 07:15 - 2022-09-01 19:13 - 000097280 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung Magician\resources\app\dist\magutils-napi.node
2022-10-11 07:15 - 2022-09-01 19:13 - 000087040 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung Magician\resources\app\dist\magvibrancy-napi.node
2022-10-11 07:15 - 2022-09-01 19:13 - 000564736 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung Magician\resources\app\dist\uimpewrapper-napi.node
2022-09-14 20:38 - 2022-11-09 23:19 - 134859776 _____ () [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libcef.dll
2022-09-14 20:38 - 2022-11-07 03:17 - 000387072 _____ () [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libegl.dll
2022-09-14 20:38 - 2022-11-07 03:17 - 008052736 _____ () [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libglesv2.dll
2022-11-01 06:33 - 2022-11-01 06:33 - 001111040 _____ (Bohemia Interactive) [File not signed] C:\Program Files (x86)\Steam\steamapps\common\Arma 3\Launcher\SteamLayer.dll
2022-07-14 08:44 - 2022-07-14 08:44 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files\Corsair\CORSAIR iCUE 4 Software\SiUSBXp.dll
2022-09-14 20:38 - 2022-11-07 03:17 - 000992256 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\chrome_elf.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [136]
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HidSpiCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TextInputManagementService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{5099944A-F6B9-4057-A056-8C550228544C} => ""="Memory"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{5099944A-F6B9-4057-A056-8C550228544C} => "SafeBootDrivers"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HidSpiCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TextInputManagementService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-2689038970-3992290621-3382473883-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2689038970-3992290621-3382473883-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2689038970-3992290621-3382473883-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2689038970-3992290621-3382473883-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2689038970-3992290621-3382473883-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2689038970-3992290621-3382473883-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2689038970-3992290621-3382473883-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2689038970-3992290621-3382473883-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2689038970-3992290621-3382473883-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2689038970-3992290621-3382473883-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2689038970-3992290621-3382473883-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2689038970-3992290621-3382473883-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2689038970-3992290621-3382473883-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2689038970-3992290621-3382473883-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2689038970-3992290621-3382473883-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2689038970-3992290621-3382473883-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2689038970-3992290621-3382473883-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2689038970-3992290621-3382473883-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2689038970-3992290621-3382473883-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2689038970-3992290621-3382473883-1001\...\1001movie.com -> 1001movie.com
 
There are 6091 more sites.
 
