Hi guys!
Hoping someone can help as had Google Play take a chunk out my account for VK (Russian chat app? Never used it at all), also locked me out of Faceband and Google saying suspicious app has accessed my account. I’ve got Bitdefender installed and done various scans, trying to ensure whatever it was is gone!
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-10-2021
Ran by pauld (administrator) on DESKTOP-U3693P7 (Gigabyte Technology Co., Ltd. Z390 AORUS PRO) (01-11-2021 23:03:01)
Running from C:UserspauldDropboxMy PC (DESKTOP-U3693P7)Downloads
Loaded Profiles: pauld & OVRLibraryService
: Microsoft Windows 10 Pro Version 21H1 19043.1320 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:Program Files (x86)GIGABYTEAppCenterAdjustService.exe
(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefender Agent26.0.1.198DiscoverySrv.exe
(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefender AgentProductAgentService.exe
(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefender Agentredlinebdredline.exe
(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefenderBitdefender Securitybdagent.exe
(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefenderBitdefender Securitybdntwrk.exe
(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefenderBitdefender Securitybdservicehost.exe <3>
(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefenderBitdefender Securitybdtrackersnmh.exe
(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefenderBitdefender Securitybdwtxag.exe
(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefenderBitdefender Securitybdwtxcr.exe
(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefenderBitdefender Securityobkagent.exe
(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefenderBitdefender Securityupdatesrv.exe
(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefenderBitdefender VPNbdvpnapp.exe
(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefenderBitdefender VPNBdVpnService.exe
(Bitdefender SRL -> Bitdefender) C:Program FilesCommon FilesBitdefenderSetupInformationBitdefender RedLinebdredline.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:Program Files (x86)CorsairCORSAIR iCUE SoftwareCorsair.Service.CpuIdRemote64.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:Program Files (x86)CorsairCORSAIR iCUE SoftwareCorsair.Service.DisplayAdapter.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:Program Files (x86)CorsairCORSAIR iCUE SoftwareCorsair.Service.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:Program Files (x86)CorsairCORSAIR iCUE SoftwareCueLLAccessService.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:Program Files (x86)CorsairCORSAIR iCUE SoftwareiCUE.exe
(Epic Games Inc. -> Epic Games, Inc.) C:Program Files (x86)Epic GamesEpic Online ServicesEpicOnlineServices.exe <2>
(Epic Games Inc. -> Epic Games, Inc.) C:Program Files (x86)Epic GamesEpic Online ServicesEpicOnlineServicesUserHelper.exe
(Epic Games Inc. -> Epic Games, Inc.) C:Program Files (x86)Epic GamesEpic Online ServicesserviceEpicOnlineServicesHost.exe
(Epic Games Inc. -> Epic Games, Inc.) C:Program Files (x86)Epic GamesLauncherEngineBinariesWin64EpicWebHelper.exe <2>
(Epic Games Inc. -> Epic Games, Inc.) C:Program Files (x86)Epic GamesLauncherPortalBinariesWin64EpicGamesLauncher.exe
(GIGA-BYTE TECHNOLOGY CO., LTD. -> ) C:Program Files (x86)GIGABYTEAppCenterApCent.exe
(GIGA-BYTE TECHNOLOGY CO., LTD. -> Gigabyte Technology CO.) C:Program FilesGIGABYTESmart BackupRPMDaemon.exe
(GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.) C:Program Files (x86)GIGABYTEEasyTuneEngineServiceEasyTuneEngineService.exe
(GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.) C:Program Files (x86)GIGABYTEEasyTuneEngineServiceGraphicsCardEngine.exe
(GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.) C:Program Files (x86)GIGABYTESIVsensord.exe
(GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.) C:Program Files (x86)GIGABYTESmartSurveyGbtCareBotService.exe
(GIGA-BYTE TECHNOLOGY CO., LTD. -> Microsoft) C:Program Files (x86)GIGABYTECloudStation_ServerHomeCloudHCLOUD.exe
(GIGA-BYTE TECHNOLOGY CO., LTD. -> Microsoft) C:Program Files (x86)GIGABYTEGServiceGCloud.exe
(Gigabyte Technology CO., LTD.) [File not signed] C:Program Files (x86)GIGABYTESmart TimeLockAlarmClock.exe
(Gigabyte Technology CO., LTD.) [File not signed] C:Program Files (x86)GIGABYTESmart TimeLockTimeMgmtDaemon.exe
(Google LLC -> Google LLC) C:Program Files (x86)GoogleUpdate1.3.36.112GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:Program Files (x86)GoogleUpdate1.3.36.112GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:Program FilesGoogleChromeApplicationchrome.exe <22>
(Intel Corporation -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositoryiaahcic.inf_amd64_3de4831720bb2934RstMwService.exe
(Intel Corporation -> Intel Corporation) C:WindowsSystem32ibtsiva.exe
(Intel Corporation -> Intel® Corporation) C:Program FilesCommon FilesIntelWirelessCommonRegSrvc.exe
(Intel Corporation -> Intel® Corporation) C:Program FilesIntelWiFibinEvtEng.exe
(Intel Corporation -> Intel® Corporation) C:WindowsSysWOW64XtuService.exe
(Intel Corporation -> Intel® Corporation) C:Program FilesIntelWiFibinZeroConfigService.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:Program Files (x86)IntelIntel® Management Engine ComponentsDALjhi_service.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:Program Files (x86)IntelIntel® Management Engine ComponentsLMSLMS.exe
(Intel® INTELND1820 -> Intel Corporation) C:WindowsSystem32IPROSetMonitor.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:Program FilesIntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:Program FilesIntelIntel® Rapid Storage TechnologyIAStorIcon.exe
(Microsoft Corporation -> Microsoft Corporation) C:Program Files (x86)Microsoft Intune Management ExtensionMicrosoft.Management.Services.IntuneWindowsAgent.exe
(Microsoft Corporation -> Microsoft Corporation) C:Program FilesCommon Filesmicrosoft sharedClickToRunOfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:Program FilesMicrosoft OneDrive21.196.0921.0007FileCoAuth.exe
(Microsoft Corporation -> Microsoft Corporation) C:Program FilesMicrosoft OneDriveOneDrive.exe
(Microsoft Corporation) C:Program FilesWindowsAppsmicrosoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbweHxOutlook.exe
(Microsoft Corporation) C:Program FilesWindowsAppsmicrosoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbweHxTsr.exe
(Microsoft Corporation) C:Program FilesWindowsAppsmicrosoft.windowsstore_12107.1001.15.0_x64__8wekyb3d8bbweWinStore.App.exe
(Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.XboxGamingOverlay_5.721.10202.0_x64__8wekyb3d8bbweGameBar.exe
(Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.XboxGamingOverlay_5.721.10202.0_x64__8wekyb3d8bbweGameBarFTServer.exe
(Microsoft Windows -> Microsoft Corporation) C:Program FilesMicrosoft Update Health Toolsuhssvc.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsImmersiveControlPanelSystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32cmd.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSysWOW64wbemWmiPrvSE.exe
(Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.) C:WindowsSystem32CorsairGamingAudioCfgService64.exe
(nordvpn s.a. -> ) C:UserspauldAppDataLocalProgramsnordpassresourcesnordpass-background-app.exe
(nordvpn s.a. -> NordPass Team) C:UserspauldAppDataLocalProgramsnordpassNordPass.exe <4>
(nordvpn s.a. -> TEFINCOM S.A.) C:Program FilesNordVPNNordVPN.exe
(nordvpn s.a. -> TEFINCOM S.A.) C:Program FilesNordVPNnordvpn-service.exe
(NVIDIA Corporation -> Node.js) C:Program Files (x86)NVIDIA CorporationNvNodeNVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:Program FilesNVIDIA CorporationNVIDIA GeForce ExperienceNVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:Program FilesNVIDIA CorporationShadowPlaynvsphelper64.exe
(Nvidia Corporation -> NVIDIA Corporation) C:WindowsSystem32DriverStoreFileRepositorynv_dispi.inf_amd64_44dc4eefedc0d082Display.NvContainerNVDisplay.Container.exe <2>
(Oculus VR, LLC -> Facebook Technologies, LLC) C:Program FilesOculusSupportoculus-runtimeOVRRedir.exe
(Oculus VR, LLC -> Facebook Technologies, LLC) C:Program FilesOculusSupportoculus-runtimeOVRServer_x64.exe
(Oculus VR, LLC -> Facebook Technologies, LLC) C:Program FilesOculusSupportoculus-runtimeOVRServiceLauncher.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:Program FilesCCleanerCCleaner64.exe
(Power Software Limited -> Power Software Ltd) C:Program FilesPowerISOPWRISOVM.EXE
(Razer USA Ltd. -> Razer Inc) C:Program Files (x86)RazerRazer ServicesGMSGameManagerService.exe
(Razer USA Ltd. -> Razer Inc.) C:Program Files (x86)RazerRazer CortexFPSRunner32.exe
(Razer USA Ltd. -> Razer Inc.) C:Program Files (x86)RazerRazer CortexPMRunner32.exe
(Razer USA Ltd. -> Razer Inc.) C:Program Files (x86)RazerRazer CortexRzKLService.exe
(Razer USA Ltd. -> Razer Inc.) C:Program Files (x86)RazerRazer Cortexx64FPSRunner64.exe
(Razer USA Ltd. -> Razer Inc.) C:Program Files (x86)RazerRazer Cortexx64PMRunner64.exe
(Razer USA Ltd. -> Razer Inc.) C:Program Files (x86)RazerRazer ServicesRazer CentralRazer Central.exe
(Razer USA Ltd. -> Razer Inc.) C:Program Files (x86)RazerRazer ServicesRazer CentralRazerCentralService.exe
(Razer USA Ltd. -> Razer) C:Program Files (x86)RazerRazer CortexRazerCortex.exe
(Razer USA Ltd. -> The CefSharp Authors) C:Program Files (x86)RazerRazer CortexCefCefSharp.BrowserSubprocess.exe
(Razer USA Ltd. -> The CefSharp Authors) C:Program Files (x86)RazerRazer ServicesRazer CentralCefSharp.BrowserSubprocess.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:WindowsSystem32RtkAudUService64.exe <2>
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:Program FilesSUPERAntiSpywareSASCore64.exe
(Support.com Inc -> SUPERAntiSpyware) C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
(Valve -> Valve Corporation) C:Program Files (x86)Common FilesSteamsteamservice.exe
(Valve -> Valve Corporation) C:Program Files (x86)Steambincefcef.win7x64steamwebhelper.exe <7>
(Valve -> Valve Corporation) C:Program Files (x86)Steamsteam.exe
(Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) C:Program Files (x86)Common FilesZoomSupportCptService.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM…Run: [IAStorIcon] => C:Program FilesIntelIntel® Rapid Storage TechnologyIAStorIcon.exe [318920 2019-03-25] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM…Run: [RtkAudUService] => C:WINDOWSSystem32RtkAudUService64.exe [856288 2019-10-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM…Run: [BdVpnApp] => C:Program FilesBitdefenderBitdefender VPNBdVpnApp.exe [261224 2021-10-04] (Bitdefender SRL -> Bitdefender)
HKLM-x32…Run: [Discord] => C:ProgramDataSquirrelMachineInstallsDiscord.exe [70858912 2021-09-12] (Discord Inc. -> Discord Inc.)
HKLM-x32…Run: [RazerCortex] => C:Program Files (x86)RazerRazer CortexCortexLauncher.exe [267072 2021-10-19] (Razer USA Ltd. -> Razer Inc.)
HKLM-x32…Run: [PWRISOVM.EXE] => C:Program FilesPowerISOPWRISOVM.EXE [460432 2021-07-16] (Power Software Limited -> Power Software Ltd)
HKLM-x32…Run: [CORSAIR iCUE Software] => C:Program Files (x86)CorsairCORSAIR iCUE SoftwareiCUE Launcher.exe [409760 2021-03-05] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
HKLM…RunOnce: [RPMKickstart] => C:Program FilesGIGABYTESmart BackupRPMKickstartEx.exe [2320384 2014-04-01] (TODO: <Company name>) [File not signed]
HKLM-x32…RunOnce: [DualBiosRescue] => C:Program Files (x86)GIGABYTEGigabyteFirmwareUpdateUtilitydbrro.exe [12096 2015-08-19] (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
HKLM-x32…RunOnce: [PreRun] => C:Program Files (x86)GIGABYTEAppCenterPreRun.exe [14632 2016-02-26] (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
HKUS-1-5-21-3950220853-2468967144-3708230602-1001…Run: [OneDrive] => C:Program FilesMicrosoft OneDriveOneDrive.exe [2340200 2021-10-18] (Microsoft Corporation -> Microsoft Corporation)
HKUS-1-5-21-3950220853-2468967144-3708230602-1001…Run: [com.squirrel.Teams.Teams] => C:UserspauldAppDataLocalMicrosoftTeamsUpdate.exe [2455256 2021-10-05] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKUS-1-5-21-3950220853-2468967144-3708230602-1001…Run: [Steam] => C:Program Files (x86)Steamsteam.exe [4267928 2021-10-13] (Valve -> Valve Corporation)
HKUS-1-5-21-3950220853-2468967144-3708230602-1001…Run: [SUPERAntiSpyware] => C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe [11224432 2021-08-19] (Support.com Inc -> SUPERAntiSpyware)
HKUS-1-5-21-3950220853-2468967144-3708230602-1001…Run: [NordVPN] => C:Program FilesNordVPNNordVPN.exe [280440 2021-06-06] (nordvpn s.a. -> TEFINCOM S.A.)
HKUS-1-5-21-3950220853-2468967144-3708230602-1001…Run: [Spotify] => C:UserspauldAppDataRoamingSpotifySpotify.exe [18654336 2021-10-23] (Spotify AB -> Spotify Ltd)
HKUS-1-5-21-3950220853-2468967144-3708230602-1001…Run: [EpicGamesLauncher] => C:Program Files (x86)Epic GamesLauncherPortalBinariesWin64EpicGamesLauncher.exe [33526752 2021-10-27] (Epic Games Inc. -> Epic Games, Inc.)
HKUS-1-5-21-3950220853-2468967144-3708230602-1001…Run: [CCleaner Smart Cleaning] => C:Program FilesCCleanerCCleaner64.exe [35116160 2021-10-19] (Piriform Software Ltd -> Piriform Software Ltd)
HKUS-1-5-21-3950220853-2468967144-3708230602-1001…Run: [electron.app.NordPass] => C:UserspauldAppDataLocalProgramsnordpassNordPass.exe [117747680 2021-10-19] (nordvpn s.a. -> NordPass Team)
HKUS-1-5-21-3950220853-2468967144-3708230602-1005…RunOnce: [zoommsirepair] => C:Program Files (x86)Zoombininstaller.exe [798504 2021-09-09] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
HKUS-1-5-21-3950220853-2468967144-3708230602-1005…RunOnce: [OneDrive] => C:Program FilesMicrosoft OneDriveOneDrive.exe [2340200 2021-10-18] (Microsoft Corporation -> Microsoft Corporation)
HKUS-1-5-80-3238277391-1891473654-1195688043-4149050645-2494734967…RunOnce: [zoommsirepair] => C:Program Files (x86)Zoombininstaller.exe [798504 2021-09-09] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
HKLM…PrintMonitorsEPSON XP-452 455 Series 64MonitorBE: C:WINDOWSsystem32E_YLMBVAE.DLL [184832 2017-07-14] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation)
HKLMSoftwareMicrosoftActive SetupInstalled Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:Program FilesGoogleChromeApplication95.0.4638.69Installerchrmstp.exe [2021-11-01] (Google LLC -> Google LLC)
HKLMSoftware…AuthenticationCredential Providers: [{5EF9A232-5B5B-4768-95F2-3F601FB184E3}] -> C:WINDOWSsystem32AutoGreenCP.dll [2021-09-14] () [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:ProgramDataNTUSER.pol: Restriction <==== ATTENTION
HKLMSOFTWAREPoliciesMozillaFirefox: Restriction <==== ATTENTION
HKLMSOFTWAREPoliciesGoogle: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {036ED588-2B66-429E-ADFE-1AD9E1C9A6BB} – System32TasksBitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:Program FilesBitdefender Agent26.0.1.198WatchDog.exe [937064 2021-08-10] (Bitdefender SRL -> Bitdefender)
Task: {05C74CC5-E903-4B44-89B8-163D09BB4D86} – System32TasksMicrosoftOfficeOfficeTelemetryAgentLogOn2016 => C:Program FilesMicrosoft OfficerootOffice16msoia.exe [8314256 2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {070129DF-FCA9-4718-A2FC-1428B5B143A3} – System32TasksSIV-VGA => C:Program Files (x86)GIGABYTESIVSensord.exe [257408 2021-06-29] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
Task: {10CF2357-3BC1-4DAF-B721-5E72A8165CEB} – System32TasksNvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationUpdate CoreNvProfileUpdater64.exe [905072 2021-08-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {15753C37-D92B-4B49-944E-BDEC4B3B9083} – System32TasksNvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe [903024 2021-08-27] (NVIDIA Corporation -> NVIDIA Corporation) -> -d “C:Program FilesNVIDIA CorporationNvBackendNvBatteryBoostCheck” -l 3 -f C:ProgramDataNVIDIANvContainerBatteryBoostCheck.log
Task: {157A5B82-3E18-45B5-A75D-21BE94BE4C92} – System32TasksNvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe [903024 2021-08-27] (NVIDIA Corporation -> NVIDIA Corporation) -> -d “C:Program FilesNVIDIA CorporationNvDriverUpdateCheck” -l 3 -f C:ProgramDataNVIDIANvContainerDriverUpdateCheck.log
Task: {194EA4E4-F6B5-45D4-971B-4A6846597726} – System32TasksNvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationUpdate CoreNvProfileUpdater64.exe [905072 2021-08-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1C53FE12-0290-43D9-BFC3-6DA4D7B105F7} – System32TasksDriver Booster Scheduler => C:Program Files (x86)IObit Driver BoosterScheduler.exe [147232 2017-08-30] (IObit Information Technology -> IObit)
Task: {1FA9ACC4-395D-41A1-B78C-95B041EF5080} – System32TasksEPSON XP-452 455 Series Update {3C7931B3-55AA-47C8-9C24-22580E1E1F5D} => C:WINDOWSsystem32spoolDRIVERSx643E_YTSVAE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Task: {234D0B7B-8707-4CC5-B61C-F9EA13D169EE} – System32TasksGoogleUpdateTaskMachineUA => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [156232 2021-11-01] (Google LLC -> Google LLC)
Task: {243CD7B6-6569-47CA-B0E6-470AB144B2BE} – System32TasksDriver Booster SkipUAC (pauld) => C:Program Files (x86)IObit Driver BoosterDriverBooster.exe [5477376 2017-09-26] (IObit) [File not signed]
Task: {2EC57859-006D-46B9-BFBD-0715832E73AD} – System32TasksNvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1261424 2021-08-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3278582E-2B2E-44FA-A060-46BE07053B7A} – System32TasksMicrosoftOfficeOffice ClickToRun Service Monitor => C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeC2RClient.exe [22655904 2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {4B19BCFE-8D0A-4901-B244-F1E57DAE6D7B} – System32TasksEasyTune => C:Program Files (x86)GIGABYTEEasyTuneetinit.exe [15792 2019-02-21] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
Task: {4F3E74D2-F79F-49D9-B946-003DCE1677E2} – System32TasksNvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1261424 2021-08-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5842F825-75F7-4B2A-A0AF-D3285538BE6F} – System32TasksIntel PTT EK Recertification => C:Program FilesIntelIntel® Management Engine ComponentsiCLSIntelPTTEKRecertification.exe [837344 2018-09-14] (Intel® Trust Services -> Intel® Corporation)
Task: {599CBEEB-53FC-41B3-B051-4F6B34A4602D} – System32Tasksklcp_update => C:Program Files (x86)K-Lite Codec PackToolsCodecTweakTool.exe [1907712 2021-09-03] () [File not signed]
Task: {62134AE5-2A3F-478C-ADFD-6BAF6A177F16} – System32TasksSmartSurvey => C:Program Files (x86)GIGABYTESmartSurveyGbtCareBotCmd.exe [139696 2018-09-06] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
