Welcome
RKill is a program developed at BleepingComputer.com that was originally designed for the use in our virus removal guides. It was created so that we could have an easy to use tool that kills known processes and remove Windows Registry entries that stop a user from using their normal security applications. Simple as that. Nothing fancy. Just kill known malware processes and clean up some Registry keys so that your security programs can do their job.
So in summary, RKill just kills 32-bit and 64-bit malware processes and scans the registry for entries that would not allow you to run various legitimate programs. When scanning the Registry, Rkill will search for malicious Image File Execution Objects, DisallowRuns entries, executable hijacks, and policies that restrict your use of various Windows utilities. When changing Windows Registry entries it will create a backup of these entries and save them in the rkill folder on your desktop. Each registry backup will contain a time stamp so that the backups are not overwritten on subsequent runs of Rkill.
Since RKill only terminates processes and does not remove the offending files, when it is finished you should not reboot your computer. If you do, these malware processes that are set to start automatically, will just start up again. Instead, after running RKill you should scan your computer using your malware removal tool of choice. If there is a problem after running RKill, just reboot your computer and you will be back to where you started before running the program.
RKill can be downloaded from the following location:
http://www.bleepingcomputer.com/download/rkill/
A report, rkill.log will be created in the root directory, usualy C:. Post that report on your next reply.
Do not restart the computer after running Rkill, and follow these steps:
Please download Farbar Recovery Scan Tool and save it to your desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
- Right click FRST(64) and select Run as administrator.
- Make sure that under Optional Scans, there is a checkmark on Addition.txt.
- Press Scan button.
- It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
- The tool will also produce another log (Addition.txt ). Please attach this to your reply.
i run farbar in safemode, and do the scan
this the FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-05-2021
Ran by LEGEND (administrator) on DESKTOP-UFKFA32 (LENOVO 81FV) (16-05-2021 08:23:13)
Running from D:Downloadz
Loaded Profiles: LEGEND
Platform: Windows 10 Home Version 20H2 19042.985 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Safe Mode (with Networking)
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Malwarebytes Inc -> Malwarebytes) D:ProgramFilezMBAMMBAMService.exe
(Malwarebytes Inc -> Malwarebytes) D:ProgramFilezMBAMmbamtray.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsHelpPane.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32smartscreen.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM…Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => D:ProgramFilezCOMODOCOMODO Internet Securitycis.exe [13190952 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
HKLM…Run: [RtkAudUService] => C:WindowsSystem32RtkAudUService64.exe [865568 2019-03-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM…Run: [Riot Vanguard] => C:Program FilesRiot Vanguardvgtray.exe [564096 2021-05-04] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM-x32…Run: [IseUI] => C:Program Files (x86)COMODOInternet Security Essentialsvkise.exe [4187856 2019-01-29] (Comodo Security Solutions, Inc. -> COMODO)
HKLM-x32…Run: [SDTray] => D:ProgramFilezSpybot – Search & Destroy 2SDTray.exe [6787856 2019-03-19] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKLM-x32…Run: [Malwarebytes Anti-Exploit] => D:ProgramFilezMalwarebytes Anti-Exploitmbae.exe [2481832 2021-03-09] (Malwarebytes Inc -> Malwarebytes Corporation)
HKLMSOFTWAREPoliciesMicrosoftWindows Defender: Restriction <==== ATTENTION
HKUS-1-5-21-1137129469-1377650283-1728635483-1001…Run: [Gaijin.Net Updater] => C:UsersLEGENDAppDataLocalGaijinProgram Files (x86)NetAgentgjagent.exe [2374376 2021-05-07] (Gaijin Network LTD -> Gaijin)
BootExecute: autocheck autochk * sdnclean64.exe
HKLMSOFTWAREPoliciesMozillaFirefox: Restriction <==== ATTENTION
HKLMSOFTWAREPoliciesGoogle: Restriction <==== ATTENTION
HKUS-1-5-21-1137129469-1377650283-1728635483-1001SOFTWAREPoliciesGoogle: Restriction <==== ATTENTION
HKLMSOFTWAREPoliciesMicrosoftEdge: Restriction <==== ATTENTION
HKUS-1-5-21-1137129469-1377650283-1728635483-1001SOFTWAREPoliciesMicrosoftEdge: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0BA34FFC-880B-4F97-A947-449B89343476} – System32TasksCOMODOCOMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => D:ProgramFilezCOMODOCOMODO Internet Securitycfpconfg.exe [5758488 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {25452641-B18D-4B8B-A20D-A1C8C5E67DF5} – System32TasksNVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNVIDIA GeForce ExperienceNVIDIA GeForce Experience.exe [3336560 2021-04-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {27F5B120-F1B9-4578-890D-91D16496FC48} – System32TasksNvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2AF2B5AA-87BC-4064-A6E2-24E8859BDC2D} – System32TasksSafer-NetworkingSpybot – Search and DestroyScan the system => D:ProgramFilezSpybot – Search & Destroy 2SDScan.exe [6189624 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {2D58743F-64B5-47E8-86A3-CC91F918958D} – System32TasksSafer-NetworkingSpybot – Search and DestroyRefresh immunization => D:ProgramFilezSpybot – Search & Destroy 2SDImmunize.exe [5723640 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {369F00E9-E6E8-40C0-8AD6-BD3F4D9F6AF2} – System32TasksNvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4266CF7A-DFC3-46E3-B077-A37BBDBF8128} – System32TasksCOMODOCOMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => D:ProgramFilezCOMODOCOMODO Internet Securitycfpconfg.exe [5758488 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {6686C3A9-C40D-4F46-B6CD-45971895DF48} – System32TasksNvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe [874472 2020-09-28] (NVIDIA Corporation -> NVIDIA Corporation) -> -d “C:Program FilesNVIDIA CorporationNvBackendNvBatteryBoostCheck” -l 3 -f C:ProgramDataNVIDIANvContainerBatteryBoostCheck.log
Task: {7A102B85-94C6-4247-9CEF-89A03F9B2AF9} – System32TasksCOMODOCOMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => D:ProgramFilezCOMODOCOMODO Internet Securitycfpconfg.exe [5758488 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {8F362AAE-E8E6-49CF-B584-07F76277CDBC} – System32TasksNvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8FB46B2D-0DDD-447A-887A-A78E73A490AC} – System32TasksNvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationUpdate CoreNvProfileUpdater64.exe [905584 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9A68825E-FF64-4525-8746-3FF42486E57C} – System32TasksBitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:Program FilesBitdefender AgentWatchDog.exe [888232 2021-01-29] (Bitdefender SRL -> Bitdefender)
Task: {9B7C00E7-4776-4ACF-A82C-8C1A027E2DA7} – System32TasksCOMODOCOMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921} => D:ProgramFilezCOMODOCOMODO Internet Securitycis.exe [13190952 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {AB17C1AC-AEFD-4A41-954C-D430F816E774} – System32TasksCOMODOCOMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => D:ProgramFilezCOMODOCOMODO Internet Securitycis.exe [13190952 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {C5E47B67-ACDB-425E-97CC-B09687EE5EC5} – System32TasksSafer-NetworkingSpybot Anti-BeaconRefresh Spybot Anti-Beacon immunization => C:Program Files (x86)Safer-Networking LtdSpybot Anti-BeaconSpybot3AntiBeacon.exe [9469648 2021-04-29] (Safer-Networking Ltd. -> )
Task: {CDD75CE9-B247-498D-BD20-E8828DCDB4AE} – System32TasksCOMODOCOMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => D:ProgramFilezCOMODOCOMODO Internet Securitycfpconfg.exe [5758488 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {D88DEA98-E563-4DFB-BF44-13E4AC8AD8AB} – System32TasksNvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D8D4CDDC-354C-4830-BB8A-605985DADBF6} – System32TasksNvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe [874472 2020-09-28] (NVIDIA Corporation -> NVIDIA Corporation) -> -d “C:Program FilesNVIDIA CorporationNvDriverUpdateCheck” -l 3 -f C:ProgramDataNVIDIANvContainerDriverUpdateCheck.log
Task: {D974BED7-A783-49DC-928B-9AAA7B5DC463} – System32TasksNvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program Files (x86)NVIDIA CorporationNvNodenvnodejslauncher.exe [645488 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E44998DF-C39C-41EF-A765-21DA17C5F6C5} – System32TasksCOMODOCOMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => D:ProgramFilezCOMODOCOMODO Internet Securitycfpconfg.exe [5758488 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {F3E26D33-7C05-43A8-BB64-A309FED30748} – System32TasksNvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationUpdate CoreNvProfileUpdater64.exe [905584 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F47B5EE4-2457-48C8-9106-EA1F11750B34} – System32TasksSafer-NetworkingSpybot – Search and DestroyCheck for updates => D:ProgramFilezSpybot – Search & Destroy 2SDUpdate.exe [7177168 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:WindowsTasksCreateExplorerShellUnelevatedTask.job => C:Windowsexplorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