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2022-08-28 21:57 - 2022-08-28 21:57 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Razer Chroma SDK\bin;C:\Program Files\Razer Chroma SDK\bin;C:\Program Files (x86)\Razer\ChromaBroadcast\bin;C:\Program Files\Razer\ChromaBroadcast\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\dotnet\;C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\WindowsApps;;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-21-2689038970-3992290621-3382473883-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\themea\img20.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKU\S-1-5-21-2689038970-3992290621-3382473883-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2689038970-3992290621-3382473883-1001\...\StartupApproved\Run: => "Discord"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{EC7669C2-12C9-4ED3-AEDD-9C3B1AC90793}] => (Allow) C:\Users\darks\AppData\Local\Packages\B9ECED6F.ArmouryCrate_qmba6cd70vzyy\LocalState\GridUpdateFile\ASUSGCDriverUpdateClient.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
FirewallRules: [{01EDB3ED-7602-42A5-85BB-95C2A7D05945}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{5CCEC272-2C1D-48B9-8152-5177B76F89E9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{157D6DFE-7D1D-48E2-A376-E89D633BE54D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{CB40B2F5-D8AF-40EF-995A-7910A1970A4C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{F83274E4-C344-47F0-AAB1-A96E5BCDD424}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 3\OakGame\Binaries\Win64\Borderlands3.exe (Gearbox Software, L.L.C. -> Gearbox Software)
FirewallRules: [{8633DF21-1629-47B0-9733-61CDB043A059}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 3\OakGame\Binaries\Win64\Borderlands3.exe (Gearbox Software, L.L.C. -> Gearbox Software)
FirewallRules: [{DBD93748-478F-429C-9420-6DED01BA2502}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
FirewallRules: [{0E3D961C-2C79-4506-8994-4941018E2F5A}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe (ASUSTeK COMPUTER INC. -> ASUS)
FirewallRules: [{19FC2251-2DEA-4EC5-84DC-3E880F6B80A2}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmouryHtmlDebugServer.exe (ASUSTeK COMPUTER INC. -> ASUS)
FirewallRules: [{B5FBA0F1-D4DC-4A6F-9A8B-88FC5A6FB1CC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{B692643C-15D5-4DE4-B723-22E7711135CB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{111608E8-0819-431D-92B7-E1D1A78FF919}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{9DC40977-5850-4D95-9237-C0D68452C405}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{DCB67A14-90C0-4C17-B2F9-BBC55A791026}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{3482EB24-EC6B-4F1A-8D3A-BCB70AD794A3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{CF43577B-FCF7-4AFC-941B-3E46A23B916E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe (BOHEMIA INTERACTIVE a.s. -> Bohemia Interactive)
FirewallRules: [{2AD19F4F-65DE-458D-9BB7-DF4DE6E6C860}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe (BOHEMIA INTERACTIVE a.s. -> Bohemia Interactive)
FirewallRules: [{4A7A8B97-6FA3-411A-AFFA-5FCF4AD1BD6F}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{76E8720E-23B1-4E6E-975D-12683BA28629}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22287.702.1670.9453_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4343CCFB-1E6A-45A3-844D-D27255F31320}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22287.702.1670.9453_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DAD65AC8-CFF2-4560-AB45-977D912EAE35}] => (Allow) C:\Users\darks\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{01E64D26-8A3F-4539-B8B7-B1A16BF2DEDF}] => (Allow) C:\Users\darks\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{EEA86205-B978-4B32-A598-993E0099087D}] => (Allow) C:\Users\darks\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{25119D68-2B31-453C-A26A-94328A66875A}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{EFB6C9D8-9748-4A55-AF03-D432A6FD1B13}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlanetSide 2\LaunchPad.exe (Daybreak Game Company LLC -> Daybreak Game Company)
FirewallRules: [{5CE8A723-019A-4DA4-949B-90D81C680D8C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlanetSide 2\LaunchPad.exe (Daybreak Game Company LLC -> Daybreak Game Company)
FirewallRules: [{C0FAA0D1-3D3F-4C23-B9D2-7FA411E08E14}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\StateOfDecay2\StateOfDecay2\Binaries\Win64\StateOfDecay2-Win64-Shipping.exe (Undead Labs, LLC) [File not signed]
FirewallRules: [{2793E149-F24C-4E08-99E3-D121405936BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\StateOfDecay2\StateOfDecay2\Binaries\Win64\StateOfDecay2-Win64-Shipping.exe (Undead Labs, LLC) [File not signed]
FirewallRules: [{F1564FF7-7882-4E0C-825F-A3C48121781D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{526834AD-A24D-4DAF-950A-762D5F90DC7F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{356785C5-A83D-490A-A36C-0ACD0EB1C740}C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe (BOHEMIA INTERACTIVE a.s. -> Bohemia Interactive)
FirewallRules: [UDP Query User{D935C524-BC15-4405-80EC-6C11B61C3E2B}C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe (BOHEMIA INTERACTIVE a.s. -> Bohemia Interactive)
FirewallRules: [{C4080031-10F0-4090-A4AC-2AC3B561278B}] => (Block) C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe (BOHEMIA INTERACTIVE a.s. -> Bohemia Interactive)
FirewallRules: [{A261F72B-6397-4254-AB4C-60E0433BE462}] => (Block) C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe (BOHEMIA INTERACTIVE a.s. -> Bohemia Interactive)
FirewallRules: [{94B7043C-91ED-4A64-A8E2-F4BC1BFA25C7}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\107.0.1418.52\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
17-11-2022 18:37:02 Installed AiSuiteSDK
20-11-2022 19:00:06 Windows Backup
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (11/22/2022 06:58:04 AM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY)
Description: The program BlackDesert64.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Error: (11/20/2022 09:52:55 PM) (Source: Application Error) (EventID: 1000) (User: DOHNOVAN)
Description: Faulting application name: arma3_x64.exe, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x0000000000000000
Faulting process id: 0x0x5740
Faulting application start time: 0x0x1d8fd2e90b51514
Faulting application path: C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3_x64.exe
Faulting module path: unknown
Report Id: 66557f86-19c8-4fac-a6d6-84b94d3dbbb8
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (11/10/2022 07:22:13 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
Error: (11/10/2022 07:01:54 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Razer Synapse 3.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Win32Exception
   at MS.Win32.HwndWrapper.DestroyWindow(System.Object)
   at MS.Win32.HwndWrapper.Dispose(Boolean, Boolean)
   at MS.Win32.HwndWrapper.Dispose()
   at System.Windows.Interop.HwndSource.Dispose(Boolean)
   at System.Windows.Interop.HwndSource+WeakEventDispatcherShutdown.OnShutdownFinished(System.Object, System.EventArgs)
   at System.EventHandler.Invoke(System.Object, System.EventArgs)
   at System.Windows.Threading.Dispatcher.ShutdownImplInSecurityContext(System.Object)
   at MS.Internal.CulturePreservingExecutionContext.CallbackWrapper(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.Dispatcher.ShutdownImpl()
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at Razer.Synapse3.App.Main()
 
