System : Windows 10, Version 22H2 (OS Build 19045.2846)
ย
Hello, something is happening that keeps changing the MD5 sums of certain files. I have downloaded game repacks using qBittorrent and after finishing the download, need to verify bin files. Since the past couple of days, I am noticing that after the files finish downloading, the verification check comes clean, but some time later, the files are being somehow corrupted so that the MD5 checksum does not match what it was initially after download.
ย
After this, I force recheck the torrent and suddenly there are a few pieces that are corrupted or missing - usually a few MB of data. I redownload those missing pieces, verify files, everything comes ok, and then again after sometime the MD5 check fails. Recheck the torrent and this time a few new chunks are missing/corrupted. This process keeps repeating, and is only happening to downloads this month (like a bad April Fools joke). Older torrents are all clean somehow.
ย
I thought there might be a problem with qB, so I tried downgrading it to the previous version that I was using last month, but the problem remains. Even tried downloading the files from DDL sites in rar format. After extracting, MD5 is ok, but few minutes later, CRC mismatch. Confirmed this using Get-FileHash command in PowerShell. Also, in files properties, Date modified times do not change.
ย
I am not sure is this is a Virus, Trojan, Spyware or Malware, or even a hardware issue. Windows Defender says everything is ok. So I tried Windows Malicious Software Removal Tool, Malwarebytes, Avast, HijackThis, Rkill - none give a definite answer. I have run FRST64 and including logs below. Any help in solving this issue is greatly appreciated. Thank you.
ย
ย
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-04-2023
Ran by CapriKornus (administrator) on LAPTOP-CGVDV5FK (Acer Nitro AN515-57) (18-04-2023 02:39:27)
Running from C:\Users\CapriKornus\Downloads\FRST64.exe
Loaded Profiles: CapriKornus & Sir.Doge
Platform: Microsoft Windows 10 Home Single Language Version 22H2 19045.2846 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\NitroSense Service\PSAgent.exe
(C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
(C:\Program Files\Acer\NitroSense Service\PSSvc.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\NitroSense Service\PSAdminAgent.exe
(C:\Program Files\Acer\Quick Access Service\QASvc.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QAAdminAgent.exe
(C:\Program Files\Acer\Quick Access Service\QASvc.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QAAgent.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(drivers\RivetNetworks\Killer\KAPSService.exe ->) (Rivet Networks LLC -> Rivet Networks LLC) C:\Windows\System32\drivers\RivetNetworks\Killer\KAPS.exe
(drivers\RivetNetworks\Killer\xTendUtilityService.exe ->) (Rivet Networks LLC -> Rivet Networks LLC) C:\Windows\System32\drivers\RivetNetworks\Killer\xTendUtility.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_baf36d4852e8e257\igfxCUIServiceN.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_baf36d4852e8e257\igfxEMN.exe
(explorer.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> ) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.4232.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MdSched.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <31>
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(services.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\NitroSense Service\PSSvc.exe
(services.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QASvc.exe
(services.exe ->) (DTS, Inc. -> DTS Inc.) C:\Windows\System32\DTS\PC\APO4x\DtsApo4Service.exe
(services.exe ->) (GoTrustID Inc -> GOTrustID Inc.) C:\Program Files\GoTrust ID Plugin\Bridge_Service.exe
(services.exe ->) (GOTrustID Inc.) [File not signed] C:\Program Files\GoTrust ID Plugin\GoTrust ID Plugin\GTFidoService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_baf36d4852e8e257\igfxCUIServiceN.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_eede4da71d933122\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorvd.inf_amd64_a5ea1b1d8db1527e\RstMwService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_a439e07c373809e2\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_e31d62740aef2af9\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_e2f37014c00c6170\AS\IAS\IntelAudioService.exe
(services.exe ->) (Intelยฎ Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.GamingServices_11.76.5001.0_x64__8wekyb3d8bbwe\gamingservices.exe
(services.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.GamingServices_11.76.5001.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe <2>
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvaci.inf_amd64_2c3fb039f84a3e84\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_aca6886fc90e37cd\RtkAudUService64.exe <3>
(services.exe ->) (Rivet Networks LLC -> Rivet Networks) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe
(services.exe ->) (Rivet Networks LLC -> Rivet Networks) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe
(services.exe ->) (Rivet Networks LLC -> Rivet Networks, LLC.) C:\Windows\System32\drivers\RivetNetworks\Killer\KAPSService.exe
(services.exe ->) (Rivet Networks LLC -> Rivet Networks, LLC.) C:\Windows\System32\drivers\RivetNetworks\Killer\xTendUtilityService.exe
(svchost.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\ePowerButton_NB.exe
(svchost.exe ->) (Acer Incorporated -> Microsoft) C:\Program Files\Acer\StorPSCTL\StorPSCTL.exe
(svchost.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> ) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.4232.0_x64__8j3eq9eme6ctt\IGCC.exe
(svchost.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_baf36d4852e8e257\igfxextN.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.822.9161.0_x64__8wekyb3d8bbwe\GameBar.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.822.9161.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (SweetLabs Inc -> SweetLabs, Inc) C:\Users\CapriKornus\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_aca6886fc90e37cd\RtkAudUService64.exe [1253432 2021-03-19] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [711288 2023-01-09] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe [292104 2023-02-28] (Intel Corporation -> Intel)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-1169668711-3814946951-4088407119-1001\...\Run: [Steam] => D:\Program Files (x86)\Steam\steam.exe [4246376 2022-12-16] (Valve Corp. -> Valve Corporation)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {025D7CA9-B58D-4B53-BA58-D79197C26F5E} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141192 2023-04-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {150E4D25-A0ED-4417-ACEB-065079B15E31} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intelยฎ Update Manager\bin\iumsvc.exe --automatic (No File)
Task: {1754EEB5-DA07-4365-A071-A4DBCB6D6285} - System32\Tasks\Quick Access => C:\Program Files\Acer\Quick Access Service\QALauncher.exe [446624 2022-01-03] (Acer Incorporated -> Acer Incorporated)
Task: {23FE004A-9E19-41D0-8684-1DB9777918F6} - System32\Tasks\GoTrust ID Driver => C:\Program Files\GoTrust ID Plugin\Resource\GO-Trust_ID_Driver.exe [68192 2020-09-08] (GoTrustID Inc -> )
Task: {24C67236-15AE-4863-889A-DED58B8BA752} - System32\Tasks\Oem\AcerJumpstartTask => C:\Program Files (x86)\Acer\Acer Jumpstart\hermes.exe [70792 2022-08-15] (Acer Incorporated -> )
Task: {275FB2EC-E4A9-4B1C-9ED6-192ED3FB2869} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2E7837D7-F2DA-480A-8EB2-9FAA32FFA243} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3D4999C1-5F99-4D0A-9B07-3DFCBF1B84A5} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program Service\Framework\TriggerFramework.exe [268328 2020-11-18] (Acer Incorporated -> Acer Incorporated)
Task: {40594A76-392D-4B41-B2D1-300B88056AF0} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [4836512 2021-12-30] (Acer Incorporated -> )
Task: {40934637-0F97-46BE-810E-0D9C20DDC0E0} - System32\Tasks\NitroSense => C:\Program Files\Acer\NitroSense Service\PSLauncher.exe [610832 2021-03-26] (Acer Incorporated -> Acer Incorporated)
Task: {4154DEF7-EEEF-4268-A920-9C555E3B79BB} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21864416 2023-03-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {47AEF9BA-F262-4E57-8578-05D5A2081215} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-03-15] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {4A08FC5C-DB91-4D1A-AC40-537FE00BC61D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21864416 2023-03-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {4D700139-828C-4E65-BE3F-6650071BCB1F} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1169668711-3814946951-4088407119-1005 => C:\Users\CapriKornus\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)
Task: {50A2D6AD-6AB7-4DD9-AE58-0BC6514DB109} - System32\Tasks\StorPSCTL => C:\Program Files\Acer\StorPSCTL\StorPSCTL.exe [153640 2020-09-18] (Acer Incorporated -> Microsoft)
Task: {5405C2AF-8D63-4B73-BDF6-3EB9AACA3F62} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5779D776-CD79-4FEA-80A2-7FC1FAB392B9} - System32\Tasks\CCleanerCrashReporting => D:\Program Files\CCleaner\CCleanerBugReport.exe [4703544 2023-02-08] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "D:\Program Files\CCleaner\LOG" --programpath "D:\Program Files\CCleaner" --configpath "D:\Program Files\CCleaner\Setup" --guid "e830f940-7b7a-4956-98a3-f3b4c9c739af" --version "6.09.10300" --silent
Task: {58D32313-E6D5-436E-96B1-80EAE9477CAD} - System32\Tasks\Power Button => C:\Program Files\Acer\Quick Access Service\ePowerButton_NB.exe [2771616 2022-01-03] (Acer Incorporated -> Acer Incorporated)
Task: {63F284C5-0839-4153-B490-88F2E231618F} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141192 2023-04-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {832B7111-1F8F-4A8F-9C79-5BD3F549A377} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [7056328 2022-10-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {8714F108-1897-4AEF-8BFC-B8C813AE1D9E} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1169668711-3814946951-4088407119-1005 => C:\Users\CapriKornus\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (No File)
Task: {87E2DC26-EAD9-4A01-8DB9-92B484E6C62F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [7056328 2022-10-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {8BE7D7FB-8F42-438C-9E25-800E217F87F1} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A66CA2E7-0BC0-4787-AE88-17527287952E} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [461472 2021-12-30] (Acer Incorporated -> Acer Incorporated)