TcpipParameters: [DhcpNameServer] 192.168.2.212
Tcpip..Interfaces{822555ae-25b8-45f8-9f88-37cb44463c85}: [NameServer] 9.9.9.11,149.112.112.11
Tcpip..Interfaces{822555ae-25b8-45f8-9f88-37cb44463c85}: [DhcpNameServer] 192.168.2.212
Tcpip..Interfaces{994fdd3b-2a68-4d6e-b26b-2c0d11633024}: [NameServer] 9.9.9.11,149.112.112.11
Tcpip..Interfaces{994fdd3b-2a68-4d6e-b26b-2c0d11633024}: [DhcpNameServer] 192.168.2.246
Edge:
=======
Edge Profile: C:UsersLEGENDAppDataLocalMicrosoftEdgeUser DataDefault [2021-05-16]
FireFox:
========
FF DefaultProfile: bwdior35.default
FF ProfilePath: C:UsersLEGENDAppDataRoamingMozillaFirefoxProfilesbwdior35.default [2021-05-09]
FF ProfilePath: C:UsersLEGENDAppDataRoamingMozillaFirefoxProfilesg07ld4ar.default-release [2021-05-16]
FF DownloadDir: D:Downloadz
FF Extension: (Facebook Container) – C:UsersLEGENDAppDataRoamingMozillaFirefoxProfilesg07l[email protected] [2021-05-10]
FF Extension: (Firefox Multi-Account Containers) – C:UsersLEGENDAppDataRoamingMozillaFirefoxProfilesg07ld4ar[email protected] [2021-05-10]
FF Extension: (Browsec VPN – Free VPN for Firefox) – C:UsersLEGENDAppDataRoamingMozillaFirefoxProfilesg07ld4[email protected] [2021-05-15]
FF Extension: (Clear Cache) – C:UsersLEGENDAppDataRoamingMozillaFirefoxProfilesg07ld4ar.defaul[email protected] [2021-05-09]
FF Extension: (Cookie AutoDelete) – C:UsersLEGENDAppDataRoamingMozillaFirefoxProfilesg07ld4ar.defaul[email protected] [2021-05-09]
FF Extension: (Ghostery – Privacy Ad Blocker) – C:UsersLEGENDAppDataRoamingMozillaFirefoxProfilesg07ld4a[email protected] [2021-05-15]
FF Extension: (HTTPS Everywhere) – C:UsersLEGENDAppDataRoamingMozillaFirefoxProfilesg07ld4ar.de[email protected] [2021-05-09]
FF Extension: (Privacy Badger) – C:UsersLEGENDAppDataRoamingMozillaFirefoxProfilesg07ld4ar.defau[email protected] [2021-05-09]
FF Extension: (DuckDuckGo Privacy Essentials) – C:UsersLEGENDAppDataRoamingMozillaFirefoxProfilesg07ld4ar.defau[email protected] [2021-05-12]
FF Extension: (TrafficLight) – C:UsersLEGENDAppDataRoamingMozillaFirefoxProfilesg07ld4ar.defaul[email protected] [2021-05-09]
FF Extension: (uBlock Origin) – C:UsersLEGENDAppDataRoamingMozillaFirefoxProfilesg07ld4ar.d[email protected] [2021-05-09]
FF Extension: (FFX Developer Ayu Dark) – C:UsersLEGENDAppDataRoamingMozillaFirefoxProfilesg07ld4ar.default-releaseExtensions{05142269-fbc1-4883-908d-f596287d95ab}.xpi [2021-05-09]
FF Extension: (Malwarebytes Browser Guard) – C:UsersLEGENDAppDataRoamingMozillaFirefoxProfilesg07ld4ar.default-releaseExtensions{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2021-05-13]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 bdredline; C:Program FilesBitdefender Antivirus Freebdredline.exe [2461792 2019-03-27] (Bitdefender SRL -> Bitdefender)
S2 CmdAgent; D:ProgramFilezCOMODOCOMODO Internet Securitycmdagent.exe [11334144 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
S2 CmdAgentProt; D:ProgramFilezCOMODOCOMODO Internet Securitycmdagent.exe [11334144 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
S3 cmdvirth; D:ProgramFilezCOMODOCOMODO Internet Securitycmdvirth.exe [2675504 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
S3 EasyAntiCheat; C:Program Files (x86)EasyAntiCheatEasyAntiCheat.exe [803440 2020-11-03] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 FvSvc; C:Program FilesNVIDIA CorporationFrameViewSDKnvfvsdksvc_x64.exe [409456 2021-03-30] (NVIDIA Corporation -> NVIDIA)
S2 isesrv; C:Program Files (x86)COMODOInternet Security Essentialsisesrv.exe [1044176 2019-01-29] (Comodo Security Solutions, Inc. -> COMODO)
S2 MbaeSvc; D:ProgramFilezMalwarebytes Anti-Exploitmbae-svc.exe [152744 2021-03-09] (Malwarebytes Inc -> Malwarebytes Corporation)
R2 MBAMService; D:ProgramFilezMBAMMBAMService.exe [7391408 2021-05-06] (Malwarebytes Inc -> Malwarebytes)
S2 ProductAgentService; C:Program FilesBitdefender AgentProductAgentService.exe [1358248 2021-01-29] (Bitdefender SRL -> Bitdefender)
S2 SDScannerService; D:ProgramFilezSpybot – Search & Destroy 2SDFSSvc.exe [2747312 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S2 SDUpdateService; D:ProgramFilezSpybot – Search & Destroy 2SDUpdSvc.exe [4583240 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S2 SDWSCService; D:ProgramFilezSpybot – Search & Destroy 2SDWSCSvc.exe [940976 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S2 updatesrv; C:Program FilesBitdefender Antivirus Freeupdatesrv.exe [236128 2020-11-26] (Bitdefender SRL -> Bitdefender)
S3 vgc; C:Program FilesRiot Vanguardvgc.exe [10316656 2021-05-04] (Riot Games, Inc. -> Riot Games, Inc.)
S2 vsserv; C:Program FilesBitdefender Antivirus Freevsserv.exe [559200 2021-04-02] (Bitdefender SRL -> Bitdefender)
S2 vsservppl; C:Program FilesBitdefender Antivirus Freevsservppl.exe [240352 2020-11-26] (Bitdefender SRL -> Bitdefender)
S3 WdNisSvc; C:Program FilesWindows DefenderNisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:Program FilesWindows DefenderMsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 NVDisplay.ContainerLocalSystem; C:WindowsSystem32DriverStoreFileRepositorynvlti.inf_amd64_3d3405e2f3440970Display.NvContainerNVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%NVIDIANVDisplay.ContainerLocalSystem.log -l 3 -d C:WindowsSystem32DriverStoreFileRepositorynvlti.inf_amd64_3d3405e2f3440970Display.NvContainerpluginsLocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystemLocalSystem
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S1 atc; C:WindowsSystem32DRIVERSatc.sys [2718744 2021-02-26] (Bitdefender SRL -> Bitdefender S.R.L. Bucharest, ROMANIA)
S2 BdDci; C:Windowssystem32DRIVERSbddci.sys [802976 2020-12-04] (Bitdefender SRL -> Bitdefender)
S0 bdelam; C:WindowsSystem32driversbdelam.sys [22976 2020-12-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
S0 cmdboot; C:WindowsSystem32DRIVERScmdboot.sys [17576 2019-10-22] (Microsoft Windows Early Launch Anti-malware Publisher -> COMODO)
R1 cmderd; C:WindowsSystem32DRIVERScmderd.sys [38880 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
S1 cmdGuard; C:WindowsSystem32DRIVERScmdguard.sys [844000 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
R1 cmdhlp; C:Windowssystem32DRIVERScmdhlp.sys [47104 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
S3 edrsensor; C:WindowsSystem32DRIVERSedrsensor.sys [309120 2020-02-03] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
S1 Gemma; C:WindowsSystem32DRIVERSgemma.sys [488592 2021-02-16] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R1 inspect; C:Windowssystem32DRIVERSinspect.sys [130256 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
S1 isedrv; C:Windowssystem32driversisedrv.sys [63256 2018-08-29] (Comodo Security Solutions, Inc. -> COMODO)
R0 MBAMChameleon; C:WindowsSystem32DriversMbamChameleon.sys [220752 2021-05-09] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:WindowsSystem32DRIVERSMbamElam.sys [19912 2021-05-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:WindowsSystem32Driversmbamswissarmy.sys [248992 2021-05-16] (Malwarebytes Inc -> Malwarebytes)
S0 Spybot3ELAM; C:WindowsSystem32driversSpybot3ELAM.sys [19904 2019-06-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Windows ® Win 7 DDK provider)
S2 trufos; C:WindowsSystem32driverstrufos.sys [641728 2021-02-26] (Bitdefender SRL -> Bitdefender)
S1 vgk; C:Program FilesRiot Vanguardvgk.sys [8144352 2021-05-04] (Riot Games, Inc. -> Riot Games, Inc.)
S0 vlflt; C:WindowsSystem32DRIVERSvlflt.sys [386800 2020-10-20] (Bitdefender SRL -> Bitdefender)
S3 VSScanner; C:WindowsSystem32DRIVERSvsscanner.sys [29752 2018-06-25] (Microsoft Windows Hardware Compatibility Publisher -> VoodooSoft, LLC)
S3 WdBoot; C:Windowssystem32driversWdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:Windowssystem32driversWdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:WindowsSystem32DriversWdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Three months (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-05-16 08:22 – 2021-05-16 08:24 – 000000000 ____D C:FRST
2021-05-16 08:11 – 2021-05-16 08:15 – 000000214 _____ C:WindowsTasksCreateExplorerShellUnelevatedTask.job
2021-05-16 08:10 – 2021-05-16 08:10 – 000000000 ____D C:Windowspss
2021-05-16 05:34 – 2021-05-16 08:11 – 000002340 _____ C:Windowssystem32Driversfvstore.dat
2021-05-14 16:00 – 2021-05-14 16:00 – 000000000 ____D C:Program FilesRiot Vanguard
2021-05-14 15:59 – 2021-05-14 16:00 – 000000000 ____D C:Riot Games
2021-05-14 15:58 – 2021-05-15 20:49 – 000000000 ____D C:ProgramDataRiot Games
2021-05-14 15:58 – 2021-05-14 16:55 – 000000000 ____D C:UsersLEGENDAppDataLocalRiot Games
2021-05-14 15:52 – 2021-05-15 19:58 – 000000000 ____D C:Program Files (x86)Origin Games
2021-05-14 05:10 – 2021-05-14 05:10 – 000000000 ____D C:UsersLEGENDAppDataLocalLowTemp
2021-05-14 03:25 – 2021-05-14 03:27 – 000000524 _____ C:Windowssystem32Driversetchosts.ics
2021-05-13 16:20 – 2021-05-15 15:52 – 000000000 ____D C:ProgramDataMalwarebytes Anti-Exploit
