Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: NSA shares zero-trust guidance to limit adversaries on the network

Featured Deal: Enjoy quick, compatible data transfers with this $59.99 portable SSD

Latest Buyer's Guide: Hotspot Shield VPN review

Found Malware on PC, Need Help Locating Anything Ells.

Started by dog6611 , Feb 28 2024 09:33 PM

Please log in to reply

40 replies to this topic

#1 dog6611

Members
70 posts
ONLINE

Local time:10:58 PM

Posted 28 February 2024 - 09:33 PM

Hello,
Recently removed a Bitcoin Miner & a Trojan from my PC. Removed them using RogueKiller. Looking for a second opinion to find if anything ells is residing in my pc.

Issues started with my Computer completely freezing while watching videos on Youtube, forced to hard shutdown my PC every time.

I use ESET Smart Security Premium & Malwarebytes Premium as my general AV.

Windows 10 Version 22H2 (OS Build 19045.4046)

Thank You in Advanced,
dog6611

P.S. Attaching FRST & Addition Logs below.

======================================================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26.02.2024 01
Ran by Soggy (administrator) on SOGGY (28-02-2024 21:20:02)
Running from E:\Downloads\FRST64.exe
Loaded Profiles: Soggy
Platform: Microsoft Windows 10 Pro Version 22H2 19045.4046 (X64) Language: English (United States)
Default browser not detected!
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ADLICE -> ) C:\Program Files\UCheck\UCheck64.exe
(C:\Program Files\ESET\ESET Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\Mozilla Firefox\firefox.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\BrowserPrivacyAndSecurity.exe
(C:\Program Files\Mozilla Firefox\firefox.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe
(C:\Users\Ori\AppData\Local\Temp\is-N7K7K.tmp\NordVPNSetup.exe ->) (nordvpn s.a. -> Nord Security) C:\Users\Ori\AppData\Local\Temp\is-PB9IS.tmp\NordVPNSetup.tmp
(cmd.exe ->) (NirSoft) [File not signed] C:\Windows\nircmdc.exe <2>
(Discord Inc. -> Discord Inc.) C:\Users\Ori\AppData\Local\Discord\app-1.0.9034\Discord.exe <6>
(E:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe ->) (Alexey Nicolaychuk -> ) E:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
(E:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe ->) (Alexey Nicolaychuk -> ) E:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer64.exe
(E:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe ->) (Alexey Nicolaychuk -> ) E:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
(explorer.exe ->) (Flow Launcher) [File not signed] C:\Users\Ori\AppData\Local\FlowLauncher\app-1.16.2\Flow.Launcher.exe
(Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe <2>
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <16>
(Node.js) [File not signed] F:\Achievement Watcher\node\node.exe
(nordvpn s.a. -> Nord Security) C:\Users\Ori\AppData\Local\Temp\is-N7K7K.tmp\NordVPNSetup.exe
(nordvpn s.a. -> nordvpn S.A.) C:\Program Files\NordVPN\NordVPN.exe
(services.exe ->) (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.77\AsusFanControlService.exe
(services.exe ->) (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AXSP\4.00.38\atkexComSvc.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Secure Data\dlpsrv.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\efwd.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Microsoft Update Health Tools\uhssvc.exe
(services.exe ->) (Nefarius Software Solutions e.U. -> Nefarius Software Solutions e.U.) C:\Program Files\Nefarius Software Solutions\HidHide\x64\HidHideWatchdog.exe
(services.exe ->) (nordvpn s.a. -> nordvpn S.A.) C:\Program Files\NordUpdater\NordUpdateService.exe
(services.exe ->) (nordvpn s.a. -> nordvpn S.A.) C:\Program Files\NordVPN\NordSec ThreatProtection\nordsec-threatprotection-service.exe
(services.exe ->) (nordvpn s.a. -> nordvpn S.A.) C:\Program Files\NordVPN\nordvpn-service.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_3fef55dfb47c8c9c\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Parsec Cloud, Inc. -> Parsec) C:\Program Files\Parsec\pservice.exe
(services.exe ->) (Safer-Networking Limited -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(services.exe ->) (Safer-Networking Limited -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(services.exe ->) (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(services.exe ->) (voidtools -> voidtools) E:\Program Files\Everything\Everything.exe <2>
(services.exe ->) (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) C:\Program Files\Common Files\Zoom\Support\CptService.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2401.5.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (ASUSTeK Computer Inc. -> ) E:\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> ) E:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(svchost.exe ->) (Rémi Mercier) [File not signed] E:\Fan Control\FanControl.exe
(Vincent Burel -> VB-AUDIO Software) C:\Program Files (x86)\VB\Voicemeeter\voicemeeter8x64.exe
(Wagnardsoft -> Wagnardsoft) C:\Users\Ori\Desktop\ISLC v1.0.2.9\ISLC.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [196264 2024-01-23] (ESET, spol. s r.o. -> ESET)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9228800 2017-06-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Discord] => C:\Users\Ori\AppData\Local\Discord\Update.exe [1525016 2023-02-13] (Discord Inc. -> GitHub)
HKLM\...\Run: [ISLC] => C:\Users\Ori\Desktop\ISLC v1.0.2.9\StartISLC.bat [56 2023-09-27] () [File not signed]
HKLM\...\Run: [BraveVpnWireguardService] => C:\Program Files\BraveSoftware\Brave-Browser\Application\122.1.63.165\BraveVpnWireguardService\brave_vpn_wireguard_service.exe [10880024 2024-02-27] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\...\Run: [Everything] => E:\Program Files\Everything\Everything.exe [2265096 2023-05-25] (voidtools -> voidtools)
HKLM\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [5451544 2023-07-12] (STARDOCK SYSTEMS, INC. -> Stardock Corporation) [File not signed] [File is in use]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5204968 2021-11-16] (Safer-Networking Limited -> Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => :C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (No File)
HKLM\...\Policies\Explorer: [AllowOnlineTips] 0
HKLM\...\Policies\Explorer: [HideSCAMeetNow] 1
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\MRT: Restriction <==== ATTENTION
HKLM\Software\Policies\...\system: [EnableSmartScreen] 0
HKLM\Software\Policies\...\system: [PublishUserActivities] 0
HKLM\Software\Policies\...\system: [UploadUserActivities] 0
HKLM\Software\Policies\...\system: [AllowCrossDeviceClipboard] 0
HKLM\Software\Policies\...\system: [EnableActivityFeed] 0
HKLM\Software\Policies\...\system: [EnableCdp] 0
HKLM\Software\Policies\...\system: [EnableMmx] 0
HKLM\Software\Policies\...\system: [RSoPLogging] 0
HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1785864 2024-01-07] (Overwolf Ltd -> Overwolf Ltd.)
HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\Run: [Steam] => E:\Program Files (x86)\Steam\steam.exe [4388200 2024-01-12] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [37157328 2023-12-02] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\Run: [Parsec.App.0] => C:\Program Files\Parsec\parsecd.exe [465280 2023-06-22] (Parsec Cloud, Inc. -> Parsec)
HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\Run: [f.lux] => C:\Users\Ori\AppData\Local\FluxSoftware\Flux\flux.exe [1528952 2024-01-17] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\Run: [Voicemeeter] => C:\Program Files (x86)\VB\Voicemeeter\StartVoiceMeeter.bat [70 2023-08-16] () [File not signed]
HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\Run: [Flow.Launcher] => C:\Users\Ori\AppData\Local\FlowLauncher\app-1.16.2\Flow.Launcher.exe [274944 2023-10-26] (Flow Launcher) [File not signed]
HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\Run: [NordVPN] => C:\Program Files\NordVPN\NordVPN.exe [263256 2023-09-25] (nordvpn s.a. -> nordvpn S.A.)
HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Ori\AppData\Local\Microsoft\Teams\Update.exe [2591296 2024-01-14] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\Run: [Achievement Watcher] => F:\Achievement Watcher\nw\nw.exe [3098112 2021-10-02] (Anthony Beaumont) [File not signed]
HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\Run: [Fences] => c:\program files (x86)\stardock\fences\Fences.exe [5451544 2023-07-12] (STARDOCK SYSTEMS, INC. -> Stardock Corporation) [File not signed] [File is in use]
HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\MountPoints2: {424cedb9-4ff6-11ed-85b5-005056c00008} - "F:\OnePlus_setup.exe" /s
HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\MountPoints2: {8dd893e1-1e6d-11ee-b527-001a7dda7115} - "F:\OnePlus_setup.exe" /s
HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\MountPoints2: {8dd895f0-1e6d-11ee-b527-001a7dda7115} - "F:\OnePlus_setup.exe" /s
HKLM\Software\Microsoft\Active Setup\Installed Components: [{9459C573-B17A-45AE-9F64-1857B5D58CEE}] -> "C:\Program Files (x86)\Microsoft\Edge\Application\119.0.2151.72\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\122.1.63.165\Installer\chrmstp.exe [2024-02-28] (Brave Software, Inc. -> Brave Software, Inc.)
IFEO\CompatTelRunner.exe: [Debugger] %windir%\System32\taskkill.exe
IFEO\DeviceCensus.exe: [Debugger] %windir%\System32\taskkill.exe
IFEO\software_reporter_tool.exe: [Debugger] %windir%\System32\taskkill.exe
Startup: E:\Users\Ori\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~Disabled [2023-09-08]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\lock_Mic_vol.bat.lnk [2024-02-24]
ShortcutTarget: lock_Mic_vol.bat.lnk -> C:\Users\Ori\Desktop\Lock Volumes\lock_Mic_vol.bat () [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\lock_Speaker_vol.bat.lnk [2024-02-24]
ShortcutTarget: lock_Speaker_vol.bat.lnk -> C:\Users\Ori\Desktop\Lock Volumes\lock_Speaker_vol.bat () [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Portmaster Notifier.lnk [2023-11-24]
ShortcutTarget: Portmaster Notifier.lnk -> C:\ProgramData\Safing\Portmaster\portmaster-start.exe (Safing ICS Technologies GmbH -> )
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction - Edge <==== ATTENTION
GroupPolicy-Firefox: Restriction <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {33C380E4-CB76-493E-A593-B65524B423C2} - System32\Tasks\Achievement Watcher Upgrade Daily => F:\Achievement Watcher\nw\nw.exe [3098112 2021-10-02] (Anthony Beaumont) [File not signed]
Task: {627F2F2E-0F7A-4DBC-BC3E-1F5EF3FAFD36} - System32\Tasks\ASUS\ASUS AISuiteIII => E:\AI Suite III\AISuite3.exe [2110000 2019-04-22] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {E0A677BF-F29A-4212-94ED-B6F437DB4E88} - System32\Tasks\ASUS\ASUS DIPAwayMode => E:\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [1456688 2019-05-16] (ASUSTeK Computer Inc. -> )
Task: {5541A6D4-9190-4C6C-B7E8-67FC513F2CD7} - System32\Tasks\ASUS\Ez Update => E:\AI Suite III\EZ Update\EzUpdt.exe [1509424 2019-05-13] (ASUSTeK Computer Inc. -> )
Task: {FC0CA7CB-CE67-484C-9FE2-AF1A3E0F4063} - System32\Tasks\ASUS\GpuFanHelper => E:\AI Suite III\DIP4\GpuFanHelper.exe [4329008 2019-04-28] (ASUSTeK Computer Inc. -> TODO: <Company name>)
Task: {E9F0217D-6926-4E99-98D9-E41766AC5347} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore{B40EF21E-ABA6-4B9C-B543-3B3BEC9C9905} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174960 2022-12-16] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {03743834-9FA5-4E3B-A9B5-EBFFF2F10D2E} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA{D47D144D-62A0-486C-9B1A-AAD290507EA9} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174960 2022-12-16] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {F89675B6-D337-4D3A-8D28-174EF77B9406} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\windows\explorer.exe [5577144 2024-02-25] (Microsoft Windows -> Microsoft Corporation)
Task: {94705503-199D-4FF1-950D-1EC233C10DF3} - System32\Tasks\FanControl => E:\Fan Control\\FanControl.exe [3334144 2024-02-15] (Rémi Mercier) [File not signed]
Task: {6507B98A-71BF-4131-B462-6B00031E0CAF} - System32\Tasks\HidHide_Updater => C:\Program Files\Nefarius Software Solutions\HidHide\HidHide_Updater.exe [1205688 2023-10-31] (Nefarius Software Solutions e.U. -> Nefarius Software Solutions e.U.)
Task: {CA99EB7A-0603-4CF9-B5DC-C5DA09D4EDC2} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /c (No File)
Task: {0ABB8082-DFCC-4604-B1DD-F3B29FA7B6BD} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /ua /installsource scheduler (No File)
Task: {DC9527C8-53AE-49CA-A3DD-4BE4036E550C} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [671136 2024-02-20] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {137A40FD-B73D-4518-9EB2-87D913E660E0} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-2538788236-3835922159-488444903-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [671136 2024-02-20] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {5E03BD39-AB6E-4B4B-8167-A95ABC4B09D2} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34720 2024-02-20] (Mozilla Corporation -> Mozilla Foundation)
Task: {921F3157-BBB0-48FE-9D56-209D0768C426} - System32\Tasks\MSIAfterburner => E:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [804312 2023-04-11] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
Task: {68ABE50B-9E24-4756-BD96-C4CE9DD029FF} - System32\Tasks\NVCleanstall => C:\Users\Ori\Desktop\Nvidia Driver Tools\NVCleanstall_1.16.0.exe [3934936 2023-11-01] (TechPowerUp LLC -> TechPowerUp)
Task: {9BB635DE-D747-4345-82F7-9E82DAD44042} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2641928 2024-01-07] (Overwolf Ltd -> Overwolf LTD)
Task: {CA5A2E36-67D4-4B25-91EE-623767A40ED1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [5363552 2021-11-16] (Safer-Networking Limited -> Safer-Networking Ltd.)
Task: {3532D11A-C75B-4482-98AC-60F4F54E51BB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5629064 2021-11-23] (Safer-Networking Limited -> Safer-Networking Ltd.)
Task: {DA40B45A-AC80-4E80-8B3D-DC34CD24FD8C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [6093928 2021-12-20] (Safer-Networking Limited -> Safer-Networking Ltd.)
Task: {862A8284-1A65-4156-A66E-4224E6627FD6} - System32\Tasks\StardockFencesHotkeySupport => C:\WINDOWS\system32\rundll32.exe [71680 2023-11-20] (Microsoft Windows -> Microsoft Corporation) -> "C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll",StartHotkeySupportAsUser
Task: {C15B5FE1-C436-46A4-9D5D-C07B9C58B605} - System32\Tasks\StardockFencesStartup => C:\WINDOWS\system32\rundll32.exe [71680 2023-11-20] (Microsoft Windows -> Microsoft Corporation) -> "C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll",StartFencesAsUser
Task: {529BDCD2-546E-411A-9F57-0B38634DD056} - System32\Tasks\WuMgrNoUAC => C:\Users\Ori\Desktop\WUMGR\wumgr.exe [371200 2019-12-11] () [File not signed]

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\UCheck.job => C:\Program Files\UCheck\UCheck64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 17 C:\WINDOWS\SysWOW64\vsocklib.dll [44128 2020-08-11] (VMware, Inc. -> VMware, Inc.)
Winsock: Catalog9 18 C:\WINDOWS\SysWOW64\vsocklib.dll [44128 2020-08-11] (VMware, Inc. -> VMware, Inc.)
Winsock: Catalog9-x64 17 C:\Windows\system32\vsocklib.dll [48224 2020-08-11] (VMware, Inc. -> VMware, Inc.)
Winsock: Catalog9-x64 18 C:\Windows\system32\vsocklib.dll [48224 2020-08-11] (VMware, Inc. -> VMware, Inc.)
Tcpip\..\Interfaces\{3c355d51-73e0-48ba-95a2-f0d74caaeb5f}: [NameServer] 94.140.14.14,94.140.15.15
Tcpip\..\Interfaces\{3c355d51-73e0-48ba-95a2-f0d74caaeb5f}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3c355d51-73e0-48ba-95a2-f0d74caaeb5f}: [DhcpDomain] home
Tcpip\..\Interfaces\{fc01fcd5-2b9d-2fd8-78d8-cb78b313e2b2}: [NameServer] 103.86.96.100,103.86.99.100
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

Edge:
=======
Edge Profile: C:\Users\Ori\AppData\Local\Microsoft\Edge\User Data\Default [2024-02-17]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Ori\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn [2023-10-11]
Edge Extension: (Google Docs Offline) - C:\Users\Ori\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-21]
Edge Extension: (Edge relevant text changes) - C:\Users\Ori\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-21]
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [fphgeikpdcdcheaochkhldmnfblfogla]

