Free Malware Removal Forum

[wavy12345]

im not sure if i can get help for this problem, im pretty new to this but ive tried for weeks now to fix this so im asking for assistance, any help is appreciated


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.04.2024 01
Ran by wavy (administrator) on DESKTOP-K7PP17U (MSI MS-7A72) (18-05-2024 09:12:30)
Running from C:\Users\wavy\Downloads\FRST64.exe
Loaded Profiles: wavy
Platform: Microsoft Windows 10 Pro N Version 22H2 19045.4412 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.17\avp.exe ->) (AO Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.17\avpui.exe
(C:\Program Files\DefenderUI\DefenderUIService.exe ->) (VoodooSoft, LLC -> VoodooSoft, LLC) C:\Program Files\DefenderUI\DefenderUI.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <19>
(Microsoft Corporation -> Sysinternals - www.sysinternals.com) C:\Users\wavy\Downloads\autoruns.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Riot Games, Inc. -> Riot Games, Inc.) C:\Program Files\Riot Vanguard\vgtray.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_e2af5870d35e2824\aesm_service.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\SocketHeciServer.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.17\avp.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_de8e1115ac61e38a\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (VoodooSoft, LLC -> VoodooSoft, LLC) C:\Program Files\DefenderUI\DefenderUIService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [3023152 2024-04-24] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\Software\Policies\...\system: [ShellSmartScreenLevel] Warn
HKLM\Software\Policies\...\system: [EnableSmartScreen] 0
HKU\S-1-5-21-3323529197-3699784123-711685060-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3323529197-3699784123-711685060-1001\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-3323529197-3699784123-711685060-1001\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-3323529197-3699784123-711685060-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-3323529197-3699784123-711685060-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\125.0.6422.61\Installer\chrmstp.exe [2024-05-17] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {8B856A00-F529-4318-BFF5-2040CE8F8C20} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem126.0.6462.0{475C5368-01AC-4E65-AB5F-2E9D06721719} => C:\Program Files (x86)\Google\GoogleUpdater\126.0.6462.0\updater.exe [4794656 2024-05-05] (Google LLC -> Google LLC)
Task: {7C3DFCE6-C86B-4E27-A73D-06EACA0E6D89} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\IntelPTTEKRecertification.exe [818008 2021-09-15] (Intel Corporation -> Intel(R) Corporation)
Task: {292AD6F9-49B3-4616-B764-1E9633057D18} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky\upgrade_launcher.exe [726952 2024-05-17] (AO Kaspersky Lab -> AO Kaspersky Lab)
Task: {C5DF7D22-87D3-4A32-A372-4BBA2E07FD85} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1277480 2024-05-07] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files\NVIDIA Corporation\NvContainer\-d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {927E7696-FEF6-4E20-BE54-EB6D2EC210DA} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3347496 2024-05-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B5547647-CC43-4A6A-89F8-C1F91E86D95F} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646696 2024-05-07] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files (x86)\NVIDIA Corporation\NvNode\--launcher=TaskScheduler
Task: {32C0F75B-D19E-4E90-81D5-414EA318DB54} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908328 2024-05-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2E9421CC-1282-4C68-B0F0-D1700B24700F} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908328 2024-05-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8C00E651-9010-479B-A672-BFC161F3E0D0} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1673768 2024-05-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {56BA3A7D-B052-46BD-81A3-B3D02444CF57} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1673768 2024-05-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7BC55970-42D0-4C7A-9ACD-F9A660451BF7} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1673768 2024-05-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C307E769-BAB0-4D95-94FC-C0F03F0A43F4} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1673768 2024-05-07] (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{23deca29-3b0f-4fc7-bd40-2c667cb91d0d}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge Profile: C:\Users\wavy\AppData\Local\Microsoft\Edge\User Data\Default [2024-05-18]
Edge StartupUrls: Default -> "hxxp://go.microsoft.com/fwlink/?LinkId=2134209&0x443"
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\wavy\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn [2024-05-17]
Edge Extension: (Google Docs Offline) - C:\Users\wavy\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-05-17]
Edge Extension: (Edge relevant text changes) - C:\Users\wavy\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-05-17]
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]

Chrome:
=======
CHR Profile: C:\Users\wavy\AppData\Local\Google\Chrome\User Data\Default [2024-05-18]
CHR Extension: (Equalizer for Chrome browser) - C:\Users\wavy\AppData\Local\Google\Chrome\User Data\Default\Extensions\abikfbojmghmfjdjlbagiamkinbmbaic [2024-05-17]
CHR Extension: (Kaspersky Protection) - C:\Users\wavy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2024-05-17]
CHR Extension: (uBlock Origin) - C:\Users\wavy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2024-05-17]
CHR Extension: (AHA Music - Song Finder for Browser) - C:\Users\wavy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpacanjfikmhoddligfbehkpomnbgblf [2024-05-17]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\wavy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2024-05-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\wavy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-05-17]
CHR Profile: C:\Users\wavy\AppData\Local\Google\Chrome\User Data\System Profile [2024-05-17]
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP21.17; C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.17\avp.exe [32008 2024-04-15] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 brlapi; C:\WINDOWS\brltty\bin\brltty.exe [847886 2019-10-15] (Microsoft Windows -> )
R2 DefenderUIService; C:\Program Files\DefenderUI\DefenderUIService.exe [341664 2024-01-24] (VoodooSoft, LLC -> VoodooSoft, LLC)
S2 GoogleUpdaterInternalService126.0.6462.0; C:\Program Files (x86)\Google\GoogleUpdater\126.0.6462.0\updater.exe [4794656 2024-05-05] (Google LLC -> Google LLC)
S2 GoogleUpdaterService126.0.6462.0; C:\Program Files (x86)\Google\GoogleUpdater\126.0.6462.0\updater.exe [4794656 2024-05-05] (Google LLC -> Google LLC)
S3 klvssbridge64_21.17; C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.17\x64\vssbridge64.exe [550312 2024-04-15] (AO Kaspersky Lab -> AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8887344 2024-05-17] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-05-17] (Malwarebytes Inc. -> Malwarebytes)
S3 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.24040.4-0\MpDefenderCoreService.exe [1489000 2024-05-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_de8e1115ac61e38a\Display.NvContainer\NVDisplay.Container.exe [1275440 2024-05-07] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [522200 2024-05-17] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [9649288 2024-04-24] (Riot Games, Inc. -> Riot Games, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.24040.4-0\NisSrv.exe [3236840 2024-05-17] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.24040.4-0\MsMpEng.exe [133704 2024-05-17] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 LGHUBUpdaterService; "C:\Program Files\LGHUB\lghub_updater.exe" --run-as-service [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [282624 2081-01-06] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [147968 2081-01-06] (Microsoft Corporation) [File not signed]
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [245192 2024-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2024-05-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R1 klbackupdisk.K4W-21-17; C:\WINDOWS\system32\DRIVERS\K4W-21-17\klbackupdisk.sys [92184 2024-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klbackupflt.K4W-21-17; C:\WINDOWS\System32\DRIVERS\K4W-21-17\klbackupflt.sys [250304 2024-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 kldisk.K4W-21-17; C:\WINDOWS\system32\DRIVERS\K4W-21-17\kldisk.sys [109600 2024-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [53576 2024-04-15] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R1 klflt.K4W-21-17; C:\WINDOWS\system32\DRIVERS\K4W-21-17\klflt.sys [653744 2024-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klgse.K4W-21-17; C:\WINDOWS\System32\DRIVERS\K4W-21-17\klgse.sys [841528 2024-05-17] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klhk.K4W-21-17; C:\WINDOWS\system32\DRIVERS\K4W-21-17\klhk.sys [2089168 2024-05-17] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klids.K4W-21-17; C:\ProgramData\Kaspersky Lab\AVP21.17\Bases\klids.sys [245144 2024-05-17] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 KLIF.K4W-21-17; C:\WINDOWS\System32\DRIVERS\K4W-21-17\klif.sys [1432496 2024-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [86040 2024-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klkbdflt.K4W-21-17; C:\WINDOWS\system32\DRIVERS\K4W-21-17\klkbdflt.sys [99352 2024-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klmouflt.K4W-21-17; C:\WINDOWS\system32\DRIVERS\K4W-21-17\klmouflt.sys [92608 2024-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klpd.K4W-21-17; C:\WINDOWS\System32\DRIVERS\K4W-21-17\klpd.sys [58904 2024-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klpnpflt.K4W-21-17; C:\WINDOWS\system32\DRIVERS\K4W-21-17\klpnpflt.sys [84400 2024-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R0 klupd_K4W-21-17_arkmon; C:\WINDOWS\System32\Drivers\klupd_K4W-21-17_arkmon.sys [384656 2024-05-17] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klupd_K4W-21-17_klark; C:\WINDOWS\System32\Drivers\klupd_K4W-21-17_klark.sys [354640 2024-05-17] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R0 klupd_K4W-21-17_klbg; C:\WINDOWS\System32\Drivers\klupd_K4W-21-17_klbg.sys [183120 2024-05-17] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klupd_K4W-21-17_mark; C:\WINDOWS\System32\Drivers\klupd_K4W-21-17_mark.sys [262712 2024-05-17] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klwtp.K4W-21-17; C:\WINDOWS\system32\DRIVERS\K4W-21-17\klwtp.sys [522688 2024-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 kneps.K4W-21-17; C:\WINDOWS\system32\DRIVERS\K4W-21-17\kneps.sys [368688 2024-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 logi_joy_bus_enum; C:\WINDOWS\system32\drivers\logi_joy_bus_enum.sys [44880 2024-05-17] (Logitech Inc -> Logitech)
S3 logi_joy_vir_hid; C:\WINDOWS\system32\drivers\logi_joy_vir_hid.sys [32080 2024-05-17] (Logitech Inc -> Logitech)
R3 logi_joy_xlcore; C:\WINDOWS\system32\drivers\logi_joy_xlcore.sys [73040 2024-05-17] (Logitech Inc -> Logitech)
R0 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223184 2024-05-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2024-05-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [201280 2024-05-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [78400 2024-05-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-05-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [188784 2024-05-18] (Malwarebytes Inc. -> Malwarebytes)
R3 NvModuleTracker; C:\WINDOWS\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_ea6cec41fc5b2a8b\NvModuleTracker.sys [47240 2024-05-07] (NVIDIA Corporation -> NVIDIA Corporation)
R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [21935504 2024-04-24] (Riot Games, Inc. -> Riot Games, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [21056 2024-05-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [601496 2024-05-17] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105880 2024-05-17] (Microsoft Windows -> Microsoft Corporation)
S3 WinRing0_1_2_0; C:\Users\wavy\Desktop\New folder\AutoFixer\OpenHardwareMonitorLib.sys [14544 2024-05-17] (Noriyuki MIYAZAKI -> OpenLibSys.org)
U4 HomeGroupListener; no ImagePath
U4 HomeGroupProvider; no ImagePath
S3 ThrottleStop; \??\C:\Users\wavy\AppData\Local\Temp\ThrottleStop.sys [X] <==== ATTENTION
U4 WMPNetworkSvc; no ImagePath
U4 xbgm; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2081-01-06 23:42 - 2024-05-18 08:02 - 000003464 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2081-01-06 23:42 - 2024-05-18 08:02 - 000003270 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore21a29a185a72420
2081-01-06 23:41 - 2024-05-18 03:50 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2081-01-06 23:41 - 2024-05-17 13:45 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2081-01-06 23:40 - 2081-01-06 23:40 - 000000000 ____D C:\Users\wavy\AppData\Roaming\Microsoft\SystemCertificates
2081-01-06 23:40 - 2081-01-06 23:40 - 000000000 ____D C:\Users\wavy\AppData\Roaming\Microsoft\Crypto
2081-01-06 23:39 - 2024-05-18 00:07 - 000000000 ____D C:\Users\wavy
2081-01-06 23:39 - 2024-05-17 23:23 - 000000000 ____D C:\Users\wavy\AppData\Roaming\Microsoft\Windows
2081-01-06 23:38 - 2024-05-17 23:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2081-01-06 23:38 - 2024-05-17 16:57 - 000259416 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2081-01-06 23:36 - 2081-01-06 23:36 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2081-01-06 23:35 - 2081-01-06 23:35 - 000000000 ____D C:\WINDOWS\system32\Drivers\mde
2081-01-06 23:35 - 2081-01-06 23:35 - 000000000 ____D C:\ProgramData\ssh
2081-01-06 23:35 - 2024-05-18 07:23 - 000000000 ____D C:\WINDOWS\SystemTemp
2081-01-06 23:35 - 2024-05-17 16:54 - 000000000 ____D C:\WINDOWS\InboxApps
2081-01-06 23:28 - 2081-01-06 23:28 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2081-01-06 23:23 - 2081-01-06 23:40 - 000000000 ___HD C:\$SysReset
2024-05-18 09:12 - 2024-05-18 09:12 - 000019768 _____ C:\Users\wavy\Downloads\FRST.txt
2024-05-18 09:12 - 2024-05-18 09:12 - 000000000 ____D C:\FRST
2024-05-18 09:11 - 2024-05-18 09:11 - 002394112 _____ (Farbar) C:\Users\wavy\Downloads\FRST64.exe
2024-05-18 06:01 - 2024-05-18 06:02 - 000024752 _____ C:\WINDOWS\SysWOW64\AppRulesStorage-wal
2024-05-18 06:01 - 2024-05-18 06:01 - 000032768 _____ C:\WINDOWS\SysWOW64\DnsStorage-shm
2024-05-18 06:01 - 2024-05-18 06:01 - 000032768 _____ C:\WINDOWS\SysWOW64\AppRulesStorage-shm
2024-05-18 06:01 - 2024-05-18 06:01 - 000000000 _____ C:\WINDOWS\SysWOW64\DnsStorage-wal
2024-05-18 04:18 - 2024-05-18 04:18 - 125787696 _____ (Logitech Inc.) C:\Users\wavy\Downloads\LGS_9.04.49_x64_Logitech.exe
2024-05-18 04:17 - 2024-05-18 04:17 - 001099208 _____ (Logitech Inc.) C:\Users\wavy\Downloads\ConnectUtility_2.30.6_Logitech.exe
2024-05-18 04:17 - 2024-05-18 04:17 - 000000000 ____D C:\Users\wavy\AppData\Roaming\Logitech
2024-05-18 04:17 - 2024-05-18 04:17 - 000000000 ____D C:\Users\wavy\AppData\Roaming\Logishrd
2024-05-18 03:50 - 2024-05-18 03:50 - 000188784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2024-05-18 00:49 - 2024-05-18 00:49 - 000000000 ____D C:\ProgramData\Intel
2024-05-18 00:10 - 2024-05-18 00:10 - 000000000 ____D C:\WINDOWS\Panther
2024-05-17 23:27 - 2024-05-18 00:07 - 000000000 ____D C:\ProgramData\Optimizer
2024-05-17 23:13 - 2024-05-18 06:37 - 000000000 ____D C:\Users\wavy\Desktop\New folder
2024-05-17 23:13 - 2024-05-17 23:53 - 000000000 __SHD C:\Users\wavy\wc
2024-05-17 23:13 - 2024-05-17 23:13 - 000000000 __SHD C:\Users\wavy\AppData\Roaming\wyUpdate AU
2024-05-17 23:13 - 2024-05-17 23:13 - 000000000 ____D C:\Users\wavy\AppData\Roaming\WinRAR
2024-05-17 23:13 - 2024-05-17 23:13 - 000000000 ____D C:\Users\wavy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2024-05-17 23:13 - 2024-05-17 23:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2024-05-17 23:13 - 2024-05-17 23:13 - 000000000 ____D C:\Program Files\WinRAR
2024-05-17 22:37 - 2024-05-18 08:07 - 000000000 ____D C:\Users\wavy\AppData\Local\CrashDumps
2024-05-17 21:16 - 2024-05-17 22:04 - 000000000 ____D C:\Users\wavy\AppData\Roaming\slobs-client
2024-05-17 17:47 - 2024-05-17 17:47 - 000073040 _____ (Logitech) C:\WINDOWS\system32\Drivers\logi_joy_xlcore.sys
2024-05-17 17:47 - 2024-05-17 17:47 - 000044880 _____ (Logitech) C:\WINDOWS\system32\Drivers\logi_joy_bus_enum.sys
2024-05-17 17:47 - 2024-05-17 17:47 - 000000000 ____D C:\Users\wavy\AppData\Roaming\lghub
2024-05-17 17:47 - 2024-05-17 17:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2024-05-17 17:46 - 2024-05-17 17:47 - 000000000 ____D C:\ProgramData\LGHUB
2024-05-17 17:44 - 2024-05-17 17:45 - 000000000 ____D C:\Users\wavy\AppData\Roaming\Geek Uninstaller
2024-05-17 17:42 - 2024-05-17 17:44 - 000000000 ____D C:\Users\wavy\AppData\Roaming\Microsoft\MMC
2024-05-17 17:05 - 2024-05-18 09:10 - 000000000 ____D C:\Users\wavy\AppData\Local\Malwarebytes
2024-05-17 17:05 - 2024-05-18 03:54 - 000002093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2024-05-17 17:05 - 2024-05-17 17:05 - 000002081 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2024-05-17 17:04 - 2024-05-17 17:04 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-05-17 17:04 - 2024-05-17 17:04 - 000000000 ____D C:\Program Files\Malwarebytes
2024-05-17 17:00 - 2024-05-17 17:00 - 000000000 ____D C:\Users\wavy\AppData\Roaming\LGHUB_BKP
2024-05-17 16:44 - 2024-05-17 16:51 - 000000000 ____D C:\ProgramData\SecTaskMan
2024-05-17 16:43 - 2024-05-17 16:43 - 000020861 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-05-17 16:43 - 2024-05-17 16:43 - 000007600 _____ C:\Users\wavy\AppData\Local\Resmon.ResmonCfg
2024-05-17 16:42 - 2024-05-17 16:42 - 000020861 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-05-17 16:38 - 2024-05-17 16:38 - 000000000 ____D C:\WINDOWS\pss
2024-05-17 16:36 - 2081-01-06 23:32 - 000282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthA2dp.sys
2024-05-17 16:36 - 2081-01-06 23:32 - 000147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthHfEnum.sys
2024-05-17 16:36 - 2024-05-17 16:36 - 000000000 ___HD C:\$WinREAgent
2024-05-17 16:30 - 2024-05-17 17:47 - 000000000 ____D C:\Users\wavy\AppData\Roaming\G HUB
2024-05-17 15:08 - 2024-05-17 15:08 - 000000000 ____D C:\Users\wavy\AppData\Local\LGHUB
2024-05-17 15:02 - 2024-05-17 15:02 - 000000000 ____D C:\WINDOWS\system32\braille-tables
2024-05-17 15:02 - 2024-05-17 15:02 - 000000000 ____D C:\WINDOWS\brltty
2024-05-17 15:01 - 2024-05-17 15:01 - 000000000 ____D C:\Users\wavy\AppData\Roaming\slobs-plugins
2024-05-17 15:01 - 2024-05-17 15:01 - 000000000 ____D C:\Users\wavy\AppData\Roaming\obs-studio-node-server
2024-05-17 15:01 - 2024-05-17 15:01 - 000000000 ____D C:\ProgramData\obs-studio-hook
2024-05-17 15:00 - 2024-05-17 23:10 - 000000000 ____D C:\Program Files\Streamlabs OBS
2024-05-17 15:00 - 2024-05-17 15:00 - 000000000 ____D C:\Users\wavy\AppData\Local\slobs-client-updater
2024-05-17 14:48 - 2024-05-17 14:48 - 000032080 _____ (Logitech) C:\WINDOWS\system32\Drivers\logi_joy_vir_hid.sys
2024-05-17 14:48 - 2024-05-17 14:48 - 000000000 ____D C:\Users\wavy\AppData\Roaming\ProcessLasso
2024-05-17 14:48 - 2024-05-17 14:48 - 000000000 ____D C:\Users\wavy\AppData\Local\ProcessLasso
2024-05-17 14:44 - 2024-05-17 14:44 - 000000000 ____D C:\Users\wavy\AppData\Local\PeerDistRepub
2024-05-17 14:43 - 2024-05-17 14:43 - 000000000 ____D C:\Users\wavy\Documents\League of Legends
2024-05-17 14:39 - 2024-05-18 05:33 - 000000001 _____ C:\WINDOWS\vgkbootstatus.dat
2024-05-17 14:36 - 2024-05-17 18:37 - 000000000 ____D C:\Users\wavy\AppData\Local\NVIDIA Corporation
2024-05-17 14:36 - 2024-05-17 14:36 - 000001443 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2024-05-17 14:36 - 2024-05-17 14:36 - 000000000 ____D C:\Users\wavy\AppData\Local\CEF
2024-05-17 14:36 - 2024-05-17 14:36 - 000000000 ____D C:\Users\wavy\ansel
2024-05-17 14:32 - 2024-05-17 15:01 - 000000000 ____D C:\ProgramData\Package Cache
2024-05-17 14:32 - 2024-05-17 14:32 - 000004308 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-05-17 14:32 - 2024-05-17 14:32 - 000003976 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-05-17 14:32 - 2024-05-17 14:32 - 000003940 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-05-17 14:32 - 2024-05-17 14:32 - 000003894 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-05-17 14:32 - 2024-05-17 14:32 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-05-17 14:32 - 2024-05-17 14:32 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-05-17 14:32 - 2024-05-17 14:32 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-05-17 14:32 - 2024-05-17 14:32 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-05-17 14:32 - 2024-05-17 14:32 - 000003654 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-05-17 14:32 - 2024-05-17 14:32 - 000000000 ____D C:\Users\wavy\AppData\LocalLow\NVIDIA
2024-05-17 14:32 - 2024-05-17 14:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2024-05-17 14:32 - 2024-05-17 14:32 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2024-05-17 14:32 - 2024-05-07 08:35 - 002900520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2024-05-17 14:32 - 2024-05-07 08:35 - 002231336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2024-05-17 14:32 - 2024-05-07 08:35 - 001296936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2024-05-17 14:32 - 2024-05-07 08:35 - 000180760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2024-05-17 14:32 - 2024-05-07 08:35 - 000159768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2024-05-17 14:32 - 2024-05-07 08:35 - 000086568 _____ C:\WINDOWS\system32\FvSDK_x64.dll
2024-05-17 14:32 - 2024-05-07 08:35 - 000075304 _____ C:\WINDOWS\SysWOW64\FvSDK_x86.dll
2024-05-17 14:30 - 2024-05-07 18:52 - 002031376 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2024-05-17 14:30 - 2024-05-07 18:52 - 002031376 _____ C:\WINDOWS\system32\vulkaninfo.exe
2024-05-17 14:30 - 2024-05-07 18:52 - 001578872 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2024-05-17 14:30 - 2024-05-07 18:52 - 001578872 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2024-05-17 14:30 - 2024-05-07 18:52 - 001488024 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2024-05-17 14:30 - 2024-05-07 18:52 - 001445240 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2024-05-17 14:30 - 2024-05-07 18:52 - 001445240 _____ C:\WINDOWS\system32\vulkan-1.dll
2024-05-17 14:30 - 2024-05-07 18:52 - 001295224 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2024-05-17 14:30 - 2024-05-07 18:52 - 001295224 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2024-05-17 14:30 - 2024-05-07 18:52 - 001227416 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2024-05-17 14:30 - 2024-05-07 18:49 - 001045528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2024-05-17 14:30 - 2024-05-07 18:49 - 000669824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvofapi64.dll
2024-05-17 14:30 - 2024-05-07 18:49 - 000505368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvofapi.dll
2024-05-17 14:30 - 2024-05-07 18:48 - 002174080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2024-05-17 14:30 - 2024-05-07 18:48 - 001626240 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2024-05-17 14:30 - 2024-05-07 18:48 - 001543728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2024-05-17 14:30 - 2024-05-07 18:48 - 001199640 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2024-05-17 14:30 - 2024-05-07 18:48 - 001024128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2024-05-17 14:30 - 2024-05-07 18:48 - 000842392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2024-05-17 14:30 - 2024-05-07 18:48 - 000787592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2024-05-17 14:30 - 2024-05-07 18:47 - 016034328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2024-05-17 14:30 - 2024-05-07 18:47 - 012929672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2024-05-17 14:30 - 2024-05-07 18:47 - 006780544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2024-05-17 14:30 - 2024-05-07 18:47 - 003721352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2024-05-17 14:30 - 2024-05-07 18:47 - 000459392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2024-05-17 14:30 - 2024-05-07 18:46 - 005913648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2024-05-17 14:30 - 2024-05-07 18:46 - 005772936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcudadebugger.dll
2024-05-17 14:30 - 2024-05-07 18:46 - 000853544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2024-05-17 14:30 - 2024-05-07 18:45 - 006034632 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2024-05-17 14:30 - 2024-05-07 08:35 - 000119466 _____ C:\WINDOWS\system32\nvinfo.pb
2024-05-17 14:30 - 2024-05-07 08:35 - 000060240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2024-05-17 14:30 - 2024-05-07 08:35 - 000059928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2024-05-17 14:26 - 2024-05-17 14:26 - 000000000 ____D C:\Program Files\Reference Assemblies
2024-05-17 14:26 - 2024-05-17 14:26 - 000000000 ____D C:\Program Files\MSBuild
2024-05-17 14:26 - 2024-05-17 14:26 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2024-05-17 14:26 - 2024-05-17 14:26 - 000000000 ____D C:\Program Files (x86)\MSBuild
2024-05-17 14:24 - 2024-05-17 14:24 - 000000000 ____D C:\Program Files\Riot Vanguard
2024-05-17 14:22 - 2024-05-18 03:53 - 000000000 ____D C:\Users\wavy\AppData\Roaming\riot-client-ux
2024-05-17 14:22 - 2024-05-18 03:53 - 000000000 ____D C:\ProgramData\Riot Games
2024-05-17 14:22 - 2024-05-17 14:59 - 000001693 _____ C:\Users\Public\Desktop\League of Legends.lnk
2024-05-17 14:22 - 2024-05-17 14:43 - 000000000 ____D C:\Users\wavy\AppData\Local\Riot Games
2024-05-17 14:22 - 2024-05-17 14:39 - 000001491 _____ C:\Users\Public\Desktop\Riot Client.lnk
2024-05-17 14:22 - 2024-05-17 14:24 - 000000000 ____D C:\Riot Games
2024-05-17 14:22 - 2024-05-17 14:22 - 000000000 ____D C:\Users\wavy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Riot Games
2024-05-17 14:22 - 2024-05-17 14:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
2024-05-17 14:21 - 2024-05-18 05:33 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-05-17 14:21 - 2024-05-17 14:30 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-05-17 14:21 - 2024-05-17 14:21 - 000000000 ____D C:\Users\wavy\AppData\Local\Google
2024-05-17 14:20 - 2024-05-17 14:20 - 000000000 ____D C:\WINDOWS\system32\Tasks\GoogleSystem
2024-05-17 14:20 - 2024-05-17 14:20 - 000000000 ____D C:\Program Files\Google
2024-05-17 14:20 - 2024-05-17 14:20 - 000000000 ____D C:\Program Files (x86)\Google
2024-05-17 14:17 - 2024-05-17 14:17 - 000003840 _____ C:\WINDOWS\system32\Tasks\Intel PTT EK Recertification
2024-05-17 14:10 - 2024-05-18 05:30 - 000012288 _____ C:\WINDOWS\SysWOW64\AppRulesStorage
2024-05-17 14:10 - 2024-05-17 14:10 - 000012288 _____ C:\WINDOWS\SysWOW64\DnsStorage
2024-05-17 14:05 - 2024-05-18 05:33 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky.lnk
2024-05-17 14:05 - 2024-05-17 14:05 - 000003232 _____ C:\WINDOWS\system32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2024-05-17 14:05 - 2024-05-17 14:05 - 000000000 ____D C:\WINDOWS\system32\Drivers\K4W-21-17
2024-05-17 14:05 - 2024-05-17 14:05 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2024-05-17 14:05 - 2024-05-17 14:05 - 000000000 ____D C:\Program Files\Common Files\AV
2024-05-17 14:05 - 2024-05-17 14:05 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2024-05-17 14:03 - 2024-05-17 14:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DefenderUI
2024-05-17 14:03 - 2024-05-17 14:03 - 000000000 ____D C:\Program Files\DefenderUI
2024-05-17 13:59 - 2024-05-18 05:15 - 000000000 ____D C:\Users\wavy\AppData\Roaming\discord
2024-05-17 13:59 - 2024-05-18 00:59 - 000000000 ____D C:\Users\wavy\AppData\Local\Discord
2024-05-17 13:59 - 2024-05-17 13:59 - 000000000 ____D C:\Users\wavy\AppData\Roaming\NVIDIA
2024-05-17 13:59 - 2024-05-17 13:59 - 000000000 ____D C:\Users\wavy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2024-05-17 13:59 - 2024-05-17 13:59 - 000000000 ____D C:\Users\wavy\AppData\Local\SquirrelTemp
2024-05-17 13:59 - 2024-05-17 13:59 - 000000000 ____D C:\ProgramData\SquirrelMachineInstalls
2024-05-17 13:57 - 2024-05-17 14:30 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-05-17 13:56 - 2024-05-17 13:56 - 000000000 ____D C:\Users\wavy\AppData\Local\PlaceholderTileLogoFolder
2024-05-17 13:55 - 2024-05-18 06:37 - 000000000 ____D C:\Users\wavy\AppData\Local\D3DSCache
2024-05-17 13:53 - 2024-05-17 13:53 - 000000000 ____D C:\Users\wavy\AppData\Local\Comms
2024-05-17 13:52 - 2024-05-17 13:52 - 000000000 ____D C:\Users\wavy\AppData\Local\DBG
2024-05-17 13:51 - 2024-05-18 03:50 - 000000000 ____D C:\ProgramData\NVIDIA
2024-05-17 13:51 - 2024-05-17 22:36 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2024-05-17 13:51 - 2024-05-17 14:36 - 000000000 ____D C:\Users\wavy\AppData\Local\NVIDIA
2024-05-17 13:51 - 2024-05-17 14:32 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2024-05-17 13:51 - 2024-05-17 14:32 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2024-05-17 13:51 - 2024-05-17 13:51 - 000000000 ____D C:\WINDOWS\system32\lxss
2024-05-17 13:51 - 2024-05-07 18:45 - 006948672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2024-05-17 13:51 - 2024-05-07 08:35 - 000121880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2024-05-17 13:49 - 2024-05-17 13:50 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-05-17 13:48 - 2024-05-17 13:48 - 000000000 ____D C:\Users\wavy\AppData\Roaming\Microsoft\Spelling
2024-05-17 13:45 - 2024-05-18 03:57 - 000840778 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-05-17 13:44 - 2024-05-17 13:44 - 000000000 ____D C:\Users\wavy\AppData\Local\OneDrive
2024-05-17 13:44 - 2024-05-17 13:44 - 000000000 ____D C:\Program Files\RUXIM
2024-05-17 13:44 - 2024-05-17 13:44 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2024-05-17 13:42 - 2024-05-17 23:55 - 000000000 ____D C:\Users\wavy\AppData\Local\Packages
2024-05-17 13:42 - 2024-05-17 14:32 - 000000000 ____D C:\ProgramData\Packages
2024-05-17 13:42 - 2024-05-17 13:42 - 000000020 ___SH C:\Users\wavy\ntuser.ini
2024-05-17 13:42 - 2024-05-17 13:42 - 000000000 ____D C:\Users\wavy\AppData\Roaming\Microsoft\Network
2024-05-17 13:42 - 2024-05-17 13:42 - 000000000 ____D C:\Users\wavy\AppData\Roaming\Adobe
2024-05-17 13:42 - 2024-05-17 13:42 - 000000000 ____D C:\Users\wavy\AppData\Local\VirtualStore
2024-05-17 13:42 - 2024-05-17 13:42 - 000000000 ____D C:\Users\wavy\AppData\Local\Publishers
2024-05-17 13:42 - 2024-05-17 13:42 - 000000000 ____D C:\Users\wavy\AppData\Local\ConnectedDevicesPlatform
2024-05-16 00:55 - 2024-05-17 14:49 - 000000000 ___SD C:\Users\wavy\AppData\Roaming\Microsoft\Credentials
2024-05-16 00:55 - 2024-05-17 13:42 - 000000000 __RHD C:\Users\Public\AccountPictures
2024-05-16 00:55 - 2024-05-17 13:42 - 000000000 ___RD C:\Users\wavy\3D Objects
2024-05-16 00:55 - 2024-05-16 00:55 - 000000000 ___SD C:\Users\wavy\AppData\Roaming\Microsoft\Protect
2024-05-16 00:55 - 2024-05-16 00:55 - 000000000 ____D C:\Users\wavy\AppData\Roaming\Microsoft\Vault
2024-05-16 00:54 - 2024-05-16 00:54 - 000000000 ____D C:\WINDOWS\CSC
2024-05-16 00:52 - 2024-05-16 00:52 - 000000000 _SHDL C:\Documents and Settings
2024-05-16 00:51 - 2024-05-18 05:33 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-05-16 00:51 - 2024-05-18 03:50 - 000008192 ___SH C:\DumpStack.log.tmp

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2081-01-06 23:38 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\appcompat
2081-01-06 23:37 - 2019-12-07 02:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2081-01-06 23:35 - 2019-12-07 02:51 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2081-01-06 23:35 - 2019-12-07 02:51 - 000020827 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2081-01-06 23:35 - 2019-12-07 02:51 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2081-01-06 23:35 - 2019-12-07 02:51 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2081-01-06 23:35 - 2019-12-07 02:48 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2081-01-06 23:35 - 2019-12-07 02:14 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2081-01-06 23:35 - 2019-12-07 02:14 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2081-01-06 23:35 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2081-01-06 23:35 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2081-01-06 23:35 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2081-01-06 23:35 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2081-01-06 23:35 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2081-01-06 23:35 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2081-01-06 23:35 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2081-01-06 23:35 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2081-01-06 23:35 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SystemApps
2081-01-06 23:35 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2081-01-06 23:35 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2081-01-06 23:35 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2081-01-06 23:35 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2081-01-06 23:35 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2081-01-06 23:35 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2081-01-06 23:35 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\Com
2081-01-06 23:35 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2081-01-06 23:35 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\IME
2081-01-06 23:35 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2081-01-06 23:35 - 2019-12-07 02:14 - 000000000 ____D C:\Program Files\Common Files\System
2081-01-06 23:35 - 2019-12-07 02:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2024-05-18 05:08 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2024-05-18 05:01 - 2019-12-07 02:12 - 000000000 ____D C:\WINDOWS\INF
2024-05-18 03:52 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-05-18 03:50 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\ServiceState
2024-05-18 01:13 - 2019-12-07 02:03 - 000065536 _____ C:\WINDOWS\system32\config\BBI
2024-05-18 01:05 - 2019-12-07 02:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2024-05-17 23:55 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-05-17 23:45 - 2019-12-07 02:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-05-17 16:58 - 2019-12-07 02:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-05-17 16:55 - 2019-12-07 02:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-05-17 16:54 - 2019-12-07 02:51 - 000000000 __SHD C:\WINDOWS\BitLockerDiscoveryVolumeContents
2024-05-17 16:54 - 2019-12-07 02:51 - 000000000 ___SD C:\WINDOWS\system32\AppV
2024-05-17 16:54 - 2019-12-07 02:51 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2024-05-17 16:54 - 2019-12-07 02:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2024-05-17 16:54 - 2019-12-07 02:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2024-05-17 16:54 - 2019-12-07 02:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2024-05-17 16:54 - 2019-12-07 02:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2024-05-17 16:54 - 2019-12-07 02:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2024-05-17 16:54 - 2019-12-07 02:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2024-05-17 16:54 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-05-17 16:54 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-05-17 16:54 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2024-05-17 16:54 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2024-05-17 16:54 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-05-17 16:54 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-05-17 16:54 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-05-17 16:54 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2024-05-17 16:54 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2024-05-17 16:54 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2024-05-17 16:54 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\setup
2024-05-17 16:54 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-05-17 16:54 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2024-05-17 16:54 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-05-17 16:54 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2024-05-17 16:54 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-05-17 16:54 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2024-05-17 16:54 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-05-17 16:54 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-05-17 16:54 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-05-17 16:54 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\Provisioning
2024-05-17 16:54 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2024-05-17 16:54 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-05-17 16:54 - 2019-12-07 02:03 - 000000000 ____D C:\WINDOWS\servicing
2024-05-17 14:05 - 2019-12-07 02:03 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
2024-05-17 13:44 - 2019-12-07 02:14 - 000000000 ____D C:\Program Files\Windows Defender
2024-05-17 13:42 - 2019-12-07 02:49 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2024-05-17 13:42 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\spool
2024-05-17 13:42 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\USOPrivate

==================== Files in the root of some directories ========

2024-05-17 16:43 - 2024-05-17 16:43 - 000007600 _____ () C:\Users\wavy\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19.04.2024 01
Ran by wavy (18-05-2024 09:15:04)
Running from C:\Users\wavy\Downloads
Microsoft Windows 10 Pro N Version 22H2 19045.4412 (X64) (2081-01-07 06:43:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3323529197-3699784123-711685060-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3323529197-3699784123-711685060-503 - Limited - Disabled)
Guest (S-1-5-21-3323529197-3699784123-711685060-501 - Limited - Disabled)
wavy (S-1-5-21-3323529197-3699784123-711685060-1001 - Administrator - Enabled) => C:\Users\wavy
WDAGUtilityAccount (S-1-5-21-3323529197-3699784123-711685060-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky (Enabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}
FW: Kaspersky (Enabled) {774D7037-0984-41B0-3A87-5E88E680AD58}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

DefenderUI version 1.16 (HKLM\...\{D60974B4-94D2-4A22-A4B9-4C2E0E264B7B}_is1) (Version: 1.16 - VoodooSoft, LLC)
Discord (HKU\S-1-5-21-3323529197-3699784123-711685060-1001\...\Discord) (Version: 1.0.9147 - Discord Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 125.0.6422.61 - Google LLC)
Kaspersky (HKLM-x32\...\{316E069F-B459-3A14-9721-D616E6BD04FF}) (Version: 21.17.7.539 - Kaspersky) Hidden
Kaspersky (HKLM-x32\...\InstallWIX_{316E069F-B459-3A14-9721-D616E6BD04FF}) (Version: 21.17.7.539 - Kaspersky)
League of Legends (HKU\S-1-5-21-3323529197-3699784123-711685060-1001\...\Riot Game league_of_legends.live) (Version: - Riot Games, Inc)
Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: 2024.3.553733 - Logitech)
Malwarebytes version 5.1.4.112 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.1.4.112 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 124.0.2478.109 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 124.0.2478.97 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.38.33135 (HKLM-x32\...\{c649ede4-f16a-4486-a117-dcc2f2a35165}) (Version: 14.38.33135.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.24.28127 (HKLM-x32\...\{EAC73207-74BD-4B13-AACF-8C0E751FA4E8}) (Version: 14.24.28127 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.24.28127 (HKLM-x32\...\{2E72FA1F-BADB-4337-B8AE-F7C17EC57D1D}) (Version: 14.24.28127 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.38.33135 (HKLM\...\{19AFE054-CA83-45D5-A9DB-4108EF4BD391}) (Version: 14.38.33135 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.38.33135 (HKLM\...\{AA0C8AB5-7297-4D46-A0D9-08096FE59E46}) (Version: 14.38.33135 - Microsoft Corporation) Hidden
NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.28.0.412 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.28.0.412 - NVIDIA Corporation)
NVIDIA Graphics Driver 552.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 552.44 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.40.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.40.14 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
Riot Client (HKU\S-1-5-21-3323529197-3699784123-711685060-1001\...\Riot Game Riot_Client.) (Version: - Riot Games, Inc)
Riot Vanguard (HKLM\...\Riot Vanguard) (Version: - Riot Games, Inc.)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{85C69797-7336-4E83-8D97-32A7C8465A3B}) (Version: 8.94.0.0 - Microsoft Corporation)
WinRAR 7.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 7.01.0 - win.rar GmbH)

Packages:
=========

NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.966.0_x64__56jybvy8sckqj [2024-05-17] (NVIDIA Corp.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [Kaspersky Free 21.17] -> {0F574355-9FBE-40DB-ACB8-81F6612BB909} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.17\x64\shellex.dll [2024-05-17] (AO Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Kaspersky Free 21.17] -> {0F574355-9FBE-40DB-ACB8-81F6612BB909} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.17\x64\shellex.dll [2024-05-17] (AO Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-05-17] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [Kaspersky Free 21.17] -> {0F574355-9FBE-40DB-ACB8-81F6612BB909} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.17\x64\shellex.dll [2024-05-17] (AO Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_de8e1115ac61e38a\nvshext.dll [2024-05-07] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [Kaspersky Free 21.17] -> {0F574355-9FBE-40DB-ACB8-81F6612BB909} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.17\x64\shellex.dll [2024-05-17] (AO Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-05-17] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\ntuser.dat:D4F6BC83AF [3434]
AlternateDataStreams: C:\ProgramData\ntuser.dat.LOG1:94949E25BC [3434]
AlternateDataStreams: C:\ProgramData\ntuser.dat.LOG2:CCE2DBB696 [3434]
AlternateDataStreams: C:\ProgramData\ntuser.dat{f8b788d5-9594-122e-a0eb-309c23887072}.TM.blf:8B7388A17A [3434]
AlternateDataStreams: C:\ProgramData\ntuser.dat{f8b788d5-9594-122e-a0eb-309c23887072}.TMContainer00000000000000000001.regtrans-ms:A573A15F9B [3434]
AlternateDataStreams: C:\ProgramData\ntuser.dat{f8b788d5-9594-122e-a0eb-309c23887072}.TMContainer00000000000000000002.regtrans-ms:CA6BD4B808 [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk:8096E45125 [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky.lnk:C47623E859 [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk:C5D586BE93 [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk:E77773B271 [3434]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 02:14 - 2019-12-07 02:12 - 000000824 ____R C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3323529197-3699784123-711685060-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "Riot Vanguard"
HKLM\...\StartupApproved\Run: => "Emsisoft Anti-Malware"
HKLM\...\StartupApproved\Run32: => "Discord"
HKU\S-1-5-21-3323529197-3699784123-711685060-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_228C60AEF1CF2CBF09F59062A3DF11AB"
HKU\S-1-5-21-3323529197-3699784123-711685060-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3323529197-3699784123-711685060-1001\...\StartupApproved\Run: => "Discord"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{99BA1C13-D761-4A24-896B-2BB5C0595402}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.97\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6315EA7A-0572-48BB-B6A5-FFFA027E28FC}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{ED2AB0D8-F5C5-4495-972A-A6A70BE3FB30}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{B40B4365-166B-4843-AA4E-CAF917DC236B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{E349C1B4-281F-4C9C-AF04-43FD9B0A5569}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{ECEC9BC6-AF8F-4D2F-B2FF-A5006786E94A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{D85F0CD3-60B4-45B5-B93F-008C6AC1892A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{92400ADE-C7A8-432E-9E26-079566F76F0B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{AA1EB808-50B5-41D0-91BE-9EFF3775226C}C:\riot games\riot client\riotclientelectron\riot client.exe] => (Block) C:\riot games\riot client\riotclientelectron\riot client.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{29515DB6-A209-4B66-8A14-3E80D6344127}C:\riot games\riot client\riotclientelectron\riot client.exe] => (Block) C:\riot games\riot client\riotclientelectron\riot client.exe (Riot Games, Inc. -> Riot Games, Inc.)

==================== Restore Points =========================

18-05-2024 05:43:24 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (05/18/2024 08:24:20 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\wavy\Downloads\autoruns.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.4355_none_a865f0c28672571c.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.4355_none_60b8b9eb71f62e16.manifest.

Error: (05/18/2024 08:22:18 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\wavy\Downloads\autoruns.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.4355_none_a865f0c28672571c.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.4355_none_60b8b9eb71f62e16.manifest.

Error: (05/18/2024 08:07:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: autoruns.exe, version: 14.11.0.0, time stamp: 0x65bb7636
Faulting module name: autoruns.exe, version: 14.11.0.0, time stamp: 0x65bb7636
Exception code: 0xc0000005
Fault offset: 0x00075d22
Faulting process id: 0x2348
Faulting application start time: 0x01daa933b5979e06
Faulting application path: C:\Users\wavy\Downloads\autoruns.exe
Faulting module path: C:\Users\wavy\Downloads\autoruns.exe
Report Id: 7e3664b2-ff1e-43f4-8a5c-5cb54c212cdf
Faulting package full name:
Faulting package-relative application ID:

Error: (05/18/2024 07:57:31 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\wavy\Downloads\autoruns.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.4355_none_a865f0c28672571c.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.4355_none_60b8b9eb71f62e16.manifest.

Error: (05/18/2024 07:57:30 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\wavy\Downloads\autoruns.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.4355_none_a865f0c28672571c.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.4355_none_60b8b9eb71f62e16.manifest.

Error: (05/18/2024 07:57:27 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\wavy\Downloads\autoruns.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.4355_none_a865f0c28672571c.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.4355_none_60b8b9eb71f62e16.manifest.

Error: (05/18/2024 01:13:20 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]

Error: (05/18/2024 01:13:20 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress..


System errors:
=============
Error: (05/18/2024 06:00:01 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error -2147020471. For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931

Error: (05/18/2024 05:55:22 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Diagnostic Policy Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (05/18/2024 04:38:04 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The vgc service terminated with the following error:
Incorrect function.

Error: (05/18/2024 03:50:23 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error -2147020471. For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931

Error: (05/18/2024 03:50:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LGHUBUpdaterService service failed to start due to the following error:
The system cannot find the file specified.

Error: (05/18/2024 12:49:05 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel® SGX AESM service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 3000 milliseconds: Restart the service.

Error: (05/18/2024 12:49:05 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel® SGX AESM service terminated with the following error:
Unspecified error

Error: (05/18/2024 12:48:54 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Emsisoft Protection Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.


Windows Defender:
================
Date: 2024-05-17 14:05:35
Description:
Controlled Folder Access blocked C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.17\avp.exe from making changes to memory.
Detection time: 2024-05-17T21:05:35.494Z
Path: \Device\Harddisk1\DR1
Process Name: C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.17\avp.exe
Security intelligence Version: 1.411.207.0
Engine Version: 1.1.24040.1
Product Version: 4.18.24040.4

CodeIntegrity:
===============
Date: 2024-05-18 06:01:58
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky 21.17\x64\com_antivirus.dll that did not meet the Windows signing level requirements.

Date: 2024-05-18 06:01:58
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. 3.90 07/05/2018
Motherboard: MSI B250 PC MATE (MS-7A72)
Processor: Intel(R) Core(TM) i7-7700K CPU @ 4.20GHz
Percentage of memory in use: 30%
Total physical RAM: 16308.91 MB
Available physical RAM: 11288 MB
Total Virtual: 19252.91 MB
Available Virtual: 13475.96 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.24 GB) (Free:171.22 GB) (Model: Samsung SSD 850 EVO 250GB) NTFS

\\?\Volume{8f3b3cc0-4fc9-4673-8dff-0213d6575ea6}\ () (Fixed) (Total:0.53 GB) (Free:0.08 GB) NTFS
\\?\Volume{ac09ed1f-2293-4d41-a7a1-0afdf193cb66}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 39CB7F5A)

==========================================================
Disk: 1 (Protective MBR) (Size: 232.9 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

[wavy12345]

files

[pgmigg]

Hello wavy12345,

Welcome to the forum!

I am pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.

1. The instructions being given are for YOUR computer and system only!
   Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
2. You must have Administrator rights, permissions for this computer.
3. DO NOT run any other fix or removal tools unless instructed to do so!
4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
   DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
   Extra Additions and Removals of files make the analysis more difficult.
5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!"
   Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed

[wavy12345]

updated files, ill be refreshing the tab

[wavy12345]

backed up files*

[wavy12345]

Hello wavy12345,

Welcome to the forum!

I am pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.

1. The instructions being given are for YOUR computer and system only!
   Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
2. You must have Administrator rights, permissions for this computer.
3. DO NOT run any other fix or removal tools unless instructed to do so!
4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
   DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
   Extra Additions and Removals of files make the analysis more difficult.
5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!"
   Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed

bump, i read the user forum and backed up files. ready when you are.

[pgmigg]

Hello wavy12345,

Step 1.
Run CKScanner

1. Please download CKScanner from here
2. Important: - Save it to your Desktop.
3. Double-click CKScanner.exe and click Search For Files.
4. After a very short time, when the cursor hourglass disappears, click Save List To File.
5. A message box will verify the file saved.
6. Double-click the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

Then:
Please tell me is this computer used for business or educational purposes and/or connected to a business or educational network?
I need to know it - so I can provide the proper instructions.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

Don't post anything as attachments unless I will ask you about it specifically!

Please include in your next reply:

1. Do you have any problems executing the instructions?
2. Contents of CKFiles.txt log file
3. Answer to my question related to type of using of your computer

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed

[wavy12345]

A. it was blocked at first yes. i ran the file through my other gmail account, it scanned as a virus in browser?
B. CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\windows\servicing\lcu\package_for_rollupfix~31bf3856ad364e35~amd64~~19041.4412.1.15\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.19041.3636_none_313e13906513ccb2\f\ssh-keygen.exe
c:\windows\winsxs\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.19041.3636_none_313e13906513ccb2\ssh-keygen.exe
c:\windows\winsxs\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.19041.3636_none_313e13906513ccb2\f\ssh-keygen.exe
c:\windows\winsxs\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.19041.3636_none_313e13906513ccb2\r\ssh-keygen.exe
scanner sequence 3.BB.11.BEAPOZ
----- EOF -----
C. This is my home gaming pc i have a roomate who also games, there shouldnt be any business or educational networks.

[pgmigg]

Very good!
Sorry for some delay now but the next step in our conversation will be posted later in the evening…

[pgmigg]

Hello wavy12345,

In the frame of your concerns, I need to say that the modern Windows 10 contains its own antivirus software Windows Defender which is not so bad and even smart enough to automatically disable itself when it detects the third party program.

There are a large number of antivirus and anti-malware programs on the market that differ in capabilities, statistics of results, and technical features, including the share of consumption of the computer’s system resources. But more does not mean better!

In addition, there are countless small applications that quickly become outdated or cease to be useful, and sometimes simply interfere with serious protection, which takes on the same functions as small tools, but does it much better and more thoroughly.
In your case it is the DefenderUI tool which may be partially incompatible with Malwarebytes.

Step 1.
Multiple Anti Virus programs detected

1. It looks like you are operating your computer with multiple Anti Virus programs installed at once:
   

   AV: Malwarebytes (Enabled - Up to date)
   AV: Windows Defender (Disabled - Up to date)
   AV: Kaspersky (Enabled - Up to date)
   

2. Running - more than one - antivirus program is not recommended because:
   
   1. They can conflict with each other.
   2. Report the other antivirus software as malicious.
   3. Antivirus programs use an enormous amount of computer's resources... actively scanning your computer.
   4. Can cause your computer to run slowly, become unstable and crash.
3. So, I strongly suggest you uninstall one of them. Which one, is your decision, but if you asked me, I would recommend you to uninstall Kaspersky, which produced by Russian company Kaspersky Lab and is not as good as MBAM, but in addition has serious suspicious problems regarding maintaining the privacy of the protected computer. The US government banned this antivirus couple years ago as well as to prohibit other Kaspersky Lab certain products and services to be used in the US!

Personally, after long comparisons and analysis, for myself, I chose Malwarebytes (MBAM) Premium (paid version), which is not only compact in terms of installation size, but also extremely effective in work - several years ago it saved me from a ransom virus - no, it didn’t cure it, but MBAM warned of the appearance and gave me the opportunity to disconnect the computer from the Internet when the file encryption process had just begun, to save the remainder and reformat the hard drive.
I have no other protection than MBAM and have been renewing my subscription for many years in a row - this tool is worth it!

Step 2.
Remove Programs

1. Please press the Windows Key + R.
2. Enter appwiz.cpl into the text box and click OK.
3. Locate the following programs:
   - DefenderUI version 1.16
   - Kaspersky
4. Click on the Change/Remove button to uninstall it, then repeat it for every entry in this list.
5. When the programs have been uninstalled, please close Control Panel
6. Reboot (restart) your computer.

Step 3.
FRST Fix

1. Close all your programs.
2. You should still have FRST64.exe on your Desktop. If not please download it HERE and save it on your Desktop.
3. Hit your Windows Key + R to open a Run window
4. Type Notepad then click OK
5. This will open an empty Notepad document
6. Copy/Paste the contents of the box below into Notepad. (Don't include Code: Select All ).
   

   Code: Select all

   CreateRestorePoint:
   
   HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
   HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
   HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
   HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
   S3 ThrottleStop; \??\C:\Users\wavy\AppData\Local\Temp\ThrottleStop.sys [X] <==== ATTENTION
   AlternateDataStreams: C:\ProgramData\ntuser.dat:D4F6BC83AF [3434]
   AlternateDataStreams: C:\ProgramData\ntuser.dat.LOG1:94949E25BC [3434]
   AlternateDataStreams: C:\ProgramData\ntuser.dat.LOG2:CCE2DBB696 [3434]
   AlternateDataStreams: C:\ProgramData\ntuser.dat{f8b788d5-9594-122e-a0eb-309c23887072}.TM.blf:8B7388A17A [3434]
   AlternateDataStreams: C:\ProgramData\ntuser.dat{f8b788d5-9594-122e-a0eb-309c23887072}.TMContainer00000000000000000001.regtrans-ms:A573A15F9B [3434]
   AlternateDataStreams: C:\ProgramData\ntuser.dat{f8b788d5-9594-122e-a0eb-309c23887072}.TMContainer00000000000000000002.regtrans-ms:CA6BD4B808 [3434]
   AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [3434]
   AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [3434]
   AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk:8096E45125 [3434]
   AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky.lnk:C47623E859 [3434]
   AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk:E77773B271 [3434]
   C:\Users\wavy\AppData\Local\Temp\ThrottleStop.sys
   
   EmptyTemp:
   CMD: ipconfig /flushdns
   

7. Save it as fixlist.txt to the same location as FRST (must be in this location)
8. NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
9. Now press the Fix button once and wait.
10. FRST will process fixlist.txt
11. When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
12. Please post me the log

Step 4.
Fresh FRST64 Scan
You should still have FRST64.exe on your Desktop.