2021-05-13 16:20 – 2021-05-13 16:23 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes Anti-Exploit
2021-05-12 08:42 – 2021-05-14 14:53 – 000000000 ____D C:UsersLEGENDAppDataRoamingGodot
2021-05-12 06:57 – 2021-05-12 06:57 – 000000000 ___HD C:Program FilesCommon FilesEAInstaller
2021-05-12 06:57 – 2021-05-12 06:57 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsApex Legends
2021-05-12 02:11 – 2021-05-12 02:11 – 002755584 _____ (Microsoft Corporation) C:WindowsSysWOW64mshtml.tlb
2021-05-12 02:11 – 2021-05-12 02:11 – 001687040 _____ C:Windowssystem32libcrypto.dll
2021-05-12 02:11 – 2021-05-12 02:11 – 000700928 _____ C:Windowssystem32FsNVSDeviceSource.dll
2021-05-12 02:10 – 2021-05-12 02:10 – 002755584 _____ (Microsoft Corporation) C:Windowssystem32mshtml.tlb
2021-05-12 02:10 – 2021-05-12 02:10 – 001314120 _____ (Microsoft Corporation) C:Windowssystem32SecConfig.efi
2021-05-12 02:10 – 2021-05-12 02:10 – 001163776 _____ C:Windowssystem32MBR2GPT.EXE
2021-05-12 02:10 – 2021-05-12 02:10 – 000011351 _____ C:Windowssystem32DrtmAuthTxt.wim
2021-05-12 02:09 – 2021-05-12 02:09 – 001823816 _____ (Microsoft Corporation) C:Windowssystem32winload.efi
2021-05-12 02:09 – 2021-05-12 02:09 – 001393504 _____ (Microsoft Corporation) C:Windowssystem32winresume.efi
2021-05-12 02:09 – 2021-05-12 02:09 – 000165888 _____ C:Windowssystem32DataStoreCacheDumpTool.exe
2021-05-12 02:09 – 2021-05-12 02:09 – 000060928 _____ C:Windowssystem32runexehelper.exe
2021-05-12 02:09 – 2021-05-12 02:09 – 000013312 _____ C:Windowssystem32agentactivationruntimestarter.exe
2021-05-11 14:07 – 2021-05-16 08:11 – 001474832 _____ C:Windowssystem32Driverssfi.dat
2021-05-11 14:04 – 2021-05-11 14:04 – 000001129 _____ C:UsersPublicDesktopCOMODO Internet Security Premium.lnk
2021-05-11 14:04 – 2021-05-11 14:04 – 000001129 _____ C:ProgramDataDesktopCOMODO Internet Security Premium.lnk
2021-05-11 12:33 – 2021-05-11 12:33 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsCall of Duty Modern Warfare
2021-05-11 11:59 – 2021-05-12 01:42 – 000000000 ____D C:Windowssystem32MRT
2021-05-10 11:56 – 2021-05-10 11:56 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsBattle.net
2021-05-10 11:51 – 2021-05-10 11:51 – 000000000 ____D C:UsersLEGENDAppDataLocalBlizzard Entertainment
2021-05-10 11:49 – 2021-05-10 11:50 – 000000000 ____D C:ProgramDataBattle.net
2021-05-10 09:26 – 2021-05-10 09:26 – 000000000 ____D C:ProgramDataBlizzard Entertainment
2021-05-10 09:24 – 2021-05-15 03:33 – 000000000 ____D C:UsersLEGENDAppDataLocalBattle.net
2021-05-10 09:24 – 2021-05-10 09:26 – 000000000 ____D C:UsersLEGENDAppDataRoamingBattle.net
2021-05-10 07:19 – 2021-05-10 07:19 – 000000000 ____D C:UsersLEGENDAppDataLocalLowRoark_AoTFG
2021-05-10 06:43 – 2020-08-14 00:59 – 000043416 _____ (NVIDIA Corporation) C:Windowssystem32DriversNvModuleTracker.sys
2021-05-10 02:14 – 2021-05-10 02:14 – 000000000 ____D C:UsersLEGENDAppDataLocalSteam
2021-05-10 00:12 – 2021-05-10 00:14 – 000000000 ____D C:UsersLEGENDAppDataLocalenlisted
2021-05-10 00:12 – 2021-05-10 00:12 – 000000000 ____D C:UsersLEGENDDocumentsMy Games
2021-05-10 00:12 – 2021-05-10 00:12 – 000000000 ____D C:ProgramDataenlisted
2021-05-10 00:11 – 2021-05-12 06:59 – 000000000 ____D C:UsersLEGENDAppDataRoamingEasyAntiCheat
2021-05-10 00:11 – 2021-05-10 00:12 – 000000000 ____D C:Program Files (x86)EasyAntiCheat
2021-05-10 00:10 – 2021-05-10 00:10 – 000000000 ____D C:UsersLEGENDAppDataLocalGaijin
2021-05-10 00:10 – 2021-05-10 00:10 – 000000000 ____D C:ProgramDataGaijin
2021-05-10 00:09 – 2021-05-15 19:58 – 000000000 ____D C:UsersLEGENDAppDataRoamingOrigin
2021-05-10 00:09 – 2021-05-15 19:58 – 000000000 ____D C:ProgramDataOrigin
2021-05-10 00:09 – 2021-05-15 19:21 – 000000000 ____D C:UsersLEGENDAppDataLocalOrigin
2021-05-10 00:09 – 2021-05-12 06:57 – 000000000 ____D C:ProgramDataElectronic Arts
2021-05-10 00:09 – 2021-05-10 00:09 – 000000000 ____D C:UsersLEGEND.QtWebEngineProcess
2021-05-10 00:09 – 2021-05-10 00:09 – 000000000 ____D C:UsersLEGEND.Origin
2021-05-09 23:39 – 2021-05-09 23:39 – 000000000 ____D C:UsersLEGENDAppDataLocalElevatedDiagnostics
2021-05-09 20:14 – 2021-05-09 20:14 – 000000000 ____D C:ProgramDataIntel
2021-05-09 20:06 – 2021-05-09 20:06 – 000581120 _____ (Microsoft Corporation) C:Windowssystem32PhotoScreensaver.scr
2021-05-09 20:06 – 2021-05-09 20:06 – 000575488 _____ (Microsoft Corporation) C:WindowsSysWOW64hhctrl.ocx
2021-05-09 20:06 – 2021-05-09 20:06 – 000499200 _____ (Microsoft Corporation) C:WindowsSysWOW64PhotoScreensaver.scr
2021-05-09 20:06 – 2021-05-09 20:06 – 000469504 _____ (Microsoft Corporation) C:WindowsSysWOW64appwiz.cpl
2021-05-09 20:06 – 2021-05-09 20:06 – 000304128 _____ (Microsoft Corporation) C:Windowssystem32ksproxy.ax
2021-05-09 20:06 – 2021-05-09 20:06 – 000234496 _____ (Microsoft Corporation) C:WindowsSysWOW64ksproxy.ax
2021-05-09 20:06 – 2021-05-09 20:06 – 000170496 _____ (Microsoft Corporation) C:Windowssystem32VBICodec.ax
2021-05-09 20:06 – 2021-05-09 20:06 – 000135168 _____ (Microsoft Corporation) C:WindowsSysWOW64VBICodec.ax
2021-05-09 20:06 – 2021-05-09 20:06 – 000095744 _____ C:Windowssystem32VirtualMonitorManager.dll
2021-05-09 20:06 – 2021-05-09 20:06 – 000084992 _____ (Microsoft Corporation) C:Windowssystem32wscui.cpl
2021-05-09 20:06 – 2021-05-09 20:06 – 000072704 _____ (Microsoft Corporation) C:WindowsSysWOW64tdc.ocx
2021-05-09 20:06 – 2021-05-09 20:06 – 000067584 _____ (Microsoft Corporation) C:WindowsSysWOW64wscui.cpl
2021-05-09 20:06 – 2021-05-09 20:06 – 000053760 _____ C:WindowsSysWOW64BWContextHandler.dll
2021-05-09 20:05 – 2021-05-09 20:05 – 001333760 _____ C:WindowsSysWOW64TextInputMethodFormatter.dll
2021-05-09 20:05 – 2021-05-09 20:05 – 000729600 _____ (Microsoft Corporation) C:Windowssystem32hhctrl.ocx
2021-05-09 20:05 – 2021-05-09 20:05 – 000611952 _____ C:WindowsSysWOW64TextShaping.dll
2021-05-09 20:05 – 2021-05-09 20:05 – 000595968 _____ (Microsoft Corporation) C:Windowssystem32appwiz.cpl
2021-05-09 20:05 – 2021-05-09 20:05 – 000455680 _____ C:WindowsSysWOW64WindowManagementAPI.dll
2021-05-09 20:05 – 2021-05-09 20:05 – 000446976 _____ (Microsoft Corporation) C:WindowsSysWOW64mmsys.cpl
2021-05-09 20:05 – 2021-05-09 20:05 – 000422912 _____ (Microsoft Corporation) C:WindowsSysWOW64winspool.drv
2021-05-09 20:05 – 2021-05-09 20:05 – 000330752 _____ C:WindowsSysWOW64ssdm.dll
2021-05-09 20:05 – 2021-05-09 20:05 – 000266240 _____ C:WindowsSysWOW64Windows.Internal.UI.Shell.WindowTabManager.dll
2021-05-09 20:05 – 2021-05-09 20:05 – 000240640 _____ C:WindowsSysWOW64CoreMas.dll
2021-05-09 20:05 – 2021-05-09 20:05 – 000235520 _____ C:WindowsSysWOW64HeatCore.dll
2021-05-09 20:05 – 2021-05-09 20:05 – 000182272 _____ (Microsoft Corporation) C:WindowsSysWOW64timedate.cpl
2021-05-09 20:05 – 2021-05-09 20:05 – 000178688 _____ (Microsoft Corporation) C:WindowsSysWOW64intl.cpl
2021-05-09 20:05 – 2021-05-09 20:05 – 000102912 _____ (Microsoft Corporation) C:Windowssystem32ncpa.cpl
2021-05-09 20:05 – 2021-05-09 20:05 – 000100864 _____ (Microsoft Corporation) C:WindowsSysWOW64ncpa.cpl
2021-05-09 20:05 – 2021-05-09 20:05 – 000087552 _____ (Microsoft Corporation) C:Windowssystem32tdc.ocx
2021-05-09 20:05 – 2021-05-09 20:05 – 000067072 _____ C:Windowssystem32BWContextHandler.dll
2021-05-09 20:05 – 2021-05-09 20:05 – 000039936 _____ (Adobe Systems) C:WindowsSysWOW64atmlib.dll
2021-05-09 20:05 – 2021-05-09 20:05 – 000010752 _____ C:WindowsSysWOW64agentactivationruntimestarter.exe
2021-05-09 20:04 – 2021-05-09 20:04 – 002260992 _____ C:Windowssystem32TextInputMethodFormatter.dll
2021-05-09 20:04 – 2021-05-09 20:04 – 002254336 _____ C:Windowssystem32dwmscene.dll
2021-05-09 20:04 – 2021-05-09 20:04 – 000707016 _____ C:Windowssystem32TextShaping.dll
2021-05-09 20:04 – 2021-05-09 20:04 – 000643072 _____ C:Windowssystem32WindowManagementAPI.dll
2021-05-09 20:04 – 2021-05-09 20:04 – 000544768 _____ (Microsoft Corporation) C:Windowssystem32mmsys.cpl
2021-05-09 20:04 – 2021-05-09 20:04 – 000306688 _____ C:Windowssystem32HeatCore.dll
2021-05-09 20:04 – 2021-05-09 20:04 – 000238592 _____ (Microsoft Corporation) C:Windowssystem32intl.cpl
2021-05-09 20:04 – 2021-05-09 20:04 – 000231248 _____ C:Windowssystem32containerdevicemanagement.dll
2021-05-09 20:04 – 2021-05-09 20:04 – 000190976 _____ C:Windowssystem32BthpanContextHandler.dll
2021-05-09 20:04 – 2021-05-09 20:04 – 000152064 _____ C:Windowssystem32EoAExperiences.exe
2021-05-09 20:04 – 2021-05-09 20:04 – 000091136 _____ C:Windowssystem32Driverscimfs.sys
2021-05-09 20:04 – 2021-05-09 20:04 – 000048640 _____ (Adobe Systems) C:Windowssystem32atmlib.dll
2021-05-09 20:04 – 2021-05-09 20:04 – 000001370 _____ C:Windowssystem32ThirdPartyNoticesBySHS.txt
2021-05-09 20:03 – 2021-05-09 20:03 – 000562688 _____ (Microsoft Corporation) C:Windowssystem32winspool.drv
2021-05-09 20:03 – 2021-05-09 20:03 – 000455168 _____ C:Windowssystem32ssdm.dll
2021-05-09 20:03 – 2021-05-09 20:03 – 000363520 _____ C:Windowssystem32Windows.Internal.UI.Shell.WindowTabManager.dll
2021-05-09 20:03 – 2021-05-09 20:03 – 000287232 _____ C:Windowssystem32CoreMas.dll
2021-05-09 20:03 – 2021-05-09 20:03 – 000243200 _____ (Microsoft Corporation) C:Windowssystem32timedate.cpl
2021-05-09 20:03 – 2021-05-09 20:03 – 000089088 _____ C:Windowssystem32windows.applicationmodel.conversationalagent.proxystub.dll