FireFox:
========
FF DefaultProfile: pfgvgspk.default
FF ProfilePath: E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\pfgvgspk.default [2024-02-17]
FF user.js: detected! => E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\pfgvgspk.default\user.js [2022-11-19]
FF Extension: (IObit Surfing Protection & Ads Removal) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\pfgvgspk.default\Extensions\ascsurfingprotectionnew@iobit.com.xpi [2022-08-13]
FF Extension: (TubeBuddy) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\pfgvgspk.default\Extensions\e389d8c2-5554-4ba2-a36e-ac7a57093130@gmail.com.xpi [2022-12-08]
FF Extension: (Enhancer for YouTube™) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\pfgvgspk.default\Extensions\enhancerforyoutube@maximerf.addons.mozilla.org.xpi [2022-12-08]
FF Extension: (Exhentai Passport) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\pfgvgspk.default\Extensions\exhentaipassport@harytfw.xpi [2022-08-01]
FF Extension: (Ghostery – Privacy Ad Blocker) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\pfgvgspk.default\Extensions\firefox@ghostery.com.xpi [2023-04-10]
FF Extension: (Helperbird: Accessibility & Productivity App) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\pfgvgspk.default\Extensions\firefox@helperbird.com.xpi [2022-11-05]
FF Extension: (Tampermonkey) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\pfgvgspk.default\Extensions\firefox@tampermonkey.net.xpi [2022-11-15]
FF Extension: (Grammar & Spell Checker—LanguageTool) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\pfgvgspk.default\Extensions\languagetool-webextension@languagetool.org.xpi [2023-03-24]
FF Extension: (Save webP as PNG or JPEG) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\pfgvgspk.default\Extensions\savewebpas@jeffersonscher.com.xpi [2023-03-27]
FF Extension: (SponsorBlock for YouTube - Skip Sponsorships) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\pfgvgspk.default\Extensions\sponsorBlocker@ajay.app.xpi [2023-03-23]
FF Extension: (LastPass: Free Password Manager) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\pfgvgspk.default\Extensions\support@lastpass.com.xpi [2023-03-31]
FF Extension: (Tree Style Tab) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\pfgvgspk.default\Extensions\treestyletab@piro.sakura.ne.jp.xpi [2023-03-31]
FF Extension: (uBlock Origin) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\pfgvgspk.default\Extensions\uBlock0@raymondhill.net.xpi [2023-04-06]
FF Extension: (TWP - Translate Web Pages) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\pfgvgspk.default\Extensions\{036a55b4-5e72-4d05-a06c-cba2dfcc134a}.xpi [2022-10-04]
FF Extension: (Audio Only for YouTube™) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\pfgvgspk.default\Extensions\{04c0e786-13ad-428f-8106-697cf0dc9701}.xpi [2021-06-20]
FF Extension: (YouTube NonStop) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\pfgvgspk.default\Extensions\{0d7cafdd-501c-49ca-8ebb-e3341caaa55e}.xpi [2021-10-05]
FF Extension: (Malwarebytes Browser Guard) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\pfgvgspk.default\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2023-03-14]
FF Extension: (Allow Right-Click) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\pfgvgspk.default\Extensions\{278b0ae0-da9d-4cc6-be81-5aa7f3202672}.xpi [2022-07-28]
FF Extension: (Bitwarden - Free Password Manager) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\pfgvgspk.default\Extensions\{446900e4-71c2-419f-a6a7-df9c091e268b}.xpi [2023-04-12]
FF Extension: (Cookie Quick Manager) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\pfgvgspk.default\Extensions\{60f82f00-9ad5-4de5-b31c-b16a47c51558}.xpi [2022-07-26]
FF Extension: (NoScript) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\pfgvgspk.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2023-04-04]
FF Extension: (ClearURLs) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\pfgvgspk.default\Extensions\{74145f27-f039-47ce-a470-a662b129930a}.xpi [2023-02-03]
FF Extension: (Return YouTube Dislike) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\pfgvgspk.default\Extensions\{762f9885-5a13-4abd-9c77-433dcd38b8fd}.xpi [2023-02-24]
FF Extension: (Universal Bypassed) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\pfgvgspk.default\Extensions\{a4ab67c7-5c64-4e7b-8086-136d9c9edbd0}.xpi [2022-12-04]
FF Extension: (LocalCDN) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\pfgvgspk.default\Extensions\{b86e4813-687a-43e6-ab65-0bde4ab75758}.xpi [2023-03-23]
FF Extension: (DownThemAll!) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\pfgvgspk.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2023-02-27]
FF Extension: (Read Aloud: A Text to Speech Voice Reader) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\pfgvgspk.default\Extensions\{ddc62400-f22d-4dd3-8b4a-05837de53c2e}.xpi [2023-04-05]
FF Extension: (Buster: Captcha Solver for Humans) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\pfgvgspk.default\Extensions\{e58d3966-3d76-4cd9-8552-1582fbc800c1}.xpi [2022-12-19]
FF ProfilePath: E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\omt469jc.default-release-1681687266839 [2024-02-28]
FF user.js: detected! => E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\omt469jc.default-release-1681687266839\user.js [2023-11-10]
FF DownloadDir: E:\Downloads
FF Extension: (Disconnect) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\omt469jc.default-release-1681687266839\Extensions\2.0@disconnect.me.xpi [2023-11-06]
FF Extension: (Dark Reader) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\omt469jc.default-release-1681687266839\Extensions\addon@darkreader.org.xpi [2024-02-08]
FF Extension: (ESET Browser Privacy & Security) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\omt469jc.default-release-1681687266839\Extensions\browserextension@eset.com.xpi [2024-02-13]
FF Extension: (Enhancer for YouTube™) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\omt469jc.default-release-1681687266839\Extensions\enhancerforyoutube@maximerf.addons.mozilla.org.xpi [2024-02-08]
FF Extension: (Ghostery Tracker & Ad Blocker - Privacy AdBlock) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\omt469jc.default-release-1681687266839\Extensions\firefox@ghostery.com.xpi [2023-12-14]
FF Extension: (Helperbird: Accessibility & Productivity App) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\omt469jc.default-release-1681687266839\Extensions\firefox@helperbird.com.xpi [2024-02-22]
FF Extension: (Tampermonkey) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\omt469jc.default-release-1681687266839\Extensions\firefox@tampermonkey.net.xpi [2024-01-09]
FF Extension: (ReviewMeta.com Review Analyzer) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\omt469jc.default-release-1681687266839\Extensions\FirefoxExtension@ReviewMeta.com.xpi [2023-10-01]
FF Extension: (Tab Reloader (page auto refresh)) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\omt469jc.default-release-1681687266839\Extensions\jid0-bnmfwWw2w2w4e4edvcdDbnMhdVg@jetpack.xpi [2023-10-07]
FF Extension: (Decentraleyes) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\omt469jc.default-release-1681687266839\Extensions\jid1-BoFifL9Vbdl2zQ@jetpack.xpi [2023-11-28]
FF Extension: (Privacy Badger) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\omt469jc.default-release-1681687266839\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2024-02-08]
FF Extension: (Grammar Checker & Paraphraser – LanguageTool) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\omt469jc.default-release-1681687266839\Extensions\languagetool-webextension@languagetool.org.xpi [2023-11-28]
FF Extension: (Bypass Paywalls Clean ©) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\omt469jc.default-release-1681687266839\Extensions\magnolia_limited_permissions@12.34.xpi [2024-02-25] [UpdateUrl:hxxps://gitlab.com/magnolia1234/bypass-paywalls-firefox-clean/-/raw/master/updates_custom.json]
FF Extension: (Save webP as PNG or JPEG) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\omt469jc.default-release-1681687266839\Extensions\savewebpas@jeffersonscher.com.xpi [2023-11-20]
FF Extension: (SponsorBlock for YouTube - Skip Sponsorships) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\omt469jc.default-release-1681687266839\Extensions\sponsorBlocker@ajay.app.xpi [2024-02-19]
FF Extension: (Tree Style Tab) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\omt469jc.default-release-1681687266839\Extensions\treestyletab@piro.sakura.ne.jp.xpi [2024-01-31]
FF Extension: (uBlock Origin) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\omt469jc.default-release-1681687266839\Extensions\uBlock0@raymondhill.net.xpi [2024-02-20]
FF Extension: (TWP - Translate Web Pages) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\omt469jc.default-release-1681687266839\Extensions\{036a55b4-5e72-4d05-a06c-cba2dfcc134a}.xpi [2023-09-20]
FF Extension: (YouTube NonStop) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\omt469jc.default-release-1681687266839\Extensions\{0d7cafdd-501c-49ca-8ebb-e3341caaa55e}.xpi [2023-10-31]
FF Extension: (Malwarebytes Browser Guard) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\omt469jc.default-release-1681687266839\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2023-12-19]
FF Extension: (Allow Right-Click) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\omt469jc.default-release-1681687266839\Extensions\{278b0ae0-da9d-4cc6-be81-5aa7f3202672}.xpi [2024-02-14]
FF Extension: (Bitwarden - Free Password Manager) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\omt469jc.default-release-1681687266839\Extensions\{446900e4-71c2-419f-a6a7-df9c091e268b}.xpi [2024-02-14]
FF Extension: (Cookie Quick Manager) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\omt469jc.default-release-1681687266839\Extensions\{60f82f00-9ad5-4de5-b31c-b16a47c51558}.xpi [2022-07-26]
FF Extension: (NoScript) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\omt469jc.default-release-1681687266839\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2023-12-12]
FF Extension: (ClearURLs) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\omt469jc.default-release-1681687266839\Extensions\{74145f27-f039-47ce-a470-a662b129930a}.xpi [2023-02-03]
FF Extension: (User-Agent Switcher) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\omt469jc.default-release-1681687266839\Extensions\{75afe46a-7a50-4c6b-b866-c43a1075b071}.xpi [2023-08-05]
FF Extension: (Return YouTube Dislike) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\omt469jc.default-release-1681687266839\Extensions\{762f9885-5a13-4abd-9c77-433dcd38b8fd}.xpi [2023-12-14]
FF Extension: (Hide shorts for Youtube™) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\omt469jc.default-release-1681687266839\Extensions\{88ebde3a-4581-4c6b-8019-2a05a9e3e938}.xpi [2024-01-31]
FF Extension: (User-Agent Switcher and Manager) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\omt469jc.default-release-1681687266839\Extensions\{a6c4a591-f1b2-4f03-b3ff-767e5bedf4e7}.xpi [2023-11-06]
FF Extension: (Purple Ads Blocker) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\omt469jc.default-release-1681687266839\Extensions\{a7399979-5203-4489-9861-b168187b52e1}.xpi [2024-02-01]
FF Extension: (LocalCDN) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\omt469jc.default-release-1681687266839\Extensions\{b86e4813-687a-43e6-ab65-0bde4ab75758}.xpi [2024-02-08]
FF Extension: (DownThemAll!) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\omt469jc.default-release-1681687266839\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2024-02-01]
FF Extension: (Read Aloud: A Text to Speech Voice Reader) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\omt469jc.default-release-1681687266839\Extensions\{ddc62400-f22d-4dd3-8b4a-05837de53c2e}.xpi [2024-01-11]
FF Extension: (Buster: Captcha Solver for Humans) - E:\Users\Ori\AppData\Roaming\Mozilla\Firefox\Profiles\omt469jc.default-release-1681687266839\Extensions\{e58d3966-3d76-4cd9-8552-1582fbc800c1}.xpi [2022-12-19]
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.19 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\eset_security_config_overlay.js [2024-02-28]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

Brave:
=======
BRA Profile: C:\Users\Ori\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2024-02-24]
BRA DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}&t=brave
BRA DefaultSearchKeyword: Default -> :d
BRA DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list
BRA Extension: (Google Translate) - C:\Users\Ori\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2023-10-11]
BRA Extension: (Brave Ad Block Updater (Brave Ad Block First Party Filters (plaintext))) - C:\Users\Ori\AppData\Local\BraveSoftware\Brave-Browser\User Data\adcocjohghhfpidemphmcmlmhnfgikei [2024-02-24]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\Ori\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2024-02-24]
BRA Extension: (Brave NTP background images) - C:\Users\Ori\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2024-02-01]
BRA Extension: (Brave Ad Block Updater (Fanboy's Mobile Notifications (plaintext))) - C:\Users\Ori\AppData\Local\BraveSoftware\Brave-Browser\User Data\bfpgedeaaibpoidldhjcknekahbikncb [2024-02-24]
BRA Extension: (Wallet Data Files Updater) - C:\Users\Ori\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2023-12-28]
BRA Extension: (Brave Ad Block Updater (EasyList Cookie (plaintext))) - C:\Users\Ori\AppData\Local\BraveSoftware\Brave-Browser\User Data\cdbbhgbmjhfnhnmgeddbliobbofkgdhe [2024-02-24]
BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\Ori\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2023-10-05]
BRA Extension: (Brave NTP sponsored images) - C:\Users\Ori\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2024-02-24]
BRA Extension: (Brave Ad Block Updater (Regional Catalog)) - C:\Users\Ori\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc [2024-02-22]
BRA Extension: (Brave Ads Resources) - C:\Users\Ori\AppData\Local\BraveSoftware\Brave-Browser\User Data\iblokdlgekdjophgeonmanpnjihcjkjj [2024-02-24]
BRA Extension: (Brave Ad Block Updater (Brave Ad Block Updater (plaintext))) - C:\Users\Ori\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo [2024-02-24]
BRA Extension: (Brave Ad Block Updater (Resources)) - C:\Users\Ori\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop [2024-01-28]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\Ori\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2023-11-04]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.00.38\atkexComSvc.exe [440368 2019-04-09] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.77\AsusFanControlService.exe [2061872 2019-05-14] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [15044872 2023-11-26] (BattlEye Innovations e.K. -> )
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174960 2022-12-16] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174960 2022-12-16] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 BraveVpnService; C:\Program Files\BraveSoftware\Brave-Browser\Application\122.1.63.165\brave_vpn_helper.exe [2730008 2024-02-27] (Brave Software, Inc. -> Brave Software, Inc.)
S3 BraveVpnWireguardService; C:\Program Files\BraveSoftware\Brave-Browser\Application\122.1.63.165\BraveVpnWireguardService\brave_vpn_wireguard_service.exe [10880024 2024-02-27] (Brave Software, Inc. -> Brave Software, Inc.)
R2 dlpsrv; C:\Program Files\ESET\ESET Secure Data\dlpsrv.exe [707864 2022-08-24] (ESET, spol. s r.o. -> ESET)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [955816 2023-11-26] (EasyAntiCheat Oy -> Epic Games, Inc.)
R2 efwd; C:\Program Files\ESET\ESET Security\efwd.exe [2539384 2024-01-23] (ESET, spol. s r.o. -> ESET)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [3890064 2024-01-23] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [3890064 2024-01-23] (ESET, spol. s r.o. -> ESET)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2023-08-02] (Epic Games Inc. -> Epic Games, Inc.)
R2 Everything; E:\Program Files\Everything\Everything.exe [2265096 2023-05-25] (voidtools -> voidtools)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [396048 2023-08-21] (Underwriters Laboratories Inc. -> Futuremark)
R2 HidHideWatchdog.exe; C:\Program Files\Nefarius Software Solutions\HidHide\x64\HidHideWatchdog.exe [1258920 2023-10-31] (Nefarius Software Solutions e.U. -> Nefarius Software Solutions e.U.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9410296 2024-01-25] (Malwarebytes Inc. -> Malwarebytes)
R3 nordsec-threatprotection-service; C:\Program Files\NordVPN\NordSec ThreatProtection\nordsec-threatprotection-service.exe [320088 2023-09-25] (nordvpn s.a. -> nordvpn S.A.)
R2 NordUpdaterService; C:\Program Files\NordUpdater\NordUpdateService.exe [297848 2023-08-09] (nordvpn s.a. -> nordvpn S.A.)
R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [263256 2023-09-25] (nordvpn s.a. -> nordvpn S.A.)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_3fef55dfb47c8c9c\Display.NvContainer\NVDisplay.Container.exe [1274992 2024-02-17] (NVIDIA Corporation -> NVIDIA Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2641928 2024-01-07] (Overwolf Ltd -> Overwolf LTD)
R2 Parsec; C:\Program Files\Parsec\pservice.exe [418696 2023-12-02] (Parsec Cloud, Inc. -> Parsec)
S2 PortmasterCore; C:\ProgramData\Safing\Portmaster\portmaster-start.exe [14014488 2024-01-18] (Safing ICS Technologies GmbH -> )
S3 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [15246256 2024-02-19] (ADLICE -> )
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2782080 2021-11-16] (Safer-Networking Limited -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4605312 2021-11-16] (Safer-Networking Limited -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [940976 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [534472 2023-12-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [21242680 2024-02-19] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2211.5-0\NisSrv.exe [3191264 2022-12-05] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2211.5-0\MsMpEng.exe [133592 2022-12-05] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 BraveElevationService; "C:\Program Files\BraveSoftware\Brave-Browser\Application\122.1.63.165\elevation_service.exe" [X]
S3 Browser; %SystemRoot%\System32\browser.dll [X]
R2 ZoomCptService; "C:\Program Files\Common Files\Zoom\Support\CptService.exe" -user_path "C:\Users\Ori\AppData\Roaming\Zoom"