Task: {62CB47AA-4358-43B8-A623-BE874357DE4B} – System32TasksCCleaner Update => C:Program FilesCCleanerCCUpdate.exe [684976 2021-10-19] (Piriform Software Ltd -> Piriform)
Task: {69E9E1B7-C09A-45C5-9355-11F3D5CC9888} – System32TasksGoogleUpdateTaskMachineCore => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [156232 2021-11-01] (Google LLC -> Google LLC)
Task: {735759C5-3012-4750-A8C5-07A6078EFCEA} – System32TasksIntelIntel Telemetry 2 => C:Program FilesIntelTelemetry 2.0lrio.exe [2064744 2021-01-19] (Intel® Production Software -> Intel Corporation)
Task: {7CCA43A7-1F1F-4EA8-A491-9E2C92BA417B} – System32TasksBitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C => C:Program FilesBitdefenderBitdefender Securitybdagent.exe [900184 2021-08-27] (Bitdefender SRL -> Bitdefender)
Task: {7D7B4311-C316-4FE0-AC7F-193D7C5CFA86} – System32TasksMicrosoftOfficeOffice Automatic Updates 2.0 => C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeC2RClient.exe [22655904 2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {7EB8B22D-C670-44A6-BBE4-4D50146583FE} – System32TasksEasyTune 1 => C:Program Files (x86)GIGABYTEEasyTuneetocfile.exe [18352 2019-02-21] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
Task: {9597BC4B-3106-42A3-A46C-F0B383B22B1D} – System32TasksMicrosoftWindowsEnterpriseMgmtNonCritical39E40E80-BB7B-47E8-AC20-3546F9FB9759Queued Schedule created for queued alerts => C:WINDOWSsystem32deviceenroller.exe [458752 2021-09-21] (Microsoft Windows -> Microsoft Corporation)
Task: {983E61C8-C7C8-4C58-9871-1FF2DAC12634} – System32TasksMicrosoftOfficeOffice Feature Updates => C:Program FilesMicrosoft OfficerootOffice16sdxhelper.exe [138600 2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {A088D3B6-5DAA-48C9-9B31-A7DFB0B5060B} – System32TasksNVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNVIDIA GeForce ExperienceNVIDIA GeForce Experience.exe [3339120 2021-08-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B2343B5B-4247-435A-B343-90E0EDE0C43E} – System32TasksMicrosoftOfficeOffice Feature Updates Logon => C:Program FilesMicrosoft OfficerootOffice16sdxhelper.exe [138600 2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {B651554D-5934-4E82-8127-F2199E2138B2} – System32TasksMozillaFirefox Default Browser Agent 308046B0AF4A39CB => C:Program FilesMozilla Firefoxdefault-browser-agent.exe [680888 2021-10-06] (Mozilla Corporation -> Mozilla Foundation)
Task: {B889FF07-58D5-4D08-8161-4EAA22671899} – System32TasksCCleanerSkipUAC – pauld => C:Program FilesCCleanerCCleaner.exe [29200512 2021-10-19] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {BBDC0EBC-FA09-4A87-AF81-D1AAC8F4C836} – System32TasksNvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program Files (x86)NVIDIA CorporationNvNodenvnodejslauncher.exe [645488 2021-08-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C1D99AE7-F110-4901-BB76-3F0B6F523F0E} – System32TasksNvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1261424 2021-08-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CE109152-4627-489D-A93F-5E3FFC8FBE2E} – System32TasksNvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1261424 2021-08-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {DE837AEA-9483-4FEC-98FB-CEA913199302} – System32TasksMozillaFirefox Background Update 308046B0AF4A39CB => C:Program FilesMozilla Firefoxfirefox.exe –MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 –MOZ_LOG_FILE C:ProgramDataMozillaupdates308046B0AF4A39CBbackgroundupdate.moz_log –backgroundtask backgroundupdate
Task: {E08CD0E6-7E60-4D93-8526-2FE08DE5371E} – System32TasksGraphicsCardEngine => C:Program Files (x86)GIGABYTEEasyTuneEngineServiceGraphicsCardEngineStarter.exe [234880 2021-04-13] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
Task: {E3409E4C-2C79-4B72-99C1-1E1652B48BB2} – System32TasksOneDrive Per-Machine Standalone Update Task => C:Program FilesMicrosoft OneDriveOneDriveStandaloneUpdater.exe [3977576 2021-10-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {F5AE7745-1B55-404E-94AA-61AF5C39124B} – System32TasksSIV => C:Program Files (x86)GIGABYTESIVThermald.exe [389504 2021-06-29] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
Task: {F8890C2E-965B-4F13-853C-2BB850C88F05} – System32TasksMicrosoftOfficeOfficeTelemetryAgentFallBack2016 => C:Program FilesMicrosoft OfficerootOffice16msoia.exe [8314256 2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {FAB8D0F1-D8E8-4ED1-A0DD-3CB1CB666852} – System32TasksMicrosoftIntuneIntune Management Extension Health Evaluation => C:Program Files (x86)Microsoft Intune Management ExtensionClientHealthEval.exe [50040 2021-10-21] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:WINDOWSTasksCreateExplorerShellUnelevatedTask.job => C:WINDOWSexplorer.exe
Task: C:WINDOWSTasksEPSON XP-452 455 Series Update {3C7931B3-55AA-47C8-9C24-22580E1E1F5D}.job => C:WINDOWSsystem32spoolDRIVERSx643E_YTSVAE.EXE:/EXE:{3C7931B3-55AA-47C8-9C24-22580E1E1F5D} /F:UpdateWORKGROUPDESKTOP-U3693P7$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:WINDOWSTasksIntel PTT EK Recertification.job => C:Program FilesIntelIntel® Management Engine ComponentsiCLSIntelPTTEKRecertification.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
TcpipParameters: [DhcpNameServer] 192.168.0.1
Tcpip..Interfaces{393604ca-f3da-477c-9a99-a2dd1bce2634}: [DhcpNameServer] 192.168.0.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:UserspauldAppDataLocalMicrosoftEdgeUser DataDefault [2021-11-01]
Edge HKLM-x32…EdgeExtension: [pdhdldaneekjpoaldekpgomomeabpnek]
FireFox:
========
FF DefaultProfile: 8o2o01mc.default
FF ProfilePath: C:UserspauldAppDataRoamingMozillaFirefoxProfiles8o2o01mc.default [2021-11-01]
FF ProfilePath: C:UserspauldAppDataRoamingMozillaFirefoxProfiles2ge5bcm.default-release [2021-11-01]
FF Extension: (Bitdefender Anti-tracker) – C:UserspauldAppDataRoamingMozillaFirefoxProfiles2ge5bcm.default-releaseExtensionsbdtbe@bitdefender.com.xpi [2021-11-01] [UpdateUrl:hxxps//download.bitdefender.com/windows/desktop/connect/antitracker/updates.json ]
FF HKLM…FirefoxExtensions: [[email protected]] – C:Program FilesBitdefenderBitdefender Securitybdwteff.xpi
FF Extension: (Bitdefender Wallet) – C:Program FilesBitdefenderBitdefender Securitybdwteff.xpi [2021-06-29] [UpdateUrl:hxxps//download.bitdefender.com/windows/desktop/connect/wallet/updates.json ]
FF HKLM…FirefoxExtensions: [[email protected]] – C:Program FilesBitdefenderBitdefender Securitybdtbef.xpi
FF Extension: (Bitdefender Anti-tracker) – C:Program FilesBitdefenderBitdefender Securitybdtbef.xpi [2020-09-17] [UpdateUrl:hxxps//download.bitdefender.com/windows/desktop/connect/antitracker/updates.json ]
FF HKLM…ThunderbirdExtensions: [[email protected]] – C:Program FilesBitdefenderBitdefender Securitybdtbext
FF Extension: (Bitdefender Antispam Toolbar) – C:Program FilesBitdefenderBitdefender Securitybdtbext [2021-09-16] [Legacy] [not signed]
FF HKLM-x32…FirefoxExtensions: [[email protected]] – C:Program FilesBitdefenderBitdefender Securitybdwteff.xpi
FF HKLM-x32…FirefoxExtensions: [[email protected]] – C:Program FilesBitdefenderBitdefender Securitybdtbef.xpi
FF HKLM-x32…ThunderbirdExtensions: [[email protected]] – C:Program FilesBitdefenderBitdefender Securitybdtbext
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:Program FilesMicrosoft Silverlight5.1.50918.0npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:Program FilesMicrosoft OfficerootOffice16NPSPWRAP.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:Program FilesVideoLANVLCnpvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Mozilla Firefoxpluginsnpmeetingjoinpluginoc.dll [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:Program Files (x86)Microsoft Silverlight5.1.50918.0npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16NPSPWRAP.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
FF ExtraCheck: C:Program Filesmozilla firefoxdefaultsprefbd_js_config.js [2021-11-01] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:Program Filesmozilla firefoxbd_config.cfg [2021-11-01] <==== ATTENTION
Chrome:
=======
CHR Profile: C:UserspauldAppDataLocalGoogleChromeUser DataDefault [2021-11-01]
CHR Extension: (Slides) – C:UserspauldAppDataLocalGoogleChromeUser DataDefaultExtensionsaapocclcgogkmnckokdopfmhonfmgoek [2021-11-01]
CHR Extension: (Docs) – C:UserspauldAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake [2021-11-01]
CHR Extension: (Google Drive) – C:UserspauldAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf [2021-11-01]
CHR Extension: (YouTube) – C:UserspauldAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [2021-11-01]
CHR Extension: (Sheets) – C:UserspauldAppDataLocalGoogleChromeUser DataDefaultExtensionsfelcaaldnbdncclmgdcncolpebgiejap [2021-11-01]
CHR Extension: (Bitdefender Wallet) – C:UserspauldAppDataLocalGoogleChromeUser DataDefaultExtensionsgannpgaobkkhmpomoijebaigcapoeebl [2021-11-01]
CHR Extension: (Google Docs Offline) – C:UserspauldAppDataLocalGoogleChromeUser DataDefaultExtensionsghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-11-01]
CHR Extension: (Bitdefender Anti-tracker) – C:UserspauldAppDataLocalGoogleChromeUser DataDefaultExtensionskhndhdhbebhaddchcgnalcjlaekbbeof [2021-11-01]
CHR Extension: (Chrome Web Store Payments) – C:UserspauldAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [2021-11-01]
CHR Extension: (Gmail) – C:UserspauldAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia [2021-11-01]
CHR Profile: C:UserspauldAppDataLocalGoogleChromeUser DataSystem Profile [2021-11-01]
CHR HKLM-x32…ChromeExtension: [gannpgaobkkhmpomoijebaigcapoeebl]
CHR HKLM-x32…ChromeExtension: [khndhdhbebhaddchcgnalcjlaekbbeof]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:Program FilesSUPERAntiSpywareSASCORE64.EXE [173472 2021-01-09] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
S3 AfVpnService; C:Program FilesBitdefenderBitdefender VPNhydra.sdk.windows.service.exe [198256 2021-01-25] (Pango Inc. -> AnchorFree Inc.)
S3 AppleChargerSrv; C:WINDOWSSystem32AppleChargerSrv.exe [31272 2010-04-06] (Giga-Byte Technology -> )
R2 BDAuxSrv; C:Program FilesBitdefenderBitdefender Securitybdservicehost.exe [804312 2021-08-27] (Bitdefender SRL -> Bitdefender)
R2 BDProtSrv; C:Program FilesBitdefenderBitdefender Securitybdservicehost.exe [804312 2021-08-27] (Bitdefender SRL -> Bitdefender)
R2 bdredline; C:Program FilesCommon FilesBitdefenderSetupInformationBitdefender RedLinebdredline.exe [2161256 2018-03-22] (Bitdefender SRL -> Bitdefender)
R2 bdredline_agent; C:Program FilesBitdefender Agentredlinebdredline.exe [1899112 2018-03-22] (Bitdefender SRL -> Bitdefender)
R2 BdVpnService; C:Program FilesBitdefenderBitdefender VPNbdvpnservice.exe [256616 2021-10-04] (Bitdefender SRL -> Bitdefender)
S3 BEService; C:Program Files (x86)Common FilesBattlEyeBEService.exe [8901968 2021-09-19] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeClickToRun.exe [12034464 2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
R2 CorsairGamingAudioConfig; C:WindowsSystem32CorsairGamingAudioCfgService64.exe [616344 2021-01-11] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAService; C:Program Files (x86)CorsairCORSAIR iCUE SoftwareCueLLAccessService.exe [421536 2021-03-05] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
R2 CorsairService; C:Program Files (x86)CorsairCORSAIR iCUE SoftwareCorsair.Service.exe [80544 2021-03-05] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
S3 EasyAntiCheat; C:Program Files (x86)EasyAntiCheatEasyAntiCheat.exe [818304 2021-09-19] (EasyAntiCheat Oy -> Epic Games, Inc)
R2 EasyTuneEngineService; C:Program Files (x86)GigabyteEasyTuneEngineServiceEasyTuneEngineService.exe [147328 2021-07-12] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
R3 EpicOnlineServices; C:Program Files (x86)Epic GamesEpic Online ServicesserviceEpicOnlineServicesHost.exe [16029472 2021-10-05] (Epic Games Inc. -> Epic Games, Inc.)
S3 FileSyncHelper; C:Program FilesMicrosoft OneDrive21.196.0921.0007FileSyncHelper.exe [3252584 2021-10-18] (Microsoft Corporation -> Microsoft Corporation)
R2 gadjservice; C:Program Files (x86)GIGABYTEAppCenterAdjustService.exe [17920 2015-06-25] () [File not signed]
R2 GbtCareBotService; C:Program Files (x86)GIGABYTESmartSurveyGbtCareBotService.exe [138160 2018-09-06] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
R2 Gservice; C:Program Files (x86)GIGABYTEGServiceGCloud.exe [19888 2016-12-02] (GIGA-BYTE TECHNOLOGY CO., LTD. -> Microsoft)
R2 IntuneManagementExtension; C:Program Files (x86)Microsoft Intune Management ExtensionMicrosoft.Management.Services.IntuneWindowsAgent.exe [194392 2021-10-21] (Microsoft Corporation -> Microsoft Corporation)
R2 nordvpn-service; C:Program FilesNordVPNnordvpn-service.exe [280440 2021-06-06] (nordvpn s.a. -> TEFINCOM S.A.)
S2 OCButtonService; C:Program Files (x86)GigabyteEasyTuneEngineServiceOcButtonService.exe [127360 2021-04-13] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
S3 OneDrive Updater Service; C:Program FilesMicrosoft OneDrive21.196.0921.0007OneDriveUpdaterService.exe [3721576 2021-10-18] (Microsoft Corporation -> Microsoft Corporation)
S3 OVRLibraryService; C:Program FilesOculusSupportoculus-librarianOVRLibraryService.exe [144632 2021-11-01] (Oculus VR, LLC -> Facebook Technologies, LLC)
R2 OVRService; C:Program FilesOculusSupportoculus-runtimeOVRServiceLauncher.exe [511736 2021-11-01] (Oculus VR, LLC -> Facebook Technologies, LLC)
R2 ProductAgentService; C:Program FilesBitdefender AgentProductAgentService.exe [785512 2021-08-10] (Bitdefender SRL -> Bitdefender)
R2 Razer Game Manager Service; C:Program Files (x86)RazerRazer ServicesGMSGameManagerService.exe [254224 2021-10-19] (Razer USA Ltd. -> Razer Inc)
S3 Rockstar Service; C:Program FilesRockstar GamesLauncherRockstarService.exe [2332976 2021-10-23] (Rockstar Games, Inc. -> Rockstar Games)
R2 RzActionSvc; C:Program Files (x86)RazerRazer ServicesRazer CentralRazerCentralService.exe [533824 2021-10-19] (Razer USA Ltd. -> Razer Inc.)
R2 RzKLService; C:Program Files (x86)RazerRazer CortexRzKLService.exe [291320 2021-10-19] (Razer USA Ltd. -> Razer Inc.)
S3 Sense; C:Program FilesWindows Defender Advanced Threat ProtectionMsSense.exe [6103496 2021-11-01] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Smart TimeLock; C:Program Files (x86)GIGABYTESmart TimeLockTimeMgmtDaemon.exe [102400 2013-02-22] (Gigabyte Technology CO., LTD.) [File not signed]
S3 ss_conn_launcher_service; C:WINDOWSSystem32SamsungEasySetupss_conn_launcher.exe [183816 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 UPDATESRV; C:Program FilesBitdefenderBitdefender Securityupdatesrv.exe [284760 2021-08-27] (Bitdefender SRL -> Bitdefender)
R2 VSSERV; C:Program FilesBitdefenderBitdefender Securitybdservicehost.exe [804312 2021-08-27] (Bitdefender SRL -> Bitdefender)
S3 WdNisSvc; C:ProgramDataMicrosoftWindows Defenderplatform4.18.2108.7-0NisSrv.exe [2772856 2021-09-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:ProgramDataMicrosoftWindows Defenderplatform4.18.2108.7-0MsMpEng.exe [136640 2021-09-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:WINDOWSSystem32DriverStoreFileRepositorynv_dispi.inf_amd64_44dc4eefedc0d082Display.NvContainerNVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%NVIDIANVDisplay.ContainerLocalSystem.log -l 3 -d C:WINDOWSSystem32DriverStoreFileRepositorynv_dispi.inf_amd64_44dc4eefedc0d082Display.NvContainerpluginsLocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystemLocalSystem
R2 ZoomCptService; “C:Program Files (x86)Common FilesZoomSupportCptService.exe” -user_path “C:UserspauldAppDataRoamingZoom”
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AmdTools64; C:WINDOWSSystem32driversAmdTools64.sys [63392 2020-06-16] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 AppleCharger; C:WINDOWSSystem32DRIVERSAppleCharger.sys [22240 2013-10-28] (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
S3 AppleKmdfFilter; C:WINDOWSSystem32driversAppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:WINDOWSSystem32driversAppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R1 atc; C:WINDOWSSystem32DRIVERSatc.sys [3538632 2021-07-19] (Bitdefender SRL -> Bitdefender S.R.L. Bucharest, ROMANIA)
R2 BdDci; C:WINDOWSsystem32DRIVERSbddci.sys [802976 2020-12-04] (Bitdefender SRL -> Bitdefender)
S0 bdelam; C:WINDOWSSystem32driversbdelam.sys [22976 2020-12-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
R0 bdprivmon; C:WINDOWSSystem32DRIVERSbdprivmon.sys [46056 2020-01-17] (Bitdefender SRL -> © Bitdefender SRL)
S3 bduefiscan; C:WINDOWSsystem32DRIVERSbduefiscan.sys [55864 2021-07-08] (Bitdefender SRL -> Bitdefender)
R3 CorsairGamingAudioService; C:WINDOWSsystem32DRIVERSCorsairGamingAudio64.sys [60312 2021-01-11] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAccess3B84E98236B28D4E075D5737DF9F567A1FB76E8A; C:Program Files (x86)CorsairCORSAIR iCUE SoftwareCorsairLLAccess64.sys [21752 2021-01-11] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R3 CorsairVBusDriver; C:WINDOWSSystem32driversCorsairVBusDriver.sys [45984 2021-01-11] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 CorsairVHidDriver; C:WINDOWSSystem32driversCorsairVHidDriver.sys [21920 2021-01-11] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 cpuz150; C:WINDOWStempcpuz150cpuz150_x64.sys [44832 2021-11-01] (CPUID S.A.R.L.U. -> CPUID)
S3 dg_ssudbus; C:WINDOWSSystem32driversssudbus2.sys [159864 2021-06-29] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 dtlitescsibus; C:WINDOWSSystem32driversdtlitescsibus.sys [42256 2020-10-21] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 dtliteusbbus; C:WINDOWSSystem32driversdtliteusbbus.sys [59360 2020-10-21] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 gdrv; C:WINDOWSgdrv.sys [26792 2021-10-16] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
R3 gdrv2; C:WINDOWSgdrv2.sys [32600 2021-11-01] (GIGA-BYTE Technology Co., Ltd. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
R3 gdrv3; C:WINDOWSgdrv3.sys [36352 2021-10-15] (GIGA-BYTE Technology Co., Ltd. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
R0 Gemma; C:WINDOWSSystem32DRIVERSgemma.sys [1193584 2021-04-21] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
S3 GVCIDrv; C:Program Files (x86)GIGABYTERGBFusionGVCIDrv64.sys [18432 2019-12-08] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 HWiNFO32; C:UserspauldAppDataLocalTempHWiNFO64A.SYS [27552 2021-09-14] (Martin Malik – REALiX -> REALiX) <==== ATTENTION
R2 Ignis; C:WINDOWSsystem32DRIVERSignis.sys [185312 2020-10-07] (Bitdefender SRL -> Bitdefender)
R1 MSIO; C:WINDOWSsystem32driversMsIo64.sys [17424 2021-10-15] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd)
S3 NDivert; C:WINDOWSSystem32driversNDivert.sys [105184 2021-02-01] (TEFINCOM S.A. -> )
R1 nordlwf; C:WINDOWSsystem32DRIVERSnordlwf.sys [42576 2021-06-10] (nordvpn s.a. -> TEFINCOM S.A.)
R3 oculusvad_oculusvad; C:WINDOWSSystem32driversoculusvad.sys [75280 2021-05-02] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
R3 Oculus_ViGEmBus; C:WINDOWSSystem32driversOculus_ViGEmBus.sys [32856 2020-11-08] (Oculus VR, LLC -> Facebook Inc.)
R1 SASDIFSV; C:Program FilesSUPERAntiSpywareSASDIFSV64.SYS [14928 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:Program FilesSUPERAntiSpywareSASKUTIL64.SYS [12368 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ssudmdm; C:WINDOWSsystem32DRIVERSssudmdm.sys [168968 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ssudqcfilter; C:WINDOWSSystem32driversssudqcfilter.sys [65144 2021-06-29] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated)
S3 ss_conn_usb_driver; C:WINDOWSSystem32Driversss_conn_usb_driver.sys [45064 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:WINDOWSSystem32Driversss_conn_usb_driver2.sys [45064 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tap0901; C:WINDOWSSystem32driverstap0901.sys [47920 2020-02-20] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R3 tapnordvpn; C:WINDOWSSystem32driverstapnordvpn.sys [44896 2020-06-09] (TEFINCOM S.A. -> The OpenVPN Project)
R0 trufos; C:WINDOWSSystem32DRIVERStrufos.sys [615328 2021-07-21] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
S1 UsbCharger; C:WINDOWSSystem32DRIVERSUsbCharger.sys [22240 2013-10-24] (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
S3 vdvge; C:WINDOWSSystem32driversvdvge.sys [77864 2020-10-02] (Virtual Desktop, Inc. -> Virtual Desktop, Inc.)
S3 ViGEmBus; C:WINDOWSSystem32driversViGEmBus.sys [69168 2019-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Benjamin Höglinger-Stelzer)
R3 vlflt; C:WINDOWSSystem32DRIVERSvlflt.sys [481696 2021-09-01] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
S3 WdBoot; C:WINDOWSsystem32driverswdWdBoot.sys [48536 2021-09-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:WINDOWSsystem32driverswdWdFilter.sys [433384 2021-09-10] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:WINDOWSSystem32driverswdWdNisDrv.sys [86264 2021-09-10] (Microsoft Windows -> Microsoft Corporation)
S3 wintun; C:WINDOWSsystem32DRIVERSwintun.sys [29680 2021-10-06] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 ALSysIO; ??C:UserspauldAppDataLocalTempALSysIO64.sys [X] <==== ATTENTION
S2 GLCKIO2; ??C:Program Files (x86)GIGABYTERGBFusionGLCKIO2.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-11-01 23:02 – 2021-11-01 23:03 – 000000000 ____D C:FRST
2021-11-01 19:15 – 2021-11-01 19:15 – 000220708 _____ C:ProgramDatavpn.1635794096.bdinstall.v2.bin
2021-11-01 19:15 – 2021-11-01 19:15 – 000000000 ____D C:ProgramDataAnchorFree_Inc
2021-11-01 19:14 – 2021-11-01 19:14 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsBitdefender VPN
2021-11-01 19:14 – 2021-11-01 19:14 – 000000000 ____D C:ProgramDataBitdefender VPN
2021-11-01 19:08 – 2021-11-01 19:14 – 000002195 _____ C:UsersPublicDesktopBitdefender VPN.lnk
2021-11-01 19:08 – 2021-11-01 19:08 – 000603940 _____ C:ProgramDatacl.1635793613.bdinstall.v2.bin
2021-11-01 19:08 – 2021-11-01 19:08 – 000003420 _____ C:WINDOWSsystem32TasksBitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C
2021-11-01 19:08 – 2021-11-01 19:08 – 000002342 _____ C:UsersPublicDesktopBitdefender.lnk
2021-11-01 19:08 – 2021-11-01 19:08 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsBitdefender Security
2021-11-01 19:08 – 2021-11-01 19:08 – 000000000 ____D C:ProgramDataGemma
2021-11-01 19:08 – 2021-11-01 19:08 – 000000000 ____D C:ProgramDataAtc
2021-11-01 19:08 – 2021-11-01 19:08 – 000000000 ____D C:ProgramData48C4687D-9760-4F5B-BAB3-60351B0841E4
2021-11-01 19:07 – 2021-11-01 19:23 – 000000000 ____D C:ProgramDataBitdefender
2021-11-01 19:07 – 2021-11-01 19:08 – 000000000 ____D C:ProgramDataBDLogging
2021-11-01 19:07 – 2021-11-01 19:07 – 000000000 ____D C:WINDOWSsystem32elambkup
2021-11-01 19:07 – 2021-11-01 19:07 – 000000000 ____D C:UserspauldAppDataRoamingBitdefender
2021-11-01 19:07 – 2021-07-21 13:24 – 000615328 _____ (Bitdefender) C:WINDOWSsystem32Driverstrufos.sys
2021-11-01 19:07 – 2021-07-19 07:34 – 003538632 _____ (Bitdefender S.R.L. Bucharest, ROMANIA) C:WINDOWSsystem32Driversatc.sys
2021-11-01 19:07 – 2021-07-08 22:36 – 000055864 _____ (Bitdefender) C:WINDOWSsystem32Driversbduefiscan.sys
2021-11-01 19:07 – 2021-04-21 13:53 – 001193584 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:WINDOWSsystem32Driversgemma.sys
2021-11-01 19:07 – 2020-12-17 23:33 – 000022976 _____ (Bitdefender) C:WINDOWSsystem32Driversbdelam.sys
2021-11-01 19:07 – 2020-12-04 13:15 – 000802976 _____ (Bitdefender) C:WINDOWSsystem32Driversbddci.sys
2021-11-01 19:07 – 2020-10-07 08:30 – 000185312 _____ (Bitdefender) C:WINDOWSsystem32Driversignis.sys
2021-11-01 19:07 – 2020-01-17 00:03 – 000046056 _____ (© Bitdefender SRL) C:WINDOWSsystem32Driversbdprivmon.sys
2021-11-01 19:06 – 2021-11-01 19:14 – 000000000 ____D C:Program FilesBitdefender
2021-11-01 19:06 – 2021-11-01 19:06 – 000032600 ____N (GIGA-BYTE TECHNOLOGY CO., LTD.) C:WINDOWSgdrv2.sys
2021-11-01 18:48 – 2021-11-01 18:48 – 000568832 _____ (Microsoft Corporation) C:WINDOWSsystem32inetcpl.cpl
2021-11-01 18:48 – 2021-11-01 18:48 – 000451072 _____ (Microsoft Corporation) C:WINDOWSSysWOW64inetcpl.cpl
2021-11-01 18:48 – 2021-11-01 18:48 – 000011361 _____ C:WINDOWSsystem32DrtmAuthTxt.wim
2021-11-01 18:47 – 2021-11-01 18:47 – 001825368 _____ (Microsoft Corporation) C:WINDOWSsystem32winload.efi
2021-11-01 18:47 – 2021-11-01 18:47 – 001393480 _____ (Microsoft Corporation) C:WINDOWSsystem32winresume.efi
2021-11-01 18:39 – 2021-11-01 18:39 – 000000000 ___HD C:$WinREAgent
2021-11-01 18:33 – 2021-11-01 18:33 – 000001146 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsPC Health Check.lnk
2021-11-01 18:33 – 2021-11-01 18:33 – 000000000 ____D C:Program FilesPCHealthCheck
2021-11-01 18:31 – 2021-11-01 18:31 – 000003846 _____ C:WINDOWSsystem32TasksBitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2021-11-01 18:30 – 2021-11-01 19:07 – 000000000 ____D C:Program FilesCommon FilesBitdefender
2021-11-01 18:30 – 2021-09-01 09:47 – 000481696 _____ (Bitdefender) C:WINDOWSsystem32Driversvlflt.sys
2021-11-01 18:29 – 2021-11-01 18:29 – 000225144 _____ C:ProgramDataagent.1635791379.bdinstall.v2.bin
2021-11-01 18:29 – 2021-11-01 18:29 – 000000000 ____D C:ProgramDataBitdefender Agent
2021-11-01 18:29 – 2021-11-01 18:29 – 000000000 ____D C:Program FilesBitdefender Agent
2021-11-01 18:01 – 2021-11-01 18:01 – 000003420 _____ C:WINDOWSsystem32TasksGoogleUpdateTaskMachineUA
2021-11-01 18:01 – 2021-11-01 18:01 – 000003296 _____ C:WINDOWSsystem32TasksGoogleUpdateTaskMachineCore
2021-11-01 18:01 – 2021-11-01 18:01 – 000002323 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk
2021-11-01 18:01 – 2021-11-01 18:01 – 000002282 _____ C:UsersPublicDesktopGoogle Chrome.lnk
2021-11-01 18:01 – 2021-11-01 18:01 – 000000000 ____D C:Program FilesGoogle
2021-11-01 17:26 – 2021-11-01 17:26 – 001347776 _____ (Intel Corporation) C:WINDOWSsystem32DriversiaStorAC.sys
2021-11-01 17:26 – 2021-11-01 17:26 – 000027328 _____ (Intel Corporation) C:WINDOWSsystem32RstMwEventLogMsg.dll
2021-11-01 17:23 – 2021-11-01 17:23 – 000054382 _____ C:UserspauldOneDriveDocumentscc_20211101_172354.reg
2021-11-01 17:21 – 2021-10-21 17:49 – 001874648 _____ C:WINDOWSsystem32vulkaninfo-1-999-0-0-0.exe
2021-11-01 17:21 – 2021-10-21 17:49 – 001874648 _____ C:WINDOWSsystem32vulkaninfo.exe
2021-11-01 17:21 – 2021-10-21 17:49 – 001464952 _____ (Khronos Group) C:WINDOWSsystem32OpenCL.dll
2021-11-01 17:21 – 2021-10-21 17:49 – 001450232 _____ C:WINDOWSSysWOW64vulkaninfo-1-999-0-0-0.exe
2021-11-01 17:21 – 2021-10-21 17:49 – 001450232 _____ C:WINDOWSSysWOW64vulkaninfo.exe
2021-11-01 17:21 – 2021-10-21 17:49 – 001206384 _____ (Khronos Group) C:WINDOWSSysWOW64OpenCL.dll
2021-11-01 17:21 – 2021-10-21 17:49 – 001111256 _____ C:WINDOWSsystem32vulkan-1-999-0-0-0.dll
2021-11-01 17:21 – 2021-10-21 17:49 – 001111256 _____ C:WINDOWSsystem32vulkan-1.dll
2021-11-01 17:21 – 2021-10-21 17:49 – 000965336 _____ C:WINDOWSSysWOW64vulkan-1-999-0-0-0.dll
2021-11-01 17:21 – 2021-10-21 17:49 – 000965336 _____ C:WINDOWSSysWOW64vulkan-1.dll
2021-11-01 17:21 – 2021-10-21 17:45 – 001523336 _____ (NVIDIA Corporation) C:WINDOWSsystem32NvIFR64.dll
2021-11-01 17:21 – 2021-10-21 17:45 – 001172608 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64NvIFR.dll
2021-11-01 17:21 – 2021-10-21 17:45 – 000800368 _____ C:WINDOWSsystem32nvofapi64.dll
2021-11-01 17:21 – 2021-10-21 17:45 – 000707728 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvidia-smi.exe
2021-11-01 17:21 – 2021-10-21 17:45 – 000676480 _____ (NVIDIA Corporation) C:WINDOWSsystem32NvIFROpenGL.dll
2021-11-01 17:21 – 2021-10-21 17:45 – 000656512 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvml.dll
2021-11-01 17:21 – 2021-10-21 17:45 – 000635000 _____ C:WINDOWSSysWOW64nvofapi.dll
2021-11-01 17:21 – 2021-10-21 17:45 – 000564352 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64NvIFROpenGL.dll
2021-11-01 17:21 – 2021-10-21 17:44 – 008724080 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvcuvid.dll
2021-11-01 17:21 – 2021-10-21 17:44 – 007843984 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64nvcuvid.dll
2021-11-01 17:21 – 2021-10-21 17:44 – 004938896 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64nvcuda.dll
2021-11-01 17:21 – 2021-10-21 17:44 – 002850416 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvcuda.dll
2021-11-01 17:21 – 2021-10-21 17:44 – 002114688 _____ (NVIDIA Corporation) C:WINDOWSsystem32NvFBC64.dll
2021-11-01 17:21 – 2021-10-21 17:44 – 001597584 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64NvFBC.dll
2021-11-01 17:21 – 2021-10-21 17:44 – 000981112 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvEncodeAPI64.dll
2021-11-01 17:21 – 2021-10-21 17:44 – 000792208 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64nvEncodeAPI.dll
2021-11-01 17:21 – 2021-10-21 17:44 – 000452216 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvdebugdump.exe
2021-11-01 17:21 – 2021-10-21 17:43 – 005727376 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvcpl.dll
2021-11-01 17:21 – 2021-10-21 17:43 – 000849016 _____ (NVIDIA Corporation) C:WINDOWSsystem32MCU.exe
2021-11-01 17:21 – 2021-10-21 00:48 – 000085748 _____ C:WINDOWSsystem32nvinfo.pb
2021-10-29 17:40 – 2021-10-29 17:40 – 000000000 ____D C:UserspauldAppDataLocalcleaneronepro-updater
2021-10-29 17:27 – 2021-11-01 18:14 – 000000000 ____D C:UserspauldAppDataLocalTrend Micro
2021-10-29 17:27 – 2021-11-01 18:14 – 000000000 ____D C:Program Files (x86)Trend Micro
2021-10-29 17:15 – 2021-10-29 17:15 – 001106404 _____ C:UserspauldAppDataLocalcensus.cache
2021-10-29 17:15 – 2021-10-29 17:15 – 000549126 _____ C:UserspauldAppDataLocalars.cache
2021-10-29 17:12 – 2021-10-29 17:12 – 000000010 _____ C:UserspauldAppDataLocalsponge.last.runtime.cache
2021-10-29 17:07 – 2021-11-01 18:14 – 000000000 ____D C:ProgramDataTrend Micro
2021-10-29 17:07 – 2021-10-29 17:07 – 000000000 ____D C:WINDOWSTrend Micro
2021-10-29 17:05 – 2021-10-29 17:05 – 000000036 _____ C:UserspauldAppDataLocalhousecall.guid.cache
2021-10-29 17:03 – 2021-11-01 17:57 – 000000000 ____D C:UserspauldAppDataLocalFSDART
2021-10-29 17:03 – 2021-10-29 17:04 – 000000000 ____D C:ProgramDataF-Secure
2021-10-29 17:03 – 2021-10-29 17:03 – 000000000 ____D C:UserspauldAppDataLocalF-Secure
2021-10-28 10:16 – 2021-10-28 10:16 – 000000000 ____D C:UserspauldAppDataLocalmbam
2021-10-28 10:13 – 2021-10-28 10:13 – 000000000 ____D C:UserspauldAppDataRoaminguneath
2021-10-28 10:13 – 2021-10-28 10:13 – 000000000 ____D C:ProgramDataUJXNSD7TVF2ZQDZ7W88J5LLKN
2021-10-28 10:12 – 2021-10-28 10:25 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramseSupport.com
2021-10-28 10:12 – 2021-10-28 10:25 – 000000000 ____D C:Program Files (x86)eSupport.com
2021-10-28 10:12 – 2021-10-28 10:13 – 000000000 ____D C:UserspauldAppDataLocalYandex
2021-10-28 10:12 – 2021-10-28 10:12 – 000055727 _____ C:UserspauldOneDriveDocumentsride_4_naked_japan_style-codex.torrent
2021-10-28 10:12 – 2020-02-20 13:02 – 000047920 _____ (The OpenVPN Project) C:WINDOWSsystem32Driverstap0901.sys
2021-10-28 10:12 – 2018-08-29 14:48 – 000027136 _____ (The OpenVPN Project) C:WINDOWSsystem32DriversSETDC40.tmp
2021-10-20 09:14 – 2021-10-20 09:14 – 000706536 _____ C:WINDOWSsystem32TextShaping.dll
2021-10-20 09:14 – 2021-10-20 09:14 – 000611960 _____ C:WINDOWSSysWOW64TextShaping.dll
2021-10-20 09:14 – 2021-10-20 09:14 – 000593920 _____ (Microsoft Corporation) C:WINDOWSsystem32winspool.drv
2021-10-20 09:14 – 2021-10-20 09:14 – 000449024 _____ (Microsoft Corporation) C:WINDOWSSysWOW64winspool.drv
2021-10-20 09:14 – 2021-10-20 09:14 – 000288768 _____ C:WINDOWSsystem32Windows.Management.InprocObjects.dll
2021-10-20 09:14 – 2021-10-20 09:14 – 000203264 _____ C:WINDOWSsystem32uwfcfgmgmt.dll
2021-10-20 09:14 – 2021-10-20 09:14 – 000158208 _____ C:WINDOWSsystem32uwfcsp.dll
2021-10-20 09:14 – 2021-10-20 09:14 – 000098304 _____ C:WINDOWSsystem32Driverscimfs.sys
2021-10-20 09:14 – 2021-10-20 09:14 – 000040960 _____ C:WINDOWSsystem32uwfservicingapi.dll
2021-10-20 09:14 – 2021-10-20 09:14 – 000007168 _____ (Microsoft Corporation) C:WINDOWSsystem32msdxm.ocx
2021-10-20 09:14 – 2021-10-20 09:14 – 000005632 _____ (Microsoft Corporation) C:WINDOWSSysWOW64msdxm.ocx
2021-10-18 00:35 – 2021-10-18 00:36 – 000000000 ____D C:UserspauldAppDataRoamingEaseware
2021-10-18 00:32 – 2021-11-01 17:29 – 000002596 _____ C:WINDOWSsystem32TasksGraphicsCardEngine
2021-10-17 11:35 – 2021-10-17 11:35 – 000000000 ____D C:UserspauldAppDataRoamingCorsair
2021-10-17 11:35 – 2021-10-17 11:35 – 000000000 ____D C:UserspauldAppDataLocalCorsair
2021-10-17 11:35 – 2021-10-17 11:35 – 000000000 ____D C:UserspauldAppDataLocalcache
2021-10-17 11:32 – 2021-10-17 11:32 – 000001199 _____ C:UsersPublicDesktopiCUE.lnk
2021-10-17 11:32 – 2021-10-17 11:32 – 000000000 ____D C:ProgramDataCorsair
2021-10-17 11:32 – 2021-10-17 11:32 – 000000000 ____D C:Program Files (x86)Corsair
2021-10-17 00:03 – 2021-10-17 00:03 – 000000000 ____D C:SUPERDelete
2021-10-16 22:05 – 2021-10-16 22:19 – 000000000 ____D C:UserspauldAppDataRoamingSideQuest
2021-10-16 22:05 – 2021-10-16 22:05 – 000002515 _____ C:UserspauldAppDataRoamingMicrosoftWindowsStart MenuProgramsSideQuest.lnk
2021-10-16 22:05 – 2021-10-16 22:05 – 000000000 ____D C:UserspauldAppDataLocalsidequest-updater
2021-10-16 18:20 – 2021-10-16 18:22 – 000000000 ____D C:UserspauldAppDataRoamingHOODLUM
2021-10-16 18:20 – 2021-10-16 18:20 – 000000000 ____D C:UserspauldAppDataLocalForzaHorizon4
2021-10-16 18:16 – 2021-10-16 18:16 – 000000571 _____ C:UsersPublicDesktopPlay Forza Horizon 4 Ultimate Edition.lnk
2021-10-16 18:16 – 2021-10-16 18:16 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsForza Horizon 4 Ultimate Edition
2021-10-16 15:57 – 2021-10-16 15:57 – 000000322 ____H C:WINDOWSTasksIntel PTT EK Recertification.job
2021-10-16 15:22 – 2021-10-16 21:28 – 000000000 ____D C:UserspauldAppDataLocalHome2
2021-10-16 13:41 – 2021-10-16 13:41 – 000002011 _____ C:UsersPublicDesktopOculus.lnk
2021-10-16 13:41 – 2021-10-16 13:41 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuOculus
2021-10-16 13:00 – 2021-10-16 13:00 – 000000578 __RSH C:ProgramDatantuser.pol
2021-10-16 11:08 – 2021-10-16 11:08 – 000000000 ____D C:UserspauldAppDataLocalCD Projekt Red
2021-10-16 11:07 – 2021-10-16 11:07 – 000000000 ____D C:UserspauldAppDataLocalREDEngine
2021-10-16 11:07 – 2021-10-16 11:07 – 000000000 ____D C:UserspauldAppDataLocalGOG.com
2021-10-16 02:36 – 2021-10-16 02:36 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsCyberpunk 2077
2021-10-16 02:10 – 2021-10-18 00:37 – 002365384 _____ (Intel Corporation) C:WINDOWSrstcli.exe
2021-10-16 02:10 – 2021-10-18 00:37 – 000000027 _____ C:WINDOWScli.bat
2021-10-16 01:53 – 2021-10-16 01:53 – 000026792 ____N (GIGA-BYTE TECHNOLOGY CO., LTD.) C:WINDOWSgdrv.sys
2021-10-16 01:53 – 2011-10-26 20:28 – 000156160 _____ C:WINDOWSsystem32FW1FontWrapper.dll
2021-10-16 01:51 – 2021-10-16 01:51 – 000001238 _____ C:UsersPublicDesktopXSplit Broadcaster.lnk
2021-10-16 01:51 – 2021-10-16 01:51 – 000000960 _____ C:UsersPublicDesktopCPUID CPU-Z Aorus.lnk
2021-10-16 01:51 – 2021-10-16 01:51 – 000000000 ____D C:ProgramDataSplitMediaLabs
2021-10-16 01:51 – 2021-10-16 01:51 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsXSplit
2021-10-16 01:51 – 2021-10-16 01:51 – 000000000 ____D C:Program Files (x86)SplitmediaLabs
2021-10-16 01:50 – 2021-10-16 01:50 – 000000000 ____D C:UserspauldAppDataRoamingSplitmediaLabs
2021-10-16 01:26 – 2021-10-16 01:26 – 000000000 ____H C:WINDOWSsystem32DriversMsft_User_WpdFs_01_11_00.Wdf
2021-10-16 00:37 – 2021-10-16 16:02 – 000001038 _____ C:UsersPublicDesktopPowerISO.lnk
2021-10-16 00:37 – 2021-10-16 00:37 – 000000000 ____D C:UserspauldAppDataRoamingPowerISO
2021-10-16 00:37 – 2021-10-16 00:37 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsPowerISO
2021-10-16 00:37 – 2021-10-16 00:37 – 000000000 ____D C:Program FilesPowerISO
2021-10-16 00:09 – 2021-10-16 15:48 – 000000000 ____D C:UserspauldAppDataRoamingOculusClient
2021-10-16 00:09 – 2021-10-16 13:28 – 000000000 ____D C:UserspauldAppDataRoamingOculus
2021-10-16 00:09 – 2021-10-16 00:09 – 000000000 ____D C:ProgramDataOculus
2021-10-16 00:06 – 2021-11-01 19:37 – 000000000 ____D C:Program FilesOculus
2021-10-16 00:06 – 2021-10-16 00:06 – 000000000 ____D C:Program Files (x86)VulkanRT
2021-10-15 23:51 – 2021-10-15 23:51 – 000000000 ____D C:UserspauldAppDataLocalopenvr
2021-10-15 23:07 – 2021-10-15 23:07 – 000000000 ____D C:Program FilesFile Shredder
2021-10-15 22:53 – 2021-10-15 22:54 – 000012288 _____ C:UserspauldAppDataRoamingemp.bin
2021-10-15 22:53 – 2021-10-15 22:53 – 000000000 ____D C:UserspauldAppDataRoamingEMPRESS
2021-10-15 22:33 – 2017-06-07 00:36 – 000138296 _____ (Power Software Ltd) C:WINDOWSsystem32Driversscdemu.sys
2021-10-15 22:22 – 2021-10-15 22:22 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsWinCDEmu
2021-10-15 22:19 – 2021-10-15 22:30 – 000000000 ____D C:UserspauldAppDataRoamingImgBurn
2021-10-15 21:55 – 2021-10-15 21:55 – 000002685 _____ C:UsersPublicDesktopIntel® Extreme Tuning Utility.lnk
2021-10-15 21:55 – 2021-10-15 21:55 – 000000000 ____D C:WINDOWSsystem32TasksIntel
2021-10-15 21:51 – 2021-10-15 21:51 – 000036352 ____N (GIGA-BYTE TECHNOLOGY CO., LTD.) C:WINDOWSgdrv3.sys
2021-10-15 21:50 – 2021-10-15 21:50 – 000017424 _____ (MICSYS Technology Co., LTd) C:WINDOWSsystem32DriversMsIo64.sys
2021-10-15 21:49 – 2021-10-15 21:49 – 000002075 _____ C:UsersPublicDesktopRGBFusion2.0.lnk
2021-10-15 18:34 – 2021-10-30 20:43 – 000000000 ____D C:UserspauldAppDataRoamingMPC-HC
2021-10-15 18:25 – 2021-10-15 18:26 – 000000000 ____D C:UserspauldAppDataRoamingvlc
2021-10-15 17:59 – 2021-09-13 00:28 – 000450575 ____R C:WINDOWSsystem32Driversetchosts.20211015-185946.backup
2021-10-15 17:29 – 2021-10-28 10:43 – 000000000 ____D C:UserspauldAppDataRoamingqBittorrent
2021-10-15 17:29 – 2021-10-15 17:29 – 000000000 ____D C:UserspauldAppDataLocalqBittorrent
2021-10-15 17:19 – 2021-10-15 17:19 – 000000000 ___SH C:UsersPublicShared Files
2021-10-15 17:13 – 2021-10-15 17:13 – 008814136 _____ (Intel Corporation) C:WINDOWSsystem32DriversNetwtw08.sys
2021-10-15 17:13 – 2021-10-15 17:13 – 002684640 _____ C:WINDOWSsystem32DriversNetwfw08.dat
2021-10-15 17:13 – 2021-10-15 17:13 – 001529408 _____ (Intel Corporation) C:WINDOWSsystem32IntelIHVRouter08.dll
2021-10-15 17:13 – 2021-10-15 17:13 – 000000000 ____D C:UserspauldAppDataRoamingNVIDIA
2021-10-15 17:13 – 2021-10-15 17:13 – 000000000 ____D C:UserspauldAppDataRoamingEasyAntiCheat
2021-10-15 17:13 – 2021-10-15 17:13 – 000000000 ____D C:UserspauldAppDataLocalFortniteGame
2021-10-15 17:13 – 2021-10-15 17:13 – 000000000 ____D C:UserspauldAppDataLocalCrashReportClient
2021-10-15 17:13 – 2021-10-15 17:13 – 000000000 ____D C:Program Files (x86)EasyAntiCheat
2021-10-13 17:30 – 2021-10-07 00:58 – 000038016 _____ (NVIDIA Corporation) C:WINDOWSsystem32Driversnvhdap64.dll
2021-10-13 17:29 – 2021-10-21 17:39 – 006430824 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64nvapi.dll
2021-10-06 23:26 – 2021-10-06 23:26 – 000029680 _____ (WireGuard LLC) C:WINDOWSsystem32Driverswintun.sys
2021-10-06 14:39 – 2021-11-01 19:56 – 000000000 ____D C:Program FilesMozilla Firefox
2021-10-05 20:30 – 2021-10-05 20:30 – 000000000 ____D C:WINDOWSSysWOW64NV
2021-10-05 20:30 – 2021-10-05 20:30 – 000000000 ____D C:WINDOWSsystem32NV
2021-10-05 20:15 – 2021-10-05 20:15 – 000000000 ____D C:UserspauldAppDataLocalIsolatedStorage
2021-10-05 19:16 – 2021-10-08 17:05 – 000000000 ____D C:UserspauldAppDataRoamingKodi
2021-10-05 19:16 – 2021-10-05 19:16 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsKodi
2021-10-05 19:16 – 2021-10-05 19:16 – 000000000 ____D C:Program FilesKodi
2021-10-05 19:15 – 2021-10-05 19:15 – 000000000 ____D C:UserspauldAppDataLocalEOSUserHelper
2021-10-05 19:13 – 2021-10-05 19:13 – 000000000 ____D C:UserspauldAppDataLocalEpic Games
2021-10-04 18:50 – 2021-10-04 18:50 – 000002783 _____ C:UserspauldAppDataLocalrecently-used.xbel
2021-10-04 18:50 – 2021-10-04 18:50 – 000000000 ____D C:UserspauldAppDataLocalgtk-2.0
2021-10-04 18:49 – 2021-10-04 18:49 – 000000000 ____D C:Userspauld.cache
2021-10-04 18:48 – 2021-10-04 18:50 – 000000000 ____D C:UserspauldAppDataLocalbabl-0.1
2021-10-04 18:48 – 2021-10-04 18:48 – 000000000 ____D C:UserspauldAppDataRoamingGIMP
2021-10-04 18:48 – 2021-10-04 18:48 – 000000000 ____D C:UserspauldAppDataLocalGIMP
2021-10-04 18:48 – 2021-10-04 18:48 – 000000000 ____D C:UserspauldAppDataLocalgegl-0.4
2021-10-04 18:46 – 2021-10-04 18:51 – 000000000 ___RD C:UserspauldOneDriveDocumentsScanned Documents
2021-10-04 18:46 – 2021-10-04 18:46 – 000000000 ____D C:UserspauldOneDriveDocumentsFax
2021-10-04 17:19 – 2021-10-04 17:19 – 000000000 ____D C:UsersDefaultAppDataLocalEpic Games
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-11-01 23:00 – 2021-09-10 08:11 – 000000000 ____D C:WINDOWSsystem32SleepStudy
2021-11-01 22:57 – 2021-09-12 09:21 – 000000000 ____D C:UserspauldAppDataRoamingSpotify
2021-11-01 22:49 – 2021-09-12 09:13 – 000000000 ____D C:Program Files (x86)Steam
2021-11-01 22:08 – 2021-09-12 11:44 – 000000000 ____D C:Program Files (x86)Google
2021-11-01 20:39 – 2020-10-09 19:28 – 000000000 ____D C:UserspauldAppDataLocalLowMozilla
2021-11-01 19:57 – 2021-09-12 09:13 – 000000000 ____D C:ProgramDataMozilla
2021-11-01 19:41 – 2021-09-12 09:21 – 000000000 ____D C:UserspauldAppDataLocalSpotify
2021-11-01 19:39 – 2021-09-14 17:42 – 000000000 ____D C:UserspauldAppDataLocalOculus
2021-11-01 19:23 – 2021-09-10 09:00 – 000032768 _____ C:WINDOWSsystem32configELAM
2021-11-01 19:15 – 2021-09-10 09:04 – 000000000 ___SD C:WINDOWSDownloaded Program Files
2021-11-01 19:15 – 2021-09-10 09:04 – 000000000 ___RD C:WINDOWSOffline Web Pages
2021-11-01 19:14 – 2021-09-10 09:03 – 000000000 ____D C:WINDOWSINF
2021-11-01 19:12 – 2021-09-10 09:04 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft
2021-11-01 19:12 – 2021-09-10 08:23 – 000797554 _____ C:WINDOWSsystem32PerfStringBackup.INI
2021-11-01 19:11 – 2021-09-14 17:44 – 000003026 _____ C:WINDOWSsystem32TasksDriver Booster SkipUAC (pauld)
2021-11-01 19:08 – 2021-09-10 08:44 – 000000000 ____D C:ProgramDataNVIDIA
2021-11-01 19:07 – 2021-09-23 19:02 – 000000000 ____D C:Program FilesCCleaner
2021-11-01 19:07 – 2021-09-14 17:44 – 000000000 ____D C:Program Files (x86)IObit Driver Booster
2021-11-01 19:07 – 2021-09-12 10:11 – 000000000 ____D C:UserspauldAppDataRoamingNordPass
2021-11-01 19:06 – 2021-09-10 09:04 – 000000000 ____D C:WINDOWSAppReadiness
2021-11-01 19:06 – 2020-10-08 21:19 – 000000000 ___RD C:UserspauldOneDrive
2021-11-01 19:05 – 2021-09-12 09:43 – 000000000 ____D C:UserspauldAppDataLocalAvast Software
2021-11-01 19:05 – 2021-09-12 09:32 – 000000000 ____D C:ProgramDataAvast Software
2021-11-01 19:05 – 2021-09-12 09:25 – 000000000 ____D C:Program Files (x86)Spybot – Search & Destroy 2
2021-11-01 19:05 – 2021-09-10 09:00 – 000524288 _____ C:WINDOWSsystem32configBBI
2021-11-01 19:05 – 2021-09-10 08:12 – 000000006 ____H C:WINDOWSTasksSA.DAT
2021-11-01 19:05 – 2021-09-10 08:11 – 000439016 _____ C:WINDOWSsystem32FNTCACHE.DAT
2021-11-01 19:05 – 2020-10-09 03:55 – 000008192 ___SH C:DumpStack.log.tmp
2021-11-01 19:04 – 2021-09-10 09:05 – 000000000 ____D C:WINDOWSen-GB
2021-11-01 19:04 – 2021-09-10 09:04 – 000000000 ___SD C:WINDOWSsystem32AppV
2021-11-01 19:04 – 2021-09-10 09:04 – 000000000 ___RD C:WINDOWSImmersiveControlPanel
2021-11-01 19:04 – 2021-09-10 09:04 – 000000000 ____D C:WINDOWSSysWOW64setup
2021-11-01 19:04 – 2021-09-10 09:04 – 000000000 ____D C:WINDOWSSysWOW64Dism
2021-11-01 19:04 – 2021-09-10 09:04 – 000000000 ____D C:WINDOWSSystemResources
2021-11-01 19:04 – 2021-09-10 09:04 – 000000000 ____D C:WINDOWSsystem32setup
2021-11-01 19:04 – 2021-09-10 09:04 – 000000000 ____D C:WINDOWSsystem32oobe
2021-11-01 19:04 – 2021-09-10 09:04 – 000000000 ____D C:WINDOWSsystem32Dism
2021-11-01 19:04 – 2021-09-10 09:04 – 000000000 ____D C:WINDOWSShellExperiences
2021-11-01 19:04 – 2021-09-10 09:04 – 000000000 ____D C:WINDOWSPolicyDefinitions
2021-11-01 19:04 – 2021-09-10 09:04 – 000000000 ____D C:WINDOWSbcastdvr
2021-11-01 19:04 – 2021-09-10 09:04 – 000000000 ____D C:Program FilesWindows Defender Advanced Threat Protection
2021-11-01 19:04 – 2021-09-10 09:00 – 000000000 ____D C:WINDOWSservicing
2021-11-01 18:51 – 2021-09-10 09:01 – 000000000 ____D C:WINDOWSCbsTemp
2021-11-01 18:31 – 2021-09-10 09:04 – 000000000 ___HD C:WINDOWSELAMBKUP
2021-11-01 18:30 – 2021-09-13 22:13 – 000003654 _____ C:WINDOWSwininit.ini
2021-11-01 18:30 – 2021-09-12 09:25 – 000000000 ____D C:ProgramDataSpybot – Search & Destroy
2021-11-01 18:03 – 2021-09-11 07:30 – 000000000 ____D C:UserspauldAppDataLocalD3DSCache
2021-11-01 18:01 – 2021-09-11 07:30 – 000000000 ____D C:UserspauldAppDataLocalGoogle
2021-11-01 17:59 – 2021-09-12 09:41 – 000000000 ____D C:UserspauldAppDataLocalCrashDumps
2021-11-01 17:57 – 2021-09-28 16:24 – 000000951 _____ C:WINDOWSTasksEPSON XP-452 455 Series Update {3C7931B3-55AA-47C8-9C24-22580E1E1F5D}.job
2021-11-01 17:57 – 2021-09-10 09:04 – 000000000 ____D C:WINDOWSServiceState
2021-11-01 17:57 – 2021-09-10 08:44 – 000000000 ____D C:WINDOWSSensorFramework
2021-11-01 17:36 – 2021-09-10 08:30 – 000000000 ____D C:UserspauldAppDataLocalPlaceholderTileLogoFolder
2021-11-01 17:36 – 2021-09-10 08:28 – 000000000 ____D C:UserspauldAppDataLocalConnectedDevicesPlatform
2021-11-01 17:34 – 2021-09-10 08:28 – 000000000 ____D C:UserspauldAppDataLocalPackages
2021-11-01 17:29 – 2021-09-28 16:24 – 000003510 _____ C:WINDOWSsystem32TasksEPSON XP-452 455 Series Update {3C7931B3-55AA-47C8-9C24-22580E1E1F5D}
2021-11-01 17:29 – 2021-09-23 19:02 – 000002988 _____ C:WINDOWSsystem32TasksCCleaner Update
2021-11-01 17:29 – 2021-09-23 19:02 – 000002254 _____ C:WINDOWSsystem32TasksCCleanerSkipUAC – pauld
2021-11-01 17:29 – 2021-09-19 19:15 – 000002716 _____ C:WINDOWSsystem32TasksOneDrive Per-Machine Standalone Update Task
2021-11-01 17:29 – 2021-09-19 00:51 – 000003398 _____ C:WINDOWSsystem32TasksNvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-11-01 17:29 – 2021-09-19 00:51 – 000003196 _____ C:WINDOWSsystem32TasksNvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-11-01 17:29 – 2021-09-19 00:51 – 000003152 _____ C:WINDOWSsystem32TasksNVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-11-01 17:29 – 2021-09-19 00:51 – 000002984 _____ C:WINDOWSsystem32TasksNvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-11-01 17:29 – 2021-09-19 00:51 – 000002948 _____ C:WINDOWSsystem32TasksNvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-11-01 17:29 – 2021-09-19 00:51 – 000002948 _____ C:WINDOWSsystem32TasksNvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-11-01 17:29 – 2021-09-19 00:51 – 000002948 _____ C:WINDOWSsystem32TasksNvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-11-01 17:29 – 2021-09-19 00:51 – 000002948 _____ C:WINDOWSsystem32TasksNvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-11-01 17:29 – 2021-09-19 00:51 – 000002914 _____ C:WINDOWSsystem32TasksNvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-11-01 17:29 – 2021-09-19 00:51 – 000002744 _____ C:WINDOWSsystem32TasksNvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-11-01 17:29 – 2021-09-14 09:00 – 000002602 _____ C:WINDOWSsystem32TasksSmartSurvey
2021-11-01 17:29 – 2021-09-14 08:57 – 000002502 _____ C:WINDOWSsystem32TasksSIV-VGA
2021-11-01 17:29 – 2021-09-14 08:57 – 000002496 _____ C:WINDOWSsystem32TasksSIV
2021-11-01 17:29 – 2021-09-14 08:55 – 000002612 _____ C:WINDOWSsystem32TasksEasyTune 1
2021-11-01 17:29 – 2021-09-14 08:55 – 000002512 _____ C:WINDOWSsystem32TasksEasyTune
2021-11-01 17:29 – 2021-09-12 09:21 – 000003024 _____ C:WINDOWSsystem32Tasksklcp_update
2021-11-01 17:29 – 2021-09-10 08:18 – 000003174 _____ C:WINDOWSsystem32TasksIntel PTT EK Recertification
2021-11-01 17:29 – 2021-09-10 08:12 – 000003408 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskMachineUA
2021-11-01 17:29 – 2021-09-10 08:12 – 000003184 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskMachineCore
2021-11-01 17:28 – 2021-09-19 18:57 – 000000000 ____D C:Program FilesMicrosoft Office
2021-11-01 17:25 – 2021-09-14 17:44 – 000003428 _____ C:WINDOWSsystem32TasksDriver Booster Scheduler
2021-11-01 17:24 – 2021-09-19 01:00 – 000000000 ____D C:UserspauldAppDataLocalNVIDIA
2021-11-01 17:20 – 2021-04-22 17:12 – 000002438 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Edge.lnk
2021-11-01 17:20 – 2021-04-22 17:12 – 000002276 _____ C:UsersPublicDesktopMicrosoft Edge.lnk
2021-10-30 03:30 – 2021-09-10 09:04 – 000000000 ___HD C:Program FilesWindowsApps
2021-10-29 17:47 – 2021-09-10 09:10 – 000000000 ____D C:WINDOWSPanther
2021-10-29 02:37 – 2021-09-10 08:44 – 000000000 ____D C:Program Files (x86)Microsoft Intune Management Extension
2021-10-29 02:37 – 2021-09-02 18:12 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Intune Management Extension
2021-10-29 01:09 – 2021-09-12 10:02 – 000000000 ____D C:UserspauldAppDataRoamingWhatsApp
2021-10-29 00:08 – 2021-09-12 10:02 – 000000000 ____D C:UserspauldAppDataLocalWhatsApp
2021-10-28 01:07 – 2021-09-19 01:28 – 000000000 ____D C:UserspauldAppDataLocalUnrealEngine
2021-10-23 11:25 – 2021-09-19 01:05 – 000000000 ____D C:Program FilesRockstar Games
2021-10-23 11:25 – 2021-09-19 01:05 – 000000000 ____D C:Program Files (x86)Rockstar Games
2021-10-21 17:39 – 2020-12-13 03:56 – 007578560 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvapi64.dll
2021-10-21 11:06 – 2020-10-09 11:30 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsRazer Cortex
2021-10-21 11:05 – 2021-09-12 10:06 – 000000000 ____D C:UserspauldAppDataLocalNordVPN
2021-10-20 12:23 – 2021-09-22 20:53 – 000000000 ____D C:Program FilesMicrosoft OneDrive
2021-10-20 12:22 – 2021-09-10 09:04 – 000000000 ___SD C:WINDOWSsystem32UNP
2021-10-20 12:22 – 2021-09-10 09:04 – 000000000 ____D C:WINDOWSSysWOW64oobe
2021-10-20 12:22 – 2021-09-10 09:04 – 000000000 ____D C:WINDOWSsystem32WinBioPlugIns
2021-10-20 12:22 – 2021-09-10 09:04 – 000000000 ____D C:WINDOWSDiagTrack
2021-10-19 10:40 – 2021-09-11 08:35 – 000000000 ____D C:WINDOWSsystem32MRT
2021-10-19 10:37 – 2021-09-12 09:01 – 139806512 ____C (Microsoft Corporation) C:WINDOWSsystem32MRT.exe
2021-10-18 17:01 – 2021-09-19 19:15 – 000002132 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsOneDrive.lnk
2021-10-18 00:34 – 2021-09-14 06:22 – 000000000 ____D C:ProgramDataIntel
2021-10-18 00:32 – 2021-09-14 08:54 – 000000000 ____D C:Program Files (x86)GIGABYTE
2021-10-18 00:32 – 2020-10-09 13:19 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsGIGABYTE
2021-10-17 11:32 – 2021-09-09 04:40 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuCorsair
2021-10-16 16:59 – 2021-09-12 11:37 – 000000214 _____ C:WINDOWSTasksCreateExplorerShellUnelevatedTask.job
2021-10-16 12:59 – 2021-09-10 09:04 – 000000000 ___HD C:WINDOWSsystem32GroupPolicy
2021-10-15 23:43 – 2021-09-12 10:06 – 000000000 ____D C:ProgramDataPackage Cache
2021-10-15 23:07 – 2020-10-20 15:22 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsFile Shredder
2021-10-15 21:55 – 2021-09-14 06:25 – 000000000 ___RD C:ProgramDataMicrosoftWindowsStart MenuProgramsIntel
2021-10-15 21:55 – 2021-09-14 06:22 – 000000000 ____D C:Program FilesIntel
2021-10-15 21:50 – 2021-09-19 00:16 – 000000000 ____D C:Program FilesENE
2021-10-15 21:49 – 2021-09-14 08:54 – 000000000 ____D C:UserspauldAppDataLocalDownloaded Installations
2021-10-15 21:49 – 2021-09-09 04:14 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuAORUS
2021-10-15 17:19 – 2021-09-10 09:04 – 000000000 __SHD C:UsersPublicLibraries
2021-10-15 17:13 – 2021-09-19 00:59 – 000000000 ____D C:UserspauldAppDataLocalNVIDIA Corporation
2021-10-14 12:46 – 2021-09-12 09:21 – 000000000 ____D C:UserspauldAppDataRoamingZoom
2021-10-13 15:15 – 2021-09-10 08:13 – 000000000 ____D C:ProgramDataNVIDIA Corporation
2021-10-10 17:43 – 2021-09-10 08:14 – 000000000 ____D C:Usersseanp_fkdmxs1
2021-10-10 17:42 – 2021-09-12 09:13 – 000000000 ____D C:Program Files (x86)Mozilla Maintenance Service
2021-10-08 11:13 – 2021-09-10 08:35 – 000000000 ____D C:Program FilesMicrosoft Update Health Tools
2021-10-07 00:58 – 2021-07-02 07:32 – 000125568 _____ (NVIDIA Corporation) C:WINDOWSsystem32Driversnvhda64v.sys
2021-10-06 23:22 – 2021-09-12 09:13 – 000001005 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsFirefox.lnk
2021-10-06 23:22 – 2021-09-12 09:13 – 000000000 ____D C:WINDOWSsystem32TasksMozilla
2021-10-05 20:29 – 2021-09-12 10:06 – 000000000 ____D C:ProgramDataNordVPN
2021-10-05 20:29 – 2021-09-12 10:06 – 000000000 ____D C:Program FilesNordVPN
2021-10-05 20:29 – 2020-10-16 14:14 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsNordSec
2021-10-05 19:44 – 2021-09-10 08:38 – 000002368 _____ C:UserspauldAppDataRoamingMicrosoftWindowsStart MenuProgramsMicrosoft Teams.lnk
2021-10-04 18:49 – 2021-09-10 08:14 – 000000000 ____D C:Userspauld
==================== Files in the root of some directories ========
2021-10-15 22:53 – 2021-10-15 22:54 – 000012288 _____ () C:UserspauldAppDataRoamingemp.bin
2021-10-29 17:15 – 2021-10-29 17:15 – 000549126 _____ () C:UserspauldAppDataLocalars.cache
2021-10-29 17:15 – 2021-10-29 17:15 – 001106404 _____ () C:UserspauldAppDataLocalcensus.cache
2021-10-29 17:05 – 2021-10-29 17:05 – 000000036 _____ () C:UserspauldAppDataLocalhousecall.guid.cache
2021-10-04 18:50 – 2021-10-04 18:50 – 000002783 _____ () C:UserspauldAppDataLocalrecently-used.xbel
2021-10-29 17:12 – 2021-10-29 17:12 – 000000010 _____ () C:UserspauldAppDataLocalsponge.last.runtime.cache
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2021
Ran by pauld (01-11-2021 23:04:59)
Running from C:UserspauldDropboxMy PC (DESKTOP-U3693P7)Downloads
Microsoft Windows 10 Pro Version 21H1 19043.1320 (X64) (2021-09-10 08:24:42)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3950220853-2468967144-3708230602-500 – Administrator – Disabled)
DefaultAccount (S-1-5-21-3950220853-2468967144-3708230602-503 – Limited – Disabled)
Guest (S-1-5-21-3950220853-2468967144-3708230602-501 – Limited – Disabled)
pauld (S-1-5-21-3950220853-2468967144-3708230602-1001 – Administrator – Enabled) => C:Userspauld
seanp_fkdmxs1 (S-1-5-21-3950220853-2468967144-3708230602-1005 – Limited – Enabled) => C:Usersseanp_fkdmxs1
WDAGUtilityAccount (S-1-5-21-3950220853-2468967144-3708230602-504 – Limited – Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Bitdefender Antivirus (Enabled – Up to date) {BAD274F4-FA00-8560-1CDE-6C830442BEFA}
AV: Windows Defender (Disabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {82E9F5D1-B06F-8438-3781-C5B6FA91F981}
==================== Installed Programs ======================
(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
@BIOS (HKLM-x32…{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 4.20.0709.1 – GIGABYTE) Hidden
@BIOS (HKLM-x32…InstallShield_{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 4.20.0709.1 – GIGABYTE)
3DOSD (HKLM-x32…{F0D1FAA5-F9F8-4524-9B65-A5BFDDD5A29B}) (Version: 1.00.0051 – GIGABYTE) Hidden
3DOSD (HKLM-x32…InstallShield_{F0D1FAA5-F9F8-4524-9B65-A5BFDDD5A29B}) (Version: 1.00.0051 – GIGABYTE)
7-Zip 19.00 (x64) (HKLM…7-Zip) (Version: 19.00 – Igor Pavlov)
APP Center (HKLM-x32…{D50BEE9A-0EC6-4A58-BF90-35BDC6D6495D}) (Version: 3.19.0227.1 – GIGABYTE) Hidden
APP Center (HKLM-x32…InstallShield_{D50BEE9A-0EC6-4A58-BF90-35BDC6D6495D}) (Version: 3.19.0227.1 – GIGABYTE)
AutoGreen (HKLM-x32…{CFB76B97-0C1C-4E1A-999A-DE62FA5FEB9A}) (Version: 1.18.0911.1 – GIGABYTE) Hidden
AutoGreen (HKLM-x32…InstallShield_{CFB76B97-0C1C-4E1A-999A-DE62FA5FEB9A}) (Version: 1.18.0911.1 – GIGABYTE)
Bitdefender Agent (HKLM…Bitdefender Agent) (Version: 26.0.1.198 – Bitdefender)
Bitdefender Total Security (HKLM…Bitdefender) (Version: 26.0.1.21 – Bitdefender)
Bitdefender VPN (HKLM…Bitdefender VPN) (Version: 25.4.4.44 – Bitdefender)
BUSB (HKLM-x32…{0AADC50C-C4F8-49A7-8699-AFE46875CA67}) (Version: 2.18.0918.1 – GIGABYTE)
CCleaner (HKLM…CCleaner) (Version: 5.86 – Piriform)
CCleaner Update Helper (HKLM-x32…{E4EAC0E2-A80B-479F-BA45-DCDA595C9A93}) (Version: 1.8.1187.1 – Piriform Software) Hidden
Cloud Station (Server) (HKLM-x32…{5D132D9D-2A99-48CF-9DCC-775DF6F31384}) (Version: 3.19.0529.1 – GIGABYTE) Hidden
Cloud Station (Server) (HKLM-x32…InstallShield_{5D132D9D-2A99-48CF-9DCC-775DF6F31384}) (Version: 3.19.0529.1 – GIGABYTE)
CloudStation (HKLM-x32…{6D8DA122-A40A-421B-9D95-FE4C806BCDBE}) (Version: 1.00.0028 – GIGABYTE) Hidden
CloudStation (HKLM-x32…InstallShield_{6D8DA122-A40A-421B-9D95-FE4C806BCDBE}) (Version: 1.00.0028 – GIGABYTE)
Core Temp 1.17.1 (HKLM…{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.17.1 – ALCPU)
CORSAIR iCUE Software (HKLM-x32…{3D350B22-542B-4FB4-B3AC-EA760941C319}) (Version: 3.38.61 – Corsair)
CPUID CPU-Z Aorus 1.87 (HKLM…CPUID CPU-Z Aorus_is1) (Version: 1.87 – CPUID, Inc.)
Cyberpunk 2077 (HKLM-x32…Cyberpunk 2077_is1) (Version: – )
Discord (HKUS-1-5-21-3950220853-2468967144-3708230602-1001…Discord) (Version: 1.0.9002 – Discord Inc.)
EasyTune (HKLM-x32…{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}) (Version: 1.19.0226.1 – GIGABYTE) Hidden
EasyTune (HKLM-x32…InstallShield_{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}) (Version: 1.19.0226.1 – GIGABYTE)
EasyTuneEngineService (HKLM-x32…{964575C3-5820-4642-A89A-754255B5EFE1}) (Version: 1.21.0823 – Your Company Name) Hidden
EasyTuneEngineService (HKLM-x32…InstallShield_{964575C3-5820-4642-A89A-754255B5EFE1}) (Version: 1.21.0823 – Your Company Name)
ENE_X_AIC_HAL (HKLM…{CF703694-01C6-4062-B797-84DB215662BC}) (Version: 1.0.4.0 – ENE TECHNOLOGY INC.) Hidden
ENE_X_AIC_HAL (HKLM-x32…{ec10ac91-2e61-460a-b493-33f794a07682}) (Version: 1.0.4.0 – ENE TECHNOLOGY INC.) Hidden
Epic Games Launcher (HKLM-x32…{7733DDD0-3513-4A99-BFFE-A6D73BE49B50}) (Version: 1.2.35.0 – Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM…{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 – Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32…{32C68D93-D32F-4B01-8250-61642BFC22F8}) (Version: 2.0.28.0 – Epic Games, Inc.)
EPSON XP-452 455 Series Printer Uninstall (HKLM…EPSON XP-452 455 Series) (Version: – Seiko Epson Corporation)
EZRAID (HKLM-x32…{8F307CB5-FE1C-4BF3-8747-305D14161916}) (Version: 1.19.0401.1 – GIGABYTE) Hidden
EZRAID (HKLM-x32…InstallShield_{8F307CB5-FE1C-4BF3-8747-305D14161916}) (Version: 1.19.0401.1 – GIGABYTE)
Fast Boot (HKLM-x32…{FA8FB4F2-F524-48E1-A06C-45602FBF26CD}) (Version: 1.20.0420.1 – GIGABYTE) Hidden
Fast Boot (HKLM-x32…InstallShield_{FA8FB4F2-F524-48E1-A06C-45602FBF26CD}) (Version: 1.20.0420.1 – GIGABYTE)
File Shredder 2.5 (HKLM…File Shredder_is1) (Version: – Pow Tools)
Forza Horizon 4 Ultimate Edition (HKLM-x32…Forza Horizon 4 Ultimate Edition_is1) (Version: 0.0.0 – DODI-Repacks)
Game Boost (HKLM-x32…{644B5310-D2AA-42A8-9F3B-7B92C856C8D7}) (Version: 1.00.0007 – Gigabyte) Hidden
Game Boost (HKLM-x32…InstallShield_{644B5310-D2AA-42A8-9F3B-7B92C856C8D7}) (Version: 1.00.0007 – Gigabyte)
GigabyteFirmwareUpdateUtility (HKLM-x32…{1CBA99CE-1AB3-4366-AFB4-7F7B75EBBE35}) (Version: 1.20.0720.1 – GIGABYTE) Hidden
GigabyteFirmwareUpdateUtility (HKLM-x32…InstallShield_{1CBA99CE-1AB3-4366-AFB4-7F7B75EBBE35}) (Version: 1.20.0720.1 – GIGABYTE)
GIMP 2.10.24 (HKLM…GIMP-2_is1) (Version: 2.10.24 – The GIMP Team)
Google Chrome (HKLM-x32…Google Chrome) (Version: 95.0.4638.69 – Google LLC)
GService (HKLM-x32…{D9CB4282-7B2A-4840-AD1D-9DA72B973DD9}) (Version: 1.16.1202.1 – GIGABYTE)
ImgBurn (HKLM-x32…ImgBurn) (Version: 2.5.8.0 – LIGHTNING UK!)
Intel® Chipset Device Software (HKLM-x32…{ffddf9dd-c47f-453a-92f5-ac6c98af8b5b}) (Version: 10.1.17968.8131 – Intel® Corporation)
Intel® Extreme Tuning Utility (HKLM-x32…{ae566212-7df9-4cf4-b9d0-1ea7c91f6d90}) (Version: 7.5.3.3 – Intel Corporation)
Intel® Management Engine Components (HKLM…{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1846.12.0.1177 – Intel Corporation)
Intel® Network Connections 23.5.0.0 (HKLM…PROSetDX) (Version: 23.5.0.0 – Intel)
Intel® Rapid Storage Technology (HKLM…{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 17.2.6.1027 – Intel Corporation)
Intel® Serial IO (HKLM…{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1902.3 – Intel Corporation)
Intel® Trusted Connect Service Client x86 (HKLM-x32…{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.50.638.1 – Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32…{99ee3c29-c7cd-450f-8db9-d43cc49de1c7}) (Version: 1.50.638.1 – Intel Corporation) Hidden
Intel® PROSet/Wireless Software (HKLM-x32…{6aa2484c-1a35-428e-a857-8ee0a874d2d1}) (Version: 20.110.0 – Intel Corporation)
IObit Driver Booster 5.0.3.360 (HKLM-x32…IObit Driver Booster_is1) (Version: 5.0.3.360 – lrepacks.ru)
IrfanView 4.58 (32-bit) (HKLM-x32…IrfanView) (Version: 4.58 – Irfan Skiljan)
K-Lite Codec Pack 16.4.0 Full (HKLM-x32…KLiteCodecPack_is1) (Version: 16.4.0 – KLCP)
Kodi (HKUS-1-5-21-3950220853-2468967144-3708230602-1001…Kodi) (Version: 19.1.0.0 – XBMC Foundation)
Launcher Prerequisites (x64) (HKLM-x32…{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 – Epic Games, Inc.) Hidden
Microsoft 365 Apps for enterprise – en-us (HKLM…O365ProPlusRetail – en-us) (Version: 16.0.14527.20234 – Microsoft Corporation)
Microsoft Edge (HKLM-x32…Microsoft Edge) (Version: 95.0.1020.40 – Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32…Microsoft EdgeWebView) (Version: 95.0.1020.40 – Microsoft Corporation)
Microsoft Intune Management Extension (HKLM-x32…{D36DA7EC-CEB0-4074-AC9E-58D469FD4C1D}) (Version: 1.48.210.0 – Microsoft Corporation)
Microsoft OneDrive (HKLM…OneDriveSetup.exe) (Version: 21.196.0921.0007 – Microsoft Corporation)
Microsoft Silverlight (HKLM…{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 – Microsoft Corporation)
Microsoft Teams (HKUS-1-5-21-3950220853-2468967144-3708230602-1001…Teams) (Version: 1.4.00.26376 – Microsoft Corporation)
Microsoft Update Health Tools (HKLM…{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 – Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable – x64 9.0.30729.4148 (HKLM…{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 – Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable – x64 9.0.30729.6161 (HKLM…{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 – Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.17 (HKLM-x32…{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 – Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.4148 (HKLM-x32…{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 – Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.6161 (HKLM-x32…{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 – Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable – 10.0.40219 (HKLM…{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 – Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable – 10.0.40219 (HKLM-x32…{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 – Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) – 11.0.61030 (HKLM-x32…{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 – Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) – 11.0.61030 (HKLM-x32…{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 – Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) – 11.0.61030 (HKLM-x32…{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 – Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) – 11.0.61030 (HKLM-x32…{3994d355-238a-4612-af93-26d13deddef1}) (Version: 11.0.61030.0 – Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.30501 (HKLM-x32…{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 – Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.30501 (HKLM-x32…{f407f141-a702-406f-beab-318b6291e9bd}) (Version: 12.0.30501.0 – Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.40660 (HKLM-x32…{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 – Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) – 12.0.30501 (HKLM-x32…{8e24fb65-31aa-446d-9c3e-35c5e11cb367}) (Version: 12.0.30501.0 – Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) – 12.0.30501 (HKLM-x32…{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 – Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) – 12.0.40660 (HKLM-x32…{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 – Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) – 14.29.30133 (HKLM-x32…{295d1583-fdb9-414b-a4c8-da539362a26b}) (Version: 14.29.30133.0 – Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) – 14.22.27821 (HKLM-x32…{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 – Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32…{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 – Microsoft Corporation)
Mozilla Firefox (x64 en-GB) (HKLM…Mozilla Firefox 93.0 (x64 en-GB)) (Version: 93.0 – Mozilla)
Mozilla Maintenance Service (HKLM…MozillaMaintenanceService) (Version: 92.0 – Mozilla)
NordPass (HKUS-1-5-21-3950220853-2468967144-3708230602-1001…f7c32559-6c31-590a-9972-0bea54b04213) (Version: 4.12.23 – NordPass Team)
NordVPN (HKLM…{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 6.40.5.0 – TEFINCOM S.A.)