Error: (11/10/2022 02:45:06 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
Error: (11/10/2022 02:45:06 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
Error: (11/10/2022 02:45:06 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
Error: (10/31/2022 05:42:33 AM) (Source: Application Error) (EventID: 1000) (User: DOHNOVAN)
Description: Faulting application name: OneDrive.exe, version: 22.207.1002.3, time stamp: 0xd385ba85
Faulting module name: KERNELBASE.dll, version: 10.0.22621.608, time stamp: 0x4769d08d
Exception code: 0x80000003
Fault offset: 0x0000000000107e42
Faulting process id: 0x0x2ebc
Faulting application start time: 0x0x1d8ed263ad3688b
Faulting application path: C:\Users\darks\AppData\Local\Microsoft\OneDrive\OneDrive.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 7b5ae0bd-df7c-46e3-85e4-7f018847e647
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (11/20/2022 08:29:50 PM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: NT AUTHORITY)
Description: Filter Manager failed to attach to volume '\Device\HarddiskVolume16'.  This volume will be unavailable for filtering until a reboot.  The final status was 0xc03a001c.
 
Error: (11/20/2022 08:29:50 PM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: NT AUTHORITY)
Description: Filter Manager failed to attach to volume '\Device\HarddiskVolume16'.  This volume will be unavailable for filtering until a reboot.  The final status was 0xc03a001c.
 
Error: (11/20/2022 07:22:46 PM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: NT AUTHORITY)
Description: Filter Manager failed to attach to volume '\Device\HarddiskVolume14'.  This volume will be unavailable for filtering until a reboot.  The final status was 0xc03a001c.
 
Error: (11/20/2022 07:22:46 PM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: NT AUTHORITY)
Description: Filter Manager failed to attach to volume '\Device\HarddiskVolume14'.  This volume will be unavailable for filtering until a reboot.  The final status was 0xc03a001c.
 
Error: (11/19/2022 05:54:49 PM) (Source: DCOM) (EventID: 10010) (User: DOHNOVAN)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.
 
Error: (11/19/2022 05:52:57 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:26:07 PM on ‎11/‎19/‎2022 was unexpected.
 
Error: (11/17/2022 07:27:57 PM) (Source: DCOM) (EventID: 10010) (User: DOHNOVAN)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.
 
Error: (11/17/2022 06:27:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 6000 milliseconds: Restart the service.
 
 
Windows Defender:
================
Date: 2022-11-21 21:44:23
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2022-11-20 21:57:37
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2022-11-17 17:42:49
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2022-11-16 15:22:45
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2022-11-15 17:04:37
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===============
Date: 2022-10-07 19:46:00
Description: 
Code Integrity determined that a process (System) attempted to load \Device\HarddiskVolume4\Users\darks\AppData\Local\Temp\ehdrv.sys that is not compatible with hypervisor enforcement. Failure bitmap 0x1. Status 0xC00000BB.
 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. 2003 08/25/2022
Motherboard: ASUSTeK COMPUTER INC. PRIME Z690-P WIFI D4
Processor: 12th Gen Intel® Core™ i5-12600K
Percentage of memory in use: 35%
Total physical RAM: 32505.87 MB
Available physical RAM: 20924.04 MB
Total Virtual: 34553.87 MB
Available Virtual: 20003.79 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:1862.32 GB) (Free:1351.32 GB) (Model: Samsung SSD 970 EVO Plus 2TB) NTFS
Drive d: (Big Storage) (Fixed) (Total:3726.01 GB) (Free:2695.64 GB) (Model: ST4000DM004-2U9104) NTFS
 
\\?\Volume{e5a61c5d-cbc2-42f0-b2c6-a6e1afb8c575}\ (Recovery) (Fixed) (Total:0.59 GB) (Free:0.08 GB) NTFS
\\?\Volume{6e41b33a-5059-40e2-a80a-5a92aeb7dd9c}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Protective MBR) (Size: 3726 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: EEBCEB81)
 
Partition: GPT.
 
