Downloaded and Ran Exe from Discord, Unsure if Spyware Leftover | #firefox | #chrome | #microsoftedge

I feel for a Discord phishing scam by clicking on a link and downloading an exe, then running it. I already uninstalled and reinstalled Discord after cleaning out both of it’s appdata folders. I also already uninstalled Chrome and reinstalled it, again deleting folders. I know I got hacked somehow initially because my Discord account is stolen. I am working with Discord to get it back. I’m here to see if everything is indeed cleaned up because I’m honestly scared.

I ended up getting Kaspersky Total Security and their VPN because of it.
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-10-2021

Ran by CuddleCactus (administrator) on CUDDLECACTUS (MSI MS-7977) (13-10-2021 22:44:46)

Running from E:UsersTkureDownloads

Loaded Profiles: CuddleCactus

Platform: Microsoft Windows 10 Pro Version 21H1 19043.1288 (X64) Language: English (United States)

Default browser: Chrome

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:Program Files (x86)CorsairCORSAIR iCUE SoftwareCorsair.Service.exe

(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:Program Files (x86)CorsairCORSAIR iCUE SoftwareCueLLAccessService.exe

(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:Program Files (x86)CorsairCORSAIR iCUE SoftwareiCUE.exe

(Discord Inc. -> Discord Inc.) C:UsersTkureAppDataLocalDiscordapp-1.0.9003Discord.exe <6>

(F.lux Software LLC -> f.lux Software LLC) C:UsersTkureAppDataLocalFluxSoftwareFluxflux.exe

(Google LLC -> Google LLC) C:Program FilesGoogleChromeApplicationchrome.exe <41>

(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:Program Files (x86)IntelIntel® Management Engine ComponentsLMSLMS.exe

(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositorydal.inf_amd64_ffc75848a6342fdfjhi_service.exe

(Kaspersky Lab JSC -> AO Kaspersky Lab) C:Program Files (x86)Kaspersky LabKaspersky Password Manager 9.0.2kpm.exe

(Kaspersky Lab JSC -> AO Kaspersky Lab) C:Program Files (x86)Kaspersky LabKaspersky Password Manager 9.0.2kpm_isolation.exe

(Kaspersky Lab JSC -> AO Kaspersky Lab) C:Program Files (x86)Kaspersky LabKaspersky Password Manager 9.0.2kpm_service.exe

(Kaspersky Lab JSC -> AO Kaspersky Lab) C:Program Files (x86)Kaspersky LabKaspersky Password Manager 9.0.2transport_proxy.exe

(Kaspersky Lab JSC -> AO Kaspersky Lab) C:Program Files (x86)Kaspersky LabKaspersky Total Security 21.3avp.exe

(Kaspersky Lab JSC -> AO Kaspersky Lab) C:Program Files (x86)Kaspersky LabKaspersky Total Security 21.3avpui.exe

(Kaspersky Lab JSC -> AO Kaspersky Lab) C:Program Files (x86)Kaspersky LabKaspersky Total Security 21.3plugins_nms.exe

(Kaspersky Lab JSC -> AO Kaspersky Lab) C:Program Files (x86)Kaspersky LabKaspersky VPN 5.3ksde.exe

(Kaspersky Lab JSC -> AO Kaspersky Lab) C:Program Files (x86)Kaspersky LabKaspersky VPN 5.3ksdeui.exe

(Kaspersky Lab JSC -> Kaspersky Lab AO) C:Program Files (x86)Kaspersky LabKaspersky Password Manager 9.0.2plugin-nm-server-v2.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32cmd.exe <2>

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32CredentialEnrollmentManager.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32dllhost.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32rundll32.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32smartscreen.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSysWOW64wbemWmiPrvSE.exe

(Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.) C:WindowsSystem32CorsairGamingAudioCfgService64.exe

(Microsoft Windows Publisher -> Microsoft Corporation) C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2109.6-0MsMpEng.exe

(MICRO-STAR INTERNATIONAL CO., LTD. -> ) C:Program Files (x86)MSI AfterburnerMSIAfterburner.exe

(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT’L CO., LTD.) C:Program Files (x86)MSILive UpdateMSI_LiveUpdate_Service.exe

(MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:Program Files (x86)MSICommand CenterDDRMSIDDRService.exe

(MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:Program Files (x86)MSICommand CenterMSIControlService.exe

(MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:WindowsSysWOW64muachost.exe

(NVIDIA Corporation -> Node.js) C:Program Files (x86)NVIDIA CorporationNvNodeNVIDIA Web Helper.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe <2>

(Nvidia Corporation -> NVIDIA Corporation) C:WindowsSystem32DriverStoreFileRepositorynvmdi.inf_amd64_799504293a3d3200Display.NvContainerNVDisplay.Container.exe <2>

(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:Program FilesRealtekAudioHDARtkNGUI64.exe

(SteelSeries ApS -> SteelSeries ApS) C:Program FilesSteelSeriesSteelSeries Engine 3SteelSeriesEngine3.exe

(SurfRight B.V. -> SurfRight B.V.) C:Program FilesHitmanProhmpsched.exe

 

==================== Registry (Whitelisted) ===================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM…Run: [FWS_FlawlessWidescreen] => C:Program Files (x86)Flawless WidescreenFlawlessWidescreen.exe [2607104 2014-05-30] (Flawless Widescreen) [File not signed]

HKLM…Run: [RTHDVCPL] => C:Program FilesRealtekAudioHDARtkNGUI64.exe [11236136 2021-08-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

HKLM-x32…Run: [CORSAIR iCUE Software] => C:Program Files (x86)CorsairCORSAIR iCUE SoftwareiCUE Launcher.exe [409760 2021-03-05] (Corsair Memory, Inc. -> Corsair Memory, Inc.)

HKLMSOFTWAREPoliciesMicrosoftWindows Defender: Restriction <==== ATTENTION

HKUS-1-5-21-1412095178-664559709-1232603657-1001…Run: [f.lux] => C:UsersTkureAppDataLocalFluxSoftwareFluxflux.exe [1515848 2021-06-17] (F.lux Software LLC -> f.lux Software LLC)

HKUS-1-5-21-1412095178-664559709-1232603657-1001…Run: [puush] => C:Program Files (x86)puushpuush.exe [568904 2016-07-22] (Dean Herbert -> )

HKUS-1-5-21-1412095178-664559709-1232603657-1001…Run: [kpm.exe] => C:Program Files (x86)Kaspersky LabKaspersky Password Manager 9.0.2kpm.exe [699112 2021-08-16] (Kaspersky Lab JSC -> AO Kaspersky Lab)

HKUS-1-5-21-1412095178-664559709-1232603657-1001…PoliciesExplorer: [NoLowDiskSpaceChecks] 1

HKLMSoftwareMicrosoftActive SetupInstalled Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:Program FilesGoogleChromeApplication94.0.4606.81Installerchrmstp.exe [2021-10-09] (Google LLC -> Google LLC)

Startup: C:ProgramDataMicrosoftWindowsStart MenuProgramsStartupSteelSeries Engine 3.lnk [2018-07-23]

ShortcutTarget: SteelSeries Engine 3.lnk -> C:Program FilesSteelSeriesSteelSeries Engine 3SteelSeriesEngine3.exe (SteelSeries ApS -> SteelSeries ApS)

GroupPolicy: Restriction – Chrome <==== ATTENTION

Policies: C:ProgramDataNTUSER.pol: Restriction <==== ATTENTION

HKLMSOFTWAREPoliciesMozillaFirefox: Restriction <==== ATTENTION

HKLMSOFTWAREPoliciesGoogle: Restriction <==== ATTENTION

HKUS-1-5-21-1412095178-664559709-1232603657-1001SOFTWAREPoliciesGoogle: Restriction <==== ATTENTION

 

==================== Scheduled Tasks (Whitelisted) ============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {11149811-C519-495B-B70D-C8F01A7EE4AC} – System32TasksMSISW_Host => C:WindowsSysWOW64muachost.exe [1692840 2015-08-18] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)

Task: {199A0CD7-2833-45DC-946B-31BA37E26A07} – System32TasksNvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program Files (x86)NVIDIA CorporationNvNodenvnodejslauncher.exe [645488 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {2EB41EF7-6191-4B6A-AEDA-62CC7E38EBA9} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Cleanup => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2109.6-0MpCmdRun.exe [884544 2021-10-06] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {34A66C27-2E19-4852-A7DB-4DA2C5DBD599} – System32TasksKaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:Program FilesCommon FilesAVKaspersky Labupgrade_launcher.exe [743488 2021-10-13] (Kaspersky Lab JSC -> AO Kaspersky Lab)

Task: {35F010E8-9617-4843-BCF3-FAE729C17F1E} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Verification => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2109.6-0MpCmdRun.exe [884544 2021-10-06] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {3A9303C8-96FB-4D6A-A412-321535B2E215} – System32TasksMozillaFirefox Default Browser Agent 308046B0AF4A39CB => C:Program FilesMozilla Firefoxdefault-browser-agent.exe [680888 2021-10-09] (Mozilla Corporation -> Mozilla Foundation)

Task: {46476902-6D47-4070-A50C-AC0E8142BD43} – System32TasksNvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d “C:Program FilesNVIDIA CorporationNvDriverUpdateCheck” -l 3 -f C:ProgramDataNVIDIANvContainerDriverUpdateCheck.log

Task: {50C8A8C1-66D0-4E28-AB2D-F5ECD0AB0146} – System32TasksMEGAMEGAsync Update Task S-1-5-21-1412095178-664559709-1232603657-1001 => C:UsersTkureAppDataLocalMEGAsyncMEGAupdater.exe [1306288 2021-07-23] (Mega Limited -> Mega Limited)

Task: {5F4C4C9D-A9A1-4C11-AC95-719A0B9E3AF6} – System32TasksOverwolf Updater Task => C:Program Files (x86)OverwolfOverwolfUpdater.exe [2483032 2021-08-12] (Overwolf Ltd -> Overwolf LTD)

Task: {6B99AE99-2FFE-460B-8DC6-D9A0D05E63F1} – System32TasksMSIAfterburner => C:Program Files (x86)MSI AfterburnerMSIAfterburner.exe [791608 2021-03-01] (MICRO-STAR INTERNATIONAL CO., LTD. -> )

Task: {6E234C54-2C53-42B8-AC87-A9E8DD330FF4} – System32TasksNvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {6FBFA34F-DB22-491D-8DA2-3EA6D0F13598} – System32TasksNvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d “C:Program FilesNVIDIA CorporationNvBackendNvBatteryBoostCheck” -l 3 -f C:ProgramDataNVIDIANvContainerBatteryBoostCheck.log

Task: {72932E6E-32B3-43C7-8217-2E229A9EEC58} – System32TasksAdobe Flash Player PPAPI Notifier => C:WINDOWSSysWOW64MacromedFlashFlashUtil32_32_0_0_321_pepper.exe [1453624 2020-02-04] (Adobe Inc. -> Adobe)

Task: {8106C0EC-54F8-480E-8F28-0B090C05B7A3} – System32TasksNvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {84A75E0B-8C55-44C5-9D6D-FD2BD2065F1C} – System32TasksNVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNVIDIA GeForce ExperienceNVIDIA GeForce Experience.exe [3339120 2021-06-15] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {86D8ABAA-AC6B-40EF-A984-948EBD143F6C} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Scheduled Scan => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2109.6-0MpCmdRun.exe [884544 2021-10-06] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {87E5991A-6661-4229-9BBB-0E856C1C7720} – System32TasksMicrosoftWindowsremplshell-unlock-storagesense => C:Program Filesremplremsh.exe

Task: {9247E8D3-8095-4712-9991-7395637F2EA8} – System32TasksNvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationUpdate CoreNvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {9454AE9E-90A3-4E6E-A6CF-E42AB1965675} – System32TasksEOSv3 Scheduler onLogOn => C:UsersTkureAppDataLocalESETESETOnlineScannerESETOnlineScanner.exe [18007968 2021-10-12] (ESET, spol. s r.o. -> ESET)

Task: {9EC20314-3810-44F5-AD97-228F4A8A161F} – System32TasksMicrosoftWindowsremplshell-restore => C:Program Filesremplremsh.exe

Task: {B02C49B8-F0BE-4FFA-81EF-31FEAD2494D9} – System32TasksGoogleUpdateTaskMachineUA => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [156232 2021-10-09] (Google LLC -> Google LLC)

Task: {D54A0711-42F1-4BA0-85D5-43FAB34A83DD} – System32TasksGoogleUpdateTaskMachineCore => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [156232 2021-10-09] (Google LLC -> Google LLC)

Task: {E244565B-960F-4B53-B695-C619E5D43847} – System32TasksEOSv3 Scheduler onTime => C:UsersTkureAppDataLocalESETESETOnlineScannerESETOnlineScanner.exe [18007968 2021-10-12] (ESET, spol. s r.o. -> ESET)

Task: {E358D170-D926-4F1A-AC48-572EEB6AA16E} – System32TasksNvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationUpdate CoreNvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {EA7776C8-60BC-4685-92AB-6A89BF7928CB} – System32TasksNvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {F08889DD-ADBD-4C75-82C1-E9D64A9AC01A} – System32TasksCreateExplorerShellUnelevatedTask => C:WINDOWSexplorer.exe /NOUACCHECK

Task: {F33A1D29-1AA1-4FCA-B719-DAA4E29CAB86} – System32TasksNvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {FE1AF10D-B094-4E66-BF57-AA84E3189141} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Cache Maintenance => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2109.6-0MpCmdRun.exe [884544 2021-10-06] (Microsoft Windows Publisher -> Microsoft Corporation)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:WINDOWSTasksCreateExplorerShellUnelevatedTask.job => C:WINDOWSexplorer.exe

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip..Interfaces{8d846724-eb07-48fa-8470-7c2d187e204b}: [NameServer] 8.8.8.8,8.8.4.4

Tcpip..Interfaces{8d846724-eb07-48fa-8470-7c2d187e204b}: [DhcpNameServer] 69.50.57.10 137.118.1.32

Tcpip..Interfaces{97ee9b89-a87d-4f28-ace2-a6e3e67533f8}: [NameServer] 8.8.8.8,8.8.4.4

 

Edge: 

=======

Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsAutoFormFill [not found]

Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsBookViewer [not found]

Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsLearningTools [not found]

Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsPinJSAPI [not found]

Edge Profile: C:UsersTkureAppDataLocalMicrosoftEdgeUser DataDefault [2021-10-12]

Edge HKUS-1-5-21-1412095178-664559709-1232603657-1001SOFTWAREMicrosoftEdgeExtensions…EdgeExtension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm]

Edge HKLM-x32…EdgeExtension: [ihcjicgdanjaechkgeegckofjjedodee]

 

FireFox:

========

FF DefaultProfile: hjfjjupa.default

FF ProfilePath: C:UsersTkureAppDataRoamingMozillaFirefoxProfilesdacaiqy8.default-release-1633828216278 [2021-10-13]

FF ProfilePath: C:UsersTkureAppDataRoamingMozillaFirefoxProfileshjfjjupa.default [2021-10-13]

FF HKLM…FirefoxExtensions: [FFExtnHTML2PDF@foxitsoftware.com] – C:PROGRAM FILES (X86)FOXIT SOFTWAREFoxit PhantomPDFpluginsCreatorFirefoxAddinFFExtnHTML2PDF.xpi

FF Extension: (Foxit PDF Creator) – C:PROGRAM FILES (X86)FOXIT SOFTWAREFoxit PhantomPDFpluginsCreatorFirefoxAddinFFExtnHTML2PDF.xpi [2018-04-16] [Legacy]

FF HKLM…FirefoxExtensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] – C:Program Files (x86)Kaspersky LabKaspersky Total Security 21.3FFExtlight_plugin_firefoxaddon.xpi => not found

FF HKLM-x32…FirefoxExtensions: [FFExtnHTML2PDF@foxitsoftware.com] – C:PROGRAM FILES (X86)FOXIT SOFTWAREFoxit PhantomPDFpluginsCreatorFirefoxAddinFFExtnHTML2PDF.xpi

FF HKLM-x32…FirefoxExtensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] – C:Program Files (x86)Kaspersky LabKaspersky Total Security 21.3FFExtlight_plugin_firefoxaddon.xpi => not found

FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:Program FilesVideoLANVLCnpvlc.dll [No File]

FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:Program FilesVideoLANVLCnpvlc.dll [No File]

FF Plugin-x32: @adobe.com/FlashPlayer -> C:WINDOWSSysWOW64MacromedFlashNPSWF32.dll [2020-07-01] (Adobe Systems Incorporated -> )

FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:PROGRAM FILES (X86)FOXIT SOFTWAREFoxit PhantomPDFpluginsnpFoxitPhantomPDFPlugin.dll [No File]

FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:PROGRAM FILES (X86)FOXIT SOFTWAREFoxit PhantomPDFpluginsnpFoxitPhantomPDFPlugin.dll [No File]

FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:PROGRAM FILES (X86)FOXIT SOFTWAREFoxit PhantomPDFpluginsnpFoxitPhantomPDFPlugin.dll [No File]

FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:PROGRAM FILES (X86)FOXIT SOFTWAREFoxit PhantomPDFpluginsnpFoxitPhantomPDFPlugin.dll [No File]

FF Plugin-x32: BYOND -> C:Program Files (x86)BYONDbinnpbyond.dll [2008-07-08] (BYOND) [File not signed]

FF ExtraCheck: C:Program Filesmozilla firefoxdefaultsprefantibeacon.js [2021-09-01] <==== ATTENTION (Points to *.cfg file)

FF ExtraCheck: C:Program Filesmozilla firefoxmozilla.cfg [2021-10-13] <==== ATTENTION

 

Chrome: 

=======

CHR DefaultProfile: Profile 1

CHR Profile: C:UsersTkureAppDataLocalGoogleChromeUser DataDefault [2021-10-09]

CHR Extension: (Slides) – C:UsersTkureAppDataLocalGoogleChromeUser DataDefaultExtensionsaapocclcgogkmnckokdopfmhonfmgoek [2021-10-09]

CHR Extension: (Docs) – C:UsersTkureAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake [2021-10-09]

CHR Extension: (Google Drive) – C:UsersTkureAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf [2021-10-09]

CHR Extension: (YouTube) – C:UsersTkureAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [2021-10-09]

CHR Extension: (Foxit PDF Creator) – C:UsersTkureAppDataLocalGoogleChromeUser DataDefaultExtensionscifnddnffldieaamihfkhkdgnbhfmaci [2021-10-09]

CHR Extension: (Sheets) – C:UsersTkureAppDataLocalGoogleChromeUser DataDefaultExtensionsfelcaaldnbdncclmgdcncolpebgiejap [2021-10-09]

CHR Extension: (Google Docs Offline) – C:UsersTkureAppDataLocalGoogleChromeUser DataDefaultExtensionsghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-09]

CHR Extension: (Malwarebytes Browser Guard) – C:UsersTkureAppDataLocalGoogleChromeUser DataDefaultExtensionsihcjicgdanjaechkgeegckofjjedodee [2021-10-09]

CHR Extension: (Chrome Web Store Payments) – C:UsersTkureAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [2021-10-09]

CHR Extension: (Gmail) – C:UsersTkureAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia [2021-10-09]

CHR Profile: C:UsersTkureAppDataLocalGoogleChromeUser DataGuest Profile [2021-10-13]

CHR Profile: C:UsersTkureAppDataLocalGoogleChromeUser DataProfile 1 [2021-10-13]

CHR StartupUrls: Profile 1 -> “hxxp://www.google.com/”

CHR Session Restore: Profile 1 -> is enabled.

CHR Extension: (Google Translate) – C:UsersTkureAppDataLocalGoogleChromeUser DataProfile 1Extensionsaapbdbdomjkkjkaonfhkkikfgjllcleb [2021-10-09]

CHR Extension: (Image Translate, Documents to Text) – C:UsersTkureAppDataLocalGoogleChromeUser DataProfile 1Extensionsadfcjpalgioeneepkmehnebhgkgmfadj [2021-10-09]

CHR Extension: (Kaspersky Protection) – C:UsersTkureAppDataLocalGoogleChromeUser DataProfile 1Extensionsahkjpbeeocnddjkakilopmfdlnjdpcdm [2021-10-13]

CHR Extension: (h264ify) – C:UsersTkureAppDataLocalGoogleChromeUser DataProfile 1Extensionsaleakchihdccplidncghkekgioiakgal [2021-10-09]

CHR Extension: (Google Drive) – C:UsersTkureAppDataLocalGoogleChromeUser DataProfile 1Extensionsapdfllckaahabafndbhieahigkjlhalf [2021-10-09]

CHR Extension: (YouTube) – C:UsersTkureAppDataLocalGoogleChromeUser DataProfile 1Extensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [2021-10-09]

CHR Extension: (‘Improve YouTube!’ (Video & YouTube Tools)) – C:UsersTkureAppDataLocalGoogleChromeUser DataProfile 1Extensionsbnomihfieiccainjcjblhegjgglakjdd [2021-10-09]

CHR Extension: (Sad Panda) – C:UsersTkureAppDataLocalGoogleChromeUser DataProfile 1Extensionsbohapeiooecafommnlaiccilacgmkaoc [2021-10-09]

CHR Extension: (uBlock Origin) – C:UsersTkureAppDataLocalGoogleChromeUser DataProfile 1Extensionscjpalhdlnbpafiamejdnhcphjbkeiagm [2021-10-11]

CHR Extension: (Do Not Track) – C:UsersTkureAppDataLocalGoogleChromeUser DataProfile 1Extensionsckdcpbflcbeillmamogkpmdhnbeggfja [2021-10-09]

CHR Extension: (Kaspersky Password Manager) – C:UsersTkureAppDataLocalGoogleChromeUser DataProfile 1Extensionsdhnkblpjbkfklfloegejegedcafpliaa [2021-10-13]

CHR Extension: (FrankerFaceZ) – C:UsersTkureAppDataLocalGoogleChromeUser DataProfile 1Extensionsfadndhdgpmmaapbmfcknlfgcflmmmieb [2021-10-09]

CHR Extension: (HTTPS Everywhere) – C:UsersTkureAppDataLocalGoogleChromeUser DataProfile 1Extensionsgcbommkclmclpchllfjekcdonpmejbdp [2021-10-09]

CHR Extension: (Google Docs Offline) – C:UsersTkureAppDataLocalGoogleChromeUser DataProfile 1Extensionsghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-09]

CHR Extension: (Picture-in-Picture Extension (by Google)) – C:UsersTkureAppDataLocalGoogleChromeUser DataProfile 1Extensionshkgfoiooedgoejojocmhlaklaeopbecg [2021-10-09]

CHR Extension: (Windscribe – Free Proxy and Ad Blocker) – C:UsersTkureAppDataLocalGoogleChromeUser DataProfile 1Extensionshnmpcagpplmpfojmgmnngilcnanddlhb [2021-10-09]

CHR Extension: (Malwarebytes Browser Guard) – C:UsersTkureAppDataLocalGoogleChromeUser DataProfile 1Extensionsihcjicgdanjaechkgeegckofjjedodee [2021-10-09]

CHR Extension: (Clutter Free – Prevent duplicate tabs) – C:UsersTkureAppDataLocalGoogleChromeUser DataProfile 1Extensionsiipjdmnoigaobkamfhnojmglcdbnfaaf [2021-10-09]

CHR Extension: (Absolute Enable Right Click & Copy) – C:UsersTkureAppDataLocalGoogleChromeUser DataProfile 1Extensionsjdocbkpgdakpekjlhemmfcncgdjeiika [2021-10-09]

CHR Extension: (Video Ad-Block, for Twitch) – C:UsersTkureAppDataLocalGoogleChromeUser DataProfile 1Extensionskgeglempfkhalebjlogemlmeakondflc [2021-10-09]

CHR Extension: (F.B.(FluffBusting)Purity) – C:UsersTkureAppDataLocalGoogleChromeUser DataProfile 1Extensionsnmkinhboiljjkhaknpaeaicmdjhagpep [2021-10-09]

CHR Extension: (Chrome Web Store Payments) – C:UsersTkureAppDataLocalGoogleChromeUser DataProfile 1Extensionsnmmhkkegccagdldgiimedpiccmgmieda [2021-10-09]

CHR Extension: (Gmail) – C:UsersTkureAppDataLocalGoogleChromeUser DataProfile 1Extensionspjkljhegncpnkpknbcohdijeoejaedia [2021-10-09]

CHR Profile: C:UsersTkureAppDataLocalGoogleChromeUser DataSystem Profile [2021-10-13]

CHR HKLM…ChromeExtension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] – hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm

CHR HKLM…ChromeExtension: [cifnddnffldieaamihfkhkdgnbhfmaci] – C:PROGRAM FILES (X86)FOXIT SOFTWAREFoxit PhantomPDFpluginsCreatorChromeAddinChromeAddin.crx [2018-04-16]

CHR HKLM-x32…ChromeExtension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] – hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm

CHR HKLM-x32…ChromeExtension: [cifnddnffldieaamihfkhkdgnbhfmaci] – C:PROGRAM FILES (X86)FOXIT SOFTWAREFoxit PhantomPDFpluginsCreatorChromeAddinChromeAddin.crx [2018-04-16]

CHR HKLM-x32…ChromeExtension: [ihcjicgdanjaechkgeegckofjjedodee]

 

==================== Services (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AVP21.3; C:Program Files (x86)Kaspersky LabKaspersky Total Security 21.3avp.exe [184768 2021-10-13] (Kaspersky Lab JSC -> AO Kaspersky Lab)

R2 CorsairGamingAudioConfig; C:WINDOWSsystem32CorsairGamingAudioCfgService64.exe [616344 2021-01-11] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)

R2 CorsairLLAService; C:Program Files (x86)CorsairCORSAIR iCUE SoftwareCueLLAccessService.exe [421536 2021-03-05] (Corsair Memory, Inc. -> Corsair Memory, Inc.)

R2 CorsairService; C:Program Files (x86)CorsairCORSAIR iCUE SoftwareCorsair.Service.exe [80544 2021-03-05] (Corsair Memory, Inc. -> Corsair Memory, Inc.)

S3 FoxitPhantomService; C:PROGRAM FILES (X86)FOXIT SOFTWAREFoxit PhantomPDFFoxitConnectedPDFService.exe [1658944 2019-10-28] (Foxit Software Incorporated -> Foxit Software Inc.)

R2 HitmanProScheduler; C:Program FilesHitmanProhmpsched.exe [151496 2021-10-11] (SurfRight B.V. -> SurfRight B.V.)

S3 klvssbridge64_21.3; C:Program Files (x86)Kaspersky LabKaspersky Total Security 21.3x64vssbridge64.exe [479280 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)

R2 kpm_launch_service; C:Program Files (x86)Kaspersky LabKaspersky Password Manager 9.0.2kpm_service.exe [368360 2021-08-16] (Kaspersky Lab JSC -> AO Kaspersky Lab)

R2 KSDE5.3; C:Program Files (x86)Kaspersky LabKaspersky VPN 5.3ksde.exe [447104 2021-08-13] (Kaspersky Lab JSC -> AO Kaspersky Lab)

S3 MSIClock_CC; C:Program Files (x86)MSICommand CenterClockGenMSIClockService.exe [2108600 2017-09-01] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)

S3 MSICOMM_CC; C:Program Files (x86)MSICommand CenterMSICommService.exe [2347704 2017-08-31] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)

S3 MSICPU_CC; C:Program Files (x86)MSICommand CenterCPUMSICPUService.exe [4054200 2017-09-01] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)

R2 MSICTL_CC; C:Program Files (x86)MSICommand CenterMSIControlService.exe [2247352 2017-08-31] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)

R2 MSIDDR_CC; C:Program Files (x86)MSICommand CenterDDRMSIDDRService.exe [2489016 2017-09-04] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)

S3 MSISMB_CC; C:Program Files (x86)MSICommand CenterSMBusMSISMBService.exe [2136248 2017-08-31] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)

S3 MSISuperIO_CC; C:Program Files (x86)MSICommand CenterSuperIOMSISuperIOService.exe [4848312 2017-08-31] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)

R2 MSI_LiveUpdate_Service; C:Program Files (x86)MSILive UpdateMSI_LiveUpdate_Service.exe [2210104 2021-04-08] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT’L CO., LTD.)

S4 NGS; C:WINDOWSNGService.exe [3045936 2019-09-17] (NEXON Korea Corporation. -> NEXON Korea Corporation)

S4 OverwolfUpdater; C:Program Files (x86)OverwolfOverwolfUpdater.exe [2483032 2021-08-12] (Overwolf Ltd -> Overwolf LTD)

S3 Sense; C:Program FilesWindows Defender Advanced Threat ProtectionMsSense.exe [5414976 2021-10-12] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 WdNisSvc; C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2109.6-0NisSrv.exe [2855512 2021-10-06] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 WinDefend; C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2109.6-0MsMpEng.exe [128392 2021-10-06] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 NVDisplay.ContainerLocalSystem; C:WINDOWSSystem32DriverStoreFileRepositorynvmdi.inf_amd64_799504293a3d3200Display.NvContainerNVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%NVIDIANVDisplay.ContainerLocalSystem.log -l 3 -d C:WINDOWSSystem32DriverStoreFileRepositorynvmdi.inf_amd64_799504293a3d3200Display.NvContainerpluginsLocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystemLocalSystem

S2 uhssvc; “C:Program FilesMicrosoft Update Health Toolsuhssvc.exe” [X]

 

===================== Drivers (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R0 cm_km; C:WINDOWSSystem32DRIVERScm_km.sys [250032 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)

R3 CorsairGamingAudioService; C:WINDOWSsystem32DRIVERSCorsairGamingAudio64.sys [60312 2021-01-11] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)

R2 CorsairLLAccess3B84E98236B28D4E075D5737DF9F567A1FB76E8A; C:Program Files (x86)CorsairCORSAIR iCUE SoftwareCorsairLLAccess64.sys [21752 2021-01-11] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)

R3 CorsairVBusDriver; C:WINDOWSSystem32driversCorsairVBusDriver.sys [45984 2021-01-11] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)

R3 CorsairVHidDriver; C:WINDOWSSystem32driversCorsairVHidDriver.sys [21920 2021-01-11] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)

R4 hitmanpro37; C:WINDOWSsystem32drivershitmanpro37.sys [40960 2021-10-13] (Microsoft Windows Hardware Compatibility Publisher -> )

R1 HWiNFO32; C:WINDOWSSysWOW64driversHWiNFO64A.SYS [27552 2018-12-05] (Martin Malik – REALiX -> REALiX™)

S3 I2cHkBurn; C:WINDOWSsystem32driversI2cHkBurn.sys [41760 2015-07-27] (Feature Integration Technology -> FINTEK Corp.)

R1 klbackupdisk; C:WINDOWSsystem32DRIVERSklbackupdisk.sys [110336 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)

R1 klbackupflt; C:WINDOWSSystem32DRIVERSklbackupflt.sys [211704 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)

R1 kldisk; C:WINDOWSsystem32DRIVERSkldisk.sys [126216 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)

S0 klelam; C:WINDOWSSystem32DRIVERSklelam.sys [41656 2021-02-19] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)

R1 klflt; C:WINDOWSsystem32DRIVERSklflt.sys [514840 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)

R1 klgse; C:WINDOWSSystem32DRIVERSklgse.sys [674104 2021-09-09] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)

R1 klhk; C:WINDOWSsystem32DRIVERSklhk.sys [1469240 2021-09-09] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)

R3 klids; C:ProgramDataKaspersky LabAVP21.3Basesklids.sys [273176 2021-10-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)

R1 KLIF; C:WINDOWSSystem32DRIVERSklif.sys [1042712 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)

R1 klim6; C:WINDOWSsystem32DRIVERSklim6.sys [98040 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)

R3 klkbdflt; C:WINDOWSsystem32DRIVERSklkbdflt.sys [112392 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)

R3 klmouflt; C:WINDOWSsystem32DRIVERSklmouflt.sys [112904 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)

R1 klpd; C:WINDOWSSystem32DRIVERSklpd.sys [85256 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)

R1 klpnpflt; C:WINDOWSsystem32DRIVERSklpnpflt.sys [96008 2021-10-13] (Kaspersky Lab JSC -> AO Kaspersky Lab)

R3 kltap; C:WINDOWSSystem32driverskltap.sys [55592 2021-02-19] (AnchorFree Inc -> The OpenVPN Project)

R0 klupd_klif_arkmon; C:WINDOWSSystem32Driversklupd_klif_arkmon.sys [265176 2021-10-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)

R3 klupd_klif_klark; C:WINDOWSSystem32Driversklupd_klif_klark.sys [315032 2021-10-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)

R0 klupd_klif_klbg; C:WINDOWSSystem32Driversklupd_klif_klbg.sys [113952 2021-10-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)

R3 klupd_klif_mark; C:WINDOWSSystem32Driversklupd_klif_mark.sys [225648 2021-10-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)

R1 klwfp; C:WINDOWSsystem32DRIVERSklwfp.sys [155912 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)

R1 klwtp; C:WINDOWSsystem32DRIVERSklwtp.sys [327936 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)

R1 kneps; C:WINDOWSsystem32DRIVERSkneps.sys [300808 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)

S3 NTIOLib_1_0_3; C:Program Files (x86)MSISuper ChargerNTIOLib_X64.sys [13368 2012-10-25] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)

R3 NTIOLib_CC_DDR; C:Program Files (x86)MSICommand CenterDDRNTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)

S3 NTIOLib_FastBoot; C:Program Files (x86)MSIFast BootNTIOLib_X64.sys [13368 2012-10-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)

U5 PROCMON24; C:WindowsSystem32DriversPROCMON24.sys [94560 2021-10-13] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals – www.sysinternals.com)

R3 RTCore64; C:Program Files (x86)MSI AfterburnerRTCore64.sys [36824 2020-07-13] (MICRO-STAR INTERNATIONAL CO., LTD. -> )

S3 rzendpt; C:WINDOWSSystem32driversrzendpt.sys [51224 2016-02-04] (Razer USA Ltd. -> Razer Inc)

S3 rzmpos; C:WINDOWSSystem32driversrzmpos.sys [47640 2016-02-04] (Razer USA Ltd. -> Razer Inc)

R3 ssdevfactory; C:WINDOWSSystem32driversssdevfactory.sys [46896 2018-04-23] (SteelSeries ApS -> )

R3 sshid; C:WINDOWSSystem32driverssshid.sys [47944 2018-07-02] (SteelSeries ApS -> SteelSeries ApS)

S3 ssudmdm; C:WINDOWSsystem32DRIVERSssudmdm.sys [166760 2019-09-26] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)

S3 tapnordvpn; C:WINDOWSSystem32driverstapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)

S0 WdBoot; C:WINDOWSSystem32driverswdWdBoot.sys [48520 2021-10-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

R0 WdFilter; C:WINDOWSSystem32driverswdWdFilter.sys [434424 2021-10-06] (Microsoft Windows -> Microsoft Corporation)

S3 WdNisDrv; C:WINDOWSSystem32driverswdWdNisDrv.sys [86264 2021-10-06] (Microsoft Windows -> Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One month (created) (Whitelisted) =========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2021-10-13 21:36 – 2019-06-03 13:13 – 000037776 _____ (Emsisoft Ltd) C:WINDOWSsystem32Driverseppdisk.sys

2021-10-13 21:30 – 2021-10-13 21:36 – 000000000 ____D C:Program FilesEmsisoft Anti-Malware

2021-10-13 19:31 – 2021-10-13 19:31 – 000094560 ____H (Sysinternals – www.sysinternals.com) C:WINDOWSsystem32DriversPROCMON24.SYS

2021-10-13 17:49 – 2021-10-13 17:49 – 000036208 _____ (Sysinternals – www.sysinternals.com) C:WINDOWSsystem32DriversPROCEXP152.SYS

2021-10-13 16:56 – 2021-10-13 16:56 – 000315032 _____ (AO Kaspersky Lab) C:WINDOWSsystem32Driversklupd_klif_klark.sys

2021-10-13 16:56 – 2021-10-13 16:56 – 000003150 _____ C:WINDOWSsystem32TasksMSIAfterburner

2021-10-13 16:54 – 2021-10-13 16:54 – 000265176 _____ (AO Kaspersky Lab) C:WINDOWSsystem32Driversklupd_klif_arkmon.sys

2021-10-13 16:54 – 2021-10-13 16:54 – 000225648 _____ (AO Kaspersky Lab) C:WINDOWSsystem32Driversklupd_klif_mark.sys

2021-10-13 16:54 – 2021-10-13 16:54 – 000113952 _____ (AO Kaspersky Lab) C:WINDOWSsystem32Driversklupd_klif_klbg.sys

2021-10-13 16:54 – 2021-10-13 16:54 – 000096008 _____ (AO Kaspersky Lab) C:WINDOWSsystem32Driversklpnpflt.sys

2021-10-13 16:54 – 2021-10-13 16:54 – 000003240 _____ C:WINDOWSsystem32TasksKaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}

2021-10-13 16:53 – 2021-10-13 20:33 – 000040960 _____ C:WINDOWSsystem32Drivershitmanpro37.sys

2021-10-13 16:53 – 2021-10-13 16:53 – 000002192 _____ C:UsersPublicDesktopKaspersky Total Security.lnk

2021-10-13 16:53 – 2021-10-13 16:53 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsKaspersky Total Security

2021-10-13 16:53 – 2021-02-19 21:09 – 000110176 _____ (Kaspersky Lab ZAO) C:WINDOWSsystem32klfphc.dll

2021-10-13 16:53 – 2021-02-19 21:08 – 001042712 _____ (AO Kaspersky Lab) C:WINDOWSsystem32Driversklif.sys

2021-10-13 16:53 – 2021-02-19 21:08 – 000514840 _____ (AO Kaspersky Lab) C:WINDOWSsystem32Driversklflt.sys

2021-10-13 14:42 – 2021-10-13 15:22 – 000000000 ____D C:UsersTkureAppDataRoamingMicrosoftWindowsStart MenuProgramsTwilio Inc

2021-10-13 14:42 – 2021-10-13 15:22 – 000000000 ____D C:UsersTkureAppDataLocalauthy

2021-10-13 12:05 – 2021-10-13 12:05 – 000332014 _____ C:TDSSKiller.3.1.0.28_13.10.2021_12.05.10_log.txt

2021-10-13 11:40 – 2021-10-13 11:40 – 000000214 _____ C:WINDOWSTasksCreateExplorerShellUnelevatedTask.job

2021-10-12 18:01 – 2021-10-13 22:45 – 000000000 ____D C:FRST

2021-10-12 16:27 – 2021-10-12 16:27 – 000003866 _____ C:WINDOWSsystem32TasksEOSv3 Scheduler onLogOn

2021-10-12 16:27 – 2021-10-12 16:27 – 000003424 _____ C:WINDOWSsystem32TasksEOSv3 Scheduler onTime

2021-10-12 15:59 – 2021-10-13 11:40 – 000001394 _____ C:UsersTkureAppDataRoamingMicrosoftWindowsStart MenuProgramsESET Online Scanner.lnk

2021-10-12 15:59 – 2021-10-12 15:59 – 000000000 ____D C:UsersTkureAppDataLocalESET

2021-10-12 14:25 – 2021-10-12 14:25 – 000007168 _____ (Microsoft Corporation) C:WINDOWSsystem32msdxm.ocx

2021-10-12 14:25 – 2021-10-12 14:25 – 000005632 _____ (Microsoft Corporation) C:WINDOWSSysWOW64msdxm.ocx

2021-10-12 14:24 – 2021-10-12 14:24 – 001823296 _____ (Microsoft Corporation) C:WINDOWSsystem32winload.efi

2021-10-12 14:24 – 2021-10-12 14:24 – 001393504 _____ (Microsoft Corporation) C:WINDOWSsystem32winresume.efi

2021-10-12 14:24 – 2021-10-12 14:24 – 000706536 _____ C:WINDOWSsystem32TextShaping.dll

2021-10-12 14:24 – 2021-10-12 14:24 – 000611960 _____ C:WINDOWSSysWOW64TextShaping.dll

2021-10-12 14:24 – 2021-10-12 14:24 – 000593920 _____ (Microsoft Corporation) C:WINDOWSsystem32winspool.drv

2021-10-12 14:24 – 2021-10-12 14:24 – 000570368 _____ (Microsoft Corporation) C:WINDOWSsystem32inetcpl.cpl

2021-10-12 14:24 – 2021-10-12 14:24 – 000452096 _____ (Microsoft Corporation) C:WINDOWSSysWOW64inetcpl.cpl

2021-10-12 14:24 – 2021-10-12 14:24 – 000449024 _____ (Microsoft Corporation) C:WINDOWSSysWOW64winspool.drv

2021-10-12 14:24 – 2021-10-12 14:24 – 000288768 _____ C:WINDOWSsystem32Windows.Management.InprocObjects.dll

2021-10-12 14:24 – 2021-10-12 14:24 – 000203264 _____ C:WINDOWSsystem32uwfcfgmgmt.dll

2021-10-12 14:24 – 2021-10-12 14:24 – 000158208 _____ C:WINDOWSsystem32uwfcsp.dll

2021-10-12 14:24 – 2021-10-12 14:24 – 000098304 _____ C:WINDOWSsystem32Driverscimfs.sys

2021-10-12 14:24 – 2021-10-12 14:24 – 000040960 _____ C:WINDOWSsystem32uwfservicingapi.dll

2021-10-12 14:24 – 2021-10-12 14:24 – 000011495 _____ C:WINDOWSsystem32DrtmAuthTxt.wim

2021-10-12 14:19 – 2021-10-12 14:19 – 000000000 ___HD C:$WinREAgent

2021-10-11 23:50 – 2021-10-13 16:56 – 088080384 _____ C:WINDOWSsystem32configSOFTWARE

2021-10-11 22:38 – 2021-10-11 22:40 – 000335088 _____ C:TDSSKiller.3.1.0.28_11.10.2021_22.38.34_log.txt

2021-10-11 21:45 – 2021-10-11 21:49 – 000000000 ____D C:UsersTkureAppDataLocalSysinternals

2021-10-11 21:06 – 2021-10-11 21:14 – 000661940 _____ C:TDSSKiller.3.1.0.28_11.10.2021_21.06.42_log.txt

2021-10-11 21:00 – 2021-10-11 21:01 – 000008282 _____ C:TDSSKiller.3.1.0.28_11.10.2021_21.00.44_log.txt

2021-10-11 13:31 – 2021-10-11 13:31 – 000001325 _____ C:UsersPublicDesktopKaspersky Password Manager.lnk

2021-10-11 13:31 – 2021-10-11 13:31 – 000000000 ____D C:UsersTkureAppDataLocalKaspersky Lab

2021-10-11 13:31 – 2021-10-11 13:31 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsKaspersky Password Manager

2021-10-11 01:40 – 2021-10-11 01:40 – 000001252 _____ C:WINDOWSsystem32.crusader

2021-10-11 01:30 – 2021-10-13 20:30 – 000000000 ____D C:Program FilesHitmanPro

2021-10-11 01:30 – 2021-10-11 01:30 – 000001962 _____ C:UsersPublicDesktopHitmanPro.lnk

2021-10-11 01:30 – 2021-10-11 01:30 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsHitmanPro

2021-10-11 01:29 – 2021-10-11 01:40 – 000000000 ____D C:ProgramDataHitmanPro

2021-10-10 18:25 – 2021-10-13 22:46 – 000000000 ____D C:UsersTkureAppDataRoamingdiscord

2021-10-10 18:25 – 2021-10-13 22:25 – 000000000 ____D C:UsersTkureAppDataLocalDiscord

2021-10-10 18:25 – 2021-10-10 18:25 – 000000000 ____D C:UsersTkureAppDataRoamingMicrosoftWindowsStart MenuProgramsDiscord Inc

2021-10-10 00:57 – 2021-10-10 00:57 – 000001165 _____ C:UsersPublicDesktopKaspersky VPN.lnk

2021-10-10 00:57 – 2021-10-10 00:57 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsKaspersky VPN

2021-10-10 00:56 – 2021-10-13 16:54 – 000000000 ____D C:ProgramDataKaspersky Lab Setup Files

2021-10-10 00:30 – 2021-10-11 23:49 – 000000000 ____D C:WINDOWSMicrosoft Antimalware

2021-10-10 00:06 – 2021-10-13 16:54 – 000000000 ____D C:Program FilesCommon FilesAV

2021-10-10 00:06 – 2021-10-13 16:53 – 000000000 ____D C:Program Files (x86)Kaspersky Lab

2021-10-10 00:06 – 2021-10-11 13:18 – 000000000 ____D C:ProgramDataKaspersky Lab

2021-10-09 22:29 – 2021-10-09 22:29 – 000000000 _____ C:UsersTkurenetstat

2021-10-09 19:28 – 2021-10-09 19:28 – 002295296 _____ (Digimarc) C:WINDOWSsystem32DMRCDecoder.dll

2021-10-09 19:28 – 2021-10-09 19:28 – 002260992 _____ C:WINDOWSsystem32TextInputMethodFormatter.dll

2021-10-09 19:28 – 2021-10-09 19:28 – 002111488 _____ (Digimarc) C:WINDOWSSysWOW64DMRCDecoder.dll

2021-10-09 19:28 – 2021-10-09 19:28 – 001333760 _____ C:WINDOWSSysWOW64TextInputMethodFormatter.dll

2021-10-09 19:28 – 2021-10-09 19:28 – 001313608 _____ (Microsoft Corporation) C:WINDOWSsystem32SecConfig.efi

2021-10-09 19:28 – 2021-10-09 19:28 – 001164288 _____ C:WINDOWSsystem32MBR2GPT.EXE

2021-10-09 19:28 – 2021-10-09 19:28 – 000672768 _____ C:WINDOWSsystem32FsNVSDeviceSource.dll

2021-10-09 19:28 – 2021-10-09 19:28 – 000223744 _____ C:WINDOWSSysWOW64TpmTool.exe

2021-10-09 19:28 – 2021-10-09 19:28 – 000170496 _____ C:WINDOWSsystem32DeviceUpdateCenterCsp.dll

2021-10-09 19:28 – 2021-10-09 19:28 – 000147456 _____ (Microsoft Corporation) C:WINDOWSsystem32wshom.ocx

2021-10-09 19:28 – 2021-10-09 19:28 – 000122880 _____ (Microsoft Corporation) C:WINDOWSSysWOW64wshom.ocx

2021-10-09 19:27 – 2021-10-09 19:27 – 000272384 _____ C:WINDOWSsystem32TpmTool.exe

2021-10-09 19:27 – 2021-10-09 19:27 – 000162816 _____ C:WINDOWSsystem32DataStoreCacheDumpTool.exe

2021-10-09 18:22 – 2021-10-11 19:36 – 000002249 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk

2021-10-09 18:22 – 2021-10-11 19:36 – 000002208 _____ C:UsersPublicDesktopGoogle Chrome.lnk

2021-10-09 18:22 – 2021-10-09 18:22 – 000000000 ____D C:Program FilesGoogle

2021-10-09 18:21 – 2021-10-13 22:26 – 000000000 ____D C:Program Files (x86)Google

2021-10-09 18:21 – 2021-10-09 18:21 – 000003420 _____ C:WINDOWSsystem32TasksGoogleUpdateTaskMachineUA

2021-10-09 18:21 – 2021-10-09 18:21 – 000003296 _____ C:WINDOWSsystem32TasksGoogleUpdateTaskMachineCore

2021-10-09 14:39 – 2021-10-09 14:39 – 001048576 _____ C:WINDOWSsystem32deftlbase.sbd

2021-10-09 14:39 – 2021-10-09 14:39 – 000016384 _____ C:WINDOWSsystem32deftlbase.jfm

2021-10-09 12:39 – 2021-10-09 12:39 – 000000000 ____D C:AdwCleaner

2021-10-08 14:41 – 2021-10-08 14:50 – 000000000 ____D C:Program FilesPokeMMO

2021-10-08 14:41 – 2021-10-08 14:41 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsPokeMMO

2021-10-04 23:14 – 2021-10-09 20:20 – 000003386 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskMachineCore1d79dc7cc02e241

2021-10-03 22:50 – 2021-10-03 22:50 – 000000000 ____D C:UsersTkureAppDataLocalLowP1Team

2021-10-03 21:33 – 2021-10-03 21:33 – 000001015 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsPokeOne.lnk

2021-10-03 21:33 – 2021-10-03 21:33 – 000000985 _____ C:UsersPublicDesktopPokeOne.lnk

2021-10-03 21:31 – 2021-10-03 21:33 – 000000000 ____D C:UsersTkureAppDataRoamingPokeOne

2021-10-03 18:51 – 2021-10-03 18:51 – 000000000 ____D C:UsersTkureAppDataLocal 721

2021-10-02 14:09 – 2021-10-02 14:09 – 000000000 ____D C:UsersTkurescenarios

2021-10-02 13:58 – 2021-10-02 13:58 – 000000000 ____D C:UsersTkureAppDataRoamingMicrosoftWindowsStart MenuProgramsRagsGame

2021-10-02 13:58 – 2021-10-02 13:58 – 000000000 ____D C:Program Files (x86)RagsGame

2021-10-02 13:57 – 2021-10-02 13:57 – 000000000 ____D C:UsersTkureAppDataRoamingMicrosoftWindowsStart MenuProgramsRags Suite

2021-09-28 20:13 – 2021-10-07 14:55 – 000000000 ____D C:Technic

2021-09-28 14:56 – 2021-09-28 15:56 – 000000000 ____D C:UsersTkureAppDataRoamingcoc2electron

2021-09-23 16:59 – 2021-09-23 16:59 – 000000000 ____D C:UsersTkureAppDataLocalvoidbound

2021-09-22 01:45 – 2021-09-22 01:45 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsBYOND

2021-09-22 01:45 – 2021-09-22 01:45 – 000000000 ____D C:Program Files (x86)BYOND

2021-09-18 18:06 – 2021-09-18 18:06 – 000000000 ____D C:UsersTkureAppDataLocalmod.io

2021-09-18 18:06 – 2021-09-18 18:06 – 000000000 ____D C:UsersPublicmod.io

2021-09-13 20:50 – 2021-10-09 21:10 – 000000000 ____D C:WINDOWSsystem32TasksMozilla

 

==================== One month (modified) ==================

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2021-10-13 22:45 – 2021-08-29 19:56 – 000000000 ____D C:ProgramDataNVIDIA

2021-10-13 20:57 – 2019-12-07 05:03 – 000032768 _____ C:WINDOWSsystem32configELAM

2021-10-13 19:08 – 2020-03-09 13:45 – 000000000 ____D C:ProgramDataMozilla

2021-10-13 19:08 – 2016-12-05 01:09 – 000000000 ____D C:UsersTkureAppDataLocalLowMozilla

2021-10-13 18:43 – 2021-08-30 13:49 – 000000000 ____D C:WINDOWSsystem32SleepStudy

2021-10-13 18:31 – 2019-12-07 05:14 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft

2021-10-13 17:04 – 2021-08-30 13:59 – 000840598 _____ C:WINDOWSsystem32PerfStringBackup.INI

2021-10-13 17:04 – 2019-12-07 05:13 – 000000000 ____D C:WINDOWSINF

2021-10-13 16:57 – 2021-08-30 13:56 – 000000006 ____H C:WINDOWSTasksSA.DAT

2021-10-13 16:57 – 2020-11-21 13:43 – 000000000 ____D C:Program Files (x86)MSI Afterburner

2021-10-13 16:56 – 2019-12-07 05:03 – 000262144 _____ C:WINDOWSsystem32configBBI

2021-10-13 16:53 – 2019-12-07 05:14 – 000000000 ___HD C:WINDOWSELAMBKUP

2021-10-13 16:50 – 2021-05-25 12:31 – 000000000 ____D C:UsersTEMP

2021-10-13 16:50 – 2016-07-22 19:24 – 000000000 ____D C:Program Files (x86)Steam

2021-10-13 16:50 – 2015-10-30 02:28 – 000000000 ____D C:UsersDefault.migrated

2021-10-13 16:01 – 2016-10-22 07:17 – 000000000 ____D C:Program Files (x86)WinCDEmu

2021-10-13 14:42 – 2016-08-01 10:38 – 000000000 ____D C:UsersTkureAppDataLocalSquirrelTemp

2021-10-13 12:26 – 2021-07-07 17:55 – 000002440 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Edge.lnk

2021-10-13 12:26 – 2019-12-07 05:14 – 000000000 ___HD C:Program FilesWindowsApps

2021-10-13 12:26 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSAppReadiness

2021-10-13 12:05 – 2021-08-29 19:29 – 000356406 _____ C:WINDOWSntbtlog.txt

2021-10-13 01:43 – 2021-08-30 13:49 – 000320888 _____ C:WINDOWSsystem32FNTCACHE.DAT

2021-10-13 01:41 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSSysWOW64oobe

2021-10-13 01:40 – 2019-12-07 05:54 – 000000000 ____D C:Program FilesWindows Defender Advanced Threat Protection

2021-10-13 01:40 – 2019-12-07 05:14 – 000000000 ___SD C:WINDOWSsystem32UNP

2021-10-13 01:40 – 2019-12-07 05:14 – 000000000 ___RD C:WINDOWSImmersiveControlPanel

2021-10-13 01:40 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSSystemResources

2021-10-13 01:40 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32WinBioPlugIns

2021-10-13 01:40 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32oobe

2021-10-13 01:40 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSPolicyDefinitions

2021-10-13 01:40 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSDiagTrack

2021-10-13 01:40 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSbcastdvr

2021-10-13 00:30 – 2016-07-30 01:12 – 000007591 _____ C:UsersTkureAppDataLocalResmon.ResmonCfg

2021-10-13 00:12 – 2018-12-05 17:53 – 000000000 ____D C:Program FilesMozilla Firefox

2021-10-12 14:47 – 2016-08-06 15:00 – 000000000 ____D C:Program Files (x86)DoNotSpy10

2021-10-12 14:43 – 2017-09-20 05:07 – 000000000 ____D C:Program Filesrempl

2021-10-12 14:42 – 2019-08-19 09:31 – 000000000 ____D C:Program FilesCUAssistant

2021-10-12 14:26 – 2019-12-07 05:03 – 000000000 ____D C:WINDOWSCbsTemp

2021-10-12 14:16 – 2016-07-22 19:45 – 000000000 ____D C:WINDOWSsystem32MRT

2021-10-12 14:13 – 2016-07-22 19:45 – 139806512 ____C (Microsoft Corporation) C:WINDOWSsystem32MRT.exe

2021-10-12 14:11 – 2020-11-23 17:20 – 000000000 ____D C:Program FilesMicrosoft Update Health Tools

2021-10-12 14:09 – 2016-07-23 09:19 – 000000000 ____D C:Program Files (x86)Intel

2021-10-12 11:11 – 2017-04-07 19:48 – 000000000 ____D C:UsersTkureAppDataRoamingTelegram Desktop

2021-10-11 23:54 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32NDF

2021-10-11 11:02 – 2016-07-22 19:24 – 000000000 ____D C:Program Files7-Zip

2021-10-10 19:36 – 2018-12-05 17:55 – 000001100 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsNotepad++.lnk

2021-10-10 19:36 – 2016-09-29 21:28 – 000000000 ____D C:Program Files (x86)Notepad++

2021-10-10 14:32 – 2019-08-19 11:51 – 000000000 ____D C:UsersTkureAppDataLocalD3DSCache

2021-10-10 12:03 – 2016-09-29 21:28 – 000000000 ____D C:UsersTkureAppDataRoamingNotepad++

2021-10-10 12:02 – 2021-08-30 13:50 – 000000000 ____D C:UsersTkure

2021-10-10 00:40 – 2016-07-22 19:24 – 000000000 ____D C:UsersTkureAppDataRoamingMicrosoftWindowsStart MenuProgramsWinRAR

2021-10-10 00:40 – 2016-07-22 19:24 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsWinRAR

2021-10-10 00:40 – 2016-07-22 19:24 – 000000000 ____D C:Program FilesWinRAR

2021-10-09 20:20 – 2021-08-30 13:56 – 000003480 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskMachineUA

2021-10-09 20:15 – 2016-07-23 09:15 – 000000000 ____D C:UsersTkureAppDataLocalGoogle

2021-10-09 20:11 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSSysWOW64WinMetadata

2021-10-09 20:11 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSSysWOW64Dism

2021-10-09 20:11 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32WinMetadata

2021-10-09 20:11 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32migwiz

2021-10-09 20:11 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32Dism

2021-10-09 20:11 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32DDFs

2021-10-09 20:11 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32appraiser

2021-10-09 20:11 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSShellComponents

2021-10-09 20:11 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSProvisioning

2021-10-09 20:11 – 2019-12-07 05:03 – 000000000 ____D C:WINDOWSservicing

2021-10-09 15:30 – 2020-03-09 13:45 – 000000000 ____D C:Program Files (x86)Mozilla Maintenance Service

2021-10-09 13:07 – 2020-03-09 13:45 – 000001011 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsFirefox.lnk

2021-10-09 12:39 – 2018-12-05 17:14 – 000000000 ____D C:UsersTkureAppDataRoamingIObit

2021-10-09 12:39 – 2018-12-05 17:14 – 000000000 ____D C:UsersTkureAppDataLocalLowIObit

2021-10-09 12:35 – 2016-09-21 15:54 – 000000000 ____D C:UsersTkureAppDataRoamingMicrosoftWindowsStart MenuProgramsHammer & Chisel, Inc

2021-10-09 11:29 – 2021-08-29 21:31 – 000000000 ____D C:UsersTkureAppDataLocalLowIGDump

2021-10-09 11:29 – 2020-06-22 12:12 – 000000000 ____D C:Program FilesCheat Engine 7.1

2021-10-09 03:11 – 2019-03-02 21:26 – 000000000 ____D C:UsersTkureAppDataLocalSpotify

2021-10-09 03:11 – 2019-03-02 21:25 – 000000000 ____D C:UsersTkureAppDataRoamingSpotify

2021-10-07 18:47 – 2016-10-09 23:35 – 000000000 ____D C:UsersTkureAppDataRoamingRenPy

2021-10-07 15:30 – 2017-08-24 15:13 – 000000000 ____D C:ProgramDataRiot Games

2021-10-07 15:29 – 2020-11-02 00:22 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsRiot Games

2021-10-06 12:22 – 2018-02-28 08:12 – 000000000 ____D C:WINDOWSsystem32Driverswd

2021-10-05 18:54 – 2021-08-30 14:23 – 000000000 ____D C:UsersTkureAppDataLocalElevatedDiagnostics

2021-10-03 14:35 – 2020-10-13 12:43 – 000000000 ____D C:UsersTkureAppDataRoamingparadox-launcher-v2

2021-10-02 14:07 – 2016-09-07 16:53 – 000000000 ____D C:UsersTkureAppDataRoamingRags

2021-10-02 13:57 – 2016-09-07 16:59 – 000000000 ____D C:Program Files (x86)Rags Game LLC

2021-10-01 14:31 – 2020-11-01 22:49 – 000000000 ____D C:UsersTkureAppDataLocalRiot Games

2021-09-26 03:17 – 2016-07-22 19:16 – 000000000 ____D C:UsersTkureAppDataLocalCrashDumps

2021-09-26 00:16 – 2018-08-09 16:41 – 000000000 ____D C:UsersTkureAppDataLocalUser Data

2021-09-20 17:43 – 2021-06-05 02:54 – 000000000 ____D C:UsersTkureAppDataLocalModOrganizer

2021-09-20 17:43 – 2019-12-28 21:44 – 000000000 ____D C:ProgramDataUSVFS

2021-09-13 13:13 – 2021-01-27 16:47 – 000000000 ____D C:UsersTkureAppDataLocalOverwolf

 

==================== Files in the root of some directories ========

 

2016-07-28 07:41 – 2016-07-28 07:41 – 000000043 _____ () C:UsersTkureAppDataRoamingWB.CFG

2021-02-28 12:30 – 2021-02-28 12:41 – 001065984 _____ () C:UsersTkureAppDataLocalfile__0.localstorage

2020-07-20 17:17 – 2020-07-20 17:17 – 000000749 _____ () C:UsersTkureAppDataLocalrecently-used.xbel

2016-07-30 01:12 – 2021-10-13 00:30 – 000007591 _____ () C:UsersTkureAppDataLocalResmon.ResmonCfg

 

==================== SigCheck ============================

 

(There is no automatic fix for files that do not pass verification.)

 

==================== End of FRST.txt ========================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-10-2021

Ran by CuddleCactus (13-10-2021 22:46:35)

Running from E:UsersTkureDownloads

Microsoft Windows 10 Pro Version 21H1 19043.1288 (X64) (2021-08-30 17:56:34)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

 

(If an entry is included in the fixlist, it will be removed.)

 

Administrator (S-1-5-21-1412095178-664559709-1232603657-500 – Administrator – Disabled)

CuddleCactus (S-1-5-21-1412095178-664559709-1232603657-1001 – Administrator – Enabled) => C:UsersTkure

DefaultAccount (S-1-5-21-1412095178-664559709-1232603657-503 – Limited – Disabled)

Guest (S-1-5-21-1412095178-664559709-1232603657-501 – Limited – Disabled)

WDAGUtilityAccount (S-1-5-21-1412095178-664559709-1232603657-504 – Limited – Disabled)

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Disabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Kaspersky Total Security (Enabled – Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}

AS: Windows Defender (Enabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Total Security (Enabled) {774D7037-0984-41B0-3A87-5E88E680AD58}

 

==================== Installed Programs ======================

 

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

7-Zip 19.00 (x64) (HKLM…7-Zip) (Version: 19.00 – Igor Pavlov)

Adobe Flash Player 11 Plugin (HKLM-x32…Adobe Flash Player Plugin) (Version: 11.1.102.55 – Adobe Systems Incorporated)

Adobe Flash Player 32 PPAPI (HKLM-x32…Adobe Flash Player PPAPI) (Version: 32.0.0.321 – Adobe)

AdoptOpenJDK JDK with Eclipse OpenJ9 8u292-b10 (x64) (HKLM…{7355976E-4C3F-4D7A-9DEB-E860BE7B0EEB}) (Version: 8.0.292.10 – AdoptOpenJDK)

Asmedia USB Host Controller Driver (HKLM-x32…{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.33.1 – Asmedia Technology)

Blitz 1.13.83 (HKUS-1-5-21-1412095178-664559709-1232603657-1001…153f8ce0-b97a-575b-ba12-4ff8b1481894) (Version: 1.13.83 – Blitz, Inc.)

BYOND (HKLM-x32…BYOND) (Version: 514.1566 – BYOND)

Cheat Engine 7.1 (HKLM…Cheat Engine_is1) (Version:  – Cheat Engine)

Compatibility Pack for the 2007 Office system (HKLM-x32…{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 – Microsoft Corporation)

CORSAIR iCUE Software (HKLM-x32…{3D350B22-542B-4FB4-B3AC-EA760941C319}) (Version: 3.38.61 – Corsair)

CurseForge (HKUS-1-5-21-1412095178-664559709-1232603657-1001…Overwolf_cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj) (Version: 0.181.2.16 – Overwolf app)

Discord (HKUS-1-5-21-1412095178-664559709-1232603657-1001…Discord) (Version: 1.0.9003 – Discord Inc.)

f.lux (HKUS-1-5-21-1412095178-664559709-1232603657-1001…Flux) (Version:  – f.lux Software LLC)

Flawless Widescreen version 1.0.15 (HKLM-x32…{7348D82E-8C68-48FF-BA2D-8C97B5B4B3D8}_is1) (Version: 1.0.15 – Flawless Widescreen)

Foxit PhantomPDF (HKLM-x32…{65DEC8D0-FB7E-11E9-8FC6-000C29C1951D}) (Version: 8.3.12.47136 – Foxit Software Inc.)

FTB App (HKUS-1-5-21-1412095178-664559709-1232603657-1001…Overwolf_cmogmmciplgmocnhikmphehmeecmpaggknkjlbag) (Version: 1.21.809.1952 – Overwolf app)

Gargoyle (HKLM-x32…Gargoyle) (Version:  – )

Geeks3D FurMark 1.27.0.0 (HKLM-x32…{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: 1.27.0.0 – Geeks3D)

Google Chrome (HKLM-x32…Google Chrome) (Version: 94.0.4606.81 – Google LLC)

HitmanPro 3.8 (HKLM…HitmanPro38) (Version: 3.8.23.318 – SurfRight B.V.)

Intel® Chipset Device Software (HKLM-x32…{44ded3eb-1686-46a6-9770-fd79096c29f7}) (Version: 10.1.1.45 – Intel® Corporation) Hidden

Intel® Chipset Device Software (HKLM-x32…{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 – Intel® Corporation) Hidden

Intel® Management Engine Components (HKLM…{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1068 – Intel Corporation)

Intel® Serial IO (HKLM…{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1633.3 – Intel Corporation)

Intel® Trusted Connect Service Client x86 (HKLM-x32…{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.49.166.0 – Intel Corporation) Hidden

Intel® Trusted Connect Services Client (HKLM-x32…{df682aff-4294-4ad1-aaa7-276931d5781f}) (Version: 1.49.166.0 – Intel Corporation) Hidden

Kaspersky Password Manager (HKLM-x32…{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 – Kaspersky Lab) Hidden

Kaspersky Password Manager (HKLM-x32…InstallWIX_{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 – Kaspersky Lab)

Kaspersky Total Security (HKLM-x32…{4FC79BE9-AD63-46C0-9626-E4F6BCE6A976}) (Version: 21.3.10.391 – Kaspersky) Hidden

Kaspersky Total Security (HKLM-x32…InstallWIX_{4FC79BE9-AD63-46C0-9626-E4F6BCE6A976}) (Version: 21.3.10.391 – Kaspersky)

Kaspersky VPN (HKLM-x32…{FF2A12B8-AEB7-48C0-95C8-E2E3D67DFCB2}) (Version: 21.3.10.391 – Kaspersky) Hidden

Kaspersky VPN (HKLM-x32…InstallWIX_{FF2A12B8-AEB7-48C0-95C8-E2E3D67DFCB2}) (Version: 21.3.10.391 – Kaspersky)

League of Legends (HKUS-1-5-21-1412095178-664559709-1232603657-1001…Riot Game league_of_legends.live) (Version:  – Riot Games, Inc)

LOOT version 0.16.1 (HKLM-x32…{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.16.1 – LOOT Team)

MEGAsync (HKLM-x32…MEGAsync) (Version:  – Mega Limited)

Microsoft ASP.NET MVC 4 Runtime (HKLM-x32…{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 – Microsoft Corporation)

Microsoft Edge (HKLM-x32…Microsoft Edge) (Version: 94.0.992.47 – Microsoft Corporation)

Microsoft Office Word Viewer 2003 (HKLM-x32…{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 – Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32…{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 – Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM…{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 – Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32…{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 – Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32…{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 – Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32…{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 – Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM…{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 – Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM…{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 – Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable – x64 9.0.30729.17 (HKLM…{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 – Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable – x64 9.0.30729.6161 (HKLM…{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 – Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable – x86 9.0.21022 (HKLM-x32…{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 – Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.17 (HKLM-x32…{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 – Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.6161 (HKLM-x32…{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 – Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable – 10.0.40219 (HKLM…{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 – Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable – 10.0.40219 (HKLM-x32…{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 – Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) – 11.0.61030 (HKLM-x32…{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 – Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) – 11.0.61030 (HKLM-x32…{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 – Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.30501 (HKLM-x32…{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 – Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.40660 (HKLM-x32…{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 – Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) – 12.0.30501 (HKLM-x32…{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 – Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) – 12.0.40660 (HKLM-x32…{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 – Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x64) – 14.24.28127 (HKLM-x32…{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 – Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x64) – 14.28.29334 (HKLM-x32…{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 – Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x86) – 14.24.28127 (HKLM-x32…{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 – Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x86) – 14.28.29334 (HKLM-x32…{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 – Microsoft Corporation)

Microsoft XNA Framework Redistributable 4.0 (HKLM-x32…{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 – Microsoft Corporation)

Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32…{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 – Microsoft Corporation)

Minecraft (HKLM-x32…{756E195A-CB58-4B99-917F-0DDA0D881204}) (Version: 1.0.4.0 – Mojang)

Mozilla Firefox (x64 en-US) (HKLM…Mozilla Firefox 93.0 (x64 en-US)) (Version: 93.0 – Mozilla)

Mozilla Maintenance Service (HKLM…MozillaMaintenanceService) (Version: 73.0.1 – Mozilla)

MSI Afterburner 4.6.3 (HKLM-x32…Afterburner) (Version: 4.6.3 – MSI Co., LTD)

MSI Command Center (HKLM-x32…{85A2564E-9ED9-448A-91E4-B9211EE58A08}_is1) (Version: 2.0.0.56 – MSI)

MSI Live Update 6 (HKLM-x32…{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.2.0.74 – MSI)

Notepad++ (32-bit x86) (HKLM-x32…Notepad++) (Version: 7.9.5 – Notepad++ Team)

NVIDIA FrameView SDK 1.1.4923.29968894 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29968894 – NVIDIA Corporation)

NVIDIA GeForce Experience 3.23.0.74 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.23.0.74 – NVIDIA Corporation)

NVIDIA Graphics Driver 471.68 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 471.68 – NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.38.60 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.60 – NVIDIA Corporation)

NVIDIA PhysX System Software 9.19.0218 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 – NVIDIA Corporation)

OpenAL (HKLM-x32…OpenAL) (Version:  – )

Overwolf (HKLM-x32…Overwolf) (Version: 0.178.0.16 – Overwolf Ltd.)

paint.net (HKLM…{6FED3D93-C0FA-4BD7-A36F-7FC53698244F}) (Version: 4.2.15 – dotPDN LLC)

Paradox Launcher v2 (HKLM…{F0072197-FCF6-41BF-9D38-832B145922DC}) (Version: 2.0.0.0 – Paradox Interactive)

PokeMMO (HKLM…PokeMMO_is1) (Version:  – PokeMMO)

PokeOne version 1.00 (HKLM-x32…{30B1E559-2D0C-4317-A76E-4EE36E2F8A39}_is1) (Version: 1.00 – PSXTeam)

puush (HKLM-x32…{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 – Dean Herbert)

r2modman 3.1.9 (HKUS-1-5-21-1412095178-664559709-1232603657-1001…ac231ef6-6414-5f8d-b36f-3b57705721dd) (Version: 3.1.9 – ebkr)

Rags Suite (HKLM-x32…{7C60776C-C6EA-4C59-926B-BA76703D2608}) (Version: 2.4.16 – RagsGame)

Rags Suite 3.0.60 (HKUS-1-5-21-1412095178-664559709-1232603657-1001…Rags Suite 3.0.60) (Version:  – )

Realtek High Definition Audio Driver (HKLM-x32…{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8899.1 – Realtek Semiconductor Corp.)

RGSS-RTP Standard (HKLM-x32…RGSS-RTP Standard_is1) (Version: 1.04 – Enterbrain)

RivaTuner Statistics Server 7.3.0 (HKLM-x32…RTSS) (Version: 7.3.0 – Unwinder)

RPG MAKER VX Ace RTP (HKLM-x32…RPGVXAce_RTP_is1) (Version: 1.00 – Enterbrain)

RPG Maker VX RTP (HKLM-x32…RPG Maker VX RTP_is1) (Version: 1.02 – Enterbrain)

RPGツクール2000 ランタイムパッケージ (HKLM-x32…{33F7A957-A66D-45A1-BADF-6576083B14E2}) (Version:  – )

Ruby 2.2.6-p396 (HKUS-1-5-21-1412095178-664559709-1232603657-1001…{F4249FFD-42CD-4404-9534-170D074544F4}_is1) (Version: 2.2.6-p396 – RubyInstaller Team)

Skyrim Performance Monitor 64 (HKLM-x32…{4CCF1AE2-7398-4F9F-8848-D9600D1B84CD}) (Version: 4.6 – Sir Garnon on Nexus)

Spotify (HKUS-1-5-21-1412095178-664559709-1232603657-1001…Spotify) (Version: 1.1.69.612.gb7409abc – Spotify AB)

Steam (HKLM-x32…Steam) (Version: 2.10.91.91 – Valve Corporation)

SteelSeries Engine 3.12.6 (HKLM…SteelSeries Engine 3) (Version: 3.12.6 – SteelSeries ApS)

SWF File Player (HKLM-x32…{6A86F611-906C-422D-B34A-103662CBC195}_is1) (Version:  – swffileplayer.com)

Telegram Desktop version 3.1.8 (HKUS-1-5-21-1412095178-664559709-1232603657-1001…{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 3.1.8 – Telegram FZ-LLC)

TQ Game Launcher version 1.1.1.1 (HKUS-1-5-21-1412095178-664559709-1232603657-1001…{73A231D1-9B3E-4467-9F48-A32E0067FFD8}_is1) (Version: 1.1.1.1 – area57)

Ulead GIF Animator 5 TBYB (HKLM-x32…{8AF3E926-ED59-11D4-A44B-0000E86D2305}) (Version:  – Ulead System)

UpdateAssistant (HKLM-x32…{7C070E60-8769-4763-BBD8-7537A28A60D4}) (Version: 1.10.0.0 – Microsoft Corporation) Hidden

Vintage Story version 1.15.5 (HKLM-x32…{70364653-036D-49B3-8B80-AF39665F29C1}_is1) (Version: 1.15.5 – Anego Systems)

WhoCrashed 6.70 (HKLM…WhoCrashed_is1) (Version:  – Resplendence Software Projects Sp.)

WinCDEmu (HKLM-x32…WinCDEmu) (Version: 4.1 – Sysprogs)

Windows 10 Update Assistant (HKLM-x32…{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22899 – Microsoft Corporation)

Windows PC Health Check (HKLM…{00DC4B60-5FC9-4629-8147-EF81ADF0EEA6}) (Version: 2.3.2106.25001 – Microsoft Corporation)

Windows Setup Remediations (x64) (KB4023057) (HKLM…{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  – )

WinRAR 6.02 (64-bit) (HKLM…WinRAR archiver) (Version: 6.02.0 – win.rar GmbH)

 

Packages:

=========

Cortana -> C:Program FilesWindowsAppsMicrosoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe [2021-08-30] (Microsoft Corporation)

Diagnostic Data Viewer -> C:Program FilesWindowsAppsMicrosoft.DiagnosticDataViewer_4.2007.11582.0_x64__8wekyb3d8bbwe [2021-09-01] (Microsoft Corporation)

NVIDIA Control Panel -> C:Program FilesWindowsAppsNVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-09-01] (NVIDIA Corp.)

Photos Add-on -> C:Program FilesWindowsAppsMicrosoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2020-11-16] (Microsoft Corporation)

Photos Media Engine Add-on -> C:Program FilesWindowsAppsMicrosoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-11-16] (Microsoft Corporation)

 

==================== Custom CLSID (Whitelisted): ==============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKUS-1-5-21-1412095178-664559709-1232603657-1001_ClassesCLSID{C52B9871-E5E9-41FD-B84D-C5ACADBEC7AE}InprocServer32 -> E:UsersTkureDocumentsStuffGamez2Locale.Emulator.2.4.1.0LEContextMenuHandler.DLL (Paddy Xu) [File not signed] [File is in use]

ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:UsersTkureAppDataLocalMEGAsyncShellExtX64.dll [2021-07-23] (Mega Limited -> )

ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:UsersTkureAppDataLocalMEGAsyncShellExtX64.dll [2021-07-23] (Mega Limited -> )

ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:UsersTkureAppDataLocalMEGAsyncShellExtX64.dll [2021-07-23] (Mega Limited -> )

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File

ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File

ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File

ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File

ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File

ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File

ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:UsersTkureAppDataLocalMEGAsyncShellExtX64.dll [2021-07-23] (Mega Limited -> )

ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:UsersTkureAppDataLocalMEGAsyncShellExtX64.dll [2021-07-23] (Mega Limited -> )

ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:UsersTkureAppDataLocalMEGAsyncShellExtX64.dll [2021-07-23] (Mega Limited -> )

ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:Program Files7-Zip7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]

ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:Program Files (x86)Notepad++NppShell_06.dll [2020-06-04] (Notepad++ -> )

ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:PROGRAM FILES (X86)FOXIT SOFTWAREFoxit PhantomPDFpluginsConvertToPDFShellExtension_x64.dll [2019-10-25] (Foxit Software Incorporated -> Foxit Software Inc.)

ContextMenuHandlers1: [HitmanPro] -> {D7CF1AF8-E2AD-4DA4-ACE5-77F8A58AB71D} => C:Program FilesHitmanProhmpshext.dll [2021-10-13] (SurfRight B.V. -> SurfRight B.V.)

ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} =>  -> No File

ContextMenuHandlers1: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:Program Files (x86)Kaspersky LabKaspersky Total Security 21.3x64shellex.dll [2021-10-13] (Kaspersky Lab JSC -> AO Kaspersky Lab)

ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:UsersTkureAppDataLocalMEGAsyncShellExtX64.dll [2021-07-23] (Mega Limited -> )

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:Program FilesWinRARrarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:Program FilesWinRARrarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers2: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:Program Files (x86)Kaspersky LabKaspersky Total Security 21.3x64shellex.dll [2021-10-13] (Kaspersky Lab JSC -> AO Kaspersky Lab)

ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:UsersTkureAppDataLocalMEGAsyncShellExtX64.dll [2021-07-23] (Mega Limited -> )

ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:UsersTkureAppDataLocalMEGAsyncShellExtX64.dll [2021-07-23] (Mega Limited -> )

ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:Program Files7-Zip7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]

ContextMenuHandlers4: [HitmanPro] -> {D7CF1AF8-E2AD-4DA4-ACE5-77F8A58AB71D} => C:Program FilesHitmanProhmpshext.dll [2021-10-13] (SurfRight B.V. -> SurfRight B.V.)

ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} =>  -> No File

ContextMenuHandlers4: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:Program Files (x86)Kaspersky LabKaspersky Total Security 21.3x64shellex.dll [2021-10-13] (Kaspersky Lab JSC -> AO Kaspersky Lab)

ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:UsersTkureAppDataLocalMEGAsyncShellExtX64.dll [2021-07-23] (Mega Limited -> )

ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:WINDOWSSystem32DriverStoreFileRepositorynvmdi.inf_amd64_799504293a3d3200nvshext.dll [2021-08-06] (Nvidia Corporation -> NVIDIA Corporation)

ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:Program Files7-Zip7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]

ContextMenuHandlers6: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:PROGRAM FILES (X86)FOXIT SOFTWAREFoxit PhantomPDFpluginsConvertToPDFShellExtension_x64.dll [2019-10-25] (Foxit Software Incorporated -> Foxit Software Inc.)

ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} =>  -> No File

ContextMenuHandlers6: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:Program Files (x86)Kaspersky LabKaspersky Total Security 21.3x64shellex.dll [2021-10-13] (Kaspersky Lab JSC -> AO Kaspersky Lab)

ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:Program FilesWinRARrarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:Program FilesWinRARrarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)

 

==================== Codecs (Whitelisted) ====================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM…Drivers32: [VIDC.RTV1] => C:WINDOWSsystem32rtvcvfw64.dll [246272 2012-09-28] () [File not signed]

HKLM…Drivers32: [VIDC.RTV1] => C:WindowsSysWOW64rtvcvfw32.dll [247296 2012-09-28] () [File not signed]

 

==================== Shortcuts & WMI ========================

 

(The entries could be listed to be restored or removed.)

 

Shortcut: C:UsersTkureAppDataRoamingMicrosoftWindowsStart MenuProgramsRuby 2.2.6-p396Interactive Ruby.lnk -> C:Ruby22binirb.bat ()

ShortcutWithArgument: C:UsersTkureAppDataRoamingMicrosoftWindowsStart MenuProgramsRuby 2.2.6-p396Start Command Prompt with Ruby.lnk -> C:WindowsSystem32cmd.exe (Microsoft Corporation) -> /E:ON /K C:Ruby22binsetrbvars.bat

 

==================== Loaded Modules (Whitelisted) =============

 

2021-03-05 18:44 – 2021-03-05 18:44 – 000209408 _____ () [File not signed] C:Program Files (x86)CorsairCORSAIR iCUE Softwarequazip.dll

2021-03-05 18:44 – 2021-03-05 18:44 – 000101376 _____ () [File not signed] C:Program Files (x86)CorsairCORSAIR iCUE Softwarezlib.dll

2021-02-08 10:24 – 2021-02-08 10:24 – 000232960 _____ () [File not signed] C:Program Files (x86)MSI AfterburnerRTCore.dll

2021-02-08 10:24 – 2021-02-08 10:24 – 000057344 _____ () [File not signed] C:Program Files (x86)MSI AfterburnerRTFC.dll

2021-02-08 10:24 – 2021-02-08 10:24 – 000668160 _____ () [File not signed] C:Program Files (x86)MSI AfterburnerRTHAL.dll

2021-02-08 10:24 – 2021-02-08 10:24 – 000074240 _____ () [File not signed] C:Program Files (x86)MSI AfterburnerRTMUI.dll

2021-02-08 10:24 – 2021-02-08 10:24 – 000371712 _____ () [File not signed] C:Program Files (x86)MSI AfterburnerRTUI.dll

2021-07-07 03:29 – 2005-07-18 13:43 – 000160256 _____ () [File not signed] C:Program Files (x86)MSILive Updateunrar.dll

2018-07-02 15:17 – 2018-07-02 15:17 – 002146304 _____ (Holtek Semiconductor Inc.) [File not signed] C:Program FilesSteelSeriesSteelSeries Engine 3HIDDLL.dll

2018-07-02 15:17 – 2018-07-02 15:17 – 002284032 _____ (Holtek) [File not signed] C:Program FilesSteelSeriesSteelSeries Engine 3ISPDLL.dll

2021-10-10 19:36 – 2019-02-21 12:00 – 000078336 _____ (Igor Pavlov) [File not signed] C:Program Files7-Zip7-zip.dll

2020-12-16 09:26 – 2020-12-16 09:26 – 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:Program Files (x86)CorsairCORSAIR iCUE SoftwareSiUSBXp.dll

2021-03-05 18:43 – 2021-03-05 18:43 – 002516992 _____ (The OpenSSL Project, https://www.openssl.org/) [File not signed] C:Program Files (x86)CorsairCORSAIR iCUE Softwarelibcrypto-1_1.dll
2021-03-05 18:43 – 2021-03-05 18:43 – 000530944 _____ (The OpenSSL Project, https://www.openssl.org/) [File not signed] C:Program Files (x86)CorsairCORSAIR iCUE Softwarelibssl-1_1.dll

 

==================== Alternate Data Streams (Whitelisted) ========

 

==================== Safe Mode (Whitelisted) ==================

 

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

 

HKLMSYSTEMCurrentControlSetControlSafeBootMinimal46134477.sys => “”=”Driver”

HKLMSYSTEMCurrentControlSetControlSafeBootNetwork46134477.sys => “”=”Driver”

 

==================== Association (Whitelisted) =================

 

==================== Internet Explorer (Whitelisted) ==========

 

HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank

HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerMain,Start Page = about:blank

SearchScopes: HKU.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKUS-1-5-21-1412095178-664559709-1232603657-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04

SearchScopes: HKUS-1-5-21-1412095178-664559709-1232603657-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04

BHO-x32: Foxit PhantomPDF Create PDF ToolBar Helper -> {A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A} -> C:PROGRAM FILES (X86)FOXIT SOFTWAREFoxit PhantomPDFpluginsCreatorIEAddinIEAddin.dll [2019-10-25] (Foxit Software Incorporated -> )

Toolbar: HKLM-x32 – Foxit PhantomPDF Create PDF ToolBar – {BFD9D8A8-57FF-488A-B919-065EC77CF82F} – C:PROGRAM FILES (X86)FOXIT SOFTWAREFoxit PhantomPDFpluginsCreatorIEAddinIEAddin.dll [2019-10-25] (Foxit Software Incorporated -> )

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

IE restricted site: HKUS-1-5-21-1412095178-664559709-1232603657-1001…msn.com -> g.msn.com

IE restricted site: HKUS-1-5-21-1412095178-664559709-1232603657-1001…skype.com -> apps.skype.com

 

==================== Hosts content: =========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2015-07-10 07:04 – 2021-09-08 14:00 – 000001411 _____ C:WINDOWSsystem32driversetchosts

127.0.0.1 localhost

0.0.0.0 dev.epicgames.com

0.0.0.0 api.epicgames.dev

0.0.0.0 et.epicgames.com

0.0.0.0 et2.epicgames.com

0.0.0.0 udn.epicgames.com

0.0.0.0 etsource.epicgames.com

0.0.0.0 metrics.ol.epicgames.com

0.0.0.0 datarouter.ol.epicgames.com

 

==================== Other Areas ===========================

 

(Currently there is no automatic fix for this section.)

 

HKLMSystemCurrentControlSetControlSession ManagerEnvironment\Path -> C:Program FilesAdoptOpenJDKjdk-8.0.292.10-openj9bin;C:Program Files (x86)InteliCLS Client;C:ProgramDataOracleJavajavapath;C:Program Files (x86)Razer Chroma SDKbin;C:Program FilesRazer Chroma SDKbin;C:Program FilesInteliCLS Client;C:WINDOWSsystem32;C:WINDOWS;C:WINDOWSSystem32Wbem;C:WINDOWSSystem32WindowsPowerShellv1.0;C:Program FilesNVIDIA CorporationNVIDIA NvDLISR;C:Program Files (x86)NVIDIA CorporationPhysXCommon;%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;%SYSTEMROOT%System32WindowsPowerShellv1.0;%SYSTEMROOT%System32OpenSSH;C:Program Files (x86)IntelIntel® Management Engine ComponentsDAL;C:Program FilesIntelIntel® Management Engine ComponentsDAL;C:Program Files (x86)IntelIntel® Management Engine ComponentsIPT;C:Program FilesIntelIntel® Management Engine ComponentsIPT

HKUS-1-5-21-1412095178-664559709-1232603657-1001Control PanelDesktop\Wallpaper -> E:UsersTkureDesktopStuffPicsPC Backgrounds1d203adc90d4364d0be74382b5b7e99f.jpg

DNS Servers: 8.8.8.8 – 8.8.4.4

HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: Warn)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(If an entry is included in the fixlist, it will be removed.)

 

MSCONFIGServices: Razer Chroma SDK Server => 2

MSCONFIGServices: Razer Chroma SDK Service => 2

MSCONFIGServices: Razer Game Manager Service => 2

MSCONFIGServices: Razer Game Scanner Service => 2

MSCONFIGServices: RzActionSvc => 2

MSCONFIGServices: RzKLService => 2

HKLM…StartupApprovedStartupFolder: => “Killer Network Manager.lnk”

HKLM…StartupApprovedRun: => “NahimicMSIUILauncher”

HKLM…StartupApprovedRun: => “ShadowPlay”

HKLM…StartupApprovedRun: => “Fences”

HKLM…StartupApprovedRun: => “FWS_FlawlessWidescreen”

HKLM…StartupApprovedRun32: => “Live Update”

HKLM…StartupApprovedRun32: => “MSIRegister”

HKLM…StartupApprovedRun32: => “Super Charger”

HKLM…StartupApprovedRun32: => “SunJavaUpdateSched”

HKLM…StartupApprovedRun32: => “Command Center”

HKLM…StartupApprovedRun32: => “Fast Boot”

HKLM…StartupApprovedRun32: => “Razer Synapse”

HKLM…StartupApprovedRun32: => “LWS”

HKLM…StartupApprovedRun32: => “SecurityHealth”

HKLM…StartupApprovedRun32: => “RazerCortex”

HKUS-1-5-21-1412095178-664559709-1232603657-1001…StartupApprovedStartupFolder: => “Logitech . Product Registration.lnk”

HKUS-1-5-21-1412095178-664559709-1232603657-1001…StartupApprovedRun: => “OneDrive”

HKUS-1-5-21-1412095178-664559709-1232603657-1001…StartupApprovedRun: => “Steam”

HKUS-1-5-21-1412095178-664559709-1232603657-1001…StartupApprovedRun: => “puush”

HKUS-1-5-21-1412095178-664559709-1232603657-1001…StartupApprovedRun: => “Chromium”

HKUS-1-5-21-1412095178-664559709-1232603657-1001…StartupApprovedRun: => “Skype”

HKUS-1-5-21-1412095178-664559709-1232603657-1001…StartupApprovedRun: => “Discord”

HKUS-1-5-21-1412095178-664559709-1232603657-1001…StartupApprovedRun: => “CCleaner Monitoring”

HKUS-1-5-21-1412095178-664559709-1232603657-1001…StartupApprovedRun: => “CCleaner Smart Cleaning”

HKUS-1-5-21-1412095178-664559709-1232603657-1001…StartupApprovedRun: => “Uninstall 19.232.1124.0008”

HKUS-1-5-21-1412095178-664559709-1232603657-1001…StartupApprovedRun: => “Uninstall 19.232.1124.0008amd64”

 

==================== FirewallRules (Whitelisted) ================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [{5614006E-2744-4AFF-8B66-752BB66925FF}] => (Allow) C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{E3E0113E-B243-4CA3-8965-7737ED373278}] => (Allow) C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{E2FE2069-E997-493E-824E-2D4F92F8E7FC}] => (Allow) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{D3892376-6CC0-4A1B-ABD3-940D2FE03CF4}] => (Allow) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{BCBFB253-1D82-4F73-8DC3-BBD29A034470}] => (Allow) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{91EE940A-5BD9-43CB-9E8C-0F14BB04BBEB}] => (Allow) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{54CC3ABB-8638-4D1D-AB92-5593316D728D}] => (Allow) C:Program Files (x86)SteamsteamappscommonHumankindHumankind.exe () [File not signed]

FirewallRules: [{E475F5F5-BED7-48D1-92F1-355BE3292D60}] => (Allow) C:Program Files (x86)SteamsteamappscommonHumankindHumankind.exe () [File not signed]

FirewallRules: [{5F87AD29-16BF-4F39-80A1-F176A39846BA}] => (Allow) C:Program Files (x86)SteamsteamappscommonDeep Rock GalacticFSD.exe (Epic Games, Inc.) [File not signed]

FirewallRules: [{65DDC461-0C57-4637-ACFD-2088BBA66B77}] => (Allow) C:Program Files (x86)SteamsteamappscommonDeep Rock GalacticFSD.exe (Epic Games, Inc.) [File not signed]

FirewallRules: [{B3AE0431-CCE4-4006-8517-D63F3D1A33A6}] => (Allow) C:Program Files (x86)SteamsteamappscommonRisk of RainRisk of Rain.exe (Hopoo Games, LLC) [File not signed]

FirewallRules: [{C7FACC50-5E00-4158-B7C6-1266CFBA2EE0}] => (Allow) C:Program Files (x86)SteamsteamappscommonRisk of RainRisk of Rain.exe (Hopoo Games, LLC) [File not signed]

FirewallRules: [UDP Query User{9EF6D580-B197-4AC7-84AF-0ACC348AD6B9}C:program files (x86)steamsteamappscommondivinity original sin 2defedbineocapp.exe] => (Allow) C:program files (x86)steamsteamappscommondivinity original sin 2defedbineocapp.exe (Larian Studios Games Ltd. -> )

FirewallRules: [TCP Query User{C0FC3187-0DD8-404C-B79E-309C7806DBA0}C:program files (x86)steamsteamappscommondivinity original sin 2defedbineocapp.exe] => (Allow) C:program files (x86)steamsteamappscommondivinity original sin 2defedbineocapp.exe (Larian Studios Games Ltd. -> )

FirewallRules: [{5C194AEE-51CE-4C4C-8F42-B7967F64FDC9}] => (Allow) C:Program Files (x86)SteamsteamappscommonDivinity Original Sin 2binSupportTool.exe (Larian Studios Games Ltd. -> LariLauncher)

FirewallRules: [{5D9C61D7-4FA1-4DB1-A63A-E065F973963E}] => (Allow) C:Program Files (x86)SteamsteamappscommonDivinity Original Sin 2binSupportTool.exe (Larian Studios Games Ltd. -> LariLauncher)

FirewallRules: [{6DDCC547-FD7A-4384-8476-7A5F6785BD4E}] => (Allow) C:Program Files (x86)SteamsteamappscommonOxygenNotIncludedOxygenNotIncluded.exe () [File not signed]

FirewallRules: [{DA06771D-8CC9-41D3-89E9-B170B09D166E}] => (Allow) C:Program Files (x86)SteamsteamappscommonOxygenNotIncludedOxygenNotIncluded.exe () [File not signed]

FirewallRules: [{442F6CAD-F700-41F6-B3B5-CD2328216857}] => (Allow) C:Program Files (x86)SteamsteamappscommonSkyrim Special EditionSkyrimSELauncher.exe (Bethesda Softworks) [File not signed]

FirewallRules: [{95DF3208-9370-4A25-9144-E85640DA8AB8}] => (Allow) C:Program Files (x86)SteamsteamappscommonSkyrim Special EditionSkyrimSELauncher.exe (Bethesda Softworks) [File not signed]

FirewallRules: [UDP Query User{89017B7C-C6BA-492A-AE48-2EB0CB4F9DB3}C:program filesadoptopenjdkjdk-8.0.292.10-openj9binjavaw.exe] => (Allow) C:program filesadoptopenjdkjdk-8.0.292.10-openj9binjavaw.exe

FirewallRules: [TCP Query User{274EEF52-146D-4D88-8982-6261A9EF998C}C:program filesadoptopenjdkjdk-8.0.292.10-openj9binjavaw.exe] => (Allow) C:program filesadoptopenjdkjdk-8.0.292.10-openj9binjavaw.exe

FirewallRules: [UDP Query User{62179DC6-E0B7-41EB-80D7-E3C5081A41EC}C:cursemcinstallruntimejre-legacywindows-x64jre-legacybinjavaw.exe] => (Allow) C:cursemcinstallruntimejre-legacywindows-x64jre-legacybinjavaw.exe

FirewallRules: [TCP Query User{E0AEFE74-F4BB-4847-BF69-548E370A3881}C:cursemcinstallruntimejre-legacywindows-x64jre-legacybinjavaw.exe] => (Allow) C:cursemcinstallruntimejre-legacywindows-x64jre-legacybinjavaw.exe

FirewallRules: [{667B11FA-3421-4D4B-A7D4-9C0EC48C697F}] => (Allow) C:Program Files (x86)SteamsteamappscommonRimWorldRimWorldWin64.exe () [File not signed]

FirewallRules: [{91B220B0-3403-44ED-9368-BF5D64AA4D17}] => (Allow) C:Program Files (x86)SteamsteamappscommonRimWorldRimWorldWin64.exe () [File not signed]

FirewallRules: [UDP Query User{7E080842-4EA8-4DF3-9A71-347A9847D89C}C:userstkureappdatalocalprogramsblitzblitz.exe] => (Allow) C:userstkureappdatalocalprogramsblitzblitz.exe (Swift Media Entertainment, Inc. -> Blitz, Inc.)

FirewallRules: [TCP Query User{C89DCC14-ECBB-4FA7-9822-8A2FF790E396}C:userstkureappdatalocalprogramsblitzblitz.exe] => (Allow) C:userstkureappdatalocalprogramsblitzblitz.exe (Swift Media Entertainment, Inc. -> Blitz, Inc.)

FirewallRules: [UDP Query User{9F88E4B0-DA15-46D8-9536-BFD00E6E46EA}C:program filesvideolanvlcvlc.exe] => (Allow) C:program filesvideolanvlcvlc.exe => No File

FirewallRules: [TCP Query User{90DFCE36-145B-4F71-A4FA-F912F8647DC3}C:program filesvideolanvlcvlc.exe] => (Allow) C:program filesvideolanvlcvlc.exe => No File

FirewallRules: [{B72561C7-53C5-4A8D-B022-A327AF2A79F1}] => (Allow) C:Program Files (x86)SteamsteamappscommontModLoadertModLoader.exe (Re-Logic) [File not signed]

FirewallRules: [{1350E0E1-1A22-497B-9760-3F8D578B1C7A}] => (Allow) C:Program Files (x86)SteamsteamappscommontModLoadertModLoader.exe (Re-Logic) [File not signed]

FirewallRules: [{350EFD9E-6DA8-4560-B905-E785884F7F59}] => (Allow) C:Program FilesMozilla Firefoxfirefox.exe (Mozilla Corporation -> Mozilla Corporation)

FirewallRules: [{A9E64072-7F49-46C4-93A0-C277F7BED7C3}] => (Allow) C:Program FilesMozilla Firefoxfirefox.exe (Mozilla Corporation -> Mozilla Corporation)

FirewallRules: [UDP Query User{3D6936A1-6C43-4ECB-9803-1231BE8A9E0C}C:program files (x86)minecraftruntimejre-x64binjavaw.exe] => (Allow) C:program files (x86)minecraftruntimejre-x64binjavaw.exe

FirewallRules: [TCP Query User{17320587-7A4E-40CA-86DD-3AA2E4DC8F46}C:program files (x86)minecraftruntimejre-x64binjavaw.exe] => (Allow) C:program files (x86)minecraftruntimejre-x64binjavaw.exe

FirewallRules: [{48878DAE-0FEC-4211-8D4E-F12BE790911F}] => (Allow) C:Program Files (x86)SteamsteamappscommonTerrariaTerraria.exe (Re-Logic) [File not signed]

FirewallRules: [{5CFA1CC2-F295-4CE3-9636-A8F7B2856605}] => (Allow) C:Program Files (x86)SteamsteamappscommonTerrariaTerraria.exe (Re-Logic) [File not signed]

FirewallRules: [UDP Query User{DB7FA7DF-F83C-4C31-A3DE-E0590982DD0B}C:userstkureappdataroamingspotifyspotify.exe] => (Allow) C:userstkureappdataroamingspotifyspotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [TCP Query User{6884644E-826F-4AF9-9275-F81BE52D20FA}C:userstkureappdataroamingspotifyspotify.exe] => (Allow) C:userstkureappdataroamingspotifyspotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{EEF2621D-2DAA-4CCB-9A0B-43E6E17D76D5}] => (Allow) C:Program Files (x86)Steambincefcef.win7x64steamwebhelper.exe (Valve -> Valve Corporation)

FirewallRules: [{B4A5B94F-D82F-4434-8CEC-25CFAF207B65}] => (Allow) C:Program Files (x86)Steambincefcef.win7x64steamwebhelper.exe (Valve -> Valve Corporation)

FirewallRules: [{D2EE899B-5ADA-4777-A2BA-EA17C2D26C51}] => (Allow) C:Program Files (x86)SteamSteam.exe (Valve -> Valve Corporation)

FirewallRules: [{BC99B60D-51F2-47E0-8565-2228EEFE5EBF}] => (Allow) C:Program Files (x86)SteamSteam.exe (Valve -> Valve Corporation)

FirewallRules: [{F7413795-E674-491F-9FE1-26A78E1B60D5}] => (Allow) LPort=26789

FirewallRules: [{14FD00CC-59D9-4E5E-A2E0-AD6AC57DBA26}] => (Allow) LPort=24680

FirewallRules: [{49C79FB6-0C23-445E-B0A8-7DA0DEA5C290}] => (Allow) C:Program Files (x86)SteamsteamappscommonSNKRXSNKRX.exe () [File not signed]

FirewallRules: [{0B5461C8-FA61-4DA4-98EB-B01C3FF4A90E}] => (Allow) C:Program Files (x86)SteamsteamappscommonSNKRXSNKRX.exe () [File not signed]

FirewallRules: [TCP Query User{1A0F7476-6439-4E2D-AE8B-61736E61F195}C:windowssystem32mmc.exe] => (Block) C:windowssystem32mmc.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [UDP Query User{A616F153-BDEE-42E9-8033-9BE1F88BD964}C:windowssystem32mmc.exe] => (Block) C:windowssystem32mmc.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [{76BA045A-48AD-4D8F-BC95-15FF8FD7F005}] => (Allow) C:Program Files (x86)SteamsteamappscommonSurviving MarsMarsSteam.exe (Haemimont Games) [File not signed]

FirewallRules: [{1917960D-DDED-4077-A988-C8A6B0FCD737}] => (Allow) C:Program Files (x86)SteamsteamappscommonSurviving MarsMarsSteam.exe (Haemimont Games) [File not signed]

FirewallRules: [{FF2C2023-0F9C-47DE-92C5-8E8E2A9F0C67}] => (Allow) C:Program Files (x86)Overwolf .178.0.16OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)

FirewallRules: [{2B235553-17E5-47C2-B47E-1F60889E5AFF}] => (Allow) C:Program Files (x86)Overwolf .178.0.16OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)

FirewallRules: [{4BD58ECC-F14C-4E4D-931B-11B04826ECE3}] => (Block) C:Program Files (x86)Overwolf .178.0.16OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)

FirewallRules: [{EF6A2BE7-7E6B-439D-976B-AE9AA187615D}] => (Block) C:Program Files (x86)Overwolf .178.0.16OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)

FirewallRules: [{A3A6CC4A-AC12-4AC9-B416-7512DE8497E8}] => (Allow) C:Program Files (x86)Overwolf .178.0.16OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)

FirewallRules: [{E6F2A1FF-7E12-42FA-891B-72A2253C6737}] => (Allow) C:Program Files (x86)Overwolf .178.0.16OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)

FirewallRules: [{0F3D7042-EEBE-4E55-A2A5-8CAE395C72B7}] => (Block) C:Program Files (x86)Overwolf .178.0.16OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)

FirewallRules: [{90AD10B6-F764-41B0-96EC-8B2F47726BD9}] => (Block) C:Program Files (x86)Overwolf .178.0.16OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)

FirewallRules: [{582D5B15-FD51-47B6-ABE0-FFB92D17E200}] => (Block) C:Program Files (x86)Overwolf .178.0.16OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)

FirewallRules: [{9E47820B-46AD-4186-92BC-BB6CEA7C1F7E}] => (Block) C:Program Files (x86)Overwolf .178.0.16OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)

FirewallRules: [{7BEE4652-CBB8-48D1-985C-0EFA2DF5F269}] => (Block) C:Program Files (x86)Overwolf .178.0.16OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)

FirewallRules: [{89D2DDC3-B5DF-4441-BE96-ADF87DD15024}] => (Block) C:Program Files (x86)Overwolf .178.0.16OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)

FirewallRules: [TCP Query User{F473C9ED-9F62-4DAA-8C61-B48B66362539}C:userstkureappdatalocaloverwolfextensionscmogmmciplgmocnhikmphehmeecmpaggknkjlbag1.21.809.1952jdk-11.0.8+10-jrebinjava.exe] => (Allow) C:userstkureappdatalocaloverwolfextensionscmogmmciplgmocnhikmphehmeecmpaggknkjlbag1.21.809.1952jdk-11.0.8+10-jrebinjava.exe

FirewallRules: [UDP Query User{94C5289E-5DBA-4549-8EE8-31202A274492}C:userstkureappdatalocaloverwolfextensionscmogmmciplgmocnhikmphehmeecmpaggknkjlbag1.21.809.1952jdk-11.0.8+10-jrebinjava.exe] => (Allow) C:userstkureappdatalocaloverwolfextensionscmogmmciplgmocnhikmphehmeecmpaggknkjlbag1.21.809.1952jdk-11.0.8+10-jrebinjava.exe

FirewallRules: [TCP Query User{8266AF42-CB06-4807-9745-3CDC3D6401B2}C:userstkureappdatalocal.ftbabinruntimejre-legacywindows-x64jre-legacybinjavaw.exe] => (Allow) C:userstkureappdatalocal.ftbabinruntimejre-legacywindows-x64jre-legacybinjavaw.exe

FirewallRules: [UDP Query User{82C52F65-7BC3-4306-9BE6-BD82D89E07B9}C:userstkureappdatalocal.ftbabinruntimejre-legacywindows-x64jre-legacybinjavaw.exe] => (Allow) C:userstkureappdatalocal.ftbabinruntimejre-legacywindows-x64jre-legacybinjavaw.exe

FirewallRules: [{E410D09B-E6CA-4438-ADA6-4FE1928AA46E}] => (Allow) E:UsersTkureSteamLibrarysteamappscommonStellarisdowser.exe (Paradox Interactive AB (publ) -> )

FirewallRules: [{353FED4E-D7D4-42C4-8FB9-870017FF9165}] => (Allow) E:UsersTkureSteamLibrarysteamappscommonStellarisdowser.exe (Paradox Interactive AB (publ) -> )

FirewallRules: [TCP Query User{87AA6761-45B6-401F-8C4A-8DA4BEAAAED9}C:program files (x86)byondbinbyond.exe] => (Allow) C:program files (x86)byondbinbyond.exe () [File not signed]

FirewallRules: [UDP Query User{494115FE-75F8-4F35-A470-4477C72CF97A}C:program files (x86)byondbinbyond.exe] => (Allow) C:program files (x86)byondbinbyond.exe () [File not signed]

FirewallRules: [{630F32AF-A794-4C1B-9CB8-55D53A707CC6}] => (Allow) C:Program Files (x86)SteamsteamappscommonValheimvalheim.exe () [File not signed]

FirewallRules: [{EB3E3AD6-2FAD-4966-9A8F-B31CD4D40689}] => (Allow) C:Program Files (x86)SteamsteamappscommonValheimvalheim.exe () [File not signed]

FirewallRules: [{32DADCFF-4E55-483C-B0CE-491514D88AF2}] => (Allow) E:UsersTkureSteamLibrarysteamappscommonTotal War WARHAMMER IIlauncherlauncher.exe (The Creative Assembly Ltd -> Creative Assembly Ltd)

FirewallRules: [{CC498515-66AA-4BC4-A6B2-C286836D3DDE}] => (Allow) E:UsersTkureSteamLibrarysteamappscommonTotal War WARHAMMER IIlauncherlauncher.exe (The Creative Assembly Ltd -> Creative Assembly Ltd)

FirewallRules: [TCP Query User{F5A07B79-FD2D-4BE9-909B-B62FD631B02B}C:technicruntimesjre-legacybinjavaw.exe] => (Allow) C:technicruntimesjre-legacybinjavaw.exe

FirewallRules: [UDP Query User{0A3AF207-A17A-4A3A-A13D-3B1D09216F7E}C:technicruntimesjre-legacybinjavaw.exe] => (Allow) C:technicruntimesjre-legacybinjavaw.exe

FirewallRules: [TCP Query User{7AEEDB45-03E3-4637-AC87-39A49EAA106A}E:userstkuredocumentsstuffriot gamesleague of legendsleagueclientuxrender.exe] => (Allow) E:userstkuredocumentsstuffriot gamesleague of legendsleagueclientuxrender.exe (Riot Games, Inc. -> Riot Games, Inc.)

FirewallRules: [UDP Query User{53CC15DF-3839-4A58-834B-15DEC4CAFC12}E:userstkuredocumentsstuffriot gamesleague of legendsleagueclientuxrender.exe] => (Allow) E:userstkuredocumentsstuffriot gamesleague of legendsleagueclientuxrender.exe (Riot Games, Inc. -> Riot Games, Inc.)

FirewallRules: [{4A4F8E62-4FD8-407D-9832-D76E1F9D150C}] => (Allow) C:Program FilesGoogleChromeApplicationchrome.exe (Google LLC -> Google LLC)

FirewallRules: [{315D2D7A-9D0C-4685-8F57-58674A9C7DD4}] => (Allow) C:Program Files (x86)SteamsteamappscommonFoundationfoundation.exe (Polymorph Games) [File not signed]

FirewallRules: [{3ADDB5FE-2A9F-4AC5-A19D-576628C33356}] => (Allow) C:Program Files (x86)SteamsteamappscommonFoundationfoundation.exe (Polymorph Games) [File not signed]

 

==================== Restore Points =========================

 

 

==================== Faulty Device Manager Devices ============

 

 

==================== Event log errors: ========================

 

Application errors:

==================

Error: (10/13/2021 10:45:01 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: NVDisplay.Container.exe, version: 1.33.2988.2648, time stamp: 0x6082bd2b

Faulting module name: KERNELBASE.dll, version: 10.0.19041.1202, time stamp: 0xc9db1934

Exception code: 0xe06d7363

Fault offset: 0x0000000000034f99

Faulting process id: 0x9b8

Faulting application start time: 0x01d7c074e6be4e04

Faulting application path: C:WINDOWSSystem32DriverStoreFileRepositorynvmdi.inf_amd64_799504293a3d3200Display.NvContainerNVDisplay.Container.exe

Faulting module path: C:WINDOWSSystem32KERNELBASE.dll

Report Id: e0e2cec2-2e10-403a-9b6f-93258c2133fb

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (10/13/2021 10:45:01 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002b4,SYSTEMCurrentControlSetServicesVSSDiagSwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5},0,REG_BINARY,00000061D28FE090.72).  hr = 0x80070005, Access is denied.

.

 

 

Operation:

   Executing Asynchronous Operation

 

Context:

   Current State: DoSnapshotSet

 

Error: (10/13/2021 10:45:01 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002b4,SYSTEMCurrentControlSetServicesVSSDiagSwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5},0,REG_BINARY,00000061D28FE090.72).  hr = 0x80070005, Access is denied.

.

 

 

Operation:

   Executing Asynchronous Operation

 

Context:

   Current State: DoSnapshotSet

 

Error: (10/13/2021 10:45:01 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002b4,SYSTEMCurrentControlSetServicesVSSDiagSwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5},0,REG_BINARY,00000061D28FE090.72).  hr = 0x80070005, Access is denied.

.

 

 

Operation:

   Executing Asynchronous Operation

 

Context:

   Current State: DoSnapshotSet

 

Error: (10/13/2021 10:45:01 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002b4,SYSTEMCurrentControlSetServicesVSSDiagSwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5},0,REG_BINARY,00000061D28FE090.72).  hr = 0x80070005, Access is denied.

.

 

 

Operation:

   Executing Asynchronous Operation

 

Context:

   Current State: DoSnapshotSet

 

Error: (10/13/2021 10:45:01 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002b4,SYSTEMCurrentControlSetServicesVSSDiagSwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5},0,REG_BINARY,00000061D28FE130.72).  hr = 0x80070005, Access is denied.

.

 

 

Operation:

   Executing Asynchronous Operation

 

Context:

   Current State: DoSnapshotSet

 

Error: (10/13/2021 10:45:01 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002b4,SYSTEMCurrentControlSetServicesVSSDiagSwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5},0,REG_BINARY,00000061D28FE130.72).  hr = 0x80070005, Access is denied.

.

 

 

Operation:

   Executing Asynchronous Operation

 

Context:

   Current State: DoSnapshotSet

 

Error: (10/13/2021 10:45:01 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002b4,SYSTEMCurrentControlSetServicesVSSDiagSwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5},0,REG_BINARY,0000023D95928100.72).  hr = 0x80070005, Access is denied.

.

 

 

Operation:

   Executing Asynchronous Operation

 

Context:

   Current State: DoSnapshotSet

 

 

System errors:

=============

Error: (10/13/2021 10:47:20 PM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: The ScRegSetValueExW call failed for Start with the following error: 

Access is denied.

 

Error: (10/13/2021 10:38:26 PM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: The ScRegSetValueExW call failed for Start with the following error: 

Access is denied.

 

Error: (10/13/2021 10:00:22 PM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: The ScRegSetValueExW call failed for Start with the following error: 

Access is denied.

 

Error: (10/13/2021 09:36:20 PM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: The ScRegSetValueExW call failed for Type with the following error: 

Access is denied.

 

Error: (10/13/2021 09:36:20 PM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: The ScRegSetValueExW call failed for Type with the following error: 

Access is denied.

 

Error: (10/13/2021 09:36:20 PM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: The ScRegSetValueExW call failed for Type with the following error: 

Access is denied.

 

Error: (10/13/2021 09:34:03 PM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: The ScRegSetValueExW call failed for Type with the following error: 

Access is denied.

 

Error: (10/13/2021 09:33:58 PM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: The ScRegSetValueExW call failed for Type with the following error: 

Access is denied.

 

 

Windows Defender:

================

Date: 2021-10-13 18:33:47

Description: 

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

 

Date: 2021-10-13 16:53:58

Description: 

Controlled Folder Access blocked C:Program Files (x86)Kaspersky LabKaspersky Total Security 21.3avp.exe from making changes to memory.

Detection time: 2021-10-13T20:53:58.151Z

Path: DeviceHarddisk0DR0

Process Name: C:Program Files (x86)Kaspersky LabKaspersky Total Security 21.3avp.exe

Security intelligence Version: 1.351.343.0

Engine Version: 1.1.18600.4

Product Version: 4.18.2109.6

 

Date: 2021-10-13 16:53:34

Description: 

Controlled Folder Access blocked C:Program FilesHitmanProHitmanPro.exe from making changes to memory.

Detection time: 2021-10-13T20:53:34.215Z

Path: DeviceHarddiskVolume1

Process Name: C:Program FilesHitmanProHitmanPro.exe

Security intelligence Version: 1.351.343.0

Engine Version: 1.1.18600.4

Product Version: 4.18.2109.6

 

Date: 2021-10-13 16:52:19

Description: 

Controlled Folder Access blocked C:Program Files (x86)Kaspersky LabKaspersky Password Manager 9.0.2kpm_service.exe from making changes to memory.

Detection time: 2021-10-13T20:52:19.934Z

Path: DeviceHarddisk0DR0

Process Name: C:Program Files (x86)Kaspersky LabKaspersky Password Manager 9.0.2kpm_service.exe

Security intelligence Version: 1.351.343.0

Engine Version: 1.1.18600.4

Product Version: 4.18.2109.6

 

Date: 2021-10-13 16:52:03

Description: 

Controlled Folder Access blocked C:Program Files (x86)Kaspersky LabKaspersky VPN 5.3ksde.exe from making changes to memory.

Detection time: 2021-10-13T20:52:03.137Z

Path: DeviceHarddisk0DR0

Process Name: C:Program Files (x86)Kaspersky LabKaspersky VPN 5.3ksde.exe

Security intelligence Version: 1.351.343.0

Engine Version: 1.1.18600.4

Product Version: 4.18.2109.6

 

Date: 2021-10-13 11:49:51

Description: 

Microsoft Defender Antivirus has encountered an error trying to update security intelligence.

New security intelligence Version: 

Previous security intelligence Version: 1.351.314.0

Update Source: Microsoft Update Server

Security intelligence Type: AntiVirus

Update Type: Full

Current Engine Version: 

Previous Engine Version: 1.1.18600.4

Error code: 0x8007043c

Error description: This service cannot be started in Safe Mode 

 

Date: 2021-10-13 11:39:49

Description: 

Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.

Feature: On Access

Error Code: 0x8007043c

Error description: This service cannot be started in Safe Mode 

Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

 

Date: 2021-10-04 13:00:59

Description: 

Microsoft Defender Antivirus has encountered an error trying to update security intelligence.

New security intelligence Version: 

Previous security intelligence Version: 1.349.1867.0

Update Source: Microsoft Update Server

Security intelligence Type: AntiVirus

Update Type: Full

Current Engine Version: 

Previous Engine Version: 1.1.18500.10

Error code: 0x8024402c

Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

 

Date: 2021-09-19 19:25:56

Description: 

Microsoft Defender Antivirus has encountered an error trying to update security intelligence.

New security intelligence Version: 

Previous security intelligence Version: 1.349.1042.0

Update Source: Microsoft Update Server

Security intelligence Type: AntiVirus

Update Type: Full

Current Engine Version: 

Previous Engine Version: 1.1.18500.10

Error code: 0x80240438

Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

 

CodeIntegrity:

===============

Date: 2021-10-13 18:35:48

Description: 

Code Integrity determined that a process (DeviceHarddiskVolume2WindowsSystem32svchost.exe) attempted to load DeviceHarddiskVolume2Program Files (x86)Kaspersky LabKaspersky Total Security 21.3x64antimalware_provider.dll that did not meet the Windows signing level requirements.

 

 

==================== Memory info =========================== 

 

BIOS: American Megatrends Inc. 1.I0 06/26/2018

Motherboard: MSI Z170A GAMING M5 (MS-7977)

Processor: Intel® Core™ i5-6600K CPU @ 3.50GHz

Percentage of memory in use: 59%

Total physical RAM: 16344.51 MB

Available physical RAM: 6617.2 MB

Total Virtual: 32728.51 MB

Available Virtual: 18371.22 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:237.03 GB) (Free:19.41 GB) NTFS

Drive e: (Storage) (Fixed) (Total:1862.89 GB) (Free:324.74 GB) NTFS

Drive f: (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.47 GB) NTFS

 

\?Volume{1cc152d9-1003-11ec-9feb-4ccc6a40f0cd} () (Fixed) (Total:0.85 GB) (Free:0.43 GB) NTFS

\?Volume{1cc152d8-1003-11ec-9feb-4ccc6a40f0cd} () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

 

==================== MBR & Partition Table ====================

 

==========================================================

Disk: 0 (Size: 238.5 GB) (Disk ID: 26599C74)

 

Partition: GPT.

 

==========================================================

Disk: 1 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)

 

Partition: GPT.

 

==================== End of Addition.txt =======================

 




Original Source by [author_name]

Leave a Reply

Your email address will not be published. Required fields are marked *

78 − seventy seven =