NordVPN network TAP (HKLM-x32…{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 – NordVPN)
NordVPN network TUN (HKLM…{BD0E4F38-D3F6-452D-A32E-B14D721839AC}) (Version: 1.0.1 – NordVPN)
NVIDIA FrameView SDK 1.1.4923.29968894 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29968894 – NVIDIA Corporation)
NVIDIA GeForce Experience 3.23.0.74 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.23.0.74 – NVIDIA Corporation)
NVIDIA Graphics Driver 496.49 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 496.49 – NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.92 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.92 – NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 – NVIDIA Corporation)
NVIDIA USBC Driver 1.46.831.832 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.46.831.832 – NVIDIA Corporation)
Oculus (HKLM…Oculus) (Version: <3 – Facebook Technologies, LLC)
Office 16 Click-to-Run Extensibility Component (HKLM…{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20234 – Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM…{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20234 – Microsoft Corporation) Hidden
ON_OFF Charge 2 B18.1203.1 (HKLM-x32…{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.18.1203.1 – GIGABYTE) Hidden
ON_OFF Charge 2 B18.1203.1 (HKLM-x32…InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.18.1203.1 – GIGABYTE)
OpenAL (HKLM-x32…OpenAL) (Version: – )
PlatformPowerManagement (HKLM-x32…{7A6EB543-522C-4784-9DB5-4FC87522EBDF}) (Version: 1.19.0226.1 – GIGABYTE) Hidden
PlatformPowerManagement (HKLM-x32…InstallShield_{7A6EB543-522C-4784-9DB5-4FC87522EBDF}) (Version: 1.19.0226.1 – GIGABYTE)
PowerISO (HKLM-x32…PowerISO) (Version: 8.0 – Power Software Ltd)
qBittorrent 4.3.8 (HKLM-x32…qBittorrent) (Version: 4.3.8 – The qBittorrent project)
Razer Cortex (HKLM-x32…Razer Cortex_is1) (Version: 9.17.6.1483 – Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32…{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8899.1 – Realtek Semiconductor Corp.)
Revo Uninstaller 2.3.0 (HKLM…{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.3.0 – VS Revo Group, Ltd.)
RGB Fusion (HKLM-x32…{FFA8F1FA-3C2C-4A94-AC0B-0DF47272C25F}) (Version: 3.21.1001.1 – Gigabyte)
Rockstar Games Launcher (HKLM-x32…Rockstar Games Launcher) (Version: 1.0.49.529 – Rockstar Games)
Rockstar Games Social Club (HKLM-x32…Rockstar Games Social Club) (Version: 2.0.9.3 – Rockstar Games)
SGX Install (HKLM-x32…{3EC52501-2CDF-46D9-AA54-9205C96A5EFE}) (Version: 2.2.104.49337 – GIGABYTE)
SideQuest 0.10.24 (HKUS-1-5-21-3950220853-2468967144-3708230602-1001…4924ec51-3e48-5cb7-b145-2119467094c7) (Version: 0.10.24 – Shane Harris)
SIV (HKLM-x32…{AAA057C3-10DC-4EB9-A3D6-8208C1BB7411}) (Version: 1.21.0824 – GIGABYTE) Hidden
SIV (HKLM-x32…InstallShield_{AAA057C3-10DC-4EB9-A3D6-8208C1BB7411}) (Version: 1.21.0824 – GIGABYTE)
Skype version 8.75 (HKLM-x32…Skype_is1) (Version: 8.75 – Skype Technologies S.A.)
Smart Backup (x64) (HKLM-x32…{BC1FA5CF-A36F-4C61-9638-09D0B431B006}) (Version: 3.18.0911.1 – GIGABYTE)
Smart Survey (HKLM-x32…{EF7FC172-E7C8-447F-B9A7-0FFF20F2DC36}) (Version: 1.18.0906.1 – GIGABYTE) Hidden
Smart Survey (HKLM-x32…InstallShield_{EF7FC172-E7C8-447F-B9A7-0FFF20F2DC36}) (Version: 1.18.0906.1 – GIGABYTE)
Smart TimeLock (HKLM-x32…{5D93E30A-78A3-4890-962F-56B61A5873DD}) (Version: 2.18.0731.1 – GIGABYTE) Hidden
Smart TimeLock (HKLM-x32…InstallShield_{5D93E30A-78A3-4890-962F-56B61A5873DD}) (Version: 2.18.0731.1 – GIGABYTE)
SmartHUD (HKLM-x32…{9809628D-07F9-4D28-A3E8-CCCB8250430A}) (Version: 1.18.0731.1 – GIGABYTE) Hidden
SmartHUD (HKLM-x32…InstallShield_{9809628D-07F9-4D28-A3E8-CCCB8250430A}) (Version: 1.18.0731.1 – GIGABYTE)
SmartKeyboard (HKLM-x32…{75B74C36-A9C6-4912-B4BB-C461AA36D01E}) (Version: 1.18.0730.1 – GIGABYTE) Hidden
SmartKeyboard (HKLM-x32…InstallShield_{75B74C36-A9C6-4912-B4BB-C461AA36D01E}) (Version: 1.18.0730.1 – GIGABYTE)
Spotify (HKUS-1-5-21-3950220853-2468967144-3708230602-1001…Spotify) (Version: 1.1.70.610.g4585142b – Spotify AB)
Steam (HKLM-x32…Steam) (Version: 2.10.91.91 – Valve Corporation)
SUPERAntiSpyware (HKLM…{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 10.0.1238 – SUPERAntiSpyware.com)
Teams Machine-Wide Installer (HKLM-x32…{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.4.0.19572 – Microsoft Corporation)
VLC media player (HKLM…VLC media player) (Version: 3.0.16 – VideoLAN)
Vulkan Run Time Libraries 1.0.65.1 (HKLM…VulkanRT1.0.65.1) (Version: 1.0.65.1 – LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM…VulkanRT1.0.65.1-2) (Version: 1.0.65.1 – LunarG, Inc.) Hidden
WhatsApp (HKUS-1-5-21-3950220853-2468967144-3708230602-1001…WhatsApp) (Version: 2.2140.12 – WhatsApp)
Winamp (HKLM-x32…Winamp) (Version: 5.8 – Winamp SA)
Windows PC Health Check (HKLM…{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 – Microsoft Corporation)
XSplit Broadcaster (HKLM-x32…{B33AA6A7-38DD-4EE2-80AC-EEE987FCAB37}) (Version: 3.5.1808.2937 – SplitmediaLabs)
Zoom (HKLM-x32…{D09F301C-F776-49CE-B0F7-47858384E0B8}) (Version: 5.7.1247 – Zoom)
Packages:
=========
Microsoft Solitaire Collection -> C:Program FilesWindowsAppsMicrosoft.MicrosoftSolitaireCollection_4.10.10270.0_x64__8wekyb3d8bbwe [2021-10-30] (Microsoft Studios) [MS Ad]
NVIDIA Control Panel -> C:Program FilesWindowsAppsNVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-11-01] (NVIDIA Corp.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKUS-1-5-21-3950220853-2468967144-3708230602-1001_ClassesCLSID{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive – Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKUS-1-5-21-3950220853-2468967144-3708230602-1001_ClassesCLSID{19A6E644-14E6-4A60-B8D7-DD20610A871D}InprocServer32 -> C:UserspauldAppDataLocalMicrosoftTeamsMeetingAddin1.0.21161.4x64Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:Program FilesMicrosoft OneDrive21.196.0921.0007FileSyncShell64.dll [2021-10-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:Program FilesMicrosoft OneDrive21.196.0921.0007FileSyncShell64.dll [2021-10-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:Program FilesMicrosoft OneDrive21.196.0921.0007FileSyncShell64.dll [2021-10-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:Program FilesMicrosoft OneDrive21.196.0921.0007FileSyncShell64.dll [2021-10-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:Program FilesMicrosoft OneDrive21.196.0921.0007FileSyncShell64.dll [2021-10-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:Program FilesMicrosoft OneDrive21.196.0921.0007FileSyncShell64.dll [2021-10-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:Program FilesMicrosoft OneDrive21.196.0921.0007FileSyncShell64.dll [2021-10-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:Program FilesMicrosoft OneDrive21.196.0921.0007FileSyncShell64.dll [2021-10-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:Program FilesMicrosoft OneDrive21.196.0921.0007FileSyncShell64.dll [2021-10-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:Program FilesMicrosoft OneDrive21.196.0921.0007FileSyncShell64.dll [2021-10-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:Program FilesMicrosoft OneDrive21.196.0921.0007FileSyncShell64.dll [2021-10-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:Program FilesMicrosoft OneDrive21.196.0921.0007FileSyncShell64.dll [2021-10-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:Program FilesMicrosoft OneDrive21.196.0921.0007FileSyncShell64.dll [2021-10-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:Program FilesMicrosoft OneDrive21.196.0921.0007FileSyncShell64.dll [2021-10-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:Program FilesMicrosoft OneDrive21.196.0921.0007FileSyncShell64.dll [2021-10-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:Program Files7-Zip7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:Program FilesPowerISOPWRISOSH.DLL [2021-07-16] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers3: [DeleteFiles] -> {736AF091-C361-49B4-A928-87C586130D33} => C:Program FilesFile Shredderfsshell.dll [2012-03-31] () [File not signed]
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:Program FilesMicrosoft OneDrive21.196.0921.0007FileSyncShell64.dll [2021-10-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:Program Files7-Zip7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:Program FilesPowerISOPWRISOSH.DLL [2021-07-16] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:Program FilesMicrosoft OneDrive21.196.0921.0007FileSyncShell64.dll [2021-10-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:WINDOWSSystem32DriverStoreFileRepositorynv_dispi.inf_amd64_44dc4eefedc0d082nvshext.dll [2021-10-21] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:Program Files7-Zip7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:Program FilesPowerISOPWRISOSH.DLL [2021-07-16] (Power Software Limited -> Power Software Ltd)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2021-10-01 19:01 – 2021-10-01 19:01 – 000747008 _____ () [File not signed] \?C:Program Files (x86)Epic GamesEpic Online Servicesipc.node
2021-10-01 19:01 – 2021-10-01 19:01 – 001224704 _____ () [File not signed] \?C:Program Files (x86)Epic GamesEpic Online Servicesos_toolbox.node
2021-03-05 17:44 – 2021-03-05 17:44 – 000209408 _____ () [File not signed] C:Program Files (x86)CorsairCORSAIR iCUE Softwarequazip.dll
2021-03-05 17:44 – 2021-03-05 17:44 – 000101376 _____ () [File not signed] C:Program Files (x86)CorsairCORSAIR iCUE Softwarezlib.dll
2021-10-19 11:36 – 2021-10-19 08:40 – 000495104 _____ () [File not signed] C:UserspauldAppDataLocalProgramsnordpassresourcesapp.asar.unpackeddistdesktopmainkeytar.node
2021-10-05 19:15 – 2021-10-05 19:15 – 000098816 ____N (Epic Games, Inc.) [File not signed] [File is in use] C:WINDOWSTEMP.netEpicOnlineServicesHostlv22eoxc.sawWinSW.dll
2019-02-25 15:33 – 2019-02-25 15:33 – 000154624 _____ (GIGA-BYTE TECHNOLOGY CO., LTD.) [File not signed] C:Program Files (x86)GIGABYTEAppCenteryccV2.dll
2021-05-26 13:45 – 2021-05-26 13:45 – 000205824 _____ (GIGA-BYTE TECHNOLOGY CO., LTD.) [File not signed] C:Program Files (x86)GigabyteEasyTuneEngineServiceyccV3.dll
2021-05-26 13:45 – 2021-05-26 13:45 – 000205824 _____ (GIGA-BYTE TECHNOLOGY CO., LTD.) [File not signed] C:Program Files (x86)GIGABYTESIVyccV3.dll
2014-07-30 18:56 – 2014-07-30 18:56 – 000208896 _____ (Gigabyte Technology CO., LTD.) [File not signed] C:Program Files (x86)GIGABYTESmart TimeLockslmDB.dll
2013-02-22 13:36 – 2013-02-22 13:36 – 000087040 _____ (Gigabyte Technology CO., LTD.) [File not signed] C:Program Files (x86)GIGABYTESmart TimeLockslmWeekCtrlRule.dll
2015-03-19 13:54 – 2015-03-19 13:54 – 000172032 _____ (Gigabyte Technology CO., LTD.) [File not signed] C:Program Files (x86)GIGABYTESmart TimeLockSmartLock.dll
2021-09-14 09:01 – 2013-03-08 10:28 – 000187392 _____ (Gigabyte Technology CO., LTD.) [File not signed] C:Program FilesGigabyteSmart BackupRescuePlan.dll
2021-09-14 09:01 – 2014-09-15 15:52 – 000705536 _____ (Gigabyte Technology CO., LTD.) [File not signed] C:Program FilesGigabyteSmart BackupsrpCore.dll
2018-10-29 10:25 – 2018-10-29 10:25 – 000372736 _____ (Intel® Corporation) [File not signed] C:WINDOWSsystem32NCS2Setp.dll
2021-10-05 19:15 – 2021-10-05 19:15 – 000008704 ____N (Microsoft Corporation) [File not signed] [File is in use] C:WINDOWSTEMP.netEpicOnlineServicesHostlv22eoxc.sawMicrosoft.Win32.Primitives.dll
2021-10-05 19:15 – 2021-10-05 19:15 – 000027136 ____N (Microsoft Corporation) [File not signed] [File is in use] C:WINDOWSTEMP.netEpicOnlineServicesHostlv22eoxc.sawMicrosoft.Win32.Registry.dll
2021-10-05 19:15 – 2021-10-05 19:15 – 000032768 ____N (Microsoft Corporation) [File not signed] [File is in use] C:WINDOWSTEMP.netEpicOnlineServicesHostlv22eoxc.sawSystem.Collections.Concurrent.dll
2021-10-05 19:15 – 2021-10-05 19:15 – 000026624 ____N (Microsoft Corporation) [File not signed] [File is in use] C:WINDOWSTEMP.netEpicOnlineServicesHostlv22eoxc.sawSystem.Collections.NonGeneric.dll
2021-10-05 19:15 – 2021-10-05 19:15 – 000028672 ____N (Microsoft Corporation) [File not signed] [File is in use] C:WINDOWSTEMP.netEpicOnlineServicesHostlv22eoxc.sawSystem.Collections.Specialized.dll
2021-10-05 19:15 – 2021-10-05 19:15 – 000006144 ____N (Microsoft Corporation) [File not signed] [File is in use] C:WINDOWSTEMP.netEpicOnlineServicesHostlv22eoxc.sawSystem.ComponentModel.dll
2021-10-05 19:15 – 2021-10-05 19:15 – 000017408 ____N (Microsoft Corporation) [File not signed] [File is in use] C:WINDOWSTEMP.netEpicOnlineServicesHostlv22eoxc.sawSystem.ComponentModel.Primitives.dll
2021-10-05 19:15 – 2021-10-05 19:15 – 000101376 ____N (Microsoft Corporation) [File not signed] [File is in use] C:WINDOWSTEMP.netEpicOnlineServicesHostlv22eoxc.sawSystem.ComponentModel.TypeConverter.dll
2021-10-05 19:15 – 2021-10-05 19:15 – 000366592 ____N (Microsoft Corporation) [File not signed] [File is in use] C:WINDOWSTEMP.netEpicOnlineServicesHostlv22eoxc.sawSystem.Configuration.ConfigurationManager.dll
2021-10-05 19:15 – 2021-10-05 19:15 – 000040448 ____N (Microsoft Corporation) [File not signed] [File is in use] C:WINDOWSTEMP.netEpicOnlineServicesHostlv22eoxc.sawSystem.Console.dll
2021-10-05 19:15 – 2021-10-05 19:15 – 000120832 ____N (Microsoft Corporation) [File not signed] [File is in use] C:WINDOWSTEMP.netEpicOnlineServicesHostlv22eoxc.sawSystem.Diagnostics.EventLog.dll
2021-10-05 19:15 – 2021-10-05 19:15 – 000079360 ____N (Microsoft Corporation) [File not signed] [File is in use] C:WINDOWSTEMP.netEpicOnlineServicesHostlv22eoxc.sawSystem.Diagnostics.Process.dll
2021-10-05 19:15 – 2021-10-05 19:15 – 000057856 ____N (Microsoft Corporation) [File not signed] [File is in use] C:WINDOWSTEMP.netEpicOnlineServicesHostlv22eoxc.sawSystem.IO.FileSystem.dll
2021-10-05 19:15 – 2021-10-05 19:15 – 000043008 ____N (Microsoft Corporation) [File not signed] [File is in use] C:WINDOWSTEMP.netEpicOnlineServicesHostlv22eoxc.sawSystem.IO.Pipes.dll
2021-10-05 19:15 – 2021-10-05 19:15 – 000044544 ____N (Microsoft Corporation) [File not signed] [File is in use] C:WINDOWSTEMP.netEpicOnlineServicesHostlv22eoxc.sawSystem.Linq.dll
2021-10-05 19:15 – 2021-10-05 19:15 – 000071680 ____N (Microsoft Corporation) [File not signed] [File is in use] C:WINDOWSTEMP.netEpicOnlineServicesHostlv22eoxc.sawSystem.Net.Primitives.dll
2021-10-05 19:15 – 2021-10-05 19:15 – 000015360 ____N (Microsoft Corporation) [File not signed] [File is in use] C:WINDOWSTEMP.netEpicOnlineServicesHostlv22eoxc.sawSystem.Net.WebClient.dll
2021-10-05 19:15 – 2021-10-05 19:15 – 002242048 ____N (Microsoft Corporation) [File not signed] [File is in use] C:WINDOWSTEMP.netEpicOnlineServicesHostlv22eoxc.sawSystem.Private.CoreLib.dll
2021-10-05 19:15 – 2021-10-05 19:15 – 000080384 ____N (Microsoft Corporation) [File not signed] [File is in use] C:WINDOWSTEMP.netEpicOnlineServicesHostlv22eoxc.sawSystem.Private.Uri.dll
2021-10-05 19:15 – 2021-10-05 19:15 – 001532416 ____N (Microsoft Corporation) [File not signed] [File is in use] C:WINDOWSTEMP.netEpicOnlineServicesHostlv22eoxc.sawSystem.Private.Xml.dll
2021-10-05 19:15 – 2021-10-05 19:15 – 000036352 ____N (Microsoft Corporation) [File not signed] [File is in use] C:WINDOWSTEMP.netEpicOnlineServicesHostlv22eoxc.sawSystem.Security.Cryptography.Algorithms.dll
2021-10-05 19:15 – 2021-10-05 19:15 – 000052224 ____N (Microsoft Corporation) [File not signed] [File is in use] C:WINDOWSTEMP.netEpicOnlineServicesHostlv22eoxc.sawSystem.ServiceProcess.ServiceController.dll
2021-10-05 19:15 – 2021-10-05 19:15 – 000165888 ____N (Microsoft Corporation) [File not signed] [File is in use] C:WINDOWSTEMP.netEpicOnlineServicesHostlv22eoxc.sawSystem.Text.RegularExpressions.dll
2021-10-05 19:15 – 2021-10-05 19:15 – 000019456 ____N (Microsoft Corporation) [File not signed] [File is in use] C:WINDOWSTEMP.netEpicOnlineServicesHostlv22eoxc.sawSystem.Threading.dll
2020-12-16 08:26 – 2020-12-16 08:26 – 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:Program Files (x86)CorsairCORSAIR iCUE SoftwareSiUSBXp.dll
2021-10-05 19:15 – 2021-10-05 19:15 – 000246272 ____N (The Apache Software Foundation) [File not signed] [File is in use] C:WINDOWSTEMP.netEpicOnlineServicesHostlv22eoxc.sawlog4net.dll
2021-03-05 17:43 – 2021-03-05 17:43 – 002516992 _____ (The OpenSSL Project, hxxps//www.openssl.org/) [File not signed] C:Program Files (x86)CorsairCORSAIR iCUE Softwarelibcrypto-1_1.dll
2021-03-05 17:43 – 2021-03-05 17:43 – 000530944 _____ (The OpenSSL Project, hxxps//www.openssl.org/) [File not signed] C:Program Files (x86)CorsairCORSAIR iCUE Softwarelibssl-1_1.dll
2015-10-14 00:15 – 2015-10-14 00:15 – 002042368 _____ (TODO: <Company name>) [File not signed] C:Program Files (x86)GIGABYTEAppCenterosvi.dll
2021-06-22 14:45 – 2021-06-22 14:45 – 009127424 _____ (TODO: <Company name>) [File not signed] C:Program Files (x86)GIGABYTEEasyTuneEngineServiceGbtNvGpuLib.dll
2021-10-05 19:15 – 2021-10-05 19:15 – 000073728 ____N (WinSW.Core) [File not signed] [File is in use] C:WINDOWSTEMP.netEpicOnlineServicesHostlv22eoxc.sawWinSW.Core.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:UserspauldDownloadsMy files in Dropbox.lnk:com.dropbox.ignored [1]
AlternateDataStreams: C:UsersPublicShared Files:VersionCache [7672]
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerMain,Start Page = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerMain,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerMain,Default_Page_URL = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerMain,Default_Search_URL = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKUS-1-5-19SoftwareMicrosoftInternet ExplorerMain,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKUS-1-5-20SoftwareMicrosoftInternet ExplorerMain,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKUS-1-5-21-3950220853-2468967144-3708230602-1001SoftwareMicrosoftInternet ExplorerMain,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKUS-1-5-21-3950220853-2468967144-3708230602-1001SoftwareMicrosoftInternet ExplorerMain,Start Page = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKUS-1-5-21-3950220853-2468967144-3708230602-1005SoftwareMicrosoftInternet ExplorerMain,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKUS-1-5-80-3238277391-1891473654-1195688043-4149050645-2494734967SoftwareMicrosoftInternet ExplorerMain,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKUS-1-5-21-3950220853-2468967144-3708230602-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKUS-1-5-21-3950220853-2468967144-3708230602-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
BHO: Bitdefender Trackers Blocking -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:Program FilesBitdefenderBitdefender Securitybdtbie.dll [2021-08-27] (Bitdefender SRL -> Bitdefender)
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:Program FilesBitdefenderBitdefender Securitypmbxie.dll [2021-08-27] (Bitdefender SRL -> Bitdefender)
BHO: No Name -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> No File
BHO: No Name -> {45d30484-7ded-43d9-957a-d2fd1f046511} -> No File
BHO-x32: Bitdefender Trackers Blocking -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:Program FilesBitdefenderBitdefender Securityantispam32bdtbie.dll [2021-08-27] (Bitdefender SRL -> Bitdefender)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:Program FilesBitdefenderBitdefender SecurityAntispam32pmbxie.dll [2021-08-27] (Bitdefender SRL -> Bitdefender)
BHO-x32: No Name -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> No File
Toolbar: HKLM – Smart Backup – {1d09c093-f71e-43c3-b948-19316cbd695e} – C:WINDOWSsystem32mscoree.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Toolbar: HKLM – Bitdefender Wallet – {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} – C:Program FilesBitdefenderBitdefender Securitypmbxie.dll [2021-08-27] (Bitdefender SRL -> Bitdefender)
Toolbar: HKLM-x32 – Bitdefender Wallet – {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} – C:Program FilesBitdefenderBitdefender SecurityAntispam32pmbxie.dll [2021-08-27] (Bitdefender SRL -> Bitdefender)
Handler: mso-minsb-roaming.16 – {83C25742-A9F7-49FB-9138-434302C88D07} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 – {83C25742-A9F7-49FB-9138-434302C88D07} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 – {5504BE45-A83B-4808-900A-3A5C36E7F77A} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 – {5504BE45-A83B-4808-900A-3A5C36E7F77A} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU.DEFAULT…07guard.com -> install.007guard.com
IE restricted site: HKU.DEFAULT…08i.com -> 008i.com
IE restricted site: HKU.DEFAULT…08k.com -> www.008k.com
IE restricted site: HKU.DEFAULT…0hq.com -> www.00hq.com
IE restricted site: HKU.DEFAULT…10402.com -> 010402.com
IE restricted site: HKU.DEFAULT…32439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU.DEFAULT…scan.com -> www.0scan.com
IE restricted site: HKU.DEFAULT…1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU.DEFAULT…1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU.DEFAULT…1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU.DEFAULT…1001namen.com -> www.1001namen.com
IE restricted site: HKU.DEFAULT…100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU.DEFAULT…100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU.DEFAULT…10sek.com -> www.10sek.com
IE restricted site: HKU.DEFAULT…12-26.net -> user1.12-26.net
IE restricted site: HKU.DEFAULT…12-27.net -> user1.12-27.net
IE restricted site: HKU.DEFAULT…123fporn.info -> www.123fporn.info
IE restricted site: HKU.DEFAULT…123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU.DEFAULT…123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU.DEFAULT…123simsen.com -> www.123simsen.com
There are 7947 more sites.
IE trusted site: HKUS-1-5-21-3950220853-2468967144-3708230602-1001…sharepoint.com -> hxxps://weston-files.sharepoint.com
IE restricted site: HKUS-1-5-21-3950220853-2468967144-3708230602-1001…07guard.com -> install.007guard.com
IE restricted site: HKUS-1-5-21-3950220853-2468967144-3708230602-1001…08i.com -> 008i.com
IE restricted site: HKUS-1-5-21-3950220853-2468967144-3708230602-1001…08k.com -> www.008k.com
IE restricted site: HKUS-1-5-21-3950220853-2468967144-3708230602-1001…0hq.com -> www.00hq.com
IE restricted site: HKUS-1-5-21-3950220853-2468967144-3708230602-1001…10402.com -> 010402.com
IE restricted site: HKUS-1-5-21-3950220853-2468967144-3708230602-1001…32439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKUS-1-5-21-3950220853-2468967144-3708230602-1001…scan.com -> www.0scan.com
IE restricted site: HKUS-1-5-21-3950220853-2468967144-3708230602-1001…1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKUS-1-5-21-3950220853-2468967144-3708230602-1001…1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKUS-1-5-21-3950220853-2468967144-3708230602-1001…1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKUS-1-5-21-3950220853-2468967144-3708230602-1001…1001namen.com -> www.1001namen.com
IE restricted site: HKUS-1-5-21-3950220853-2468967144-3708230602-1001…100888290cs.com -> mir.100888290cs.com
IE restricted site: HKUS-1-5-21-3950220853-2468967144-3708230602-1001…100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKUS-1-5-21-3950220853-2468967144-3708230602-1001…10sek.com -> www.10sek.com
IE restricted site: HKUS-1-5-21-3950220853-2468967144-3708230602-1001…12-26.net -> user1.12-26.net
IE restricted site: HKUS-1-5-21-3950220853-2468967144-3708230602-1001…12-27.net -> user1.12-27.net
IE restricted site: HKUS-1-5-21-3950220853-2468967144-3708230602-1001…123fporn.info -> www.123fporn.info
IE restricted site: HKUS-1-5-21-3950220853-2468967144-3708230602-1001…123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKUS-1-5-21-3950220853-2468967144-3708230602-1001…123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKUS-1-5-21-3950220853-2468967144-3708230602-1001…123simsen.com -> www.123simsen.com
There are 7947 more sites.
IE restricted site: HKUS-1-5-21-3950220853-2468967144-3708230602-1005…07guard.com -> install.007guard.com
IE restricted site: HKUS-1-5-21-3950220853-2468967144-3708230602-1005…08i.com -> 008i.com
IE restricted site: HKUS-1-5-21-3950220853-2468967144-3708230602-1005…08k.com -> www.008k.com
IE restricted site: HKUS-1-5-21-3950220853-2468967144-3708230602-1005…0hq.com -> www.00hq.com
IE restricted site: HKUS-1-5-21-3950220853-2468967144-3708230602-1005…10402.com -> 010402.com
IE restricted site: HKUS-1-5-21-3950220853-2468967144-3708230602-1005…32439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKUS-1-5-21-3950220853-2468967144-3708230602-1005…scan.com -> www.0scan.com
IE restricted site: HKUS-1-5-21-3950220853-2468967144-3708230602-1005…1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKUS-1-5-21-3950220853-2468967144-3708230602-1005…1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKUS-1-5-21-3950220853-2468967144-3708230602-1005…1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKUS-1-5-21-3950220853-2468967144-3708230602-1005…1001namen.com -> www.1001namen.com
IE restricted site: HKUS-1-5-21-3950220853-2468967144-3708230602-1005…100888290cs.com -> mir.100888290cs.com
IE restricted site: HKUS-1-5-21-3950220853-2468967144-3708230602-1005…100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKUS-1-5-21-3950220853-2468967144-3708230602-1005…10sek.com -> www.10sek.com
IE restricted site: HKUS-1-5-21-3950220853-2468967144-3708230602-1005…12-26.net -> user1.12-26.net
IE restricted site: HKUS-1-5-21-3950220853-2468967144-3708230602-1005…12-27.net -> user1.12-27.net
IE restricted site: HKUS-1-5-21-3950220853-2468967144-3708230602-1005…123fporn.info -> www.123fporn.info
IE restricted site: HKUS-1-5-21-3950220853-2468967144-3708230602-1005…123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKUS-1-5-21-3950220853-2468967144-3708230602-1005…123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKUS-1-5-21-3950220853-2468967144-3708230602-1005…123simsen.com -> www.123simsen.com
There are 7947 more sites.
IE restricted site: HKUS-1-5-80-3238277391-1891473654-1195688043-4149050645-2494734967…07guard.com -> install.007guard.com
IE restricted site: HKUS-1-5-80-3238277391-1891473654-1195688043-4149050645-2494734967…08i.com -> 008i.com
IE restricted site: HKUS-1-5-80-3238277391-1891473654-1195688043-4149050645-2494734967…08k.com -> www.008k.com
IE restricted site: HKUS-1-5-80-3238277391-1891473654-1195688043-4149050645-2494734967…0hq.com -> www.00hq.com
IE restricted site: HKUS-1-5-80-3238277391-1891473654-1195688043-4149050645-2494734967…10402.com -> 010402.com
IE restricted site: HKUS-1-5-80-3238277391-1891473654-1195688043-4149050645-2494734967…32439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKUS-1-5-80-3238277391-1891473654-1195688043-4149050645-2494734967…scan.com -> www.0scan.com
IE restricted site: HKUS-1-5-80-3238277391-1891473654-1195688043-4149050645-2494734967…1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKUS-1-5-80-3238277391-1891473654-1195688043-4149050645-2494734967…1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKUS-1-5-80-3238277391-1891473654-1195688043-4149050645-2494734967…1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKUS-1-5-80-3238277391-1891473654-1195688043-4149050645-2494734967…1001namen.com -> www.1001namen.com
IE restricted site: HKUS-1-5-80-3238277391-1891473654-1195688043-4149050645-2494734967…100888290cs.com -> mir.100888290cs.com
IE restricted site: HKUS-1-5-80-3238277391-1891473654-1195688043-4149050645-2494734967…100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKUS-1-5-80-3238277391-1891473654-1195688043-4149050645-2494734967…10sek.com -> www.10sek.com
IE restricted site: HKUS-1-5-80-3238277391-1891473654-1195688043-4149050645-2494734967…12-26.net -> user1.12-26.net
IE restricted site: HKUS-1-5-80-3238277391-1891473654-1195688043-4149050645-2494734967…12-27.net -> user1.12-27.net
IE restricted site: HKUS-1-5-80-3238277391-1891473654-1195688043-4149050645-2494734967…123fporn.info -> www.123fporn.info
IE restricted site: HKUS-1-5-80-3238277391-1891473654-1195688043-4149050645-2494734967…123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKUS-1-5-80-3238277391-1891473654-1195688043-4149050645-2494734967…123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKUS-1-5-80-3238277391-1891473654-1195688043-4149050645-2494734967…123simsen.com -> www.123simsen.com
There are 7865 more sites.
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2021-09-10 09:04 – 2021-10-15 17:59 – 000454874 ____R C:WINDOWSsystem32driversetchosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
There are 15614 more lines.
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLMSystemCurrentControlSetControlSession ManagerEnvironment\Path -> C:Program FilesOculusSupportoculus-runtime;C:WINDOWSsystem32;C:WINDOWS;C:WINDOWSSystem32Wbem;C:WINDOWSSystem32WindowsPowerShellv1.0;C:WINDOWSSystem32OpenSSH;C:Program Files (x86)IntelIntel® Management Engine ComponentsDAL;C:Program FilesIntelIntel® Management Engine ComponentsDAL;C:Program FilesIntelWiFibin;C:Program FilesCommon FilesIntelWirelessCommon;C:Program Files (x86)NVIDIA CorporationPhysXCommon;C:Program FilesNVIDIA CorporationNVIDIA NvDLISR
HKUS-1-5-21-3950220853-2468967144-3708230602-1001Control PanelDesktop\Wallpaper -> C:UserspauldAppDataLocalPackagesMicrosoft.Windows.Photos_8wekyb3d8bbweLocalStatePhotosAppBackgroundWallpaperDog-10870615.jpg
HKUS-1-5-21-3950220853-2468967144-3708230602-1005Control PanelDesktop\Wallpaper -> C:Usersseanp_fkdmxs1Pictures2020-10IMG_5851.PNG
HKUS-1-5-80-3238277391-1891473654-1195688043-4149050645-2494734967Control PanelDesktop\Wallpaper -> C:WindowsWebWallpaperWindowsimg0.jpg
DNS Servers: 192.168.0.1
HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
Network Binding:
=============
Local Area Connection: NordVPN LightWeight Firewall -> NordLwf (enabled)
Ethernet 2: NordVPN LightWeight Firewall -> NordLwf (enabled)
Ethernet: NordVPN LightWeight Firewall -> NordLwf (enabled)
Local Area Connection 2: NordVPN LightWeight Firewall -> NordLwf (enabled)
WiFi: NordVPN LightWeight Firewall -> NordLwf (enabled)
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM…StartupApprovedRun32: => “Discord”
HKUS-1-5-21-3950220853-2468967144-3708230602-1001…StartupApprovedRun: => “com.squirrel.Teams.Teams”
HKUS-1-5-21-3950220853-2468967144-3708230602-1001…StartupApprovedRun: => “Cleaner One Pro”
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{60A6312F-C87E-4073-AE97-8F3DA1D94CD7}] => (Allow) C:Program FilesMozilla Firefoxfirefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{953351D7-C2B4-4B77-85BD-ADC0B2FF1BDE}] => (Allow) C:Program FilesMozilla Firefoxfirefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{69C68426-2EF7-4721-AC6F-D3F4BABCCE65}] => (Allow) C:Program Files (x86)SteamSteam.exe (Valve -> Valve Corporation)
FirewallRules: [{B9ECC435-1B03-48FE-A3A9-97730C29C36B}] => (Allow) C:Program Files (x86)SteamSteam.exe (Valve -> Valve Corporation)
FirewallRules: [{F4BF72C2-526B-42F1-9C1F-BEA8C99E9A24}] => (Allow) C:Program Files (x86)Winampwinamp.exe (Winamp SA -> Winamp SA)
FirewallRules: [{E671C9E1-7CCA-4BCC-A3E3-7EB818324AD9}] => (Allow) C:Program Files (x86)Winampwinamp.exe (Winamp SA -> Winamp SA)
FirewallRules: [{AC29EF6A-49CC-4700-B554-8C45512438AA}] => (Allow) C:Program Files (x86)ZoombinZoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{BB8CBC90-875B-4B34-91C6-58F6582B0C52}] => (Allow) C:Program Files (x86)Zoombinairhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{35B13EDD-9998-4ED2-A7B7-1B79328E3D3C}] => (Allow) C:Program Files (x86)Zoombinairhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{64FF06AC-B150-4C61-8AF4-2444700E9BAD}] => (Allow) C:Program Files (x86)MicrosoftSkype for DesktopSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9D205A2A-F115-4367-BC0D-7C486CA66A94}] => (Allow) C:Program Files (x86)MicrosoftSkype for DesktopSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{41851602-D06D-449A-A6F6-8426A3700D0E}] => (Allow) C:Program Files (x86)Steambincefcef.win7x64steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{06ED1D84-BDD6-403A-9D4E-54A77E4D9836}] => (Allow) C:Program Files (x86)Steambincefcef.win7x64steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{88ACB94A-27C2-4DD0-B344-D5FB7D676B8C}] => (Allow) C:Program FilesqBittorrentqbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{A2BB2F09-A63C-495A-B903-51E24CA38113}] => (Allow) C:Program FilesqBittorrentqbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [TCP Query User{C5E025DD-9451-48A3-B362-C6F4B8F50085}C:userspauldappdatalocalprogramsnordpassnordpass.exe] => (Allow) C:userspauldappdatalocalprogramsnordpassnordpass.exe (nordvpn s.a. -> NordPass Team)
FirewallRules: [UDP Query User{850F94B5-D0FE-4A6F-82A9-8DE399B06195}C:userspauldappdatalocalprogramsnordpassnordpass.exe] => (Allow) C:userspauldappdatalocalprogramsnordpassnordpass.exe (nordvpn s.a. -> NordPass Team)
FirewallRules: [TCP Query User{C4A6245D-998B-43F6-BD6B-E1DA4E9CAF1B}C:userspauldappdatalocalprogramsnordpassnordpass.exe] => (Allow) C:userspauldappdatalocalprogramsnordpassnordpass.exe (nordvpn s.a. -> NordPass Team)
FirewallRules: [UDP Query User{6E6241D0-5271-46F6-970E-AE0DA9D04CCC}C:userspauldappdatalocalprogramsnordpassnordpass.exe] => (Allow) C:userspauldappdatalocalprogramsnordpassnordpass.exe (nordvpn s.a. -> NordPass Team)
FirewallRules: [{CC4A9771-F5F9-4127-961A-417E58A385E7}] => (Allow) E:SteamLibrarysteamappscommonCounter-Strike Global Offensivecsgo.exe (Valve Corp. -> )
FirewallRules: [{2E10A0E6-35E1-4BD3-9BE6-A3D8249D65A1}] => (Allow) E:SteamLibrarysteamappscommonCounter-Strike Global Offensivecsgo.exe (Valve Corp. -> )
FirewallRules: [TCP Query User{0D5DAEF1-F907-40F0-9872-F8F42851F9FD}C:userspauldappdataroamingspotifyspotify.exe] => (Allow) C:userspauldappdataroamingspotifyspotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{534E48D6-6E85-4C8C-BD83-36529A3446C6}C:userspauldappdataroamingspotifyspotify.exe] => (Allow) C:userspauldappdataroamingspotifyspotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{CD999132-0448-4226-99C3-C2FAA69555FF}] => (Allow) E:SteamLibrarysteamappscommonGrand Theft Auto VPlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{22F28675-72E9-4D6A-B470-B4F711162690}] => (Allow) E:SteamLibrarysteamappscommonGrand Theft Auto VPlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{C472FF1E-FF66-40D2-9FB2-C41F414E0AFF}C:userspauldappdataroamingspotifyspotify.exe] => (Allow) C:userspauldappdataroamingspotifyspotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{E15527F1-7492-4A19-A2D2-9BC63D81ADEA}C:userspauldappdataroamingspotifyspotify.exe] => (Allow) C:userspauldappdataroamingspotifyspotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F58BA391-1195-4252-89C4-2F5D097EA333}] => (Allow) C:Program Files (x86)GIGABYTEAppCenterApCent.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{2471201F-A315-4243-ACC1-A6E8F6E4BFED}] => (Allow) C:Program Files (x86)GIGABYTEAppCentergcupd.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{2BF92F46-A9E4-4029-BD70-82EB83D4081F}] => (Allow) LPort=9009
FirewallRules: [TCP Query User{2CB75ABD-50CC-46BA-83FA-3F8B17A47699}C:userspauldappdatalocalmicrosoftteamscurrentteams.exe] => (Allow) C:userspauldappdatalocalmicrosoftteamscurrentteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{5F89322F-5FEB-446C-9C80-0C35D35B27F4}C:userspauldappdatalocalmicrosoftteamscurrentteams.exe] => (Allow) C:userspauldappdatalocalmicrosoftteamscurrentteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7C5D95EA-90B0-47BE-8FEC-4C1C18FD9B30}] => (Allow) LPort=9009
FirewallRules: [{9BB906EC-4CC3-4A8A-B424-5CFD96E76A13}] => (Allow) LPort=9009
FirewallRules: [{C8700AF2-C4AD-4965-8563-C2CA0CFBB2F0}] => (Allow) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5A5CA8DE-3CC5-4A6C-A25A-89820B850415}] => (Allow) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F54A6AF7-8C6C-4004-8B7E-B852D46AED26}] => (Allow) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{53F8045E-F06F-45C1-8386-F7D7FE10D2E5}] => (Allow) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A6AB70ED-37CB-470B-8A6E-2EAE9BEC5EAF}] => (Allow) C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{61CEE960-812E-4529-A39E-5D6E45A30A4F}] => (Allow) C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5063E4EB-1BA4-4484-B176-9272DCC30999}] => (Allow) LPort=9009
FirewallRules: [TCP Query User{318ACF80-1AF3-4C9E-824A-3802505367A6}E:steamlibrarysteamappscommongrand theft auto vgta5.exe] => (Allow) E:steamlibrarysteamappscommongrand theft auto vgta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [UDP Query User{7E1BFF2B-F3DC-4A9E-A730-24E08F0D40A7}E:steamlibrarysteamappscommongrand theft auto vgta5.exe] => (Allow) E:steamlibrarysteamappscommongrand theft auto vgta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{7C8BFAF6-D763-4016-B549-D8C70DFCE19C}] => (Allow) LPort=9009
FirewallRules: [{5884BB80-AA2A-4AA7-96DE-24FEA0C545B1}] => (Allow) LPort=9009
FirewallRules: [{8FB1D937-B882-45B8-A9CF-B3BD2745A21E}] => (Allow) C:Program FilesMicrosoft OfficerootOffice16Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3D7A182B-DC62-410C-B9E3-BF3FEE6C3577}] => (Allow) C:Program FilesMicrosoft OfficerootOffice16UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{32C9BBC7-C0CE-4137-9426-2C6728FA017A}] => (Allow) LPort=8414