==================== End of Addition.txt =======================
 

  • 0

Advertisements


#2
Dohnovan

Dohnovan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts

I'm having issues accessing the website for some reason, it's saying that the website attempted to redirect me too many times.


  • 0

#3
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,687 posts

Hi, Dohnovan.

I will be assisting you regarding your computer's issues. Here, we will check your computer for malware.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.

 

 

=================

 

Letting you know that it is late now for me and I'll review the logs tomorrow. My time zone: CET +1.


  • 0

#4
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,687 posts

Your logs are clean.
 
Have you changed your account's password? Please do so if you haven't already done.
 
Just a few things to address, as well as an online scan, just to be sure you are clean:
 
 
1. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Task: {D7885ADC-510B-4493-A94F-DD191FC59BDB} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe (No File)
Task: {F958EC2B-4A1F-4093-827E-21FDC182764B} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\WINDOWS\system32\MusNotification.exe (No File)
S3 BraveElevationService; "C:\Program Files\BraveSoftware\Brave-Browser\Application\107.1.45.127\elevation_service.exe" [X]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [136]
FirewallRules: [{01E64D26-8A3F-4539-B8B7-B1A16BF2DEDF}] => (Allow) C:\Users\darks\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{EEA86205-B978-4B32-A598-993E0099087D}] => (Allow) C:\Users\darks\AppData\Roaming\Zoom\bin\airhost.exe => No File
EmptyTemp:
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.

 

2. Eset Online Scan

Download ESET Online Scanner and save it to your desktop.

  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

 

 

In your next reply please post:

  1. The fixlog.txt
  2. The eset.txt

 


  • 0

#5
Dohnovan

Dohnovan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts

Hello, I can't access the website on google chrome. I tried brave and it's letting me access the website.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 18-11-2022
Ran by darks (24-11-2022 15:29:23) Run:1
Running from C:\Users\darks\OneDrive\Desktop
Loaded Profiles: darks
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Task: {D7885ADC-510B-4493-A94F-DD191FC59BDB} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe (No File)
Task: {F958EC2B-4A1F-4093-827E-21FDC182764B} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\WINDOWS\system32\MusNotification.exe (No File)
S3 BraveElevationService; "C:\Program Files\BraveSoftware\Brave-Browser\Application\107.1.45.127\elevation_service.exe" [X]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [136]
FirewallRules: [{01E64D26-8A3F-4539-B8B7-B1A16BF2DEDF}] => (Allow) C:\Users\darks\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{EEA86205-B978-4B32-A598-993E0099087D}] => (Allow) C:\Users\darks\AppData\Roaming\Zoom\bin\airhost.exe => No File
EmptyTemp:
End::
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Edge => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D7885ADC-510B-4493-A94F-DD191FC59BDB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7885ADC-510B-4493-A94F-DD191FC59BDB}" => removed successfully
C:\WINDOWS\System32\Tasks\ASUS\P508PowerAgent_sdk => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS\P508PowerAgent_sdk" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F958EC2B-4A1F-4093-827E-21FDC182764B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F958EC2B-4A1F-4093-827E-21FDC182764B}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
HKLM\System\CurrentControlSet\Services\BraveElevationService => removed successfully
BraveElevationService => service removed successfully
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{01E64D26-8A3F-4539-B8B7-B1A16BF2DEDF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EEA86205-B978-4B32-A598-993E0099087D}" => removed successfully
 
=========== EmptyTemp: ==========
 
FlushDNS => completed
BITS transfer queue => 1572864 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 23531312 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 975070500 B
Windows/system/drivers => 23878222 B
Edge => 0 B
Chrome => 875898223 B
Brave => 16076869 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 66158 B
LocalService => 187954 B
NetworkService => 514642 B
darks => 152217163 B
 
RecycleBin => 59972283 B
EmptyTemp: => 2 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 15:29:50 ====
 
 
11/24/2022 17:09:07 PM
Files scanned: 316780
Detected files: 0
Cleaned files: 0
Total scan time: 00:29:09
Scan status: Finished

  • 0

#6
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,687 posts

Everything seems fine.

 

Do you have any remaining issue/question/concern? 


  • 0

#7
Dohnovan

Dohnovan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts

Thank you for your help! I hope you had a wonderful Thanksgiving. Do you have any clue how my password could have been compromised? Tell everyone that offers their free help on this website I said happy Thanksgiving, I don't have any other things I need help with.


Edited by Dohnovan, 26 November 2022 - 01:43 PM.

  • 0

#8
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,687 posts

You are very welcome, Dohnovan, and I'm glad we could help.
 