1. Please close all open programs and windows.
2. Right-click FRST64.exe and select "Run as administrator..." to run it.
3. When the tool opens click Yes to the disclaimer if it is occurred.
4. Please be sure that 90 Days Files check box under Optional Scan section is checked.
5. Please be sure that Addition.txt check box under Optional Scan section is checked.
6. Press Scan button. When finished a two logs FRST.txt. and Addition.txt will be created and opened in Notepad.
7. Please post the content of the both FRST.txt and Addition.txt in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

Don't post anything as attachments unless I will ask you about it specifically!

Please include in your next reply:

1. Do you have any problems executing the instructions?
2. Contents of the fixlog.txt log file
3. Contents of the FRST.txt log file after fresh FRST scan
4. Contents of the Addition.txt log file after fresh FRST scan
5. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed

[wavy12345]

i did not have problems.

contents of fixlog

Fix result of Farbar Recovery Scan Tool (x64) Version: 19.04.2024 01
Ran by wavy (20-05-2024 09:52:59) Run:1
Running from C:\Users\wavy\Desktop
Loaded Profiles: wavy
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:

HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
S3 ThrottleStop; \??\C:\Users\wavy\AppData\Local\Temp\ThrottleStop.sys [X] <==== ATTENTION
AlternateDataStreams: C:\ProgramData\ntuser.dat:D4F6BC83AF [3434]
AlternateDataStreams: C:\ProgramData\ntuser.dat.LOG1:94949E25BC [3434]
AlternateDataStreams: C:\ProgramData\ntuser.dat.LOG2:CCE2DBB696 [3434]
AlternateDataStreams: C:\ProgramData\ntuser.dat{f8b788d5-9594-122e-a0eb-309c23887072}.TM.blf:8B7388A17A [3434]
AlternateDataStreams: C:\ProgramData\ntuser.dat{f8b788d5-9594-122e-a0eb-309c23887072}.TMContainer00000000000000000001.regtrans-ms:A573A15F9B [3434]
AlternateDataStreams: C:\ProgramData\ntuser.dat{f8b788d5-9594-122e-a0eb-309c23887072}.TMContainer00000000000000000002.regtrans-ms:CA6BD4B808 [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk:8096E45125 [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky.lnk:C47623E859 [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk:E77773B271 [3434]
C:\Users\wavy\AppData\Local\Temp\ThrottleStop.sys

EmptyTemp:
CMD: ipconfig /flushdns
*****************

HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore => removed successfully
Restore point was successfully created.
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => value restored successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\System\CurrentControlSet\Services\ThrottleStop => removed successfully
ThrottleStop => service removed successfully
C:\ProgramData\ntuser.dat => ":D4F6BC83AF" ADS removed successfully
C:\ProgramData\ntuser.dat.LOG1 => ":94949E25BC" ADS removed successfully
C:\ProgramData\ntuser.dat.LOG2 => ":CCE2DBB696" ADS removed successfully
C:\ProgramData\ntuser.dat{f8b788d5-9594-122e-a0eb-309c23887072}.TM.blf => ":8B7388A17A" ADS removed successfully
C:\ProgramData\ntuser.dat{f8b788d5-9594-122e-a0eb-309c23887072}.TMContainer00000000000000000001.regtrans-ms => ":A573A15F9B" ADS removed successfully
C:\ProgramData\ntuser.dat{f8b788d5-9594-122e-a0eb-309c23887072}.TMContainer00000000000000000002.regtrans-ms => ":CA6BD4B808" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini => ":B1DA6C571C" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini => ":41964AA945" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => ":8096E45125" ADS removed successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky.lnk" => ":C47623E859" ADS not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk" => ":E77773B271" ADS not found.
C:\Users\wavy\AppData\Local\Temp\ThrottleStop.sys => moved successfully

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.


========= End of CMD: =========


=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15005505 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 248904263 B
Windows/system/drivers => 72350332 B
Edge => 0 B
Chrome => 574223031 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 230966 B
NetworkService => 235704 B
wavy => 21376136 B

RecycleBin => 0 B
EmptyTemp: => 889.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 09:53:09 ====

contents of FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.04.2024 01
Ran by wavy (administrator) on DESKTOP-K7PP17U (MSI MS-7A72) (20-05-2024 09:55:47)
Running from C:\Users\wavy\Desktop\FRST64.exe
Loaded Profiles: wavy
Platform: Microsoft Windows 10 Pro N Version 22H2 19045.4412 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpCmdRun.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <8>
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MsMpEng.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_de8e1115ac61e38a\Display.NvContainer\NVDisplay.Container.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.4351_none_7e19dc327c844a77\TiWorker.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [3023152 2024-04-24] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM\Software\Policies\...\system: [ShellSmartScreenLevel] Warn
HKLM\Software\Policies\...\system: [EnableSmartScreen] 0
HKU\S-1-5-21-3323529197-3699784123-711685060-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3323529197-3699784123-711685060-1001\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-3323529197-3699784123-711685060-1001\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-3323529197-3699784123-711685060-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-3323529197-3699784123-711685060-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\125.0.6422.61\Installer\chrmstp.exe [2024-05-17] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {8B856A00-F529-4318-BFF5-2040CE8F8C20} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem126.0.6462.0{475C5368-01AC-4E65-AB5F-2E9D06721719} => C:\Program Files (x86)\Google\GoogleUpdater\126.0.6462.0\updater.exe [4794656 2024-05-05] (Google LLC -> Google LLC)
Task: {7C3DFCE6-C86B-4E27-A73D-06EACA0E6D89} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\IntelPTTEKRecertification.exe [818008 2021-09-15] (Intel Corporation -> Intel(R) Corporation)
Task: {C5DF7D22-87D3-4A32-A372-4BBA2E07FD85} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1277480 2024-05-07] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files\NVIDIA Corporation\NvContainer\-d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {927E7696-FEF6-4E20-BE54-EB6D2EC210DA} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3347496 2024-05-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B5547647-CC43-4A6A-89F8-C1F91E86D95F} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646696 2024-05-07] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files (x86)\NVIDIA Corporation\NvNode\--launcher=TaskScheduler
Task: {32C0F75B-D19E-4E90-81D5-414EA318DB54} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908328 2024-05-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2E9421CC-1282-4C68-B0F0-D1700B24700F} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908328 2024-05-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8C00E651-9010-479B-A672-BFC161F3E0D0} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1673768 2024-05-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {56BA3A7D-B052-46BD-81A3-B3D02444CF57} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1673768 2024-05-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7BC55970-42D0-4C7A-9ACD-F9A660451BF7} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1673768 2024-05-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C307E769-BAB0-4D95-94FC-C0F03F0A43F4} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1673768 2024-05-07] (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{23deca29-3b0f-4fc7-bd40-2c667cb91d0d}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge Profile: C:\Users\wavy\AppData\Local\Microsoft\Edge\User Data\Default [2024-05-19]
Edge StartupUrls: Default -> "hxxp://go.microsoft.com/fwlink/?LinkId=2134209&0x443"
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\wavy\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn [2024-05-17]
Edge Extension: (Google Docs Offline) - C:\Users\wavy\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-05-17]
Edge Extension: (Edge relevant text changes) - C:\Users\wavy\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-05-17]
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\wavy\AppData\Local\Google\Chrome\User Data\Default [2024-05-20]
CHR Extension: (Equalizer for Chrome browser) - C:\Users\wavy\AppData\Local\Google\Chrome\User Data\Default\Extensions\abikfbojmghmfjdjlbagiamkinbmbaic [2024-05-17]
CHR Extension: (uBlock Origin) - C:\Users\wavy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2024-05-17]
CHR Extension: (AHA Music - Song Finder for Browser) - C:\Users\wavy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpacanjfikmhoddligfbehkpomnbgblf [2024-05-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\wavy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-05-17]
CHR Profile: C:\Users\wavy\AppData\Local\Google\Chrome\User Data\Profile 1 [2024-05-20]
CHR Extension: (Google Docs Offline) - C:\Users\wavy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-05-18]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\wavy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2024-05-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\wavy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-05-18]
CHR Profile: C:\Users\wavy\AppData\Local\Google\Chrome\User Data\System Profile [2024-05-20]
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 brlapi; C:\WINDOWS\brltty\bin\brltty.exe [847886 2019-10-15] (Microsoft Windows -> )
S2 GoogleUpdaterInternalService126.0.6462.0; C:\Program Files (x86)\Google\GoogleUpdater\126.0.6462.0\updater.exe [4794656 2024-05-05] (Google LLC -> Google LLC)
S2 GoogleUpdaterService126.0.6462.0; C:\Program Files (x86)\Google\GoogleUpdater\126.0.6462.0\updater.exe [4794656 2024-05-05] (Google LLC -> Google LLC)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8887344 2024-05-17] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-05-17] (Malwarebytes Inc. -> Malwarebytes)
S3 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.24040.4-0\MpDefenderCoreService.exe [1489000 2024-05-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_de8e1115ac61e38a\Display.NvContainer\NVDisplay.Container.exe [1275440 2024-05-07] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [522200 2024-05-17] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [9649288 2024-04-24] (Riot Games, Inc. -> Riot Games, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.24040.4-0\NisSrv.exe [3236840 2024-05-17] (Microsoft Windows Publisher -> Microsoft Corporation)
U2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.24040.4-0\MsMpEng.exe [133704 2024-05-17] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 LGHUBUpdaterService; "C:\Program Files\LGHUB\lghub_updater.exe" --run-as-service [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [282624 2081-01-06] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [147968 2081-01-06] (Microsoft Corporation) [File not signed]
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2024-05-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 logi_joy_bus_enum; C:\WINDOWS\system32\drivers\logi_joy_bus_enum.sys [44880 2024-05-17] (Logitech Inc -> Logitech)
S3 logi_joy_vir_hid; C:\WINDOWS\system32\drivers\logi_joy_vir_hid.sys [32080 2024-05-17] (Logitech Inc -> Logitech)
R3 logi_joy_xlcore; C:\WINDOWS\system32\drivers\logi_joy_xlcore.sys [73040 2024-05-17] (Logitech Inc -> Logitech)
R0 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223184 2024-05-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2024-05-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [201280 2024-05-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [78400 2024-05-20] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-05-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [188784 2024-05-20] (Malwarebytes Inc. -> Malwarebytes)
R3 NvModuleTracker; C:\WINDOWS\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_ea6cec41fc5b2a8b\NvModuleTracker.sys [47240 2024-05-07] (NVIDIA Corporation -> NVIDIA Corporation)
R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [21935504 2024-04-24] (Riot Games, Inc. -> Riot Games, Inc.)
R0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [21056 2024-05-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [601496 2024-05-17] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105880 2024-05-17] (Microsoft Windows -> Microsoft Corporation)
S3 WinRing0_1_2_0; C:\Users\wavy\Desktop\New folder\AutoFixer\OpenHardwareMonitorLib.sys [14544 2024-05-17] (Noriyuki MIYAZAKI -> OpenLibSys.org)
U4 HomeGroupListener; no ImagePath
U4 HomeGroupProvider; no ImagePath
U4 WMPNetworkSvc; no ImagePath
U4 xbgm; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three months (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2081-01-06 23:42 - 2024-05-17 13:52 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2081-01-06 23:42 - 2024-05-17 13:52 - 000003442 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore21a29a185a72420
2081-01-06 23:41 - 2024-05-20 09:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2081-01-06 23:41 - 2024-05-17 13:45 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2081-01-06 23:40 - 2081-01-06 23:40 - 000000000 ____D C:\Users\wavy\AppData\Roaming\Microsoft\SystemCertificates
2081-01-06 23:40 - 2081-01-06 23:40 - 000000000 ____D C:\Users\wavy\AppData\Roaming\Microsoft\Crypto
2081-01-06 23:39 - 2024-05-19 14:55 - 000000000 ____D C:\Users\wavy
2081-01-06 23:39 - 2024-05-17 23:23 - 000000000 ____D C:\Users\wavy\AppData\Roaming\Microsoft\Windows
2081-01-06 23:38 - 2024-05-19 16:23 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2081-01-06 23:38 - 2024-05-17 16:57 - 000259416 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2081-01-06 23:36 - 2081-01-06 23:36 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2081-01-06 23:35 - 2081-01-06 23:35 - 000000000 ____D C:\WINDOWS\system32\Drivers\mde
2081-01-06 23:35 - 2081-01-06 23:35 - 000000000 ____D C:\ProgramData\ssh
2081-01-06 23:35 - 2024-05-17 16:54 - 000000000 ____D C:\WINDOWS\InboxApps
2081-01-06 23:35 - 2024-05-17 14:21 - 000000000 ____D C:\WINDOWS\SystemTemp
2081-01-06 23:28 - 2081-01-06 23:28 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2081-01-06 23:23 - 2081-01-06 23:40 - 000000000 ___HD C:\$SysReset
2024-05-20 09:54 - 2024-05-20 09:54 - 000188784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2024-05-20 09:54 - 2024-05-20 09:54 - 000000000 ____D C:\Users\wavy\AppData\LocalLow\IGDump
2024-05-20 09:52 - 2024-05-20 09:53 - 000004708 _____ C:\Users\wavy\Desktop\Fixlog.txt
2024-05-20 09:52 - 2024-05-20 09:52 - 000021628 _____ C:\Users\wavy\Desktop\Addition.txt
2024-05-20 09:51 - 2024-05-20 09:56 - 000014901 _____ C:\Users\wavy\Desktop\FRST.txt
2024-05-20 09:51 - 2024-05-20 09:51 - 000001691 _____ C:\Users\wavy\Documents\fixlist.txt
2024-05-20 09:49 - 2024-05-20 09:49 - 002394112 _____ (Farbar) C:\Users\wavy\Desktop\FRST64.exe
2024-05-19 15:15 - 2024-05-19 15:15 - 000001052 _____ C:\Users\Public\Desktop\OBS Studio.lnk
2024-05-19 15:15 - 2024-05-19 15:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2024-05-19 15:13 - 2024-05-19 15:13 - 133300408 _____ (OBS Project) C:\Users\wavy\Downloads\OBS-Studio-30.1.2-Full-Installer-x64 (1).exe
2024-05-19 15:12 - 2024-05-19 15:12 - 133300408 _____ (OBS Project) C:\Users\wavy\Downloads\OBS-Studio-30.1.2-Full-Installer-x64.exe
2024-05-19 08:09 - 2024-05-19 08:09 - 000000000 _____ C:\Users\wavy\Downloads\ckfiles.txt
2024-05-19 07:29 - 2024-05-19 07:43 - 000000718 _____ C:\Users\wavy\Desktop\ckfiles.txt
2024-05-18 13:16 - 2024-05-19 15:38 - 000000000 ____D C:\Users\wavy\AppData\Roaming\obs-studio
2024-05-18 13:16 - 2024-05-19 15:19 - 000000000 ____D C:\ProgramData\obs-studio
2024-05-18 13:15 - 2024-05-19 15:15 - 000000000 ____D C:\Program Files\obs-studio
2024-05-18 09:15 - 2024-05-18 09:16 - 000022012 _____ C:\Users\wavy\Downloads\Addition.txt
2024-05-18 09:12 - 2024-05-20 09:55 - 000000000 ____D C:\FRST
2024-05-18 09:12 - 2024-05-18 09:16 - 000047406 _____ C:\Users\wavy\Downloads\FRST.txt
2024-05-18 04:18 - 2024-05-18 04:18 - 125787696 _____ (Logitech Inc.) C:\Users\wavy\Downloads\LGS_9.04.49_x64_Logitech.exe
2024-05-18 04:17 - 2024-05-18 04:17 - 001099208 _____ (Logitech Inc.) C:\Users\wavy\Downloads\ConnectUtility_2.30.6_Logitech.exe
2024-05-18 04:17 - 2024-05-18 04:17 - 000000000 ____D C:\Users\wavy\AppData\Roaming\Logitech
2024-05-18 04:17 - 2024-05-18 04:17 - 000000000 ____D C:\Users\wavy\AppData\Roaming\Logishrd
2024-05-18 00:49 - 2024-05-18 00:49 - 000000000 ____D C:\ProgramData\Intel
2024-05-18 00:10 - 2024-05-18 00:10 - 000000000 ____D C:\WINDOWS\Panther
2024-05-17 23:27 - 2024-05-18 00:07 - 000000000 ____D C:\ProgramData\Optimizer
2024-05-17 23:13 - 2024-05-18 01:00 - 000000000 ____D C:\Users\wavy\Desktop\New folder
2024-05-17 23:13 - 2024-05-17 23:53 - 000000000 __SHD C:\Users\wavy\wc
2024-05-17 23:13 - 2024-05-17 23:13 - 000000000 __SHD C:\Users\wavy\AppData\Roaming\wyUpdate AU
2024-05-17 23:13 - 2024-05-17 23:13 - 000000000 ____D C:\Users\wavy\AppData\Roaming\WinRAR
2024-05-17 23:13 - 2024-05-17 23:13 - 000000000 ____D C:\Users\wavy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2024-05-17 23:13 - 2024-05-17 23:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2024-05-17 23:13 - 2024-05-17 23:13 - 000000000 ____D C:\Program Files\WinRAR
2024-05-17 22:37 - 2024-05-18 08:07 - 000000000 ____D C:\Users\wavy\AppData\Local\CrashDumps
2024-05-17 21:16 - 2024-05-17 22:04 - 000000000 ____D C:\Users\wavy\AppData\Roaming\slobs-client
2024-05-17 17:47 - 2024-05-17 17:47 - 000073040 _____ (Logitech) C:\WINDOWS\system32\Drivers\logi_joy_xlcore.sys
2024-05-17 17:47 - 2024-05-17 17:47 - 000044880 _____ (Logitech) C:\WINDOWS\system32\Drivers\logi_joy_bus_enum.sys
2024-05-17 17:47 - 2024-05-17 17:47 - 000000000 ____D C:\Users\wavy\AppData\Roaming\lghub
2024-05-17 17:47 - 2024-05-17 17:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2024-05-17 17:46 - 2024-05-17 17:47 - 000000000 ____D C:\ProgramData\LGHUB
2024-05-17 17:44 - 2024-05-17 17:45 - 000000000 ____D C:\Users\wavy\AppData\Roaming\Geek Uninstaller
2024-05-17 17:42 - 2024-05-18 09:57 - 000000000 ____D C:\Users\wavy\AppData\Roaming\Microsoft\MMC
2024-05-17 17:05 - 2024-05-19 09:05 - 000000000 ____D C:\Users\wavy\AppData\Local\Malwarebytes
2024-05-17 17:05 - 2024-05-18 03:54 - 000002093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2024-05-17 17:05 - 2024-05-17 17:05 - 000002081 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2024-05-17 17:04 - 2024-05-19 15:51 - 000000000 ____D C:\Program Files\Malwarebytes
2024-05-17 17:04 - 2024-05-17 17:04 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-05-17 17:00 - 2024-05-17 17:00 - 000000000 ____D C:\Users\wavy\AppData\Roaming\LGHUB_BKP
2024-05-17 16:44 - 2024-05-17 16:51 - 000000000 ____D C:\ProgramData\SecTaskMan
2024-05-17 16:43 - 2024-05-17 16:43 - 000020861 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-05-17 16:43 - 2024-05-17 16:43 - 000007600 _____ C:\Users\wavy\AppData\Local\Resmon.ResmonCfg
2024-05-17 16:42 - 2024-05-17 16:42 - 000020861 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-05-17 16:38 - 2024-05-17 16:38 - 000000000 ____D C:\WINDOWS\pss
2024-05-17 16:36 - 2081-01-06 23:32 - 000282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthA2dp.sys
2024-05-17 16:36 - 2081-01-06 23:32 - 000147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthHfEnum.sys
2024-05-17 16:36 - 2024-05-17 16:36 - 000000000 ___HD C:\$WinREAgent
2024-05-17 16:30 - 2024-05-17 17:47 - 000000000 ____D C:\Users\wavy\AppData\Roaming\G HUB
2024-05-17 15:08 - 2024-05-17 15:08 - 000000000 ____D C:\Users\wavy\AppData\Local\LGHUB
2024-05-17 15:02 - 2024-05-19 15:53 - 000000000 ____D C:\WINDOWS\system32\braille-tables
2024-05-17 15:02 - 2024-05-17 15:02 - 000000000 ____D C:\WINDOWS\brltty
2024-05-17 15:01 - 2024-05-19 15:52 - 000000000 ____D C:\ProgramData\obs-studio-hook
2024-05-17 15:01 - 2024-05-17 15:01 - 000000000 ____D C:\Users\wavy\AppData\Roaming\slobs-plugins
2024-05-17 15:01 - 2024-05-17 15:01 - 000000000 ____D C:\Users\wavy\AppData\Roaming\obs-studio-node-server
2024-05-17 15:00 - 2024-05-17 23:10 - 000000000 ____D C:\Program Files\Streamlabs OBS
2024-05-17 15:00 - 2024-05-17 15:00 - 000000000 ____D C:\Users\wavy\AppData\Local\slobs-client-updater
2024-05-17 14:48 - 2024-05-17 14:48 - 000032080 _____ (Logitech) C:\WINDOWS\system32\Drivers\logi_joy_vir_hid.sys
2024-05-17 14:48 - 2024-05-17 14:48 - 000000000 ____D C:\Users\wavy\AppData\Roaming\ProcessLasso
2024-05-17 14:48 - 2024-05-17 14:48 - 000000000 ____D C:\Users\wavy\AppData\Local\ProcessLasso
2024-05-17 14:44 - 2024-05-17 14:44 - 000000000 ____D C:\Users\wavy\AppData\Local\PeerDistRepub
2024-05-17 14:43 - 2024-05-17 14:43 - 000000000 ____D C:\Users\wavy\Documents\League of Legends
2024-05-17 14:36 - 2024-05-17 18:37 - 000000000 ____D C:\Users\wavy\AppData\Local\NVIDIA Corporation
2024-05-17 14:36 - 2024-05-17 14:36 - 000001443 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2024-05-17 14:36 - 2024-05-17 14:36 - 000000000 ____D C:\Users\wavy\AppData\Local\CEF
2024-05-17 14:36 - 2024-05-17 14:36 - 000000000 ____D C:\Users\wavy\ansel
2024-05-17 14:32 - 2024-05-17 15:01 - 000000000 ____D C:\ProgramData\Package Cache
2024-05-17 14:32 - 2024-05-17 14:32 - 000004308 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-05-17 14:32 - 2024-05-17 14:32 - 000003976 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-05-17 14:32 - 2024-05-17 14:32 - 000003940 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-05-17 14:32 - 2024-05-17 14:32 - 000003894 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-05-17 14:32 - 2024-05-17 14:32 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-05-17 14:32 - 2024-05-17 14:32 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-05-17 14:32 - 2024-05-17 14:32 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-05-17 14:32 - 2024-05-17 14:32 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-05-17 14:32 - 2024-05-17 14:32 - 000003654 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-05-17 14:32 - 2024-05-17 14:32 - 000000000 ____D C:\Users\wavy\AppData\LocalLow\NVIDIA
2024-05-17 14:32 - 2024-05-17 14:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2024-05-17 14:32 - 2024-05-17 14:32 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2024-05-17 14:32 - 2024-05-07 08:35 - 002900520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2024-05-17 14:32 - 2024-05-07 08:35 - 002231336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2024-05-17 14:32 - 2024-05-07 08:35 - 001296936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2024-05-17 14:32 - 2024-05-07 08:35 - 000180760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2024-05-17 14:32 - 2024-05-07 08:35 - 000159768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2024-05-17 14:32 - 2024-05-07 08:35 - 000086568 _____ C:\WINDOWS\system32\FvSDK_x64.dll
2024-05-17 14:32 - 2024-05-07 08:35 - 000075304 _____ C:\WINDOWS\SysWOW64\FvSDK_x86.dll
2024-05-17 14:30 - 2024-05-07 18:52 - 002031376 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2024-05-17 14:30 - 2024-05-07 18:52 - 002031376 _____ C:\WINDOWS\system32\vulkaninfo.exe
2024-05-17 14:30 - 2024-05-07 18:52 - 001578872 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2024-05-17 14:30 - 2024-05-07 18:52 - 001578872 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2024-05-17 14:30 - 2024-05-07 18:52 - 001488024 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2024-05-17 14:30 - 2024-05-07 18:52 - 001445240 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2024-05-17 14:30 - 2024-05-07 18:52 - 001445240 _____ C:\WINDOWS\system32\vulkan-1.dll
2024-05-17 14:30 - 2024-05-07 18:52 - 001295224 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2024-05-17 14:30 - 2024-05-07 18:52 - 001295224 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2024-05-17 14:30 - 2024-05-07 18:52 - 001227416 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2024-05-17 14:30 - 2024-05-07 18:49 - 001045528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2024-05-17 14:30 - 2024-05-07 18:49 - 000669824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvofapi64.dll
2024-05-17 14:30 - 2024-05-07 18:49 - 000505368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvofapi.dll
2024-05-17 14:30 - 2024-05-07 18:48 - 002174080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2024-05-17 14:30 - 2024-05-07 18:48 - 001626240 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2024-05-17 14:30 - 2024-05-07 18:48 - 001543728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2024-05-17 14:30 - 2024-05-07 18:48 - 001199640 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2024-05-17 14:30 - 2024-05-07 18:48 - 001024128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2024-05-17 14:30 - 2024-05-07 18:48 - 000842392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2024-05-17 14:30 - 2024-05-07 18:48 - 000787592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2024-05-17 14:30 - 2024-05-07 18:47 - 016034328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2024-05-17 14:30 - 2024-05-07 18:47 - 012929672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2024-05-17 14:30 - 2024-05-07 18:47 - 006780544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2024-05-17 14:30 - 2024-05-07 18:47 - 003721352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2024-05-17 14:30 - 2024-05-07 18:47 - 000459392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2024-05-17 14:30 - 2024-05-07 18:46 - 005913648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2024-05-17 14:30 - 2024-05-07 18:46 - 005772936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcudadebugger.dll
2024-05-17 14:30 - 2024-05-07 18:46 - 000853544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2024-05-17 14:30 - 2024-05-07 18:45 - 006034632 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2024-05-17 14:30 - 2024-05-07 08:35 - 000119466 _____ C:\WINDOWS\system32\nvinfo.pb
2024-05-17 14:30 - 2024-05-07 08:35 - 000060240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2024-05-17 14:30 - 2024-05-07 08:35 - 000059928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2024-05-17 14:26 - 2024-05-17 14:26 - 000000000 ____D C:\Program Files\Reference Assemblies
2024-05-17 14:26 - 2024-05-17 14:26 - 000000000 ____D C:\Program Files\MSBuild
2024-05-17 14:26 - 2024-05-17 14:26 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2024-05-17 14:26 - 2024-05-17 14:26 - 000000000 ____D C:\Program Files (x86)\MSBuild
2024-05-17 14:24 - 2024-05-17 14:24 - 000000000 ____D C:\Program Files\Riot Vanguard
2024-05-17 14:22 - 2024-05-19 15:01 - 000000000 ____D C:\ProgramData\Riot Games
2024-05-17 14:22 - 2024-05-19 14:56 - 000000000 ____D C:\Users\wavy\AppData\Roaming\riot-client-ux
2024-05-17 14:22 - 2024-05-17 14:59 - 000001693 _____ C:\Users\Public\Desktop\League of Legends.lnk
2024-05-17 14:22 - 2024-05-17 14:43 - 000000000 ____D C:\Users\wavy\AppData\Local\Riot Games
2024-05-17 14:22 - 2024-05-17 14:39 - 000001491 _____ C:\Users\Public\Desktop\Riot Client.lnk
2024-05-17 14:22 - 2024-05-17 14:24 - 000000000 ____D C:\Riot Games
2024-05-17 14:22 - 2024-05-17 14:22 - 000000000 ____D C:\Users\wavy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Riot Games
2024-05-17 14:22 - 2024-05-17 14:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
2024-05-17 14:21 - 2024-05-19 15:02 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-05-17 14:21 - 2024-05-17 14:30 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-05-17 14:21 - 2024-05-17 14:21 - 000000000 ____D C:\Users\wavy\AppData\Local\Google
2024-05-17 14:20 - 2024-05-19 15:53 - 000000000 ____D C:\WINDOWS\system32\Tasks\GoogleSystem
2024-05-17 14:20 - 2024-05-17 14:20 - 000000000 ____D C:\Program Files\Google
2024-05-17 14:20 - 2024-05-17 14:20 - 000000000 ____D C:\Program Files (x86)\Google
2024-05-17 14:17 - 2024-05-17 14:17 - 000003840 _____ C:\WINDOWS\system32\Tasks\Intel PTT EK Recertification
2024-05-17 14:10 - 2024-05-18 05:30 - 000012288 _____ C:\WINDOWS\SysWOW64\AppRulesStorage
2024-05-17 14:10 - 2024-05-17 14:10 - 000012288 _____ C:\WINDOWS\SysWOW64\DnsStorage
2024-05-17 14:05 - 2024-05-20 09:46 - 000000000 ____D C:\Program Files\Common Files\AV
2024-05-17 13:59 - 2024-05-19 15:13 - 000000000 ____D C:\Users\wavy\AppData\Roaming\discord
2024-05-17 13:59 - 2024-05-19 15:02 - 000000000 ____D C:\Users\wavy\AppData\Local\Discord
2024-05-17 13:59 - 2024-05-17 13:59 - 000000000 ____D C:\Users\wavy\AppData\Roaming\NVIDIA
2024-05-17 13:59 - 2024-05-17 13:59 - 000000000 ____D C:\Users\wavy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2024-05-17 13:59 - 2024-05-17 13:59 - 000000000 ____D C:\Users\wavy\AppData\Local\SquirrelTemp
2024-05-17 13:59 - 2024-05-17 13:59 - 000000000 ____D C:\ProgramData\SquirrelMachineInstalls
2024-05-17 13:57 - 2024-05-17 14:30 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-05-17 13:56 - 2024-05-17 13:56 - 000000000 ____D C:\Users\wavy\AppData\Local\PlaceholderTileLogoFolder
2024-05-17 13:55 - 2024-05-18 13:18 - 000000000 ____D C:\Users\wavy\AppData\Local\D3DSCache
2024-05-17 13:53 - 2024-05-17 13:53 - 000000000 ____D C:\Users\wavy\AppData\Local\Comms
2024-05-17 13:52 - 2024-05-17 13:52 - 000000000 ____D C:\Users\wavy\AppData\Local\DBG
2024-05-17 13:51 - 2024-05-20 09:54 - 000000000 ____D C:\ProgramData\NVIDIA
2024-05-17 13:51 - 2024-05-19 15:53 - 000000000 ____D C:\WINDOWS\system32\lxss
2024-05-17 13:51 - 2024-05-19 15:53 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2024-05-17 13:51 - 2024-05-17 22:36 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2024-05-17 13:51 - 2024-05-17 14:36 - 000000000 ____D C:\Users\wavy\AppData\Local\NVIDIA
2024-05-17 13:51 - 2024-05-17 14:32 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2024-05-17 13:51 - 2024-05-07 18:45 - 006948672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2024-05-17 13:51 - 2024-05-07 08:35 - 000121880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2024-05-17 13:49 - 2024-05-17 13:50 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-05-17 13:48 - 2024-05-17 13:48 - 000000000 ____D C:\Users\wavy\AppData\Roaming\Microsoft\Spelling
2024-05-17 13:45 - 2024-05-20 09:47 - 000840778 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-05-17 13:44 - 2024-05-17 13:44 - 000000000 ____D C:\Users\wavy\AppData\Local\OneDrive
2024-05-17 13:44 - 2024-05-17 13:44 - 000000000 ____D C:\Program Files\RUXIM
2024-05-17 13:44 - 2024-05-17 13:44 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2024-05-17 13:42 - 2024-05-19 05:59 - 000000000 ____D C:\Users\wavy\AppData\Local\Packages
2024-05-17 13:42 - 2024-05-19 05:59 - 000000000 ____D C:\ProgramData\Packages
2024-05-17 13:42 - 2024-05-17 13:42 - 000000020 ___SH C:\Users\wavy\ntuser.ini
2024-05-17 13:42 - 2024-05-17 13:42 - 000000000 ____D C:\Users\wavy\AppData\Roaming\Microsoft\Network
2024-05-17 13:42 - 2024-05-17 13:42 - 000000000 ____D C:\Users\wavy\AppData\Roaming\Adobe
2024-05-17 13:42 - 2024-05-17 13:42 - 000000000 ____D C:\Users\wavy\AppData\Local\VirtualStore
2024-05-17 13:42 - 2024-05-17 13:42 - 000000000 ____D C:\Users\wavy\AppData\Local\Publishers
2024-05-17 13:42 - 2024-05-17 13:42 - 000000000 ____D C:\Users\wavy\AppData\Local\ConnectedDevicesPlatform
2024-05-16 00:55 - 2024-05-18 09:50 - 000000000 ___SD C:\Users\wavy\AppData\Roaming\Microsoft\Credentials
2024-05-16 00:55 - 2024-05-17 13:42 - 000000000 __RHD C:\Users\Public\AccountPictures
2024-05-16 00:55 - 2024-05-17 13:42 - 000000000 ___RD C:\Users\wavy\3D Objects
2024-05-16 00:55 - 2024-05-16 00:55 - 000000000 ___SD C:\Users\wavy\AppData\Roaming\Microsoft\Protect
2024-05-16 00:55 - 2024-05-16 00:55 - 000000000 ____D C:\Users\wavy\AppData\Roaming\Microsoft\Vault
2024-05-16 00:54 - 2024-05-16 00:54 - 000000000 ____D C:\WINDOWS\CSC
2024-05-16 00:52 - 2024-05-16 00:52 - 000000000 _SHDL C:\Documents and Settings
2024-05-16 00:51 - 2024-05-20 09:53 - 000008192 ___SH C:\DumpStack.log.tmp
2024-05-16 00:51 - 2024-05-19 14:58 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk

==================== Three months (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2081-01-06 23:38 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\appcompat
2081-01-06 23:37 - 2019-12-07 02:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2081-01-06 23:35 - 2019-12-07 02:51 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2081-01-06 23:35 - 2019-12-07 02:51 - 000020827 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2081-01-06 23:35 - 2019-12-07 02:51 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2081-01-06 23:35 - 2019-12-07 02:51 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2081-01-06 23:35 - 2019-12-07 02:14 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2081-01-06 23:35 - 2019-12-07 02:14 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2081-01-06 23:35 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2081-01-06 23:35 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2081-01-06 23:35 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2081-01-06 23:35 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2081-01-06 23:35 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SystemApps
2081-01-06 23:35 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\IME
2081-01-06 23:35 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2081-01-06 23:35 - 2019-12-07 02:14 - 000000000 ____D C:\Program Files\Common Files\System
2081-01-06 23:35 - 2019-12-07 02:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2024-05-20 09:54 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-05-20 09:53 - 2019-12-07 02:03 - 000065536 _____ C:\WINDOWS\system32\config\BBI
2024-05-20 09:47 - 2019-12-07 02:12 - 000000000 ____D C:\WINDOWS\INF
2024-05-20 09:46 - 2019-12-07 02:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2024-05-20 09:46 - 2019-12-07 02:03 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
2024-05-19 15:53 - 2019-12-07 02:51 - 000000000 ___SD C:\WINDOWS\system32\AppV
2024-05-19 15:53 - 2019-12-07 02:50 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2024-05-19 15:53 - 2019-12-07 02:48 - 000000000 ____D C:\WINDOWS\system32\winrm
2024-05-19 15:53 - 2019-12-07 02:48 - 000000000 ____D C:\WINDOWS\system32\slmgr
2024-05-19 15:53 - 2019-12-07 02:48 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2024-05-19 15:53 - 2019-12-07 02:48 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2024-05-19 15:53 - 2019-12-07 02:48 - 000000000 ____D C:\WINDOWS\system32\MUI
2024-05-19 15:53 - 2019-12-07 02:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2024-05-19 15:53 - 2019-12-07 02:14 - 000000000 ___SD C:\WINDOWS\system32\Nui
2024-05-19 15:53 - 2019-12-07 02:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2024-05-19 15:53 - 2019-12-07 02:14 - 000000000 ___SD C:\WINDOWS\system32\dsc
2024-05-19 15:53 - 2019-12-07 02:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2024-05-19 15:53 - 2019-12-07 02:14 - 000000000 ___SD C:\WINDOWS\system32\Configuration
2024-05-19 15:53 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2024-05-19 15:53 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2024-05-19 15:53 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2024-05-19 15:53 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2024-05-19 15:53 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-05-19 15:53 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2024-05-19 15:53 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\ta-lk
2024-05-19 15:53 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\ta-in
2024-05-19 15:53 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2024-05-19 15:53 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2024-05-19 15:53 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\si-lk
2024-05-19 15:53 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2024-05-19 15:53 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2024-05-19 15:53 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\setup
2024-05-19 15:53 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-05-19 15:53 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\ras
2024-05-19 15:53 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\PointOfService
2024-05-19 15:53 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2024-05-19 15:53 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\osa-Osge-001
2024-05-19 15:53 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-05-19 15:53 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\my-mm
2024-05-19 15:53 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2024-05-19 15:53 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2024-05-19 15:53 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2024-05-19 15:53 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2024-05-19 15:53 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\Licenses
2024-05-19 15:53 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2024-05-19 15:53 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2024-05-19 15:53 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\icsxml
2024-05-19 15:53 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\ias
2024-05-19 15:53 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\ff-Adlm-SN
2024-05-19 15:53 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2024-05-19 15:53 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2024-05-19 15:53 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\downlevel
2024-05-19 15:53 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-05-19 15:53 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2024-05-19 15:53 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\ContainerSettingsProviders
2024-05-19 15:53 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\Com
2024-05-19 15:53 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2024-05-19 15:53 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-05-19 15:53 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\am-et
2024-05-19 15:53 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2024-05-19 15:53 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\ServiceState
2024-05-19 15:53 - 2019-12-07 02:03 - 000000000 ____D C:\WINDOWS\system32\SMI
2024-05-19 15:52 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\spool
2024-05-19 15:52 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\IME
2024-05-19 15:52 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\registration
2024-05-19 15:09 - 2019-12-07 02:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-05-19 15:09 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-05-19 10:40 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2024-05-18 05:08 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2024-05-17 16:58 - 2019-12-07 02:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-05-17 16:55 - 2019-12-07 02:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-05-17 16:54 - 2019-12-07 02:51 - 000000000 __SHD C:\WINDOWS\BitLockerDiscoveryVolumeContents
2024-05-17 16:54 - 2019-12-07 02:51 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2024-05-17 16:54 - 2019-12-07 02:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2024-05-17 16:54 - 2019-12-07 02:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2024-05-17 16:54 - 2019-12-07 02:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2024-05-17 16:54 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-05-17 16:54 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-05-17 16:54 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2024-05-17 16:54 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2024-05-17 16:54 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-05-17 16:54 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-05-17 16:54 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-05-17 16:54 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-05-17 16:54 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\Provisioning
2024-05-17 16:54 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2024-05-17 16:54 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-05-17 16:54 - 2019-12-07 02:03 - 000000000 ____D C:\WINDOWS\servicing
2024-05-17 13:44 - 2019-12-07 02:14 - 000000000 ____D C:\Program Files\Windows Defender
2024-05-17 13:42 - 2019-12-07 02:49 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2024-05-17 13:42 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\USOPrivate

==================== Files in the root of some directories ========

2024-05-17 16:43 - 2024-05-17 16:43 - 000007600 _____ () C:\Users\wavy\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

contents of Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19.04.2024 01
Ran by wavy (20-05-2024 09:56:47)
Running from C:\Users\wavy\Desktop
Microsoft Windows 10 Pro N Version 22H2 19045.4412 (X64) (2081-01-07 06:43:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3323529197-3699784123-711685060-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3323529197-3699784123-711685060-503 - Limited - Disabled)
Guest (S-1-5-21-3323529197-3699784123-711685060-501 - Limited - Disabled)
wavy (S-1-5-21-3323529197-3699784123-711685060-1001 - Administrator - Enabled) => C:\Users\wavy
WDAGUtilityAccount (S-1-5-21-3323529197-3699784123-711685060-504 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Discord (HKU\S-1-5-21-3323529197-3699784123-711685060-1001\...\Discord) (Version: 1.0.9147 - Discord Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 125.0.6422.61 - Google LLC)
League of Legends (HKU\S-1-5-21-3323529197-3699784123-711685060-1001\...\Riot Game league_of_legends.live) (Version: - Riot Games, Inc)
Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: 2024.3.553733 - Logitech)
Malwarebytes version 5.1.4.112 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.1.4.112 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 125.0.2535.51 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 124.0.2478.97 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.38.33135 (HKLM-x32\...\{c649ede4-f16a-4486-a117-dcc2f2a35165}) (Version: 14.38.33135.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.24.28127 (HKLM-x32\...\{EAC73207-74BD-4B13-AACF-8C0E751FA4E8}) (Version: 14.24.28127 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.24.28127 (HKLM-x32\...\{2E72FA1F-BADB-4337-B8AE-F7C17EC57D1D}) (Version: 14.24.28127 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.38.33135 (HKLM\...\{19AFE054-CA83-45D5-A9DB-4108EF4BD391}) (Version: 14.38.33135 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.38.33135 (HKLM\...\{AA0C8AB5-7297-4D46-A0D9-08096FE59E46}) (Version: 14.38.33135 - Microsoft Corporation) Hidden
NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.28.0.412 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.28.0.412 - NVIDIA Corporation)
NVIDIA Graphics Driver 552.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 552.44 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.40.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.40.14 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 30.1.2 - OBS Project)
Riot Client (HKU\S-1-5-21-3323529197-3699784123-711685060-1001\...\Riot Game Riot_Client.) (Version: - Riot Games, Inc)
Riot Vanguard (HKLM\...\Riot Vanguard) (Version: - Riot Games, Inc.)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{85C69797-7336-4E83-8D97-32A7C8465A3B}) (Version: 8.94.0.0 - Microsoft Corporation)
WinRAR 7.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 7.01.0 - win.rar GmbH)

Packages:
=========

Dev Home -> C:\Program Files\WindowsApps\Microsoft.Windows.DevHome_0.1300.477.0_x64__8wekyb3d8bbwe [2024-05-19] (Microsoft Corporation)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.966.0_x64__56jybvy8sckqj [2024-05-19] (NVIDIA Corp.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [Kaspersky Free 21.17] -> {0F574355-9FBE-40DB-ACB8-81F6612BB909} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.17\x64\shellex.dll -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Kaspersky Free 21.17] -> {0F574355-9FBE-40DB-ACB8-81F6612BB909} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.17\x64\shellex.dll -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-05-17] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [Kaspersky Free 21.17] -> {0F574355-9FBE-40DB-ACB8-81F6612BB909} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.17\x64\shellex.dll -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_de8e1115ac61e38a\nvshext.dll [2024-05-07] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [Kaspersky Free 21.17] -> {0F574355-9FBE-40DB-ACB8-81F6612BB909} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.17\x64\shellex.dll -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-05-17] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk:C5D586BE93 [3434]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 02:14 - 2019-12-07 02:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3323529197-3699784123-711685060-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "Riot Vanguard"
HKLM\...\StartupApproved\Run: => "Emsisoft Anti-Malware"
HKLM\...\StartupApproved\Run32: => "Discord"
HKU\S-1-5-21-3323529197-3699784123-711685060-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_228C60AEF1CF2CBF09F59062A3DF11AB"
HKU\S-1-5-21-3323529197-3699784123-711685060-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3323529197-3699784123-711685060-1001\...\StartupApproved\Run: => "Discord"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{99BA1C13-D761-4A24-896B-2BB5C0595402}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.97\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6315EA7A-0572-48BB-B6A5-FFFA027E28FC}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{ED2AB0D8-F5C5-4495-972A-A6A70BE3FB30}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{B40B4365-166B-4843-AA4E-CAF917DC236B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{E349C1B4-281F-4C9C-AF04-43FD9B0A5569}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{ECEC9BC6-AF8F-4D2F-B2FF-A5006786E94A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{D85F0CD3-60B4-45B5-B93F-008C6AC1892A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{92400ADE-C7A8-432E-9E26-079566F76F0B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{AA1EB808-50B5-41D0-91BE-9EFF3775226C}C:\riot games\riot client\riotclientelectron\riot client.exe] => (Block) C:\riot games\riot client\riotclientelectron\riot client.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{29515DB6-A209-4B66-8A14-3E80D6344127}C:\riot games\riot client\riotclientelectron\riot client.exe] => (Block) C:\riot games\riot client\riotclientelectron\riot client.exe (Riot Games, Inc. -> Riot Games, Inc.)

==================== Restore Points =========================

18-05-2024 05:43:24 Scheduled Checkpoint
20-05-2024 09:52:59 Restore Point Created by FRST

==================== Faulty Device Manager Devices ============

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: ========================

Application errors:
==================
Error: (05/20/2024 09:54:23 AM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Description: A .NET application failed.
Application: Malwarebytes.exe
Path: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
Message: Cannot use file stream for [C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.runtimeconfig.json]: Permission denied
Invalid runtimeconfig.json [C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.runtimeconfig.json] [C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.runtimeconfig.dev.json]

Error: (05/20/2024 09:54:05 AM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Description: A .NET application failed.
Application: Malwarebytes.exe
Path: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
Message: Cannot use file stream for [C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.runtimeconfig.json]: Permission denied
Invalid runtimeconfig.json [C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.runtimeconfig.json] [C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.runtimeconfig.dev.json]

Error: (05/20/2024 09:53:19 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]

Error: (05/20/2024 09:52:59 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied..This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {76785aa4-4308-458d-b64f-88b215cc8f3f}

Error: (05/20/2024 09:48:43 AM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Description: A .NET application failed.
Application: Malwarebytes.exe
Path: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
Message: Cannot use file stream for [C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.runtimeconfig.json]: Permission denied
Invalid runtimeconfig.json [C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.runtimeconfig.json] [C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.runtimeconfig.dev.json]

Error: (05/20/2024 09:48:26 AM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Description: A .NET application failed.
Application: Malwarebytes.exe
Path: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
Message: Cannot use file stream for [C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.runtimeconfig.json]: Permission denied
Invalid runtimeconfig.json [C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.runtimeconfig.json] [C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.runtimeconfig.dev.json]

Error: (05/20/2024 09:46:51 AM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (05/20/2024 09:40:32 AM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Description: A .NET application failed.
Application: Malwarebytes.exe
Path: C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
Message: Cannot use file stream for [C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.runtimeconfig.json]: Permission denied
Invalid runtimeconfig.json [C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.runtimeconfig.json] [C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.runtimeconfig.dev.json]


System errors:
=============
Error: (05/20/2024 09:53:53 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error -2147020471. For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931

Error: (05/20/2024 09:53:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LGHUBUpdaterService service failed to start due to the following error:
The system cannot find the file specified.

Error: (05/20/2024 09:53:12 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-K7PP17U)
Description: The server {9AA46009-3CE0-458A-A354-715610A075E6} did not register with DCOM within the required timeout.

Error: (05/20/2024 09:48:17 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error -2147020471. For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931

Error: (05/20/2024 09:48:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LGHUBUpdaterService service failed to start due to the following error:
The system cannot find the file specified.

Error: (05/20/2024 09:40:08 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error -2147020471. For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931

Error: (05/20/2024 09:40:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LGHUBUpdaterService service failed to start due to the following error:
The system cannot find the file specified.

Error: (05/19/2024 10:30:55 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error -2147020471. For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931


Windows Defender:
================
Date: 2024-05-17 14:05:35
Description:
Controlled Folder Access blocked C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.17\avp.exe from making changes to memory.
Detection time: 2024-05-17T21:05:35.494Z
Path: \Device\Harddisk1\DR1
Process Name: C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.17\avp.exe
Security intelligence Version: 1.411.207.0
Engine Version: 1.1.24040.1
Product Version: 4.18.24040.4
Event[0]:

Date: 2024-05-19 22:33:54
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80501102
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Security intelligence Version: 1.411.207.0;1.411.207.0
Engine Version: 1.1.24040.1

CodeIntegrity:
===============
Date: 2024-05-20 09:56:54
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Microsoft signing level requirements.

Date: 2024-05-20 09:55:54
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. 3.90 07/05/2018
Motherboard: MSI B250 PC MATE (MS-7A72)
Processor: Intel(R) Core(TM) i7-7700K CPU @ 4.20GHz
Percentage of memory in use: 17%
Total physical RAM: 16346.51 MB
Available physical RAM: 13414.09 MB
Total Virtual: 19290.51 MB
Available Virtual: 15977.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.24 GB) (Free:167.37 GB) (Model: Samsung SSD 850 EVO 250GB) NTFS

\\?\Volume{8f3b3cc0-4fc9-4673-8dff-0213d6575ea6}\ () (Fixed) (Total:0.53 GB) (Free:0.08 GB) NTFS
\\?\Volume{ac09ed1f-2293-4d41-a7a1-0afdf193cb66}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 39CB7F5A)

==========================================================
Disk: 1 (Protective MBR) (Size: 232.9 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

I do not however see any difference of the computer behavior.

[wavy12345]

hopefully i did this all correct and replied accordingly thank you for your help

[pgmigg]

Hello wavy12345,

hopefully i did this all correct and replied accordingly thank you for your help

Mostly, yes, thank you, but I asked

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

- which makes my job a little easier.
Please just keep it in mind for the future - for example, in the previous case, you should have made not one post, but three - according to the number of logs that I requested...

Well... lets continue:

Step 1.
FRST Fix

1. Close all your programs.
2. You should still have FRST64.exe on your Desktop. If not please download it HERE and save it on your Desktop.
3. Hit your Windows Key + R to open a Run window
4. Type Notepad then click OK
5. This will open an empty Notepad document
6. Copy/Paste the contents of the box below into Notepad. (Don't include Code: Select All ).
   

   Code: Select all

   CreateRestorePoint:
   
   CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
   CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
   Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
   Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
   HKLM\...\StartupApproved\Run: => "Emsisoft Anti-Malware"
   ContextMenuHandlers1: [Kaspersky Free 21.17] -> {0F574355-9FBE-40DB-ACB8-81F6612BB909} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.17\x64\shellex.dll -> No File
   ContextMenuHandlers2: [Kaspersky Free 21.17] -> {0F574355-9FBE-40DB-ACB8-81F6612BB909} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.17\x64\shellex.dll -> No File
   ContextMenuHandlers4: [Kaspersky Free 21.17] -> {0F574355-9FBE-40DB-ACB8-81F6612BB909} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.17\x64\shellex.dll -> No File
   ContextMenuHandlers6: [Kaspersky Free 21.17] -> {0F574355-9FBE-40DB-ACB8-81F6612BB909} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.17\x64\shellex.dll -> No File
   C:\Program Files (x86)\Kaspersky Lab
   
   EmptyTemp:
   

7. Save it as fixlist.txt to the same location as FRST (must be in this location)
8. NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
9. Now press the Fix button once and wait.
10. FRST will process fixlist.txt
11. When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
12. Please post me the log

Step 2.
Scan with AdwCleaner

1. Please download AdwCleaner and save it to your Desktop.
2. Double-click to run it.
3. Accept the End User License Agreement.
4. Click Scan Now button.
5. When finished, if items are found please click Next / Quarantine.
6. Maybe your PC will be rebooted, then AdwCleaner will be opened automatically.
7. Click View Log File.
8. AdwCleaner will open one log (AdwCleaner[Cxx].txt).
9. Please paste the log to your next reply.

Then:
Please tell me in detail what exactly is going wrong in your sequence BIOS/Boot/Schedule. What problems would you like to discuss?

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

Don't post anything as attachments unless I will ask you about it specifically!

Please include in your next reply:

1. Do you have any problems executing the instructions?
2. Contents of the fixlog.txt log file
3. Contents of the AdwCleaner[Cxx].txt log file after AdwCleaner scan
4. Detailed story about your problems.
5. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed

[wavy12345]

FRST Logs

Fix result of Farbar Recovery Scan Tool (x64) Version: 19.04.2024 01
Ran by wavy (20-05-2024 22:08:28) Run:2
Running from C:\Users\wavy\Desktop
Loaded Profiles: wavy
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:

CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
HKLM\...\StartupApproved\Run: => "Emsisoft Anti-Malware"
ContextMenuHandlers1: [Kaspersky Free 21.17] -> {0F574355-9FBE-40DB-ACB8-81F6612BB909} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.17\x64\shellex.dll -> No File
ContextMenuHandlers2: [Kaspersky Free 21.17] -> {0F574355-9FBE-40DB-ACB8-81F6612BB909} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.17\x64\shellex.dll -> No File
ContextMenuHandlers4: [Kaspersky Free 21.17] -> {0F574355-9FBE-40DB-ACB8-81F6612BB909} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.17\x64\shellex.dll -> No File
ContextMenuHandlers6: [Kaspersky Free 21.17] -> {0F574355-9FBE-40DB-ACB8-81F6612BB909} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.17\x64\shellex.dll -> No File
C:\Program Files (x86)\Kaspersky Lab

EmptyTemp:
*****************

Restore point was successfully created.
HKLM\SOFTWARE\Google\Chrome\Extensions\ihcjicgdanjaechkgeegckofjjedodee => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ihcjicgdanjaechkgeegckofjjedodee => removed successfully
HKLM\SOFTWARE\Microsoft\Edge\Extensions\bojobppfploabceghnmlahpoonbcbacn => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Edge\Extensions\bojobppfploabceghnmlahpoonbcbacn => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Emsisoft Anti-Malware" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Emsisoft Anti-Malware" => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Kaspersky Free 21.17 => removed successfully
HKLM\Software\Classes\CLSID\{0F574355-9FBE-40DB-ACB8-81F6612BB909} => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\Kaspersky Free 21.17 => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Kaspersky Free 21.17 => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Kaspersky Free 21.17 => removed successfully
"C:\Program Files (x86)\Kaspersky Lab" => not found

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 786432 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9554975 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 207301738 B
Windows/system/drivers => 25364908 B
Edge => 0 B
Chrome => 570350094 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 36126 B
NetworkService => 36126 B
wavy => 138109921 B

RecycleBin => 5797 B
EmptyTemp: => 907.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:08:37 ====

[wavy12345]

AdwCleaner Logs

# -------------------------------
# Malwarebytes AdwCleaner 8.4.2.0
# -------------------------------
# Build: 03-04-2024
# Database: 2024-03-04.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-20-2024
# Duration: 00:00:00
# OS: Windows 10 (Build 19045.4412)
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1420 octets] - [20/05/2024 22:06:13]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########