FirewallRules: [{35735618-A096-43E5-BCF7-127920636065}] => (Allow) LPort=9009
FirewallRules: [{0C52AF2C-30E8-4CD8-A4B5-27BFB099C04A}] => (Allow) C:Program FilesMicrosoft OfficerootOffice16outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{4B8B4212-B9DA-4FB0-B142-A2EC213A5784}C:program fileskodikodi.exe] => (Allow) C:program fileskodikodi.exe (XBMC Foundation) [File not signed]
FirewallRules: [UDP Query User{2E0A8663-FC73-442A-ACDA-5360A3DF7542}C:program fileskodikodi.exe] => (Allow) C:program fileskodikodi.exe (XBMC Foundation) [File not signed]
FirewallRules: [TCP Query User{70E08F39-263A-4B73-B1B8-59C416F4F106}C:program fileskodikodi.exe] => (Allow) C:program fileskodikodi.exe (XBMC Foundation) [File not signed]
FirewallRules: [UDP Query User{054159D4-CF02-4503-B76B-B927C1C0A1A1}C:program fileskodikodi.exe] => (Allow) C:program fileskodikodi.exe (XBMC Foundation) [File not signed]
FirewallRules: [{20F20244-BD64-436B-B83D-360974A5B3FB}] => (Allow) LPort=9009
FirewallRules: [{B7899C3A-338A-4ED2-A9A0-38122C353EAF}] => (Allow) LPort=9009
FirewallRules: [{3377FFA1-B363-476D-B169-4A17B37B8E5B}] => (Allow) LPort=9009
FirewallRules: [{0926372A-7F4A-4700-829C-512C2A5E1ADD}] => (Allow) LPort=9009
FirewallRules: [{EF2D3212-4847-45A1-8A17-8D9BCA0699CA}] => (Allow) LPort=9009
FirewallRules: [{E7A2F20E-9358-48DE-8476-738BFB9C8DCD}] => (Allow) E:SteamLibrarysteamappscommonSteamVRPerformanceTestbinwin64vr.exe () [File not signed]
FirewallRules: [{13E37792-986E-41F4-BDB4-90889ED7EFE1}] => (Allow) E:SteamLibrarysteamappscommonSteamVRPerformanceTestbinwin64vr.exe () [File not signed]
FirewallRules: [{8E00E167-C225-42AC-90DC-2C6E9B4BB7CF}] => (Allow) C:Program Files (x86)SteamsteamappscommonSteamVRbinwin32vrstartup.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{E6A23121-8D58-40E5-844A-FE8FEF0C42C7}] => (Allow) C:Program Files (x86)SteamsteamappscommonSteamVRbinwin32vrstartup.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{031ECC78-E27F-4B7B-88F1-1999811EA6C8}] => (Allow) LPort=9009
FirewallRules: [TCP Query User{4BCC294E-A6D2-4E35-8F00-3BA2A0192DD5}C:program filesqbittorrentqbittorrent.exe] => (Block) C:program filesqbittorrentqbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [UDP Query User{C3CB7368-C66D-48B5-AA72-61A0CA605A5D}C:program filesqbittorrentqbittorrent.exe] => (Block) C:program filesqbittorrentqbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{ED7D7AB0-92E8-4B66-94A9-3C5A7AB39C32}] => (Allow) C:Program Files (x86)SplitmediaLabsXSplit Broadcasterx64XSplit.Core.exe (SplitmediaLabs Limited -> SplitMediaLabs)
FirewallRules: [{0F7791ED-46BB-4338-B0BF-2D906D6ABACA}] => (Allow) C:Program Files (x86)SplitmediaLabsXSplit Broadcasterx64XSplit.cam.exe (SplitmediaLabs Limited -> SplitmediaLabs Limited)
FirewallRules: [{6CABD0E4-EDB0-412A-9673-CDA0C19D2824}] => (Allow) C:Program Files (x86)SplitmediaLabsXSplit Broadcasterx64XSplit.Core.exe (SplitmediaLabs Limited -> SplitMediaLabs)
FirewallRules: [{433B1A13-C765-4ABE-B2E9-CC4DE869BB92}] => (Allow) C:Program Files (x86)SplitmediaLabsXSplit Broadcasterx64XSplit.cam.exe (SplitmediaLabs Limited -> SplitmediaLabs Limited)
FirewallRules: [TCP Query User{4651376E-12E9-4A2B-A8EC-C31C2413DE31}D:gamescyberpunk 2077binx64cyberpunk2077.exe] => (Allow) D:gamescyberpunk 2077binx64cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [UDP Query User{B25574EE-69B8-4C71-AD7B-A54125622A3C}D:gamescyberpunk 2077binx64cyberpunk2077.exe] => (Allow) D:gamescyberpunk 2077binx64cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [{85887132-8FED-4639-92F5-60B4B93FE5AB}] => (Block) D:gamescyberpunk 2077binx64cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [{7BB369F6-58A9-44E6-90B5-53EA829CA7F4}] => (Block) D:gamescyberpunk 2077binx64cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [{345A9DBA-DCEE-4F91-A507-1E725EA7B1DA}] => (Allow) C:Program FilesOculusSupportoculus-runtimeOVRRedir.exe (Oculus VR, LLC -> Facebook Technologies, LLC)
FirewallRules: [{0940D331-ACD1-4F45-A056-72A4D993B805}] => (Allow) C:Program FilesOculusSupportoculus-runtimeOVRRedir.exe (Oculus VR, LLC -> Facebook Technologies, LLC)
FirewallRules: [{58303815-415A-4637-8C1A-7237094A408C}] => (Allow) C:Program FilesOculusSupportoculus-runtimeOVRServer_x64.exe (Oculus VR, LLC -> Facebook Technologies, LLC)
FirewallRules: [{82EEC68A-600D-4213-A1B9-5BE38DDD8F75}] => (Allow) C:Program FilesOculusSupportoculus-runtimeOVRServer_x64.exe (Oculus VR, LLC -> Facebook Technologies, LLC)
FirewallRules: [{E6E8049A-9FF4-4D74-8E29-EEDCCC57AA5A}] => (Allow) C:Program FilesOculusSupportoculus-runtimeOVRServiceLauncher.exe (Oculus VR, LLC -> Facebook Technologies, LLC)
FirewallRules: [{A1E823AD-0B7C-4BEA-BF19-4822C265E902}] => (Allow) C:Program FilesOculusSupportoculus-runtimeOVRServiceLauncher.exe (Oculus VR, LLC -> Facebook Technologies, LLC)
FirewallRules: [{A1D80C97-C39B-44B0-BCA9-A07C35043839}] => (Allow) C:Program FilesOculusSupportoculus-dashdashbinOculusDash.exe (Oculus VR, LLC -> )
FirewallRules: [{ECE8205A-5D46-48FF-84EF-3EB75D85872A}] => (Allow) C:Program FilesOculusSupportoculus-dashdashbinOculusDash.exe (Oculus VR, LLC -> )
FirewallRules: [{86A09A5B-08E9-4D8F-8D3D-6C335F6164B9}] => (Allow) C:Program FilesOculusSupportoculus-worldsHome2.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{45EC3821-4B30-43BE-BF0B-CF9D59F53643}] => (Allow) C:Program FilesOculusSupportoculus-worldsHome2.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{8F76F8DE-FA68-4809-873C-1C157164DA7F}] => (Allow) C:Program FilesOculusSupportoculus-worldsHome2BinariesWin64Home2-Win64-Shipping.exe (Oculus VR, LLC -> Epic Games, Inc.)
FirewallRules: [{DDF361C4-F23D-4E79-9163-9B0703A467D5}] => (Allow) C:Program FilesOculusSupportoculus-worldsHome2BinariesWin64Home2-Win64-Shipping.exe (Oculus VR, LLC -> Epic Games, Inc.)
FirewallRules: [{D7070171-0108-4953-8E52-B9897F0F06E6}] => (Allow) C:Program FilesOculusSupportoculus-worldsEngineBinariesWin64UnrealCEFSubProcess.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{26648297-9F18-418F-92B7-48C27EB31C2E}] => (Allow) C:Program FilesOculusSupportoculus-worldsEngineBinariesWin64UnrealCEFSubProcess.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{3D150C06-84B6-47D7-AF73-BF94E0E287D2}] => (Allow) C:Program FilesOculusSupportoculus-clientOculusClient.exe (Oculus VR, LLC) [File not signed]
FirewallRules: [{24248F6B-0BF9-424B-9E9C-8295E81535BC}] => (Allow) C:Program FilesOculusSupportoculus-clientOculusClient.exe (Oculus VR, LLC) [File not signed]
FirewallRules: [{DFA43FA0-9592-49D0-B7F9-85B8B874C16C}] => (Allow) LPort=9009
FirewallRules: [TCP Query User{3B0BEC8D-0C24-4D47-906B-5F7CD130BEC8}D:gamesforza horizon 4 ultimate editionforzahorizon4.exe] => (Allow) D:gamesforza horizon 4 ultimate editionforzahorizon4.exe () [File not signed]
FirewallRules: [UDP Query User{4A637A17-A939-4319-B914-DF9B00D4083B}D:gamesforza horizon 4 ultimate editionforzahorizon4.exe] => (Allow) D:gamesforza horizon 4 ultimate editionforzahorizon4.exe () [File not signed]
FirewallRules: [{08276D8E-D009-4708-B913-F015BC4FC2D7}] => (Block) D:gamesforza horizon 4 ultimate editionforzahorizon4.exe () [File not signed]
FirewallRules: [{B43B0DBE-8C5D-4E92-8552-95A443D20202}] => (Block) D:gamesforza horizon 4 ultimate editionforzahorizon4.exe () [File not signed]
FirewallRules: [{B05B7467-EC25-4DF3-A714-AC31AF0898C1}] => (Allow) LPort=9009
FirewallRules: [{35A16EBB-0B3E-4E80-876A-A901EA5F9B97}] => (Allow) LPort=9009
FirewallRules: [{6D057DD6-6588-4E50-810F-515A8031C1F1}] => (Allow) LPort=9009
FirewallRules: [{2B497214-0D4B-47A9-9EF3-DE1755B5626A}] => (Allow) C:Program FilesIntelWiFibinPanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [{AB64552A-35FD-47DD-81C8-408D91A6DD0B}] => (Allow) LPort=9009
FirewallRules: [{DDBF34BA-9768-4F1D-9843-3392EB8E229F}] => (Allow) LPort=9009
FirewallRules: [{583FB507-E274-4DC6-A034-0F7A69E9A30C}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5BC5627F-2B6B-4ABA-A808-1D06ECE4FE79}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9E3518A6-E346-4367-90B8-BF1EA1B6D22F}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F28AA51A-E4DA-4C4A-AAE4-404FCD0DB0ED}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{84411375-41C8-44FD-9089-C26A85BD8312}] => (Allow) LPort=8128
FirewallRules: [{94FC5B72-783B-4CE1-86D9-CED82658C1AB}] => (Allow) C:Program Files (x86)MicrosoftEdgeWebViewApplication95.0.1020.40msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{09FBBBDD-FFCE-4DCF-9BFD-1BC3E0430175}] => (Allow) C:Program FilesMicrosoft OfficerootOffice16Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A2633E27-E4C9-461B-B7C0-D96C0CDEF7A9}] => (Allow) C:Program FilesMicrosoft OfficerootOffice16UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3B18905A-30C3-440E-B6FB-CD93627C7079}] => (Allow) LPort=9009
FirewallRules: [{F9122995-EF27-4738-9698-19E450D2B2BC}] => (Allow) C:Program FilesGoogleChromeApplicationchrome.exe (Google LLC -> Google LLC)
FirewallRules: [{2ACB1720-FD43-4BEB-98E5-189024F8CAB8}] => (Allow) LPort=9009
FirewallRules: [{480A3277-1578-4F35-9B21-F1127CF5CC6F}] => (Allow) C:Program Files (x86)GigabyteCloudStation_ServerHomeCloudHCLOUD.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> Microsoft)
FirewallRules: [{646E92D7-B187-4517-92EA-800ABB681407}] => (Allow) C:Program Files (x86)GigabyteCloudStation_ServerRemoteOCubssrv_oc_only.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{4EBC30D3-4E02-45AF-A12F-B826271BF06E}] => (Allow) C:Program Files (x86)GigabyteCloudStation_ServerRemoteControlgrckm.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{8C34BA0B-4517-4E57-AB7C-7EB28B5ACB9B}] => (Allow) LPort=1980
FirewallRules: [{4D5F48E7-FFB3-4BF9-82AB-912F006BC692}] => (Allow) LPort=1900
FirewallRules: [{543CAA1B-34B7-4BCD-A67F-39F69719AD25}] => (Allow) LPort=1900
FirewallRules: [{E1CFB7E1-1672-46BE-81FC-D396C0F1B76C}] => (Allow) LPort=8738
==================== Restore Points =========================
29-10-2021 19:24:49 Scheduled Checkpoint
30-10-2021 20:42:23 Revo Uninstaller’s restore point – RIDE 4
01-11-2021 17:25:52 Driver Booster : Intel® 300 Series Chipset Family SATA AHCI Controller
01-11-2021 17:40:35 Revo Uninstaller’s restore point – JDownloader 2
01-11-2021 17:41:26 Revo Uninstaller’s restore point – Google Chrome
01-11-2021 18:13:42 Revo Uninstaller’s restore point – Cleaner One Pro 6.6.0
01-11-2021 18:14:19 Revo Uninstaller’s restore point – HouseCall for Home Networks
01-11-2021 18:33:57 Windows Modules Installer
01-11-2021 18:39:02 Windows Modules Installer
01-11-2021 18:39:42 Windows Modules Installer
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (11/01/2021 07:08:02 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_SNOOZED.
Error: (11/01/2021 07:05:30 PM) (Source: OVRServiceLauncher) (EventID: 0) (User: )
Description: Event-ID 0
Error: (11/01/2021 07:04:11 PM) (Source: OVRServiceLauncher) (EventID: 0) (User: )
Description: Event-ID 0
Error: (11/01/2021 06:13:42 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {f9af5818-4542-4bde-ae84-0689ccafc56d}
Error: (11/01/2021 05:57:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RunUpd.exe, version: 1.0.0.0, time stamp: 0x5ba337aa
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1288, time stamp: 0x3e55bd0b
Exception code: 0xc000041d
Fault offset: 0x0012b5b2
Faulting process ID: 0x3578
Faulting application start time: 0x01d7cf49f5e579ee
Faulting application path: C:Program Files (x86)GIGABYTEAppCenterRunUpd.exe
Faulting module path: C:WINDOWSSystem32KERNELBASE.dll
Report ID: c6fb9b77-d130-49b0-94ae-1d923a712e38
Faulting package full name:
Faulting package-relative application ID:
Error: (11/01/2021 05:57:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RunUpd.exe, version: 1.0.0.0, time stamp: 0x5ba337aa
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1288, time stamp: 0x3e55bd0b
Exception code: 0xc0020001
Fault offset: 0x0012b5b2
Faulting process ID: 0x3578
Faulting application start time: 0x01d7cf49f5e579ee
Faulting application path: C:Program Files (x86)GIGABYTEAppCenterRunUpd.exe
Faulting module path: C:WINDOWSSystem32KERNELBASE.dll
Report ID: 2e609073-a838-441c-8f39-20e2259fc653
Faulting package full name:
Faulting package-relative application ID:
Error: (11/01/2021 05:57:25 PM) (Source: OVRServiceLauncher) (EventID: 0) (User: )
Description: Event-ID 0
Error: (11/01/2021 05:41:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddWin32ServiceFiles: Unable to back up image of service MaskVPN Service since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
.
System errors:
=============
Error: (11/01/2021 07:05:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GLCKIO2 service failed to start due to the following error:
The system cannot find the file specified.
Error: (11/01/2021 05:57:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GLCKIO2 service failed to start due to the following error:
The system cannot find the file specified.
Error: (11/01/2021 05:24:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.
Error: (11/01/2021 05:24:22 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The NVIDIA LocalSystem Container service terminated with the following error:
A generic command executable returned a result that indicates failure.
Error: (10/29/2021 05:20:08 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
Error: (10/29/2021 02:37:22 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Intune Management Extension service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (10/28/2021 11:39:29 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246010: 9NBLGGH4LS1F-Microsoft.StorePurchaseApp.
Error: (10/28/2021 11:00:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GLCKIO2 service failed to start due to the following error:
The system cannot find the file specified.
CodeIntegrity:
===============
Date: 2021-11-01 17:58:25
Description:
Code Integrity determined that a process (DeviceHarddiskVolume5Program FilesWindows DefenderMpCmdRun.exe) attempted to load DeviceHarddiskVolume5Program FilesAvast SoftwareAvastaswAMSI.dll that did not meet the Microsoft signing level requirements.
Date: 2021-11-01 17:57:37
Description:
Code Integrity determined that a process (DeviceHarddiskVolume5WindowsSystem32svchost.exe) attempted to load DeviceHarddiskVolume5Program FilesAvast SoftwareAvastaswAMSI.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. F11 10/15/2019
Motherboard: Gigabyte Technology Co., Ltd. Z390 AORUS PRO-CF
Processor: Intel® Core i9-9900 CPU @ 3.10GHz
Percentage of memory in use: 25%
Total physical RAM: 32699.2 MB
Available physical RAM: 24434.13 MB
Total Virtual: 37563.2 MB
Available Virtual: 26107.63 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:222.95 GB) (Free:87.31 GB) NTFS
Drive d: (D Drive) (Fixed) (Total:465.75 GB) (Free:306.23 GB) NTFS
Drive e: (E Drive) (Fixed) (Total:465.75 GB) (Free:294.62 GB) NTFS
\?Volume{49a7120f-389d-4ac7-afa0-089b58fe60e3} () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 1 (Protective MBR) (Size: 223.6 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 2 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================
Source: https://www.bleepingcomputer.com/forums/t/760959/possible-malware-hijacking-google-facebook/