Do you have any clue how my password could have been compromised?

 
Unfortunately, this happens. That's why we need to take our measures, to be safe. I'll give you some tips about that, in my next reply.

 

For now:


The following tool will remove the tools we used as well as reset system restore points:

Download KpRm by kernel-panik and save it to your desktop.

  • Right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.

  • 0

#9
Dohnovan

Dohnovan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts

I usually keep frst64 and eset on my pc. I scan my pc with eset every once in awhile, and I keep frst64 incase I need to come on here and make a thread.


  • 0

#10
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,687 posts

I usually keep frst64 and eset on my pc. I scan my pc with eset every once in awhile, and I keep frst64 incase I need to come on here and make a thread.

 

Hi, Dohnovan. These tools are getting updates very often, so every time you will need them you must download the latest version. So there is no need to keep them on your computer. 


  • 0

#11
Dohnovan

Dohnovan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
# Run at 11/27/2022 9:41:25 PM
# KpRm (Kernel-panik) version 2.10.0
# Run by darks from C:\Users\darks\OneDrive\Desktop
# Computer Name: DOHNOVAN
# OS: Unsupported OS X64 (22621) 
# Number of passes: 1
 
- Checked options -
 
    ~ Registry Backup
    ~ Delete Tools
    ~ Restore System Settings
    ~ UAC Restore
    ~ Delete Restore Points
    ~ Create Restore Point
    ~ Delete Quarantines
 
- Create Registry Backup -
 
   ~ [OK] Hive C:\WINDOWS\System32\config\SOFTWARE backed up
   ~ [OK] Hive C:\Users\darks\NTUSER.dat backed up
 
     [OK] Registry Backup: C:\KPRM\backup\2022-11-27-21-41-25
 
- Delete Tools -
 
 
  ## ESET Online Scanner
     [OK] C:\Users\darks\OneDrive\Desktop\ESET Online Scanner.lnk deleted
     [OK] C:\Users\darks\Downloads\esetonlinescanner.exe deleted
     [OK] C:\Users\darks\AppData\Local\ESET\ESETOnlineScanner deleted
 
  ## FRST
     [OK] C:\Users\darks\OneDrive\Desktop\Addition.txt deleted
     [OK] C:\Users\darks\OneDrive\Desktop\Fixlog.txt deleted
     [OK] C:\Users\darks\OneDrive\Desktop\FRST-OlderVersion deleted
     [OK] C:\Users\darks\OneDrive\Desktop\FRST.txt deleted
     [OK] C:\Users\darks\OneDrive\Desktop\FRST64.exe deleted
     [OK] C:\FRST deleted
 
  ## Malwarebytes Anti-Rootkit
     [OK] C:\Users\darks\Downloads\mbar-1.10.3.1001.exe deleted
 
- Restore System Settings -
 
     [OK] Reset WinSock
     [OK] FLUSHDNS
     [OK] Hide Hidden file.
     [OK] Show Extensions for known file types
     [OK] Hide protected operating system files
 
- Restore UAC -
 
     [OK] Set EnableLUA with default (1) value
     [OK] Set ConsentPromptBehaviorAdmin with default (5) value
     [OK] Set ConsentPromptBehaviorUser with default (3) value
     [OK] Set EnableInstallerDetection with default (0) value
     [OK] Set EnableSecureUIAPaths with default (1) value
     [OK] Set EnableUIADesktopToggle with default (0) value
     [OK] Set EnableVirtualization with default (1) value
     [OK] Set FilterAdministratorToken with default (0) value
     [OK] Set PromptOnSecureDesktop with default (1) value
     [OK] Set ValidateAdminCodeSignatures with default (0) value
 
- Clear Restore Points -
 
   ~ [OK] RP named Installed AiSuiteSDK created at 11/18/2022 01:37:02 deleted
   ~ [OK] RP named Windows Backup created at 11/21/2022 02:00:06 deleted
   ~ [OK] RP named Restore Point Created by FRST created at 11/24/2022 22:29:28 deleted
   ~ [OK] RP named Windows Backup created at 11/28/2022 02:00:14 deleted
     [OK] All system restore points have been successfully deleted
 
- Create Restore Point -
 
     [OK] System Restore Point created
 
- Display System Restore Point -
 
   ~ [I] RP named KpRm created at 11/28/2022 04:41:45
 
-- KPRM finished in 28.02s --

  • 0

#12
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,687 posts

Excellent!

 

I'll mark the topic as solved. 

 

I'm glad we could help. :)


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP