Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Malware dev lures child exploiters into honeytrap to extort them

Featured Deal: Get work organized with $230 off Microsoft Project Professional 2021

Latest Buyer's Guide:    How to setup a VPN on your router: Detailed walkthrough

Generic User Avatar

Browser tabs taking up to 100% of CPU

Started by kwopor , Apr 11 2024 12:14 PM

  • This topic is locked This topic is locked
13 replies to this topic

#1 kwopor

kwopor

  • Avatar image
  • Members
  • 19 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:12:24 PM

Posted 11 April 2024 - 12:14 PM

Hi !

I would need a suggestion what could be the culprit here. I was on a bussines trip and was on a hotel wifi for 2 weeks, after i returned PC started to stall and overheat. I did a whole system check, ran it through few cleaning apps (adwcleaner, emisoft emergency kit, rogue killer, gridinsoft) and indeed found few threats that got cleaned. Now all of them show nothing but CPU is still jacked to 100% during processor easy tasks... for instance playing videos or just watching stock screener.

 

I even ran it through FRST a few times and get rid of some unknown stuff there but the issue remains. I don't believe that stuff that was running smoothly until recently suddenly starts to stall everything and melts my CPU, but i can't find anything that could be doing this.

 

I'm attaching FRST and addition files beforehand to make matter quicker  :tophat:


BC AdBot (Login to Remove)

 

#2 kwopor

kwopor
  • Topic Starter

  • Avatar image
  • Members
  • 19 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:12:24 PM

Posted 11 April 2024 - 12:16 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.04.2024
Ran by kwopor (administrator) on MSI (Micro-Star International Co., Ltd. GL62M 7RDX) (11-04-2024 18:54:24)
Running from C:\Users\kwopo\Desktop\FRST64.exe
Loaded Profiles: kwopor
Platform: Microsoft Windows 10 Home Version 22H2 19045.4291 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(A-Volute -> Nahimic) C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe
(C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe ->) (A-Volute -> ) C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe
(C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe ->) (A-Volute -> ) C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2Svc64.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(dllhost.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPHelper.exe
(DriverStore\FileRepository\igdlh64.inf_amd64_2cec8fd58a80e6ea\igfxCUIService.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2cec8fd58a80e6ea\igfxEM.exe
(explorer.exe ->) (Ghisler Software GmbH -> Ghisler Software GmbH) E:\Programy\totalcmd\TOTALCMD64.EXE
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <17>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(explorer.exe ->) (Micro-Star International CO., LTD. -> ) [File not signed] C:\Program Files (x86)\SCM\SCM.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(explorer.exe ->) (Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.116.3213.0_x64__kzf8qxf38zg5c\Skype\Skype.exe <6>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.363\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.363\GoogleCrashHandler64.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Dynamic Digital Depth Australia Pty Ltd -> DDD Group Plc.) C:\Program Files (x86)\TriDef\SmartCam\TriDefSmartCamService64.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(services.exe ->) (Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(services.exe ->) (Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2cec8fd58a80e6ea\igfxCUIService.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2cec8fd58a80e6ea\IntelCpHDCPSvc.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2cec8fd58a80e6ea\IntelCpHeciSvc.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\NisSrv.exe
(services.exe ->) (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Dragon Center\MSI_ActiveX_Service.exe
(services.exe ->) (Mixbyte Inc -> Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvmii.inf_amd64_8f4da44997ee4055\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2402.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Nahimic2UILauncher] => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe [709816 2017-05-19] (A-Volute -> Nahimic)
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [302888 2018-06-22] (Micro-Star International CO., LTD. -> ) [File not signed]
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9229280 2017-06-23] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKU\S-1-5-21-3616173011-4153848252-3445325382-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-3616173011-4153848252-3445325382-1001\...\Run: [Steam] => D:\Hry\Steam\Steam\steam.exe [4388200 2024-01-13] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-3616173011-4153848252-3445325382-1001\...\Run: [EpicGamesLauncher] => D:\Hry\Epic Games\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [37180368 2023-12-23] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3616173011-4153848252-3445325382-1001\...\Run: [Discord] => C:\Users\kwopo\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-3616173011-4153848252-3445325382-1001\...\Run: [MicrosoftEdgeAutoLaunch_58DDC30BCAD4EAAC2184664D33345390] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4063784 2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\Canon G3000 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDCW.DLL [30208 2016-03-21] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\Canon iP7200 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBA.DLL [30208 2012-04-16] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor G3000 series: C:\Windows\system32\CNMLMCW.DLL [406528 2016-03-21] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\...\AppCompatFlags\Custom\Heroes3.exe: [{1d3c859c-1028-4822-b0a7-da4f7bbc18bc}.sdb] -> 
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\123.0.6312.107\Installer\chrmstp.exe [2024-04-10] (Google LLC -> Google LLC)
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {D22AF5D3-27F9-4012-89D1-8AE2354E0577} - System32\Tasks\BlueStacksHelper => D:\Hry\Bluestacks\BlueStacks\Client\Helper\BlueStacksHelper.exe  -sr (No File)
Task: {81783B68-AFF6-4231-AD54-F4EDEFA06242} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe [302968 2023-12-26] (Now.gg, INC -> BlueStack Systems, Inc.)
Task: {A27CCCC1-6C11-42A1-9C16-7687BD0362BD} - System32\Tasks\GoogleUpdateTaskMachineCore{2D93CEDA-ABAD-432E-A72D-0C7DFD38E1BB} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [168632 2022-08-02] (Google LLC -> Google LLC)
Task: {76FFA61E-9AB2-4393-9D01-38A4BD4A881C} - System32\Tasks\GoogleUpdateTaskMachineUA{5E44D90F-D6E0-4DE6-AC06-2CD450804D17} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [168632 2022-08-02] (Google LLC -> Google LLC)
Task: {323522EB-7C1F-4084-9FF3-345F0E712991} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [64464 2024-03-08] (HP Inc. -> HP Inc.)
Task: {D63D44D1-C7DA-426B-B152-0983BD9116D2} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [64464 2024-03-08] (HP Inc. -> HP Inc.)
Task: {1335A0C0-29CE-4299-AAB0-171BE297D59B} - System32\Tasks\Intel PTT EK Recertification => C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\IntelPTTEKRecertification.exe [818008 2021-09-15] (Intel Corporation -> Intel® Corporation)
Task: {0BC0E846-740E-425E-86DB-2497A8EA0E5F} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28452976 2024-03-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {E0DB036C-AD0A-49D2-9506-95AED3B74712} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28452976 2024-03-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {3DC1415C-7812-456A-A25A-88EAA783A352} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [221360 2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {3DBD017A-2A37-4F95-85BB-D507CC1B6651} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [221360 2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {8CB43F38-5E5D-4E84-ABD8-D49F06DDF72A} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonx86\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe [343240 2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {4AEDFB9A-04DD-4611-A221-7EA6AD5BCF61} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6C14B3FC-3345-48A5-8693-C46637949660} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {21CF78CA-DFF6-43F4-98F7-848BF25744D2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B24551CC-397F-4171-9B10-E167E3C3DBAD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A64F4B5E-6BAE-455B-BA5F-3AB69960F75E} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-3616173011-4153848252-3445325382-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [671136 2024-04-03] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {4DFAFBFC-88BA-4667-8E2B-937108F315B1} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34720 2024-04-03] (Mozilla Corporation -> Mozilla Foundation)
Task: {A3B09402-479A-495A-BFE1-2F6EA4955339} - System32\Tasks\Nahimic2svc32Run => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2svc32.exe [2059960 2017-05-19] (A-Volute -> )
Task: {B1A09B7E-F132-4D75-ADA3-D4944DA476E5} - System32\Tasks\Nahimic2svc64Run => C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2svc64.exe [513720 2017-05-19] (A-Volute -> )
Task: {1854FC6F-1082-4D43-8A4F-0DDE81EC945B} - System32\Tasks\Nahimic2UILauncherRun => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe [709816 2017-05-19] (A-Volute -> Nahimic)
Task: {8797D947-EEBB-47DD-A955-D1321C9C88CC} - System32\Tasks\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.12.1.14\SymErr.exe  /ui (No File)
Task: {8179EA97-83D8-4F87-BF6F-A6C751BA2A88} - System32\Tasks\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.12.1.14\SymErr.exe  /analyze (No File)
Task: {CE33BED0-ADFE-43A0-BDAB-18251483361D} - System32\Tasks\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.12.1.14\SymErr.exe  /submit (No File)
Task: {B359DFFE-E1ED-4071-9A54-F3FA7B6CFEC2} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1005096 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files\NVIDIA Corporation\NvContainer\-d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {BC67271D-6171-405A-9405-1C58A9E6361D} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3345448 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {05EF599C-4B6B-4380-8519-B2BA86979EE1} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649256 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files (x86)\NVIDIA Corporation\NvNode\--launcher=TaskScheduler
Task: {A358687F-BFF1-4BDA-AA82-271C26DD4C07} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5EE89C37-26DE-4928-BE00-12EF67D3A4EC} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A0757435-91BD-4578-8BA6-8DFFBA7FB548} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {AFA57B46-A6C2-43E4-A24A-E30CC7AD2D6F} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {73EFCFDA-62E2-456C-9614-5B0F4A4470D2} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {AA6F1552-CF7F-4738-A311-29F68DCBEA01} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6A918719-15EE-4610-BD99-A027141347FA} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2641928 2023-11-21] (Overwolf Ltd -> Overwolf LTD) -> D:\Hry\Hearthstone\overwolf\/RunningFrom Schedule
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{09cde71c-7a3c-449f-8327-3327310c96c3}: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{165f3f45-01e2-4ece-8539-611ad8252571}: [DhcpNameServer] 195.146.128.60 195.146.132.59
Tcpip\..\Interfaces\{165f3f45-01e2-4ece-8539-611ad8252571}\053796F544F6570756: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{165f3f45-01e2-4ece-8539-611ad8252571}\4656671647E6163747B616: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{165f3f45-01e2-4ece-8539-611ad8252571}\845514755494D2D6233746D25374: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{165f3f45-01e2-4ece-8539-611ad8252571}\F42495651434B414: [DhcpNameServer] 195.146.128.60 195.146.132.59
 
Edge: 
=======
Edge Profile: C:\Users\kwopo\AppData\Local\Microsoft\Edge\User Data\Default [2024-04-11]
Edge Extension: (Google Docs Offline) - C:\Users\kwopo\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-04-06]
Edge Extension: (Edge relevant text changes) - C:\Users\kwopo\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-04-06]
 
