Infected with a trojan a while ago, want to know if my computer is safe | #firefox | #chrome | #microsoftedge

A while ago (let’s say a month or so), I was infected with a trojan that had stolen my passwords, cookies, and Discord tokens. Since then, I have changed all the passwords to my important accounts and also have completed full wipes of my drives using Samsung Magician and DBAN, and finally, I have completely reset Windows using a bootable USB. This may seem a bit overkill, but it was advice given to me by some professionals. Now, the reason for this post is because after these events, I can feel unsafe at times when events that would be completely normal before being infected, such as system lag, audio bugs, and other symptoms of a virus occur. I run full scans with anti-viruses every day, but after reading these forums for a bit and the solutions given to people here, I would like to make sure my computer is fully secure and be able to browse the internet normally once again. 

If needed, here is a link to a VM analysis on any.run: https://any.run/report/b33040c7c87de8a1303bb323add1e768f3feafd05e3b208282d23e4402ee5418/f98977b7-400d-4797-82d1-7dfb31fa41dc#files

 

Things I have been worried about:

  • Authorization logs in Event Viewer (Logons, Special Logons). I have been informed on the fact that these are caused by processes needing to gain permissions, and would like confirmation
  • Possibility that the trojan could have been a RAT and installed some sort of firmware rootkit on my computer
  • Hard drive spinning fast on computer startup (probably a problem that existed before)
  • Final note, the OS was installed in late August

Would like help with this issue, will usually respond pretty fast in the afternoon. Thanks!

Here are the logs:

 

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-10-2021

Ran by Zoyvn (administrator) on DESKTOP-43VE1G1 (ASUSTeK COMPUTER INC. G30AB) (07-10-2021 19:35:13)

Running from C:UsersZoyvnDownloads

Loaded Profiles: Zoyvn

Platform: Windows 10 Home Version 21H1 19043.1237 (X64) Language: English (United States)

Default browser: Chrome

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Adobe Inc. -> Adobe Inc) C:Program Files (x86)Common FilesAdobeAdobe Desktop CommonIPCBoxAdobeIPCBroker.exe

(Adobe Inc. -> Adobe Systems Incorporated) C:Program FilesAdobeAdobe Creative Cloud ExperienceCCXProcess.exe

(Blizzard Entertainment, Inc. -> Blizzard Entertainment) C:Program Files (x86)Battle.netBattle.net.exe <3>

(Blizzard Entertainment, Inc. -> Blizzard Entertainment) C:ProgramDataBattle.netAgentAgent.7531Agent.exe

(Chris Andriessen) [File not signed] C:UsersZoyvnDownloadsTaskbarX_1.6.9.0_x64TaskbarX.exe

(Discord Inc. -> Discord Inc.) C:UsersZoyvnAppDataLocalDiscordapp-1.0.9003Discord.exe <6>

(Epic Games Inc. -> Epic Games, Inc.) C:Program Files (x86)Epic GamesEpic Online ServicesEpicOnlineServices.exe <2>

(Epic Games Inc. -> Epic Games, Inc.) C:Program Files (x86)Epic GamesEpic Online ServicesEpicOnlineServicesUserHelper.exe

(Epic Games Inc. -> Epic Games, Inc.) C:Program Files (x86)Epic GamesEpic Online ServicesserviceEpicOnlineServicesHost.exe

(Epic Games Inc. -> Epic Games, Inc.) C:Program Files (x86)Epic GamesLauncherEngineBinariesWin64EpicWebHelper.exe <2>

(Epic Games Inc. -> Epic Games, Inc.) C:Program Files (x86)Epic GamesLauncherPortalBinariesWin64EpicGamesLauncher.exe

(Google LLC -> Google LLC) C:Program Files (x86)GoogleUpdate1.3.36.112GoogleCrashHandler.exe

(Google LLC -> Google LLC) C:Program Files (x86)GoogleUpdate1.3.36.112GoogleCrashHandler64.exe

(Google LLC -> Google LLC) C:Program FilesGoogleChromeApplicationchrome.exe <18>

(Kaspersky Lab JSC -> AO Kaspersky Lab) C:Program Files (x86)Kaspersky LabKaspersky Security Cloud 21.3avp.exe

(Kaspersky Lab JSC -> AO Kaspersky Lab) C:Program Files (x86)Kaspersky LabKaspersky Security Cloud 21.3avpui.exe

(Kaspersky Lab JSC -> AO Kaspersky Lab) C:Program Files (x86)Kaspersky LabKaspersky Security Cloud 21.3plugins_nms.exe

(Kaspersky Lab JSC -> AO Kaspersky Lab) C:Program Files (x86)Kaspersky LabKaspersky VPN 5.3ksde.exe

(Kaspersky Lab JSC -> AO Kaspersky Lab) C:Program Files (x86)Kaspersky LabKaspersky VPN 5.3ksdeui.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32cmd.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32dllhost.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32oobeUserOOBEBroker.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32rundll32.exe <2>

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32smartscreen.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSysWOW64wbemWmiPrvSE.exe

(Node.js Foundation -> Node.js) C:Program FilesAdobeAdobe Creative Cloud Experiencelibsnode.exe

(NVIDIA Corporation -> Node.js) C:Program Files (x86)NVIDIA CorporationNvNodeNVIDIA Web Helper.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe <3>

(NVIDIA Corporation -> NVIDIA Corporation) C:Program FilesNVIDIA CorporationNVIDIA GeForce ExperienceNVIDIA Share.exe <3>

(NVIDIA Corporation -> NVIDIA Corporation) C:Program FilesNVIDIA CorporationShadowPlaynvsphelper64.exe

(Nvidia Corporation -> NVIDIA Corporation) C:WindowsSystem32DriverStoreFileRepositorynv_dispi.inf_amd64_19c79fb6254e3b11Display.NvContainerNVDisplay.Container.exe <2>

(Razer USA Ltd. -> ) C:Program Files (x86)RazerSynapse3UserProcessRazer Synapse Service Process.exe

(Razer USA Ltd. -> Razer Inc) C:Program Files (x86)RazerRazer ServicesGMSGameManagerService.exe

(Razer USA Ltd. -> Razer Inc.) C:Program Files (x86)RazerRazer ServicesRazer CentralRazer Central.exe

(Razer USA Ltd. -> Razer Inc.) C:Program Files (x86)RazerRazer ServicesRazer CentralRazerCentralService.exe

(Razer USA Ltd. -> Razer Inc.) C:Program Files (x86)RazerSynapse3ServiceRazer Synapse Service.exe

(Razer USA Ltd. -> Razer Inc.) C:Program Files (x86)RazerSynapse3WPFUIFrameworkRazer Synapse 3 HostRazer Synapse 3.exe

(Razer USA Ltd. -> The CefSharp Authors) C:Program Files (x86)RazerRazer ServicesRazer CentralCefSharp.BrowserSubprocess.exe <2>

(Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:WindowsRtkBtManServ.exe

(Riot Games, Inc. -> Riot Games, Inc.) C:Program FilesRiot Vanguardvgtray.exe

(Skutta, Kristjan -> ) C:Program Files (x86)Steamsteamappscommonwallpaper_enginebinwallpaperservice32_c.exe

(Skutta, Kristjan -> ) C:Program Files (x86)Steamsteamappscommonwallpaper_enginewallpaper32.exe

(Valve Corp. -> Valve Corporation) C:Program Files (x86)Common FilesSteamsteamservice.exe

(Valve Corp. -> Valve Corporation) C:Program Files (x86)Steambincefcef.win7x64steamwebhelper.exe <7>

(Valve Corp. -> Valve Corporation) C:Program Files (x86)Steamsteam.exe

 

==================== Registry (Whitelisted) ===================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM…Run: [Riot Vanguard] => C:Program FilesRiot Vanguardvgtray.exe [3180256 2021-08-30] (Riot Games, Inc. -> Riot Games, Inc.)

HKLM-x32…Run: [Adobe CCXProcess] => C:Program Files (x86)AdobeAdobe Creative Cloud ExperienceCCXProcess.exe [129288 2021-09-01] (Adobe Inc. -> )

HKUS-1-5-21-4021764396-583831311-1959139057-1001…Run: [Steam] => C:Program Files (x86)Steamsteam.exe [4263336 2021-10-07] (Valve Corp. -> Valve Corporation)

HKUS-1-5-21-4021764396-583831311-1959139057-1001…Run: [EpicGamesLauncher] => C:Program Files (x86)Epic GamesLauncherPortalBinariesWin64EpicGamesLauncher.exe [33435616 2021-10-07] (Epic Games Inc. -> Epic Games, Inc.)

HKUS-1-5-21-4021764396-583831311-1959139057-1001…Run: [Battle.net] => C:Program Files (x86)Battle.netBattle.net.exe [1079184 2021-09-27] (Blizzard Entertainment, Inc. -> Blizzard Entertainment)

HKUS-1-5-21-4021764396-583831311-1959139057-1001…Run: [Synapse3] => C:Program Files (x86)RazerSynapse3WPFUIFrameworkRazer Synapse 3 HostRazer Synapse 3.exe [3522168 2021-09-16] (Razer USA Ltd. -> Razer Inc.)

HKUS-1-5-21-4021764396-583831311-1959139057-1001…Run: [vibranceGUI] => “C:UsersZoyvnDownloadsvibranceGUIvibranceGUI.exe” -minimized

HKUS-1-5-21-4021764396-583831311-1959139057-1001…Run: [com.squirrel.Teams.Teams] => C:UsersZoyvnAppDataLocalMicrosoftTeamsUpdate.exe [2455256 2021-10-02] (Microsoft 3rd Party Application Component -> Microsoft Corporation)

HKUS-1-5-21-4021764396-583831311-1959139057-1001…Run: [Discord] => C:UsersZoyvnAppDataLocalDiscordUpdate.exe [1512608 2021-09-21] (Discord Inc. -> GitHub)

HKUS-1-5-18…Run: [Synapse3] => C:Program Files (x86)RazerSynapse3WPFUIFrameworkRazer Synapse 3 HostRazer Synapse 3.exe [3522168 2021-09-16] (Razer USA Ltd. -> Razer Inc.)

HKLMSoftwareMicrosoftActive SetupInstalled Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:Program FilesGoogleChromeApplication94.0.4606.71Installerchrmstp.exe [2021-10-05] (Google LLC -> Google LLC)

 

==================== Scheduled Tasks (Whitelisted) ============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {05C4F726-A4EB-470A-8C1B-7D81F1855577} – System32TasksGoogleUpdateTaskMachineUA => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [156232 2021-08-29] (Google LLC -> Google LLC)

Task: {197D86DB-3BE0-4D34-AD14-8C74429EC4D0} – System32TasksKaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:Program FilesCommon FilesAVKaspersky Labupgrade_launcher.exe [743488 2021-10-06] (Kaspersky Lab JSC -> AO Kaspersky Lab)

Task: {2FC0108F-75A9-4A3C-8EE9-902D9083BB74} – System32TasksNvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {5F66E423-6597-46EA-A243-75D420FC28F5} – System32TasksGoogleUpdateTaskMachineCore => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [156232 2021-08-29] (Google LLC -> Google LLC)

Task: {640F920E-0644-4D47-80E2-B6D311FBED52} – System32TasksNvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationUpdate CoreNvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {7630007A-82EA-4E22-97F2-31E0AC1EC2F2} – System32TasksTaskbarX DESKTOP-43VE1G1Zoyvn => C:UsersZoyvnDownloadsTaskbarX_1.6.9.0_x64TaskbarX.exe [169984 2021-04-11] (Chris Andriessen) [File not signed]

Task: {836B319D-8A97-4C33-B4CA-C89E6F04868B} – System32TasksNvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {92F4C8A0-7C84-4B41-813A-3165581D58BE} – System32TasksNvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d “C:Program FilesNVIDIA CorporationNvDriverUpdateCheck” -l 3 -f C:ProgramDataNVIDIANvContainerDriverUpdateCheck.log

Task: {93BD881E-EDF2-4E46-AEF6-FDB4351FE3BA} – System32TasksNvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program Files (x86)NVIDIA CorporationNvNodenvnodejslauncher.exe [645488 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {AD68256B-E9F4-4FC0-8BB3-DC2E2786CB40} – System32TasksNvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d “C:Program FilesNVIDIA CorporationNvBackendNvBatteryBoostCheck” -l 3 -f C:ProgramDataNVIDIANvContainerBatteryBoostCheck.log

Task: {AEC1A9F4-3AFB-4038-A521-BB392D4A83EF} – System32TasksNVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNVIDIA GeForce ExperienceNVIDIA GeForce Experience.exe [3339120 2021-06-14] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {D1CFD48E-0D88-4091-B3E9-584368FA597F} – System32TasksNvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {E65C341B-213F-4B70-964A-1058020BB9F6} – System32TasksNvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationUpdate CoreNvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {FCA46783-4DAE-425F-B441-C297233FC140} – System32TasksNvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:WindowsTasksCreateExplorerShellUnelevatedTask.job => C:Windowsexplorer.exe