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdgpio3; C:\WINDOWS\System32\drivers\amdgpio3.sys [36928 2022-09-16] (ASMedia Technology Inc. -> Advanced Micro Devices, Inc)
R2 AMDRyzenMasterDriver; E:\AI Suite III\DIP4\AMDRyzenMasterDriver\bin\AMDRyzenMasterDriver.sys [70304 2019-04-28] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R3 AmdSMBusSdk; C:\WINDOWS\System32\drivers\amdembsmbus.sys [50264 2022-10-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R3 amdWDT; C:\WINDOWS\System32\drivers\amdwdt.sys [52304 2022-09-15] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2019-05-13] (ASUSTeK Computer Inc. -> )
R1 Asusgio2; C:\WINDOWS\system32\drivers\AsIO2.sys [33832 2019-04-09] (ASUSTeK Computer Inc. -> )
S3 bomebus; C:\WINDOWS\System32\drivers\bomebus.sys [56376 2018-05-16] (Bome Software GmbH & Co.KG -> Bome Software GmbH & Co. KG)
S3 BrSerIb; C:\WINDOWS\System32\drivers\BrSerIb.sys [87552 2010-05-31] (Microsoft Windows Hardware Compatibility Publisher -> Brother Industries Ltd.)
S3 BrUsbSIb; C:\WINDOWS\System32\drivers\BrUsbSIb.sys [14592 2010-05-31] (Microsoft Windows Hardware Compatibility Publisher -> Brother Industries Ltd.)
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [75560 2019-01-15] (Broadcom Corporation -> Broadcom Corporation.)
S3 dc3d; C:\WINDOWS\System32\drivers\dc3d.sys [47616 2011-05-18] (Hardware Group Test Cert -> Microsoft Corporation)
R0 DLMFENC; C:\WINDOWS\System32\DRIVERS\DLMFENC.sys [242168 2022-09-21] (ESET, spol. s r.o. -> ESET, spol. s r.o.)
R0 DLPCRYPT; C:\WINDOWS\System32\DRIVERS\dlpcrypt.sys [121728 2022-08-24] (DESlock Limited -> DESlock Ltd.)
R0 dlpvdisk; C:\WINDOWS\System32\DRIVERS\dlpvdisk.sys [98296 2022-08-24] (DESlock Limited -> DESlock Ltd.)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2021-07-09] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [63696 2021-12-02] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [215616 2023-12-08] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [120032 2023-12-08] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [16336 2022-11-09] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [254344 2023-12-08] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\WINDOWS\System32\drivers\ekbdflt.sys [55528 2023-12-08] (ESET, spol. s r.o. -> ESET)
S3 enecir; C:\WINDOWS\System32\drivers\enecir.sys [68608 2008-11-20] (Microsoft Windows Hardware Compatibility Publisher -> ENE TECHNOLOGY INC.)
S3 enecirhid; C:\WINDOWS\System32\drivers\enecirhid.sys [14336 2008-04-29] (Microsoft Windows Hardware Compatibility Publisher -> ENE TECHNOLOGY INC.)
S3 enecirhidma; C:\WINDOWS\System32\drivers\enecirhidma.sys [6656 2008-04-25] (Microsoft Windows Hardware Compatibility Publisher -> ENE TECHNOLOGY INC.)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [81824 2023-12-08] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [124168 2023-12-08] (ESET, spol. s r.o. -> ESET)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2023-08-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 HidHide; C:\WINDOWS\System32\drivers\HidHide.sys [59088 2023-10-31] (Microsoft Windows Hardware Compatibility Publisher -> Nefarius Software Solutions e.U.)
R2 inpoutx64; C:\WINDOWS\System32\Drivers\inpoutx64.sys [15008 2023-09-05] (Red Fox UK Limited -> Highresolution Enterprises [www.highrez.co.uk])
R4 IOMap; C:\WINDOWS\system32\drivers\IOMap64.sys [34064 2019-03-21] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223296 2024-02-28] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2023-08-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [200104 2024-02-28] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [78400 2024-02-28] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-02-28] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [188784 2024-02-28] (Malwarebytes Inc. -> Malwarebytes)
R3 mshield; C:\WINDOWS\System32\DRIVERS\mshield.sys [43112 2024-01-10] (nordvpn s.a. -> Nordvpn S.A.)
R2 NDivert; C:\Program Files\NordVPN\7.18.6.0\Drivers\NDivert.sys [131472 2023-08-04] (nordvpn s.a. -> Nordvpn S.A.)
R4 NordDivert10; C:\Program Files\NordVPN\NordSec ThreatProtection\1.4.18.7\NordDivert1064.sys [101240 2024-01-10] (nordvpn s.a. -> NordVPN/Basil)
R1 nordlwf; C:\WINDOWS\system32\DRIVERS\nordlwf.sys [44928 2023-01-17] (nordvpn s.a. -> TEFINCOM S.A.)
R3 parsecvusba; C:\WINDOWS\System32\drivers\parsecvusba.sys [256560 2023-04-05] (Microsoft Windows Hardware Compatibility Publisher -> Parsec)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [37336 2021-03-09] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2019-11-08] (MiniTool Solution Ltd -> )
R3 R0FanControl; E:\Fan Control\FanControl.sys [14544 2024-02-28] (Noriyuki MIYAZAKI -> OpenLibSys.org)
R3 RTCore64; E:\Program Files (x86)\MSI Afterburner\RTCore64.sys [36824 2020-07-13] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
R3 RTCoreMini64; E:\Program Files (x86)\RivaTuner Statistics Server\PlugIns\Client\RTCoreMini64.sys [37240 2022-02-28] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
S3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
S0 Spybot3ELAM; C:\WINDOWS\System32\drivers\Spybot3ELAM.sys [19904 2019-06-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Windows ® Win 7 DDK provider)
R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2017-07-28] (Valve Corp. -> )
R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2017-07-21] (Valve Corp. -> )
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2020-06-09] (TEFINCOM S.A. -> The OpenVPN Project)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [54208 2024-02-28] (ADLICE (Julien Ascoet) -> )
R3 VBAudio100VMVAIO3MME; C:\WINDOWS\System32\drivers\vbaudio_vmvaio364_win10.sys [71712 2020-01-13] (Vincent Burel -> Windows ® Win 7 DDK provider)
R3 VBAudio101WDMCableCMME; C:\WINDOWS\System32\drivers\vbaudio_cablec64_win10.sys [69832 2020-01-17] (Vincent Burel -> Windows ® Win 7 DDK provider)
R3 VBAudio102WDMCableDMME; C:\WINDOWS\System32\drivers\vbaudio_cabled64_win10.sys [69616 2020-01-17] (Vincent Burel -> Windows ® Win 7 DDK provider)
R3 VBAudioVACAMME; C:\WINDOWS\System32\drivers\vbaudio_cablea64_win7.sys [41144 2015-10-19] (Vincent Burel -> Windows ® Win 7 DDK provider)
R3 VBAudioVACBMME; C:\WINDOWS\System32\drivers\vbaudio_cableb64_win7.sys [41144 2015-10-19] (Vincent Burel -> Windows ® Win 7 DDK provider)
R3 VBAudioVMAUXVAIOMME; C:\WINDOWS\System32\drivers\vbaudio_vmauxvaio64_win10.sys [71920 2019-04-05] (Vincent Burel -> Windows ® Win 7 DDK provider)
R3 VBAudioVMVAIOMME; C:\WINDOWS\System32\drivers\vbaudio_vmvaio64_win10.sys [71712 2019-04-05] (Vincent Burel -> Windows ® Win 7 DDK provider)
R0 VDLPToken2; C:\WINDOWS\System32\DRIVERS\vdlptkn2.sys [135672 2022-08-24] (DESlock Limited -> DESlock Ltd.)
R1 ViGEmBus; C:\WINDOWS\System32\drivers\ViGEmBus.sys [249400 2022-08-29] (Microsoft Windows Hardware Compatibility Publisher -> Nefarius Software Solutions e.U.)
S3 vmulti; C:\WINDOWS\System32\drivers\vmulti.sys [10752 2018-12-11] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
U5 vsock; C:\Windows\System32\Drivers\vsock.sys [105912 2020-08-11] (VMware, Inc. -> VMware, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49568 2022-12-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [473376 2022-12-05] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99616 2022-12-05] (Microsoft Windows -> Microsoft Corporation)
R3 WireGuard; C:\WINDOWS\System32\drivers\wireguard.sys [489368 2023-02-23] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation -> Microsoft Corporation)
S3 cpuz155; \??\C:\WINDOWS\temp\cpuz155\cpuz155_x64.sys [X] <==== ATTENTION
U4 DcpSvc; no ImagePath
U4 HomeGroupListener; no ImagePath
U4 HomeGroupProvider; no ImagePath
U4 NvTelemetryContainer; no ImagePath
U4 xbgm; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-02-28 21:20 - 2024-02-28 21:22 - 000051558 _____ C:\Users\Ori\Downloads\FRST.txt
2024-02-28 21:19 - 2024-02-28 21:19 - 002386944 _____ (Farbar) C:\Users\Ori\Downloads\FRST64.exe
2024-02-28 20:50 - 2024-02-28 20:50 - 000000000 ____D C:\Users\Ori\AppData\LocalLow\IGDump
2024-02-28 20:43 - 2024-02-28 20:43 - 000000000 ____D C:\Users\Ori\AppData\Local\Package Cache
2024-02-28 20:33 - 2024-02-28 20:33 - 000188784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2024-02-28 20:33 - 2024-02-28 20:33 - 000002099 _____ C:\Users\Ori\Desktop\Customize Fences.lnk
2024-02-28 20:31 - 2024-02-28 20:31 - 000095744 _____ C:\WINDOWS\womtrust.dll
2024-02-28 20:28 - 2024-02-28 20:28 - 000004614 _____ C:\WINDOWS\system32\Tasks\StardockFencesHotkeySupport
2024-02-28 20:28 - 2024-02-28 20:28 - 000003814 _____ C:\WINDOWS\system32\Tasks\StardockFencesStartup
2024-02-28 20:28 - 2024-02-28 20:28 - 000000000 ____D C:\Users\Ori\AppData\Local\Stardock
2024-02-28 20:28 - 2024-02-28 20:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
2024-02-28 20:28 - 2024-02-28 20:28 - 000000000 ____D C:\Program Files (x86)\Stardock
2024-02-28 20:20 - 2024-02-28 20:20 - 000000000 ____D C:\Users\Ori\Desktop\Stardock Fences Backup
2024-02-28 19:49 - 2024-02-28 19:59 - 000054208 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2024-02-28 19:41 - 2024-02-28 19:46 - 000000000 ____D C:\ProgramData\HitmanPro
2024-02-28 19:41 - 2024-02-28 19:43 - 014287912 _____ (Sophos B.V.) C:\Users\Ori\Downloads\HitmanPro_x64.exe
2024-02-28 19:35 - 2024-02-28 20:37 - 000448512 _____ (OldTimer Tools) C:\Users\Ori\Downloads\TFC.exe
2024-02-28 19:31 - 2024-02-28 19:31 - 000000918 _____ C:\Users\Public\Desktop\OBS Studio.lnk
2024-02-28 19:30 - 2024-02-28 19:30 - 000000000 ____D C:\Program Files\Winaero Tweaker
2024-02-28 19:28 - 2024-02-28 19:28 - 000000755 _____ C:\Users\Public\Desktop\Everything.lnk
2024-02-28 19:27 - 2024-02-28 20:37 - 024295368 _____ (Adlice Software ) C:\Users\Ori\Downloads\UCheck_setup.exe
2024-02-28 19:27 - 2024-02-28 20:34 - 000000000 ____D C:\ProgramData\UCheck
2024-02-28 19:27 - 2024-02-28 19:27 - 000000837 _____ C:\Users\Public\Desktop\UCheck.lnk
2024-02-28 19:27 - 2024-02-28 19:27 - 000000260 _____ C:\WINDOWS\Tasks\UCheck.job
2024-02-28 19:27 - 2024-02-28 19:27 - 000000000 ____D C:\Program Files\UCheck
2024-02-28 19:10 - 2024-02-28 20:37 - 048358936 _____ (Adlice Software ) C:\Users\Ori\Downloads\RogueKiller_setup.exe
2024-02-28 19:10 - 2024-02-28 19:36 - 000000000 ____D C:\ProgramData\RogueKiller
2024-02-28 19:10 - 2024-02-28 19:10 - 000000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2024-02-28 19:10 - 2024-02-28 19:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2024-02-28 19:10 - 2024-02-28 19:10 - 000000000 ____D C:\Program Files\RogueKiller
2024-02-27 20:48 - 2024-02-27 20:48 - 000170807 _____ C:\Users\Ori\Downloads\MayThePerformanceBeWithYou-StandardPackage-7-2-5-2-1685368525.zip
2024-02-27 20:47 - 2024-02-27 20:47 - 004764289 _____ C:\Users\Ori\Downloads\MayThePerfromanceBeWithYou-Configurator-7-3-3-2-0-1698375977.zip
2024-02-27 19:45 - 2024-02-27 19:45 - 000006349 _____ C:\Users\Ori\Downloads\MTPBWY-PacificDrive-4-1-0-0-0-1708645328.zip
2024-02-27 19:43 - 2024-02-27 19:43 - 000001153 _____ C:\Users\Ori\Downloads\PDNo-SplashFix-3-0-1-1708629066.zip
2024-02-27 19:39 - 2024-02-27 19:39 - 000004595 _____ C:\Users\Ori\Downloads\PDNo-IntroFix-2-0-1-1708628826.zip
2024-02-27 19:39 - 2024-02-27 19:39 - 000000000 ____D C:\Users\Ori\Downloads\Pacific Drive
2024-02-25 14:53 - 2024-02-25 14:53 - 000019697 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-02-25 14:52 - 2024-02-25 14:52 - 000019697 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-02-25 14:40 - 2024-02-25 14:40 - 000000000 ___HD C:\$WinREAgent
2024-02-25 07:55 - 2024-02-25 07:55 - 000000000 ____D C:\Users\Ori\AppData\Local\NVIDIA
2024-02-24 15:47 - 2024-02-28 20:38 - 000000000 ____D C:\Users\Ori\AppData\Local\D3DSCache
2024-02-24 15:32 - 2024-02-24 15:32 - 000000000 ____D C:\Users\Ori\AppData\LocalLow\NVIDIA
2024-02-24 15:22 - 2024-02-28 20:32 - 000000000 ____D C:\ProgramData\NVIDIA
2024-02-24 15:12 - 2024-02-24 15:12 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2024-02-24 15:11 - 2024-02-15 11:42 - 000121880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2024-02-23 21:44 - 2024-02-26 18:23 - 000000000 ____D C:\Users\Ori\AppData\Local\PenDriverPro
2024-02-23 21:42 - 2024-02-23 21:42 - 000000726 _____ C:\Users\Ori\Desktop\Pacific Drive.lnk
2024-02-23 21:42 - 2024-02-23 21:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by Decepticon
2024-02-22 17:26 - 2024-02-17 03:07 - 002031464 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2024-02-22 17:26 - 2024-02-17 03:07 - 002031464 _____ C:\WINDOWS\system32\vulkaninfo.exe
2024-02-22 17:26 - 2024-02-17 03:07 - 001578856 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2024-02-22 17:26 - 2024-02-17 03:07 - 001578856 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2024-02-22 17:26 - 2024-02-17 03:07 - 001488008 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2024-02-22 17:26 - 2024-02-17 03:07 - 001445224 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2024-02-22 17:26 - 2024-02-17 03:07 - 001445224 _____ C:\WINDOWS\system32\vulkan-1.dll
2024-02-22 17:26 - 2024-02-17 03:07 - 001295208 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2024-02-22 17:26 - 2024-02-17 03:07 - 001295208 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2024-02-22 17:26 - 2024-02-17 03:07 - 001227400 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2024-02-22 17:26 - 2024-02-17 03:04 - 001046152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2024-02-22 17:26 - 2024-02-17 03:04 - 000669816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvofapi64.dll
2024-02-22 17:26 - 2024-02-17 03:04 - 000505456 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvofapi.dll
2024-02-22 17:26 - 2024-02-17 03:03 - 002173552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2024-02-22 17:26 - 2024-02-17 03:03 - 001541640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2024-02-22 17:26 - 2024-02-17 03:03 - 001199112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2024-02-22 17:26 - 2024-02-17 03:03 - 000842272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2024-02-22 17:26 - 2024-02-17 03:02 - 001625200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2024-02-22 17:26 - 2024-02-17 03:02 - 001024136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2024-02-22 17:26 - 2024-02-17 03:02 - 000787064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2024-02-22 17:26 - 2024-02-17 03:02 - 000459384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2024-02-22 17:25 - 2024-02-17 03:02 - 012928136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2024-02-22 17:25 - 2024-02-17 03:01 - 016033824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2024-02-22 17:25 - 2024-02-17 03:01 - 006780424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2024-02-22 17:25 - 2024-02-17 03:01 - 005912608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2024-02-22 17:25 - 2024-02-17 03:01 - 005773344 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcudadebugger.dll
2024-02-22 17:25 - 2024-02-17 03:01 - 003721864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2024-02-22 17:25 - 2024-02-17 03:01 - 000853000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2024-02-22 17:25 - 2024-02-17 02:59 - 006943328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2024-02-22 17:25 - 2024-02-17 02:59 - 006030464 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2024-02-22 17:25 - 2024-02-15 11:42 - 000119184 _____ C:\WINDOWS\system32\nvinfo.pb
2024-02-22 05:08 - 2024-02-22 05:08 - 019094270 _____ C:\Users\Ori\Documents\Minecraft_1210166312160985088.mp4
2024-02-20 20:05 - 2024-02-20 20:05 - 000000828 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_77
2024-02-20 20:05 - 2024-02-20 19:42 - 003694941 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_600
2024-02-20 19:48 - 2024-02-28 19:59 - 001508892 _____ C:\WINDOWS\ntbtlog.txt
2024-02-20 19:32 - 2024-02-20 20:09 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-02-19 23:38 - 2024-02-20 21:01 - 000000000 ____D C:\Users\Ori\AppData\Local\MinecraftInstaller
2024-02-12 02:32 - 2024-02-12 02:32 - 000000000 ____D C:\Users\Ori\Downloads\Telegram Desktop
2024-02-07 23:38 - 2024-02-07 23:38 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
2024-02-06 22:10 - 2024-02-06 22:10 - 000765720 _____ (Python Software Foundation) C:\WINDOWS\py.exe
2024-02-06 22:10 - 2024-02-06 22:10 - 000764184 _____ (Python Software Foundation) C:\WINDOWS\pyw.exe
2024-02-06 22:10 - 2024-02-06 22:10 - 000050968 _____ (Python Software Foundation) C:\WINDOWS\pyshellext.amd64.dll
2024-02-04 03:10 - 2024-02-04 03:10 - 000000453 _____ C:\Users\Ori\.gitconfig
2024-02-04 02:48 - 2024-02-25 11:50 - 000002357 _____ C:\Users\Ori\Desktop\GitHub Desktop.lnk
2024-02-04 02:47 - 2024-02-25 11:50 - 000000000 ____D C:\Users\Ori\AppData\Local\GitHubDesktop
2024-02-04 01:58 - 2024-02-04 01:58 - 000000000 ____D C:\Users\Ori\AppData\Local\bg3-modders-multitool
2024-02-03 22:58 - 2024-02-03 22:58 - 000000000 ____D C:\Users\Ori\Documents\CD Projekt Red
2024-02-03 00:08 - 2024-02-03 00:08 - 000000829 _____ C:\Users\Public\Desktop\Cyberpunk 2077.lnk
2024-02-03 00:08 - 2024-02-03 00:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cyberpunk 2077 [GOG.com]
2024-02-01 22:09 - 2024-02-01 22:09 - 000000000 ____D C:\Users\Ori\AppData\Local\Pal
2024-02-01 20:23 - 2024-02-01 20:23 - 000002161 _____ C:\Users\Ori\Desktop\WeMod.lnk
2024-02-01 20:22 - 2024-02-01 20:24 - 000000000 ____D C:\Users\Ori\AppData\Local\WeMod
2024-02-01 15:27 - 2024-01-10 10:37 - 000043112 _____ (Nordvpn S.A.) C:\WINDOWS\system32\Drivers\mshield.sys
2024-01-31 23:01 - 2024-01-31 23:01 - 000000000 ____D C:\Users\Ori\AppData\Local\vortex-updater
2024-01-31 02:39 - 2024-01-31 02:39 - 000000000 ____D C:\WINDOWS\Panther
2024-01-31 01:32 - 2024-01-31 01:32 - 000000000 ____D C:\Users\Ori\Desktop\WUMT
2024-01-31 01:06 - 2024-01-31 01:06 - 000003124 _____ C:\WINDOWS\system32\Tasks\WuMgrNoUAC

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-02-28 21:22 - 2023-07-25 20:20 - 000000000 ____D C:\FRST
2024-02-28 21:13 - 2023-08-15 19:21 - 000000000 ____D C:\Users\Ori\AppData\Local\Malwarebytes
2024-02-28 20:55 - 2022-12-05 03:00 - 000000000 ____D C:\WINDOWS\INF
2024-02-28 20:55 - 2022-12-05 00:35 - 000000000 ____D C:\Program Files\TeamViewer
2024-02-28 20:53 - 2023-12-06 21:10 - 000000000 ____D C:\ProgramData\ASUS
2024-02-28 20:52 - 2023-12-01 22:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordSec
2024-02-28 20:52 - 2023-12-01 22:33 - 000000000 ____D C:\Program Files\NordVPN
2024-02-28 20:50 - 2023-12-06 21:21 - 000020528 _____ C:\WINDOWS\PE_Rom.dll
2024-02-28 20:50 - 2023-10-26 00:34 - 000000000 ____D C:\Users\Ori\AppData\Local\FlowLauncher
2024-02-28 20:50 - 2022-11-03 16:32 - 000000000 ____D C:\Users\Ori\AppData\Roaming\Microsoft\Teams
2024-02-28 20:49 - 2023-12-01 17:23 - 000000000 ___SD C:\Users\Ori\AppData\Roaming\Microsoft\Credentials
2024-02-28 20:48 - 2023-10-21 03:02 - 000000000 ____D C:\Users\Ori\Documents\Obsidian Vault
2024-02-28 20:47 - 2022-10-10 13:52 - 000000743 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EMEETLINK.lnk
2024-02-28 20:44 - 2022-12-28 08:14 - 000000000 ____D C:\Program Files\Unity Hub
2024-02-28 20:43 - 2022-12-05 00:34 - 000000000 ____D C:\ProgramData\Package Cache
2024-02-28 20:37 - 2022-12-05 00:22 - 000826100 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-02-28 20:34 - 2023-03-29 18:42 - 000000000 ____D C:\Users\Ori\AppData\Local\Discord
2024-02-28 20:33 - 2022-12-05 03:01 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-02-28 20:32 - 2022-12-31 18:35 - 000003122 _____ C:\WINDOWS\system32\Tasks\MSIAfterburner
2024-02-28 20:32 - 2022-12-05 17:16 - 000000000 ____D C:\Users\Ori\Desktop\ISLC v1.0.2.9
2024-02-28 20:32 - 2022-12-05 11:02 - 000000000 ____D C:\Users\Ori\AppData\Local\Everything
2024-02-28 20:32 - 2022-12-05 03:01 - 000000000 ____D C:\WINDOWS\ServiceState
2024-02-28 20:32 - 2022-12-05 02:56 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2024-02-28 20:32 - 2022-12-05 00:34 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2024-02-28 20:32 - 2022-12-05 00:11 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-02-28 20:31 - 2022-12-05 15:22 - 000081408 _____ C:\WINDOWS\wontrust.dll
2024-02-28 20:28 - 2022-12-05 10:38 - 000000000 ____D C:\ProgramData\Stardock
2024-02-28 20:17 - 2023-01-18 00:53 - 322443264 _____ C:\Users\Ori\AppData\Local\SageThumbs.db3
2024-02-28 20:12 - 2023-08-15 19:21 - 000239576 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2024-02-28 20:12 - 2022-12-05 03:01 - 000000000 ____D C:\WINDOWS\CSC
2024-02-28 20:12 - 2022-12-05 00:32 - 000000000 ____D C:\Program Files (x86)\Notepad++
2024-02-28 20:12 - 2022-12-05 00:10 - 000260520 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-02-28 19:35 - 2021-07-14 13:02 - 000000000 ____D C:\Users\Ori\.dbus-keyrings
2024-02-28 19:30 - 2023-11-17 16:10 - 000000000 ____D C:\Program Files\Git
2024-02-28 19:30 - 2023-11-10 17:47 - 000000932 _____ C:\Users\Public\Desktop\Winaero Tweaker.lnk
2024-02-28 19:30 - 2023-11-10 17:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winaero Tweaker
2024-02-28 19:30 - 2022-12-05 00:33 - 000001917 _____ C:\Users\Public\Desktop\Zoom.lnk
2024-02-28 19:30 - 2022-12-05 00:33 - 000000000 ____D C:\Program Files\Zoom
2024-02-28 19:30 - 2022-12-05 00:32 - 000000000 ____D C:\Program Files\WinRAR
2024-02-28 19:30 - 2022-12-05 00:13 - 000000000 ____D C:\Users\OVRLibraryService.NT SERVICE
2024-02-28 19:30 - 2018-07-23 01:25 - 000001100 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2024-02-28 19:30 - 2018-01-13 14:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2024-02-28 19:28 - 2023-08-29 01:42 - 000001312 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey Window Spy.lnk
2024-02-28 19:28 - 2023-08-29 01:42 - 000001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey Dash.lnk
2024-02-28 19:28 - 2022-10-13 12:24 - 000000755 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Everything.lnk
2024-02-28 19:27 - 2022-01-01 17:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UCheck
2024-02-28 19:24 - 2023-12-01 17:59 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2024-02-28 19:03 - 2022-12-22 03:26 - 000826100 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2024-02-28 18:46 - 2022-12-05 03:01 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2024-02-28 18:46 - 2022-12-05 00:13 - 000000000 ____D C:\Users\Ori
2024-02-28 18:30 - 2022-12-05 00:10 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-02-28 17:50 - 2022-08-01 17:09 - 000002364 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2024-02-25 15:05 - 2022-12-05 03:01 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-02-25 15:03 - 2022-12-05 03:01 - 000000000 ___SD C:\WINDOWS\system32\AppV
2024-02-25 15:03 - 2022-12-05 03:01 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-02-25 15:03 - 2022-12-05 03:01 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-02-25 15:03 - 2022-12-05 03:01 - 000000000 ____D C:\WINDOWS\SystemResources
2024-02-25 15:03 - 2022-12-05 03:01 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-02-25 15:03 - 2022-12-05 03:01 - 000000000 ____D C:\WINDOWS\system32\setup
2024-02-25 15:03 - 2022-12-05 03:01 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-02-25 15:03 - 2022-12-05 03:01 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-02-25 15:03 - 2022-12-05 03:01 - 000000000 ____D C:\WINDOWS\system32\migwiz
2024-02-25 15:03 - 2022-12-05 03:01 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-02-25 15:02 - 2022-12-05 03:01 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-02-25 15:02 - 2022-12-05 03:01 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-02-25 15:02 - 2022-12-05 03:01 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-02-25 15:01 - 2022-12-05 02:57 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-02-25 15:00 - 2022-12-05 16:21 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-02-25 14:56 - 2022-12-05 16:21 - 191155960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-02-25 14:52 - 2022-12-05 00:13 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-02-25 13:34 - 2022-12-13 04:03 - 000000000 ____D C:\Users\Ori\AppData\Local\CrashDumps
2024-02-25 11:50 - 2022-12-24 18:40 - 000000000 ____D C:\Users\Ori\AppData\Local\SquirrelTemp
2024-02-24 21:34 - 2023-08-16 17:23 - 000000784 _____ C:\Users\Ori\Desktop\WhatInStartup.cfg
2024-02-24 18:30 - 2022-12-05 17:14 - 000000000 ____D C:\Users\Ori\Desktop\Lock Volumes
2024-02-24 16:30 - 2022-12-05 15:28 - 000000000 ____D C:\Users\Ori\AppData\Local\Overwolf
2024-02-24 16:30 - 2021-11-10 10:32 - 000002313 _____ C:\Users\Ori\Desktop\CurseForge.lnk
2024-02-24 15:33 - 2022-12-05 00:28 - 000000000 ____D C:\Users\Ori\AppData\Local\Packages
2024-02-24 15:32 - 2023-11-14 19:14 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2024-02-24 15:12 - 2022-12-05 03:01 - 000000000 ___HD C:\Program Files\WindowsApps
2024-02-23 21:43 - 2022-12-05 16:41 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2024-02-21 19:02 - 2022-12-05 19:01 - 000002217 _____ C:\Users\Ori\Desktop\Discord.lnk
2024-02-20 22:11 - 2022-12-05 03:01 - 000000000 ___RD C:\WINDOWS\PrintDialog
2024-02-20 21:30 - 2020-07-28 02:05 - 000000000 ____D C:\Users\Ori\AppData\Roaming\Microsoft\MMC
2024-02-20 21:00 - 2022-10-13 15:47 - 000000000 ____D C:\XboxGames
2024-02-20 20:57 - 2022-12-05 00:28 - 000000000 ____D C:\ProgramData\Packages
2024-02-20 20:54 - 2022-12-05 10:33 - 000000000 ____D C:\Users\Ori\AppData\Local\PlaceholderTileLogoFolder
2024-02-20 20:09 - 2022-12-05 00:32 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-02-20 19:54 - 2022-12-05 00:32 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2024-02-20 19:54 - 2018-03-07 18:08 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-02-19 23:44 - 2022-12-05 00:28 - 000000000 ____D C:\Users\Ori\AppData\Local\ConnectedDevicesPlatform
2024-02-19 23:15 - 2022-12-05 15:30 - 000000000 ____D C:\Program Files (x86)\Overwolf
2024-02-15 18:34 - 2023-12-01 22:35 - 000000000 ____D C:\Users\Ori\AppData\Local\NordVPN
2024-02-06 21:11 - 2023-01-01 22:13 - 000000000 ____D C:\SteamLibrary
2024-02-05 18:39 - 2024-01-16 00:09 - 000000502 _____ C:\Users\Ori\Documents\HUM_F-TIF_F.txt
2024-02-03 22:57 - 2023-12-24 21:40 - 000000000 ____D C:\Users\Ori\AppData\Local\CD Projekt Red
2024-02-02 11:08 - 2022-12-05 16:24 - 000000000 ____D C:\Users\Ori\AppData\Local\Steam
2024-02-01 22:51 - 2018-12-15 10:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2024-02-01 22:46 - 2022-08-23 17:43 - 000000000 ____D C:\Users\Ori\Documents\My Cheat Tables
2024-02-01 22:09 - 2022-12-23 18:58 - 000000000 ____D C:\Users\Ori\AppData\Local\UnrealEngine
2024-02-01 21:24 - 2022-07-31 13:06 - 000000000 ____D C:\Users\Ori\Downloads\Unsorted Videos
2024-01-31 02:55 - 2022-12-05 03:01 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2024-01-31 02:55 - 2022-12-05 03:01 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-01-31 01:45 - 2022-12-05 10:52 - 000000000 ____D C:\Users\Ori\AppData\Local\ElevatedDiagnostics
2024-01-30 23:46 - 2023-09-05 17:28 - 000000000 ____D C:\Users\Ori\Downloads\Unsorted Documents
2024-01-30 23:46 - 2022-07-31 13:05 - 000000000 ____D C:\Users\Ori\Downloads\Unsorted Images

==================== Files in the root of some directories ========

2022-06-12 17:04 - 2022-11-19 18:20 - 000012288 _____ () E:\Users\Ori\AppData\Roaming\emp.bin
2021-10-05 21:32 - 2023-07-17 11:22 - 000000015 _____ () E:\Users\Ori\AppData\Roaming\obs-virtualcam.txt
2020-07-08 16:50 - 2020-07-08 16:50 - 000001394 _____ () E:\Users\Ori\AppData\Roaming\SAS7_000.DAT
2021-11-06 15:30 - 2023-05-29 13:11 - 000006100 _____ () E:\Users\Ori\AppData\Roaming\VoiceMeeterDefault.xml
2021-06-30 11:34 - 2024-02-28 20:32 - 000070093 _____ () E:\Users\Ori\AppData\Roaming\VoiceMeeterPotatoDefault.xml
2023-08-12 02:02 - 2023-12-09 00:29 - 000001456 _____ () C:\Users\Ori\AppData\Local\Adobe Save for Web 13.0 Prefs
2023-08-04 18:11 - 2023-09-02 20:23 - 001065984 _____ () C:\Users\Ori\AppData\Local\file__0.localstorage
2023-11-30 21:56 - 2023-11-30 21:56 - 000000218 _____ () C:\Users\Ori\AppData\Local\recently-used.xbel
2023-10-22 19:23 - 2023-10-22 19:23 - 000007648 _____ () C:\Users\Ori\AppData\Local\Resmon.ResmonCfg
2023-01-18 00:53 - 2024-02-28 20:17 - 322443264 _____ () C:\Users\Ori\AppData\Local\SageThumbs.db3

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26.02.2024 01
Ran by Soggy (28-02-2024 21:24:54)
Running from E:\Downloads
Microsoft Windows 10 Pro Version 22H2 19045.4046 (X64) (2022-12-05 05:28:18)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2538788236-3835922159-488444903-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2538788236-3835922159-488444903-503 - Limited - Disabled)
Guest (S-1-5-21-2538788236-3835922159-488444903-501 - Limited - Disabled)
Soggy (S-1-5-21-2538788236-3835922159-488444903-1001 - Administrator - Enabled) => C:\Users\Ori
WDAGUtilityAccount (S-1-5-21-2538788236-3835922159-488444903-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Security (Enabled - Up to date) {DF8BEACB-94C9-218A-73AD-A78362A8C516}
AV: Spybot - Search and Destroy (Enabled - Up to date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Security (Enabled - Up to date) {26E0861C-6FB9-CEF9-E4F0-531986211ACE}
FW: ESET Firewall (Enabled) {E7B06BEE-DEA6-20D2-58F2-0EB69C7B826D}
FW: ESET Firewall (Enabled) {1EDB0739-25D6-CFA1-CFAF-FA2C78F25DB5}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

A1111 Web UI Autoinstaller (HKLM\...\{D1FDE7EA-EB57-44F3-8B37-5467330958F1}) (Version: 1.7.0 - Empire Media Science) Hidden
A1111 Web UI Autoinstaller (HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\A1111 Web UI Autoinstaller 1.7.0) (Version: 1.7.0 - Empire Media Science)
Achievement Watcher (HKLM\...\{2D4560A4-D5A2-4087-9717-E188CE329E97}}_is1) (Version: 1.6.8 - Anthony Beaumont)
Adobe Premiere Pro 2020 (HKLM-x32\...\PPRO_14_5) (Version: 14.5 - Adobe Inc.)
Adobe Substance 3D Painter (HKLM-x32\...\SBSTP_9_0_0) (Version: 9.0.0 - Adobe Inc.)
AI Suite 3 (HKLM-x32\...\{CD36E28B-6023-469A-91E7-049A2874EC13}) (Version: 3.00.52 - ASUSTeK Computer Inc.)
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 5.08.02.027 - Advanced Micro Devices, Inc.)
AMD Embedded SMBus Driver (HKLM-x32\...\{7777BD2B-3159-481F-B7BE-CDCA7437506E}) (Version: 1.0.0.27 - Advanced Micro Devices, Inc.) Hidden
AMD GPIO2 Driver (HKLM-x32\...\{E9DD399F-21A3-479E-A7DF-D6CF4B2ADBF3}) (Version: 2.2.0.130 - Advanced Micro Devices, Inc.) Hidden
AMD PCI Driver (HKLM-x32\...\{80EC3CEE-2940-42A1-A776-B5D810D39F1E}) (Version: 1.0.0.90 - Advanced Micro Devices, Inc.) Hidden
AMD PSP Driver (HKLM-x32\...\{988F14B8-79A8-475D-BAC7-83F96AD3D821}) (Version: 5.24.0.0 - Advanced Micro Devices, Inc.) Hidden
AMD Ryzen Balanced Driver (HKLM-x32\...\{A171D320-C42C-4F3B-A2D8-C6A09F6788CC}) (Version: 8.0.0.13 - Advanced Micro Devices, Inc.) Hidden
AMD SBxxx SMBus Driver (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.38 - Advanced Micro Devices, Inc.) Hidden
AMD WDT Driver (HKLM-x32\...\{829757CD-C7EC-470B-A384-5C81698CDB1D}) (Version: 1.0.0.34 - Advanced Micro Devices, Inc.) Hidden
AMD_Chipset_Drivers (HKLM-x32\...\{94dc9043-935f-4e10-ac8b-5ce0ac055188}) (Version: 5.08.02.027 - Advanced Micro Devices, Inc.) Hidden
AutoHotkey (HKLM\...\AutoHotkey) (Version: 2.0.11 - AutoHotkey Foundation LLC)
BG3EquipmentGenerator (HKLM\...\{D95EB4FE-627E-3BFF-A7A0-940063D79162}) (Version: 1.21 - Jovito)
BleachBit (HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\BleachBit) (Version: 4.6.0.2537 - BleachBit)
blender (HKLM\...\{5E05EA9B-D72D-441C-A8AA-B71339896BDF}) (Version: 3.6.5 - Blender Foundation)
blender (HKLM\...\{9E194C3F-90F5-4982-A09E-47E6C081D500}) (Version: 3.3.1 - Blender Foundation)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 122.1.63.165 - Brave Software Inc)
chaiNNer (HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\chaiNNer) (Version: 0.20.2 - chaiNNer-org)
Cheat Engine 7.5 (HKLM\...\Cheat Engine_is1) (Version: - Cheat Engine)
CurseForge (HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\Overwolf_cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj) (Version: 0.244.5.1 - Overwolf app)
Cyberpunk 2077 (HKLM-x32\...\1423049311_is1) (Version: 2.11 - GOG.com)
Cyberpunk 2077: Phantom Liberty (HKLM-x32\...\1256837418_is1) (Version: 2.11 - GOG.com)
DDS Viewer (HKLM-x32\...\{707333E0-C796-4E2D-B0DA-5A429706C361}_is1) (Version: - IdeaMK)
Defraggler (HKLM\...\Defraggler) (Version: 2.22 - Piriform)
Detroit: Become Human (HKLM-x32\...\Detroit: Become Human_is1) (Version: - )
Discord (HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\Discord) (Version: 1.0.9011 - Discord Inc.)
DREDGE (HKLM-x32\...\DREDGE_is1) (Version: - )
DriversCloud.com (HKLM\...\{7C5A59CD-BF23-4E8B-9DAE-28A0ED02AE61}) (Version: 11.2.8.0 - Cybelsoft)
Eclipse Temurin JDK with Hotspot 11.0.19+7 (x64) (HKLM\...\{9A277E09-3F69-4362-8074-A49E765350B0}) (Version: 11.0.19.7 - Eclipse Adoptium)
EMEETLINK (HKLM\...\{9CFC4B2F-77B7-4F45-86AE-EC95385728B9}_is1) (Version: 5.0.7 - EMEET)
Epic Games Launcher (HKLM-x32\...\{B85FAA6E-A9AA-4655-9029-E1A4EDC05E1A}) (Version: 1.3.93.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{57A956AB-4BCC-45C6-9B40-957E4E125568}) (Version: 2.0.44.0 - Epic Games, Inc.)
ESET Premium Line Encryption (HKLM\...\{764DBB66-954B-498B-A8F0-5674FF309BAC}) (Version: 2.0.0.29 - ESET) Hidden
ESET Security (HKLM\...\{AC01C534-2ECB-460E-9D4E-D4D158076F50}) (Version: 17.0.16.0 - ESET, spol. s r.o.)
Everything 1.4.1.1024 (x64) (HKLM\...\Everything) (Version: 1.4.1.1024 - voidtools)
f.lux (HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\Flux) (Version: 4.131 - f.lux Software LLC)
FakerInput (HKLM\...\{BF63C434-BF91-4666-B817-AD7B5C34AE91}) (Version: 0.1.0 - Ryochan7)
Flow Launcher (HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\FlowLauncher) (Version: 1.16.2 - Flow-Launcher Team)
Futuremark SystemInfo (HKLM-x32\...\{C58B5FE0-5954-443B-93F9-3EF2EFA5D0F3}) (Version: 5.65.1194.0 - Futuremark)
Git (HKLM\...\Git_is1) (Version: 2.44.0 - The Git Development Community)
GitHub Desktop (HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\GitHubDesktop) (Version: 3.3.9 - GitHub, Inc.)
HidHide (HKLM\...\{15E2EA53-BBD4-4A76-A600-9175E73573C3}) (Version: 1.4.181 - Nefarius Software Solutions e.U.)
HWiNFO64 Version 7.60 (HKLM\...\HWiNFO64_is1) (Version: 7.60 - Martin Malik, REALiX s.r.o.)
IconViewer (HKLM\...\{C6F34AE0-0576-11d4-82FE-4491FCC00000}) (Version: 3.2.147 - Bot Productions)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 28.0 - Intel)
Jagex Launcher (HKLM-x32\...\Jagex Launcher) (Version: 0.26.0.0 - Jagex Ltd)
Java™ SE Development Kit 19.0.1 (64-bit) (HKLM\...\{E4838A94-3448-5F9E-B1FE-696C1DC1F772}) (Version: 19.0.1.0 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Link Shell Extension (HKLM\...\HardlinkShellExt) (Version: 3.9.3.5 - Hermann Schinagl)
LOOT version 0.22.3 (HKLM\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.22.3 - LOOT Team)
Malwarebytes version 4.6.8.311 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.8.311 - Malwarebytes)
MCA Selector version 2.1 (HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\{C6145D1F-C820-492A-A649-F4D4C063EECB}_is1) (Version: 2.1 - Querz)
Microsoft .NET Host - 6.0.11 (x86) (HKLM-x32\...\{B87AB233-E9C5-4459-8E4A-952EACECCFC4}) (Version: 48.47.50420 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.12 (x64) (HKLM\...\{E215AA9E-5DF2-44BC-9D6F-E1A1B0C348FB}) (Version: 48.51.51943 - Microsoft Corporation) Hidden
Microsoft .NET Host - 7.0.10 (x64) (HKLM\...\{454BEFFD-28B3-47C0-A7AF-E965B685D2FF}) (Version: 56.43.64668 - Microsoft Corporation) Hidden
Microsoft .NET Host - 8.0.0 (x64) (HKLM\...\{D44822A8-FC28-42FC-8B1D-21A78579FC79}) (Version: 64.0.4211 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.11 (x86) (HKLM-x32\...\{4CA4F71B-58C3-42ED-83FA-AD7AC9E9C0CB}) (Version: 48.47.50420 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.12 (x64) (HKLM\...\{0712F23C-FBAC-436C-9DDB-125F32D15033}) (Version: 48.51.51943 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 7.0.10 (x64) (HKLM\...\{898266E3-A0E5-4BA3-AF3F-E3C5D626EABA}) (Version: 56.43.64668 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 8.0.0 (x64) (HKLM\...\{3A706840-2882-423C-90EB-B31545E2BC7A}) (Version: 64.0.4211 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.11 (x86) (HKLM-x32\...\{94EE74AD-4205-4038-8748-000D966FA407}) (Version: 48.47.50420 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.12 (x64) (HKLM\...\{1BF67DC1-8BB5-4AF5-BE20-3B53D9532D01}) (Version: 48.51.51943 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 7.0.10 (x64) (HKLM\...\{8AE22909-0EDC-41D3-A522-602CA7DC3621}) (Version: 56.43.64668 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 8.0.0 (x64) (HKLM\...\{76DEEAB3-122F-4231-83C7-0C35363D02F9}) (Version: 64.0.4211 - Microsoft Corporation) Hidden
Microsoft Teams classic (HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\Teams) (Version: 1.6.00.35961 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (HKLM-x32\...\{410c0ee1-00bb-41b6-9772-e12c2828b02f}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (HKLM-x32\...\{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (HKLM-x32\...\{73F77E4E-5A17-46E5-A5FC-8A061047725F}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.87.0 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 6.0.11 (x86) (HKLM-x32\...\{b9cfa33e-ace4-49f4-8bb4-82ded940990a}) (Version: 6.0.11.31823 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 6.0.11 (x86) (HKLM-x32\...\{E414058D-38CD-42D0-9050-C8C13E7EE911}) (Version: 48.47.50419 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.12 (x64) (HKLM\...\{3E726676-B5F4-48DA-B9F9-78A15B7F8A70}) (Version: 48.51.52100 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.12 (x64) (HKLM-x32\...\{24b99d74-a81e-4765-aefe-be853ac47482}) (Version: 6.0.12.31928 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 7.0.10 (x64) (HKLM\...\{86377F8B-E35E-4774-B156-35EA6776B231}) (Version: 56.43.64722 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 7.0.10 (x64) (HKLM-x32\...\{749f7aca-89a5-4659-92a5-0449fc5fdd78}) (Version: 7.0.10.32717 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 8.0.0 (x64) (HKLM\...\{113C0ADC-B9BD-4F95-9653-4F5BC540ED03}) (Version: 64.0.5329 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 8.0.0 (x64) (HKLM-x32\...\{17316079-d65a-4f25-a9f3-56c32781b15d}) (Version: 8.0.0.33101 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 123.0 (x64 en-US)) (Version: 123.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 107.0.1 - Mozilla)
MSI Afterburner 4.6.5 (HKLM-x32\...\Afterburner) (Version: 4.6.5 - MSI Co., LTD)
NBTExplorer (HKLM-x32\...\{DC1E9E1A-86BE-491B-8DF9-A86045902F48}) (Version: 2.8.0.0 - Justin Aquadro)
Node.js (HKLM\...\{7B9BAA62-C960-4309-A639-28FC9877FF68}) (Version: 18.12.1 - Node.js Foundation)
NordUpdater (HKLM\...\{6E35DB82-3D19-4DD6-B8CB-F082815FDE18}_is1) (Version: 1.4.0.132 - Nord Security)
NordVPN (HKLM\...\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 7.18.6.0 - Nord Security)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 8.6.4 - Notepad++ Team)
NVIDIA Graphics Driver 551.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 551.61 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.40.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.40.14 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 30.0.2 - OBS Project)
Obsidian (HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\bd400747-f0c1-5638-a859-982036102edf) (Version: 1.4.16 - Obsidian)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.241.0.10 - Overwolf Ltd.)
Pacific Drive (HKLM-x32\...\Pacific Drive_is1) (Version: v.1.1.2-CL26100.build.13537525 - Decepticon)
Parsec (HKLM-x32\...\Parsec) (Version: 150-90e - Parsec Cloud Inc.)
Portal Collection (HKLM-x32\...\Portal Collection_is1) (Version: - )
Portmaster (HKLM-x32\...\Portmaster) (Version: 1.0.13.0 - Safing ICS Technologies GmbH)
Promontory_GPIO Driver (HKLM-x32\...\{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}) (Version: 3.0.0.0 - Advanced Micro Devices, Inc.) Hidden
Pulover's Macro Creator version 5.4.1 (HKLM\...\{223FFB42-2D49-4AF6-9EF2-82B7D0CAF8B4}_is1) (Version: 5.4.1 - Cloversoft Serviços de Informática Ltda)
Python 3.12.2 (32-bit) (HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\{da6cf131-5bbc-425f-aab7-aee9c4cacd6b}) (Version: 3.12.2150.0 - Python Software Foundation)
Python 3.12.2 Core Interpreter (32-bit) (HKLM-x32\...\{50C35A81-0738-4427-B21E-195C0756BE8B}) (Version: 3.12.2150.0 - Python Software Foundation) Hidden
Python 3.12.2 Development Libraries (32-bit) (HKLM-x32\...\{4E0FDFF6-EEA2-45EA-BF02-9F6D9E1489A5}) (Version: 3.12.2150.0 - Python Software Foundation) Hidden
Python 3.12.2 Documentation (32-bit) (HKLM-x32\...\{C46BE079-DDD9-4166-B9F9-D608B36905AD}) (Version: 3.12.2150.0 - Python Software Foundation) Hidden
Python 3.12.2 Executables (32-bit) (HKLM-x32\...\{E766D132-2B0A-42F1-8A61-33120C2330CB}) (Version: 3.12.2150.0 - Python Software Foundation) Hidden
Python 3.12.2 pip Bootstrap (32-bit) (HKLM-x32\...\{736E821C-F936-4886-9FD3-136BEC4F734F}) (Version: 3.12.2150.0 - Python Software Foundation) Hidden
Python 3.12.2 Standard Library (32-bit) (HKLM-x32\...\{74016114-E80D-4E86-8D6C-60590F475CA4}) (Version: 3.12.2150.0 - Python Software Foundation) Hidden
Python 3.12.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{BFE40B91-84A0-47A5-8348-146A06865E07}) (Version: 3.12.2150.0 - Python Software Foundation) Hidden
Python 3.12.2 Test Suite (32-bit) (HKLM-x32\...\{2A9D4F0C-07B1-4EC6-B8C4-E75B77AFFA6B}) (Version: 3.12.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{3B36061E-A25F-4E12-BFD1-68E724723D48}) (Version: 3.12.2150.0 - Python Software Foundation)
qBittorrent (HKLM-x32\...\qBittorrent) (Version: 4.6.3 - The qBittorrent project)
Quick CPU x64 (HKLM\...\{B45D8310-39D6-4D85-85D2-ECC805E7EAFC}) (Version: 4.8.0.0 - CoderBag LLC)
r2modman 3.1.34 (HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\ac231ef6-6414-5f8d-b36f-3b57705721dd) (Version: 3.1.34 - ebkr)
RAD Video Tools (HKLM-x32\...\RADVideo) (Version: - RAD Game Tools, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.)
REDlauncher (HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\{7258BA11-600C-430E-A759-27E2C691A335}-REDlauncher_is1) (Version: - GOG.com)
RivaTuner Statistics Server 7.3.4 (HKLM-x32\...\RTSS) (Version: 7.3.4 - Unwinder)
RizomUV VS RS 2023.0 (HKLM\...\RizomUV VS RS 2023.0_is1) (Version: - Rizom Lab)
RogueKiller version 15.15.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.15.2.0 - Adlice Software)
RuneLite (HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\RuneLite Launcher_is1) (Version: 2.6.1 - RuneLite)
SageThumbs 2.0.0.23 (HKLM\...\SageThumbs) (Version: 2.0.0.23 - Cherubic Software)
ScreenToGif (HKLM\...\{F0102025-3865-4C1C-A721-0EC21F77C768}) (Version: 2.40.1 - Nicke Manarin)
SHIPWRECKED 64 (HKLM-x32\...\SHIPWRECKED 64_) (Version: - )
SmartRename (HKLM\...\{688CD75D-0CEE-4E10-8552-7AE64CA687C7}) (Version: 1.0.0 - Chris Davis)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Spotify (HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\Spotify) (Version: 1.2.22.982.g794acc0a - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.9.82.0 - Safer-Networking Ltd.)
Stardock Fences 4 (HKLM-x32\...\Stardock Fences 4) (Version: 4.2.1.2 - Stardock Software, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer (HKLM\...\TeamViewer) (Version: 15.51.5 - TeamViewer)
The Outer Worlds (HKLM-x32\...\The Outer Worlds_is1) (Version: - )
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.14.0 - Tweaking.com)
UCheck version 5.3.0.0 (HKLM\...\C4E7EE54-826F-41C4-BE3C-375CC70DC1D8_is1) (Version: 5.3.0.0 - Adlice Software)
Unity Hub 3.7.0 (HKLM\...\Unity Technologies - Hub) (Version: 3.7.0 - Unity Technologies Inc.)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation)
UVPackmaster Engine PRO 3.1.5 (HKLM\...\UVPackmasterEngine3-ptyu7hKPNn_is1) (Version: 3.1.5 - )
VB-CABLE C+D Package (HKLM-x32\...\VB:VBCABLE_CD {C76D3BC2-E852-4d06}) (Version: - VB-Audio Software)
VBCABLE-A, The Virtual Audio Cable (HKLM\...\VB:VBCABLEA {87459874-1236-4469}) (Version: - VB-Audio Software)
VBCABLE-B, The Virtual Audio Cable (HKLM\...\VB:VBCABLEB {87459874-1236-4469}) (Version: - VB-Audio Software)
ViGEm Bus Driver (HKLM\...\{966606F3-2745-49E9-BF15-5C3EAA4E9077}) (Version: 1.22.0 - Nefarius Software Solutions e.U.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.20 - VideoLAN)
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version: - VB-Audio Software)
Vortex (HKLM\...\57979c68-f490-55b8-8fed-8b017a5af2fe) (Version: 1.9.12 - Black Tree Gaming Ltd.)
WeMod (HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\WeMod) (Version: 8.3.18 - WeMod)
Winaero Tweaker (HKLM\...\Winaero Tweaker_is1) (Version: 1.62.1.0 - Winaero)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
Windows Driver Package - libusb-win32 castor_libusb0 (02/23/2013 1.2.6.0) (HKLM\...\F6D04937B64E27D6CBDC34FCF72C1F49FA8F01AA) (Version: 02/23/2013 1.2.6.0 - libusb-win32)
WinRAR 7.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 7.00.0 - win.rar GmbH)
Zoom (64-bit) (HKLM\...\{CEDE24AC-2B05-4B73-9604-93E8EF2398E9}) (Version: 5.17.33775 - Zoom)

Packages:
=========

Minecraft Launcher -> C:\Program Files\WindowsApps\Microsoft.4297127D64EC6_1.7.2.0_x64__8wekyb3d8bbwe [2024-02-20] (Microsoft Studios)
Minecraft: Java Edition -> C:\Program Files\WindowsApps\Microsoft.MinecraftJavaEdition_1.0.5.0_x64__8wekyb3d8bbwe [2024-02-20] (Microsoft Studios)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2024-02-24] (NVIDIA Corp.)
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2401.5.0_x64__cv1g1gvanyjgm [2024-02-20] (WhatsApp Inc.) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2538788236-3835922159-488444903-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Ori\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.23334.10\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2538788236-3835922159-488444903-1001_Classes\CLSID\{36371bdb-1326-996b-25a8-43529f1aab86}\localserver32 -> C:\Users\Ori\AppData\Local\FlowLauncher\app-1.16.2\Flow.Launcher.exe (Flow Launcher) [File not signed]
CustomCLSID: HKU\S-1-5-21-2538788236-3835922159-488444903-1001_Classes\CLSID\{3e1e30aa-b19b-6108-f918-93a999a08b5c}\localserver32 -> E:\Fan Control\FanControl.exe (Rémi Mercier) [File not signed]
CustomCLSID: HKU\S-1-5-21-2538788236-3835922159-488444903-1001_Classes\CLSID\{4e6f7264-5650-4e00-0000-000000000000}\localserver32 -> C:\Program Files\NordVPN\NordVPN.exe (nordvpn s.a. -> nordvpn S.A.)
CustomCLSID: HKU\S-1-5-21-2538788236-3835922159-488444903-1001_Classes\CLSID\{81ADB5B6-F9A4-4320-87B3-D9360F82EC50}\InprocServer32 -> E:\Program Files\Chris Davis\SmartRename\SmartRenameExt64.dll (Christopher Davis -> Chris Davis)
CustomCLSID: HKU\S-1-5-21-2538788236-3835922159-488444903-1001_Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}\InprocServer32 -> => No File
CustomCLSID: HKU\S-1-5-21-2538788236-3835922159-488444903-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\Ori\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2538788236-3835922159-488444903-1001_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> F:\Blender 3.6.5\BlendThumb.dll (Stichting Blender Foundation -> )
ShellIconOverlayIdentifiers: [ESD Shell Icon Overlay Identifier] -> {AF106685-9C86-48AF-8524-8F485C459E17} => C:\Program Files\ESET\ESET Secure Data\esdovrly.dll [2022-08-24] (DESlock Limited -> DESlock Limited)
ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => E:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2021-01-17] (schinagl.priv.at -> )
ShellIconOverlayIdentifiers: [IconOverlayJunction] -> {0A479751-02BC-11d3-A855-0004AC2568FF} => E:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2021-01-17] (schinagl.priv.at -> )
ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => E:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2021-01-17] (schinagl.priv.at -> )
ShellIconOverlayIdentifiers-x32: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => E:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2021-01-17] (schinagl.priv.at -> )
ShellIconOverlayIdentifiers-x32: [IconOverlayJunction] -> {0A479751-02BC-11d3-A855-0004AC2568FF} => E:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2021-01-17] (schinagl.priv.at -> )
ShellIconOverlayIdentifiers-x32: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => E:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2021-01-17] (schinagl.priv.at -> )
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\contextMenu\NppShell.dll [2024-02-19] (Notepad++ -> Bjarke I. Pedersen gurli@gurlinet.dk)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => F:\Program Files\Defraggler\DefragglerShell64.dll [2020-08-03] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2024-01-23] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [FencesShellExt] -> {1984DD45-52CF-49cd-AB77-18F378FEA264} => C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll [2023-07-12] (STARDOCK SYSTEMS, INC. -> Stardock)
ContextMenuHandlers1: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => E:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2021-01-17] (schinagl.priv.at -> )
ContextMenuHandlers1: [SageThumbs] -> {4A34B3E3-F50E-4FF6-8979-7E4176466FF2} => E:\Program Files (x86)\SageThumbs\64\SageThumbs.dll [2017-05-09] (CherubicSoft) [File not signed]
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers1: [WinCDEmu] -> {D0E37FD2-F675-426F-B09A-2CF37BA46FD5} => E:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2024-02-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2024-02-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2024-01-23] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers2: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers2: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers2: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => E:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-08-15] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers3: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4: [FencesShellExt] -> {1984DD45-52CF-49cd-AB77-18F378FEA264} => C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll [2023-07-12] (STARDOCK SYSTEMS, INC. -> Stardock)
ContextMenuHandlers4: [WorkFolders] -> {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} => -> No File
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers5: [FencesShellExt] -> {1984DD45-52CF-49cd-AB77-18F378FEA264} => C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll [2023-07-12] (STARDOCK SYSTEMS, INC. -> Stardock)
ContextMenuHandlers5: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => E:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2021-01-17] (schinagl.priv.at -> )
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_3fef55dfb47c8c9c\nvshext.dll [2024-02-17] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers5: [WorkFolders] -> {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => F:\Program Files\Defraggler\DefragglerShell64.dll [2020-08-03] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2024-01-23] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [FencesShellExt] -> {1984DD45-52CF-49cd-AB77-18F378FEA264} => C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll [2023-07-12] (STARDOCK SYSTEMS, INC. -> Stardock)
ContextMenuHandlers6: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => E:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2021-01-17] (schinagl.priv.at -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-08-15] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers6: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => E:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2024-02-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2024-02-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3_S-1-5-21-2538788236-3835922159-488444903-1001: [SmartRenameExt] -> {81ADB5B6-F9A4-4320-87B3-D9360F82EC50} => E:\Program Files\Chris Davis\SmartRename\SmartRenameExt64.dll [2021-06-04] (Christopher Davis -> Chris Davis)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.RTV1] => c:\windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Ori\Desktop\Baldurs Gate 3.lnk -> C:\Users\Ori\Desktop\BAT FILES\BG3.bat ()
Shortcut: C:\Users\Ori\Desktop\Start A1111.lnk -> E:\Documents\A1111 Web UI Autoinstaller\stable-diffusion-webui\webui-user.bat ()
Shortcut: E:\Users\Ori\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Link Shell Extension\Donate.lnk -> hxxp://schinagl.priv.at/nt/hardlinkshellext/linkshellextension.htm

==================== Loaded Modules (Whitelisted) =============

2023-10-26 00:34 - 2023-10-26 00:34 - 000036864 _____ () [File not signed] [File is in use] C:\Users\Ori\AppData\Local\FlowLauncher\app-1.16.2\Flow.Launcher.Plugin.dll
2023-11-03 11:00 - 2022-07-19 08:49 - 001122304 _____ () [File not signed] \\?\F:\Achievement Watcher\watchdog\node_modules\@nodert-win10-rs4\windows.data.xml.dom\build\Release\binding.node
2023-11-03 11:00 - 2022-07-19 08:49 - 001312256 _____ () [File not signed] \\?\F:\Achievement Watcher\watchdog\node_modules\@nodert-win10-rs4\windows.ui.notifications\build\Release\binding.node
2023-11-03 11:00 - 2022-07-19 08:48 - 000670208 _____ () [File not signed] \\?\F:\Achievement Watcher\watchdog\node_modules\ffi-napi\build\Release\ffi_bindings.node
2023-11-03 11:00 - 1985-10-26 09:15 - 000593408 _____ () [File not signed] \\?\F:\Achievement Watcher\watchdog\node_modules\ref-napi\prebuilds\win32-x64\node.napi.node
2023-11-03 11:00 - 2022-07-19 08:48 - 005420544 _____ () [File not signed] \\?\F:\Achievement Watcher\watchdog\node_modules\win-screen-resolution\build\Release\resolution.node
2023-12-06 21:12 - 2019-05-14 03:45 - 006065152 _____ () [File not signed] C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.77\libprotobufd.dll
2023-12-06 21:10 - 2019-03-28 02:20 - 000242176 _____ () [File not signed] C:\Program Files (x86)\ASUS\AXSP\4.00.38\cpuutil.dll
2023-02-23 09:31 - 2023-02-23 09:31 - 001473536 _____ () [File not signed] C:\Program Files (x86)\VB\Voicemeeter\mp3lame\lame_enc64.dll
2023-10-26 00:34 - 2023-10-26 00:34 - 000028672 _____ () [File not signed] C:\Users\Ori\AppData\Local\FlowLauncher\app-1.16.2\Plugins\Flow.Launcher.Plugin.Program\INIFileParser.dll
2024-02-28 20:31 - 2024-02-28 20:31 - 000095744 _____ () [File not signed] C:\WINDOWS\Womtrust.dll
2023-12-06 21:12 - 2019-04-28 11:06 - 000882688 _____ () [File not signed] E:\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4DIGIPowerControlAction.dll
2023-12-06 21:12 - 2019-04-28 11:06 - 000991744 _____ () [File not signed] E:\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4EpuAction.dll
2023-12-06 21:12 - 2019-04-28 11:06 - 000986624 _____ () [File not signed] E:\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4FanAction.dll
2023-12-06 21:12 - 2019-04-28 11:06 - 000948224 _____ () [File not signed] E:\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4TurboVEVOAction.dll
2023-04-02 17:48 - 2023-04-02 17:48 - 000232960 _____ () [File not signed] E:\Program Files (x86)\MSI Afterburner\RTCore.dll
2023-04-02 17:48 - 2023-04-02 17:48 - 000059392 _____ () [File not signed] E:\Program Files (x86)\MSI Afterburner\RTFC.dll
2023-04-02 17:49 - 2023-04-02 17:49 - 000699904 _____ () [File not signed] E:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2023-04-02 17:48 - 2023-04-02 17:48 - 000074240 _____ () [File not signed] E:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2023-04-02 17:48 - 2023-04-02 17:48 - 000371712 _____ () [File not signed] E:\Program Files (x86)\MSI Afterburner\RTUI.dll
2022-06-14 03:53 - 2022-06-14 03:53 - 000105984 _____ () [File not signed] E:\Program Files (x86)\RivaTuner Statistics Server\PlugIns\Client\HotkeyHandler.dll
2023-02-15 17:44 - 2023-02-15 17:44 - 000625664 _____ () [File not signed] E:\Program Files (x86)\RivaTuner Statistics Server\PlugIns\Client\OverlayEditor.dll
2023-03-14 10:57 - 2023-03-14 10:57 - 000058368 _____ () [File not signed] E:\Program Files (x86)\RivaTuner Statistics Server\RTFC.dll
2023-03-14 10:57 - 2023-03-14 10:57 - 000074240 _____ () [File not signed] E:\Program Files (x86)\RivaTuner Statistics Server\RTMUI.dll
2023-03-14 10:57 - 2023-03-14 10:57 - 000368640 _____ () [File not signed] E:\Program Files (x86)\RivaTuner Statistics Server\RTUI.dll
2023-11-03 11:00 - 1985-10-26 09:15 - 000038400 _____ () [File not signed] F:\Achievement Watcher\watchdog\node_modules\wql-process-monitor\lib\dist\processMonitor.x64.dll
2023-11-03 11:00 - 1985-10-26 09:15 - 005927379 _____ (Anthony Beaumont) [File not signed] F:\Achievement Watcher\watchdog\node_modules\@xan105\screenshot\lib\dist\souvenir.dll
2023-11-03 11:00 - 1985-10-26 09:15 - 003955042 _____ (Anthony Beaumont) [File not signed] F:\Achievement Watcher\watchdog\node_modules\regodit\lib\dist\regodit.dll
2017-05-09 02:40 - 2017-05-09 02:40 - 000475648 _____ (CherubicSoft) [File not signed] E:\Program Files (x86)\SageThumbs\64\SageThumbs.dll
2017-05-09 02:40 - 2017-05-09 02:40 - 000716288 _____ (CherubicSoft) [File not signed] E:\Program Files (x86)\SageThumbs\64\sqlite3.dll
2023-11-20 13:22 - 2023-11-20 13:22 - 005855744 _____ (ESET, spol. s r.o. -> ESET) [File not signed] C:\Program Files\ESET\ESET Security\Modules\em045_64\1087\em045_64.dll
2023-10-26 00:34 - 2023-10-26 00:34 - 000112640 _____ (Flow Launcher) [File not signed] [File is in use] C:\Users\Ori\AppData\Local\FlowLauncher\app-1.16.2\Flow.Launcher.Core.dll
2023-10-26 00:34 - 2023-10-26 00:34 - 001008128 _____ (Flow Launcher) [File not signed] [File is in use] C:\Users\Ori\AppData\Local\FlowLauncher\app-1.16.2\Flow.Launcher.dll
2023-10-26 00:34 - 2023-10-26 00:34 - 000100352 _____ (Flow Launcher) [File not signed] [File is in use] C:\Users\Ori\AppData\Local\FlowLauncher\app-1.16.2\Flow.Launcher.Infrastructure.dll
2023-10-26 00:34 - 2023-10-26 00:34 - 000040960 _____ (Flow.Launcher.Plugin.BrowserBookmark) [File not signed] C:\Users\Ori\AppData\Local\FlowLauncher\app-1.16.2\Plugins\Flow.Launcher.Plugin.BrowserBookmark\Flow.Launcher.Plugin.BrowserBookmark.dll
2023-10-26 00:34 - 2023-10-26 00:34 - 000016896 _____ (Flow.Launcher.Plugin.Caculator) [File not signed] C:\Users\Ori\AppData\Local\FlowLauncher\app-1.16.2\Plugins\Flow.Launcher.Plugin.Caculator\Flow.Launcher.Plugin.Caculator.dll
2023-10-26 00:34 - 2023-10-26 00:34 - 000146432 _____ (Flow.Launcher.Plugin.Explorer) [File not signed] C:\Users\Ori\AppData\Local\FlowLauncher\app-1.16.2\Plugins\Flow.Launcher.Plugin.Explorer\Flow.Launcher.Plugin.Explorer.dll
2023-10-26 00:34 - 2023-10-26 00:34 - 000012800 _____ (Flow.Launcher.Plugin.PluginIndicator) [File not signed] C:\Users\Ori\AppData\Local\FlowLauncher\app-1.16.2\Plugins\Flow.Launcher.Plugin.PluginIndicator\Flow.Launcher.Plugin.PluginIndicator.dll
2023-10-26 00:34 - 2023-10-26 00:34 - 000039936 _____ (Flow.Launcher.Plugin.PluginsManager) [File not signed] C:\Users\Ori\AppData\Local\FlowLauncher\app-1.16.2\Plugins\Flow.Launcher.Plugin.PluginsManager\Flow.Launcher.Plugin.PluginsManager.dll
2023-10-26 00:34 - 2023-10-26 00:34 - 000107520 _____ (Flow.Launcher.Plugin.Program) [File not signed] C:\Users\Ori\AppData\Local\FlowLauncher\app-1.16.2\Plugins\Flow.Launcher.Plugin.Program\Flow.Launcher.Plugin.Program.dll
2023-10-26 00:34 - 2023-10-26 00:34 - 000024064 _____ (Flow.Launcher.Plugin.Shell) [File not signed] C:\Users\Ori\AppData\Local\FlowLauncher\app-1.16.2\Plugins\Flow.Launcher.Plugin.Shell\Flow.Launcher.Plugin.Shell.dll
2023-10-26 00:34 - 2023-10-26 00:34 - 000019456 _____ (Flow.Launcher.Plugin.Sys) [File not signed] C:\Users\Ori\AppData\Local\FlowLauncher\app-1.16.2\Plugins\Flow.Launcher.Plugin.Sys\Flow.Launcher.Plugin.Sys.dll
2023-10-26 00:34 - 2023-10-26 00:34 - 000011264 _____ (Flow.Launcher.Plugin.Url) [File not signed] C:\Users\Ori\AppData\Local\FlowLauncher\app-1.16.2\Plugins\Flow.Launcher.Plugin.Url\Flow.Launcher.Plugin.Url.dll
2023-10-26 00:34 - 2023-10-26 00:34 - 000047104 _____ (Flow.Launcher.Plugin.WebSearch) [File not signed] C:\Users\Ori\AppData\Local\FlowLauncher\app-1.16.2\Plugins\Flow.Launcher.Plugin.WebSearch\Flow.Launcher.Plugin.WebSearch.dll
2023-10-26 00:34 - 2023-10-26 00:34 - 000525824 _____ (Flow.Launcher.Plugin.WindowsSettings) [File not signed] C:\Users\Ori\AppData\Local\FlowLauncher\app-1.16.2\Plugins\Flow.Launcher.Plugin.WindowsSettings\Flow.Launcher.Plugin.WindowsSettings.dll
2023-10-26 00:34 - 2023-10-26 00:34 - 000011776 _____ (Flow-Launcher) [File not signed] C:\Users\Ori\AppData\Local\FlowLauncher\app-1.16.2\Plugins\Flow.Launcher.Plugin.ProcessKiller\Flow.Launcher.Plugin.ProcessKiller.dll
2023-10-26 00:34 - 2023-10-26 00:34 - 000022528 _____ (michaelnoonan) [File not signed] [File is in use] C:\Users\Ori\AppData\Local\FlowLauncher\app-1.16.2\WindowsInput.dll
2023-10-26 00:34 - 2023-10-26 00:34 - 000913920 _____ (ModernWpf) [File not signed] [File is in use] C:\Users\Ori\AppData\Local\FlowLauncher\app-1.16.2\ModernWpf.dll
2023-10-26 00:34 - 2023-10-26 00:34 - 000702464 _____ (ModernWpf.Controls) [File not signed] [File is in use] C:\Users\Ori\AppData\Local\FlowLauncher\app-1.16.2\ModernWpf.Controls.dll
2023-10-26 00:34 - 2023-10-26 00:34 - 000821248 _____ (NLog) [File not signed] [File is in use] C:\Users\Ori\AppData\Local\FlowLauncher\app-1.16.2\NLog.dll
2023-10-26 00:34 - 2023-10-26 00:34 - 000055296 _____ (NLog) [File not signed] [File is in use] C:\Users\Ori\AppData\Local\FlowLauncher\app-1.16.2\NLog.Extensions.Logging.dll
2023-10-26 00:34 - 2023-10-26 00:34 - 000051712 _____ (NLog) [File not signed] [File is in use] C:\Users\Ori\AppData\Local\FlowLauncher\app-1.16.2\NLog.Web.AspNetCore.dll
2023-10-26 00:34 - 2023-10-26 00:34 - 000239616 _____ (smapiot) [File not signed] C:\Users\Ori\AppData\Local\FlowLauncher\app-1.16.2\Plugins\Flow.Launcher.Plugin.Caculator\Mages.Core.dll
2022-12-05 00:34 - 2021-06-19 01:55 - 001079909 _____ (SQLite Development Team) [File not signed] C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2023-07-12 10:09 - 2023-07-12 10:09 - 001401632 _____ (STARDOCK SYSTEMS, INC. -> Stardock Corporation) [File not signed] [File is in use] c:\program files (x86)\stardock\fences\SdAppServices_x64.dll
2023-07-12 10:09 - 2023-07-12 10:09 - 003625240 _____ (STARDOCK SYSTEMS, INC. -> Stardock) [File not signed] [File is in use] c:\program files (x86)\stardock\fences\DesktopDock64.dll
2017-02-11 19:28 - 2015-09-28 13:08 - 000255488 _____ (Sysprogs OU) [File not signed] E:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll
2022-12-07 15:48 - 2018-11-22 16:48 - 001374208 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Spybot - Search & Destroy 2\libeay32.dll
2022-12-07 15:48 - 2018-11-22 16:48 - 000337920 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Spybot - Search & Destroy 2\ssleay32.dll
2023-10-26 00:34 - 2023-10-26 00:34 - 000009728 _____ (Thomas Levesque) [File not signed] [File is in use] C:\Users\Ori\AppData\Local\FlowLauncher\app-1.16.2\NHotkey.dll
2023-10-26 00:34 - 2023-10-26 00:34 - 000013312 _____ (Thomas Levesque) [File not signed] [File is in use] C:\Users\Ori\AppData\Local\FlowLauncher\app-1.16.2\NHotkey.Wpf.dll
2014-02-07 11:47 - 2014-02-07 11:47 - 001519104 _____ (XnView) [File not signed] E:\Program Files (x86)\SageThumbs\64\libgfl340.dll
2014-02-07 11:47 - 2014-02-07 11:47 - 000256000 _____ (XnView) [File not signed] E:\Program Files (x86)\SageThumbs\64\libgfle340.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Ori\Application Data:b2471a6db8deb9681d22d6d26ae65e4b [394]
AlternateDataStreams: C:\Users\Ori\Downloads\FRST64.exe:shield [215]
AlternateDataStreams: C:\Users\Ori\Downloads\MayThePerformanceBeWithYou-StandardPackage-7-2-5-2-1685368525.zip:shield [304]
AlternateDataStreams: C:\Users\Ori\Downloads\MayThePerfromanceBeWithYou-Configurator-7-3-3-2-0-1698375977.zip:shield [302]
AlternateDataStreams: C:\Users\Ori\Downloads\MTPBWY-PacificDrive-4-1-0-0-0-1708645328.zip:shield [262]
AlternateDataStreams: C:\Users\Ori\Downloads\PDNo-IntroFix-2-0-1-1708628826.zip:shield [242]
AlternateDataStreams: C:\Users\Ori\Downloads\PDNo-SplashFix-3-0-1-1708629066.zip:shield [244]
AlternateDataStreams: C:\Users\Ori\Downloads\RogueKiller_setup.exe:shield [182]
AlternateDataStreams: C:\Users\Ori\Downloads\TFC.exe:shield [162]
AlternateDataStreams: C:\Users\Ori\Downloads\UCheck_setup.exe:shield [168]
AlternateDataStreams: C:\Users\Ori\AppData\Roaming:b2471a6db8deb9681d22d6d26ae65e4b [394]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [5540]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-2538788236-3835922159-488444903-1001\Software\Classes\regfile: <==== ATTENTION
HKU\S-1-5-21-2538788236-3835922159-488444903-1001\Software\Classes\.reg: regfile => <==== ATTENTION
HKU\S-1-5-21-2538788236-3835922159-488444903-1001\Software\Classes\.bat: batfile => <==== ATTENTION
HKU\S-1-5-21-2538788236-3835922159-488444903-1001\Software\Classes\.cmd: cmdfile => <==== ATTENTION

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7947 more sites.

IE restricted site: HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\123simsen.com -> www.123simsen.com

There are 7947 more sites.

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2024-02-20 20:05 - 2024-02-28 19:08 - 000000855 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> c:\program files\eclipse adoptium\jdk-11.0.19.7-hotspot\bin;c:\program files\common files\oracle\java\javapath;c:\windows\system32;c:\windows;c:\windows\system32\wbem;c:\windows\system32\windowspowershell\v1.0;c:\windows\system32\openssh;c:\program files\dotnet;e:\program files\nodejs;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\chocolatey\bin;C:\Program Files\Git\cmd
HKU\S-1-5-21-2538788236-3835922159-488444903-1001\Control Panel\Desktop\\Wallpaper -> E:\Downloads\wallhaven-kwp6r1_2560x1440.png
DNS Servers: 103.86.96.100 - 103.86.99.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "VoiceMeeter"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_DEFB0A7426E565D4C8C60997D50EF9BF"
HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\StartupApproved\Run: => "Overwolf"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7DD7C22F-A912-4D4F-93E4-79D4FA8430C0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D4203E8C-3FDA-4286-AD40-CC8CACDB0F73}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{BC1B14ED-E75E-43E2-B1E9-B9B24D837BCA}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{2C8818F4-CA14-417E-B6A7-0FCBE4E61FF4}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{1B8C733B-44A6-4652-BB84-36167ABF6F35}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{D5DF8D20-3DFD-45A3-8043-FC285A5BC2C9}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{105FFEC6-5388-4E24-BA42-38027AA6030A}] => (Allow) C:\Program Files\Parsec\parsecd.exe (Parsec Cloud, Inc. -> Parsec)
FirewallRules: [{331B92D4-5A3A-4EB6-AB9E-70A33A64E2C4}] => (Allow) E:\Program Files\Cybelsoft\DriversCloud.com\DriversCloud.exe (CYBELSOFT -> CybelSoft)
FirewallRules: [{AE5C0258-2407-467C-A108-FC99B1254BAC}] => (Allow) E:\Program Files\Cybelsoft\DriversCloud.com\DriversCloud.exe (CYBELSOFT -> CybelSoft)
FirewallRules: [{0FF821B4-D880-4770-90EF-930D120DA343}] => (Allow) F:\Achievement Watcher\node\node.exe (Node.js) [File not signed]
FirewallRules: [{D73B2234-8EC0-4052-8CEA-1A29423D459B}] => (Allow) C:\Program Files (x86)\Overwolf\0.241.0.10\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{80B1D84E-E977-4145-A663-8D70454781B6}] => (Allow) C:\Program Files (x86)\Overwolf\0.241.0.10\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{AD912E3C-3913-4F96-8297-92B278AB1870}] => (Allow) E:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{C85FCAF0-4B57-4991-A93C-E7C82D0111E6}] => (Allow) E:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{CA7E7A68-67A8-4173-A4A5-2FCEC9C3BDC2}] => (Allow) F:\SteamLibrary\steamapps\common\Palworld\Palworld.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{8509F929-D9A2-40EB-96B3-98FBE839519A}] => (Allow) F:\SteamLibrary\steamapps\common\Palworld\Palworld.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{F1E7E45B-551E-4F26-8260-E482A39EF0CD}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{480C6602-A8F0-4CD4-AA2D-AB8069EA5E9D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{9E6EFAB9-EFA3-4B1E-B67D-E4ECCBA59176}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{01DF0815-250E-4BEF-A399-C43432F6D46B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{C9B70DF6-3CB5-42AC-9DE3-6A0E1C192420}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{3C4EAC07-516D-4007-9BC2-579061EB619A}] => (Allow) C:\Program Files\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{64E70C44-D74D-4BBC-9065-3FCD2BA95F02}] => (Allow) C:\Program Files\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{491D867A-DD2A-44A0-99D7-7EFB6EED82FB}] => (Allow) C:\Program Files\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{CE015D0A-1C8F-49D8-BF47-B9B847146870}] => (Allow) C:\Program Files\Unity Hub\Unity Hub.exe (Unity Technologies SF -> Unity Technologies Inc.)
FirewallRules: [{5143B426-8E58-45D0-AD73-217013CD4AD9}] => (Allow) C:\Program Files\NordVPN\nordvpn-service.exe (nordvpn s.a. -> nordvpn S.A.)
FirewallRules: [{F3C69B23-00FD-42D0-ADC3-47A2D43F317E}] => (Allow) C:\Program Files\NordVPN\nordvpn-service.exe (nordvpn s.a. -> nordvpn S.A.)
FirewallRules: [{68229B71-83B9-4307-8D0A-672F7602B27E}] => (Allow) C:\Program Files\NordVPN\NordSec ThreatProtection\nordsec-threatprotection-service.exe (nordvpn s.a. -> nordvpn S.A.)
FirewallRules: [{FABE226C-749A-4D30-95A1-DEA42915D77B}] => (Allow) C:\Program Files\NordVPN\NordSec ThreatProtection\nordsec-threatprotection-service.exe (nordvpn s.a. -> nordvpn S.A.)
FirewallRules: [{A759FB4D-E417-4DAC-889E-CB1DEBF2CDDB}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{3A771FFB-77A7-4C34-BEDD-82CB42662F91}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{B2DA0E05-1289-4575-B114-E4C5D9FA917A}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{1A54E475-27A4-415B-BA94-A4E4BFA41D18}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

07-02-2024 23:04:08 Windows Update
16-02-2024 23:55:43 Scheduled Checkpoint
25-02-2024 06:41:26 O&O ShutUp10++
28-02-2024 20:26:15 2-28-24

==================== Faulty Device Manager Devices ============

Name: High Precision Event Timer
Description: High Precision Event Timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: PCI Device
Description: PCI Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: ========================

Application errors:
==================
Error: (02/28/2024 08:33:03 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\SOGGY$ via https://AMD-KeyId-cbb3f726e72c37bf7e9c6cfaa6ef06f88fd1fc4c.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(15ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (02/28/2024 08:32:57 PM) (Source: SecurityCenter) (EventID: 18) (User: )
Description: The Windows Security Center Service was unable to load instances of FirewallProduct from datastore.

Error: (02/28/2024 08:26:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied..

Error: (02/28/2024 08:23:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program _iu14D2N.tmp version 51.1052.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 3c68

Start Time: 01da6aad7174d472

Termination Time: 4294967295

Application Path: C:\Users\Ori\AppData\Local\Temp\_iu14D2N.tmp

Report Id: 623c6238-a77f-47c7-a2b8-92677a104c26

Faulting package full name:

Faulting package-relative application ID:

Hang type: Top level window is idle

Error: (02/28/2024 08:12:32 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\SOGGY$ via https://AMD-KeyId-cbb3f726e72c37bf7e9c6cfaa6ef06f88fd1fc4c.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(406ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (02/28/2024 08:12:27 PM) (Source: SecurityCenter) (EventID: 18) (User: )
Description: The Windows Security Center Service was unable to load instances of FirewallProduct from datastore.

Error: (02/28/2024 07:46:00 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = E:\Downloads\HitmanPro_x64.exe /updated:"C:\Users\Ori\AppData\Local\Temp\HitmanPro_x64.exe"; Description = Checkpoint by HitmanPro; Error = 0x8007043c).

Error: (02/28/2024 07:45:48 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = E:\Downloads\HitmanPro_x64.exe /updated:"C:\Users\Ori\AppData\Local\Temp\HitmanPro_x64.exe"; Description = Checkpoint by HitmanPro; Error = 0x8007043c).

System errors:
=============
Error: (02/28/2024 08:53:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Browser service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.

Error: (02/28/2024 08:53:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Browser service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.

Error: (02/28/2024 08:53:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Browser service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.

Error: (02/28/2024 08:53:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Browser service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.

Error: (02/28/2024 08:53:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Browser service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.

Error: (02/28/2024 08:53:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Browser service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.

Error: (02/28/2024 08:53:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Browser service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.

Error: (02/28/2024 08:53:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Browser service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.

CodeIntegrity:
===============
Date: 2024-02-28 21:23:50
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume6\Program Files\ESET\ESET Security\eamsi.dll that did not meet the Windows signing level requirements.

Date: 2024-02-28 21:15:04
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume6\Program Files\ESET\ESET Security\eamsi.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 6203 07/27/2023
Motherboard: ASUSTeK COMPUTER INC. PRIME X370-PRO
Processor: AMD Ryzen 7 1700X Eight-Core Processor
Percentage of memory in use: 15%
Total physical RAM: 65443.72 MB
Available physical RAM: 55259.56 MB
Total Virtual: 130979.72 MB
Available Virtual: 115716.03 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:231.78 GB) (Free:135.93 GB) (Model: Samsung SSD 850 EVO 250GB) NTFS
Drive d: (Big Boi) (Fixed) (Total:1863.02 GB) (Free:1566.36 GB) (Model: ST2000DM001-1ER164) NTFS
Drive e: (Mega Boi) (Fixed) (Total:3726.01 GB) (Free:2052.48 GB) (Model: WDC WD40EZRZ-00GXCB0) NTFS
Drive f: (Fast Boi) (Fixed) (Total:1863.01 GB) (Free:1190.22 GB) (Model: SPCC M.2 PCIe SSD) NTFS

\\?\Volume{dd632419-f895-11e7-824f-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.08 GB) NTFS
\\?\Volume{1048c0dc-0000-0000-0000-30083a000000}\ () (Fixed) (Total:0 GB) (Free:0 GB)

==================== MBR & Partition Table ====================

==================== End of Addition.txt =======================

Edited by dog6611, 28 February 2024 - 09:38 PM.

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
57,028 posts
OFFLINE

Gender:Male
Location:California
Local time:07:58 PM

Posted 28 February 2024 - 10:01 PM

Greetings and :welcome:

back to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:

First, please keep in mind most of us at BleepingComputer volunteer our assistance for your benefit in your time of need. Please try to match our commitment to you with your patience toward us.
It is important to not run any tools or take any steps other than those I will provide for you.
Please perform all steps in the order they are listed. If things are not clear or you experience problems be sure to stop and let me know.
Please copy and paste all logs into your post unless otherwise requested.
When your computer is clean I will let you know, provide instructions to remove tools and reports, and offer you information about how you can combat future infections.
If you do not reply to your topic after 5 days I will assume it has been abandoned and I will close it.

===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and let me know.

Please allow me some time to review what you have posted.

Gary

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#3 dog6611

Topic Starter

Members
70 posts
ONLINE

Local time:10:58 PM

Posted 28 February 2024 - 10:07 PM

I will make sure to check this thread whenever I have time until we come to a solution. I appreciate the quick response

#4 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
57,028 posts
OFFLINE

Gender:Male
Location:California
Local time:07:58 PM

Posted 28 February 2024 - 10:32 PM

No problem.

I am ending for the evening but will post tomorrow morning.

Gary

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#5 dog6611

Topic Starter

Members
70 posts
ONLINE

Local time:10:58 PM

Posted 28 February 2024 - 10:37 PM

No problem.

I am ending for the evening but will post tomorrow morning.

Sounds good, have a great night.

#6 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
57,028 posts
OFFLINE

Gender:Male
Location:California
Local time:07:58 PM

Posted 29 February 2024 - 09:42 AM

Thank you for your patience.

We will clean up some stuff and take a look at a few Registry Keys.

Please do this.

===================================================

Farbar Recovery Scan Tool Fix

--------------------

Right click on the FRST64 icon and select Run as administrator
Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
There is no need to paste the information anywhere, FRST64 will do it for you

Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
ExportKey: HKU\S-1-5-21-2538788236-3835922159-488444903-1001\Software\Classes\regfile
ExportKey: HKU\S-1-5-21-2538788236-3835922159-488444903-1001\Software\Classes\.reg
ExportKey: HKU\S-1-5-21-2538788236-3835922159-488444903-1001\Software\Classes\.bat
ExportKey: HKU\S-1-5-21-2538788236-3835922159-488444903-1001\Software\Classes\.cmd
C:\Users\Ori\AppData\Local\Temp\is-PB9IS.tmp
C:\Users\Ori\AppData\Local\Temp\is-N7K7K.tmp
HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\MountPoints2: {424cedb9-4ff6-11ed-85b5-005056c00008} - "F:\OnePlus_setup.exe" /s
HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\MountPoints2: {8dd893e1-1e6d-11ee-b527-001a7dda7115} - "F:\OnePlus_setup.exe" /s
HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\MountPoints2: {8dd895f0-1e6d-11ee-b527-001a7dda7115} - "F:\OnePlus_setup.exe" /s
S3 cpuz155; \??\C:\WINDOWS\temp\cpuz155\cpuz155_x64.sys [X] <==== ATTENTION 
S3 BraveElevationService; "C:\Program Files\BraveSoftware\Brave-Browser\Application\122.1.63.165\elevation_service.exe" [X] 
S3 Browser; %SystemRoot%\System32\browser.dll [X] 
S3 cpuz155; \??\C:\WINDOWS\temp\cpuz155\cpuz155_x64.sys [X] <==== ATTENTION 
HKLM-x32\...\Run: [SunJavaUpdateSched] => :C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (No File) 
Task: {CA99EB7A-0603-4CF9-B5DC-C5DA09D4EDC2} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe  /c (No File) 
Task: {0ABB8082-DFCC-4604-B1DD-F3B29FA7B6BD} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe  /ua /installsource scheduler (No File) 
CustomCLSID: HKU\S-1-5-21-2538788236-3835922159-488444903-1001_Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}\InprocServer32 ->  => No File 
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File 
ContextMenuHandlers4: [WorkFolders] -> {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} =>  -> No File 
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File 
ContextMenuHandlers5: [WorkFolders] -> {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} =>  -> No File 
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File 
FirewallRules: [{480C6602-A8F0-4CD4-AA2D-AB8069EA5E9D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{9E6EFAB9-EFA3-4B1E-B67D-E4ECCBA59176}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{01DF0815-250E-4BEF-A399-C43432F6D46B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{C9B70DF6-3CB5-42AC-9DE3-6A0E1C192420}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File 
HKLM-x32\...\Run: [SunJavaUpdateSched] => :C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (No File) 
Task: {CA99EB7A-0603-4CF9-B5DC-C5DA09D4EDC2} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe  /c (No File) 
Task: {0ABB8082-DFCC-4604-B1DD-F3B29FA7B6BD} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe  /ua /installsource scheduler (No File) 
U4 DcpSvc; no ImagePath 
U4 HomeGroupListener; no ImagePath 
U4 HomeGroupProvider; no ImagePath 
U4 NvTelemetryContainer; no ImagePath 
U4 xbgm; no ImagePath 
AlternateDataStreams: C:\Users\Ori\Application Data:b2471a6db8deb9681d22d6d26ae65e4b [394] 
AlternateDataStreams: C:\Users\Ori\AppData\Roaming:b2471a6db8deb9681d22d6d26ae65e4b [394] 
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
End::

Click Fix
When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

Fixlog

Gary

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#7 dog6611

Topic Starter

Members
70 posts
ONLINE

Local time:10:58 PM

Posted 29 February 2024 - 06:02 PM

Apologies for the late reply. Here is the log you requested.

==============================================

Fix result of Farbar Recovery Scan Tool (x64) Version: 26.02.2024 01
Ran by Soggy (29-02-2024 17:33:31) Run:1
Running from E:\Downloads
Loaded Profiles: Soggy
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
ExportKey: HKU\S-1-5-21-2538788236-3835922159-488444903-1001\Software\Classes\regfile
ExportKey: HKU\S-1-5-21-2538788236-3835922159-488444903-1001\Software\Classes\.reg
ExportKey: HKU\S-1-5-21-2538788236-3835922159-488444903-1001\Software\Classes\.bat
ExportKey: HKU\S-1-5-21-2538788236-3835922159-488444903-1001\Software\Classes\.cmd
C:\Users\Ori\AppData\Local\Temp\is-PB9IS.tmp
C:\Users\Ori\AppData\Local\Temp\is-N7K7K.tmp
HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\MountPoints2: {424cedb9-4ff6-11ed-85b5-005056c00008} - "F:\OnePlus_setup.exe" /s
HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\MountPoints2: {8dd893e1-1e6d-11ee-b527-001a7dda7115} - "F:\OnePlus_setup.exe" /s
HKU\S-1-5-21-2538788236-3835922159-488444903-1001\...\MountPoints2: {8dd895f0-1e6d-11ee-b527-001a7dda7115} - "F:\OnePlus_setup.exe" /s
S3 cpuz155; \??\C:\WINDOWS\temp\cpuz155\cpuz155_x64.sys [X] <==== ATTENTION
S3 BraveElevationService; "C:\Program Files\BraveSoftware\Brave-Browser\Application\122.1.63.165\elevation_service.exe" [X]
S3 Browser; %SystemRoot%\System32\browser.dll [X]
S3 cpuz155; \??\C:\WINDOWS\temp\cpuz155\cpuz155_x64.sys [X] <==== ATTENTION
HKLM-x32\...\Run: [SunJavaUpdateSched] => :C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (No File)
Task: {CA99EB7A-0603-4CF9-B5DC-C5DA09D4EDC2} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /c (No File)
Task: {0ABB8082-DFCC-4604-B1DD-F3B29FA7B6BD} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /ua /installsource scheduler (No File)
CustomCLSID: HKU\S-1-5-21-2538788236-3835922159-488444903-1001_Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}\InprocServer32 -> => No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4: [WorkFolders] -> {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} => -> No File
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers5: [WorkFolders] -> {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
FirewallRules: [{480C6602-A8F0-4CD4-AA2D-AB8069EA5E9D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{9E6EFAB9-EFA3-4B1E-B67D-E4ECCBA59176}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{01DF0815-250E-4BEF-A399-C43432F6D46B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{C9B70DF6-3CB5-42AC-9DE3-6A0E1C192420}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
HKLM-x32\...\Run: [SunJavaUpdateSched] => :C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (No File)
Task: {CA99EB7A-0603-4CF9-B5DC-C5DA09D4EDC2} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /c (No File)
Task: {0ABB8082-DFCC-4604-B1DD-F3B29FA7B6BD} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /ua /installsource scheduler (No File)
U4 DcpSvc; no ImagePath
U4 HomeGroupListener; no ImagePath
U4 HomeGroupProvider; no ImagePath
U4 NvTelemetryContainer; no ImagePath
U4 xbgm; no ImagePath
AlternateDataStreams: C:\Users\Ori\Application Data:b2471a6db8deb9681d22d6d26ae65e4b [394]
AlternateDataStreams: C:\Users\Ori\AppData\Roaming:b2471a6db8deb9681d22d6d26ae65e4b [394]
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
End::
*****************

HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore => removed successfully
SystemRestore: On => completed
Restore point was successfully created.
Processes closed successfully.
================== ExportKey: ===================

[HKU\S-1-5-21-2538788236-3835922159-488444903-1001\Software\Classes\regfile]
""="Registration Entries"
"EditFlags"="1048576"
"FriendlyTypeName"="@%SystemRoot%\regedit.exe,-309"
[HKU\S-1-5-21-2538788236-3835922159-488444903-1001\Software\Classes\regfile\shell]
[HKU\S-1-5-21-2538788236-3835922159-488444903-1001\Software\Classes\regfile\shellex]

=== End of ExportKey ===
================== ExportKey: ===================

[HKU\S-1-5-21-2538788236-3835922159-488444903-1001\Software\Classes\.reg]
""="regfile"
[HKU\S-1-5-21-2538788236-3835922159-488444903-1001\Software\Classes\.reg\shellex]

=== End of ExportKey ===
================== ExportKey: ===================

[HKU\S-1-5-21-2538788236-3835922159-488444903-1001\Software\Classes\.bat]
""="batfile"
[HKU\S-1-5-21-2538788236-3835922159-488444903-1001\Software\Classes\.bat\shellex]

=== End of ExportKey ===
================== ExportKey: ===================

[HKU\S-1-5-21-2538788236-3835922159-488444903-1001\Software\Classes\.cmd]
""="cmdfile"
[HKU\S-1-5-21-2538788236-3835922159-488444903-1001\Software\Classes\.cmd\shellex]

=== End of ExportKey ===
"C:\Users\Ori\AppData\Local\Temp\is-PB9IS.tmp" => not found

"C:\Users\Ori\AppData\Local\Temp\is-N7K7K.tmp" folder move:

C:\Users\Ori\AppData\Local\Temp\is-N7K7K.tmp => moved successfully
HKU\S-1-5-21-2538788236-3835922159-488444903-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{424cedb9-4ff6-11ed-85b5-005056c00008} => removed successfully
HKU\S-1-5-21-2538788236-3835922159-488444903-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8dd893e1-1e6d-11ee-b527-001a7dda7115} => removed successfully
HKU\S-1-5-21-2538788236-3835922159-488444903-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8dd895f0-1e6d-11ee-b527-001a7dda7115} => removed successfully
HKLM\System\CurrentControlSet\Services\cpuz155 => removed successfully
cpuz155 => service removed successfully
HKLM\System\CurrentControlSet\Services\BraveElevationService => removed successfully
BraveElevationService => service removed successfully
HKLM\System\CurrentControlSet\Services\Browser => removed successfully
Browser => service removed successfully
cpuz155 => service not found.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CA99EB7A-0603-4CF9-B5DC-C5DA09D4EDC2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA99EB7A-0603-4CF9-B5DC-C5DA09D4EDC2}" => removed successfully
C:\WINDOWS\System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MicrosoftEdgeUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0ABB8082-DFCC-4604-B1DD-F3B29FA7B6BD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0ABB8082-DFCC-4604-B1DD-F3B29FA7B6BD}" => removed successfully
C:\WINDOWS\System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MicrosoftEdgeUpdateTaskMachineUA" => removed successfully
HKU\S-1-5-21-2538788236-3835922159-488444903-1001_Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2} => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ FileSyncEx => removed successfully
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\WorkFolders" => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ FileSyncEx => removed successfully
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\WorkFolders" => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{480C6602-A8F0-4CD4-AA2D-AB8069EA5E9D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9E6EFAB9-EFA3-4B1E-B67D-E4ECCBA59176}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{01DF0815-250E-4BEF-A399-C43432F6D46B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C9B70DF6-3CB5-42AC-9DE3-6A0E1C192420}" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA99EB7A-0603-4CF9-B5DC-C5DA09D4EDC2}" => not found
"C:\WINDOWS\System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MicrosoftEdgeUpdateTaskMachineCore" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0ABB8082-DFCC-4604-B1DD-F3B29FA7B6BD}" => not found
"C:\WINDOWS\System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MicrosoftEdgeUpdateTaskMachineUA" => not found
HKLM\System\CurrentControlSet\Services\DcpSvc => removed successfully
DcpSvc => service removed successfully
"HKLM\System\CurrentControlSet\Services\HomeGroupListener" => removed successfully
HomeGroupListener => service removed successfully
"HKLM\System\CurrentControlSet\Services\HomeGroupProvider" => removed successfully
HomeGroupProvider => service removed successfully
HKLM\System\CurrentControlSet\Services\NvTelemetryContainer => removed successfully
NvTelemetryContainer => service removed successfully
HKLM\System\CurrentControlSet\Services\xbgm => removed successfully
xbgm => service removed successfully
C:\Users\Ori\Application Data => ":b2471a6db8deb9681d22d6d26ae65e4b" ADS could not remove.
C:\Users\Ori\AppData\Roaming => ":b2471a6db8deb9681d22d6d26ae65e4b" ADS removed successfully

========= sfc /scannow =========

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.

Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 2% complete.
Verification 3% complete.
Verification 4% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 6% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 9% complete.
Verification 10% complete.
Verification 10% complete.
Verification 11% complete.
Verification 12% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 17% complete.
Verification 18% complete.
Verification 19% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 21% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 28% complete.
Verification 29% complete.
Verification 29% complete.
Verification 30% complete.
Verification 31% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 33% complete.
Verification 34% complete.
Verification 35% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 38% complete.
Verification 38% complete.
Verification 39% complete.
Verification 39% complete.
Verification 40% complete.
Verification 40% complete.
Verification 41% complete.
Verification 42% complete.
Verification 42% complete.
Verification 43% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 46% complete.
Verification 46% complete.
Verification 47% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 51% complete.
Verification 52% complete.
Verification 52% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 58% complete.
Verification 59% complete.
Verification 59% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 63% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 69% complete.
Verification 69% complete.
Verification 70% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 73% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 76% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 78% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 81% complete.
Verification 82% complete.
Verification 82% complete.
Verification 83% complete.
Verification 84% complete.
Verification 84% complete.
Verification 85% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 92% complete.
Verification 92% complete.
Verification 93% complete.
Verification 93% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 97% complete.
Verification 98% complete.
Verification 99% complete.
Verification 99% complete.
Verification 100% complete.

Windows Resource Protection did not find any integrity violations.

========= End of CMD: =========

========= DISM /Online /Cleanup-Image /CheckHealth =========

Deployment Image Servicing and Management tool
Version: 10.0.19041.3636

Image Version: 10.0.19045.4046

No component store corruption detected.
The operation completed successfully.

========= End of CMD: =========

The system needed a reboot.

==== End of Fixlog 17:38:15 ====

#8 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
57,028 posts
OFFLINE

Gender:Male
Location:California
Local time:07:58 PM

Posted 29 February 2024 - 09:05 PM

Thank you for the report.

The registry keys we exported aren't typically found in that registry location. However I don't see anything malicious. Typically I automatically remove them but because of the level of customization you have done I opted to examine them. They can stay or go, your preference.

Your computer is clean.

Gary

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#9 dog6611

Topic Starter

Members
70 posts
ONLINE

Local time:10:58 PM

Posted 29 February 2024 - 09:26 PM

I have done a lot of customization to limit telemetry, along with removing bloatware and personally unwanted programs such as Skype and Edge.

I'm fine with reverting things if they are known to cause possible issues.

For now I mainly use my firewall to block most telemetry connections, so I'm open to it.

Edited by dog6611, 29 February 2024 - 09:27 PM.

#10 dog6611

Topic Starter

Members
70 posts
ONLINE

Local time:10:58 PM

Posted 29 February 2024 - 09:31 PM

Also since I have the information, these are the malicious files that were picked up by RogueKiller.

These were removed shortly before I made this post, one of my main reasons to ask for help.

Edited by dog6611, 29 February 2024 - 09:34 PM.

#11 dog6611

Topic Starter

Members
70 posts
ONLINE

Local time:10:58 PM

Posted 29 February 2024 - 10:02 PM

Ok so my computer just completely froze on me again, had to force shutdown.

Can we check possibly check if there is anything ells that's effecting it?

Edited by dog6611, 29 February 2024 - 10:03 PM.

#12 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
57,028 posts
OFFLINE

Gender:Male
Location:California
Local time:07:58 PM

Posted 01 March 2024 - 10:04 AM

Greetings.

Though I don't think they are causing issues we can remove them. Because I ran a command to export the information, it could be put back if needed.

2024-02-28 20:33 - 2024-02-28 20:33 - 000002099 _____ C:\Users\Ori\Desktop\Customize Fences.lnk
2024-02-28 20:31 - 2024-02-28 20:31 - 000095744 _____ C:\WINDOWS\womtrust.dll
2024-02-28 20:28 - 2024-02-28 20:28 - 000004614 _____ C:\WINDOWS\system32\Tasks\StardockFencesHotkeySupport
2024-02-28 20:28 - 2024-02-28 20:28 - 000003814 _____ C:\WINDOWS\system32\Tasks\StardockFencesStartup
2024-02-28 20:28 - 2024-02-28 20:28 - 000000000 ____D C:\Users\Ori\AppData\Local\Stardock
2024-02-28 20:28 - 2024-02-28 20:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
2024-02-28 20:28 - 2024-02-28 20:28 - 000000000 ____D C:\Program Files (x86)\Stardock

I always do additional investigation when reviewing Roguekiller reports. I don't automatically assume the warnings are accurate. Ironically I investigated the C:\Windows\Womtrust.dll file earlier and determined it appeared to be legitimate. It appears to be related to Stardock. As you can see the file is bracketed by other Stardock entries. Since there is no reference to c:\ProgramData\Optimizer I am unable to investigate it further.