FireFox:
========
FF DefaultProfile: zpwcnqja.default
FF ProfilePath: C:\Users\kwopo\AppData\Roaming\Mozilla\Firefox\Profiles\zpwcnqja.default [2024-04-10]
FF Notifications: Mozilla\Firefox\Profiles\zpwcnqja.default -> hxxps://mail-notification.info
FF Extension: (AdBlocker Ultimate) - C:\Users\kwopo\AppData\Roaming\Mozilla\Firefox\Profiles\zpwcnqja.default\Extensions\adblockultimate@adblockultimate.net.xpi [2024-03-20]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\kwopo\AppData\Local\Google\Chrome\User Data\Default [2024-04-11]
CHR DownloadDir: D:\
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\kwopo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2024-04-03]
CHR Extension: (Adblock for Youtube™) - C:\Users\kwopo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2024-03-21]
CHR Extension: (Return YouTube Dislike) - C:\Users\kwopo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebbhagfogifgggkldgodflihgfeippi [2024-03-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\kwopo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-08-02]
CHR Profile: C:\Users\kwopo\AppData\Local\Google\Chrome\User Data\Guest Profile [2024-03-23]
CHR Profile: C:\Users\kwopo\AppData\Local\Google\Chrome\User Data\Profile 2 [2024-03-23]
CHR Extension: (Google Docs Offline) - C:\Users\kwopo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\kwopo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-03-23]
CHR Profile: C:\Users\kwopo\AppData\Local\Google\Chrome\User Data\System Profile [2024-03-19]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14221312 2024-03-29] (Microsoft Corporation -> Microsoft Corporation)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2023-08-02] (Epic Games Inc. -> Epic Games, Inc.)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [82216 2020-03-17] (Mixbyte Inc -> Freemake)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [2350048 2023-10-25] (GOG  sp. z o.o -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7173088 2023-10-25] (GOG  sp. z o.o -> GOG.com)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [234968 2024-03-08] (HP Inc. -> HP Inc.)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [168048 2018-06-22] (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.)
R2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\Dragon Center\MSI_ActiveX_Service.exe [62392 2017-04-24] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4362568 2015-06-18] (Symantec Corporation -> Symantec Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvmii.inf_amd64_8f4da44997ee4055\Display.NvContainer\NVDisplay.Container.exe [1275424 2024-04-03] (NVIDIA Corporation -> NVIDIA Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2641928 2023-11-21] (Overwolf Ltd -> Overwolf LTD)
S3 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [15271344 2024-03-11] (ADLICE -> )
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13255184 2020-05-19] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 TriDefSmartCamService; c:\program files (x86)\tridef\smartcam\tridefsmartcamservice64.exe [11076576 2017-03-11] (Dynamic Digital Depth Australia Pty Ltd -> DDD Group Plc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\NisSrv.exe [3199648 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe [133576 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleKmdfFilter; C:\Windows\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R2 BlueStacksDrv_nxt; C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys [394176 2023-12-26] (Microsoft Windows Hardware Compatibility Publisher -> Bluestack System Inc.)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [269408 2018-05-23] (Bluestack Systems, Inc. -> Bluestack System Inc.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0406000.00C\ccSetx64.sys [173808 2015-06-25] (Symantec Corporation -> Symantec Corporation)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 GridinSoftInetSecurityDriver; C:\Windows\system32\DRIVERS\gsInetSecurity.sys [107784 2024-04-04] (GridinSoft, LLC -> GridinSoft LLC)
S3 GSDriver; C:\Windows\System32\drivers\GSDriver64.sys [55488 2024-04-04] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2019-04-02] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
R2 Ld9BoxSup; C:\Program Files\ldplayer9box\Ld9BoxSup.sys [376144 2024-01-08] (Shanghai Chang Zhi Network Technology Co,. Ltd. -> Oracle Corporation)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2022-05-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2022-11-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKsld42fc510; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{52F4481C-592E-4C47-A554-3F04FDD8DAB4}\MpKslDrv.sys [301336 2024-04-11] (Microsoft Windows -> Microsoft Corporation)
R3 NvModuleTracker; C:\Windows\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2022-07-14] (Nvidia Corporation -> NVIDIA Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 TriDefSmartCam; C:\Windows\System32\drivers\TriDefSmartCam.sys [48304 2017-02-20] (Dynamic Digital Depth Australia Pty Ltd -> DDD Group Plc.)
S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [38216 2021-09-29] (GridinSoft, LLC -> GridinSoft LLC)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2017-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 USB_Ethernet_Adaptor; C:\Windows\System32\drivers\USB_Ethernet_Adaptor.sys [21504 2013-01-22] (Microsoft Windows Hardware Compatibility Publisher -> Corechip Semiconductor, Inc. Co Ltd.)
R0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [20936 2024-04-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [601376 2024-04-10] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105760 2024-04-10] (Microsoft Windows -> Microsoft Corporation)
S3 WINIO; C:\Program Files (x86)\MSI\Dragon Center\winio64.sys [15160 2015-06-12] (Micro-Star Int'l Co. Ltd. -> )
R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [312776 2024-01-20] (Microsoft Windows Hardware Compatibility Publisher -> Nox Limited Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-04-11 18:54 - 2024-04-11 18:54 - 002394112 _____ (Farbar) C:\Users\kwopo\Desktop\FRST64.exe
2024-04-11 18:54 - 2024-04-11 18:54 - 000028759 _____ C:\Users\kwopo\Desktop\FRST.txt
2024-04-10 00:00 - 2024-04-10 00:00 - 000020861 _____ C:\Windows\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-04-10 00:00 - 2024-04-10 00:00 - 000020861 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2024-04-09 23:53 - 2024-04-09 23:53 - 000000000 ___HD C:\$WinREAgent
2024-04-09 21:34 - 2024-04-03 15:53 - 002031464 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2024-04-09 21:34 - 2024-04-03 15:53 - 002031464 _____ C:\Windows\system32\vulkaninfo.exe
2024-04-09 21:34 - 2024-04-03 15:53 - 001578752 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2024-04-09 21:34 - 2024-04-03 15:53 - 001578752 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2024-04-09 21:34 - 2024-04-03 15:53 - 001487904 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2024-04-09 21:34 - 2024-04-03 15:53 - 001445224 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2024-04-09 21:34 - 2024-04-03 15:53 - 001445224 _____ C:\Windows\system32\vulkan-1.dll
2024-04-09 21:34 - 2024-04-03 15:53 - 001295104 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2024-04-09 21:34 - 2024-04-03 15:53 - 001295104 _____ C:\Windows\SysWOW64\vulkan-1.dll
2024-04-09 21:34 - 2024-04-03 15:53 - 001226864 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2024-04-09 21:34 - 2024-04-03 15:50 - 001543712 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2024-04-09 21:34 - 2024-04-03 15:50 - 001199624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2024-04-09 21:34 - 2024-04-03 15:50 - 001046040 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2024-04-09 21:34 - 2024-04-03 15:50 - 000841736 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2024-04-09 21:34 - 2024-04-03 15:50 - 000670240 _____ (NVIDIA Corporation) C:\Windows\system32\nvofapi64.dll
2024-04-09 21:34 - 2024-04-03 15:50 - 000505352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvofapi.dll
2024-04-09 21:34 - 2024-04-03 15:49 - 012929568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2024-04-09 21:34 - 2024-04-03 15:49 - 002174496 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2024-04-09 21:34 - 2024-04-03 15:49 - 001626120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2024-04-09 21:34 - 2024-04-03 15:49 - 001024544 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2024-04-09 21:34 - 2024-04-03 15:49 - 000787464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2024-04-09 21:34 - 2024-04-03 15:49 - 000459272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2024-04-09 21:34 - 2024-04-03 15:48 - 016034848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2024-04-09 21:34 - 2024-04-03 15:48 - 006780960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2024-04-09 21:34 - 2024-04-03 15:48 - 005913200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2024-04-09 21:34 - 2024-04-03 15:48 - 005773344 _____ (NVIDIA Corporation) C:\Windows\system32\nvcudadebugger.dll
2024-04-09 21:34 - 2024-04-03 15:48 - 003721224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2024-04-09 21:34 - 2024-04-03 15:48 - 000853008 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2024-04-09 21:34 - 2024-04-03 15:47 - 006034736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2024-04-09 21:34 - 2024-04-03 03:54 - 000119466 _____ C:\Windows\system32\nvinfo.pb
2024-04-04 11:16 - 2024-04-04 11:16 - 000107784 _____ (GridinSoft LLC) C:\Windows\system32\Drivers\gsInetSecurity.sys
2024-03-30 01:38 - 2024-04-08 21:29 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3616173011-4153848252-3445325382-1001
2024-03-30 01:38 - 2024-04-08 21:29 - 000003358 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3616173011-4153848252-3445325382-1001
2024-03-23 01:39 - 2024-04-10 00:33 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-03-22 23:39 - 2024-04-11 18:54 - 000000000 ____D C:\FRST
2024-03-20 22:44 - 2024-03-20 22:44 - 048440560 _____ (Adlice Software ) C:\Users\kwopo\Downloads\RogueKiller_setup.exe
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-04-11 18:33 - 2021-12-16 00:50 - 000000000 ____D C:\Windows\SystemTemp
2024-04-11 18:33 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness
2024-04-11 18:33 - 2018-04-21 19:03 - 000000000 ____D C:\Program Files (x86)\Google
2024-04-11 18:30 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-04-11 18:30 - 2017-06-30 01:25 - 000000000 ____D C:\ProgramData\NVIDIA
2024-04-11 00:08 - 2020-10-13 22:31 - 000000000 ____D C:\Users\kwopo\AppData\Roaming\discord
2024-04-10 23:28 - 2017-12-24 17:48 - 000000000 ____D C:\ProgramData\Riot Games
2024-04-10 23:26 - 2022-02-08 20:59 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-04-10 23:02 - 2020-10-13 22:31 - 000000000 ____D C:\Users\kwopo\AppData\Local\Discord
2024-04-10 22:43 - 2020-09-27 17:45 - 000000000 ____D C:\Windows\system32\SleepStudy
2024-04-10 21:13 - 2021-09-18 22:28 - 000000000 ____D C:\Program Files\GridinSoft Anti-Malware
2024-04-10 21:13 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2024-04-10 21:11 - 2024-01-23 22:19 - 000002334 ____H C:\Users\kwopo\Documents\Default.rdp
2024-04-10 21:11 - 2024-01-23 22:18 - 000000128 _____ C:\Users\kwopo\AppData\Local\PUTTY.RND
2024-04-10 21:05 - 2020-09-27 17:54 - 000842418 _____ C:\Windows\system32\PerfStringBackup.INI
2024-04-10 21:04 - 2022-08-02 22:36 - 000002266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-04-10 21:04 - 2022-08-02 22:36 - 000002225 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-04-10 21:04 - 2019-12-07 11:50 - 000000000 ____D C:\Windows\system32\FxsTmp
2024-04-10 21:04 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\appcompat
2024-04-10 20:58 - 2018-04-21 12:25 - 000000000 ____D C:\Windows\system32\Drivers\wd
2024-04-10 20:56 - 2020-09-27 17:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2024-04-10 20:56 - 2020-09-27 17:45 - 000008192 ___SH C:\DumpStack.log.tmp
2024-04-10 20:56 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2024-04-10 20:56 - 2018-08-29 23:01 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2024-04-10 20:56 - 2017-06-30 01:23 - 000000000 ____D C:\Intel
2024-04-10 00:36 - 2019-12-07 11:03 - 001048576 _____ C:\Windows\system32\config\BBI
2024-04-10 00:33 - 2020-09-27 17:45 - 000496888 _____ C:\Windows\system32\FNTCACHE.DAT
2024-04-10 00:33 - 2017-12-21 23:00 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-04-10 00:32 - 2023-12-13 01:01 - 000000000 ____D C:\Windows\InboxApps
2024-04-10 00:32 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\PrintDialog
2024-04-10 00:32 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources
2024-04-10 00:32 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2024-04-10 00:32 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\oobe
2024-04-10 00:32 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\DDFs
2024-04-10 00:32 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\appraiser
2024-04-10 00:32 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\Provisioning
2024-04-10 00:32 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\bcastdvr
2024-04-10 00:06 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-04-10 00:02 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp
2024-04-10 00:00 - 2020-09-27 17:46 - 003017216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2024-04-09 22:51 - 2017-12-22 00:40 - 000000000 ____D C:\Windows\system32\MRT
2024-04-09 22:49 - 2017-12-22 00:40 - 192651728 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2024-04-09 21:39 - 2017-12-22 14:32 - 000000000 ____D C:\Users\kwopo\AppData\Local\NVIDIA
2024-04-09 00:18 - 2019-03-27 16:28 - 000002019 _____ C:\Users\kwopo\Desktop\hoco.txt
2024-04-08 21:29 - 2020-09-27 17:47 - 000002390 _____ C:\Users\kwopo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-04-07 01:16 - 2020-05-29 01:08 - 000000000 ____D C:\Users\kwopo\AppData\Roaming\Wot Numbers
2024-04-06 18:09 - 2023-06-11 16:03 - 000018580 _____ C:\Users\kwopo\Desktop\run !.xlsx
2024-04-06 18:09 - 2018-07-01 17:55 - 000000000 ____D C:\Users\kwopo\AppData\Roaming\Microsoft\Excel
2024-04-06 17:50 - 2018-01-01 19:52 - 000000000 ____D C:\Users\kwopo\AppData\Roaming\Microsoft\Word
2024-04-05 21:27 - 2017-05-19 00:40 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2024-04-05 21:13 - 2020-06-07 12:30 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-04-05 21:13 - 2020-06-07 12:30 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-04-05 21:09 - 2018-07-18 21:04 - 000000000 ____D C:\Users\kwopo\AppData\Local\D3DSCache
2024-04-04 18:10 - 2020-09-27 17:53 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-04-04 18:10 - 2020-09-27 17:53 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-04-03 23:21 - 2024-02-22 23:21 - 000000000 ____D C:\Users\kwopo\AppData\Roaming\riot-client-ux
2024-04-03 22:49 - 2017-12-21 23:00 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-04-03 15:47 - 2020-09-17 19:03 - 006948672 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2024-04-02 21:33 - 2020-10-13 22:31 - 000002238 _____ C:\Users\kwopo\Desktop\Discord.lnk
2024-03-31 20:23 - 2018-06-21 22:02 - 000000000 ____D C:\ProgramData\Packages
2024-03-31 20:23 - 2018-01-22 20:13 - 000000000 ____D C:\Users\kwopo\AppData\Local\Packages
2024-03-31 20:19 - 2018-05-14 00:34 - 000000000 ____D C:\Users\kwopo\AppData\Local\PlaceholderTileLogoFolder
2024-03-31 20:02 - 2021-09-18 22:32 - 000476212 _____ C:\Windows\ntbtlog.txt
2024-03-30 23:48 - 2017-06-30 01:23 - 000000000 ____D C:\Program Files\Intel
2024-03-23 01:38 - 2021-10-05 23:36 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2024-03-21 00:34 - 2017-12-28 15:22 - 000000000 ____D C:\Users\kwopo\AppData\Local\CrashDumps
2024-03-20 22:45 - 2018-09-03 11:09 - 000000000 ____D C:\ProgramData\RogueKiller
2024-03-20 22:44 - 2020-12-16 23:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2024-03-20 22:44 - 2020-12-16 23:19 - 000000000 ____D C:\Program Files\RogueKiller
2024-03-13 08:26 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2024-03-13 08:26 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\Dism
2024-03-13 08:26 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ShellExperiences
2024-03-13 08:26 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\servicing
 
==================== Files in the root of some directories ========
 
2018-06-09 20:27 - 2022-11-05 15:42 - 000005632 _____ () C:\Users\kwopo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2024-01-23 22:18 - 2024-04-10 21:11 - 000000128 _____ () C:\Users\kwopo\AppData\Local\PUTTY.RND
2023-04-19 08:36 - 2023-04-19 08:36 - 000000817 _____ () C:\Users\kwopo\AppData\Local\recently-used.xbel
2019-09-21 00:16 - 2022-07-13 12:45 - 000007607 _____ () C:\Users\kwopo\AppData\Local\Resmon.ResmonCfg
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.04.2024
Ran by kwopor (11-04-2024 18:55:36)
Running from C:\Users\kwopo\Desktop
Microsoft Windows 10 Home Version 22H2 19045.4291 (X64) (2020-09-27 15:53:52)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-3616173011-4153848252-3445325382-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3616173011-4153848252-3445325382-503 - Limited - Disabled)
Guest (S-1-5-21-3616173011-4153848252-3445325382-501 - Limited - Disabled)
kwopor (S-1-5-21-3616173011-4153848252-3445325382-1001 - Administrator - Enabled) => C:\Users\kwopo
WDAGUtilityAccount (S-1-5-21-3616173011-4153848252-3445325382-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3616173011-4153848252-3445325382-1001\...\uTorrent) (Version: 3.6.0.46590 - BitTorrent Inc.)
Age of Empires Definitive Edition (HKLM-x32\...\Age of Empires Definitive Edition_is1) (Version:  - )
Aiseesoft Total Video Converter Platinum 7.1.8 (HKLM-x32\...\{3661F243-518C-4d05-8BDF-7B10CC22689F}_is1) (Version: 7.1.8 - Aiseesoft Studio)
Any Video Converter 8.1.3 (HKLM-x32\...\Any Video Converter) (Version: 8.1.3 - Anvsoft)
AR8171 Driver Installation (HKLM-x32\...\{1E672F6A-B698-48A2-AE8C-427F97AF8F0E}) (Version: 1.0.0.34 - Rivet Networks)
AR8171 Drivers (HKLM\...\{DBB92BB8-0C89-488D-B6B4-74C6C03ABD13}) (Version: 1.0.0.34 - Rivet Networks) Hidden
Aslain's WoT Modpack version 1.24.0.1.08 (HKLM-x32\...\Aslains_WoT_Modpack_Installer_is1) (Version: 1.24.0.1.08 - Aslain)
ASTRONEER (HKLM-x32\...\ASTRONEER_is1) (Version:  - )
Audacity 2.2.2 (HKLM-x32\...\Audacity_is1) (Version: 2.2.2 - Audacity Team)
Battery Calibration (HKLM-x32\...\InstallShield_{634AC01E-49DB-4AD2-B87C-90D4DCC6AFA1}) (Version: 1.0.1609.1901 - Micro-Star International Co., Ltd.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BlueStacks App Player (HKLM\...\BlueStacks_nxt) (Version: 5.20.0.1037 - now.gg, Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 4.1.17.2008 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Borderlands 2_is1) (Version:  - )
Browser (HKU\S-1-5-21-3616173011-4153848252-3445325382-1001\...\Overwolf_jgbnfkaeklillfmfafgkodhlcnfdgkmjmjngaaof) (Version: 1.0.0.0 - Overwolf app)
BurnRecovery (HKLM-x32\...\{92A6B009-1343-4C44-AFB1-8849137CA3F0}) (Version: 5.0.1704.1801 - Application) Hidden
BurnRecovery (HKLM-x32\...\InstallShield_{92A6B009-1343-4C44-AFB1-8849137CA3F0}) (Version: 5.0.1704.1801 - Application)
Darkest Dungeon The Color of Madness (HKLM-x32\...\Darkest Dungeon The Color of Madness_is1) (Version:  - )
Death Rally for Windows (HKLM-x32\...\Death Rally) (Version:  - )
Destiny 2 (HKLM-x32\...\Destiny 2) (Version:  - Blizzard Entertainment)
Discord (HKU\S-1-5-21-3616173011-4153848252-3445325382-1001\...\Discord) (Version: 0.0.308 - Discord Inc.)
DOOM II with Master Levels (HKLM-x32\...\1435848814_is1) (Version: 2.0.0.6 - GOG.com)
Dragon Center (HKLM-x32\...\InstallShield_{C65B26BC-5A6F-4135-9678-55A877655471}) (Version: 1.2.1706.1501 - Micro-Star International Co., Ltd.)
Dungeon Keeper Gold (HKLM-x32\...\1207658934_is1) (Version: 1.01 - GOG.com)
Epic Games Launcher (HKLM-x32\...\{B85FAA6E-A9AA-4655-9029-E1A4EDC05E1A}) (Version: 1.3.93.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{57A956AB-4BCC-45C6-9B40-957E4E125568}) (Version: 2.0.44.0 - Epic Games, Inc.)
Freemake Video Converter version 4.1.11 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.11 - Mixbyte Inc.)
FTMO MetaTrader 5 (HKLM\...\FTMO MetaTrader 5) (Version: 5.00 - MetaQuotes Ltd.)
Game Summary (HKU\S-1-5-21-3616173011-4153848252-3445325382-1001\...\Overwolf_nafihghfcpikebhfhdhljejkcifgbdahdhngepfb) (Version: 216.2.60 - Overwolf app)
GameRanger (HKU\S-1-5-21-3616173011-4153848252-3445325382-1001\...\GameRanger) (Version:  - GameRanger Technologies)
Genshin Impact (HKLM\...\Genshin Impact) (Version: 2.3.4.0 - miHoYo Co.,Ltd)
GIMP 2.10.36 (HKLM\...\GIMP-2_is1) (Version: 2.10.36 - The GIMP Team)
GOG GALAXY (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: 2.0.73.27 - GOG.com)
GOG.com Heroes of Might and Magic 3 (HKLM\...\{1d3c859c-1028-4822-b0a7-da4f7bbc18bc}.sdb) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 123.0.6312.107 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
GridinSoft Anti-Malware (HKLM\...\GridinSoft Anti-Malware) (Version: 4.3.17 - Gridinsoft LLC)
HearthArena (HKU\S-1-5-21-3616173011-4153848252-3445325382-1001\...\Overwolf_eldaohcjmecjpkpdhhoiolhhaeapcldppbdgbnbc) (Version: 2.8.0.1 - Overwolf app)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hearthstone Deck Tracker (HKU\S-1-5-21-3616173011-4153848252-3445325382-1001\...\HearthstoneDeckTracker) (Version: 1.12.16 - HearthSim)
Help Desk (HKLM-x32\...\InstallShield_{7E8181AF-9679-49B3-B133-C265709B6927}) (Version: 1.0.1706.1901 - Micro-Star International Co., Ltd.)
Heroes of Might and Magic 3 Complete (HKLM-x32\...\GOGPACKHOMM3COMPLETE_is1) (Version: 2.0.0.16 - GOG.com)
iCloud (HKLM\...\{8808B208-87D1-4725-8192-76D257E9DEAE}) (Version: 7.21.0.23 - Apple Inc.)
Intel® Chipset Device Software (HKLM\...\{94E05108-3E4E-4F2E-AC5F-33A1B22B779C}) (Version: 10.1.1.44 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{17408817-d415-4768-a160-ae6d46d6bdb0}) (Version: 10.1.1.44 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1028 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{3CF43809-BA72-4BC7-B936-1308CE57C6E6}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{E0E25843-D0D2-4947-A2C2-CFBABB4FCBDE}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® ME UninstallLegacy (HKLM\...\{E9B9A1A5-6398-4C99-8FDE-10794F6505C5}) (Version: 1.0.1.0 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (HKLM\...\{F6AA7E43-41A4-4304-BA96-A495C5788231}) (Version: 1.45.447.1 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{559FA847-377D-4926-80A3-ED9E014D363A}) (Version: 19.60.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{03929cf1-3ae4-4765-b8b3-32b8e2e26a8d}) (Version: 19.60.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{60130678-813A-4D4B-97E7-284F27516561}) (Version: 19.60.0.0986 - Intel Corporation) Hidden
IrfanView 4.50 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.50 - Irfan Skiljan)
Java 8 Update 241 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180241F0}) (Version: 8.0.2410.7 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LauncherSetup Install (HKLM\...\{C0AF8952-0B19-4081-85D9-987DBF52FE41}) (Version: 2.3.2101 - Nahimic) Hidden
LDPlayer (HKLM-x32\...\LDPlayer9) (Version: 9.0.65 - XUANZHI INTERNATIONAL CO., LIMITED)
League of Legends (HKU\S-1-5-21-3616173011-4153848252-3445325382-1001\...\Riot Game league_of_legends.live) (Version:  - Riot Games, Inc)
LogMeIn Hamachi (HKLM-x32\...\{ECC0FA07-863E-44BC-8B1D-DA22F96E5FB7}) (Version: 2.2.0.633 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.633 - LogMeIn, Inc.)
Mafia II (HKLM-x32\...\Mafia II_is1) (Version:  - )
Malwarebytes version 4.5.18.226 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.18.226 - Malwarebytes)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.17425.20146 - Microsoft Corporation)
Microsoft 365 - sk-sk (HKLM\...\O365HomePremRetail - sk-sk) (Version: 16.0.17425.20146 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 123.0.2420.81 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 123.0.2420.81 - Microsoft Corporation)
Microsoft HEVC Media Extension Installation for Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe (x64) (HKLM\...\{B0169E83-757B-EF66-E2F0-391944D785BC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-3616173011-4153848252-3445325382-1001\...\OneDriveSetup.exe) (Version: 24.055.0317.0002 - Microsoft Corporation)
Microsoft Rise Of Nations (HKLM-x32\...\RiseOfNations 1.0) (Version:  - Microsoft)
Microsoft Teams (HKU\S-1-5-21-3616173011-4153848252-3445325382-1001\...\Teams) (Version: 1.6.00.27573 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{9B8ADE33-5DE8-4EE2-9EF4-E1EA65A37F32}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{6599C1AB-394E-4CB0-ADCE-53A0E5E8873E}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30153 (HKLM-x32\...\{e3aefa8b-a2ea-42b8-a384-95f2ff6df681}) (Version: 14.29.30153.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.28.29334 (HKLM\...\{2E11EF4E-901F-4B2D-B68E-3DB2A566C857}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.28.29334 (HKLM\...\{8A3F7D5B-422D-49D9-84F7-8DC1B7782967}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.29.30153 (HKLM-x32\...\{F263DEED-F2D3-4AB2-9D1C-C47ED5AA8BFC}) (Version: 14.29.30153 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.29.30153 (HKLM-x32\...\{F3E4AF00-C81D-4253-B947-67DD661932EC}) (Version: 14.29.30153 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 sk) (HKLM\...\Mozilla Firefox 124.0.2 (x64 sk)) (Version: 124.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.2 - Mozilla)
MSI Feature Navigator (HKLM-x32\...\InstallShield_{2BD90BC2-5B5C-4493-8633-66D0CADF8B33}) (Version: 1.0.1703.1601 - Micro-Star International Co., Ltd.)
MSI Remind Manager Service (HKLM-x32\...\InstallShield_{3E23F267-3E35-40F9-B6BF-BC034D214717}) (Version: 1.0.1705.3101 - Micro-Star International Co., Ltd.)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Nahimic 2 Audio Driver (HKLM\...\{C526A25E-AB3F-4E66-900B-ACF134FB093D}) (Version: 2.3.2101 - Nahimic) Hidden
Nahimic 2 Audio Driver (HKLM-x32\...\{38ca1b1f-9d48-476a-98a8-ef8d540ce051}) (Version: 2.3.21 - Nahimic)
Norton Online Backup (HKLM-x32\...\{652C1CDF-C61D-4525-9348-8C272CC2DB24}) (Version: 2.10.2.7 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\NARA) (Version: 4.6.0.12 - Symantec Corporation) Hidden
NoxPlayer (HKLM-x32\...\Nox) (Version: 7.0.5.9 - Duodian Technology Co. Ltd.)
NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.27.0.120 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.27.0.120 - NVIDIA Corporation)
NVIDIA Graphics Driver 552.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 552.12 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.17425.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.17425.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.17425.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
OpenOffice 4.1.5 (HKLM-x32\...\{E177AC33-EC9C-4537-8996-37ED331D9227}) (Version: 4.15.9789 - Apache Software Foundation)
Oracle VM VirtualBox 6.1.0 (HKLM\...\{B9B53CFE-C4E3-47FB-9BC0-8022F0AB6814}) (Version: 6.1.0 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.59.36848 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.236.2.2 - Overwolf Ltd.)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.8 - Google, Inc.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 7.0 - Power Software Ltd)
ProductDaemonSetup Install (HKLM\...\{34BEB8EF-E3F5-4FD0-82EB-F688A1E40FFE}) (Version: 2.3.2101 - Nahimic) Hidden
PuTTY release 0.80 (64-bit) (HKLM\...\{98B86AF9-EC3E-49F8-8B34-B48837CC5719}) (Version: 0.80.0.0 - Simon Tatham)
Quake II - Quad Damage (HKLM-x32\...\1441704824_is1) (Version: 2.0.0.3 - GOG.com)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31225 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8172 - Realtek Semiconductor Corp.)
Riot Client  (HKU\S-1-5-21-3616173011-4153848252-3445325382-1001\...\Riot Game Riot_Client.) (Version:  - Riot Games, Inc)
RogueKiller version 15.15.3.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.15.3.0 - Adlice Software)
S.T.A.L.K.E.R. Call of Pripyat (HKLM-x32\...\GOGPACKSTALKERCOP_is1) (Version: 2.0.0.12 - GOG.com)
SCM (HKLM\...\{1CC45AFD-DFFF-4165-86B4-FA112B167509}) (Version: 13.018.06221 - Application)
Shadow Warrior Classic Redux (HKLM-x32\...\1618073558_is1) (Version: 2.0.0.2 - GOG.com)
Sizing Options (HKLM-x32\...\InstallShield_{DFAB6DE8-E45F-4D5D-95C0-E54C58993F9F}) (Version: 3.0.1607.2201 - Application)
Skulltag (HKLM-x32\...\Skulltag) (Version: 98d - Skulltag)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.104 - Skype Technologies S.A.)
Slay the Spire (HKLM-x32\...\1950754973_is1) (Version: 2020-01-14-966c38ec7d422e6982ac806187d5570a27146acd - GOG.com)
StarCraft (HKLM-x32\...\StarCraft) (Version:  - Blizzard Entertainment)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.5.6 - TeamViewer)
The Sims™ 3 70s, 80s, & 90s Stuff (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 70s 80s & 90s Stuff) (Version: 1.0.0.0 - Electronic Arts Inc.)
The Sims™ 3 Fast Lane Stuff (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 Fast Lane Stuff) (Version: 1.0.0.0 - Electronic Arts Inc.)
The Sims™ 3 Generations (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 Generations) (Version: 1.0.0.0 - Electronic Arts Inc.)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 High-End Loft Stuff) (Version: 1.0.0.0 - Electronic Arts Inc.)
The Sims™ 3 Island Paradise (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 Island Paradise) (Version: 1.0.0.0 - Electronic Arts Inc.)
The Sims™ 3 Late Night (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 Late Night) (Version: 1.0.0.0 - Electronic Arts Inc.)
The Sims™ 3 Pets (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 Pets) (Version: 1.0.0.0 - Electronic Arts Inc.)
The Sims™ 3 Seasons (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 Seasons) (Version: 1.0.0.0 - Electronic Arts Inc.)
The Sims™ 3 Showtime (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 Showtime) (Version: 1.0.0.0 - Electronic Arts Inc.)
The Sims™ 3 Supernatural (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 Supernatural) (Version: 1.0.0.0 - Electronic Arts Inc.)
The Sims™ 3 University Life (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 University Life) (Version: 1.0.0.0 - Electronic Arts Inc.)
The Sims™ 3 World Adventures (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 World Adventures) (Version: 1.0.0.0 - Electronic Arts Inc.)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.60.54.1020 - Electronic Arts Inc.)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.12 - Ghisler Software GmbH)
Trader Workstation (HKU\S-1-5-21-3616173011-4153848252-3445325382-1001\...\5889-6375-8446-2021) (Version: latest (10.22.1f) 20230328 13:45:20 - Interactive Brokers LLC)
TriDef SmartCam (MSI) 2.1.2 (HKLM-x32\...\webcam-msi-pkg) (Version: 2.1.2 - Dynamic Digital Depth Australia Pty Ltd)
UIInstallUpgrade (HKLM\...\{A8B178EB-1927-4FB7-9D02-78A5FDE9A6B6}) (Version: 2.3.2101 - Nahimic) Hidden
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{B9A7A138-BFD5-4C73-A269-F78CCA28150E}) (Version: 8.94.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-2) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-3) (Version: 1.0.42.0 - LunarG, Inc.)
Wargaming.net Game Center (HKU\S-1-5-21-3616173011-4153848252-3445325382-1001\...\Wargaming.net Game Center) (Version: 24.0.0.5034 - Wargaming.net)
Winamp (HKLM-x32\...\Winamp) (Version: 5.92.0 - Winamp SA)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Wolfenstein 3D (HKLM-x32\...\1441705046_is1) (Version: 1.4 - GOG.com)
Wondershare Filmora9(Build 9.3.7) (HKLM\...\Wondershare Filmora9_is1) (Version:  - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
World of Tanks EU (2) (HKU\S-1-5-21-3616173011-4153848252-3445325382-1001\...\WOT.EU.PRODUCTION(2)) (Version:  - Wargaming.net)
World of Tanks EU (HKU\S-1-5-21-3616173011-4153848252-3445325382-1001\...\2998748372) (Version:  - Wargaming.net)
World of Tanks EU (HKU\S-1-5-21-3616173011-4153848252-3445325382-1001\...\631031823) (Version:  - Wargaming.net)
Wot Numbers (HKLM-x32\...\{7016B49F-0D79-4A1C-B7E4-C31A48A2E34A}) (Version: 1.17.1.0 - Wot Numbers Team)
Zoom (HKU\S-1-5-21-3616173011-4153848252-3445325382-1001\...\ZoomUMX) (Version: 5.7.3 (745) - Zoom Video Communications, Inc.)
 
Packages:
=========
 
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-07] (Autodesk Inc.)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_8.2.2.0_x64__kgqvnymyfvs32 [2024-04-04] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.265.200.0_x64__kgqvnymyfvs32 [2024-04-04] (king.com)
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_3.1.0.0_neutral__6e5tt8cgb93ep [2021-02-19] (Canon Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_152.1.1099.0_x64__v10z8vjag6ke6 [2024-03-08] (HP Inc.)
Keeper - Password Manager & Secure File Storage -> C:\Program Files\WindowsApps\KeeperSecurityInc.Keeper_14.0.33.0_x64__kejf07qmg0jnm [2021-01-11] (Keeper Security Inc)
March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_8.2.1.0_x86__h6adky7gbf63m [2024-03-29] (Gameloft SE)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-03] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-03] (Microsoft Corporation) [MS Ad]
Microsoft Copilot -> C:\Program Files\WindowsApps\Microsoft.Windows.Ai.Copilot.Provider_1.0.3.0_neutral__8wekyb3d8bbwe [2024-03-28] (Microsoft Corporation)
Minecraft for Windows -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.20.7301.0_x64__8wekyb3d8bbwe [2024-04-02] (Microsoft Studios)
Music Maker Jam -> C:\Program Files\WindowsApps\MAGIX.MusicMakerJam_3.1.1.0_x64__a2t3txkz9j1jw [2020-01-23] (MAGIX)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.965.0_x64__56jybvy8sckqj [2024-04-09] (NVIDIA Corp.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-10-08] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0 [2024-04-10] (Spotify AB) [Startup Task]
SynMsiDApp -> C:\Program Files\WindowsApps\SynapticsIncorporated.SynMsiDApp_19005.31005.0.0_x64__807d65c4rvak2 [2019-01-10] (Synaptics Incorporated)
Web Search from Microsoft Bing -> C:\Program Files\WindowsApps\Microsoft.BingSearch_1.0.91.0_x64__8wekyb3d8bbwe [2024-02-15] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3616173011-4153848252-3445325382-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3616173011-4153848252-3445325382-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3616173011-4153848252-3445325382-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3616173011-4153848252-3445325382-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3616173011-4153848252-3445325382-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3616173011-4153848252-3445325382-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3616173011-4153848252-3445325382-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\kwopo\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.23241.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3616173011-4153848252-3445325382-1001_Classes\CLSID\{227C9E8F-71A1-4B23-9076-682A1A8EAAED}\localserver32 -> "c:\program files\macrium\common\reflectmonitor.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-3616173011-4153848252-3445325382-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\kwopo\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [Gridinsoft Anti-Malware] -> {F77F27A6-89F3-471A-AFA8-3B280940A10C} => C:\Program Files\GridinSoft Anti-Malware\shellext.dll [2024-04-04] (GRIDINSOFT, TOV -> Gridinsoft LLC)
ContextMenuHandlers2: [Gridinsoft Anti-Malware] -> {F77F27A6-89F3-471A-AFA8-3B280940A10C} => C:\Program Files\GridinSoft Anti-Malware\shellext.dll [2024-04-04] (GRIDINSOFT, TOV -> Gridinsoft LLC)
ContextMenuHandlers4: [Gridinsoft Anti-Malware] -> {F77F27A6-89F3-471A-AFA8-3B280940A10C} => C:\Program Files\GridinSoft Anti-Malware\shellext.dll [2024-04-04] (GRIDINSOFT, TOV -> Gridinsoft LLC)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2cec8fd58a80e6ea\igfxDTCM.dll [2020-09-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvmii.inf_amd64_8f4da44997ee4055\nvshext.dll [2024-04-03] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [Gridinsoft Anti-Malware] -> {F77F27A6-89F3-471A-AFA8-3B280940A10C} => C:\Program Files\GridinSoft Anti-Malware\shellext.dll [2024-04-04] (GRIDINSOFT, TOV -> Gridinsoft LLC)
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2020-04-19 14:53 - 2020-04-19 14:53 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\AppVIsvSubsystems32.dll
2020-04-19 14:53 - 2020-04-19 14:53 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\c2r32.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKU\S-1-5-21-3616173011-4153848252-3445325382-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-3616173011-4153848252-3445325382-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_241\bin\ssv.dll [2020-02-06] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_241\bin\jp2ssv.dll [2020-02-06] (Oracle America, Inc. -> Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3616173011-4153848252-3445325382-1001\...\localhost -> localhost
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-03-18 23:03 - 2021-09-18 22:59 - 000000000 _____ C:\Windows\system32\drivers\etc\hosts
 
2020-12-10 23:34 - 2021-03-14 23:52 - 000000375 _____ C:\Windows\system32\drivers\etc\hosts.ics
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Skype\Phone\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;E:\Programy\Putty\
HKU\S-1-5-21-3616173011-4153848252-3445325382-1001\Control Panel\Desktop\\Wallpaper -> E:\Ostatne\Pozadia\Snow trail.jpg
DNS Servers: 192.168.100.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKU\S-1-5-21-3616173011-4153848252-3445325382-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-3616173011-4153848252-3445325382-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-3616173011-4153848252-3445325382-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3616173011-4153848252-3445325382-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3616173011-4153848252-3445325382-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-3616173011-4153848252-3445325382-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-3616173011-4153848252-3445325382-1001\...\StartupApproved\Run: => "Discord"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{41F01849-A1C1-4F23-83CC-589E35682199}E:\programy\winamp\winamp.exe] => (Allow) E:\programy\winamp\winamp.exe (Winamp SA -> Winamp SA)
FirewallRules: [UDP Query User{EA4BE43D-33B6-462C-9355-3DA3B6AC7FA5}E:\programy\winamp\winamp.exe] => (Allow) E:\programy\winamp\winamp.exe (Winamp SA -> Winamp SA)
FirewallRules: [TCP Query User{F64AA87A-70EC-47E6-8869-2213ADAC1EAC}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{27526140-EF38-46BC-8668-EBF173D58869}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{C6BC114E-19BF-4164-B8F3-7F383B44CD78}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{8548386D-0625-4FD1-998E-BDA0BD9ECCD8}D:\hry\wot\wargaming.net\gamecenter\wgc.exe] => (Allow) D:\hry\wot\wargaming.net\gamecenter\wgc.exe (Wargaming Group Limited -> Wargaming.net)
FirewallRules: [UDP Query User{284F5389-B898-4CFC-9EEB-894CDF810A50}D:\hry\wot\wargaming.net\gamecenter\wgc.exe] => (Allow) D:\hry\wot\wargaming.net\gamecenter\wgc.exe (Wargaming Group Limited -> Wargaming.net)
FirewallRules: [{515E3BAF-5CD6-4D04-88C6-42934B115CE4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{BCEAFC45-76F3-42EA-84D8-D38DD20B1CB4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{54D708E0-24F6-43CB-AD2F-59A94B455E28}D:\hry\league of legends\riot games\riot client\riotclientelectron\riot client.exe] => (Allow) D:\hry\league of legends\riot games\riot client\riotclientelectron\riot client.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{50FDB1A0-E4E9-4028-873D-89D8F354BC65}D:\hry\league of legends\riot games\riot client\riotclientelectron\riot client.exe] => (Allow) D:\hry\league of legends\riot games\riot client\riotclientelectron\riot client.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [TCP Query User{B8419F82-DEB9-4EB6-9370-2C0335844205}D:\hry\wot\world_of_tanks_eu\win64\worldoftanks.exe] => (Allow) D:\hry\wot\world_of_tanks_eu\win64\worldoftanks.exe (Wargaming Group Limited -> Wargaming.net)
FirewallRules: [UDP Query User{8CFB2EDD-4E9A-430E-9F0B-4897FBE45159}D:\hry\wot\world_of_tanks_eu\win64\worldoftanks.exe] => (Allow) D:\hry\wot\world_of_tanks_eu\win64\worldoftanks.exe (Wargaming Group Limited -> Wargaming.net)
FirewallRules: [{55EE9311-D961-46E1-986F-29C1830992D5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.116.3213.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9177135D-81D3-4729-BEDA-A1DE614A1D3B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.116.3213.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{AE6E0AA8-DAAF-4A75-9D35-32E2146CD988}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.116.3213.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{40F4FF43-E960-4E9A-818C-CD01142118DE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.116.3213.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0F5AE43B-0FCB-411A-AD75-74D03AC81B1E}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4027214D-A831-4935-820D-56BC67AB92BE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{D7C5CADA-9B71-4C3F-9C79-022A6DBCC35C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{25A4E768-536A-49C1-8892-C6F4671FB2E6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{057C353D-FC1B-4DE5-AEB4-E035F15391FA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{B0B39AE4-3EED-440F-BCDC-4BE265CE2084}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{1C460AAC-E91E-41A9-975F-7B37CE45EEBE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{CE779014-922B-45C2-B7DB-ABAEF6CDA21F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{966F14E2-67D1-4CB3-B242-3F1A12A23B78}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{98C5AB22-E6D4-4A61-A457-AA006A17C23B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{833621F4-1604-41FC-8D81-ADEE23E779A5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{D0B663FC-9652-4FC7-ADB0-C1A7D7748173}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
 
==================== Restore Points =========================
 
09-04-2024 23:52:41 Windows Modules Installer
09-04-2024 23:53:19 Windows Modules Installer
09-04-2024 23:53:47 Windows Modules Installer
 
==================== Faulty Device Manager Devices ============
 
Name: LogMeIn Hamachi Virtual Ethernet Adapter
Description: LogMeIn Hamachi Virtual Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn Inc.
Service: Hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (04/10/2024 12:36:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ZeroConfigService.exe, version: 19.60.0.0, time stamp: 0x58d16fa6
Faulting module name: ZeroConfigService.exe, version: 19.60.0.0, time stamp: 0x58d16fa6
Exception code: 0xc0000409
Fault offset: 0x000000000022af80
Faulting process id: 0x1268
Faulting application start time: 0x01da8acdf9dd59c4
Faulting application path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
Faulting module path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
Report Id: 66591ba3-a337-4609-9467-d0528572dcc7
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/10/2024 12:33:13 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress..
 
Error: (04/10/2024 12:33:13 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]
 
Error: (04/10/2024 12:33:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ZeroConfigService.exe, version: 19.60.0.0, time stamp: 0x58d16fa6
Faulting module name: ZeroConfigService.exe, version: 19.60.0.0, time stamp: 0x58d16fa6
Exception code: 0xc0000409
Fault offset: 0x000000000022af80
Faulting process id: 0x15a8
Faulting application start time: 0x01da8395bf658820
Faulting application path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
Faulting module path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
Report Id: 17fe9e8d-721b-4bfb-9c46-41b8d1fa61f4
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/09/2024 11:52:43 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Bordel (E:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
 
Error: (04/09/2024 10:49:21 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Bordel (E:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
 
Error: (04/09/2024 12:12:01 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Bordel (E:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
 
Error: (04/01/2024 11:46:29 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Bordel (E:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
 
 
System errors:
=============
Error: (04/10/2024 11:39:15 PM) (Source: DCOM) (EventID: 10010) (User: MSI)
Description: The server Windows.Gaming.GameBar.PresenceServer.Internal.PresenceWriter did not register with DCOM within the required timeout.
 
Error: (04/10/2024 11:31:59 PM) (Source: DCOM) (EventID: 10010) (User: MSI)
Description: The server Windows.Gaming.GameBar.PresenceServer.Internal.PresenceWriter did not register with DCOM within the required timeout.
 
Error: (04/10/2024 08:57:05 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Canon - Printer - 2.91.2.20.
 
Error: (04/10/2024 08:56:23 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error -2147020471. For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931
 
Error: (04/10/2024 08:56:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LMS service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (04/10/2024 12:36:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® PROSet/Wireless Zero Configuration Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/10/2024 12:33:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LMS service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (04/10/2024 12:33:13 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® PROSet/Wireless Zero Configuration Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
Windows Defender:
================
Date: 2024-04-09 22:49:17
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-04-07 14:32:04
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-04-06 13:38:28
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-04-05 21:19:32
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-04-04 18:21:22
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:
 
Date: 2024-03-31 19:45:01
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2024-01-10 09:46:26
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.403.1898.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23110.2
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2023-09-13 00:39:21
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80501102
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. 
Security intelligence Version: 1.397.844.0;1.397.844.0
Engine Version: 1.1.23080.2005
 
Date: 2023-08-24 02:26:37
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80501102
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. 
Security intelligence Version: 1.395.1158.0;1.395.1158.0
Engine Version: 1.1.23070.1005
 
Date: 2023-08-23 02:47:24
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.395.1017.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23070.1005
Error code: 0x80072f8f
Error description: A security error occurred 
 
CodeIntegrity:
===============
Date: 2024-04-11 18:36:19
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2cec8fd58a80e6ea\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2024-04-11 18:30:43
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\WindowsApps\Microsoft.SkypeApp_15.116.3213.0_x64__kzf8qxf38zg5c\Skype\Skype.exe) attempted to load \Device\HarddiskVolume5\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2DevProps.dll that did not meet the Microsoft signing level requirements.
 
Date: 2024-04-11 18:30:43
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\WindowsApps\Microsoft.SkypeApp_15.116.3213.0_x64__kzf8qxf38zg5c\Skype\Skype.exe) attempted to load \Device\HarddiskVolume5\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2OSD.dll that did not meet the Microsoft signing level requirements.
 
Date: 2024-04-10 20:58:05
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2cec8fd58a80e6ea\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. E16J9IMS.31C 10/24/2017
Motherboard: Micro-Star International Co., Ltd. MS-16J9
Processor: Intel® Core™ i5-7300HQ CPU @ 2.50GHz
Percentage of memory in use: 67%
Total physical RAM: 8108.41 MB
Available physical RAM: 2661.93 MB
Total Virtual: 13740.41 MB
Available Virtual: 5576.28 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:117.94 GB) (Free:41.56 GB) (Model: WD Blue SN580 1TB) NTFS
Drive d: (Hočo) (Fixed) (Total:812.27 GB) (Free:517.43 GB) (Model: WD Blue SN580 1TB) NTFS
Drive e: (Bordel) (Fixed) (Total:931.5 GB) (Free:675.63 GB) (Model: ST1000LM048-2E7172) NTFS
 
\\?\Volume{ff1587ce-e41c-46f6-a904-d37d6677594a}\ (WinRE tools) (Fixed) (Total:0.88 GB) (Free:0.29 GB) NTFS
\\?\Volume{b5610426-97e9-4781-9088-1355c48b425a}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.26 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

#3 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,410 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:03:24 AM

Posted 12 April 2024 - 03:54 PM

Greetings and :welcome: back to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, please keep in mind most of us at BleepingComputer volunteer our assistance for your benefit in your time of need. Please try to match our commitment to you with your patience toward us.
  • It is important to not run any tools or take any steps other than those I will provide for you.
  • Please perform all steps in the order they are listed. If things are not clear or you experience problems be sure to stop and let me know.
  • Please copy and paste all logs into your post unless otherwise requested.
  • When your computer is clean I will let you know, provide instructions to remove tools and reports, and offer you information about how you can combat future infections.
  • If you do not reply to your topic after 5 days I will assume it has been abandoned and I will close it.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and let me know.

Please allow me some time to review what you have posted.
Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#4 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,410 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:03:24 AM

Posted 12 April 2024 - 08:37 PM

Let's start with this.

===================================================

Farbar Recovery Scan Tool Fix

--------------------
  • Right click on the FRST64 icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
  • There is no need to paste the information anywhere, FRST64 will do it for you
Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
Zip: C:\Users\kwopo\Desktop\run !.xlsx
Folder: C:\Users\kwopo\AppData\Roaming\Wot Numbers
Task: {D22AF5D3-27F9-4012-89D1-8AE2354E0577} - System32\Tasks\BlueStacksHelper => D:\Hry\Bluestacks\BlueStacks\Client\Helper\BlueStacksHelper.exe  -sr (No File) 
Task: {8797D947-EEBB-47DD-A955-D1321C9C88CC} - System32\Tasks\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.12.1.14\SymErr.exe  /ui (No File) 
Task: {8179EA97-83D8-4F87-BF6F-A6C751BA2A88} - System32\Tasks\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.12.1.14\SymErr.exe  /analyze (No File) 
Task: {CE33BED0-ADFE-43A0-BDAB-18251483361D} - System32\Tasks\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.12.1.14\SymErr.exe  /submit (No File) 
CustomCLSID: HKU\S-1-5-21-3616173011-4153848252-3445325382-1001_Classes\CLSID\{227C9E8F-71A1-4B23-9076-682A1A8EAAED}\localserver32 -> "c:\program files\macrium\common\reflectmonitor.exe" -ToastActivated => No File 
Task: {D22AF5D3-27F9-4012-89D1-8AE2354E0577} - System32\Tasks\BlueStacksHelper => D:\Hry\Bluestacks\BlueStacks\Client\Helper\BlueStacksHelper.exe  -sr (No File) 
Task: {8797D947-EEBB-47DD-A955-D1321C9C88CC} - System32\Tasks\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.12.1.14\SymErr.exe  /ui (No File) 
Task: {8179EA97-83D8-4F87-BF6F-A6C751BA2A88} - System32\Tasks\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.12.1.14\SymErr.exe  /analyze (No File) 
Task: {CE33BED0-ADFE-43A0-BDAB-18251483361D} - System32\Tasks\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.12.1.14\SymErr.exe  /submit (No File) 
cmd: netsh winsock reset catalog
cmd: netsh int ip reset resetlog.txt
cmd: bitsadmin /reset /allusers
cmd: ipconfig /flushdns
Removeproxy:
hosts:
cmd: chkdsk
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
Emptytemp:
End::
  • Click Fix
  • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • The tool will create a zipped folder on the Desktop with today's date, example: 07.30.2023_13.24.50.zip. Please upload the file here.
  • Note: The Emptytemp: command will remove cookies and may result in some websites (like banking) indicating they do not recognize your computer. It may be necessary to receive and apply a verification code.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Fixlog
  • Uploaded zip file

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#5 kwopor

kwopor
  • Topic Starter

  • Avatar image
  • Members
  • 19 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:12:24 PM

Posted 13 April 2024 - 07:09 AM

Hi !

There was no need to ZIP the file on my desktop, it is just my tab where i keep track of my runs, thus the weird name :whistle:

 

The log output is here:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 10.04.2024
Ran by kwopor (13-04-2024 13:46:48) Run:2
Running from C:\Users\kwopo\Desktop
Loaded Profiles: kwopor
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
Zip: C:\Users\kwopo\Desktop\run !.xlsx
Folder: C:\Users\kwopo\AppData\Roaming\Wot Numbers
Task: {D22AF5D3-27F9-4012-89D1-8AE2354E0577} - System32\Tasks\BlueStacksHelper => D:\Hry\Bluestacks\BlueStacks\Client\Helper\BlueStacksHelper.exe  -sr (No File) 
Task: {8797D947-EEBB-47DD-A955-D1321C9C88CC} - System32\Tasks\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.12.1.14\SymErr.exe  /ui (No File) 
Task: {8179EA97-83D8-4F87-BF6F-A6C751BA2A88} - System32\Tasks\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.12.1.14\SymErr.exe  /analyze (No File) 
Task: {CE33BED0-ADFE-43A0-BDAB-18251483361D} - System32\Tasks\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.12.1.14\SymErr.exe  /submit (No File) 
CustomCLSID:
HKU\S-1-5-21-3616173011-4153848252-3445325382-1001_Classes\CLSID\{227C9E8F-71A1-4B23-9076-682A1A8EAAED}\localserver32 -> "c:\program files\macrium\common\reflectmonitor.exe" -ToastActivated => No File 
Task: {D22AF5D3-27F9-4012-89D1-8AE2354E0577} - System32\Tasks\BlueStacksHelper => D:\Hry\Bluestacks\BlueStacks\Client\Helper\BlueStacksHelper.exe  -sr (No File) 
Task: {8797D947-EEBB-47DD-A955-D1321C9C88CC} - System32\Tasks\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.12.1.14\SymErr.exe  /ui (No File) 
Task: {8179EA97-83D8-4F87-BF6F-A6C751BA2A88} - System32\Tasks\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.12.1.14\SymErr.exe  /analyze (No File) 
Task: {CE33BED0-ADFE-43A0-BDAB-18251483361D} - System32\Tasks\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.12.1.14\SymErr.exe  /submit (No File) 
cmd: netsh winsock reset catalog
cmd: netsh int ip reset
resetlog.txt
cmd: bitsadmin /reset /allusers
cmd: ipconfig /flushdns
Removeproxy:
hosts:
cmd: chkdsk
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
Emptytemp:
End::
*****************
 
SystemRestore: On => completed
Restore point was successfully created.
Processes closed successfully.
================== Zip: ===================
C:\Users\kwopo\Desktop\run !.xlsx -> copied successfully to C:\Users\kwopo\Desktop\13.04.2024_13.46.58.zip
=========== Zip: End ===========
 
========================= Folder: C:\Users\kwopo\AppData\Roaming\Wot Numbers ========================
 
2024-01-15 00:43 - 2024-01-15 00:43 - 058348544 ____A [F41A29777FEC2288DD152076D3D9CC86] () C:\Users\kwopo\AppData\Roaming\Wot Numbers\Admin.db
2022-10-25 20:31 - 2024-04-07 01:19 - 000001841 ____A [820C4F90AFEF82EEB9145A92CCC4FBE4] () C:\Users\kwopo\AppData\Roaming\Wot Numbers\config.json
2023-11-25 02:13 - 2024-04-07 01:16 - 002309664 ____A [07D485AF21A5DC310F744614C60956F3] () C:\Users\kwopo\AppData\Roaming\Wot Numbers\dossier.json
2022-10-25 20:41 - 2024-04-07 01:16 - 000223204 ____A [A8B7B43F08DDA2E6DB96C27485440158] () C:\Users\kwopo\AppData\Roaming\Wot Numbers\dossier_prev.dat
2022-10-25 20:54 - 2024-04-07 01:16 - 000000000 ____D [00000000000000000000000000000000] C:\Users\kwopo\AppData\Roaming\Wot Numbers\BattleResult
2022-10-25 20:40 - 2022-10-25 20:40 - 000000000 ____D [00000000000000000000000000000000] C:\Users\kwopo\AppData\Roaming\Wot Numbers\BattleResultSaved
2022-10-25 20:40 - 2022-10-25 20:40 - 000000000 ____D [00000000000000000000000000000000] C:\Users\kwopo\AppData\Roaming\Wot Numbers\BattleResultToUpload
2022-10-25 20:41 - 2024-04-07 01:16 - 000000000 ____D [00000000000000000000000000000000] C:\Users\kwopo\AppData\Roaming\Wot Numbers\Database
2022-10-25 20:41 - 2024-04-07 01:16 - 028299264 ____A [962A47FA0BF35767186025DADFB2F16F] () C:\Users\kwopo\AppData\Roaming\Wot Numbers\Database\WotNumbers.db
2022-10-25 20:40 - 2022-10-25 20:40 - 000000000 ____D [00000000000000000000000000000000] C:\Users\kwopo\AppData\Roaming\Wot Numbers\Download
2022-10-25 20:40 - 2022-10-25 20:40 - 000000000 ____D [00000000000000000000000000000000] C:\Users\kwopo\AppData\Roaming\Wot Numbers\HomeView
2022-10-25 20:40 - 2023-12-28 02:47 - 000000000 ____D [00000000000000000000000000000000] C:\Users\kwopo\AppData\Roaming\Wot Numbers\Log
2022-10-25 20:40 - 2024-04-07 01:19 - 001431114 ____A [CF6ED72A95023DA8A679456155DBB2B8] () C:\Users\kwopo\AppData\Roaming\Wot Numbers\Log\Log.txt
2023-12-28 02:47 - 2023-12-28 02:47 - 005247666 ____A [79DA47DCFF9D18BA5BFE8854EB79FAA8] () C:\Users\kwopo\AppData\Roaming\Wot Numbers\Log\Log_2023-12-28_0147.txt
 
====== End of Folder: ======
 
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D22AF5D3-27F9-4012-89D1-8AE2354E0577}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D22AF5D3-27F9-4012-89D1-8AE2354E0577}" => removed successfully
C:\Windows\System32\Tasks\BlueStacksHelper => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BlueStacksHelper" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8797D947-EEBB-47DD-A955-D1321C9C88CC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8797D947-EEBB-47DD-A955-D1321C9C88CC}" => removed successfully
C:\Windows\System32\Tasks\Norton Security Autofix => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Security Autofix" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8179EA97-83D8-4F87-BF6F-A6C751BA2A88}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8179EA97-83D8-4F87-BF6F-A6C751BA2A88}" => removed successfully
C:\Windows\System32\Tasks\Norton Security Error Analyzer => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Security Error Analyzer" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE33BED0-ADFE-43A0-BDAB-18251483361D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE33BED0-ADFE-43A0-BDAB-18251483361D}" => removed successfully
C:\Windows\System32\Tasks\Norton Security Error Processor => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Security Error Processor" => removed successfully
"CustomCLSID:" => not found
HKU\S-1-5-21-3616173011-4153848252-3445325382-1001_Classes\CLSID\{227C9E8F-71A1-4B23-9076-682A1A8EAAED}\localserver32 -> "c:\program files\macrium\common\reflectmonitor.exe" -ToastActivated => No File => Error: No automatic fix found for this entry.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D22AF5D3-27F9-4012-89D1-8AE2354E0577}" => not found
"C:\Windows\System32\Tasks\BlueStacksHelper" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BlueStacksHelper" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8797D947-EEBB-47DD-A955-D1321C9C88CC}" => not found
"C:\Windows\System32\Tasks\Norton Security Autofix" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Security Autofix" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8179EA97-83D8-4F87-BF6F-A6C751BA2A88}" => not found
"C:\Windows\System32\Tasks\Norton Security Error Analyzer" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Security Error Analyzer" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE33BED0-ADFE-43A0-BDAB-18251483361D}" => not found
"C:\Windows\System32\Tasks\Norton Security Error Processor" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Security Error Processor" => not found
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset =========
 
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
 
========= End of CMD: =========
 
resetlog.txt => Error: No automatic fix found for this entry.
 
========= bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0
BITS administration utility.
© Copyright Microsoft Corp.
 
0 out of 0 jobs canceled.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3616173011-4153848252-3445325382-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3616173011-4153848252-3445325382-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
 
 
========= End of RemoveProxy: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
========= chkdsk =========
 
The type of the file system is NTFS.
Volume label is Windows.
 
WARNING!  /F parameter not specified.
Running CHKDSK in read-only mode.
 
Stage 1: Examining basic file system structure ...
Progress: 0 of 1010688 done; Stage:  0%; Total:  0%; ETA:   0:48:36    
Progress: 51265 of 1010688 done; Stage:  5%; Total:  1%; ETA:   0:47:45 .  
Progress: 85248 of 1010688 done; Stage:  8%; Total:  3%; ETA:   0:47:07 .. 
Progress: 113530 of 1010688 done; Stage: 11%; Total:  4%; ETA:   0:00:32 ...
Progress: 150454 of 1010688 done; Stage: 14%; Total:  5%; ETA:   0:00:31    
Progress: 204954 of 1010688 done; Stage: 20%; Total:  7%; ETA:   0:00:30 .  
Progress: 258871 of 1010688 done; Stage: 25%; Total:  9%; ETA:   0:00:28 .. 
Progress: 300270 of 1010688 done; Stage: 29%; Total: 11%; ETA:   0:00:27 ...
Progress: 343809 of 1010688 done; Stage: 34%; Total: 12%; ETA:   0:00:27    
Progress: 394629 of 1010688 done; Stage: 39%; Total: 14%; ETA:   0:00:27 .  
Progress: 437710 of 1010688 done; Stage: 43%; Total: 16%; ETA:   0:00:25 .. 
Progress: 477813 of 1010688 done; Stage: 47%; Total: 18%; ETA:   0:00:23 ...
Progress: 532271 of 1010688 done; Stage: 52%; Total: 20%; ETA:   0:00:23    
Progress: 578576 of 1010688 done; Stage: 57%; Total: 22%; ETA:   0:00:22 .  
Progress: 629926 of 1010688 done; Stage: 62%; Total: 24%; ETA:   0:00:22 .. 
Progress: 686341 of 1010688 done; Stage: 67%; Total: 26%; ETA:   0:00:20 ...
Progress: 759462 of 1010688 done; Stage: 75%; Total: 28%; ETA:   0:00:20    
Progress: 822633 of 1010688 done; Stage: 81%; Total: 30%; ETA:   0:00:19 .  
Progress: 888069 of 1010688 done; Stage: 87%; Total: 32%; ETA:   0:00:19 .. 
Progress: 960386 of 1010688 done; Stage: 95%; Total: 34%; ETA:   0:00:17 ...
Progress: 960387 of 1010688 done; Stage: 95%; Total: 34%; ETA:   0:00:17    
Progress: 1010688 of 1010688 done; Stage: 100%; Total: 36%; ETA:   0:00:17 .  
                                                                                       
                                                                                       
  1010688 file records processed.                                                        
 
File verification completed.
 Phase duration (File record verification): 9.27 seconds.
Progress: 45100 of 45100 done; Stage: 100%; Total: 24%; ETA:   0:00:30 .. 
                                                                                       
                                                                                       
  45100 large file records processed.                                   
 
 Phase duration (Orphan file record recovery): 0.00 milliseconds.
Progress: 0 of 0 done; Stage: 99%; Total: 24%; ETA:   0:00:30 ...
                                                                                       
                                                                                       
  0 bad file records processed.                                     
 
 Phase duration (Bad file record checking): 0.04 milliseconds.
 
Stage 2: Examining file name linkage ...
Progress: 13114 of 1604558 done; Stage:  0%; Total: 24%; ETA:   0:00:30    
Progress: 80385 of 1604558 done; Stage:  5%; Total: 26%; ETA:   0:00:30 .  
Progress: 129452 of 1604558 done; Stage:  8%; Total: 27%; ETA:   0:00:30 .. 
Progress: 190313 of 1604558 done; Stage: 11%; Total: 28%; ETA:   0:00:28 ...
Progress: 190314 of 1604558 done; Stage: 11%; Total: 28%; ETA:   0:00:28    
Progress: 270940 of 1604558 done; Stage: 16%; Total: 30%; ETA:   0:00:28 .  
Progress: 342621 of 1604558 done; Stage: 21%; Total: 32%; ETA:   0:00:27 .. 
Progress: 411025 of 1604558 done; Stage: 25%; Total: 33%; ETA:   0:00:25 ...
Progress: 486816 of 1604558 done; Stage: 30%; Total: 35%; ETA:   0:00:25    
Progress: 561076 of 1604558 done; Stage: 34%; Total: 37%; ETA:   0:00:23 .  
Progress: 631573 of 1604558 done; Stage: 39%; Total: 38%; ETA:   0:00:23 .. 
Progress: 708378 of 1604558 done; Stage: 44%; Total: 40%; ETA:   0:00:22 ...
Progress: 786249 of 1604558 done; Stage: 49%; Total: 42%; ETA:   0:00:22    
Progress: 865694 of 1604558 done; Stage: 53%; Total: 43%; ETA:   0:00:20 .  
Progress: 950671 of 1604558 done; Stage: 59%; Total: 45%; ETA:   0:00:20 .. 
Progress: 27833 of 131190 done; Stage: 21%; Total: 48%; ETA:   0:00:19 ...
Progress: 131190 of 131190 done; Stage: 100%; Total: 51%; ETA:   0:00:17    
                                                                                       
                                                                                       
  131190 reparse records processed.                                      
 
Progress: 1013595 of 1604558 done; Stage: 63%; Total: 52%; ETA:   0:00:15 .  
Progress: 1016883 of 1604558 done; Stage: 63%; Total: 55%; ETA:   0:00:15 .. 
Progress: 1021075 of 1604558 done; Stage: 63%; Total: 56%; ETA:   0:00:14 ...
Progress: 1027543 of 1604558 done; Stage: 64%; Total: 58%; ETA:   0:00:14    
Progress: 1032612 of 1604558 done; Stage: 64%; Total: 60%; ETA:   0:00:14 .  
Progress: 1035277 of 1604558 done; Stage: 64%; Total: 63%; ETA:   0:00:12 .. 
Progress: 1047040 of 1604558 done; Stage: 65%; Total: 64%; ETA:   0:00:12 ...
Progress: 1066567 of 1604558 done; Stage: 66%; Total: 65%; ETA:   0:00:11    
Progress: 1085768 of 1604558 done; Stage: 67%; Total: 66%; ETA:   0:00:11 .  
Progress: 1098132 of 1604558 done; Stage: 68%; Total: 67%; ETA:   0:00:11 .. 
Progress: 1109573 of 1604558 done; Stage: 69%; Total: 68%; ETA:   0:00:11 ...
Progress: 1122921 of 1604558 done; Stage: 69%; Total: 70%; ETA:   0:00:11    
Progress: 1140351 of 1604558 done; Stage: 71%; Total: 72%; ETA:   0:00:09 .  
Progress: 1152122 of 1604558 done; Stage: 71%; Total: 73%; ETA:   0:00:09 .. 
Progress: 1160314 of 1604558 done; Stage: 72%; Total: 74%; ETA:   0:00:09 ...
Progress: 1181888 of 1604558 done; Stage: 73%; Total: 74%; ETA:   0:00:09    
Progress: 1201465 of 1604558 done; Stage: 74%; Total: 75%; ETA:   0:00:09 .  
Progress: 1226170 of 1604558 done; Stage: 76%; Total: 76%; ETA:   0:00:09 .. 
Progress: 1240898 of 1604558 done; Stage: 77%; Total: 77%; ETA:   0:00:07 ...
Progress: 1260508 of 1604558 done; Stage: 78%; Total: 76%; ETA:   0:00:08    
Progress: 1273309 of 1604558 done; Stage: 79%; Total: 77%; ETA:   0:00:08 .  
Progress: 1285029 of 1604558 done; Stage: 80%; Total: 78%; ETA:   0:00:07 .. 
Progress: 1297862 of 1604558 done; Stage: 80%; Total: 78%; ETA:   0:00:07 ...
Progress: 1604558 of 1604558 done; Stage: 100%; Total: 79%; ETA:   0:00:07    
                                                                                       
                                                                                       
  1604558 index entries processed.                                                       
 
Index verification completed.
 Phase duration (Index verification): 19.16 seconds.
Progress: 1 of 0 done; Stage: 99%; Total: 79%; ETA:   0:00:08 .  
Progress: 0 of 0 done; Stage: 99%; Total: 79%; ETA:   0:00:08 .. 
                                                                                       
                                                                                       
  0 unindexed files scanned.                                        
 
 Phase duration (Orphan reconnection): 10.77 seconds.
Progress: 0 of 0 done; Stage: 99%; Total: 79%; ETA:   0:00:08 ...
                                                                                       
                                                                                       
  0 unindexed files recovered to lost and found.                    
 
 Phase duration (Orphan recovery to lost and found): 0.05 milliseconds.
Progress: 131190 of 131190 done; Stage: 100%; Total: 79%; ETA:   0:00:08    
                                                                                       
                                                                                       
  131190 reparse records processed.                                      
 
 Phase duration (Reparse point and Object ID verification): 299.51 milliseconds.
 
Stage 3: Examining security descriptors ...
Security descriptor verification completed.
 Phase duration (Security descriptor verification): 77.69 milliseconds.
Progress: 36 of 36 done; Stage: 100%; Total: 99%; ETA:   0:00:00 .  
                                                                                       
                                                                                       
  296936 data files processed.                                           
 
 Phase duration (Data attribute verification): 0.06 milliseconds.
CHKDSK is verifying Usn Journal...
Progress: 4704 of 4704 done; Stage: 100%; Total: 97%; ETA:   0:00:00 .. 
                                                                                       
                                                                                       
  38540136 USN bytes processed.                                                           
 
Usn Journal verification completed.
 Phase duration (USN journal verification): 103.17 milliseconds.
 
Windows has scanned the file system and found no problems.
No further action is required.
 
 123673599 KB total disk space.
  81437212 KB in 647196 files.
    507792 KB in 296937 indexes.
         0 KB in bad sectors.
   1152911 KB in use by the system.
     65536 KB occupied by the log file.
  40575684 KB available on disk.
 
      4096 bytes in each allocation unit.
  30918399 total allocation units on disk.
  10143921 allocation units available on disk.
Total duration: 39.73 seconds (39737 ms).
 
 
========= End of CMD: =========
 
 
========= sfc /scannow =========
 
 
 
Beginning system scan.  This process will take some time.
 
 
 
Beginning verification phase of system scan.
 
 
Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 2% complete.
Verification 3% complete.
Verification 3% complete.
Verification 4% complete.
Verification 4% complete.
Verification 5% complete.
Verification 6% complete.
Verification 6% complete.
Verification 7% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 9% complete.
Verification 10% complete.
Verification 11% complete.
Verification 11% complete.
Verification 12% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 17% complete.
Verification 18% complete.
Verification 18% complete.
Verification 19% complete.
Verification 19% complete.
Verification 20% complete.
Verification 21% complete.
Verification 21% complete.
Verification 22% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 24% complete.
Verification 25% complete.
Verification 26% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 28% complete.
Verification 29% complete.
Verification 29% complete.
Verification 30% complete.
Verification 31% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 33% complete.
Verification 34% complete.
Verification 34% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 38% complete.
Verification 39% complete.
Verification 39% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 42% complete.
Verification 43% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 46% complete.
Verification 46% complete.
Verification 47% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 49% complete.
Verification 50% complete.
Verification 51% complete.
Verification 51% complete.
Verification 52% complete.
Verification 52% complete.
Verification 53% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 56% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 58% complete.
Verification 59% complete.
Verification 59% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 63% complete.
Verification 64% complete.
Verification 64% complete.
Verification 65% complete.
Verification 66% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 68% complete.
Verification 69% complete.
Verification 69% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 72% complete.
Verification 73% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 76% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 78% complete.
Verification 79% complete.
Verification 79% complete.
Verification 80% complete.
Verification 81% complete.
Verification 81% complete.
Verification 82% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 84% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 89% complete.
Verification 90% complete.
Verification 91% complete.
Verification 91% complete.
Verification 92% complete.
Verification 92% complete.
Verification 93% complete.
Verification 93% complete.
Verification 94% complete.
Verification 94% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 97% complete.
Verification 98% complete.
Verification 98% complete.
Verification 99% complete.
Verification 99% complete.
Verification 100% complete.
 
 
Windows Resource Protection found corrupt files and successfully repaired them.
 
For online repairs, details are included in the CBS log file located at
 
windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline
 
repairs, details are included in the log file provided by the /OFFLOGFILE flag.
 
 
 
========= End of CMD: =========
 
 
========= DISM /Online /Cleanup-Image /CheckHealth =========
 
 
Deployment Image Servicing and Management tool
Version: 10.0.19041.3636
 
Image Version: 10.0.19045.4291
 
No component store corruption detected.
The operation completed successfully.
 
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
FlushDNS => completed
BITS transfer queue => 1572864 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 99521848 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 184143227 B
Windows/system/drivers => 15952100 B
Edge => 0 B
Chrome => 645948767 B
Firefox => 15563447 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 18720 B
kwopo => 94799544 B
 
RecycleBin => 0 B
EmptyTemp: => 1008.5 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 13:50:40 ====

#6 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,410 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:03:24 AM

Posted 13 April 2024 - 06:48 PM

Thank you.

 

Is the CPU usage the same?


Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#7 kwopor

kwopor
  • Topic Starter

  • Avatar image
  • Members
  • 19 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:12:24 PM

Posted 14 April 2024 - 06:38 AM

Yes, unfortunately no luck.

Best indicator is a stock screener i use, stock market is closed now so there is no active element on the whole page now and CPU si on 100 all the time.

I use mainly chrome, but other browsers spike too (altho not as much, they max out around 60-80 but that is still far from what it should be)


#8 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,410 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:03:24 AM

Posted 14 April 2024 - 01:40 PM

Let's do this and see if there is a difference.

===================================================

Clean Boot

--------------------
  • Press the Windows Key + R at the same time.
  • Type msconfig and press Enter
  • If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation
  • Click on the Startup tab
  • Click Open Task Manager
  • Note down each entry listed as Enabled then right click on the item and select Disable (you will need this list during subsequent steps)
  • Close the Task Manager windows and you should be back at the System Configuration window
  • Click the Services tab
  • Click to select the Hide All Microsoft Services check box
  • Click Disable All, and then click OK
  • Click Apply, then OK
  • When you are prompted, click Restart and boot into Normal Mode
  • Check your computer performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Results?

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#9 kwopor

kwopor
  • Topic Starter

  • Avatar image
  • Members
  • 19 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:12:24 PM

Posted 15 April 2024 - 05:08 PM

Tried to disable everything like stated, but aside from disabling a lot of crap that i didn't know i even had still, there was no visible change.

The few pages that pumped CPU, still does.

 

What i noticed while finicking with it is that Firefox is doing better in general. Chrome is maxing out on almost every page. I also tried to delete every extension in every browser, no change either.

 

One quirk i noticed was that touchpad (which i never use because i have a dock) is always on after restart, even when i disable it manually. But that's probably nothing because performance don't change when i disable it.


#10 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,410 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:03:24 AM

Posted 15 April 2024 - 08:27 PM

Thank you.

Please Add a new Chrome Profile and test the performance.


Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#11 kwopor

kwopor
  • Topic Starter

  • Avatar image
  • Members
  • 19 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:12:24 PM

Posted 16 April 2024 - 02:10 PM

Added another account, but still the same result.

Even when more processes use up the CPU, as soon as any is available it pops above 80.


#12 kwopor

kwopor
  • Topic Starter

  • Avatar image
  • Members
  • 19 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:12:24 PM

Posted 16 April 2024 - 02:25 PM

update:

Might have found the culprit... as it turns out, my CPU + chrome was crap all the time, and when "graphical acceleration" is off, it juices the CPU like crazy.

Don't know how did i switch it off, but after turning it on, even the permanent 100% tabs eat only around 20.

 

*the more you know chime playing*

 

 

I think this topic can be closed... but atleast you helped me clear a lot of sleeper stuff eating away resources in background for no reason  :thumbup2:


#13 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,410 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:03:24 AM

Posted 16 April 2024 - 03:34 PM

You are welcome, although I didn't contribute much. :)


Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#14 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,410 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:03:24 AM

Posted 16 April 2024 - 03:34 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69
Back to Virus, Trojan, Spyware, and Malware Removal Help


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users


  1. BleepingComputer Forums
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·