Task: {AB8221D9-54F6-48C7-A192-2075DCA738CC} - System32\Tasks\AcerCMUpdateTask2.5.22250 => C:\Program Files (x86)\Acer\Amundsen\2.5.22250\awc.exe [96904 2022-09-25] (Acer Incorporated -> )
Task: {ABC41D81-7BBF-4180-B376-3A677BBD7BFD} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1169668711-3814946951-4088407119-500 => C:\Users\CapriKornus\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)
Task: {AC7A54C5-13C6-4E5B-AF17-736B5AA4EED2} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B9A034B0-79DE-4B84-AAB9-BE0ED010FD58} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [41632 2021-12-30] (Acer Incorporated -> )
Task: {BCC04553-3A07-46C1-BB18-AC104D0D2353} - System32\Tasks\App Explorer => C:\Users\CapriKornus\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7574560 2023-03-30] (SweetLabs Inc -> SweetLabs, Inc) <==== ATTENTION
Task: {CB8B3B42-4DAA-4D2C-BA8D-A96ECE2AF0F0} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342376 2023-01-27] (Nvidia Corporation -> NVIDIA Corporation)
Task: {CE681F07-761A-422A-8F09-5480F875D327} - System32\Tasks\UEIPInvitation => C:\Program Files\Acer\User Experience Improvement Program Service\Framework\UEIPOOBECheck.exe [2211368 2020-11-18] (Acer Incorporated -> Acer Incorporated)
Task: {D355DFD3-B4A5-4EDB-B5D3-AE20B481139C} - System32\Tasks\SU_AutoUpdate => C:\Program Files (x86)\IObit\Software Updater\SoftwareUpdater.exe /Task_AutoUpdate (No File)
Task: {D3B4874D-678B-4DB7-86DD-9D4CF6A88150} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [718752 2023-04-17] (Mozilla Corporation -> Mozilla Foundation)
Task: {D5A3AB67-9077-46A3-ABEE-03F29413E565} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-1169668711-3814946951-4088407119-1001 => {201600D8-6EFF-48CE-B842-E14D37A0682D} C:\Windows\System32\wpninprc.dll [24064 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {E11A046E-6C46-4F10-8273-6FD7A1C38E0E} - System32\Tasks\CCleanerSkipUAC - CapriKornus => D:\Program Files\CCleaner\CCleaner.exe [32631096 2023-02-08] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {E1C7738B-B5D7-481B-82C4-BB32ADF4C25D} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [5002032 2022-12-07] (Intel Corporation -> Intel Corporation)
Task: {EB8956EF-B342-4BE8-AC2F-8835DAF16CCD} - System32\Tasks\CCleaner Update => D:\Program Files\CCleaner\CCUpdate.exe [684976 2023-02-08] (Piriform Software Ltd -> Piriform)
Task: {EE79128A-DCE7-4893-9B1E-5FE4F19286AE} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2971808 2021-12-30] (Acer Incorporated -> )
Task: {F6A2B376-C053-43AC-A3BD-DC9C14372704} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649784 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FC118696-6DAF-4957-BB85-7D6C34CD4B85} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FF71C422-F426-45A1-ADC5-CE3B43C42396} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [5002032 2022-12-07] (Intel Corporation -> Intel Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\CCleanerCrashReporting.job => D:\Program Files\CCleaner\CCleanerBugReport.exe
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{12643438-8c2a-474e-a611-51a9985469f4}: [DhcpNameServer] 192.168.0.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\CapriKornus\AppData\Local\Microsoft\Edge\User Data\Default [2023-04-17]
Edge Extension: (h265ify) - C:\Users\CapriKornus\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hpamdcillfipbkdijibjoojnofelpgjb [2022-10-26]
Edge Extension: (uBlock Origin) - C:\Users\CapriKornus\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2023-03-23]
Edge HKU\S-1-5-21-1169668711-3814946951-4088407119-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [llbjbkhnmlidjebalopleeepgdfgcpec] - D:\Program Files (x86)\Internet Download Manager\IDMEdgeExt.crx [2023-04-06]
FireFox:
========
FF DefaultProfile: bd519ztg.default
FF ProfilePath: C:\Users\CapriKornus\AppData\Roaming\Mozilla\Firefox\Profiles\bd519ztg.default [2021-11-06]
FF Homepage: Mozilla\Firefox\Profiles\bd519ztg.default -> hxxps://mysearchengine.co/homepage?hp=1&bitmask=9996&pId=BT170902&iDate=2021-11-06 10:11:40&bName=
FF ProfilePath: C:\Users\CapriKornus\AppData\Roaming\Mozilla\Firefox\Profiles\2o9755y5.default-release [2023-04-18]
FF NewTab: Mozilla\Firefox\Profiles\2o9755y5.default-release -> hxxps://mysearchengine.co/homepage?hp=1&bitmask=9996&pId=BT170902&iDate=2021-11-06 10:11:40&bName=
FF Extension: (Dark Reader) - C:\Users\CapriKornus\AppData\Roaming\Mozilla\Firefox\Profiles\2o9755y5.default-release\Extensions\addon@darkreader.org.xpi [2023-04-13]
FF Extension: (Browsec VPN - Free VPN for Firefox) - C:\Users\CapriKornus\AppData\Roaming\Mozilla\Firefox\Profiles\2o9755y5.default-release\Extensions\browsec@browsec.com.xpi [2023-04-11]
FF Extension: (Enhancer for YouTubeโข) - C:\Users\CapriKornus\AppData\Roaming\Mozilla\Firefox\Profiles\2o9755y5.default-release\Extensions\enhancerforyoutube@maximerf.addons.mozilla.org.xpi [2023-03-18]
FF Extension: (Ghostery โ Privacy Ad Blocker) - C:\Users\CapriKornus\AppData\Roaming\Mozilla\Firefox\Profiles\2o9755y5.default-release\Extensions\firefox@ghostery.com.xpi [2023-04-10]
FF Extension: (Tampermonkey) - C:\Users\CapriKornus\AppData\Roaming\Mozilla\Firefox\Profiles\2o9755y5.default-release\Extensions\firefox@tampermonkey.net.xpi [2022-11-16]
FF Extension: (Language: English (US)) - C:\Users\CapriKornus\AppData\Roaming\Mozilla\Firefox\Profiles\2o9755y5.default-release\Extensions\langpack-en-US@firefox.mozilla.org.xpi [2023-04-17]
FF Extension: (IDM Integration Module) - C:\Users\CapriKornus\AppData\Roaming\Mozilla\Firefox\Profiles\2o9755y5.default-release\Extensions\mozilla_cc3@internetdownloadmanager.com.xpi [2023-04-17]
FF Extension: (uBlock Origin) - C:\Users\CapriKornus\AppData\Roaming\Mozilla\Firefox\Profiles\2o9755y5.default-release\Extensions\uBlock0@raymondhill.net.xpi [2023-04-07]
FF Extension: (Dark Mode) - C:\Users\CapriKornus\AppData\Roaming\Mozilla\Firefox\Profiles\2o9755y5.default-release\Extensions\{830f38bd-efc5-45dc-a5a6-064d9a638806}.xpi [2022-07-24]
FF Extension: (DownThemAll!) - C:\Users\CapriKornus\AppData\Roaming\Mozilla\Firefox\Profiles\2o9755y5.default-release\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2023-02-27]
FF Extension: (Greasemonkey) - C:\Users\CapriKornus\AppData\Roaming\Mozilla\Firefox\Profiles\2o9755y5.default-release\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2021-11-06]
FF HKU\S-1-5-21-1169668711-3814946951-4088407119-1001\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\CapriKornus\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi
FF Extension: (Ace Script) - C:\Users\CapriKornus\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi [2018-01-25]
FF HKU\S-1-5-21-1169668711-3814946951-4088407119-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\CapriKornus\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\CapriKornus\AppData\Roaming\IDM\idmmzcc5 [2023-04-17] [Legacy] [not signed]
FF HKU\S-1-5-21-1169668711-3814946951-4088407119-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - D:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - D:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]
FF Plugin: @java.com/DTPlugin,version=11.361.2 -> C:\Program Files\Java\jre1.8.0_361\bin\dtplugin\npDeployJava1.dll [2023-01-09] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.361.2 -> C:\Program Files\Java\jre1.8.0_361\bin\plugin2\npjp2.dll [2023-01-09] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->ย Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-12-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-09] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-09] (VideoLAN -> VideoLAN)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> D:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-06-01] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> D:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-06-01] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> D:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-06-01] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> D:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-06-01] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> D:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-06-01] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->ย Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-12-01] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - D:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2023-04-06]
CHR HKU\S-1-5-21-1169668711-3814946951-4088407119-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo]
CHR HKU\S-1-5-21-1169668711-3814946951-4088407119-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - D:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2023-04-06]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - D:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2023-04-06]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 ACCSvc; C:\Program Files (x86)\Acer\Care Center\ACCSvc.exe [259232 2021-12-30] (Acer Incorporated -> Acer Incorporated)
S3 CCleanerPerformanceOptimizerService; D:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1001272 2023-02-08] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
S4 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9198512 2023-03-30] (Microsoft Corporation -> Microsoft Corporation)
R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [42760 2023-02-28] (Intel Corporation -> Intel)
R3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [211208 2023-02-28] (Intel Corporation -> Intel)
R2 DtsApo4Service; C:\Windows\System32\DTS\PC\APO4x\DtsApo4Service.exe [210872 2021-03-22] (DTS, Inc. -> DTS Inc.)
S4 FoxitReaderUpdateService; D:\Program Files (x86)\Foxit Software\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe [2358800 2022-05-19] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
R2 GamingServices; C:\Program Files\WindowsApps\Microsoft.GamingServices_11.76.5001.0_x64__8wekyb3d8bbwe\GamingServices.exe [75256 2023-04-14] (Microsoft Corporation -> )
R2 GamingServicesNet; C:\Program Files\WindowsApps\Microsoft.GamingServices_11.76.5001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe [75256 2023-04-14] (Microsoft Corporation -> )
R2 GoTrust ID Plugin; C:\Program Files\GoTrust ID Plugin\GoTrust ID Plugin\GTFidoService.exe [15360 2020-09-08] (GOTrustID Inc.) [File not signed]
R2 GoTrustID Service; C:\Program Files\GoTrust ID Plugin\Bridge_Service.exe [336992 2020-09-08] (GoTrustID Inc -> GOTrustID Inc.)