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

TcpipParameters: [DhcpNameServer] 64.59.184.13 64.59.190.242

Tcpip..Interfaces{a264bbf0-10fc-4b51-8868-6c23165ecaa7}: [DhcpNameServer] 64.59.184.13 64.59.190.242

Tcpip..Interfaces{ed73a8c0-4ef5-41b3-872d-915196d7c0b0}: [NameServer] 8.8.8.8,8.8.4.4

Tcpip..Interfaces{f1568689-79cc-4073-8548-b9e0793b5a24}: [DhcpNameServer] 64.59.184.13 64.59.190.242

 

Edge: 

=======

Edge Profile: C:UsersZoyvnAppDataLocalMicrosoftEdgeUser DataDefault [2021-09-24]

Edge Extension: (Kaspersky Protection) – C:UsersZoyvnAppDataLocalMicrosoftEdgeUser DataDefaultExtensionsahkjpbeeocnddjkakilopmfdlnjdpcdm [2021-09-24]

Edge HKUS-1-5-21-4021764396-583831311-1959139057-1001SOFTWAREMicrosoftEdgeExtensions…EdgeExtension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm]

 

FireFox:

========

FF HKLM…FirefoxExtensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] – C:Program Files (x86)Kaspersky LabKaspersky Security Cloud 21.3FFExtlight_plugin_firefoxaddon.xpi => not found

FF HKLM-x32…FirefoxExtensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] – C:Program Files (x86)Kaspersky LabKaspersky Security Cloud 21.3FFExtlight_plugin_firefoxaddon.xpi => not found

FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:Program FilesVideoLANVLCnpvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)

 

Chrome: 

=======

CHR DefaultProfile: Profile 1

CHR Profile: C:UsersZoyvnAppDataLocalGoogleChromeUser DataGuest Profile [2021-10-07]

CHR Profile: C:UsersZoyvnAppDataLocalGoogleChromeUser DataProfile 1 [2021-10-07]

CHR HomePage: Profile 1 -> hxxps://ca.search.yahoo.com/yhs/web?hspart=chetz&hsimp=yhs-001&type=brk_bfchua_17_37_btftst&param1=1&param2=f%3D1%26b%3Dchmm%26cc%3Dca%26pa%3Dbrick%26cd%3D2XzuyEtN2Y1L1QzuyByE0EyC0EtBtC0ByC0BtByDzytAyD0CtN0D0Tzu0StBtDzztDtN1L2XzutAtFtBzytFyEtFyDzztN1L1Czu1Q1ItCtN1L1G1B1V1N2Y1L1Qzu2StB0AtByEyBtAyCyBtGyD0EzzzztGyE0B0DzztGyDzyyC0DtGzz0Bzz0DtDyBzzzz0FtC0CyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AzzyD0EyC0E0F0FtG0DzytD0EtGyE0B0BzytGzy0C0FzytGtAzz0A0ByCyBtC0CyEtD0ByD2QtN0A0LzuyE%26cr%3D1403254776%26a%3Dbrk_bfchua_17_37_btftst%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome

CHR StartupUrls: Profile 1 -> “hxxps://ca.search.yahoo.com/yhs/web?hspart=chetz&hsimp=yhs-001&type=brk_bfchua_17_37_btftst&param1=1&param2=f%3D7%26b%3Dchmm%26cc%3Dca%26pa%3Dbrick%26cd%3D2XzuyEtN2Y1L1QzuyByE0EyC0EtBtC0ByC0BtByDzytAyD0CtN0D0Tzu0StBtDzztDtN1L2XzutAtFtBzytFyEtFyDzztN1L1Czu1Q1ItCtN1L1G1B1V1N2Y1L1Qzu2StB0AtByEyBtAyCyBtGyD0EzzzztGyE0B0DzztGyDzyyC0DtGzz0Bzz0DtDyBzzzz0FtC0CyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AzzyD0EyC0E0F0FtG0DzytD0EtGyE0B0BzytGzy0C0FzytGtAzz0A0ByCyBtC0CyEtD0ByD2QtN0A0LzuyE%26cr%3D1403254776%26a%3Dbrk_bfchua_17_37_btftst%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome”,”hxxps://www.google.com/”

CHR Extension: (Slides) – C:UsersZoyvnAppDataLocalGoogleChromeUser DataProfile 1Extensionsaapocclcgogkmnckokdopfmhonfmgoek [2021-08-29]

CHR Extension: (Kaspersky Protection) – C:UsersZoyvnAppDataLocalGoogleChromeUser DataProfile 1Extensionsahkjpbeeocnddjkakilopmfdlnjdpcdm [2021-10-06]

CHR Extension: (BetterTTV) – C:UsersZoyvnAppDataLocalGoogleChromeUser DataProfile 1Extensionsajopnjidmegmdimjlfnijceegpefgped [2021-10-06]

CHR Extension: (Docs) – C:UsersZoyvnAppDataLocalGoogleChromeUser DataProfile 1Extensionsaohghmighlieiainnegkcijnfilokake [2021-08-29]

CHR Extension: (Google Drive) – C:UsersZoyvnAppDataLocalGoogleChromeUser DataProfile 1Extensionsapdfllckaahabafndbhieahigkjlhalf [2021-08-29]

CHR Extension: (YouTube) – C:UsersZoyvnAppDataLocalGoogleChromeUser DataProfile 1Extensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [2021-08-29]

CHR Extension: (uBlock Origin) – C:UsersZoyvnAppDataLocalGoogleChromeUser DataProfile 1Extensionscjpalhdlnbpafiamejdnhcphjbkeiagm [2021-10-03]

CHR Extension: (Sheets) – C:UsersZoyvnAppDataLocalGoogleChromeUser DataProfile 1Extensionsfelcaaldnbdncclmgdcncolpebgiejap [2021-08-29]

CHR Extension: (Google Docs Offline) – C:UsersZoyvnAppDataLocalGoogleChromeUser DataProfile 1Extensionsghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-09-28]

CHR Extension: (Picture-in-Picture Extension (by Google)) – C:UsersZoyvnAppDataLocalGoogleChromeUser DataProfile 1Extensionshkgfoiooedgoejojocmhlaklaeopbecg [2021-08-29]

CHR Extension: (Chrome Web Store Payments) – C:UsersZoyvnAppDataLocalGoogleChromeUser DataProfile 1Extensionsnmmhkkegccagdldgiimedpiccmgmieda [2021-08-29]

CHR Extension: (Gmail) – C:UsersZoyvnAppDataLocalGoogleChromeUser DataProfile 1Extensionspjkljhegncpnkpknbcohdijeoejaedia [2021-08-29]

CHR Profile: C:UsersZoyvnAppDataLocalGoogleChromeUser DataProfile 2 [2021-10-07]

CHR Extension: (Slides) – C:UsersZoyvnAppDataLocalGoogleChromeUser DataProfile 2Extensionsaapocclcgogkmnckokdopfmhonfmgoek [2021-09-17]

CHR Extension: (Kaspersky Protection) – C:UsersZoyvnAppDataLocalGoogleChromeUser DataProfile 2Extensionsahkjpbeeocnddjkakilopmfdlnjdpcdm [2021-09-17]

CHR Extension: (Docs) – C:UsersZoyvnAppDataLocalGoogleChromeUser DataProfile 2Extensionsaohghmighlieiainnegkcijnfilokake [2021-09-17]

CHR Extension: (Google Drive) – C:UsersZoyvnAppDataLocalGoogleChromeUser DataProfile 2Extensionsapdfllckaahabafndbhieahigkjlhalf [2021-09-17]

CHR Extension: (YouTube) – C:UsersZoyvnAppDataLocalGoogleChromeUser DataProfile 2Extensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [2021-09-17]

CHR Extension: (Sheets) – C:UsersZoyvnAppDataLocalGoogleChromeUser DataProfile 2Extensionsfelcaaldnbdncclmgdcncolpebgiejap [2021-09-17]

CHR Extension: (Google Docs Offline) – C:UsersZoyvnAppDataLocalGoogleChromeUser DataProfile 2Extensionsghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-09-17]

CHR Extension: (Chrome Web Store Payments) – C:UsersZoyvnAppDataLocalGoogleChromeUser DataProfile 2Extensionsnmmhkkegccagdldgiimedpiccmgmieda [2021-09-17]

CHR Extension: (Gmail) – C:UsersZoyvnAppDataLocalGoogleChromeUser DataProfile 2Extensionspjkljhegncpnkpknbcohdijeoejaedia [2021-09-17]

CHR Profile: C:UsersZoyvnAppDataLocalGoogleChromeUser DataSystem Profile [2021-09-01]

CHR HKLM…ChromeExtension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] – hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm

CHR HKLM-x32…ChromeExtension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] – hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm

 

==================== Services (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AVP21.3; C:Program Files (x86)Kaspersky LabKaspersky Security Cloud 21.3avp.exe [184768 2021-10-06] (Kaspersky Lab JSC -> AO Kaspersky Lab)

S3 BEService; C:Program Files (x86)Common FilesBattlEyeBEService.exe [8912272 2021-08-30] (BattlEye Innovations e.K. -> )

S3 EasyAntiCheat; C:Program Files (x86)EasyAntiCheatEasyAntiCheat.exe [805488 2021-08-30] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)

R3 EpicOnlineServices; C:Program Files (x86)Epic GamesEpic Online ServicesserviceEpicOnlineServicesHost.exe [16029472 2021-10-05] (Epic Games Inc. -> Epic Games, Inc.)

S3 EQU8_36; C:ProgramDataEQU8Splitgatebinanticheat.x64.equ8.exe [6161552 2021-09-28] (Int3 Software AB -> Int3 Software AB)

S3 EQU8_39; C:ProgramDataEQU8KovaaK 2.0binanticheat.x64.equ8.exe [5941392 2021-09-14] (Int3 Software AB -> Int3 Software AB)

S3 klvssbridge64_21.3; C:Program Files (x86)Kaspersky LabKaspersky Security Cloud 21.3x64vssbridge64.exe [479280 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)

R2 KSDE5.3; C:Program Files (x86)Kaspersky LabKaspersky VPN 5.3ksde.exe [447104 2021-08-29] (Kaspersky Lab JSC -> AO Kaspersky Lab)

R2 Razer Game Manager Service; C:Program Files (x86)RazerRazer ServicesGMSGameManagerService.exe [254224 2021-06-25] (Razer USA Ltd. -> Razer Inc)

R2 Razer Synapse Service; C:Program Files (x86)RazerSynapse3ServiceRazer Synapse Service.exe [294520 2021-09-16] (Razer USA Ltd. -> Razer Inc.)

R2 RzActionSvc; C:Program Files (x86)RazerRazer ServicesRazer CentralRazerCentralService.exe [533824 2021-08-30] (Razer USA Ltd. -> Razer Inc.)

S3 vgc; C:Program FilesRiot Vanguardvgc.exe [10202040 2021-08-30] (Riot Games, Inc. -> Riot Games, Inc.)

R2 Wallpaper Engine Service; C:Program Files (x86)Steamsteamappscommonwallpaper_enginebinwallpaperservice32_c.exe [128160 2021-09-28] (Skutta, Kristjan -> )

S3 WdNisSvc; C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2109.6-0NisSrv.exe [2855512 2021-10-06] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 WinDefend; C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2109.6-0MsMpEng.exe [128392 2021-10-06] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 NVDisplay.ContainerLocalSystem; C:WindowsSystem32DriverStoreFileRepositorynv_dispi.inf_amd64_19c79fb6254e3b11Display.NvContainerNVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%NVIDIANVDisplay.ContainerLocalSystem.log -l 3 -d C:WindowsSystem32DriverStoreFileRepositorynv_dispi.inf_amd64_19c79fb6254e3b11Display.NvContainerpluginsLocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystemLocalSystem

 

===================== Drivers (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 BthA2dp; C:WindowsSystem32driversBthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]

S3 BthHFEnum; C:WindowsSystem32driversbthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]

R0 cm_km; C:WindowsSystem32DRIVERScm_km.sys [250032 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)

S3 EQU8_HELPER_36; C:Windowssystem32DRIVERSEQU8_HELPER_36.sys [38032 2021-09-28] (Int3 Software AB -> )

S3 EQU8_HELPER_39; C:Windowssystem32DRIVERSEQU8_HELPER_39.sys [38032 2021-10-01] (Int3 Software AB -> )

R1 klbackupdisk; C:Windowssystem32DRIVERSklbackupdisk.sys [110336 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)

R1 klbackupflt; C:WindowsSystem32DRIVERSklbackupflt.sys [211704 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)

R1 kldisk; C:Windowssystem32DRIVERSkldisk.sys [126216 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)

S0 klelam; C:WindowsSystem32DRIVERSklelam.sys [41656 2021-02-19] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)

R1 klflt; C:Windowssystem32DRIVERSklflt.sys [514840 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)

R1 klgse; C:WindowsSystem32DRIVERSklgse.sys [674104 2021-09-09] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)

R1 klhk; C:Windowssystem32DRIVERSklhk.sys [1469240 2021-09-09] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)

R3 klids; C:ProgramDataKaspersky LabAVP21.3Basesklids.sys [273176 2021-10-06] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)

R1 KLIF; C:WindowsSystem32DRIVERSklif.sys [1042712 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)

R1 klim6; C:Windowssystem32DRIVERSklim6.sys [98040 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)

R3 klkbdflt; C:Windowssystem32DRIVERSklkbdflt.sys [112392 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)

R3 klmouflt; C:Windowssystem32DRIVERSklmouflt.sys [112904 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)

R1 klpd; C:WindowsSystem32DRIVERSklpd.sys [85256 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)

R1 klpnpflt; C:Windowssystem32DRIVERSklpnpflt.sys [96008 2021-10-06] (Kaspersky Lab JSC -> AO Kaspersky Lab)

R3 kltap; C:WindowsSystem32driverskltap.sys [55592 2021-02-19] (AnchorFree Inc -> The OpenVPN Project)

R0 klupd_klif_arkmon; C:WindowsSystem32Driversklupd_klif_arkmon.sys [265176 2021-10-06] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)

R3 klupd_klif_klark; C:WindowsSystem32Driversklupd_klif_klark.sys [315032 2021-10-06] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)

R0 klupd_klif_klbg; C:WindowsSystem32Driversklupd_klif_klbg.sys [113952 2021-10-06] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)

R3 klupd_klif_mark; C:WindowsSystem32Driversklupd_klif_mark.sys [225648 2021-10-06] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)

R1 klwfp; C:Windowssystem32DRIVERSklwfp.sys [155912 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)

R1 klwtp; C:Windowssystem32DRIVERSklwtp.sys [327936 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)

R1 kneps; C:Windowssystem32DRIVERSkneps.sys [300808 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)

U5 PROCMON24; C:WindowsSystem32DriversPROCMON24.sys [94560 2021-10-04] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals – www.sysinternals.com)

S3 RTCore64; C:Program Files (x86)MSI AfterburnerRTCore64.sys [36824 2020-07-13] (MICRO-STAR INTERNATIONAL CO., LTD. -> )

R3 RzCommon; C:WindowsSystem32driversRzCommon.sys [54632 2021-03-30] (Razer USA Ltd. -> Razer Inc)

R3 RzDev_0094; C:WindowsSystem32driversRzDev_0094.sys [55376 2021-01-21] (Razer USA Ltd. -> Razer Inc)

S3 UniFairy; C:Windowssystem32UniFairy.sys [828144 2021-09-28] (Tencent Technology(Shenzhen) Company Limited -> )

R1 vgk; C:Program FilesRiot Vanguardvgk.sys [8234240 2021-08-30] (Riot Games, Inc. -> Riot Games, Inc.)

S3 WdBoot; C:Windowssystem32driverswdWdBoot.sys [48520 2021-10-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

S3 WdFilter; C:Windowssystem32driverswdWdFilter.sys [434424 2021-10-06] (Microsoft Windows -> Microsoft Corporation)

S3 WdNisDrv; C:WindowsSystem32driverswdWdNisDrv.sys [86264 2021-10-06] (Microsoft Windows -> Microsoft Corporation)

S3 WinRing0_1_2_0; C:UsersZoyvnDownloadsAutoFixer-20210830T030145Z-001AutoFixerOpenHardwareMonitorLib.sys [14544 2021-08-29] (Noriyuki MIYAZAKI -> OpenLibSys.org)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One month (created) (Whitelisted) =========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2021-10-07 19:35 – 2021-10-07 19:35 – 000026429 _____ C:UsersZoyvnDownloadsFRST.txt

2021-10-07 19:34 – 2021-10-07 19:35 – 000000000 ____D C:FRST

2021-10-07 19:32 – 2021-10-07 19:33 – 002308096 _____ (Farbar) C:UsersZoyvnDownloadsFRST64.exe

2021-10-07 18:04 – 2021-10-07 18:56 – 000000000 ____D C:UsersZoyvnAppDataLocalDiscord

2021-10-07 18:02 – 2021-10-07 18:02 – 082973864 _____ (Discord Inc.) C:UsersZoyvnDownloadsDiscordSetup.exe

2021-10-07 18:00 – 2021-10-07 18:00 – 000000000 ____D C:WindowsLastGood.Tmp

2021-10-07 17:57 – 2021-09-15 21:28 – 001858672 _____ C:Windowssystem32vulkaninfo-1-999-0-0-0.exe

2021-10-07 17:57 – 2021-09-15 21:28 – 001858672 _____ C:Windowssystem32vulkaninfo.exe

2021-10-07 17:57 – 2021-09-15 21:28 – 001474688 _____ (Khronos Group) C:Windowssystem32OpenCL.dll

2021-10-07 17:57 – 2021-09-15 21:28 – 001438832 _____ C:WindowsSysWOW64vulkaninfo-1-999-0-0-0.exe

2021-10-07 17:57 – 2021-09-15 21:28 – 001438832 _____ C:WindowsSysWOW64vulkaninfo.exe

2021-10-07 17:57 – 2021-09-15 21:28 – 001212544 _____ (Khronos Group) C:WindowsSysWOW64OpenCL.dll

2021-10-07 17:57 – 2021-09-15 21:28 – 001097832 _____ C:Windowssystem32vulkan-1-999-0-0-0.dll

2021-10-07 17:57 – 2021-09-15 21:28 – 001097832 _____ C:Windowssystem32vulkan-1.dll

2021-10-07 17:57 – 2021-09-15 21:28 – 000951920 _____ C:WindowsSysWOW64vulkan-1-999-0-0-0.dll

2021-10-07 17:57 – 2021-09-15 21:28 – 000951920 _____ C:WindowsSysWOW64vulkan-1.dll

2021-10-07 17:57 – 2021-09-15 21:25 – 001520760 _____ (NVIDIA Corporation) C:Windowssystem32NvIFR64.dll

2021-10-07 17:57 – 2021-09-15 21:25 – 001171064 _____ (NVIDIA Corporation) C:WindowsSysWOW64NvIFR.dll

2021-10-07 17:57 – 2021-09-15 21:25 – 000716920 _____ C:Windowssystem32nvofapi64.dll

2021-10-07 17:57 – 2021-09-15 21:25 – 000676472 _____ (NVIDIA Corporation) C:Windowssystem32NvIFROpenGL.dll

2021-10-07 17:57 – 2021-09-15 21:25 – 000645240 _____ (NVIDIA Corporation) C:Windowssystem32nvml.dll

2021-10-07 17:57 – 2021-09-15 21:25 – 000577144 _____ C:WindowsSysWOW64nvofapi.dll

2021-10-07 17:57 – 2021-09-15 21:25 – 000564344 _____ (NVIDIA Corporation) C:WindowsSysWOW64NvIFROpenGL.dll

2021-10-07 17:57 – 2021-09-15 21:24 – 008854144 _____ (NVIDIA Corporation) C:Windowssystem32nvcuvid.dll

2021-10-07 17:57 – 2021-09-15 21:24 – 001595512 _____ (NVIDIA Corporation) C:WindowsSysWOW64NvFBC.dll

2021-10-07 17:57 – 2021-09-15 21:24 – 000706168 _____ (NVIDIA Corporation) C:Windowssystem32nvidia-smi.exe

2021-10-07 17:57 – 2021-09-15 21:24 – 000447096 _____ (NVIDIA Corporation) C:Windowssystem32nvdebugdump.exe

2021-10-07 17:57 – 2021-09-15 21:23 – 007920760 _____ (NVIDIA Corporation) C:WindowsSysWOW64nvcuvid.dll

2021-10-07 17:57 – 2021-09-15 21:23 – 005681280 _____ (NVIDIA Corporation) C:Windowssystem32nvcpl.dll

2021-10-07 17:57 – 2021-09-15 21:23 – 004987512 _____ (NVIDIA Corporation) C:WindowsSysWOW64nvcuda.dll

2021-10-07 17:57 – 2021-09-15 21:23 – 002925688 _____ (NVIDIA Corporation) C:Windowssystem32nvcuda.dll

2021-10-07 17:57 – 2021-09-15 21:23 – 000849016 _____ (NVIDIA Corporation) C:Windowssystem32MCU.exe

2021-10-07 17:57 – 2021-09-15 21:21 – 006216336 _____ (NVIDIA Corporation) C:WindowsSysWOW64nvapi.dll

2021-10-07 17:57 – 2021-09-13 21:39 – 000083133 _____ C:Windowssystem32nvinfo.pb

2021-10-06 21:36 – 2021-10-06 21:37 – 000000000 ____D C:AdwCleaner

2021-10-06 21:36 – 2021-10-06 21:36 – 008553680 _____ (Malwarebytes) C:UsersZoyvnDownloadsadwcleaner_8.3.0.exe

2021-10-06 21:34 – 2021-10-06 21:34 – 000315032 _____ (AO Kaspersky Lab) C:Windowssystem32Driversklupd_klif_klark.sys

2021-10-06 21:29 – 2021-10-06 21:29 – 000265176 _____ (AO Kaspersky Lab) C:Windowssystem32Driversklupd_klif_arkmon.sys

2021-10-06 21:29 – 2021-10-06 21:29 – 000225648 _____ (AO Kaspersky Lab) C:Windowssystem32Driversklupd_klif_mark.sys

2021-10-06 21:29 – 2021-10-06 21:29 – 000113952 _____ (AO Kaspersky Lab) C:Windowssystem32Driversklupd_klif_klbg.sys

2021-10-06 21:29 – 2021-10-06 21:29 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsKaspersky Security Cloud

2021-10-06 21:29 – 2021-02-19 21:09 – 000110176 _____ (Kaspersky Lab ZAO) C:Windowssystem32klfphc.dll

2021-10-06 21:29 – 2021-02-19 21:08 – 001042712 _____ (AO Kaspersky Lab) C:Windowssystem32Driversklif.sys

2021-10-06 21:29 – 2021-02-19 21:08 – 000514840 _____ (AO Kaspersky Lab) C:Windowssystem32Driversklflt.sys

2021-10-06 21:22 – 2021-10-06 21:22 – 002760536 _____ (Kaspersky) C:UsersZoyvnDownloadsks4.021.3.10.391en_25092.exe

2021-10-06 21:18 – 2021-10-07 18:21 – 000000214 _____ C:WindowsTasksCreateExplorerShellUnelevatedTask.job

2021-10-06 21:17 – 2021-10-07 18:55 – 000613442 _____ C:Windowsntbtlog.txt

2021-10-06 20:57 – 2021-10-06 21:02 – 000000000 ____D C:UsersZoyvnAppDataRoamingaudacity

2021-10-06 20:57 – 2021-10-06 20:57 – 000000880 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsAudacity.lnk

2021-10-06 20:57 – 2021-10-06 20:57 – 000000000 ____D C:UsersZoyvnAppDataLocalaudacity

2021-10-06 20:56 – 2021-10-06 20:57 – 000000000 ____D C:Program FilesAudacity

2021-10-06 20:56 – 2021-10-06 20:56 – 057319984 _____ (Audacity Team ) C:UsersZoyvnDownloadsaudacity-win-3.0.5-64bit.exe

2021-10-05 15:49 – 2021-10-05 15:49 – 000000000 ____D C:UsersZoyvnAppDataLocalEOSUserHelper

2021-10-04 20:07 – 2021-10-04 20:07 – 014221312 _____ C:UsersZoyvnDownloadsWindowsPCHealthCheckSetup.msi

2021-10-04 20:07 – 2021-10-04 20:07 – 000001360 _____ C:UsersZoyvnAppDataRoamingMicrosoftWindowsStart MenuProgramsPC Health Check.lnk

2021-10-04 20:07 – 2021-10-04 20:07 – 000000000 ____D C:UsersZoyvnAppDataLocalPCHealthCheck

2021-10-04 19:53 – 2021-10-04 19:53 – 000000000 ____D C:UsersDefaultAppDataLocalEpic Games

2021-10-04 19:36 – 2021-10-07 19:10 – 000036208 _____ (Sysinternals – www.sysinternals.com) C:Windowssystem32DriversPROCEXP152.SYS

2021-10-04 19:24 – 2021-10-04 19:24 – 003100615 _____ C:UsersZoyvnDownloadsProcessMonitor (1).zip

2021-10-04 19:24 – 2021-10-04 19:24 – 000094560 ____H (Sysinternals – www.sysinternals.com) C:Windowssystem32DriversPROCMON24.SYS

2021-10-04 19:24 – 2021-10-04 19:24 – 000000000 ____D C:UsersZoyvnDownloadsProcessMonitor (1)

2021-10-01 18:35 – 2021-10-01 18:35 – 002105421 _____ C:UsersZoyvnDownloads3gqAtOqRuTeMbqdZ.mp4

2021-10-01 18:35 – 2021-10-01 18:35 – 002105421 _____ C:UsersZoyvnDownloads3gqAtOqRuTeMbqdZ (1).mp4

2021-10-01 10:02 – 2021-10-01 10:02 – 003482961 _____ C:UsersZoyvnDownloadsdrive-download-20211001T160249Z-001.zip

2021-10-01 10:02 – 2021-10-01 10:02 – 000000000 ____D C:UsersZoyvnDownloadssteam.design_38cd17

2021-10-01 10:02 – 2021-10-01 10:02 – 000000000 ____D C:UsersZoyvnDownloadsdrive-download-20211001T160249Z-001

2021-10-01 10:00 – 2021-10-01 10:00 – 005268743 _____ C:UsersZoyvnDownloadssteam.design_38cd17.zip

2021-09-30 11:46 – 2021-09-30 11:46 – 000073374 _____ C:UsersZoyvnDownloadsdownload.html

2021-09-29 18:56 – 2021-09-29 18:56 – 000000000 ____D C:UsersZoyvnAppDataLocalLowLandfall West

2021-09-28 16:17 – 2021-09-28 16:17 – 008618433 _____ C:UsersZoyvnDownloadsDancing Squirrel (Green Screen)_720P HD.mp4

2021-09-28 16:11 – 2021-09-28 16:11 – 002034923 _____ C:UsersZoyvnDownloads-MzNZqU75jlTd1eZ.mp4

2021-09-28 16:10 – 2021-09-28 16:10 – 003063325 _____ C:UsersZoyvnDownloadsW0Ua4NXKnFZONdeL.mp4

2021-09-28 14:57 – 2021-09-28 14:57 – 000680294 _____ C:UsersZoyvnDownloadsSensitivityMatcher_exe.zip

2021-09-28 14:57 – 2021-09-28 14:57 – 000000000 ____D C:UsersZoyvnDownloadsSensitivityMatcher_exe

2021-09-28 13:07 – 2021-09-28 13:07 – 005261660 _____ C:UsersZoyvnDownloadsshahzam my king.mp4

2021-09-28 11:53 – 2021-09-28 11:54 – 000038032 _____ C:Windowssystem32DriversEQU8_HELPER_36.sys

2021-09-28 11:03 – 2021-09-28 11:03 – 000000000 ____D C:UsersZoyvnAppDataLocalPortalWars

2021-09-27 22:10 – 2021-09-27 22:10 – 000255928 _____ (Malwarebytes) C:Windowssystem32Drivers2555B1B1.sys

2021-09-27 22:09 – 2021-09-27 22:22 – 000000000 ____D C:UsersZoyvnDownloadsmbar

2021-09-27 21:29 – 2021-10-02 19:56 – 000002379 _____ C:UsersZoyvnAppDataRoamingMicrosoftWindowsStart MenuProgramsMicrosoft Teams.lnk

2021-09-27 21:29 – 2021-09-27 21:29 – 000000000 ____D C:UsersZoyvnAppDataRoamingTeams

2021-09-27 18:26 – 2021-09-27 18:26 – 000135354 _____ C:UsersZoyvnDownloadsmzCW_yQRAFy7dALz.mp4

2021-09-27 18:25 – 2021-09-27 18:25 – 000206950 _____ C:UsersZoyvnDownloads6k46xo3RKf2Zl8-Q.mp4

2021-09-27 18:23 – 2021-09-27 18:23 – 000627789 _____ C:UsersZoyvnDownloadsxkBbrdd6oLWRnNzO.mp4

2021-09-27 18:22 – 2021-09-27 18:22 – 000287956 _____ C:UsersZoyvnDownloadsvIuU1D3v9Caa7Cm2.mp4

2021-09-27 18:20 – 2021-09-27 18:20 – 000448041 _____ C:UsersZoyvnDownloadsHUUvlXMIn0mxKdEZ.mp4

2021-09-27 18:13 – 2021-09-27 18:13 – 001316409 _____ C:UsersZoyvnDownloadsOR9WgFi_c5hGlsYd.mp4

2021-09-25 22:11 – 2021-09-25 22:11 – 001007349 _____ C:UsersZoyvnDownloadsTIANMENMAN SQUARE PROPAGANDA.mp4

2021-09-25 14:31 – 2021-09-25 14:31 – 069746200 _____ (Riot Games, Inc.) C:UsersZoyvnDownloadsInstall League of Legends na.exe

2021-09-24 19:19 – 2021-09-24 19:19 – 008703024 _____ (ESET) C:UsersZoyvnDownloadseset_internet_security_live_installer.exe

2021-09-24 15:13 – 2021-09-24 15:42 – 000000000 ____D C:r5reloaded

2021-09-24 15:12 – 2021-09-24 15:12 – 002591218 _____ C:UsersZoyvnDownloadsscripts_r5-S3_N1094.zip

2021-09-24 15:11 – 2021-09-24 15:11 – 001764246 _____ C:UsersZoyvnDownloadsv1.6-beta.zip

2021-09-24 15:11 – 2021-09-24 15:11 – 001764246 _____ C:UsersZoyvnDownloadsv1.6-beta (1).zip

2021-09-24 13:03 – 2021-09-24 13:03 – 000000000 ____D C:UsersZoyvnAppDataRoamingvibranceGUI

2021-09-22 20:43 – 2021-09-22 20:43 – 000080833 _____ C:UsersZoyvnDownloads1.html

2021-09-20 21:26 – 2021-09-20 21:26 – 000813753 _____ C:UsersZoyvnDownloadsE_wV05LUcAkZHru.mp4

2021-09-20 21:16 – 2021-09-20 21:16 – 000060381 _____ C:UsersZoyvnDownloadsHjDfq0yCdvRYewx9.mp4

2021-09-19 14:50 – 2021-09-19 14:50 – 001097464 _____ C:UsersZoyvnDownloadsplaying with jacob.mp4

2021-09-18 22:58 – 2021-10-05 15:48 – 000000000 ____D C:UsersZoyvnAppDataLocalEpic Games

2021-09-18 22:58 – 2021-09-18 22:58 – 000000000 ____D C:UsersZoyvnAppDataLocalRocket League

2021-09-18 10:34 – 2021-09-18 10:34 – 000112151 _____ C:UsersZoyvnDownloadsfurioussscs.html

2021-09-17 17:50 – 2021-09-17 17:50 – 000079946 _____ C:UsersZoyvnDownloadsameliaRT.html

2021-09-17 13:59 – 2021-09-17 13:59 – 000000000 ____D C:Windowssystem32lxss

2021-09-17 13:59 – 2021-09-17 13:59 – 000000000 ____D C:UsersZoyvnAppDataLocalDBG

2021-09-17 13:56 – 2021-08-27 10:54 – 000037664 _____ (NVIDIA Corporation) C:Windowssystem32Driversnvhdap64.dll

2021-09-17 08:49 – 2021-09-17 08:49 – 001164288 _____ C:Windowssystem32MBR2GPT.EXE

2021-09-17 08:49 – 2021-09-17 08:49 – 000566784 _____ (Microsoft Corporation) C:Windowssystem32winspool.drv

2021-09-17 08:49 – 2021-09-17 08:49 – 000426496 _____ (Microsoft Corporation) C:WindowsSysWOW64winspool.drv

2021-09-17 08:49 – 2021-09-17 08:49 – 000147456 _____ (Microsoft Corporation) C:Windowssystem32wshom.ocx

2021-09-17 08:49 – 2021-09-17 08:49 – 000122880 _____ (Microsoft Corporation) C:WindowsSysWOW64wshom.ocx

2021-09-17 08:49 – 2021-09-17 08:49 – 000011355 _____ C:Windowssystem32DrtmAuthTxt.wim

2021-09-17 08:45 – 2021-09-17 08:45 – 000000000 ___HD C:$WinREAgent

2021-09-16 16:46 – 2021-09-16 18:04 – 000000000 ____D C:UsersZoyvnDocumentsOverwatch

2021-09-16 16:36 – 2021-09-16 16:36 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsOverwatch

2021-09-16 16:21 – 2021-09-28 12:33 – 000000000 ____D C:Program Files (x86)Overwatch

2021-09-16 16:21 – 2021-09-16 16:21 – 000000000 ____D C:ProgramDataBlizzard Entertainment

2021-09-16 14:45 – 2021-09-28 16:00 – 000828144 _____ () C:Windowssystem32UniFairy.sys

2021-09-16 14:45 – 2021-09-16 14:45 – 000000000 ____D C:WindowsMinidump

2021-09-16 14:23 – 2021-09-16 14:23 – 000000000 ___SH C:UsersPublicShared Files

2021-09-16 14:16 – 2021-09-16 14:16 – 000000000 ____D C:UsersZoyvnAppDataLocalFortniteGame

2021-09-16 14:16 – 2021-09-16 14:16 – 000000000 ____D C:UsersZoyvnAppDataLocalCrashReportClient

2021-09-14 17:36 – 2021-10-01 09:18 – 000038032 _____ C:Windowssystem32DriversEQU8_HELPER_39.sys

2021-09-14 17:36 – 2021-09-28 11:53 – 000000000 ____D C:ProgramDataEQU8

2021-09-14 17:36 – 2021-09-14 17:36 – 000000000 ____D C:UsersZoyvnAppDataLocalFPSAimTrainer

2021-09-11 17:14 – 2021-09-11 17:14 – 000078230 _____ C:UsersZoyvnDownloadslutoaraka.html

2021-09-09 19:20 – 2021-09-09 19:20 – 000000000 ____D C:UsersZoyvnAppDataLocalLowStatespace

2021-09-08 22:01 – 2021-09-08 22:01 – 003443996 _____ C:UsersZoyvnDownloadsvideo0.mov

2021-09-08 20:32 – 2021-09-08 20:32 – 000000000 ____D C:UsersZoyvnAppDataLocalVALORANT

2021-09-08 19:07 – 2021-09-08 19:08 – 000000000 ____D C:Program Files (x86)RivaTuner Statistics Server

2021-09-08 19:07 – 2021-09-08 19:07 – 000000000 ____D C:WindowsSysWOW64directx

2021-09-08 19:07 – 2021-09-08 19:07 – 000000000 ____D C:UsersZoyvnAppDataRoamingMicrosoftWindowsStart MenuProgramsRivaTuner Statistics Server

2021-09-08 19:00 – 2021-09-08 19:08 – 000000000 ____D C:Program Files (x86)MSI Afterburner

2021-09-08 19:00 – 2021-09-08 19:00 – 054261822 _____ C:UsersZoyvnDownloadsMSIAfterburnerSetup.zip

2021-09-08 19:00 – 2021-09-08 19:00 – 000000000 ____D C:UsersZoyvnDownloadsMSIAfterburnerSetup

2021-09-08 19:00 – 2021-09-08 19:00 – 000000000 ____D C:UsersZoyvnAppDataRoamingMicrosoftWindowsStart MenuProgramsMSI Afterburner

2021-09-08 18:47 – 2021-09-08 18:47 – 003142907 _____ C:UsersZoyvnDownloadsProcessMonitor.zip

2021-09-08 18:20 – 2021-09-29 10:12 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsRazer

2021-09-08 18:20 – 2021-09-08 18:21 – 000000000 ____D C:UsersZoyvnAppDataLocalRazer

2021-09-08 18:20 – 2021-09-08 18:20 – 000000000 ____D C:UsersZoyvnAppDataRoamingSynapse3

2021-09-08 18:20 – 2021-09-08 18:20 – 000000000 ____D C:temp

2021-09-08 18:19 – 2021-09-08 18:19 – 000000000 ____D C:Program Files (x86)Razer Chroma SDK

2021-09-08 18:13 – 2021-09-08 18:13 – 006664464 _____ (Razer Inc.) C:UsersZoyvnDownloadsRazerSynapseInstaller_V1.0.150.988.exe

2021-09-08 17:58 – 2021-09-08 17:58 – 000184954 _____ C:UsersZoyvnDownloadsvideo_meme-5-1.mp4

2021-09-07 18:42 – 2021-09-07 18:42 – 007083445 _____ C:UsersZoyvnDownloadsbruh_5.mp4

 

==================== One month (modified) ==================

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2021-10-07 19:36 – 2021-08-30 18:52 – 000000000 ____D C:UsersZoyvnAppDataLocalBattle.net

2021-10-07 19:25 – 2021-08-29 19:57 – 000000000 ____D C:Program Files (x86)Steam

2021-10-07 19:16 – 2021-08-29 19:40 – 000000000 ____D C:UsersZoyvnAppDataRoamingdiscord

2021-10-07 19:02 – 2021-08-29 19:14 – 000840598 _____ C:Windowssystem32PerfStringBackup.INI

2021-10-07 19:02 – 2019-12-07 03:13 – 000000000 ____D C:WindowsINF

2021-10-07 18:59 – 2019-12-07 03:14 – 000000000 ____D C:WindowsAppReadiness

2021-10-07 18:58 – 2021-08-31 11:13 – 000000001 _____ C:Windowsvgkbootstatus.dat

2021-10-07 18:58 – 2021-08-29 19:26 – 000000000 ____D C:Program Files (x86)Google

2021-10-07 18:57 – 2021-08-29 19:23 – 000000000 ____D C:ProgramDataNVIDIA

2021-10-07 18:56 – 2019-12-07 03:14 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft

2021-10-07 18:55 – 2021-08-29 17:07 – 000008192 ___SH C:DumpStack.log.tmp

2021-10-07 18:55 – 2021-08-29 17:07 – 000000006 ____H C:WindowsTasksSA.DAT

2021-10-07 18:55 – 2019-12-07 03:03 – 000524288 _____ C:Windowssystem32configBBI

2021-10-07 18:43 – 2021-08-29 17:07 – 000000000 ____D C:Windowssystem32SleepStudy

2021-10-07 18:19 – 2021-08-29 19:14 – 000000000 ____D C:UsersZoyvn

2021-10-07 18:04 – 2021-08-29 19:40 – 000000000 ____D C:UsersZoyvnAppDataRoamingMicrosoftWindowsStart MenuProgramsDiscord Inc

2021-10-07 18:04 – 2021-08-29 19:40 – 000000000 ____D C:UsersZoyvnAppDataLocaltmpj5i0vjl2.w4v

2021-10-07 18:04 – 2021-08-29 19:40 – 000000000 ____D C:UsersZoyvnAppDataLocalSquirrelTemp

2021-10-07 17:59 – 2021-08-29 19:14 – 000000000 ____D C:ProgramDataNVIDIA Corporation

2021-10-07 14:21 – 2021-09-01 18:03 – 000000000 ____D C:UsersZoyvnAppDataRoamingLosslessCut

2021-10-07 14:13 – 2021-08-31 13:19 – 000000000 ____D C:Program FilesGenshin Impact

2021-10-07 13:24 – 2021-08-29 20:42 – 000000000 ____D C:ProgramDataRiot Games

2021-10-06 21:32 – 2021-02-19 21:09 – 000096008 _____ (AO Kaspersky Lab) C:Windowssystem32Driversklpnpflt.sys

2021-10-06 21:29 – 2021-08-29 19:23 – 000003392 _____ C:Windowssystem32TasksKaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}

2021-10-06 21:29 – 2021-08-29 19:23 – 000000000 ____D C:ProgramDataKaspersky Lab

2021-10-06 21:29 – 2021-08-29 19:23 – 000000000 ____D C:Program FilesCommon FilesAV

2021-10-06 21:29 – 2021-08-29 19:23 – 000000000 ____D C:Program Files (x86)Kaspersky Lab

2021-10-06 21:29 – 2019-12-07 03:14 – 000000000 ___HD C:WindowsELAMBKUP

2021-10-06 21:29 – 2019-12-07 03:03 – 000032768 _____ C:Windowssystem32configELAM

2021-10-06 21:12 – 2021-08-29 21:52 – 000000000 ____D C:ProgramDataMalwarebytes

2021-10-06 19:32 – 2019-12-07 03:14 – 000000000 ___HD C:Program FilesWindowsApps

2021-10-06 18:37 – 2021-08-30 14:13 – 000000000 ____D C:UsersZoyvnAppDataRoamingvlc

2021-10-06 16:29 – 2021-08-29 20:43 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsRiot Games

2021-10-06 16:19 – 2021-08-29 17:07 – 000000000 ____D C:Windowssystem32Driverswd

2021-10-05 20:37 – 2021-08-29 19:26 – 000002262 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk

2021-10-04 21:35 – 2021-08-29 19:56 – 000000000 ____D C:UsersZoyvnAppDataLocalElevatedDiagnostics

2021-10-04 21:24 – 2021-08-29 19:16 – 000000000 ____D C:UsersZoyvnAppDataLocalPackages

2021-10-04 19:28 – 2021-08-29 21:37 – 000000000 ____D C:UsersZoyvnAppDataLocalCrashDumps

2021-10-03 10:20 – 2021-08-29 17:07 – 000002453 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Edge.lnk

2021-10-02 21:02 – 2021-08-30 18:00 – 000000000 ____D C:UsersZoyvnAppDataLocalUbisoft Game Launcher

2021-10-02 15:08 – 2021-09-01 13:40 – 000000000 ____D C:UsersZoyvnAppDataLocalosu!

2021-10-01 19:14 – 2021-08-29 17:07 – 000003480 _____ C:Windowssystem32TasksMicrosoftEdgeUpdateTaskMachineUA

2021-10-01 19:14 – 2021-08-29 17:07 – 000003356 _____ C:Windowssystem32TasksMicrosoftEdgeUpdateTaskMachineCore

2021-10-01 09:13 – 2021-08-31 17:10 – 000000000 ____D C:Program FilesMicrosoft Update Health Tools

2021-09-30 20:31 – 2021-08-29 19:26 – 000003420 _____ C:Windowssystem32TasksGoogleUpdateTaskMachineUA

2021-09-30 20:31 – 2021-08-29 19:26 – 000003296 _____ C:Windowssystem32TasksGoogleUpdateTaskMachineCore

2021-09-30 11:43 – 2021-08-30 12:10 – 000000000 ____D C:UsersZoyvnAppDataRoaminglunarclient

2021-09-30 11:18 – 2019-12-07 03:03 – 000000000 ____D C:WindowsCbsTemp

2021-09-30 11:06 – 2019-12-07 03:03 – 000000000 ____D C:Windowsservicing

2021-09-29 19:39 – 2021-08-30 12:09 – 000000000 ____D C:UsersZoyvnAppDataRoaming.minecraft

2021-09-29 15:34 – 2021-08-31 20:06 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsRoblox

2021-09-28 17:38 – 2019-12-07 03:14 – 000000000 ___RD C:WindowsImmersiveControlPanel

2021-09-28 11:53 – 2021-08-29 20:27 – 000000000 ____D C:UsersZoyvnAppDataLocalUnrealEngine

2021-09-28 08:42 – 2021-08-30 18:52 – 000000000 ____D C:Program Files (x86)Battle.net

2021-09-27 22:22 – 2021-09-01 20:11 – 000000000 ____D C:ProgramDataMalwarebytes’ Anti-Malware (portable)

2021-09-27 21:31 – 2021-08-29 19:16 – 000000000 __RHD C:UsersPublicAccountPictures

2021-09-25 14:32 – 2021-08-29 20:43 – 000000000 ____D C:Riot Games

2021-09-25 10:22 – 2021-08-29 19:16 – 000000000 ____D C:UsersZoyvnAppDataLocalD3DSCache

2021-09-24 19:26 – 2021-09-02 23:36 – 000000000 ____D C:UsersZoyvnAppDataLocalESET

2021-09-20 16:24 – 2021-08-29 17:07 – 000257904 _____ C:Windowssystem32FNTCACHE.DAT

2021-09-20 16:23 – 2019-12-07 03:14 – 000000000 ____D C:WindowsSystemResources

2021-09-20 16:23 – 2019-12-07 03:14 – 000000000 ____D C:Windowssystem32oobe

2021-09-20 16:23 – 2019-12-07 03:14 – 000000000 ____D C:Windowsbcastdvr

2021-09-19 20:50 – 2021-08-30 18:02 – 000000000 ____D C:UsersZoyvnDocumentsMy Games

2021-09-19 20:49 – 2021-08-30 17:07 – 000000000 ____D C:UsersZoyvnAppDataRoamingEasyAntiCheat

2021-09-17 22:25 – 2021-08-30 12:10 – 000000000 ____D C:UsersZoyvnAppDataLocallunarclient-updater

2021-09-17 20:57 – 2021-08-31 17:06 – 000000000 ____D C:Windowssystem32MRT

2021-09-17 20:56 – 2021-08-31 17:06 – 135637312 ____C (Microsoft Corporation) C:Windowssystem32MRT.exe

2021-09-17 13:59 – 2021-08-29 19:44 – 000000000 ____D C:UsersZoyvnAppDataLocalNVIDIA

2021-09-17 13:59 – 2021-08-29 19:44 – 000000000 ____D C:Program Files (x86)NVIDIA Corporation

2021-09-17 13:59 – 2021-08-29 19:14 – 000000000 ____D C:Windowssystem32DriversNVIDIA Corporation

2021-09-16 16:46 – 2021-08-30 18:52 – 000000000 ____D C:UsersZoyvnAppDataRoamingBattle.net

2021-09-16 16:25 – 2021-08-29 20:27 – 000000000 ____D C:ProgramDataEpic

2021-09-16 16:21 – 2021-08-30 18:51 – 000000000 ____D C:UsersZoyvnAppDataLocalBlizzard Entertainment

2021-09-16 14:45 – 2021-08-31 13:57 – 000000000 ____D C:UsersZoyvnAppDataLocalLowmiHoYo

2021-09-16 14:23 – 2019-12-07 03:14 – 000000000 __SHD C:UsersPublicLibraries

2021-09-16 14:17 – 2021-08-29 19:44 – 000000000 ____D C:UsersZoyvnAppDataLocalNVIDIA Corporation

2021-09-15 21:24 – 2021-08-29 19:14 – 002112120 _____ (NVIDIA Corporation) C:Windowssystem32NvFBC64.dll

2021-09-15 21:24 – 2021-08-29 19:14 – 000919160 _____ (NVIDIA Corporation) C:Windowssystem32nvEncodeAPI64.dll

2021-09-15 21:24 – 2021-08-29 19:14 – 000750200 _____ (NVIDIA Corporation) C:WindowsSysWOW64nvEncodeAPI.dll

2021-09-15 21:22 – 2021-08-29 19:14 – 007280840 _____ (NVIDIA Corporation) C:Windowssystem32nvapi64.dll

2021-09-15 17:24 – 2021-08-29 19:13 – 000000000 ____D C:Program Files (x86)Razer

2021-09-10 06:59 – 2021-08-30 17:57 – 000000000 ____D C:Program FilesRiot Vanguard

2021-09-09 11:22 – 2021-02-19 21:09 – 001469240 _____ (AO Kaspersky Lab) C:Windowssystem32Driversklhk.sys

2021-09-09 11:22 – 2021-02-19 21:09 – 000674104 _____ (AO Kaspersky Lab) C:Windowssystem32Driversklgse.sys

2021-09-08 21:47 – 2021-08-31 17:10 – 000605520 _____ (Microsoft Corporation) C:Windowssystem32sedplugins.dll

2021-09-08 21:47 – 2021-08-31 17:10 – 000486736 _____ (Microsoft Corporation) C:Windowssystem32QualityUpdateAssistant.dll

2021-09-08 20:32 – 2021-08-29 20:42 – 000000000 ____D C:UsersZoyvnAppDataLocalRiot Games

2021-09-08 18:19 – 2021-08-29 19:13 – 000000000 ____D C:ProgramDataRazer

2021-09-08 18:18 – 2021-08-29 19:44 – 000000000 ____D C:ProgramDataPackage Cache

 

==================== Files in the root of some directories ========

 

2021-09-24 13:03 – 2021-10-01 14:00 – 000004721 _____ () C:UsersZoyvnAppDataRoamingvibranceGUI.log

 

==================== SigCheck ============================

 

(There is no automatic fix for files that do not pass verification.)

 

==================== End of FRST.txt ========================

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2021

Ran by Zoyvn (07-10-2021 19:36:42)

Running from C:UsersZoyvnDownloads

Windows 10 Home Version 21H1 19043.1237 (X64) (2021-08-29 23:09:37)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

 

(If an entry is included in the fixlist, it will be removed.)

 

Administrator (S-1-5-21-4021764396-583831311-1959139057-500 – Administrator – Disabled)

DefaultAccount (S-1-5-21-4021764396-583831311-1959139057-503 – Limited – Disabled)

Guest (S-1-5-21-4021764396-583831311-1959139057-501 – Limited – Disabled)

WDAGUtilityAccount (S-1-5-21-4021764396-583831311-1959139057-504 – Limited – Disabled)

Zoyvn (S-1-5-21-4021764396-583831311-1959139057-1001 – Administrator – Enabled) => C:UsersZoyvn

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: ESET Security (Enabled – Up to date) {89B55CC4-3881-78B2-11E2-479AE0371896}

AV: Windows Defender (Disabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Kaspersky Security Cloud (Enabled – Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}

FW: Kaspersky Security Cloud (Enabled) {774D7037-0984-41B0-3A87-5E88E680AD58}

FW: ESET Firewall (Disabled) {B18EDDE1-72EE-79EA-3ABD-EEAF1EE45FED}

 

==================== Installed Programs ======================

 

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe Premiere Pro 2021 (HKLM-x32…PPRO_15_0) (Version: 15.0 – Adobe Inc.)

Audacity 3.0.5 (HKLM…Audacity_is1) (Version: 3.0.5 – Audacity Team)

Battle.net (HKLM-x32…Battle.net) (Version:  – Blizzard Entertainment)

Discord (HKUS-1-5-21-4021764396-583831311-1959139057-1001…Discord) (Version: 1.0.9003 – Discord Inc.)

Epic Games Launcher (HKLM-x32…{A7BBC0A6-3DB0-41CC-BCED-DDFC5D4F3060}) (Version: 1.2.17.0 – Epic Games, Inc.)

Epic Games Launcher Prerequisites (x64) (HKLM…{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 – Epic Games, Inc.) Hidden

Epic Online Services (HKLM-x32…{32C68D93-D32F-4B01-8250-61642BFC22F8}) (Version: 2.0.28.0 – Epic Games, Inc.)

Genshin Impact (HKLM…Genshin Impact) (Version: 2.11.2.0 – miHoYo Co.,Ltd)

Google Chrome (HKLM-x32…Google Chrome) (Version: 94.0.4606.71 – Google LLC)

Honkai Impact 3rd (HKLM…Honkai Impact 3rd) (Version: 2.8.3.0 – miHoYo Co.,Ltd)

Kaspersky Security Cloud (HKLM-x32…{4FC79BE9-AD63-46C0-9626-E4F6BCE6A976}) (Version: 21.3.10.391 – Kaspersky) Hidden

Kaspersky Security Cloud (HKLM-x32…InstallWIX_{4FC79BE9-AD63-46C0-9626-E4F6BCE6A976}) (Version: 21.3.10.391 – Kaspersky)

Kaspersky VPN (HKLM-x32…{FF2A12B8-AEB7-48C0-95C8-E2E3D67DFCB2}) (Version: 21.3.10.391 – Kaspersky) Hidden

Kaspersky VPN (HKLM-x32…InstallWIX_{FF2A12B8-AEB7-48C0-95C8-E2E3D67DFCB2}) (Version: 21.3.10.391 – Kaspersky)

Launcher Prerequisites (x64) (HKLM-x32…{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 – Epic Games, Inc.) Hidden

League of Legends (HKUS-1-5-21-4021764396-583831311-1959139057-1001…Riot Game league_of_legends.live) (Version:  – Riot Games, Inc)

Lunar Client (HKUS-1-5-21-4021764396-583831311-1959139057-1001…1fcec38f-e773-5444-8669-32b8eb41524b) (Version: 2.8.4 – Moonsworth, LLC)

Microsoft Edge (HKLM-x32…Microsoft Edge) (Version: 94.0.992.38 – Microsoft Corporation)

Microsoft Teams (HKUS-1-5-21-4021764396-583831311-1959139057-1001…Teams) (Version: 1.4.00.26376 – Microsoft Corporation)

Microsoft Update Health Tools (HKLM…{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 – Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable – x64 9.0.30729.6161 (HKLM…{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 – Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.6161 (HKLM-x32…{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 – Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable – 10.0.40219 (HKLM…{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 – Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable – 10.0.40219 (HKLM-x32…{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 – Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) – 11.0.61030 (HKLM-x32…{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 – Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) – 11.0.61030 (HKLM-x32…{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 – Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.40660 (HKLM-x32…{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 – Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) – 12.0.40660 (HKLM-x32…{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 – Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x64) – 14.28.29334 (HKLM-x32…{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 – Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x86) – 14.28.29914 (HKLM-x32…{1b5476d9-ab8e-4b0d-b004-059a1bd5568b}) (Version: 14.28.29914.0 – Microsoft Corporation)

Minecraft Launcher (HKLM-x32…{733C3ACB-432D-4880-B0E1-660000D7974D}) (Version: 1.0.0.0 – Mojang)

MSI Afterburner 4.6.4 Beta 3 (HKLM-x32…Afterburner) (Version: 4.6.4 Beta 3 – MSI Co., LTD)

Notepad++ (64-bit x64) (HKLM…Notepad++) (Version: 8.1.4 – Notepad++ Team)

NVIDIA FrameView SDK 1.1.4923.29968894 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29968894 – NVIDIA Corporation)

NVIDIA GeForce Experience 3.23.0.74 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.23.0.74 – NVIDIA Corporation)

NVIDIA Graphics Driver 472.12 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 472.12 – NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.38.60 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.60 – NVIDIA Corporation)

NVIDIA PhysX System Software 9.19.0218 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 – NVIDIA Corporation)

osu! (HKLM-x32…{471d7a7e-f441-4262-9eae-b9ac1a25fa02}) (Version: latest – ppy Pty Ltd)

Overwatch (HKLM-x32…Overwatch) (Version:  – Blizzard Entertainment)

Razer Synapse (HKLM-x32…Razer Synapse) (Version: 3.6.0920.091710 – Razer Inc.)

Riot Vanguard (HKLM…Riot Vanguard) (Version:  – Riot Games, Inc.)

RivaTuner Statistics Server 7.3.2 Beta 2 (HKLM-x32…RTSS) (Version: 7.3.2 Beta 2 – Unwinder)

Roblox Player (HKLM-x32…roblox-player-admin) (Version:  – Roblox Corporation)

Roblox Player for Zoyvn (HKUS-1-5-21-4021764396-583831311-1959139057-1001…roblox-player) (Version:  – Roblox Corporation)

Steam (HKLM-x32…Steam) (Version: 2.10.91.91 – Valve Corporation)

Ubisoft Connect (HKLM-x32…Uplay) (Version: 73.0 – Ubisoft)

VALORANT (HKUS-1-5-21-4021764396-583831311-1959139057-1001…Riot Game valorant.live) (Version:  – Riot Games, Inc)

VLC media player (HKLM…VLC media player) (Version: 3.0.16 – VideoLAN)

Windows PC Health Check (HKLM…{77ACFAF7-E5AB-410D-BA14-BBEBF89422DE}) (Version: 3.1.2109.29003 – Microsoft Corporation)

WinRAR 6.02 (64-bit) (HKLM…WinRAR archiver) (Version: 6.02.0 – win.rar GmbH)

 

Packages:

=========

NVIDIA Control Panel -> C:Program FilesWindowsAppsNVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-10-07] (NVIDIA Corp.)

 

==================== Custom CLSID (Whitelisted): ==============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKUS-1-5-21-4021764396-583831311-1959139057-1001_ClassesCLSID{19A6E644-14E6-4A60-B8D7-DD20610A871D}InprocServer32 -> C:UsersZoyvnAppDataLocalMicrosoftTeamsMeetingAddin1.0.21161.4x64Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)

CustomCLSID: HKUS-1-5-21-4021764396-583831311-1959139057-1001_ClassesCLSID{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}InprocServer32 -> C:UsersZoyvnAppDataLocalMicrosoftOneDrive21.150.0725.0001amd64FileSyncShell64.dll => No File

CustomCLSID: HKUS-1-5-21-4021764396-583831311-1959139057-1001_ClassesCLSID{20894375-46AE-46E2-BAFD-CB38975CDCE6}InprocServer32 -> C:UsersZoyvnAppDataLocalMicrosoftOneDrive21.150.0725.0001amd64FileSyncShell64.dll => No File

CustomCLSID: HKUS-1-5-21-4021764396-583831311-1959139057-1001_ClassesCLSID{47E6DCAF-41F8-441C-BD0E-A50D5FE6C4D1}localserver32 -> “C:UsersZoyvnAppDataLocalMicrosoftOneDrive21.150.0725.0001Microsoft.Nucleus.exe” => No File

CustomCLSID: HKUS-1-5-21-4021764396-583831311-1959139057-1001_ClassesCLSID{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}InprocServer32 -> C:UsersZoyvnAppDataLocalMicrosoftOneDrive21.150.0725.0001amd64FileSyncShell64.dll => No File

CustomCLSID: HKUS-1-5-21-4021764396-583831311-1959139057-1001_ClassesCLSID{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}InprocServer32 -> C:UsersZoyvnAppDataLocalMicrosoftOneDrive21.150.0725.0001amd64FileSyncShell64.dll => No File

CustomCLSID: HKUS-1-5-21-4021764396-583831311-1959139057-1001_ClassesCLSID{917E8742-AA3B-7318-FA12-10485FB322A2}localserver32 -> “C:UsersZoyvnAppDataLocalMicrosoftOneDrive21.150.0725.0001Microsoft.Nucleus.exe” => No File

ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:Program FilesNotepad++NppShell_06.dll [2021-08-21] (Notepad++ -> )

ContextMenuHandlers1: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:Program Files (x86)Kaspersky LabKaspersky Security Cloud 21.3x64shellex.dll [2021-10-06] (Kaspersky Lab JSC -> AO Kaspersky Lab)

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:Program FilesWinRARrarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:Program FilesWinRARrarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers2: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:Program Files (x86)Kaspersky LabKaspersky Security Cloud 21.3x64shellex.dll [2021-10-06] (Kaspersky Lab JSC -> AO Kaspersky Lab)

ContextMenuHandlers4: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:Program Files (x86)Kaspersky LabKaspersky Security Cloud 21.3x64shellex.dll [2021-10-06] (Kaspersky Lab JSC -> AO Kaspersky Lab)

ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:WindowsSystem32DriverStoreFileRepositorynv_dispi.inf_amd64_19c79fb6254e3b11nvshext.dll [2021-09-15] (Nvidia Corporation -> NVIDIA Corporation)

ContextMenuHandlers6: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:Program Files (x86)Kaspersky LabKaspersky Security Cloud 21.3x64shellex.dll [2021-10-06] (Kaspersky Lab JSC -> AO Kaspersky Lab)

ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:Program FilesWinRARrarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:Program FilesWinRARrarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)

 

==================== Codecs (Whitelisted) ====================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM…Drivers32: [VIDC.RTV1] => C:Windowssystem32rtvcvfw64.dll [246272 2012-09-28] () [File not signed]

HKLM…Drivers32: [VIDC.RTV1] => C:WindowsSysWOW64rtvcvfw32.dll [247296 2012-09-28] () [File not signed]

 

==================== Shortcuts & WMI ========================

 

(The entries could be listed to be restored or removed.)

 

ShortcutWithArgument: C:UsersZoyvnAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedImplicitAppShortcuts9501e18d7c2ab92eNathaniel (school.ecsd.net) – Chrome.lnk -> C:Program FilesGoogleChromeApplicationchrome.exe (Google LLC) -> –profile-directory=”Profile 2″

ShortcutWithArgument: C:UsersZoyvnAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedImplicitAppShortcuts69639df789022856Google Chrome.lnk -> C:Program FilesGoogleChromeApplicationchrome.exe (Google LLC) -> –profile-directory=”Profile 1″

 

==================== Loaded Modules (Whitelisted) =============

 

2021-10-01 20:01 – 2021-10-01 20:01 – 000747008 _____ () [File not signed] \?C:Program Files (x86)Epic GamesEpic Online Servicesipc.node

2021-10-01 20:01 – 2021-10-01 20:01 – 001224704 _____ () [File not signed] \?C:Program Files (x86)Epic GamesEpic Online Servicesos_toolbox.node

2021-09-27 11:38 – 2021-09-27 11:38 – 104869376 _____ () [File not signed] C:Program Files (x86)Battle.netBattle.net.13121libcef.dll

2021-09-27 11:38 – 2021-09-27 11:38 – 000112128 _____ () [File not signed] C:Program Files (x86)Battle.netBattle.net.13121libegl.dll

2021-09-27 11:38 – 2021-09-27 11:38 – 006227456 _____ () [File not signed] C:Program Files (x86)Battle.netBattle.net.13121libglesv2.dll

2021-10-06 21:21 – 2021-10-06 21:21 – 000098816 _____ (Epic Games, Inc.) [File not signed] [File is in use] C:WindowsTEMP.netEpicOnlineServicesHostlv22eoxc.sawWinSW.dll

2021-10-06 21:21 – 2021-10-06 21:21 – 000008704 _____ (Microsoft Corporation) [File not signed] [File is in use] C:WindowsTEMP.netEpicOnlineServicesHostlv22eoxc.sawMicrosoft.Win32.Primitives.dll

2021-10-06 21:21 – 2021-10-06 21:21 – 000027136 _____ (Microsoft Corporation) [File not signed] [File is in use] C:WindowsTEMP.netEpicOnlineServicesHostlv22eoxc.sawMicrosoft.Win32.Registry.dll

2021-10-06 21:21 – 2021-10-06 21:21 – 000032768 _____ (Microsoft Corporation) [File not signed] [File is in use] C:WindowsTEMP.netEpicOnlineServicesHostlv22eoxc.sawSystem.Collections.Concurrent.dll

2021-10-06 21:21 – 2021-10-06 21:21 – 000026624 _____ (Microsoft Corporation) [File not signed] [File is in use] C:WindowsTEMP.netEpicOnlineServicesHostlv22eoxc.sawSystem.Collections.NonGeneric.dll

2021-10-06 21:21 – 2021-10-06 21:21 – 000028672 _____ (Microsoft Corporation) [File not signed] [File is in use] C:WindowsTEMP.netEpicOnlineServicesHostlv22eoxc.sawSystem.Collections.Specialized.dll

2021-10-06 21:21 – 2021-10-06 21:21 – 000006144 _____ (Microsoft Corporation) [File not signed] [File is in use] C:WindowsTEMP.netEpicOnlineServicesHostlv22eoxc.sawSystem.ComponentModel.dll

2021-10-06 21:21 – 2021-10-06 21:21 – 000017408 _____ (Microsoft Corporation) [File not signed] [File is in use] C:WindowsTEMP.netEpicOnlineServicesHostlv22eoxc.sawSystem.ComponentModel.Primitives.dll

2021-10-06 21:21 – 2021-10-06 21:21 – 000101376 _____ (Microsoft Corporation) [File not signed] [File is in use] C:WindowsTEMP.netEpicOnlineServicesHostlv22eoxc.sawSystem.ComponentModel.TypeConverter.dll

2021-10-06 21:21 – 2021-10-06 21:21 – 000366592 _____ (Microsoft Corporation) [File not signed] [File is in use] C:WindowsTEMP.netEpicOnlineServicesHostlv22eoxc.sawSystem.Configuration.ConfigurationManager.dll

2021-10-06 21:21 – 2021-10-06 21:21 – 000040448 _____ (Microsoft Corporation) [File not signed] [File is in use] C:WindowsTEMP.netEpicOnlineServicesHostlv22eoxc.sawSystem.Console.dll

2021-10-06 21:21 – 2021-10-06 21:21 – 000120832 _____ (Microsoft Corporation) [File not signed] [File is in use] C:WindowsTEMP.netEpicOnlineServicesHostlv22eoxc.sawSystem.Diagnostics.EventLog.dll

2021-10-06 21:21 – 2021-10-06 21:21 – 000079360 _____ (Microsoft Corporation) [File not signed] [File is in use] C:WindowsTEMP.netEpicOnlineServicesHostlv22eoxc.sawSystem.Diagnostics.Process.dll

2021-10-06 21:21 – 2021-10-06 21:21 – 000057856 _____ (Microsoft Corporation) [File not signed] [File is in use] C:WindowsTEMP.netEpicOnlineServicesHostlv22eoxc.sawSystem.IO.FileSystem.dll

2021-10-06 21:21 – 2021-10-06 21:21 – 000043008 _____ (Microsoft Corporation) [File not signed] [File is in use] C:WindowsTEMP.netEpicOnlineServicesHostlv22eoxc.sawSystem.IO.Pipes.dll

2021-10-06 21:21 – 2021-10-06 21:21 – 000044544 _____ (Microsoft Corporation) [File not signed] [File is in use] C:WindowsTEMP.netEpicOnlineServicesHostlv22eoxc.sawSystem.Linq.dll

2021-10-06 21:21 – 2021-10-06 21:21 – 000071680 _____ (Microsoft Corporation) [File not signed] [File is in use] C:WindowsTEMP.netEpicOnlineServicesHostlv22eoxc.sawSystem.Net.Primitives.dll

2021-10-06 21:21 – 2021-10-06 21:21 – 000015360 _____ (Microsoft Corporation) [File not signed] [File is in use] C:WindowsTEMP.netEpicOnlineServicesHostlv22eoxc.sawSystem.Net.WebClient.dll

2021-10-06 21:21 – 2021-10-06 21:21 – 002242048 _____ (Microsoft Corporation) [File not signed] [File is in use] C:WindowsTEMP.netEpicOnlineServicesHostlv22eoxc.sawSystem.Private.CoreLib.dll

2021-10-06 21:21 – 2021-10-06 21:21 – 000080384 _____ (Microsoft Corporation) [File not signed] [File is in use] C:WindowsTEMP.netEpicOnlineServicesHostlv22eoxc.sawSystem.Private.Uri.dll

2021-10-06 21:21 – 2021-10-06 21:21 – 001532416 _____ (Microsoft Corporation) [File not signed] [File is in use] C:WindowsTEMP.netEpicOnlineServicesHostlv22eoxc.sawSystem.Private.Xml.dll

2021-10-06 21:21 – 2021-10-06 21:21 – 000036352 _____ (Microsoft Corporation) [File not signed] [File is in use] C:WindowsTEMP.netEpicOnlineServicesHostlv22eoxc.sawSystem.Security.Cryptography.Algorithms.dll

2021-10-06 21:21 – 2021-10-06 21:21 – 000052224 _____ (Microsoft Corporation) [File not signed] [File is in use] C:WindowsTEMP.netEpicOnlineServicesHostlv22eoxc.sawSystem.ServiceProcess.ServiceController.dll

2021-10-06 21:21 – 2021-10-06 21:21 – 000165888 _____ (Microsoft Corporation) [File not signed] [File is in use] C:WindowsTEMP.netEpicOnlineServicesHostlv22eoxc.sawSystem.Text.RegularExpressions.dll

2021-10-06 21:21 – 2021-10-06 21:21 – 000019456 _____ (Microsoft Corporation) [File not signed] [File is in use] C:WindowsTEMP.netEpicOnlineServicesHostlv22eoxc.sawSystem.Threading.dll

2021-10-06 21:21 – 2021-10-06 21:21 – 000246272 _____ (The Apache Software Foundation) [File not signed] [File is in use] C:WindowsTEMP.netEpicOnlineServicesHostlv22eoxc.sawlog4net.dll

2021-09-27 11:37 – 2021-09-27 11:37 – 000810496 _____ (The Chromium Authors) [File not signed] C:Program Files (x86)Battle.netBattle.net.13121chrome_elf.dll

2021-09-27 11:37 – 2021-09-27 11:37 – 000047104 _____ (The Qt Company Ltd.) [File not signed] C:Program Files (x86)Battle.netBattle.net.13121audioqtaudio_windows.dll

2021-09-27 11:37 – 2021-09-27 11:37 – 000026112 _____ (The Qt Company Ltd.) [File not signed] C:Program Files (x86)Battle.netBattle.net.13121imageformatsqgif.dll

2021-09-27 11:37 – 2021-09-27 11:37 – 000027136 _____ (The Qt Company Ltd.) [File not signed] C:Program Files (x86)Battle.netBattle.net.13121imageformatsqico.dll

2021-09-27 11:37 – 2021-09-27 11:37 – 000243712 _____ (The Qt Company Ltd.) [File not signed] C:Program Files (x86)Battle.netBattle.net.13121imageformatsqjpeg.dll

2021-09-27 11:38 – 2021-09-27 11:38 – 000223744 _____ (The Qt Company Ltd.) [File not signed] C:Program Files (x86)Battle.netBattle.net.13121imageformatsqmng.dll

2021-09-27 11:38 – 2021-09-27 11:38 – 000020992 _____ (The Qt Company Ltd.) [File not signed] C:Program Files (x86)Battle.netBattle.net.13121imageformatsqsvg.dll

2021-09-27 11:38 – 2021-09-27 11:38 – 000332288 _____ (The Qt Company Ltd.) [File not signed] C:Program Files (x86)Battle.netBattle.net.13121imageformatsqtiff.dll

2021-09-27 11:38 – 2021-09-27 11:38 – 001140224 _____ (The Qt Company Ltd.) [File not signed] C:Program Files (x86)Battle.netBattle.net.13121platformsqwindows.dll

2021-09-27 11:38 – 2021-09-27 11:38 – 004943360 _____ (The Qt Company Ltd.) [File not signed] C:Program Files (x86)Battle.netBattle.net.13121Qt5Core.dll

2021-09-27 11:38 – 2021-09-27 11:38 – 005022208 _____ (The Qt Company Ltd.) [File not signed] C:Program Files (x86)Battle.netBattle.net.13121Qt5Gui.dll

2021-09-27 11:38 – 2021-09-27 11:38 – 000626176 _____ (The Qt Company Ltd.) [File not signed] C:Program Files (x86)Battle.netBattle.net.13121Qt5Multimedia.dll

2021-09-27 11:38 – 2021-09-27 11:38 – 000877056 _____ (The Qt Company Ltd.) [File not signed] C:Program Files (x86)Battle.netBattle.net.13121Qt5Network.dll

2021-09-27 11:38 – 2021-09-27 11:38 – 002908672 _____ (The Qt Company Ltd.) [File not signed] C:Program Files (x86)Battle.netBattle.net.13121Qt5Qml.dll

2021-09-27 11:38 – 2021-09-27 11:38 – 003078656 _____ (The Qt Company Ltd.) [File not signed] C:Program Files (x86)Battle.netBattle.net.13121Qt5Quick.dll

2021-09-27 11:38 – 2021-09-27 11:38 – 000259072 _____ (The Qt Company Ltd.) [File not signed] C:Program Files (x86)Battle.netBattle.net.13121Qt5Svg.dll

2021-09-27 11:38 – 2021-09-27 11:38 – 004718080 _____ (The Qt Company Ltd.) [File not signed] C:Program Files (x86)Battle.netBattle.net.13121Qt5Widgets.dll

2021-09-27 11:38 – 2021-09-27 11:38 – 000439296 _____ (The Qt Company Ltd.) [File not signed] C:Program Files (x86)Battle.netBattle.net.13121Qt5WinExtras.dll

2021-09-27 11:38 – 2021-09-27 11:38 – 000159232 _____ (The Qt Company Ltd.) [File not signed] C:Program Files (x86)Battle.netBattle.net.13121Qt5Xml.dll

2021-10-06 21:21 – 2021-10-06 21:21 – 000073728 _____ (WinSW.Core) [File not signed] [File is in use] C:WindowsTEMP.netEpicOnlineServicesHostlv22eoxc.sawWinSW.Core.dll

 

==================== Alternate Data Streams (Whitelisted) ========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

AlternateDataStreams: C:UsersPublicShared Files:VersionCache [3460]

 

==================== Safe Mode (Whitelisted) ==================

 

==================== Association (Whitelisted) =================

 

==================== Internet Explorer (Whitelisted) ==========

 

 

==================== Hosts content: =========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2019-12-07 03:14 – 2019-12-07 03:12 – 000000824 _____ C:Windowssystem32driversetchosts

 

==================== Other Areas ===========================

 

(Currently there is no automatic fix for this section.)

 

HKUS-1-5-21-4021764396-583831311-1959139057-1001Control PanelDesktop\Wallpaper -> C:UsersZoyvnAppDataLocalMicrosoftWindowsThemesRoamedThemeFilesDesktopBackground2vek91vtuhw51.png

DNS Servers: 64.59.184.13 – 64.59.190.242

HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: )

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

==================== FirewallRules (Whitelisted) ================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [{7159FA44-FBF8-4A9E-A4BE-EF19AF92CCEF}] => (Allow) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{0BAAD3D9-5DDE-445B-93F6-5BF7BA34258E}] => (Allow) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{20F47D16-C407-4960-AF14-6B6550006460}] => (Allow) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{2AA8C443-069F-4FCF-9690-784885CE7C34}] => (Allow) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{C3FAA7CE-CC6E-4F25-820A-61788F1F87A7}] => (Allow) C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{4B354403-E3C0-4F34-AE82-964763B9590D}] => (Allow) C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{6EB5F2F5-63BC-4932-92B6-0D01A134E1D2}] => (Allow) C:Program Files (x86)SteamSteam.exe (Valve Corp. -> Valve Corporation)

FirewallRules: [{D0DDB403-E746-43C0-B491-5585BFDC624B}] => (Allow) C:Program Files (x86)SteamSteam.exe (Valve Corp. -> Valve Corporation)

FirewallRules: [{B7077415-8ABD-41CA-871C-0E2C500EC5C0}] => (Allow) C:Program Files (x86)Steambincefcef.win7x64steamwebhelper.exe (Valve Corp. -> Valve Corporation)

FirewallRules: [{C985C464-5792-4171-AB3E-EDBFE47D9CD7}] => (Allow) C:Program Files (x86)Steambincefcef.win7x64steamwebhelper.exe (Valve Corp. -> Valve Corporation)

FirewallRules: [{435B76F7-F512-4DA1-8131-A32119977B16}] => (Allow) C:Program Files (x86)SteamsteamappscommonPhasmophobiaPhasmophobia.exe () [File not signed]

FirewallRules: [{74476070-DC2A-4971-B367-A3CB4038A576}] => (Allow) C:Program Files (x86)SteamsteamappscommonPhasmophobiaPhasmophobia.exe () [File not signed]

FirewallRules: [{2EBEE989-CE77-4280-8AE6-EC69C44B9AB3}] => (Allow) C:Program Files (x86)Steamsteamappscommonwallpaper_enginelauncher.exe (Skutta, Kristjan -> )

FirewallRules: [{18DEA32B-9B71-4A01-B682-C5E6680A49F2}] => (Allow) C:Program Files (x86)Steamsteamappscommonwallpaper_enginelauncher.exe (Skutta, Kristjan -> )

FirewallRules: [{8D604F72-2E7C-4872-AE36-A33A506BADC0}] => (Allow) C:Program Files (x86)SteamsteamappscommonApex LegendsEasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)

FirewallRules: [{DCF9F216-8F3E-43D2-BB85-5E63FA189691}] => (Allow) C:Program Files (x86)SteamsteamappscommonApex LegendsEasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)

FirewallRules: [{0B124757-EE92-43A3-B350-83625720B347}] => (Allow) C:Program Files (x86)SteamsteamappscommonTom Clancy’s Rainbow Six SiegeRainbowSix.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)

FirewallRules: [{197BA0DE-D048-4CEF-B84F-8296BD5BA41E}] => (Allow) C:Program Files (x86)SteamsteamappscommonTom Clancy’s Rainbow Six SiegeRainbowSix.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)

FirewallRules: [{EA4357E0-6BC3-4CE5-B245-E8620FC95CC2}] => (Allow) C:Program Files (x86)SteamsteamappscommonTom Clancy’s Rainbow Six SiegeRainbowSix_Vulkan.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)

FirewallRules: [{9D015BDD-295F-48AC-A699-7D005B6A06F8}] => (Allow) C:Program Files (x86)SteamsteamappscommonTom Clancy’s Rainbow Six SiegeRainbowSix_Vulkan.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)

FirewallRules: [{D3069AE6-2645-48C4-AD85-1FE3F6B4A0F6}] => (Allow) C:Program Files (x86)SteamsteamappscommonTom Clancy’s Rainbow Six SiegeRainbowSix_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)

FirewallRules: [{A961E62E-507E-4BCC-AE93-9B1CCB055192}] => (Allow) C:Program Files (x86)SteamsteamappscommonTom Clancy’s Rainbow Six SiegeRainbowSix_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)

FirewallRules: [{96E2C00B-151C-4BF6-BDC8-6D8D2537DA25}] => (Allow) C:Program Files (x86)SteamsteamappscommonCounter-Strike Global Offensivecsgo.exe (Valve -> )

FirewallRules: [{E8EA111B-65CA-435B-8917-2218FE43C9F9}] => (Allow) C:Program Files (x86)SteamsteamappscommonCounter-Strike Global Offensivecsgo.exe (Valve -> )

FirewallRules: [{F74D32DE-52EE-44A5-A3E0-28F89B07F4C3}] => (Allow) C:Program Files (x86)SteamsteamappscommonTeam Fortress 2hl2.exe (Valve -> )

FirewallRules: [{BE9E7124-CBAE-43F6-B84A-32394E8FC86E}] => (Allow) C:Program Files (x86)SteamsteamappscommonTeam Fortress 2hl2.exe (Valve -> )

FirewallRules: [{0D6BDEE3-A506-42F5-9065-FE5C4D9B6AD6}] => (Allow) C:Program Files (x86)SteamsteamappscommonBloonsTD6BloonsTD6.exe () [File not signed]

FirewallRules: [{4E6103EB-2765-4E7E-88E3-B86D447B524F}] => (Allow) C:Program Files (x86)SteamsteamappscommonBloonsTD6BloonsTD6.exe () [File not signed]

FirewallRules: [{04DCE331-A3FD-47B5-9D1B-4CAC0F313E00}] => (Allow) C:Program Files (x86)SteamsteamappscommonVRChatVRChat.exe () [File not signed]

FirewallRules: [{AC2ECF9D-24EA-4A9B-A50B-C64FAEFB5444}] => (Allow) C:Program Files (x86)SteamsteamappscommonVRChatVRChat.exe () [File not signed]

FirewallRules: [{D69BAFEB-8025-4962-A681-B5311BF91528}] => (Allow) C:Program Files (x86)SteamsteamappscommonAim LabAimLab_tb.exe () [File not signed]

FirewallRules: [{8A2DBFCA-3782-4693-9031-ADD26597DC35}] => (Allow) C:Program Files (x86)SteamsteamappscommonAim LabAimLab_tb.exe () [File not signed]

FirewallRules: [{6607E485-4D22-4880-A432-2C44EDF11D20}] => (Allow) C:Program Files (x86)SteamsteamappscommonFPSAimTrainerFPSAimTrainer.exe (Int3 Software AB -> Int3 Software AB)

FirewallRules: [{783668E1-D67C-4BB8-AFE2-A7EF99224FB4}] => (Allow) C:Program Files (x86)SteamsteamappscommonFPSAimTrainerFPSAimTrainer.exe (Int3 Software AB -> Int3 Software AB)

FirewallRules: [{FAC9EA8D-44C0-4523-BCE5-E50C4AF79C62}] => (Allow) C:Program Files (x86)SteamsteamappscommonFPSAimTrainerFPSAimTrainerBinariesWin64FPSAimTrainer-Win64-Shipping.exe () [File not signed]

FirewallRules: [{40693351-231F-4C35-8BEF-ADD6E8EB7577}] => (Allow) C:Program Files (x86)SteamsteamappscommonFPSAimTrainerFPSAimTrainerBinariesWin64FPSAimTrainer-Win64-Shipping.exe () [File not signed]

FirewallRules: [{747431C0-87FB-40D0-BB8E-99AF17C67AA9}] => (Allow) C:Program Files (x86)SteamsteamappscommonPaladinsBinariesWin64PaladinsEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)

FirewallRules: [{44911451-476A-4CE5-B037-51EFF4D377FE}] => (Allow) C:Program Files (x86)SteamsteamappscommonPaladinsBinariesWin64PaladinsEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)

FirewallRules: [{272FECB3-1684-4654-89FC-AA3963FEC61A}] => (Allow) C:Program Files (x86)SteamsteamappscommonSplitgateequ8-launcher.exe (Int3 Software AB -> Int3 Software AB)

FirewallRules: [{5264AE26-3A8B-4780-8156-2EA7B826C846}] => (Allow) C:Program Files (x86)SteamsteamappscommonSplitgateequ8-launcher.exe (Int3 Software AB -> Int3 Software AB)

FirewallRules: [{531F2B93-17CD-4878-A43F-07FF54D9AB70}] => (Allow) C:Program Files (x86)SteamsteamappscommonSplitgatePortalWarsBinariesWin64PortalWars-Win64-Shipping.exe (1047 Games, LLC -> Epic Games, Inc.)

FirewallRules: [{686632AB-5C2D-49AB-AEE3-EFB0D19043BB}] => (Allow) C:Program Files (x86)SteamsteamappscommonSplitgatePortalWarsBinariesWin64PortalWars-Win64-Shipping.exe (1047 Games, LLC -> Epic Games, Inc.)

FirewallRules: [{0C4FDD90-B92E-4C99-9C44-1DACDDD1BC36}] => (Allow) C:Program Files (x86)Steamsteamappscommonwallpaper_enginebindiagnostics32.exe (Skutta, Kristjan -> )

FirewallRules: [{3D6E18EB-8C15-41B1-98EC-8A785F3A0196}] => (Allow) C:Program Files (x86)Steamsteamappscommonwallpaper_enginebindiagnostics32.exe (Skutta, Kristjan -> )

FirewallRules: [{8E5A86A9-3502-48E1-9A65-3D0966EA30AC}] => (Allow) C:Program Files (x86)SteamsteamappscommonStickFightTheGameStickFight.exe () [File not signed]

FirewallRules: [{FA2D7274-68AA-4949-BF9C-DA8F3A0E11AC}] => (Allow) C:Program Files (x86)SteamsteamappscommonStickFightTheGameStickFight.exe () [File not signed]

FirewallRules: [TCP Query User{18339EC7-3260-4469-919B-31FF565D10BC}C:riot gamesriot clientriotclientservices.exe] => (Allow) C:riot gamesriot clientriotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)

FirewallRules: [UDP Query User{D00D29C9-C2AF-4822-B244-CC440285E6D6}C:riot gamesriot clientriotclientservices.exe] => (Allow) C:riot gamesriot clientriotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)

FirewallRules: [TCP Query User{124E2230-6D80-4312-AAD4-74B0E9A370A9}C:program files (x86)overwatch_retail_overwatch.exe] => (Allow) C:program files (x86)overwatch_retail_overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)

FirewallRules: [UDP Query User{467669A6-C6FD-4F59-A15A-74A586329E45}C:program files (x86)overwatch_retail_overwatch.exe] => (Allow) C:program files (x86)overwatch_retail_overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)

FirewallRules: [{ECBF692E-C698-4C21-9AA1-9338EDE7241F}] => (Allow) C:Program FilesGoogleChromeApplicationchrome.exe (Google LLC -> Google LLC)

 

==================== Restore Points =========================

 

25-09-2021 14:32:32 Installed DirectX

26-09-2021 14:45:41 Windows Modules Installer

04-10-2021 20:07:20 Installed Windows PC Health Check

06-10-2021 21:11:46 Before KSCF and Malwarebytes fix

 

==================== Faulty Device Manager Devices ============

 

Name: PCI Simple Communications Controller

Description: PCI Simple Communications Controller

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click “Update Driver”, which starts the Hardware Update wizard.

 

Name: SM Bus Controller

Description: SM Bus Controller

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click “Update Driver”, which starts the Hardware Update wizard.

 

 

==================== Event log errors: ========================

 

Application errors:

==================

Error: (10/07/2021 04:05:12 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program League of Legends.exe version 11.20.400.7328 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

 

Process ID: 1fd0

 

Start Time: 01d7bbc6a8bbb634

 

Termination Time: 4294967295

 

Application Path: C:Riot GamesLeague of LegendsGameLeague of Legends.exe

 

Report Id: 8442847b-1bc3-4f38-a8c4-a456abee5cc5

 

Faulting package full name: 

 

Faulting package-relative application ID: 

 

Hang type: Top level window is idle

 

Error: (10/06/2021 10:38:30 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )

Description: The storage optimizer couldn’t complete retrim on Seagate Barracuda (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

 

Error: (10/06/2021 09:17:18 PM) (Source: VSS) (EventID: 13) (User: )

Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.

]

 

Error: (10/06/2021 09:14:22 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.

.

 

Error: (10/06/2021 09:14:22 PM) (Source: VSS) (EventID: 13) (User: )

Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.

]

 

Error: (10/06/2021 09:13:38 PM) (Source: SecurityCenter) (EventID: 17) (User: )

Description: Security Center failed to validate caller with error %1.

 

Error: (10/04/2021 11:57:11 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )

Description: The storage optimizer couldn’t complete retrim on Seagate Barracuda (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

 

Error: (10/04/2021 07:53:04 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: NT AUTHORITY)

Description: Application or service ‘Epic Online Services local application.’ could not be shut down.

 

 

System errors:

=============

Error: (10/07/2021 06:56:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Steam Client Service service failed to start due to the following error: 

The service did not respond to the start or control request in a timely fashion.

 

Error: (10/07/2021 06:56:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

 

Error: (10/07/2021 06:55:36 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-43VE1G1)

Description: DCOM got error “1084” attempting to start the service ShellHWDetection with arguments “Unavailable” in order to run the server:

{DD522ACC-F821-461A-A407-50B198B896DC}

 

Error: (10/07/2021 06:55:28 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-43VE1G1)

Description: DCOM got error “1084” attempting to start the service camsvc with arguments “Unavailable” in order to run the server:

Windows.Internal.CapabilityAccess.CapabilityAccess

 

Error: (10/07/2021 06:43:19 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-43VE1G1)

Description: DCOM got error “1084” attempting to start the service netprofm with arguments “Unavailable” in order to run the server:

{A47979D2-C419-11D9-A5B4-001185AD2B89}

 

Error: (10/07/2021 06:42:07 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-43VE1G1)

Description: DCOM got error “1084” attempting to start the service netprofm with arguments “Unavailable” in order to run the server:

{A47979D2-C419-11D9-A5B4-001185AD2B89}

 

Error: (10/07/2021 06:31:40 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-43VE1G1)

Description: DCOM got error “1084” attempting to start the service BITS with arguments “Unavailable” in order to run the server:

{4991D34B-80A1-4291-83B6-3328366B9097}

 

Error: (10/07/2021 06:23:30 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)

Description: DCOM got error “1084” attempting to start the service WSearch with arguments “Unavailable” in order to run the server:

{9E175B68-F52A-11D8-B9A5-505054503030}

 

 

Windows Defender:

================

Date: 2021-09-30 17:29:25

Description: 

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

 

Date: 2021-09-29 13:36:34

Description: 

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

 

Date: 2021-09-27 21:00:06

Description: 

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

 

Date: 2021-09-27 13:24:33

Description: 

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

 

Date: 2021-09-16 15:09:31

Description: 

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan



CodeIntegrity:

===============

Date: 2021-10-07 18:58:03

Description: 

Code Integrity determined that a process (DeviceHarddiskVolume4WindowsSystem32svchost.exe) attempted to load DeviceHarddiskVolume4Program Files (x86)Kaspersky LabKaspersky Security Cloud 21.3x64antimalware_provider.dll that did not meet the Windows signing level requirements.

 

 

==================== Memory info =========================== 

 

BIOS: American Megatrends Inc. 0407 07/05/2013

Motherboard: ASUSTeK COMPUTER INC. G30AB

Processor: Intel® Core™ i7-4770K CPU @ 3.50GHz

Percentage of memory in use: 41%

Total physical RAM: 16321.87 MB

Available physical RAM: 9595.63 MB

Total Virtual: 28609.87 MB

Available Virtual: 18674.66 MB

 

==================== Drives ================================

 

Drive c: (Samsung 870 EVO) (Fixed) (Total:930.9 GB) (Free:416.67 GB) NTFS

Drive d: (Seagate Barracuda) (Fixed) (Total:1863 GB) (Free:227.65 GB) NTFS

 

\?Volume{1cd8a7f1-4b71-48bd-9764-a7a7d95847d1} () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS

\?Volume{42317e74-9440-4ee0-ba7c-35b5d3a5712a} () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

 

==================== MBR & Partition Table ====================

 

==========================================================

Disk: 0 (Size: 119.2 GB) (Disk ID: 420548A9)

 

Partition: GPT.

 

==========================================================

Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

 

Partition: GPT.

 

==========================================================

Disk: 2 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)

 

Partition: GPT.

 

==================== End of Addition.txt =======================

 

 




Original Source by [author_name]

Leave a Reply

Your email address will not be published. Required fields are marked *

26 − = twenty four