Earlier I looked for evidence of Blue Screen reports and found none. This may be a hardware issue so I may be referring you to that Forum. There are a lot of potential causes for freezing issues.

===================================================

Farbar Recovery Scan Tool Fix

--------------------

Right click on the FRST64 icon and select Run as administrator
Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
There is no need to paste the information anywhere, FRST64 will do it for you

Start::
CloseProcesses:
HKU\S-1-5-21-2538788236-3835922159-488444903-1001\Software\Classes\regfile:  <==== ATTENTION
HKU\S-1-5-21-2538788236-3835922159-488444903-1001\Software\Classes\.reg: regfile =>  <==== ATTENTION
HKU\S-1-5-21-2538788236-3835922159-488444903-1001\Software\Classes\.bat: batfile =>  <==== ATTENTION
HKU\S-1-5-21-2538788236-3835922159-488444903-1001\Software\Classes\.cmd: cmdfile =>  <==== ATTENTION
cmd: msinfo32 /nfo SystemSummary.nfo /categories +systemsummary
End::

Click Fix
When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
A SystemSummary file will be created on your Desktop. Please upload the file here.

===================================================

GSmartControl for Windows - Portable

-------------------

Download GSmartControl for Windows - Portable and save it to your desktop
Right click on gsmartcontrol.zip icon and select Extract All... then Extract
Double click on the gsmartcontrol folder
Right click on gsmartcontrol.exe (not .manifest) and select Run as administrator
Allow the program to search for and list your hard drive(s)
Double click your drive C: drive
Go to the Self-tests tab
Make sure that the Test Type is set to Short Self-test
Click the Execute button
After the test completes, click the View Output button and copy and paste the contents in your reply

Fixlog
Uploaded System Summary file
GSmart report

Gary

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#13 dog6611

Topic Starter

Members
70 posts
ONLINE

Local time:10:58 PM

Posted 01 March 2024 - 05:41 PM

Hello,

Before I post the logs I want to point out something very strange. For some reason extracting anything using WinRaR in any method, make the software freeze up intermittently, doing a full uninstall and re-install didn't seem to fix the issue.

Unsure if we can possibly look at whats causing that as well.

Below are the two longs, I have also uploaded the system summery to the provided link.

Also one thing I wanted to point out, though it's probably not the correct forum to ask this, but I'm pretty sure something is up with my Recovery Partition.
I needed to adjust it's size to fix an issue with a Windows Update and ever since then I've been getting a message on boot saying that some disk is being "scanned and repaired"

Also the partition shows up as a separate volume instead of being part of (C:).

==============================================

Fix result of Farbar Recovery Scan Tool (x64) Version: 26.02.2024 01
Ran by Soggy (01-03-2024 17:23:45) Run:2
Running from E:\Downloads
Loaded Profiles: Soggy
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
CloseProcesses:
HKU\S-1-5-21-2538788236-3835922159-488444903-1001\Software\Classes\regfile: <==== ATTENTION
HKU\S-1-5-21-2538788236-3835922159-488444903-1001\Software\Classes\.reg: regfile => <==== ATTENTION
HKU\S-1-5-21-2538788236-3835922159-488444903-1001\Software\Classes\.bat: batfile => <==== ATTENTION
HKU\S-1-5-21-2538788236-3835922159-488444903-1001\Software\Classes\.cmd: cmdfile => <==== ATTENTION
cmd: msinfo32 /nfo SystemSummary.nfo /categories +systemsummary
End::
*****************

Processes closed successfully.
HKU\S-1-5-21-2538788236-3835922159-488444903-1001\Software\Classes\regfile => removed successfully
HKU\S-1-5-21-2538788236-3835922159-488444903-1001\Software\Classes\.reg => removed successfully
HKU\S-1-5-21-2538788236-3835922159-488444903-1001\Software\Classes\.bat => removed successfully
HKU\S-1-5-21-2538788236-3835922159-488444903-1001\Software\Classes\.cmd => removed successfully

========= msinfo32 /nfo SystemSummary.nfo /categories +systemsummary =========

0

========= End of CMD: =========

The system needed a reboot.

==== End of Fixlog 17:25:35 ====

GSmart Report
===================================================

smartctl 6.6 2017-11-05 r4594 [x86_64-w64-mingw32-w10-b19045] (sf-6.6-1)
Copyright © 2002-17, Bruce Allen, Christian Franke, www.smartmontools.org

=== START OF INFORMATION SECTION ===
Model Family:     Samsung based SSDs
Device Model:     Samsung SSD 850 EVO 250GB
Serial Number:    S2R5NX0J436421V
LU WWN Device Id: 5 002538 d41e7d3af
Firmware Version: EMT02B6Q
User Capacity:    250,059,350,016 bytes [250 GB]
Sector Size:      512 bytes logical/physical
Rotation Rate:    Solid State Device
Form Factor:      2.5 inches
Device is:        In smartctl database [for details use: -P show]
ATA Version is:   ACS-2, ATA8-ACS T13/1699-D revision 4c
SATA Version is: SATA 3.1, 6.0 Gb/s (current: 6.0 Gb/s)
Local Time is:    Fri Mar 01 17:38:05 2024 EST
SMART support is: Available - device has SMART capability.
SMART support is: Enabled
AAM feature is:   Unavailable
APM feature is:   Unavailable
Rd look-ahead is: Enabled
Write cache is:   Enabled
DSN feature is:   Unavailable
ATA Security is: Disabled, frozen [SEC2]

=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED

General SMART Values:
Offline data collection status: (0x00)   Offline data collection activity
                   was never started.
                   Auto Offline Data Collection: Disabled.
Self-test execution status:      (   0)   The previous self-test routine completed
                   without error or no self-test has ever
                   been run.
Total time to complete Offline
data collection:        (    0) seconds.
Offline data collection
capabilities:            (0x53) SMART execute Offline immediate.
                   Auto Offline data collection on/off support.
                   Suspend Offline collection upon new
                   command.
                   No Offline surface scan supported.
                   Self-test supported.
                   No Conveyance Self-test supported.
                   Selective Self-test supported.
SMART capabilities:            (0x0003)   Saves SMART data before entering
                   power-saving mode.
                   Supports SMART auto save timer.
Error logging capability:        (0x01)   Error logging supported.
                   General Purpose Logging supported.
Short self-test routine
recommended polling time:    (   2) minutes.
Extended self-test routine
recommended polling time:    ( 133) minutes.
SCT capabilities:            (0x003d)   SCT Status supported.
                   SCT Error Recovery Control supported.
                   SCT Feature Control supported.
                   SCT Data Table supported.

SMART Attributes Data Structure revision number: 1
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME          FLAGS    VALUE WORST THRESH FAIL RAW_VALUE
5 Reallocated_Sector_Ct   PO--CK   100   100   010    -    0
9 Power_On_Hours          -O--CK   089   089   000    -    52164
12 Power_Cycle_Count       -O--CK   099   099   000    -    858
177 Wear_Leveling_Count     PO--C-   083   083   000    -    360
179 Used_Rsvd_Blk_Cnt_Tot   PO--C-   100   100   010    -    0
181 Program_Fail_Cnt_Total -O--CK   100   100   010    -    0
182 Erase_Fail_Count_Total -O--CK   100   100   010    -    0
183 Runtime_Bad_Block       PO--C-   100   100   010    -    0
187 Uncorrectable_Error_Cnt -O--CK   100   100   000    -    0
190 Airflow_Temperature_Cel -O--CK   068   050   000    -    32
195 ECC_Error_Rate          -O-RC-   200   200   000    -    0
199 CRC_Error_Count         -OSRCK   100   100   000    -    0
235 POR_Recovery_Count      -O--C-   099   099   000    -    172
241 Total_LBAs_Written      -O--CK   099   099   000    -    166882062745
                            ||||||_ K auto-keep
                            |||||__ C event count
                            ||||___ R error rate
                            |||____ S speed/performance
                            ||_____ O updated online
                            |______ P prefailure warning

General Purpose Log Directory Version 1
SMART           Log Directory Version 1 [multi-sector log support]
Address    Access R/W   Size Description
0x00       GPL,SL R/O      1 Log Directory
0x01           SL R/O      1 Summary SMART error log
0x02           SL R/O      1 Comprehensive SMART error log
0x03       GPL     R/O      1 Ext. Comprehensive SMART error log
0x06           SL R/O      1 SMART self-test log
0x07       GPL     R/O      1 Extended self-test log
0x09           SL R/W      1 Selective self-test log
0x10       GPL     R/O      1 NCQ Command Error log
0x11       GPL     R/O      1 SATA Phy Event Counters log
0x13       GPL     R/O      1 SATA NCQ Send and Receive log
0x30       GPL,SL R/O      9 IDENTIFY DEVICE data log
0x80-0x9f GPL,SL R/W     16 Host vendor specific log
0xa1           SL VS      16 Device vendor specific log
0xa5           SL VS      16 Device vendor specific log
0xce           SL VS      16 Device vendor specific log
0xe0       GPL,SL R/W      1 SCT Command/Status
0xe1       GPL,SL R/W      1 SCT Data Transfer

SMART Extended Comprehensive Error Log Version: 1 (1 sectors)
No Errors Logged

SMART Extended Self-test Log Version: 1 (1 sectors)
Num Test_Description    Status                  Remaining LifeTime(hours) LBA_of_first_error
# 1 Short offline       Completed without error       00%     52164         -
# 2 Short offline       Completed without error       00%      4547         -

SMART Selective self-test log data structure revision number 1
SPAN MIN_LBA MAX_LBA CURRENT_TEST_STATUS
    1        0        0 Not_testing
    2        0        0 Not_testing
    3        0        0 Not_testing
    4        0        0 Not_testing
    5        0        0 Not_testing
255        0    65535 Read_scanning was never started
Selective self-test flags (0x0):
After scanning selected spans, do NOT read-scan remainder of disk.
If Selective self-test is pending on power-up, resume after 0 minute delay.

SCT Status Version:                  3
SCT Version (vendor specific):       256 (0x0100)
SCT Support Level:                   1
Device State:                        Active (0)
Current Temperature:                    29 Celsius
Power Cycle Min/Max Temperature:     26/29 Celsius
Lifetime    Min/Max Temperature:     14/49 Celsius
Under/Over Temperature Limit Count:   0/0

SCT Temperature History Version:     2
Temperature Sampling Period:         1 minute
Temperature Logging Interval:        10 minutes
Min/Max recommended Temperature:      0/70 Celsius
Min/Max Temperature Limit:            0/70 Celsius
Temperature History Size (Index):    128 (111)

Index    Estimated Time   Temperature Celsius
112    2024-02-29 20:20    32 *************
113    2024-02-29 20:30    32 *************
114    2024-02-29 20:40    32 *************
115    2024-02-29 20:50    29 **********
116    2024-02-29 21:00    28 *********
117    2024-02-29 21:10    29 **********
118    2024-02-29 21:20    29 **********
119    2024-02-29 21:30    28 *********
120    2024-02-29 21:40    28 *********
121    2024-02-29 21:50    29 **********
122    2024-02-29 22:00    29 **********
123    2024-02-29 22:10    29 **********
124    2024-02-29 22:20    28 *********
125    2024-02-29 22:30    29 **********
126    2024-02-29 22:40    29 **********
127    2024-02-29 22:50    30 ***********
   0    2024-02-29 23:00    30 ***********
   1    2024-02-29 23:10     ? -
   2    2024-02-29 23:20    28 *********
   3    2024-02-29 23:30    28 *********
   4    2024-02-29 23:40    28 *********
   5    2024-02-29 23:50    29 **********
   6    2024-03-01 00:00    26 *******
   7    2024-03-01 00:10    29 **********
   8    2024-03-01 00:20    29 **********
   9    2024-03-01 00:30    29 **********
10    2024-03-01 00:40    25 ******
11    2024-03-01 00:50    29 **********
12    2024-03-01 01:00    29 **********
13    2024-03-01 01:10    30 ***********
14    2024-03-01 01:20    26 *******
15    2024-03-01 01:30    25 ******
16    2024-03-01 01:40    29 **********
...    ..( 2 skipped).    .. **********
19    2024-03-01 02:10    29 **********
20    2024-03-01 02:20    27 ********
21    2024-03-01 02:30    25 ******
22    2024-03-01 02:40    24 *****
23    2024-03-01 02:50    25 ******
24    2024-03-01 03:00    24 *****
25    2024-03-01 03:10    27 ********
26    2024-03-01 03:20    29 **********
27    2024-03-01 03:30    24 *****
28    2024-03-01 03:40    25 ******
29    2024-03-01 03:50    26 *******
30    2024-03-01 04:00    27 ********
31    2024-03-01 04:10    28 *********
32    2024-03-01 04:20    29 **********
33    2024-03-01 04:30    27 ********
34    2024-03-01 04:40    25 ******
35    2024-03-01 04:50    30 ***********
36    2024-03-01 05:00    28 *********
37    2024-03-01 05:10    28 *********
38    2024-03-01 05:20    31 ************
39    2024-03-01 05:30    29 **********
40    2024-03-01 05:40    31 ************
41    2024-03-01 05:50    29 **********
42    2024-03-01 06:00    29 **********
43    2024-03-01 06:10    31 ************
44    2024-03-01 06:20    32 *************
45    2024-03-01 06:30    32 *************
46    2024-03-01 06:40    32 *************
47    2024-03-01 06:50    31 ************
48    2024-03-01 07:00    31 ************
49    2024-03-01 07:10    31 ************
50    2024-03-01 07:20    29 **********
51    2024-03-01 07:30    31 ************
52    2024-03-01 07:40    31 ************
53    2024-03-01 07:50    32 *************
54    2024-03-01 08:00    32 *************
55    2024-03-01 08:10    32 *************
56    2024-03-01 08:20    30 ***********
57    2024-03-01 08:30    28 *********
58    2024-03-01 08:40    32 *************
59    2024-03-01 08:50    31 ************
60    2024-03-01 09:00    32 *************
61    2024-03-01 09:10    31 ************
62    2024-03-01 09:20     ? -
63    2024-03-01 09:30    28 *********
64    2024-03-01 09:40    26 *******
65    2024-03-01 09:50    25 ******
66    2024-03-01 10:00    18 -
67    2024-03-01 10:10    18 -
68    2024-03-01 10:20    23 ****
69    2024-03-01 10:30    25 ******
70    2024-03-01 10:40    25 ******
71    2024-03-01 10:50    24 *****
72    2024-03-01 11:00    26 *******
73    2024-03-01 11:10    26 *******
74    2024-03-01 11:20    26 *******
75    2024-03-01 11:30    25 ******
76    2024-03-01 11:40    28 *********
77    2024-03-01 11:50    26 *******
78    2024-03-01 12:00    28 *********
79    2024-03-01 12:10    29 **********
80    2024-03-01 12:20    30 ***********
81    2024-03-01 12:30    26 *******
82    2024-03-01 12:40    29 **********
83    2024-03-01 12:50    30 ***********
...    ..( 4 skipped).    .. ***********
88    2024-03-01 13:40    30 ***********
89    2024-03-01 13:50    31 ************
90    2024-03-01 14:00     ? -
91    2024-03-01 14:10    30 ***********
92    2024-03-01 14:20    30 ***********
93    2024-03-01 14:30    31 ************
94    2024-03-01 14:40    29 **********
95    2024-03-01 14:50    31 ************
96    2024-03-01 15:00    31 ************
97    2024-03-01 15:10    28 *********
98    2024-03-01 15:20    29 **********
99    2024-03-01 15:30    30 ***********
100    2024-03-01 15:40    31 ************
101    2024-03-01 15:50    31 ************
102    2024-03-01 16:00    28 *********
103    2024-03-01 16:10    27 ********
104    2024-03-01 16:20    29 **********
105    2024-03-01 16:30    28 *********
106    2024-03-01 16:40    27 ********
107    2024-03-01 16:50    31 ************
108    2024-03-01 17:00    28 *********
109    2024-03-01 17:10     ? -
110    2024-03-01 17:20    26 *******
111    2024-03-01 17:30    29 **********

SCT Error Recovery Control:
           Read: Disabled
          Write: Disabled

Device Statistics (GP/SMART Log 0x04) not supported

SATA Phy Event Counters (GP Log 0x11)
ID      Size     Value Description
0x0001 2            0 Command failed due to ICRC error
0x0002 2            0 R_ERR response for data FIS
0x0003 2            0 R_ERR response for device-to-host data FIS
0x0004 2            0 R_ERR response for host-to-device data FIS
0x0005 2            0 R_ERR response for non-data FIS
0x0006 2            0 R_ERR response for device-to-host non-data FIS
0x0007 2            0 R_ERR response for host-to-device non-data FIS
0x0008 2            0 Device-to-host non-data FIS retries
0x0009 2            4 Transition from drive PhyRdy to drive PhyNRdy
0x000a 2            4 Device-to-host register FISes sent due to a COMRESET
0x000b 2            0 CRC errors within host-to-device FIS
0x000d 2            0 Non-CRC errors within host-to-device FIS
0x000f 2            0 R_ERR response for host-to-device data FIS, CRC
0x0010 2            0 R_ERR response for host-to-device data FIS, non-CRC
0x0012 2            0 R_ERR response for host-to-device non-data FIS, CRC
0x0013 2            0 R_ERR response for host-to-device non-data FIS, non-CRC

Edited by dog6611, 01 March 2024 - 05:54 PM.

#14 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
57,028 posts
OFFLINE

Gender:Male
Location:California
Local time:07:58 PM

Posted 02 March 2024 - 11:46 AM

Greetings.

Also the partition shows up as a separate volume instead of being part of (C:).

That is normal.

The GSmart report doesn't indicate any issues.

Does your computer freeze at any time other than watching videos?

We will follow up on the scanned and repaired notification.

i would like to uninstall and reinstall WinRaR a different way.

Please do these things.

===================================================

Uninstalling Programs Using Revo Uninstaller Free Portable

--------------------

Download Revo Uninstaller Free Portable and save it to your Desktop
Right click on the folder and select Extract All..., then click Extract
Double click on the RevoUninstaller-Portable folder
Right click on RevoUPort and select Run as administrator
Click OK on the License Agreement
From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)

WinRaR

If the program's uninstaller appears work through the steps to remove the program(s)
If a reboot prompt appears X out of the screen, do not reboot yet
Be sure the Advanced option is selected then click Scan
For each window that may appear identifying leftover items click Select All, Delete, then confirm the deletion
Once done click Finish
Reboot your computer
Following reboot reinstall WinRAR and check the performance

===================================================

Farbar Recovery Scan Tool Fix

--------------------

Right click on the FRST64 icon and select Run as administrator
Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
There is no need to paste the information anywhere, FRST64 will do it for you

Start::
cmd: fsutil dirty query c:
End::

Click Fix
When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

Freezing other than videos?
WinRaR working properly?
Fixlog

Gary

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#15 dog6611

Topic Starter

Members
70 posts
ONLINE

Local time:10:58 PM

Posted 02 March 2024 - 11:54 AM

I used Geek Uninstaller to uninstall Winrar, which should remove all leftover data. Ill give Revo a try though.

For freezing, it seems pretty random. Not specifically when watching videos. But it happens at complete random times.

Fix result of Farbar Recovery Scan Tool (x64) Version: 26.02.2024 01
Ran by Soggy (02-03-2024 11:54:02) Run:3
Running from E:\Downloads\Bleeping Tools
Loaded Profiles: Soggy
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
cmd: fsutil dirty query c:
End::
*****************

========= fsutil dirty query c: =========

Volume - c: is NOT Dirty

========= End of CMD: =========

==== End of Fixlog 11:54:03 ====