R2 IntelAudioService; C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_e2f37014c00c6170\\AS\\IAS\\IntelAudioService.exe [543352 ] (Intel Corporation -> Intel)
R3 KAPSService; C:\Windows\System32\drivers\RivetNetworks\Killer\KAPSService.exe [82080 2020-10-06] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 Killer Analytics Service; C:\Windows\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe [1783992 2020-10-06] (Rivet Networks LLC -> Rivet Networks)
R2 Killer Network Service; C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe [2671800 2020-10-06] (Rivet Networks LLC -> Rivet Networks)
S3 KNDBWM; C:\Windows\System32\drivers\RivetNetworks\Killer\KNDBWMService.exe [82088 2020-10-06] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9098608 2023-04-17] (Malwarebytes Inc. -> Malwarebytes)
R3 PSSvc; C:\Program Files\Acer\NitroSense Service\PSSvc.exe [841744 2021-03-26] (Acer Incorporated -> Acer Incorporated)
S3 QALSvc; C:\Program Files\Acer\Quick Access Service\QALSvc.exe [466080 2022-01-03] (Acer Incorporated -> Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Quick Access Service\QASvc.exe [504480 2022-01-03] (Acer Incorporated -> Acer Incorporated)
S4 TeamViewer; D:\Program Files\TeamViewer\TeamViewer_Service.exe [16197432 2022-10-12] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program Service\Framework\UBTService.exe [342568 2020-11-18] (Acer Incorporated -> Acer Incorporated)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\NisSrv.exe [3228400 2023-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MsMpEng.exe [133536 2023-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 xTendSoftAPService; C:\Windows\System32\drivers\RivetNetworks\Killer\xTendSoftAPService.exe [82096 2020-10-06] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 xTendUtilityService; C:\Windows\System32\drivers\RivetNetworks\Killer\xTendUtilityService.exe [82096 2020-10-06] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvaci.inf_amd64_2c3fb039f84a3e84\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nvaci.inf_amd64_2c3fb039f84a3e84\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AcerAirplaneModeController; C:\Windows\System32\drivers\AcerAirplaneModeController.sys [36800 2022-06-02] (Acer Incorporated -> Acer Incorporated)
S3 dtproscsibus; C:\Windows\System32\drivers\dtproscsibus.sys [42472 2021-11-07] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2023-04-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 iaLPSS2_GPIO2_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_2546dafe2183e972\iaLPSS2_GPIO2_TGL.sys [131224 2021-12-22] (Intel Corporation -> Intel Corporation)
S3 iaLPSS2_I2C_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_1308f85f1b0adf27\iaLPSS2_I2C_TGL.sys [204440 2021-12-22] (Intel Corporation -> Intel Corporation)
S3 iaLPSS2_SPI_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_spi_tgl.inf_amd64_fc1ed3a5a1d514f2\iaLPSS2_SPI_TGL.sys [158352 2021-12-22] (Intel Corporation -> Intel Corporation)
S3 iaLPSS2_UART2_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_uart2_tgl.inf_amd64_cd8c3a141c1b1284\iaLPSS2_UART2_TGL.sys [313504 2021-12-22] (Intel Corporation -> Intel Corporation)
R0 iaStorVD; C:\Windows\System32\drivers\iaStorVD.sys [1544912 2021-11-06] (Intel Corporation -> Intel Corporation)
R2 IDMWFP; C:\Windows\System32\drivers\idmwfp.sys [171512 2023-02-15] (Microsoft Windows Hardware Compatibility Publisher -> Tonec Inc.)
R3 IntcUSB; C:\Windows\System32\DriverStore\FileRepository\intcusb.inf_amd64_cb2075debe05eee2\IntcUSB.sys [920688 2022-11-25] (Intel Corporation -> Intelยฎ Corporation)
S3 IntelGNA; C:\Windows\System32\DriverStore\FileRepository\gna.inf_amd64_689d3d5fefeef458\gna.sys [84880 2020-11-06] (Gaussian Mixture Models and Neural Networks Accelerator -> Intel Corporation)
R3 KfeCoSvc; C:\Windows\System32\drivers\RivetNetworks\Killer\KfeCo10X64.sys [201096 2020-10-06] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223176 2023-04-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2023-04-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [198584 2023-04-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [77736 2023-04-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2023-04-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [181816 2023-04-17] (Malwarebytes Inc. -> Malwarebytes)
R3 NvModuleTracker; C:\Windows\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2022-07-14] (Nvidia Corporation -> NVIDIA Corporation)
R3 nvpcf; C:\Windows\System32\drivers\nvpcf.sys [238608 2023-02-25] (NVIDIA Corporation -> NVIDIA Corporation)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [49600 2023-04-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [497920 2023-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [99608 2023-04-12] (Microsoft Windows -> Microsoft Corporation)
U3 aswbdisk; no ImagePath
S3 semav6msr64; \??\C:\Windows\system32\drivers\semav6msr64.sys [X]
S3 SrvcWTDMIOMngr; \??\C:\OEM\OA30\WTDMIoMngr.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-04-18 02:39 - 2023-04-18 02:39 - 000036893 _____ C:\Users\CapriKornus\Downloads\FRST.txt
2023-04-18 02:37 - 2023-04-18 02:39 - 000000000 ____D C:\FRST
2023-04-18 02:37 - 2023-04-18 02:37 - 002380288 _____ (Farbar) C:\Users\CapriKornus\Downloads\FRST64.exe
2023-04-18 02:23 - 2023-04-18 02:24 - 000002882 _____ C:\Users\CapriKornus\Desktop\Rkill.txt
2023-04-18 02:23 - 2023-04-18 02:23 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\CapriKornus\Downloads\rkill.exe
2023-04-17 22:00 - 2023-04-17 22:00 - 000181816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2023-04-17 20:40 - 2023-04-17 20:41 - 000000000 ____D C:\Users\CapriKornus\AppData\Local\Avast Software
2023-04-17 20:40 - 2023-04-17 20:40 - 000000000 ____D C:\Users\CapriKornus\AppData\Roaming\Avast Software
2023-04-17 20:39 - 2023-04-17 20:39 - 000076664 _____ (Avast Software) C:\Windows\system32\Drivers\asw8c3ca3a5bfc2b7ec.tmp
2023-04-17 20:38 - 2023-04-17 20:38 - 000313240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2023-04-17 20:38 - 2023-04-17 20:38 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2023-04-17 20:37 - 2023-04-17 20:49 - 000000000 ____D C:\ProgramData\Avast Software
2023-04-17 20:37 - 2023-04-17 20:49 - 000000000 ____D C:\Program Files\Avast Software
2023-04-17 20:37 - 2023-04-17 20:37 - 000263512 _____ (AVAST Software) C:\Users\CapriKornus\Downloads\avast_one_free_antivirus.exe
2023-04-17 04:54 - 2023-04-17 04:54 - 000004881 _____ C:\Users\CapriKornus\Downloads\startuplist.txt
2023-04-17 04:49 - 2023-04-17 04:52 - 000000000 ____D C:\Users\CapriKornus\Downloads\backups
2023-04-17 04:45 - 2023-04-17 04:45 - 000388608 _____ (Trend Micro Inc.) C:\Users\CapriKornus\Downloads\HijackThis.exe
2023-04-17 04:34 - 2023-04-17 04:34 - 000000000 ____D C:\Users\CapriKornus\AppData\Local\mbam
2023-04-17 04:33 - 2023-04-17 04:33 - 000002037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2023-04-17 04:33 - 2023-04-17 04:33 - 000002025 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2023-04-17 04:32 - 2023-04-17 04:32 - 000000000 ____D C:\ProgramData\Malwarebytes
2023-04-17 04:32 - 2023-04-17 04:32 - 000000000 ____D C:\Program Files\Malwarebytes
2023-04-17 04:31 - 2023-04-17 04:31 - 002649088 _____ (Malwarebytes) C:\Users\CapriKornus\Downloads\MBSetup.exe
2023-04-17 04:18 - 2023-04-17 04:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2023-04-17 01:25 - 2023-04-17 21:02 - 000000000 ____D C:\Users\CapriKornus\AppData\Roaming\IDM
2023-04-17 01:25 - 2023-04-17 04:46 - 000000000 ____D C:\Users\CapriKornus\AppData\Roaming\DMCache
2023-04-17 01:25 - 2023-04-17 01:25 - 000000000 ____D C:\Users\CapriKornus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2023-04-17 01:25 - 2023-04-17 01:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2023-04-17 01:25 - 2023-04-17 01:25 - 000000000 ____D C:\ProgramData\IDM
2023-04-17 01:23 - 2023-04-17 01:23 - 011317840 _____ (Tonec Inc.) C:\Users\CapriKornus\Downloads\IDMan641build11f.exe
2023-04-17 00:33 - 2023-04-17 00:39 - 000000000 ____D C:\Users\CapriKornus\AppData\Local\Softdeluxe
2023-04-17 00:23 - 2023-04-17 00:25 - 000000000 ____D C:\Users\CapriKornus\.xdman
2023-04-17 00:23 - 2023-04-17 00:23 - 000000000 _____ C:\Users\CapriKornus\.xdm-global-lock
2023-04-16 19:26 - 2023-04-16 19:26 - 000563545 _____ C:\Users\CapriKornus\Downloads\Model_Bye_Laws_of_Coop_Housing_Society.pdf
2023-04-16 09:19 - 2023-04-16 09:19 - 000000000 ____D C:\Windows\LastGood.Tmp
2023-04-16 09:17 - 2023-04-10 23:54 - 002172472 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2023-04-16 09:17 - 2023-04-10 23:54 - 002172472 _____ C:\Windows\system32\vulkaninfo.exe