2021-05-09 20:03 – 2021-05-09 20:03 – 000074240 _____ C:Windowssystem32rdsxvmaudio.dll
2021-05-09 20:03 – 2021-05-09 20:03 – 000073216 _____ C:Windowssystem32windows.applicationmodel.conversationalagent.internal.proxystub.dll
2021-05-09 19:54 – 2021-05-16 03:01 – 000000000 __SHD C:UsersLEGENDIntelGraphicsProfiles
2021-05-09 19:54 – 2021-05-09 19:55 – 000000000 ____D C:UsersLEGENDAppDataLocalIntel
2021-05-09 19:53 – 2021-05-16 03:01 – 000000000 ____D C:Intel
2021-05-09 19:53 – 2021-05-09 19:53 – 000000000 ____D C:UsersLEGENDAppDataLocalLowIntel
2021-05-09 19:53 – 2021-05-09 19:53 – 000000000 _____ C:Windowssystem32GfxValDisplayLog.bin
2021-05-09 19:52 – 2021-01-25 10:06 – 000462640 _____ C:Windowssystem32ze_loader.dll
2021-05-09 19:52 – 2021-01-25 10:06 – 000148808 _____ C:Windowssystem32ze_validation_layer.dll
2021-05-09 19:52 – 2021-01-25 10:05 – 026677040 _____ (Intel Corporation) C:Windowssystem32mfxplugin64_hw.dll
2021-05-09 19:52 – 2021-01-25 10:05 – 013520168 _____ (Intel Corporation) C:WindowsSysWOW64mfxplugin32_hw.dll
2021-05-09 19:52 – 2021-01-25 10:05 – 000306000 _____ C:Windowssystem32libmfxhw64.dll
2021-05-09 19:52 – 2021-01-25 10:05 – 000254528 _____ C:WindowsSysWOW64libmfxhw32.dll
2021-05-09 19:52 – 2021-01-25 10:05 – 000171472 _____ (Intel Corporation) C:Windowssystem32intel_gfx_api-x64.dll
2021-05-09 19:52 – 2021-01-25 10:05 – 000146760 _____ (Intel Corporation) C:WindowsSysWOW64intel_gfx_api-x86.dll
2021-05-09 19:51 – 2021-05-09 19:51 – 000000000 ____D C:Program FilesMicrosoft Update Health Tools
2021-05-09 19:46 – 2021-05-09 19:46 – 000000000 ____D C:Windowssystem32lxss
2021-05-09 19:44 – 2021-04-27 14:16 – 001855192 _____ C:Windowssystem32vulkaninfo-1-999-0-0-0.exe
2021-05-09 19:44 – 2021-04-27 14:16 – 001855192 _____ C:Windowssystem32vulkaninfo.exe
2021-05-09 19:44 – 2021-04-27 14:16 – 001453344 _____ (Khronos Group) C:Windowssystem32OpenCL.dll
2021-05-09 19:44 – 2021-04-27 14:16 – 001435864 _____ C:WindowsSysWOW64vulkaninfo-1-999-0-0-0.exe
2021-05-09 19:44 – 2021-04-27 14:16 – 001435864 _____ C:WindowsSysWOW64vulkaninfo.exe
2021-05-09 19:44 – 2021-04-27 14:16 – 001192736 _____ (Khronos Group) C:WindowsSysWOW64OpenCL.dll
2021-05-09 19:44 – 2021-04-27 14:16 – 001094880 _____ C:Windowssystem32vulkan-1-999-0-0-0.dll
2021-05-09 19:44 – 2021-04-27 14:16 – 001094880 _____ C:Windowssystem32vulkan-1.dll
2021-05-09 19:44 – 2021-04-27 14:16 – 000948952 _____ C:WindowsSysWOW64vulkan-1-999-0-0-0.dll
2021-05-09 19:44 – 2021-04-27 14:16 – 000948952 _____ C:WindowsSysWOW64vulkan-1.dll
2021-05-09 19:44 – 2021-04-27 14:13 – 000715544 _____ C:Windowssystem32nvofapi64.dll
2021-05-09 19:44 – 2021-04-27 14:13 – 000626976 _____ (NVIDIA Corporation) C:Windowssystem32nvml.dll
2021-05-09 19:44 – 2021-04-27 14:13 – 000575760 _____ C:WindowsSysWOW64nvofapi.dll
2021-05-09 19:44 – 2021-04-27 14:12 – 002106144 _____ (NVIDIA Corporation) C:Windowssystem32NvFBC64.dll
2021-05-09 19:44 – 2021-04-27 14:12 – 001590560 _____ (NVIDIA Corporation) C:WindowsSysWOW64NvFBC.dll
2021-05-09 19:44 – 2021-04-27 14:12 – 001514784 _____ (NVIDIA Corporation) C:Windowssystem32NvIFR64.dll
2021-05-09 19:44 – 2021-04-27 14:12 – 001166112 _____ (NVIDIA Corporation) C:WindowsSysWOW64NvIFR.dll
2021-05-09 19:44 – 2021-04-27 14:12 – 000811808 _____ (NVIDIA Corporation) C:Windowssystem32nvEncodeAPI64.dll
2021-05-09 19:44 – 2021-04-27 14:12 – 000689952 _____ (NVIDIA Corporation) C:Windowssystem32nvidia-smi.exe
2021-05-09 19:44 – 2021-04-27 14:12 – 000675104 _____ (NVIDIA Corporation) C:Windowssystem32NvIFROpenGL.dll
2021-05-09 19:44 – 2021-04-27 14:12 – 000656160 _____ (NVIDIA Corporation) C:WindowsSysWOW64nvEncodeAPI.dll
2021-05-09 19:44 – 2021-04-27 14:12 – 000564000 _____ (NVIDIA Corporation) C:WindowsSysWOW64NvIFROpenGL.dll
2021-05-09 19:44 – 2021-04-27 14:11 – 008317232 _____ (NVIDIA Corporation) C:Windowssystem32nvcuvid.dll
2021-05-09 19:44 – 2021-04-27 14:11 – 007434032 _____ (NVIDIA Corporation) C:WindowsSysWOW64nvcuvid.dll
2021-05-09 19:44 – 2021-04-27 14:11 – 004795152 _____ (NVIDIA Corporation) C:WindowsSysWOW64nvcuda.dll
2021-05-09 19:44 – 2021-04-27 14:11 – 002823472 _____ (NVIDIA Corporation) C:Windowssystem32nvcuda.dll
2021-05-09 19:44 – 2021-04-27 14:11 – 000445744 _____ (NVIDIA Corporation) C:Windowssystem32nvdebugdump.exe
2021-05-09 19:44 – 2021-04-27 14:10 – 000848664 _____ (NVIDIA Corporation) C:Windowssystem32MCU.exe
2021-05-09 19:44 – 2021-04-27 14:09 – 006159176 _____ (NVIDIA Corporation) C:WindowsSysWOW64nvapi.dll
2021-05-09 19:44 – 2021-04-23 18:08 – 000087164 _____ C:Windowssystem32nvinfo.pb
2021-05-09 19:39 – 2021-05-15 02:35 – 000000000 ____D C:UsersLEGENDAppDataLocalNVIDIA Corporation
2021-05-09 19:39 – 2021-05-12 09:33 – 000000000 ____D C:UsersLEGENDAppDataLocalNVIDIA
2021-05-09 19:39 – 2021-05-09 19:39 – 000000000 ____D C:UsersLEGENDansel
2021-05-09 19:38 – 2021-05-16 08:10 – 000000000 ____D C:ProgramDataNVIDIA
2021-05-09 19:38 – 2021-05-10 06:44 – 000003976 _____ C:Windowssystem32TasksNVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-05-09 19:38 – 2021-05-10 06:44 – 000003940 _____ C:Windowssystem32TasksNvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-05-09 19:38 – 2021-05-10 06:44 – 000003858 _____ C:Windowssystem32TasksNvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-05-09 19:38 – 2021-05-10 06:44 – 000003858 _____ C:Windowssystem32TasksNvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-05-09 19:38 – 2021-05-10 06:44 – 000003858 _____ C:Windowssystem32TasksNvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-05-09 19:38 – 2021-05-10 06:44 – 000003858 _____ C:Windowssystem32TasksNvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-05-09 19:38 – 2021-05-10 06:44 – 000000000 ____D C:Program Files (x86)NVIDIA Corporation
2021-05-09 19:38 – 2021-05-10 06:43 – 000004308 _____ C:Windowssystem32TasksNvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-05-09 19:38 – 2021-05-10 06:43 – 000004106 _____ C:Windowssystem32TasksNvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-05-09 19:38 – 2021-05-10 06:43 – 000003894 _____ C:Windowssystem32TasksNvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-05-09 19:38 – 2021-05-10 06:43 – 000003654 _____ C:Windowssystem32TasksNvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-05-09 19:38 – 2021-05-09 19:38 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsNVIDIA Corporation
2021-05-09 19:38 – 2021-04-07 04:38 – 002817904 _____ (NVIDIA Corporation) C:Windowssystem32nvspcap64.dll
2021-05-09 19:38 – 2021-04-07 04:38 – 002171760 _____ (NVIDIA Corporation) C:WindowsSysWOW64nvspcap.dll
2021-05-09 19:38 – 2021-04-07 04:38 – 001293680 _____ (NVIDIA Corporation) C:Windowssystem32NvRtmpStreamer64.dll
2021-05-09 19:38 – 2021-03-30 03:57 – 000074608 _____ C:Windowssystem32FvSDK_x64.dll
2021-05-09 19:38 – 2021-03-30 03:57 – 000064880 _____ C:WindowsSysWOW64FvSDK_x86.dll
2021-05-09 19:38 – 2021-03-03 13:49 – 000168304 _____ (NVIDIA Corporation) C:Windowssystem32nvaudcap64v.dll
2021-05-09 19:38 – 2021-03-03 13:49 – 000144240 _____ (NVIDIA Corporation) C:WindowsSysWOW64nvaudcap32v.dll
2021-05-09 19:38 – 2020-09-28 16:59 – 000001951 _____ C:WindowsNvContainerRecovery.bat
2021-05-09 19:38 – 2020-03-11 12:26 – 000067456 _____ (NVIDIA Corporation) C:Windowssystem32Driversnvvhci.sys
2021-05-09 19:38 – 2020-03-06 03:03 – 000069840 _____ (NVIDIA Corporation) C:Windowssystem32Driversnvvad64v.sys
2021-05-09 19:36 – 2021-05-12 01:49 – 000000000 ___HD C:$WinREAgent
2021-05-09 19:35 – 2021-05-09 19:35 – 000000000 ____D C:UsersLEGENDAppDataLocalUnrealEngine
2021-05-09 19:32 – 2021-05-16 08:11 – 000000001 _____ C:Windowsvgkbootstatus.dat
2021-05-09 19:16 – 2021-05-09 19:16 – 000000000 ____D C:UsersLEGENDAppDataLocalCEF
2021-05-09 19:15 – 2021-05-14 15:59 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsRiot Games
2021-05-09 19:15 – 2021-05-09 19:15 – 000000000 ____D C:UsersLEGENDAppDataRoamingMicrosoftWindowsStart MenuProgramsRiot Games
2021-05-09 19:04 – 2021-05-14 16:53 – 000000000 ___RD C:UsersLEGENDDesktopGAMING
2021-05-09 19:03 – 2021-05-09 19:03 – 000001194 _____ C:UsersLEGENDDesktopDTLite.exe – Shortcut.lnk
2021-05-09 19:02 – 2021-05-09 19:02 – 000001282 _____ C:UsersLEGENDDesktopacad.exe – Shortcut.lnk
2021-05-09 18:47 – 2021-05-09 18:47 – 000000888 _____ C:UsersLEGENDDesktopStart Tor Browser.lnk
2021-05-09 18:24 – 2021-05-09 18:24 – 000000000 ____D C:Windowssystem32TasksWPD
2021-05-09 18:24 – 2021-05-09 18:24 – 000000000 ____D C:Windowssystem32TasksLenovo
2021-05-09 18:24 – 2019-12-07 02:12 – 000000824 _____ C:Windowssystem32Driversetchosts.20210509-182428.backup
2021-05-09 18:22 – 2021-05-09 18:22 – 000000000 ____D C:Safer-Networking Ltd
2021-05-09 18:20 – 2021-05-09 18:46 – 000000000 ____D C:UsersLEGENDAppDataLocalSafer-Networking Ltd
2021-05-09 18:20 – 2021-05-09 18:46 – 000000000 ____D C:ProgramDataSpybot – Search & Destroy
2021-05-09 18:20 – 2021-05-09 18:20 – 000001046 _____ C:UsersPublicDesktopSpybot-S&D Start Center.lnk
2021-05-09 18:20 – 2021-05-09 18:20 – 000001046 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsSpybot-S&D Start Center.lnk
2021-05-09 18:20 – 2021-05-09 18:20 – 000001046 _____ C:ProgramDataDesktopSpybot-S&D Start Center.lnk
2021-05-09 18:20 – 2021-05-09 18:20 – 000000000 ____D C:Windowssystem32TasksSafer-Networking
2021-05-09 18:20 – 2021-05-09 18:20 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsSpybot Anti-Beacon
2021-05-09 18:20 – 2021-05-09 18:20 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsSpybot – Search & Destroy 2
2021-05-09 18:20 – 2021-05-09 18:20 – 000000000 ____D C:Program Files (x86)Safer-Networking Ltd
2021-05-09 18:20 – 2019-06-21 08:34 – 000019904 _____ (Windows ® Win 7 DDK provider) C:Windowssystem32DriversSpybot3ELAM.sys
2021-05-09 18:20 – 2018-02-06 19:04 – 000032168 _____ (Safer-Networking Ltd.) C:Windowssystem32sdnclean64.exe
2021-05-09 18:14 – 2021-05-09 18:14 – 000000000 ____D C:ProgramDataGlarySoft
2021-05-09 18:13 – 2021-05-09 18:13 – 000001226 _____ C:UsersLEGENDDesktopGlary Utilities 5.exe.lnk
2021-05-09 18:13 – 2021-05-09 18:13 – 000000000 ____D C:UsersLEGENDAppDataRoamingGlarySoft
2021-05-09 18:10 – 2021-05-10 09:26 – 000000000 ____D C:UsersLEGENDAppDataLocalcache
2021-05-09 18:07 – 2021-05-09 18:07 – 000000742 _____ C:UsersPublicDesktopMalwarebytes.lnk
2021-05-09 18:07 – 2021-05-09 18:07 – 000000742 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes.lnk
2021-05-09 18:07 – 2021-05-09 18:07 – 000000742 _____ C:ProgramDataDesktopMalwarebytes.lnk
2021-05-09 18:07 – 2021-05-09 18:07 – 000000000 ____D C:UsersLEGENDAppDataLocalmbam
2021-05-09 18:06 – 2021-05-09 18:06 – 000199128 _____ (Malwarebytes) C:Windowssystem32Driversmbae64.sys
2021-05-09 18:06 – 2021-05-09 18:06 – 000000000 ____D C:ProgramDataMalwarebytes
2021-05-09 18:06 – 2021-05-06 21:19 – 000019912 _____ (Malwarebytes) C:Windowssystem32DriversMbamElam.sys
2021-05-09 17:41 – 2021-05-16 08:10 – 000000000 ____D C:UsersLEGENDAppDataLocalLowMozilla
2021-05-09 17:41 – 2021-05-16 06:03 – 000000000 ____D C:ProgramDataMozilla
2021-05-09 17:41 – 2021-05-09 17:41 – 000000000 ____D C:UsersLEGENDAppDataRoamingMozilla
2021-05-09 17:41 – 2021-05-09 17:41 – 000000000 ____D C:UsersLEGENDAppDataLocalMozilla
2021-05-09 17:38 – 2021-05-09 17:38 – 000001177 _____ C:UsersLEGENDDesktopfirefox.exe.lnk
2021-05-09 17:34 – 2021-05-09 17:34 – 000000000 ____D C:UsersLEGENDAppDataLocalOO Software
2021-05-09 17:33 – 2021-05-11 21:52 – 000000000 ____D C:WindowsPanther
2021-05-09 17:29 – 2021-05-16 03:01 – 000000000 ____D C:UsersLEGENDAppDataLocalCrashDumps
2021-05-09 17:29 – 2021-05-12 08:01 – 000000000 ____D C:UsersLEGENDAppDataLocalD3DSCache
2021-05-09 17:24 – 2021-05-10 06:44 – 000000000 ____D C:ProgramDataNVIDIA Corporation
2021-05-09 17:24 – 2021-05-10 06:43 – 000000000 ____D C:Program FilesNVIDIA Corporation
2021-05-09 17:24 – 2021-05-09 19:46 – 000000000 ____D C:Windowssystem32DriversNVIDIA Corporation
2021-05-09 17:24 – 2019-03-14 04:23 – 000865568 _____ (Realtek Semiconductor) C:Windowssystem32RtkAudUService64.exe
2021-05-09 17:24 – 2019-03-14 04:23 – 000820824 _____ (Realtek Semiconductor Corp.) C:Windowssystem32RtkApi64U.dll
2021-05-09 17:24 – 2019-03-14 04:23 – 000215032 _____ (Realtek Semiconductor Corp.) C:Windowssystem32RtkCfg64.dll
2021-05-09 17:24 – 2019-03-14 01:23 – 005620696 _____ (Realtek Semiconductor Corp.) C:Windowssystem32RltkAPOU64.dll
2021-05-09 17:24 – 2019-03-14 01:23 – 001126344 _____ (Realtek Semiconductor Corp.) C:Windowssystem32RtCOM64.dll
2021-05-09 17:24 – 2019-03-14 01:23 – 000481888 _____ (Realtek Semiconductor Corp.) C:Windowssystem32RtDataProc64.dll
2021-05-09 17:23 – 2021-04-27 14:09 – 007212232 _____ (NVIDIA Corporation) C:Windowssystem32nvapi64.dll
2021-05-09 17:23 – 2021-04-01 17:40 – 000817560 _____ (NVIDIA Corporation) C:Windowssystem32nvmcumd.dll
2021-05-09 17:23 – 2021-04-01 17:38 – 005528976 _____ (NVIDIA Corporation) C:Windowssystem32nvcpl.dll
2021-05-09 17:22 – 2021-05-09 17:22 – 000087716 _____ C:ProgramDataagent.update.1620606138.bdinstall.v2.bin
2021-05-09 17:21 – 2021-05-13 11:54 – 000000000 ____D C:Windowssystem32TasksCOMODO
2021-05-09 17:20 – 2021-05-11 14:04 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsCOMODO
2021-05-09 17:20 – 2021-05-09 17:20 – 000000000 ____D C:Program Files (x86)COMODO
2021-05-09 17:20 – 2019-10-22 18:02 – 000017576 _____ (COMODO) C:Windowssystem32Driverscmdboot.sys
2021-05-09 17:20 – 2019-01-29 01:42 – 000254440 _____ (COMODO) C:Windowssystem32iseguard64.dll
2021-05-09 17:20 – 2019-01-29 01:42 – 000205024 _____ (COMODO) C:WindowsSysWOW64iseguard32.dll
2021-05-09 17:20 – 2018-08-29 15:55 – 000063256 _____ (COMODO) C:Windowssystem32Driversisedrv.sys
2021-05-09 17:15 – 2021-05-09 17:20 – 000000000 ____D C:ProgramDataComodo
2021-05-09 17:15 – 2021-05-09 17:15 – 000000000 ____D C:ProgramDataShared Space
2021-05-09 17:12 – 2021-05-09 17:12 – 000001196 _____ C:UsersLEGENDAppDataRoamingMicrosoftWindowsStart MenuProgramsBitdefender Antivirus Free.lnk
2021-05-09 17:12 – 2021-05-09 17:12 – 000000000 ____D C:ProgramData48C4687D-9760-4F5B-BAB3-60351B0841E4
2021-05-09 17:11 – 2021-02-26 18:31 – 000641728 _____ (Bitdefender) C:Windowssystem32Driverstrufos.sys
2021-05-09 17:11 – 2020-12-18 02:37 – 000022976 _____ (Bitdefender) C:Windowssystem32Driversbdelam.sys
2021-05-09 17:10 – 2021-05-09 17:10 – 000001211 _____ C:UsersPublicDesktopBitdefender Antivirus Free.lnk
2021-05-09 17:10 – 2021-05-09 17:10 – 000001211 _____ C:ProgramDataDesktopBitdefender Antivirus Free.lnk
2021-05-09 17:10 – 2021-05-09 17:10 – 000000000 ____D C:ProgramDataBitdefender
2021-05-09 17:07 – 2021-05-16 08:11 – 000000000 ____D C:Program FilesBitdefender Antivirus Free
2021-05-09 17:07 – 2021-02-26 13:40 – 002718744 _____ (Bitdefender S.R.L. Bucharest, ROMANIA) C:Windowssystem32Driversatc.sys
2021-05-09 17:07 – 2021-02-16 15:31 – 000488592 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:Windowssystem32Driversgemma.sys
2021-05-09 17:07 – 2020-12-04 15:15 – 000802976 _____ (Bitdefender) C:Windowssystem32Driversbddci.sys
2021-05-09 17:07 – 2020-10-20 13:18 – 000386800 _____ (Bitdefender) C:Windowssystem32Driversvlflt.sys
2021-05-09 17:07 – 2020-02-03 16:53 – 000309120 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:Windowssystem32Driversedrsensor.sys
2021-05-09 17:06 – 2021-05-09 17:06 – 000000000 ____D C:Windowssystem32dolbyaposvc
2021-05-09 17:06 – 2019-03-14 01:18 – 006772000 _____ (Realtek Semiconductor Corp.) C:Windowssystem32DriversRTKVHD64.sys
2021-05-09 17:06 – 2019-03-14 01:10 – 029495258 _____ C:Windowssystem32DriversRTAIODAT.DAT
2021-05-09 17:06 – 2018-01-11 07:55 – 000000712 _____ C:Windowssystem32DriversRTEQEX0.dat
2021-05-09 17:06 – 2018-01-10 08:36 – 000000852 _____ C:Windowssystem32DriversRTKHDRC.dat
2021-05-09 17:05 – 2021-05-09 17:05 – 000000000 ____D C:ProgramDataRealtek
2021-05-09 17:05 – 2018-05-02 22:51 – 000315520 _____ (Intel Corporation) C:Windowssystem32DriversiaLPSS2_UART2.sys
2021-05-09 17:04 – 2021-05-09 17:21 – 000000000 ____D C:UsersLEGENDAppDataLocalPlaceholderTileLogoFolder
2021-05-09 17:04 – 2021-05-09 17:04 – 000019208 _____ C:ProgramDataagent.1620605049.bdinstall.v2.bin
2021-05-09 17:02 – 2021-05-09 17:02 – 000003802 _____ C:Windowssystem32TasksBitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2021-05-09 17:00 – 2021-05-09 17:00 – 000000000 ____D C:UsersLEGENDAppDataLocalComms
2021-05-09 16:59 – 2021-05-09 17:22 – 000000000 ____D C:Program FilesBitdefender Agent
2021-05-09 16:59 – 2021-05-09 16:59 – 000116888 _____ C:ProgramDataagent.1620604782.bdinstall.v2.bin
2021-05-09 16:59 – 2021-05-09 16:59 – 000000000 ____D C:ProgramDataBitdefender Agent
2021-05-09 16:56 – 2021-05-12 06:57 – 000000000 ____D C:ProgramDataPackage Cache
2021-05-09 16:56 – 2018-06-25 08:48 – 000029752 _____ (VoodooSoft, LLC) C:Windowssystem32Driversvsscanner.sys
2021-05-09 16:42 – 2021-05-09 17:29 – 000003382 _____ C:Windowssystem32TasksOneDrive Standalone Update Task-S-1-5-21-1137129469-1377650283-1728635483-1001
2021-05-09 16:42 – 2021-05-09 17:29 – 000000000 ___RD C:UsersLEGENDOneDrive
2021-05-09 16:40 – 2021-05-16 08:15 – 000795738 _____ C:Windowssystem32PerfStringBackup.INI
2021-05-09 16:40 – 2021-05-13 10:31 – 000000000 ____D C:UsersLEGENDAppDataLocalPackages
2021-05-09 16:40 – 2021-05-10 10:04 – 000000000 ____D C:UsersLEGENDAppDataLocalConnectedDevicesPlatform
2021-05-09 16:40 – 2021-05-09 19:56 – 000000000 ____D C:UsersLEGENDAppDataLocalPublishers
2021-05-09 16:40 – 2021-05-09 16:40 – 000000000 ___RD C:UsersLEGEND3D Objects
2021-05-09 16:40 – 2021-05-09 16:40 – 000000000 ____D C:UsersLEGENDAppDataRoamingAdobe
2021-05-09 16:40 – 2021-05-09 16:40 – 000000000 ____D C:UsersLEGENDAppDataLocalVirtualStore
2021-05-09 16:39 – 2021-05-16 08:10 – 000000000 ____D C:UsersLEGEND
2021-05-09 16:39 – 2021-05-09 17:29 – 000002370 _____ C:UsersLEGENDAppDataRoamingMicrosoftWindowsStart MenuProgramsOneDrive.lnk
2021-05-09 16:39 – 2021-05-09 16:39 – 000000020 ___SH C:UsersLEGENDntuser.ini
2021-05-09 16:35 – 2021-05-09 16:35 – 000000000 _SHDL C:Documents and Settings
2021-05-09 16:34 – 2021-05-09 16:34 – 000002858 _____ C:Windowssystem32TasksOneDrive Standalone Update Task-S-1-5-21-1137129469-1377650283-1728635483-500
2021-05-09 16:34 – 2021-05-09 16:34 – 000000000 ____H C:Windowssystem32DriversMsft_User_WpdFs_01_11_00.Wdf
2021-05-09 16:33 – 2021-05-16 08:11 – 000008192 ___SH C:DumpStack.log.tmp
2021-05-06 21:19 – 2021-05-16 08:11 – 000248992 _____ (Malwarebytes) C:Windowssystem32Driversmbamswissarmy.sys
2021-05-06 21:19 – 2021-05-09 18:06 – 000220752 _____ (Malwarebytes) C:Windowssystem32DriversMbamChameleon.sys
==================== Three months (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-05-16 08:15 – 2019-12-07 02:13 – 000000000 ____D C:WindowsINF
2021-05-16 08:11 – 2019-12-07 02:14 – 000000000 ____D C:WindowsServiceState
2021-05-16 08:11 – 2019-12-07 02:03 – 000524288 _____ C:Windowssystem32configBBI
2021-05-16 08:10 – 2020-11-19 00:30 – 000000006 ____H C:WindowsTasksSA.DAT
2021-05-16 08:05 – 2019-12-07 02:03 – 000065536 _____ C:Windowssystem32configELAM
2021-05-16 03:39 – 2020-11-19 00:30 – 000000000 ____D C:Windowssystem32SleepStudy
2021-05-16 03:11 – 2019-12-07 02:14 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft
2021-05-15 13:09 – 2019-12-07 02:14 – 000000000 ____D C:WindowsAppReadiness
2021-05-14 14:19 – 2020-11-19 00:32 – 000002438 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Edge.lnk
2021-05-14 14:19 – 2019-12-07 02:14 – 000000000 ___HD C:Program FilesWindowsApps
2021-05-12 06:57 – 2019-12-07 02:14 – 000000000 ____D C:Program FilesCommon Filesmicrosoft shared
2021-05-12 02:50 – 2019-12-07 02:14 – 000000000 ___RD C:WindowsImmersiveControlPanel
2021-05-12 02:46 – 2020-11-19 00:30 – 000257824 _____ C:Windowssystem32FNTCACHE.DAT
2021-05-12 02:45 – 2019-12-07 02:50 – 000000000 ____D C:Windowssystem32OpenSSH
2021-05-12 02:45 – 2019-12-07 02:14 – 000000000 ____D C:WindowsSysWOW64WinMetadata
2021-05-12 02:45 – 2019-12-07 02:14 – 000000000 ____D C:WindowsSysWOW64setup
2021-05-12 02:45 – 2019-12-07 02:14 – 000000000 ____D C:WindowsSysWOW64oobe
2021-05-12 02:45 – 2019-12-07 02:14 – 000000000 ____D C:WindowsSysWOW64lt-LT
2021-05-12 02:45 – 2019-12-07 02:14 – 000000000 ____D C:WindowsSysWOW64Dism
2021-05-12 02:45 – 2019-12-07 02:14 – 000000000 ____D C:WindowsSystemResources
2021-05-12 02:45 – 2019-12-07 02:14 – 000000000 ____D C:Windowssystem32WinMetadata
2021-05-12 02:45 – 2019-12-07 02:14 – 000000000 ____D C:Windowssystem32SystemResetPlatform
2021-05-12 02:45 – 2019-12-07 02:14 – 000000000 ____D C:Windowssystem32setup
2021-05-12 02:45 – 2019-12-07 02:14 – 000000000 ____D C:Windowssystem32oobe
2021-05-12 02:45 – 2019-12-07 02:14 – 000000000 ____D C:Windowssystem32lt-LT
2021-05-12 02:45 – 2019-12-07 02:14 – 000000000 ____D C:Windowssystem32Dism
2021-05-12 02:44 – 2019-12-07 02:14 – 000000000 ___RD C:WindowsPrintDialog
2021-05-12 02:44 – 2019-12-07 02:14 – 000000000 ____D C:WindowsProvisioning
2021-05-12 02:44 – 2019-12-07 02:14 – 000000000 ____D C:WindowsPolicyDefinitions
2021-05-12 02:44 – 2019-12-07 02:14 – 000000000 ____D C:WindowsDiagTrack
2021-05-12 02:44 – 2019-12-07 02:14 – 000000000 ____D C:Windowsbcastdvr
2021-05-12 02:18 – 2019-12-07 02:03 – 000000000 ____D C:WindowsCbsTemp
2021-05-12 02:16 – 2019-12-07 02:52 – 000023552 _____ (Microsoft Corporation) C:Windowssystem32OEMDefaultAssociations.dll
2021-05-10 07:02 – 2020-11-19 00:32 – 000003480 _____ C:Windowssystem32TasksMicrosoftEdgeUpdateTaskMachineUA
2021-05-10 07:02 – 2020-11-19 00:32 – 000003356 _____ C:Windowssystem32TasksMicrosoftEdgeUpdateTaskMachineCore
2021-05-09 20:12 – 2019-12-07 02:52 – 000000000 ____D C:Program FilesWindows Photo Viewer
2021-05-09 20:12 – 2019-12-07 02:52 – 000000000 ____D C:Program Files (x86)Windows Photo Viewer
2021-05-09 20:12 – 2019-12-07 02:14 – 000000000 ___SD C:WindowsSysWOW64F12
2021-05-09 20:12 – 2019-12-07 02:14 – 000000000 ___SD C:WindowsSysWOW64DiagSvcs
2021-05-09 20:12 – 2019-12-07 02:14 – 000000000 ___SD C:Windowssystem32UNP
2021-05-09 20:12 – 2019-12-07 02:14 – 000000000 ___SD C:Windowssystem32F12
2021-05-09 20:12 – 2019-12-07 02:14 – 000000000 ___SD C:Windowssystem32DiagSvcs
2021-05-09 20:12 – 2019-12-07 02:14 – 000000000 ____D C:WindowsSysWOW64PerceptionSimulation
2021-05-09 20:12 – 2019-12-07 02:14 – 000000000 ____D C:WindowsSysWOW64Keywords
2021-05-09 20:12 – 2019-12-07 02:14 – 000000000 ____D C:WindowsSysWOW64Com
2021-05-09 20:12 – 2019-12-07 02:14 – 000000000 ____D C:WindowsSysWOW64AdvancedInstallers
2021-05-09 20:12 – 2019-12-07 02:14 – 000000000 ____D C:Windowssystem32WinBioPlugIns
2021-05-09 20:12 – 2019-12-07 02:14 – 000000000 ____D C:Windowssystem32Sysprep
2021-05-09 20:12 – 2019-12-07 02:14 – 000000000 ____D C:Windowssystem32PerceptionSimulation
2021-05-09 20:12 – 2019-12-07 02:14 – 000000000 ____D C:Windowssystem32migwiz
2021-05-09 20:12 – 2019-12-07 02:14 – 000000000 ____D C:Windowssystem32lv-LV
2021-05-09 20:12 – 2019-12-07 02:14 – 000000000 ____D C:Windowssystem32Keywords
2021-05-09 20:12 – 2019-12-07 02:14 – 000000000 ____D C:Windowssystem32et-EE
2021-05-09 20:12 – 2019-12-07 02:14 – 000000000 ____D C:Windowssystem32es-MX
2021-05-09 20:12 – 2019-12-07 02:14 – 000000000 ____D C:Windowssystem32Com
2021-05-09 20:12 – 2019-12-07 02:14 – 000000000 ____D C:Windowssystem32AdvancedInstallers
2021-05-09 20:12 – 2019-12-07 02:14 – 000000000 ____D C:WindowsShellExperiences
2021-05-09 20:12 – 2019-12-07 02:14 – 000000000 ____D C:WindowsShellComponents
2021-05-09 20:12 – 2019-12-07 02:14 – 000000000 ____D C:WindowsIME
2021-05-09 20:12 – 2019-12-07 02:14 – 000000000 ____D C:Program FilesWindows Defender
2021-05-09 20:12 – 2019-12-07 02:14 – 000000000 ____D C:Program FilesCommon FilesSystem
2021-05-09 20:12 – 2019-12-07 02:14 – 000000000 ____D C:Program Files (x86)Windows Defender
2021-05-09 20:12 – 2019-12-07 02:03 – 000000000 ____D C:Windowsservicing
2021-05-09 20:03 – 2020-11-19 00:32 – 002877440 _____ (Microsoft Corporation) C:WindowsSysWOW64PrintConfig.dll
2021-05-09 19:56 – 2020-11-19 00:33 – 000000000 ____D C:ProgramDataPackages
2021-05-09 18:06 – 2019-12-07 02:14 – 000000000 ___HD C:WindowsELAMBKUP
2021-05-09 17:33 – 2019-12-07 02:14 – 000028672 _____ C:Windowssystem32configBCD-Template
2021-05-09 17:06 – 2019-12-07 02:14 – 000000000 ____D C:Windowssystem32DriversDriverData
2021-05-09 16:42 – 2019-12-07 02:14 – 000000000 ____D C:ProgramDataUSOPrivate
2021-05-09 16:40 – 2020-11-19 00:33 – 000000000 __RHD C:UsersPublicAccountPictures
2021-05-09 16:37 – 2019-12-07 02:50 – 000000000 ____D C:Windowssystem32FxsTmp
2021-05-09 16:33 – 2019-12-07 02:14 – 000000000 ____D C:WindowsLiveKernelReports
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
safeboot: Network => The system is configured to boot to Safe Mode <==== ATTENTION
==================== BCD ================================
Firmware Boot Manager
———————
identifier {fwbootmgr}
displayorder {bootmgr}
{37cf2ac8-1b95-11eb-95c6-806e6f6e6963}
{37cf2ac9-1b95-11eb-95c6-806e6f6e6963}
{37cf2aca-1b95-11eb-95c6-806e6f6e6963}
timeout 0
Windows Boot Manager
——————–
identifier {bootmgr}
device partition=DeviceHarddiskVolume3
path EFIMicrosoftBootbootmgfw.efi
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {b9bf5b29-b10a-11eb-819b-a933bd03f491}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 0
Firmware Application (101fffff)
——————————-
identifier {37cf2ac8-1b95-11eb-95c6-806e6f6e6963}
description EFI USB Device
Firmware Application (101fffff)
——————————-
identifier {37cf2ac9-1b95-11eb-95c6-806e6f6e6963}
description EFI DVD/CDROM
Firmware Application (101fffff)
——————————-
identifier {37cf2aca-1b95-11eb-95c6-806e6f6e6963}
description EFI Network
Firmware Application (101fffff)
——————————-
identifier {3bb654f1-1c3d-11eb-a8ce-806e6f6e6963}
description EFI PXE 0 for IPv4 (E8-6A-64-0B-48-AE)
Firmware Application (101fffff)
——————————-
identifier {3bb654f2-1c3d-11eb-a8ce-806e6f6e6963}
description EFI PXE 0 for IPv6 (E8-6A-64-0B-48-AE)
Windows Boot Loader
——————-
identifier {9c56f271-af47-11eb-a2c8-acd86f043ea3}
device ramdisk=[unknown]RecoveryWindowsREWinre.wim,{9c56f272-af47-11eb-a2c8-acd86f043ea3}
path windowssystem32winload.efi
description Windows Recovery Environment
locale en-us
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[unknown]RecoveryWindowsREWinre.wim,{9c56f272-af47-11eb-a2c8-acd86f043ea3}
systemroot windows
nx OptIn
bootmenupolicy Standard
winpe Yes
Windows Boot Loader
——————-
identifier {current}
device partition=C:
path Windowssystem32winload.efi
description Windows 10
locale en-US
inherit {bootloadersettings}
recoverysequence {b9bf5b2b-b10a-11eb-819b-a933bd03f491}
displaymessageoverride Recovery
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot Windows
resumeobject {b9bf5b29-b10a-11eb-819b-a933bd03f491}
nx OptIn
safeboot Network
bootmenupolicy Standard
Windows Boot Loader
——————-
identifier {b9bf5b2b-b10a-11eb-819b-a933bd03f491}
device ramdisk=[C:]RecoveryWindowsREWinre.wim,{b9bf5b2c-b10a-11eb-819b-a933bd03f491}
path windowssystem32winload.efi
description Windows Recovery Environment
locale en-us
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[C:]RecoveryWindowsREWinre.wim,{b9bf5b2c-b10a-11eb-819b-a933bd03f491}
systemroot windows
nx OptIn
bootmenupolicy Standard
winpe Yes
Resume from Hibernate
———————
identifier {b9bf5b29-b10a-11eb-819b-a933bd03f491}
device partition=C:
path Windowssystem32winresume.efi
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {b9bf5b2b-b10a-11eb-819b-a933bd03f491}
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No
Windows Memory Tester
———————
identifier {memdiag}
device partition=DeviceHarddiskVolume3
path EFIMicrosoftBootmemtest.efi
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes
EMS Settings
————
identifier {emssettings}
bootems No
Debugger Settings
—————–
identifier {dbgsettings}
debugtype Local
RAM Defects
———–
identifier {badmemory}
Global Settings
—————
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Boot Loader Settings
——————–
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Hypervisor Settings
——————-
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Resume Loader Settings
———————-
identifier {resumeloadersettings}
inherit {globalsettings}
Device options
————–
identifier {b9bf5b2c-b10a-11eb-819b-a933bd03f491}
description Windows Recovery
ramdisksdidevice partition=C:
ramdisksdipath RecoveryWindowsREboot.sdi
==================== End of FRST.txt ========================
ADDITION.TXT ###################################################################################################################################
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-05-2021
Ran by LEGEND (16-05-2021 08:27:22)
Running from D:Downloadz
Windows 10 Home Version 20H2 19042.985 (X64) (2021-05-09 23:35:54)
Boot Mode: Safe Mode (with Networking)
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1137129469-1377650283-1728635483-500 – Administrator – Disabled)
DefaultAccount (S-1-5-21-1137129469-1377650283-1728635483-503 – Limited – Disabled)
Guest (S-1-5-21-1137129469-1377650283-1728635483-501 – Limited – Disabled)
LEGEND (S-1-5-21-1137129469-1377650283-1728635483-1001 – Administrator – Enabled) => C:UsersLEGEND
WDAGUtilityAccount (S-1-5-21-1137129469-1377650283-1728635483-504 – Limited – Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Spybot – Search and Destroy (Enabled – Up to date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: Bitdefender Antivirus Free Antimalware (Enabled – Up to date) {BAD274F4-FA00-8560-1CDE-6C830442BEFA}
AV: Windows Defender (Disabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: COMODO Antivirus (Enabled – Up to date) {05BC7AB5-FF0E-71EC-1054-15DA19B62DC7}
AV: Malwarebytes (Disabled – Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
FW: COMODO Firewall (Enabled) {3D87FB90-B561-70B4-3B0B-BCEFE7656ABC}
==================== Installed Programs ======================
(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Apex Legends (HKLM-x32…{D7FBF176-382D-484E-863A-DFD1124A2A1C}) (Version: 1.0.6.6 – Electronic Arts, Inc.)
Battle.net (HKLM-x32…Battle.net) (Version: – Blizzard Entertainment)
Bitdefender Agent (HKLM…Bitdefender Agent) (Version: 25.0.1.177 – Bitdefender)
Bitdefender Antivirus Free (HKLM…{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}) (Version: 1.0.21.234 – Bitdefender)
Call of Duty Modern Warfare (HKLM-x32…Call of Duty Modern Warfare) (Version: – Blizzard Entertainment)
COMODO Antivirus (HKLM…COMODO Internet Security) (Version: 12.2.2.8012 – COMODO Security Solutions Inc.)
COMODO Internet Security Premium (HKLM…{529CC629-B436-4886-B322-4BE75B97783D}) (Version: 12.2.2.8012 – COMODO Security Solutions Inc.) Hidden
Internet Security Essentials (HKLM-x32…ComodoIse) (Version: 1.6.472587.185 – Comodo)
Malwarebytes Anti-Exploit version 1.13.1.345 (HKLM…Malwarebytes Anti-Exploit_is1) (Version: 1.13.1.345 – Malwarebytes)
Malwarebytes version 4.3.3.116 (HKLM…{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.3.116 – Malwarebytes)
Microsoft Edge (HKLM-x32…Microsoft Edge) (Version: 90.0.818.62 – Microsoft Corporation)
Microsoft OneDrive (HKUS-1-5-21-1137129469-1377650283-1728635483-1001…OneDriveSetup.exe) (Version: 21.062.0328.0001 – Microsoft Corporation)
Microsoft Update Health Tools (HKLM…{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 – Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable – 10.0.40219 (HKLM…{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 – Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) – 11.0.61030 (HKLM-x32…{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 – Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) – 14.14.26429 (HKLM-x32…{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 – Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) – 14.13.26020 (HKLM-x32…{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 – Microsoft Corporation)
NVIDIA FrameView SDK 1.1.4923.29781331 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29781331 – NVIDIA Corporation)
NVIDIA GeForce Experience 3.22.0.32 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.22.0.32 – NVIDIA Corporation)
NVIDIA Graphics Driver 466.27 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 466.27 – NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.40 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 – NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 – NVIDIA Corporation)
Riot Vanguard (HKLM…Riot Vanguard) (Version: – Riot Games, Inc.)
Spybot – Search & Destroy (HKLM-x32…{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.8.68.0 – Safer-Networking Ltd.)
Spybot Anti-Beacon (HKLM-x32…{419A7FCF-93E1-474D-BFE9-987CF3F90C88}_is1) (Version: 3.7 – Safer-Networking Ltd.)
VALORANT (HKUS-1-5-21-1137129469-1377650283-1728635483-1001…Riot Game valorant.live) (Version: – Riot Games, Inc)
Packages:
=========
Cortana -> C:Program FilesWindowsAppsMicrosoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation)
Intel® Graphics Command Center -> C:Program FilesWindowsAppsAppUp.IntelGraphicsExperience_1.100.3325.0_x64__8j3eq9eme6ctt [2021-05-09] (INTEL CORP) [Startup Task]
Mail and Calendar -> C:Program FilesWindowsAppsmicrosoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:Program FilesWindowsAppsMicrosoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Studios) [MS Ad]
MSN Weather -> C:Program FilesWindowsAppsMicrosoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:Program FilesWindowsAppsNVIDIACorp.NVIDIAControlPanel_8.1.960.0_x64__56jybvy8sckqj [2021-05-09] (NVIDIA Corp.)
Realtek Audio Control -> C:Program FilesWindowsAppsRealtekSemiconductorCorp.RealtekAudioControl_1.1.137.0_x64__dt26b99r8h8gj [2021-05-09] (Realtek Semiconductor Corp)
Skype -> C:Program FilesWindowsAppsMicrosoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c [2019-12-07] (Skype)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers1: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => D:ProgramFilezCOMODOCOMODO Internet Securitycavshell.dll [2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => D:ProgramFilezSpybot – Search & Destroy 2SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => D:ProgramFilezSpybot – Search & Destroy 2SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers2: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => D:ProgramFilezCOMODOCOMODO Internet Securitycavshell.dll [2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:ProgramFilezMBAMmbshlext.dll [2021-05-06] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:WindowsSystem32DriverStoreFileRepositorynvlti.inf_amd64_3d3405e2f3440970nvshext.dll [2021-04-27] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => D:ProgramFilezCOMODOCOMODO Internet Securitycavshell.dll [2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:ProgramFilezMBAMmbshlext.dll [2021-05-06] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => D:ProgramFilezSpybot – Search & Destroy 2SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => D:ProgramFilezSpybot – Search & Destroy 2SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)
HKLMSYSTEMCurrentControlSetControlSafeBootMinimalMBAMService => “”=”Service”
HKLMSYSTEMCurrentControlSetControlSafeBootMinimalMBAMSwissArmy => “”=”Driver”
HKLMSYSTEMCurrentControlSetControlSafeBootNetworkMBAMService => “”=”Service”
HKLMSYSTEMCurrentControlSetControlSafeBootNetworkMBAMSwissArmy => “”=”Driver”
HKLMSYSTEMCurrentControlSetControlSafeBootOption => “OptionValue”=”2”
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerMain,Start Page = about:blank
HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerMain,Default_Page_URL =
HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL =
HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerMain,Default_Search_URL =
HKUS-1-5-21-1137129469-1377650283-1728635483-1001SoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU.DEFAULT…�07guard.com -> install.007guard.com
IE restricted site: HKU.DEFAULT…�08i.com -> 008i.com
IE restricted site: HKU.DEFAULT…�08k.com -> www.008k.com
IE restricted site: HKU.DEFAULT…�0hq.com -> www.00hq.com
IE restricted site: HKU.DEFAULT…�10402.com -> 010402.com
IE restricted site: HKU.DEFAULT…�32439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU.DEFAULT…�scan.com -> www.0scan.com
IE restricted site: HKU.DEFAULT…1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU.DEFAULT…1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU.DEFAULT…1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU.DEFAULT…1001namen.com -> www.1001namen.com
IE restricted site: HKU.DEFAULT…100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU.DEFAULT…100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU.DEFAULT…10sek.com -> www.10sek.com
IE restricted site: HKU.DEFAULT…12-26.net -> user1.12-26.net
IE restricted site: HKU.DEFAULT…12-27.net -> user1.12-27.net
IE restricted site: HKU.DEFAULT…123fporn.info -> www.123fporn.info
IE restricted site: HKU.DEFAULT…123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU.DEFAULT…123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU.DEFAULT…123simsen.com -> www.123simsen.com
There are 7942 more sites.
IE restricted site: HKUS-1-5-21-1137129469-1377650283-1728635483-1001…�07guard.com -> install.007guard.com
IE restricted site: HKUS-1-5-21-1137129469-1377650283-1728635483-1001…�08i.com -> 008i.com
IE restricted site: HKUS-1-5-21-1137129469-1377650283-1728635483-1001…�08k.com -> www.008k.com
IE restricted site: HKUS-1-5-21-1137129469-1377650283-1728635483-1001…�0hq.com -> www.00hq.com
IE restricted site: HKUS-1-5-21-1137129469-1377650283-1728635483-1001…�10402.com -> 010402.com
IE restricted site: HKUS-1-5-21-1137129469-1377650283-1728635483-1001…�32439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKUS-1-5-21-1137129469-1377650283-1728635483-1001…�scan.com -> www.0scan.com
IE restricted site: HKUS-1-5-21-1137129469-1377650283-1728635483-1001…1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKUS-1-5-21-1137129469-1377650283-1728635483-1001…1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKUS-1-5-21-1137129469-1377650283-1728635483-1001…1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKUS-1-5-21-1137129469-1377650283-1728635483-1001…1001namen.com -> www.1001namen.com
IE restricted site: HKUS-1-5-21-1137129469-1377650283-1728635483-1001…100888290cs.com -> mir.100888290cs.com
IE restricted site: HKUS-1-5-21-1137129469-1377650283-1728635483-1001…100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKUS-1-5-21-1137129469-1377650283-1728635483-1001…10sek.com -> www.10sek.com
IE restricted site: HKUS-1-5-21-1137129469-1377650283-1728635483-1001…12-26.net -> user1.12-26.net
IE restricted site: HKUS-1-5-21-1137129469-1377650283-1728635483-1001…12-27.net -> user1.12-27.net
IE restricted site: HKUS-1-5-21-1137129469-1377650283-1728635483-1001…123fporn.info -> www.123fporn.info
IE restricted site: HKUS-1-5-21-1137129469-1377650283-1728635483-1001…123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKUS-1-5-21-1137129469-1377650283-1728635483-1001…123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKUS-1-5-21-1137129469-1377650283-1728635483-1001…123simsen.com -> www.123simsen.com
There are 7942 more sites.
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 02:14 – 2021-05-15 17:20 – 000467687 ____N C:Windowssystem32driversetchosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
There are 15971 more lines.
2021-05-14 03:25 – 2021-05-14 03:27 – 000000524 _____ C:Windowssystem32driversetchosts.ics
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKUS-1-5-21-1137129469-1377650283-1728635483-1001Control PanelDesktopWallpaper -> C:UsersLEGENDDesktoptriangles_geometric_mosaic_124638_1920x1080.jpg
DNS Servers: 9.9.9.11 – 149.112.112.11
HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
Network Binding:
=============
Wi-Fi: COMODO Internet Security Firewall Driver -> inspect (enabled)
Ethernet: COMODO Internet Security Firewall Driver -> inspect (enabled)
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKUS-1-5-21-1137129469-1377650283-1728635483-1001…StartupApprovedRun: => “OneDrive”
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [Microsoft-Windows-Unified-Telemetry-Client] => (Block) C:Windowssystem32svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [TCP Query User{6605DCD4-8E2C-43DA-9E89-F589CC784460}D:gamezenlistedlauncher.exe] => (Allow) D:gamezenlistedlauncher.exe (Gaijin Network LTD -> Gaijin)
FirewallRules: [UDP Query User{52A0A0E9-D28B-4F6B-A6BB-E82B403EA176}D:gamezenlistedlauncher.exe] => (Allow) D:gamezenlistedlauncher.exe (Gaijin Network LTD -> Gaijin)
StandardProfileAuthorizedApplications: [D:ProgramFilezSpybot – Search & Destroy 2SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfileAuthorizedApplications: [D:ProgramFilezSpybot – Search & Destroy 2SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfileAuthorizedApplications: [D:ProgramFilezSpybot – Search & Destroy 2SDTray.exe] => Enabled:Spybot – Search & Destroy tray access
StandardProfileAuthorizedApplications: [D:ProgramFilezSpybot – Search & Destroy 2SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:118 GB) (Free:55.72 GB) (47%)
==================== Faulty Device Manager Devices ============
Name: Microsoft Hyper-V Virtualization Infrastructure Driver
Description: Microsoft Hyper-V Virtualization Infrastructure Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: Vid
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click “Update Driver”, which starts the Hardware Update wizard.
Name: Intel® Display Audio
Description: Intel® Display Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel® Corporation
Service: IntcDAud
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: ========================
Application errors:
==================
Error: (05/16/2021 08:10:58 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.
Error: (05/16/2021 08:10:58 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
Error: (05/16/2021 08:10:58 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.
Error: (05/16/2021 08:10:58 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
Error: (05/16/2021 08:04:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Exception code: 0xc0000005
Fault offset: 0x00005c92
Faulting process id: 0x2b4c
Faulting application start time: 0x01d74a64c0a7a78c
Faulting application path: D:ProgramFilezSpybot – Search & Destroy 2SDUpdate.exe
Faulting module path: D:ProgramFilezSpybot – Search & Destroy 2SDUpdate.exe
Report Id: 315686ca-b26b-475d-8530-857cee63f9e5
Faulting package full name:
Faulting package-relative application ID:
Error: (05/16/2021 07:04:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Exception code: 0xc0000005
Fault offset: 0x00005c92
Faulting process id: 0xb10
Faulting application start time: 0x01d74a5c5edd5f91
Faulting application path: D:ProgramFilezSpybot – Search & Destroy 2SDUpdate.exe
Faulting module path: D:ProgramFilezSpybot – Search & Destroy 2SDUpdate.exe
Report Id: 1d638c6b-f30f-45e5-b121-f724b75b2cad
Faulting package full name:
Faulting package-relative application ID:
Error: (05/16/2021 06:44:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Exception code: 0xc0000005
Fault offset: 0x00005c92
Faulting process id: 0x23fc
Faulting application start time: 0x01d74a59939aebf6
Faulting application path: D:ProgramFilezSpybot – Search & Destroy 2SDUpdate.exe
Faulting module path: D:ProgramFilezSpybot – Search & Destroy 2SDUpdate.exe
Report Id: bc0e6148-c5cd-4319-89ef-aca8f7c5df5f
Faulting package full name:
Faulting package-relative application ID:
Error: (05/16/2021 06:14:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Exception code: 0xc0000005
Fault offset: 0x00005c92
Faulting process id: 0x309c
Faulting application start time: 0x01d74a5562b657e0
Faulting application path: D:ProgramFilezSpybot – Search & Destroy 2SDUpdate.exe
Faulting module path: D:ProgramFilezSpybot – Search & Destroy 2SDUpdate.exe
Report Id: 99eb5f1b-51d3-4584-8a84-dd05cf06a033
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (05/16/2021 08:27:21 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-UFKFA32)
Description: DCOM got error “1084” attempting to start the service ShellHWDetection with arguments “Unavailable” in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (05/16/2021 08:24:29 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-UFKFA32)
Description: DCOM got error “1084” attempting to start the service ShellHWDetection with arguments “Unavailable” in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (05/16/2021 08:24:08 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-UFKFA32)
Description: DCOM got error “1084” attempting to start the service WSearch with arguments “Unavailable” in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}
Error: (05/16/2021 08:24:08 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-UFKFA32)
Description: DCOM got error “1084” attempting to start the service ShellHWDetection with arguments “Unavailable” in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (05/16/2021 08:23:27 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-UFKFA32)
Description: DCOM got error “1084” attempting to start the service VSS with arguments “Unavailable” in order to run the server:
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
Error: (05/16/2021 08:23:27 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-UFKFA32)
Description: DCOM got error “1084” attempting to start the service VSS with arguments “Unavailable” in order to run the server:
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
Error: (05/16/2021 08:23:27 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-UFKFA32)
Description: DCOM got error “1084” attempting to start the service VSS with arguments “Unavailable” in order to run the server:
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
Error: (05/16/2021 08:23:24 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-UFKFA32)
Description: DCOM got error “1084” attempting to start the service ShellHWDetection with arguments “Unavailable” in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
CodeIntegrity:
===============
Date: 2021-05-16 08:10:56
Description:
Code Integrity determined that a process (DeviceHarddiskVolume5WindowsSystem32svchost.exe) attempted to load DeviceHarddiskVolume5Program FilesBitdefender Antivirus Freebdamsi265232484547332704antimalware_provider64.dll that did not meet the Windows signing level requirements.
Date: 2021-05-16 07:58:34
Description:
Code Integrity determined that a process (DeviceHarddiskVolume5WindowsSystem32svchost.exe) attempted to load DeviceHarddiskVolume2ProgramFilezMalwarebytes Anti-Exploitmbae64.dll that did not meet the Windows signing level requirements.
Date: 2021-05-16 07:58:34
Description:
Windows is unable to verify the image integrity of the file DeviceHarddiskVolume5WindowsSystem32guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
BIOS: LENOVO 8JCN56WW 11/30/2020
Motherboard: LENOVO LNVNB161216
Processor: Intel® Core i7-8750H CPU @ 2.20GHz
Percentage of memory in use: 15%
Total physical RAM: 16257.3 MB
Available physical RAM: 13693.57 MB
Total Virtual: 18689.3 MB
Available Virtual: 16389.67 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:118 GB) (Free:55.72 GB) NTFS
Drive d: () (Fixed) (Total:931.5 GB) (Free:603.08 GB) NTFS
?Volume{cb3b9f5e-02d5-4deb-9207-1acd5133c441} (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.5 GB) NTFS
?Volume{d47ca45b-26e5-465c-ac13-a2ee2353f6aa} (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 119.2 GB) (Disk ID: 182ABB34)
Partition: GPT.
==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: A6CB2651)
Partition: GPT.
==================== End of Addition.txt =======================
Edited by BlindKD, 15 May 2021 – 07:51 PM.