2023-04-16 09:17 - 2023-04-10 23:54 - 001607728 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2023-04-16 09:17 - 2023-04-10 23:54 - 001607728 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2023-04-16 09:17 - 2023-04-10 23:54 - 001487912 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2023-04-16 09:17 - 2023-04-10 23:54 - 001479264 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2023-04-16 09:17 - 2023-04-10 23:54 - 001479264 _____ C:\Windows\system32\vulkan-1.dll
2023-04-16 09:17 - 2023-04-10 23:54 - 001226776 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2023-04-16 09:17 - 2023-04-10 23:54 - 001211440 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2023-04-16 09:17 - 2023-04-10 23:54 - 001211440 _____ C:\Windows\SysWOW64\vulkan-1.dll
2023-04-16 09:17 - 2023-04-10 23:50 - 001535976 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2023-04-16 09:17 - 2023-04-10 23:50 - 000852008 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2023-04-16 09:17 - 2023-04-10 23:50 - 000671256 _____ C:\Windows\system32\nvofapi64.dll
2023-04-16 09:17 - 2023-04-10 23:50 - 000506920 _____ C:\Windows\SysWOW64\nvofapi.dll
2023-04-16 09:17 - 2023-04-10 23:49 - 002166296 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2023-04-16 09:17 - 2023-04-10 23:49 - 001621016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2023-04-16 09:17 - 2023-04-10 23:49 - 001195008 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2023-04-16 09:17 - 2023-04-10 23:49 - 000978968 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2023-04-16 09:17 - 2023-04-10 23:49 - 000759296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2023-04-16 09:17 - 2023-04-10 23:49 - 000741400 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2023-04-16 09:17 - 2023-04-10 23:48 - 013768728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2023-04-16 09:17 - 2023-04-10 23:48 - 011650088 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2023-04-16 09:17 - 2023-04-10 23:48 - 006084136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2023-04-16 09:17 - 2023-04-10 23:48 - 005911552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcudadebugger.dll
2023-04-16 09:17 - 2023-04-10 23:48 - 005834776 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2023-04-16 09:17 - 2023-04-10 23:48 - 003429912 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2023-04-16 09:17 - 2023-04-10 23:48 - 000457752 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2023-04-16 09:17 - 2023-04-10 23:46 - 000853016 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2023-04-16 09:17 - 2023-04-10 23:45 - 006798784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2023-04-16 09:17 - 2023-04-08 18:42 - 000104369 _____ C:\Windows\system32\nvinfo.pb
2023-04-12 22:13 - 2023-04-12 22:13 - 000000000 ___HD C:\$WinREAgent
2023-04-12 00:12 - 2023-04-12 00:12 - 000000000 ____D C:\Users\CapriKornus\AppData\Local\UnrealEngine
2023-04-12 00:12 - 2023-04-12 00:12 - 000000000 ____D C:\Users\CapriKornus\AppData\Local\Hk_project
2023-04-11 02:17 - 2023-04-11 02:17 - 000000000 ____D C:\Users\CapriKornus\AppData\LocalLow\PillowCastle
2023-04-05 01:03 - 2023-04-05 01:16 - 000000000 ____D C:\Users\CapriKornus\AppData\Roaming\Goldberg SteamEmu Saves
2023-04-05 01:03 - 2023-04-05 01:03 - 000000000 ____D C:\Users\CapriKornus\AppData\LocalLow\Black Salt Games
2023-04-04 00:47 - 2023-04-04 00:47 - 000001448 _____ C:\Users\CapriKornus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portal Collection.lnk
2023-04-03 18:53 - 2023-04-03 18:53 - 032843574 _____ (The qBittorrent project) C:\Users\CapriKornus\Downloads\qbittorrent_4.5.2_x64_setup.exe
2023-04-02 00:57 - 2023-04-02 00:57 - 000000000 ____D C:\Users\CapriKornus\Documents\CPY_SAVES
2023-03-28 19:35 - 2023-04-17 20:53 - 000000000 ____D C:\Users\CapriKornus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MetaGeek
2023-03-28 19:35 - 2023-04-17 20:53 - 000000000 ____D C:\Users\CapriKornus\AppData\Local\inSSIDer
2023-03-28 19:35 - 2023-04-01 20:44 - 000000000 ____D C:\Users\CapriKornus\AppData\Local\MetaGeek
2023-03-28 19:34 - 2023-03-28 19:35 - 033858464 _____ (MetaGeek, LLC) C:\Users\CapriKornus\Downloads\inSSIDerSetup.exe
2023-03-25 16:49 - 2023-03-25 16:49 - 000000000 ____D C:\Users\CapriKornus\Documents\WB Games
2023-03-23 15:06 - 2023-03-23 15:07 - 021829364 _____ C:\Users\CapriKornus\Downloads\User Manual-Citizen Portal.pdf
2023-03-23 14:56 - 2023-03-23 14:56 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2023-03-23 02:44 - 2023-04-17 20:22 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-03-22 06:09 - 2023-03-22 06:09 - 000000000 ____D C:\Users\CapriKornus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2023-03-22 06:07 - 2023-03-22 06:07 - 028307800 _____ (AppWork GmbH) C:\Users\CapriKornus\Downloads\JDownloader2Setup_windows-x64_jre8.exe
2023-03-21 14:49 - 2023-03-21 14:49 - 000000370 _____ C:\Users\CapriKornus\Documents\Ventura Funds Transfer 20230321.txt
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-04-18 02:08 - 2022-09-11 22:18 - 000000000 ____D C:\Users\CapriKornus\AppData\Roaming\qBittorrent
2023-04-18 01:33 - 2019-12-07 14:44 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-04-18 00:53 - 2021-09-23 17:44 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-04-17 21:02 - 2022-09-10 20:15 - 000000000 ____D C:\Windows\Minidump
2023-04-17 21:02 - 2022-03-22 02:55 - 000001116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk
2023-04-17 21:02 - 2021-11-06 16:15 - 000000000 ____D C:\Users\CapriKornus\AppData\Local\CrashDumps
2023-04-17 21:02 - 2021-11-06 15:33 - 000000000 ____D C:\Users\CapriKornus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2023-04-17 21:02 - 2021-11-06 15:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2023-04-17 21:02 - 2021-11-06 15:33 - 000000000 ____D C:\Program Files\WinRAR
2023-04-17 20:57 - 2021-11-06 14:39 - 000000000 ____D C:\Users\CapriKornus\AppData\Local\Host App Service
2023-04-17 20:55 - 2021-11-23 02:53 - 000002431 _____ C:\Users\CapriKornus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\App Explorer.lnk
2023-04-17 20:52 - 2022-02-04 21:05 - 000000000 ____D C:\Windows\ShellNew
2023-04-17 20:52 - 2021-11-07 22:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2023-04-17 20:49 - 2021-09-23 18:36 - 000002408 _____ C:\Windows\system32\Tasks\GoTrust ID Driver
2023-04-17 20:49 - 2021-09-23 18:23 - 000002948 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-04-17 20:49 - 2021-09-23 18:23 - 000002948 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-04-17 20:49 - 2021-09-23 18:23 - 000002948 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-04-17 20:49 - 2021-09-23 18:23 - 000002948 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-04-17 20:39 - 2019-12-07 14:43 - 000000000 ____D C:\Windows\INF
2023-04-17 20:38 - 2019-12-07 14:44 - 000000000 ___HD C:\Windows\ELAMBKUP
2023-04-17 20:30 - 2021-11-06 20:07 - 000000000 ____D C:\ProgramData\NVIDIA
2023-04-17 20:29 - 2021-09-23 17:54 - 000840598 _____ C:\Windows\system32\PerfStringBackup.INI
2023-04-17 20:22 - 2021-11-06 14:43 - 000000000 __SHD C:\Users\CapriKornus\IntelGraphicsProfiles
2023-04-17 20:22 - 2021-09-23 18:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-04-17 20:22 - 2021-09-23 17:44 - 000008192 ___SH C:\DumpStack.log.tmp
2023-04-17 20:22 - 2021-09-23 17:44 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-04-17 20:22 - 2021-09-23 17:44 - 000000000 ___HD C:\Intel
2023-04-17 20:22 - 2019-12-07 14:44 - 000000000 ____D C:\Windows\ServiceState
2023-04-17 04:59 - 2019-12-07 14:33 - 000786432 _____ C:\Windows\system32\config\BBI
2023-04-17 04:47 - 2021-11-06 14:43 - 000000000 ____D C:\Users\CapriKornus\AppData\Local\VirtualStore
2023-04-17 04:46 - 2021-11-06 15:22 - 000000000 ____D C:\Windows\system32\MRT
2023-04-17 04:43 - 2021-11-06 15:22 - 156112424 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2023-04-17 04:36 - 2021-09-23 18:36 - 000001009 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-04-17 04:35 - 2021-11-06 15:10 - 000000000 ____D C:\Users\CapriKornus\AppData\LocalLow\Mozilla
2023-04-17 03:33 - 2021-09-23 17:45 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-04-17 03:33 - 2019-12-07 14:44 - 000000000 ___HD C:\Program Files\WindowsApps
2023-04-17 03:33 - 2019-12-07 14:44 - 000000000 ____D C:\Windows\AppReadiness
2023-04-17 02:43 - 2021-11-15 20:02 - 000000000 ____D C:\Users\CapriKornus\AppData\Roaming\discord
2023-04-17 01:59 - 2021-11-15 20:02 - 000000000 ____D C:\Users\CapriKornus\AppData\Local\Discord
2023-04-17 00:23 - 2021-11-06 14:39 - 000000000 ____D C:\Users\CapriKornus
2023-04-16 09:19 - 2021-11-07 18:52 - 000000000 ____D C:\Users\CapriKornus\AppData\Local\NVIDIA
2023-04-15 00:07 - 2021-09-23 18:39 - 000000000 ____D C:\Program Files\Microsoft Office
2023-04-14 19:51 - 2022-10-26 02:59 - 000079352 _____ (Microsoft Corporation) C:\Windows\system32\xgamehelper.exe
2023-04-14 19:51 - 2022-10-26 02:59 - 000062968 _____ (Microsoft Corporation) C:\Windows\system32\xgamecontrol.exe
2023-04-14 19:51 - 2021-11-20 21:17 - 000165368 _____ (Microsoft Corporation) C:\Windows\system32\gamelaunchhelper.dll
2023-04-14 19:51 - 2021-11-08 16:25 - 000131072 _____ (Microsoft Corporation) C:\Windows\system32\gamingtcuihelpers.dll
2023-04-14 19:51 - 2021-11-06 15:01 - 002790904 _____ (Microsoft Corporation) C:\Windows\system32\xgameruntime.dll
2023-04-14 19:51 - 2021-11-06 15:01 - 000484856 _____ (Microsoft Corporation) C:\Windows\system32\gameplatformservices.dll
2023-04-14 19:51 - 2021-11-06 15:01 - 000247248 _____ (Microsoft Corporation) C:\Windows\system32\gamingservicesproxy.dll
2023-04-14 19:51 - 2021-11-06 15:01 - 000202232 _____ (Microsoft Corporation) C:\Windows\system32\gameconfighelper.dll
2023-04-13 20:59 - 2021-09-23 17:44 - 000451520 _____ C:\Windows\system32\FNTCACHE.DAT
2023-04-13 07:23 - 2019-12-07 14:44 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-04-13 07:23 - 2019-12-07 14:44 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2023-04-13 07:23 - 2019-12-07 14:44 - 000000000 ____D C:\Windows\SysWOW64\Dism
2023-04-13 07:23 - 2019-12-07 14:44 - 000000000 ____D C:\Windows\SystemResources
2023-04-13 07:23 - 2019-12-07 14:44 - 000000000 ____D C:\Windows\system32\WinMetadata
2023-04-13 07:23 - 2019-12-07 14:44 - 000000000 ____D C:\Windows\system32\oobe
2023-04-13 07:23 - 2019-12-07 14:44 - 000000000 ____D C:\Windows\system32\es-MX
2023-04-13 07:23 - 2019-12-07 14:44 - 000000000 ____D C:\Windows\system32\Dism
2023-04-13 07:23 - 2019-12-07 14:44 - 000000000 ____D C:\Windows\system32\DDFs
2023-04-13 07:23 - 2019-12-07 14:44 - 000000000 ____D C:\Windows\PolicyDefinitions
2023-04-13 07:23 - 2019-12-07 14:44 - 000000000 ____D C:\Windows\bcastdvr
2023-04-13 05:04 - 2021-11-06 18:12 - 000000000 ____D C:\Users\CapriKornus\AppData\Roaming\vlc
2023-04-12 22:19 - 2019-12-07 14:33 - 000000000 ____D C:\Windows\CbsTemp
2023-04-12 22:17 - 2021-09-23 17:46 - 003015680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2023-04-12 22:03 - 2021-09-23 17:44 - 000000000 ____D C:\Windows\system32\Drivers\wd
2023-04-12 00:12 - 2021-11-06 20:17 - 000000000 ____D C:\Users\CapriKornus\AppData\Local\NVIDIA Corporation
2023-04-10 23:45 - 2021-11-06 20:11 - 007935544 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2023-04-07 21:52 - 2021-11-07 19:38 - 000000000 ____D C:\Users\CapriKornus\AppData\Local\D3DSCache
2023-04-07 05:26 - 2021-09-23 17:45 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-04-07 05:26 - 2021-09-23 17:45 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-04-04 05:39 - 2021-12-04 01:05 - 000004210 _____ C:\Windows\system32\Tasks\CCleaner Update
2023-04-02 00:57 - 2021-11-14 16:34 - 000000000 ____D C:\Users\CapriKornus\Documents\My Games
2023-03-28 19:35 - 2021-11-15 20:02 - 000000000 ____D C:\Users\CapriKornus\AppData\Local\SquirrelTemp
2023-03-23 01:16 - 2021-11-08 00:46 - 000000000 ____D C:\Windows\SysWOW64\directx
2023-03-21 15:29 - 2021-11-06 14:43 - 000000000 ____D C:\Users\CapriKornus\AppData\Local\Packages
2023-03-21 15:11 - 2021-11-06 15:06 - 000000000 ____D C:\Users\CapriKornus\AppData\Local\PlaceholderTileLogoFolder
2023-03-21 14:45 - 2021-12-23 15:59 - 000002242 _____ C:\Users\CapriKornus\Downloads\PWD - 2022-01-04.txt
==================== Files in the root of some directories ========
2021-11-23 03:21 - 2022-12-27 00:29 - 000007598 _____ () C:\Users\CapriKornus\AppData\Local\Resmon.ResmonCfg
==================== FCheck ================================
(If an entry is included in the fixlist, the file/folder will be moved.)
FCheck: C:\Windows\SysWOW64\version_IObitDel.dll [2021-11-06] <==== ATTENTION (zero byte File/Folder)
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
ย
ย
ย
ย
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-04-2023
Ran by CapriKornus (18-04-2023 02:39:59)
Running from C:\Users\CapriKornus\Downloads
Microsoft Windows 10 Home Single Language Version 22H2 19045.2846 (X64) (2021-11-06 10:00:29)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-1169668711-3814946951-4088407119-500 - Administrator - Disabled)
CapriKornus (S-1-5-21-1169668711-3814946951-4088407119-1001 - Administrator - Enabled) => C:\Users\CapriKornus
DefaultAccount (S-1-5-21-1169668711-3814946951-4088407119-503 - Limited - Disabled)
Guest (S-1-5-21-1169668711-3814946951-4088407119-501 - Limited - Disabled)
Sir.Doge (S-1-5-21-1169668711-3814946951-4088407119-1005 - Limited - Enabled) => C:\Users\Sir.Doge
WDAGUtilityAccount (S-1-5-21-1169668711-3814946951-4088407119-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acer Configuration Manager (HKLM-x32\...\{8CB1A03C-9849-4744-AD56-341A18F9E3E2}) (Version: 2.5.22250 - Acer)
Acer Jumpstart (HKLM-x32\...\{0C5ED25A-B8D1-4E71-BFCB-6B370A4EA19C}) (Version: 3.5.22220.20 - Acer)
App Explorer (HKU\S-1-5-21-1169668711-3814946951-4088407119-1001\...\Host App Service) (Version: 0.273.4.677 - SweetLabs)
App Explorer (HKU\S-1-5-21-1169668711-3814946951-4088407119-1005\...\Host App Service) (Version: 0.273.4.447 - SweetLabs)
ATLauncher Setup (HKU\S-1-5-21-1169668711-3814946951-4088407119-1001\...\{2F5FDA11-45A5-4CC3-8E51-5E11E2481697}_is1) (Version: 1.0.0.0 - ATLauncher)
Azul Zulu JDK 17.36.13 (17.0.4), 64-bit (HKLM\...\{12332786-EBBC-4226-90F2-CA1A5F508FE7}) (Version: 17.36.13 - Azul Systems, Inc.)
Care Center Service (HKLM\...\{AFB52E98-7597-4484-9202-58F0FD3512ED}) (Version: 4.00.3042 - Acer Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 6.09 - Piriform)
CPUID CPU-Z 2.05 (HKLM\...\CPUID CPU-Z_is1) (Version: 2.05 - CPUID, Inc.)
Discord (HKU\S-1-5-21-1169668711-3814946951-4088407119-1001\...\Discord) (Version: 1.0.9003 - Discord Inc.)
D-LAN version 1.1.0 Beta15 - 2012-12-16_16-22 (HKLM-x32\...\D-LAN_is1) (Version: 1.1.0 Beta15 - 2012-12-16_16-22 - )
Documentation Manager (HKLM\...\{669FA6D8-9A73-40F5-907C-9C8CCE1BB091}) (Version: 22.160.0.4 - Intel Corporation) Hidden
DREDGE (HKLM-x32\...\DREDGE_is1) (Version:ย - )
DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3026 - Acer Incorporated)
Dynamic Application Loader Host Interface Service (HKLM\...\{407FF531-5AD9-4518-8304-5B54747A19DA}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Far Cry: Primal (HKLM-x32\...\Far Cry: Primal_is1) (Version:ย - )
Foxit PDF Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 12.1.0.15250 - Foxit Software Inc.)
GoTrust ID Plugin 2.0.12.36 (HKLM\...\GoTrust ID Plugin) (Version: 2.0.12.36 - GoTrust ID Inc.)
Horizon: Zero Down CE (HKLM-x32\...\Horizon: Zero Down CE_is1) (Version:ย - )
Intel Driver && Support Assistant (HKLM-x32\...\{91672422-9B98-4606-A6D7-E164D7037B06}) (Version: 23.1.9.7 - Intel) Hidden
Intelยฎ Chipset Device Software (HKLM\...\{8E7A81EF-0B97-4CD2-94E5-CD9E5A2767F4}) (Version: 10.1.18698.8258 - Intel Corporation) Hidden
Intelยฎ Chipset Device Software (HKLM-x32\...\{80ec5470-ac51-4956-b2dc-87dc2cdaa04b}) (Version: 10.1.18698.8258 - Intelยฎ Corporation)
Intelยฎ Computing Improvement Program (HKLM\...\{C5A3E7E0-34F2-4582-A7FF-F335C8ED582B}) (Version: 2.4.09007 - Intel Corporation)
Intelยฎ Graphics Driver Software (HKLM-x32\...\{b4e016a7-e963-49d7-9b66-4d635026af31}) (Version: 3.11.1.0 - Intel) Hidden
Intelยฎ LMS (HKLM\...\{EEBB42F5-AD42-480E-B9B5-4ABD2CB6B609}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intelยฎ Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2110.15.0.2202 - Intel Corporation)
Intelยฎ Management Engine Components (HKLM\...\{CB6870FB-561A-4C01-AFBA-24E5F13DCBC0}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intelยฎ Management Engine Components (HKLM\...\{D0CA8C15-9932-4952-B3B6-71CF65CD9A60}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intelยฎ Management Engine Driver (HKLM\...\{C6A61C2D-5CD0-42AA-BC42-5F5B573289C0}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intelยฎ Wireless Bluetoothยฎ (HKLM-x32\...\{00002090-0220-1033-84C8-B8D95FA3C8C3}) (Version: 22.90.2.1 - Intel Corporation)
Intelยฎ Driver & Support Assistant (HKLM-x32\...\{a532c7c7-1594-49bb-a186-f44c52c9509e}) (Version: 23.1.9.7 - Intel)
Intelยฎ Software Installer (HKLM-x32\...\{097f6fe6-d6f8-4204-b004-1e255f6cf68b}) (Version: 22.160.0.4 - Intel Corporation) Hidden
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: 6.41.11 - Tonec Inc.)
Java 8 Update 361 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180361F0}) (Version: 8.0.3610.9 - Oracle Corporation)
JDownloader 2 (HKU\S-1-5-21-1169668711-3814946951-4088407119-1001\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Malwarebytes version 4.5.26.259 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.26.259 - Malwarebytes)
Microsoft .NET Core Host - 3.1.28 (x64) (HKLM\...\{26ECE92F-518E-40AF-9108-7B7B444A46DE}) (Version: 24.112.31513 - Microsoft Corporation) Hidden
Microsoft .NET Core Host FX Resolver - 3.1.28 (x64) (HKLM\...\{CDEA72F4-1367-4E0A-AC5F-0EBAF7C6825A}) (Version: 24.112.31513 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.28 (x64) (HKLM\...\{3691148D-EF42-4812-8956-AE11FC413B8D}) (Version: 24.112.31513 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.28 (x64) (HKLM-x32\...\{231e3b76-4d0f-4e60-9d69-f11c9c448630}) (Version: 3.1.28.31513 - Microsoft Corporation)
Microsoft .NET Host - 6.0.8 (x64) (HKLM\...\{6950FA03-8B88-4675-B685-FB21CA1762CC}) (Version: 48.35.45462 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.8 (x64) (HKLM\...\{3C3CA326-3F1D-43B7-B0AD-CBC06B2DED5A}) (Version: 48.35.45462 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.8 (x64) (HKLM\...\{7CEA3ABF-FE24-42AF-ADE6-B4A3EE346743}) (Version: 48.35.45462 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 112.0.1722.48 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 112.0.1722.39 - Microsoft Corporation)
Microsoft GameInput (HKLM-x32\...\{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation)
Microsoft Office LTSC Professional Plus 2021 - en-us (HKLM\...\ProPlus2021Volume - en-us) (Version: 16.0.14332.20493 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1169668711-3814946951-4088407119-1005\...\OneDriveSetup.exe) (Version: 22.131.0619.0001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{89581302-705F-42C5-99B0-E368A845DAD5}) (Version: 3.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010ย x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010ย x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 (HKLM\...\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660 (HKLM\...\{CB0836EC-B072-368D-82B2-D3470BF95707}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM-x32\...\{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM-x32\...\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31332 (HKLM-x32\...\{3746f21b-c990-4045-bb33-1cf98cff7a68}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31332 (HKLM-x32\...\{a98dc6ff-d360-4878-9f0a-915eba86eaf3}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31332 (HKLM\...\{F4499EE3-A166-496C-81BB-51D1BCDC70A9}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31332 (HKLM\...\{3407B900-37F5-4CC2-B612-5CD5D580A163}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31332 (HKLM-x32\...\{8972AC25-452E-4FFE-945A-EB9E28C20322}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31332 (HKLM-x32\...\{AEAA18F7-9C96-4A43-BC07-8B88A4913EEB}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.8 (x64) (HKLM\...\{EB3983F9-3D60-456D-A11A-C1366C79AD3E}) (Version: 48.35.45540 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.8 (x64) (HKLM-x32\...\{ca35acb3-b442-44fb-924c-4448120bf689}) (Version: 6.0.8.31518 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 112.0 (x64 en-US)) (Version: 112.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 80.0.1 - Mozilla)
NewPointer (HKLM-x32\...\{074FD88B-6B08-46D4-AC1F-BE213BD3A68D}) (Version: 2.0.5.872 - Ventura Securities Ltd.) Hidden
NewPointer (HKLM-x32\...\{3076B667-8711-4F14-AAA9-457172738BE3}) (Version: 2.0.5.872 - Ventura Securities Ltd) Hidden
NewPointer (HKLM-x32\...\NewPointer 2.0.5.872) (Version: 2.0.5.872 - Ventura Securities Ltd.)
NirSoft ShellExView (HKLM-x32\...\NirSoft ShellExView) (Version:ย - )
NitroSense Service (HKLM\...\{6FC78E80-6385-43D6-8A43-FA80094F1A2E}) (Version: 3.01.3024 - Acer Incorporated)
NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.27.0.112 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.27.0.112 - NVIDIA Corporation)
NVIDIA Graphics Driver 531.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 531.61 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.40.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.40.14 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14332.20493 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14332.20493 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:ย - )
Portal Collection (HKLM-x32\...\Portal Collection_is1) (Version:ย - )
qBittorrent (HKLM-x32\...\qBittorrent) (Version: 4.5.1 - The qBittorrent project)
Quick Access Service (HKLM\...\{AB25551C-74EF-4BAB-9989-891517FCF9FF}) (Version: 3.00.3038 - Acer Incorporated)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9132.1 - Realtek Semiconductor Corp.)
Slim PDF Reader 2.0 (HKLM-x32\...\{B1EC64E0-FE39-45C4-B841-F74EAC175DA5}_is1) (Version: 2.0 - Investintech.com Inc.)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Superliminal (HKLM-x32\...\Superliminal_is1) (Version:ย - )
TeamViewer (HKLM\...\TeamViewer) (Version: 15.35.5 - TeamViewer)
The Elder Scrolls: Skyrim AE (HKLM-x32\...\The Elder Scrolls: Skyrim AE_is1) (Version:ย - )
Twitch (HKU\S-1-5-21-1169668711-3814946951-4088407119-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 8.0.0 - Twitch Interactive, Inc.)
Twitch Leecher 2.0.7 (HKLM\...\{FE96584C-AB61-4212-99A3-790756CB7701}) (Version: 2.0.7.0 - Franiac) Hidden
Twitch Leecher 2.0.7 (HKLM-x32\...\{9869308b-c78e-4bb8-9a56-393356175787}) (Version: 2.0.7.0 - Franiac)
User Experience Improvement Program Service (HKLM\...\{323EA05D-046D-449D-9D7C-89243C957CCE}) (Version: 5.00.3010 - Acer Incorporated)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.18 - VideoLAN)
Vortex (HKLM\...\57979c68-f490-55b8-8fed-8b017a5af2fe) (Version: 1.7.4 - Black Tree Gaming Ltd.)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
WinRAR 6.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.21.0 - win.rar GmbH)
Packages:
=========
AV1 Video Extension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.52074.0_x64__8wekyb3d8bbwe [2022-09-28] (Microsoft Corporation)
Care Center S -> C:\Program Files\WindowsApps\AcerIncorporated.AcerCareCenterS_4.0.3042.0_x64__48frkmn4z8aw4 [2023-02-15] (Acer Incorporated)
DTS Sound Unbound -> C:\Program Files\WindowsApps\DTSInc.DTSSoundUnbound_2022.3.11.0_x64__t5j2fzbtdg37r [2022-09-28] (DTS, Inc.)
DTS:X Ultra -> C:\Program Files\WindowsApps\DTSInc.DTSXUltra_1.11.7.0_x64__t5j2fzbtdg37r [2022-09-28] (DTS, Inc.)
GoTrust ID -> C:\Program Files\WindowsApps\GOTrustTechnologyInc.GO-TrustAuthenticator_3.1.21.0_x64__0r04f53sqacg6 [2022-09-28] (GoTrustID Inc.)
Intelยฎ Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.4232.0_x64__8j3eq9eme6ctt [2022-12-21] (INTEL CORP) [Startup Task]
Intelยฎ Optaneโข Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1032.0_x64__8j3eq9eme6ctt [2022-09-28] (INTEL CORP)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2022-09-11] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2022-09-11] (Microsoft Corporation) [MS Ad]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_52.10801.429.0_x64__8wekyb3d8bbwe [2023-01-07] (Microsoft Corporation)
NitroSense_V31 -> C:\Program Files\WindowsApps\AcerIncorporated.NitroSenseV31_3.1.3024.0_x64__48frkmn4z8aw4 [2022-10-17] (Acer Incorporated)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-04-16] (NVIDIA Corp.)
PhotoDirector for acer -> C:\Program Files\WindowsApps\CyberLinkCorp.ac.PhotoDirectorforacerDesktop_8.0.6428.0_x64__ypz87dpxkv292 [2022-09-11] (CYBERLINK COM CORP)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-10-31] (Microsoft Corporation)
PowerDirector for acer -> C:\Program Files\WindowsApps\CyberLinkCorp.ac.PowerDirectorforacerDesktop_14.0.4304.0_x64__ypz87dpxkv292 [2022-09-11] (CYBERLINK COM CORP)
QuickAccess -> C:\Program Files\WindowsApps\AcerIncorporated.QuickAccess_3.0.3038.0_x64__48frkmn4z8aw4 [2023-02-15] (Acer Incorporated)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.25.247.0_x64__dt26b99r8h8gj [2022-09-11] (Realtek Semiconductor Corp)
Speedtest by Ookla -> C:\Program Files\WindowsApps\Ookla.SpeedtestbyOokla_1.15.163.0_x64__43tkc6nmykmb6 [2022-12-17] (Ookla)
User Experience Improvement Program V5 -> C:\Program Files\WindowsApps\AcerIncorporated.UserExperienceImprovementProgramV_5.0.3010.0_x64__48frkmn4z8aw4 [2022-09-11] (Acer Incorporated)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ย ย ย ย ย ย ย ย ย IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => D:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2021-03-03] (Tonec Inc. -> Tonec FZE)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-04-17] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvaci.inf_amd64_2c3fb039f84a3e84\nvshext.dll [2023-04-10] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-04-17] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2022-08-09 14:02 - 2022-08-09 14:02 - 005998080 _____ () [File not signed] C:\Program Files (x86)\Intel\Driver and Support Assistant\irmfuu_module_win32.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\CapriKornus\Downloads\avast_one_free_antivirus.exe:MBAM.Zone.Identifier [26]
AlternateDataStreams: C:\Users\CapriKornus\Downloads\FRST64.exe:MBAM.Zone.Identifier [26]
AlternateDataStreams: C:\Users\CapriKornus\Downloads\rkill.exe:MBAM.Zone.Identifier [26]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-1169668711-3814946951-4088407119-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=BT170902&iDate=2021-11-06 10:11:40&iid=87de88d8-7557-4294-9acd-26b49c9b91f6&bName=
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> D:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2021-11-09] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO: Javaย Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_361\bin\ssv.dll [2023-01-09] (Oracle America, Inc. -> Oracle Corporation)
BHO: Javaย Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_361\bin\jp2ssv.dll [2023-01-09] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> D:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2021-11-09] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-12-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-12-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-12-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-12-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-12-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-12-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-12-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-12-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-12-01] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1169668711-3814946951-4088407119-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1169668711-3814946951-4088407119-1001\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 14:44 - 2023-04-17 04:52 - 000001096 ____R C:\Windows\system32\drivers\etc\hosts
127.0.0.1ย ย ย ย ย ย ย ย license.piriform.com
127.0.0.1ย ย ย ย ย ย ย ย www.license.piriform.com
127.0.0.1 checkhost.local
127.0.0.1 checkhost.local
127.0.0.1 checkhost.local
127.0.0.1 checkhost.local
127.0.0.1 license.piriform.com
127.0.0.1 license-api.ccleaner.com
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Zulu\zulu-17\bin\;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;c:\windows\system32;c:\windows;c:\windows\system32\wbem;c:\windows\system32\windowspowershell\v1.0\;c:\windows\system32\openssh\;c:\program files\nvidia corporation\nvidia nvdlisr;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\dotnet\;D:\platform-tools;
HKU\S-1-5-21-1169668711-3814946951-4088407119-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
HKU\S-1-5-21-1169668711-3814946951-4088407119-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Sir.Doge\Downloads\peakpx(2).jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "Launch LCore"
HKLM\...\StartupApproved\Run32: => "Intel Driver & Support Assistant"
HKU\S-1-5-21-1169668711-3814946951-4088407119-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1169668711-3814946951-4088407119-1005\...\StartupApproved\Run: => "OneDrive"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{D7395B6F-18E3-4176-869A-ECFA49F9AB86}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{F363A5EB-201F-4188-87D2-78162975A837}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8E0FF2A1-FE43-43F0-B58E-0EF7E12E7E73}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{66B2B4C8-0A8B-470B-8839-C4DCCFF13DD6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{0DF6BB05-24FD-462B-A901-DD4B5B293551}] => (Allow) C:\Program Files (x86)\D-LAN\D-LAN.Core.exe (Ek Dev) [File not signed]
FirewallRules: [{872DC565-C192-4DE1-9631-DCF62BB5E314}] => (Allow) C:\Program Files (x86)\D-LAN\D-LAN.Core.exe (Ek Dev) [File not signed]
FirewallRules: [{5706CC36-BB6A-49AB-B731-1233DD64A26F}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{2C8F83CB-E9E2-4D75-A2B3-24FA8925CC74}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{549C6D17-F573-45F7-ABFB-890EEF98E340}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{92BCD564-1022-4A0D-8277-E1214EEB292E}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{EC76364B-2FDE-4B8B-9A55-37DE5E1B80D9}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [{06ED9F0F-C35C-4CD3-9C1E-4EE758CEB029}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [{5F4FB4E2-BBB2-46A9-97DA-D5EFBDCA7C6B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Valheim\valheim.exe () [File not signed]
FirewallRules: [{1F7A4C90-933F-4032-860C-362E470F9829}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Valheim\valheim.exe () [File not signed]
FirewallRules: [{D353F65A-E6DD-43A1-9592-A799D53ACE17}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Fallout76\Fallout76.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{3E04F135-5B1F-4245-8EB2-D3CBAF9C355E}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Fallout76\Fallout76.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{0440C7DF-A401-4111-A7A7-0AE5A409E3E6}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{49C4B2F8-7162-46F4-9423-C8FDDBD1EFB9}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [TCP Query User{A8B71E15-B2E4-40A6-B7ED-DEF8464E5C3D}C:\users\caprikornus\downloads\anydesk.exe] => (Allow) C:\users\caprikornus\downloads\anydesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [UDP Query User{FB21B594-AE39-4AFF-8A4F-5F909A62A11B}C:\users\caprikornus\downloads\anydesk.exe] => (Allow) C:\users\caprikornus\downloads\anydesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{551A2994-B96D-4757-A4FA-8F0847D73BB1}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Fallout Shelter\FalloutShelter.exe () [File not signed]
FirewallRules: [{B9C4AE1E-31D0-4CF1-97B5-160969A1D157}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Fallout Shelter\FalloutShelter.exe () [File not signed]
FirewallRules: [TCP Query User{CB66FC38-B430-4BA4-9ED3-C227B9FFE1EB}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{63586E86-B9CD-4CB1-A470-EEA0CE253395}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{774101C9-9679-4940-B10A-E01A7676DD37}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\No Man's Sky\Binaries\NMS.exe (Hello Games) [File not signed]
FirewallRules: [{A41269DB-6E1F-40E5-AF33-F093F4B8F9FF}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\No Man's Sky\Binaries\NMS.exe (Hello Games) [File not signed]
FirewallRules: [TCP Query User{FB02BA9A-76F6-4979-BD4B-6B7A41738E46}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{346A2679-B178-4986-AA90-6BD4FC336E54}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{67A2843E-290C-4A93-B872-F6B834B7A9E7}] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{9B532836-83D0-474A-A075-D4DCB8348763}] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{54672467-8BDA-4248-8526-00943E112999}C:\users\caprikornus\downloads\anydesk.exe] => (Allow) C:\users\caprikornus\downloads\anydesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [UDP Query User{FAFA8233-F19C-412A-AEB9-3A3AAFAF26EF}C:\users\caprikornus\downloads\anydesk.exe] => (Allow) C:\users\caprikornus\downloads\anydesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [TCP Query User{42BD86E2-62A7-47C4-AD05-ED33A85C1DA7}C:\users\caprikornus\downloads\revanced-builder-nodejs-win.exe] => (Allow) C:\users\caprikornus\downloads\revanced-builder-nodejs-win.exe (Node.js) [File not signed]
FirewallRules: [UDP Query User{6E97C659-43C7-4096-9E78-E29209B282F3}C:\users\caprikornus\downloads\revanced-builder-nodejs-win.exe] => (Allow) C:\users\caprikornus\downloads\revanced-builder-nodejs-win.exe (Node.js) [File not signed]
FirewallRules: [TCP Query User{950985B1-EDC1-4D0D-ACFF-A6B05DAB4AB4}C:\users\caprikornus\downloads\revanced-builder-nodejs-win.exe] => (Allow) C:\users\caprikornus\downloads\revanced-builder-nodejs-win.exe (Node.js) [File not signed]
FirewallRules: [UDP Query User{741D362F-FCCE-428B-BF45-9ADF72F47BB5}C:\users\caprikornus\downloads\revanced-builder-nodejs-win.exe] => (Allow) C:\users\caprikornus\downloads\revanced-builder-nodejs-win.exe (Node.js) [File not signed]
FirewallRules: [{50F1B338-6F49-4E3F-AD98-CFB10C7B3946}] => (Allow) D:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{91E2E8C9-CD92-4E4D-B6C6-2D7309EA2B5D}] => (Allow) D:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{49E99B99-C92F-4D9D-9249-5A4E1C776640}] => (Allow) D:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{6AC57856-9020-4E74-9D4E-B4569E46650F}] => (Allow) D:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{BAA15DF7-226F-42EA-9555-C5AA236D3FBA}] => (Allow) D:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{ABB31877-3899-4447-BC52-8E45D767CC59}] => (Allow) D:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [TCP Query User{2DD12316-C926-472C-AD27-EFAAF6FB1C30}D:\games\portal collection\portal stories - mel\portal2.exe] => (Block) D:\games\portal collection\portal stories - mel\portal2.exe () [File not signed]
FirewallRules: [UDP Query User{AC6E630A-448A-4D7E-9B7E-096B514A2DD2}D:\games\portal collection\portal stories - mel\portal2.exe] => (Block) D:\games\portal collection\portal stories - mel\portal2.exe () [File not signed]
FirewallRules: [{021858A8-7919-4AF6-AEF4-9F45D63978F1}] => (Block) D:\Program Files\CCleaner\CCleaner64.exe (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
FirewallRules: [{BECC4DEC-26AE-4FF9-B160-793FFCC8C4E6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{DBD608BF-1BB3-4222-B026-8DA9DC876935}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{5E837381-BFC0-4A07-BC33-89E64F7BF63E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{74321B4A-58B8-413E-B888-62F58B133D78}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{096150BC-551E-4472-B14F-A099FAFDCDF7}D:\games\far cry - primal\bin\fcprimal.exe] => (Block) D:\games\far cry - primal\bin\fcprimal.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment)
FirewallRules: [UDP Query User{3C9DF041-BE82-4AA4-808F-F0FC65AA7640}D:\games\far cry - primal\bin\fcprimal.exe] => (Block) D:\games\far cry - primal\bin\fcprimal.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment)
FirewallRules: [TCP Query User{CEA154F6-0270-4494-BBAA-641F6A15067D}D:\games\dredge\dredge.exe] => (Block) D:\games\dredge\dredge.exe () [File not signed]
FirewallRules: [UDP Query User{719CC2D2-FAA1-43CD-9B58-91670BE24E17}D:\games\dredge\dredge.exe] => (Block) D:\games\dredge\dredge.exe () [File not signed]
FirewallRules: [TCP Query User{A2614977-B539-4E3E-9CE7-0A385809EE95}D:\games\superliminal\superliminalgog.exe] => (Block) D:\games\superliminal\superliminalgog.exe () [File not signed]
FirewallRules: [UDP Query User{1CFC37C6-50FC-4968-AB08-4DBFE174ACF2}D:\games\superliminal\superliminalgog.exe] => (Block) D:\games\superliminal\superliminalgog.exe () [File not signed]
FirewallRules: [{DDBA2689-7A61-4773-B8AA-51FC21EDD63E}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\112.0.1722.39\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{366067A1-6F5F-4D3A-975D-5319F6BF4FF1}] => (Allow) D:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{F6550D66-1388-4532-9E6C-1CE40BE4A20C}] => (Allow) D:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
==================== Restore Points =========================
17-04-2023 00:23:13 Installed Xtreme Download Manager 2020
17-04-2023 00:39:49 Removed Xtreme Download Manager 2020
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (04/17/2023 03:03:48 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program setup.tmp version 51.1052.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 1d88
Start Time: 01d970aa2bc26267
Termination Time: 4294967295
Application Path: C:\Users\CAPRIK~1\AppData\Local\Temp\is-B8COD.tmp\setup.tmp
Report Id: 6e8b0a38-a328-4ed3-98ad-b511a38697a5
Faulting package full name:
Faulting package-relative application ID:
Hang type: Top level window is idle
Error: (04/16/2023 09:51:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cls-magic2_x64.exe, version: 0.0.0.0, time stamp: 0x5c28cbe0
Faulting module name: cls-magic2_x64.exe, version: 0.0.0.0, time stamp: 0x5c28cbe0
Exception code: 0xc0000005
Fault offset: 0x000000000001d69a
Faulting process id: 0x283c
Faulting application start time: 0x01d9707df929e286
Faulting application path: C:\Users\CAPRIK~1\AppData\Local\Temp\is-O8JOC.tmp\cls-magic2_x64.exe
Faulting module path: C:\Users\CAPRIK~1\AppData\Local\Temp\is-O8JOC.tmp\cls-magic2_x64.exe
Report Id: 7fc85570-4ac8-4023-98c9-911085da9563
Faulting package full name:
Faulting package-relative application ID:
Error: (04/16/2023 09:20:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cls-magic2_x64.exe, version: 0.0.0.0, time stamp: 0x5c28cbe0
Faulting module name: cls-magic2_x64.exe, version: 0.0.0.0, time stamp: 0x5c28cbe0
Exception code: 0xc0000005
Fault offset: 0x00000000000364d4
Faulting process id: 0x2a58
Faulting application start time: 0x01d97078b0d612bd
Faulting application path: C:\Users\CAPRIK~1\AppData\Local\Temp\is-TRHVV.tmp\cls-magic2_x64.exe
Faulting module path: C:\Users\CAPRIK~1\AppData\Local\Temp\is-TRHVV.tmp\cls-magic2_x64.exe
Report Id: bccc8621-146a-4494-bf8b-fd639f099b38
Faulting package full name:
Faulting package-relative application ID:
Error: (04/16/2023 08:50:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program setup.tmp version 51.1052.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 273c
Start Time: 01d97075807bb20d
Termination Time: 4294967295
Application Path: C:\Users\CAPRIK~1\AppData\Local\Temp\is-HHQV5.tmp\setup.tmp
Report Id: 30522960-0779-4173-a641-507512f59c3b
Faulting package full name:
Faulting package-relative application ID:
Hang type: Top level window is idle
Error: (04/16/2023 08:45:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cls-magic2_x64.exe, version: 0.0.0.0, time stamp: 0x5c28cbe0
Faulting module name: cls-magic2_x64.exe, version: 0.0.0.0, time stamp: 0x5c28cbe0
Exception code: 0xc0000005
Fault offset: 0x000000000001d69a
Faulting process id: 0x2a0c
Faulting application start time: 0x01d9707589b3e827
Faulting application path: C:\Users\CAPRIK~1\AppData\Local\Temp\is-PV3IO.tmp\cls-magic2_x64.exe
Faulting module path: C:\Users\CAPRIK~1\AppData\Local\Temp\is-PV3IO.tmp\cls-magic2_x64.exe
Report Id: 0c149657-a9ff-4d28-942b-9282890313a9
Faulting package full name:
Faulting package-relative application ID:
Error: (04/16/2023 08:33:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cls-magic2_x64.exe, version: 0.0.0.0, time stamp: 0x5c28cbe0
Faulting module name: cls-magic2_x64.exe, version: 0.0.0.0, time stamp: 0x5c28cbe0
Exception code: 0xc0000005
Fault offset: 0x000000000001d81d
Faulting process id: 0x1920
Faulting application start time: 0x01d970742e903d7b
Faulting application path: C:\Users\CAPRIK~1\AppData\Local\Temp\is-KH39D.tmp\cls-magic2_x64.exe
Faulting module path: C:\Users\CAPRIK~1\AppData\Local\Temp\is-KH39D.tmp\cls-magic2_x64.exe
Report Id: 6a13298e-a9d8-4748-bb41-4856df8436fa
Faulting package full name:
Faulting package-relative application ID:
Error: (04/16/2023 07:52:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cls-magic2_x64.exe, version: 0.0.0.0, time stamp: 0x5c28cbe0
Faulting module name: cls-magic2_x64.exe, version: 0.0.0.0, time stamp: 0x5c28cbe0
Exception code: 0xc0000005
Fault offset: 0x000000000001d877
Faulting process id: 0x1610
Faulting application start time: 0x01d9706be33b3935
Faulting application path: C:\Users\CAPRIK~1\AppData\Local\Temp\is-JFRAH.tmp\cls-magic2_x64.exe
Faulting module path: C:\Users\CAPRIK~1\AppData\Local\Temp\is-JFRAH.tmp\cls-magic2_x64.exe
Report Id: 6a0a6b53-7e8c-4431-a06b-ff8a2a680faf
Faulting package full name:
Faulting package-relative application ID:
Error: (04/16/2023 05:36:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program setup.tmp version 51.1052.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 275c
Start Time: 01d9705ac0a59d06
Termination Time: 4294967295
Application Path: C:\Users\CAPRIK~1\AppData\Local\Temp\is-IVI1G.tmp\setup.tmp
Report Id: 5c088839-cab7-4c18-9d30-029ffca740ff
Faulting package full name:
Faulting package-relative application ID:
Hang type: Top level window is idle
System errors:
=============
Error: (04/17/2023 09:02:00 PM) (Source: DCOM) (EventID: 10000) (User: LAPTOP-CGVDV5FK)
Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:
"2147942767"
Happened while starting this command:
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
Error: (04/17/2023 08:22:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The xTendSoftAPService service terminated unexpectedly.ย It has done this 1 time(s).
Error: (04/17/2023 04:36:48 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Mozilla Maintenance Service service terminated with the following error:
Incorrect function.
Error: (04/17/2023 02:26:12 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
Error: (04/17/2023 02:26:12 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
Error: (04/17/2023 02:00:18 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
Error: (04/17/2023 02:00:18 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
Error: (04/17/2023 01:59:01 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
Windows Defender:
================
Date: 2023-04-17 01:28:36
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Agent&threatid=2147583762&enterprise=0
Name: HackTool:Win32/Agent
Severity: High
Category: Tool
Path: file:_C:\Users\CapriKornus\Downloads\IDM_6.4x_Crack_v18.1-Ali.Dbg\IDM_6.4x_Crack_v18.1.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.387.1204.0, AS: 1.387.1204.0, NIS: 1.387.1204.0
Engine Version: AM: 1.1.20200.4, NIS: 1.1.20200.4
Date: 2023-04-17 01:28:32
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Agent&threatid=2147583762&enterprise=0
Name: HackTool:Win32/Agent
Severity: High
Category: Tool
Path: file:_C:\Users\CapriKornus\Downloads\IDM_6.4x_Crack_v18.1-Ali.Dbg\IDM_6.4x_Crack_v18.1.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.387.1204.0, AS: 1.387.1204.0, NIS: 1.387.1204.0
Engine Version: AM: 1.1.20200.4, NIS: 1.1.20200.4
Date: 2023-04-17 01:28:20
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Agent&threatid=2147583762&enterprise=0
Name: HackTool:Win32/Agent
Severity: High
Category: Tool
Path: file:_C:\Users\CapriKornus\Downloads\IDM_6.4x_Crack_v18.1-Ali.Dbg\IDM_6.4x_Crack_v18.1.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: Unknown
Security intelligence Version: AV: 1.387.1204.0, AS: 1.387.1204.0, NIS: 1.387.1204.0
Engine Version: AM: 1.1.20200.4, NIS: 1.1.20200.4
Date: 2023-04-17 01:26:28
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Agent&threatid=2147583762&enterprise=0
Name: HackTool:Win32/Agent
Severity: High
Category: Tool
Path: file:_C:\Users\CapriKornus\Downloads\IDM_6.4x_Crack_v18.1.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.387.1204.0, AS: 1.387.1204.0, NIS: 1.387.1204.0
Engine Version: AM: 1.1.20200.4, NIS: 1.1.20200.4
Date: 2023-04-17 01:26:24
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Agent&threatid=2147583762&enterprise=0
Name: HackTool:Win32/Agent
Severity: High
Category: Tool
Path: file:_C:\Users\CapriKornus\Downloads\IDM_6.4x_Crack_v18.1.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.387.1204.0, AS: 1.387.1204.0, NIS: 1.387.1204.0
Engine Version: AM: 1.1.20200.4, NIS: 1.1.20200.4
๏ปฟ
CodeIntegrity:
===============
Date: 2023-04-17 21:10:06
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: Insyde Corp. V1.18 06/22/2022
Motherboard: TGL Scala_TLS
Processor: 11th Gen Intelยฎ Coreย i7-11800H @ 2.30GHz
Percentage of memory in use: 86%
Total physical RAM: 7971.3 MB
Available physical RAM: 1055.89 MB
Total Virtual: 16163.3 MB
Available Virtual: 5743.69 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:237.35 GB) (Free:162.25 GB) (Model: NVMe KINGSTON OM8PDP3256B-AA1) NTFS
Drive d: (Data) (Fixed) (Total:931.51 GB) (Free:395.6 GB) (Model: ST1000LM049-2GH172) NTFS
\\?\Volume{40d8b327-7fec-4516-a4fa-5098116e0472}\ (Recovery) (Fixed) (Total:1 GB) (Free:0.49 GB) NTFS
\\?\Volume{ec5b659d-0594-4e3d-bf25-34e664359953}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32
==================== MBR & Partition Table ====================
==================== End of Addition.txt =======================
