Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I've been hacked [Solved]

Started by greencamel , Feb 06 2025 07:36 AM

  • This topic is locked This topic is locked

#1
greencamel
Posted 06 February 2025 - 07:36 AM

greencamel

    Member

  • Member
  • PipPip
  • 14 posts

Hello, i recently had all my accounts hacked I think there may be malware on my pc ive scanned and removed two bits of malware and would be grateful if you could take a look if I've missed anything. Please and thankyou.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-02-2025
Ran by George (administrator) on 322442-1-1 (ASUS System Product Name) (06-02-2025 13:24:52)
Running from C:\Users\George\Downloads\FRST64.exe
Loaded Profiles: George
Platform: Microsoft Windows 11 Pro Version 23H2 22631.4751 (X64) Language: English (United Kingdom)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.256.502.0_x64__zpdnekdrzrea0\Spotify.exe <6>
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe ->) (ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent\ArmourySwAgent.exe
(C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe ->) (ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmouryWebBrowserEdge.exe
(C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmouryWebBrowserEdge.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe <6>
(C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe ->) (Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe <2>
(C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(C:\Program Files (x86)\Steam\steam.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <8>
(C:\Program Files (x86)\Steam\steam.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\GameOverlayUI.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe ->) (ASUSTEK COMPUTER INCORPORATION -> ASUSTeK COMPUTER INC.) C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.UserSessionHelper.exe
(C:\Program Files\LGHUB\lghub_updater.exe ->) (Logitech Inc -> Sentry and Logitech, Inc.) C:\Program Files\LGHUB\logi_crashpad_handler.exe <2>
(C:\Program Files\LGHUB\system_tray\lghub_system_tray.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_agent.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Program Files\Norton\Suite\NortonSvc.exe ->) (NortonLifeLock Inc. -> Gen Digital Inc.) C:\Program Files\Norton\Suite\aswEngSrv.exe
(C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe ->) (NVIDIA Corporation -> ) C:\Program Files\NVIDIA Corporation\FrameViewSDK\bin\PresentMon_x64.exe
(C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\FrameViewSDK\FvContainer\FvContainer.exe
(C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\FrameViewSDK\FvContainer\FvContainer.System.exe
(C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe ->) (NVIDIA Corporation -> NVIDIA) C:\Program Files\NVIDIA Corporation\FrameViewSDK\bin\nvrla.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA app\CEF\NVIDIA Overlay.exe <5>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA app\ShadowPlay\nvsphelper64.exe
(C:\Program Files\RogueKiller\RogueKillerSvc.exe ->) (Adlice (Julien Ascoet) -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(C:\Program Files\WindowsApps\AppleInc.iCloud_15.3.138.0_x64__nzyj5cx40ttqa\iCloud\iCloudHome.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc) C:\Program Files\WindowsApps\AppleInc.iCloud_15.3.138.0_x64__nzyj5cx40ttqa\iCloud\iCloudCKKS.exe
(C:\Users\George\AppData\Local\Programs\CurseForge Windows\CurseForge.exe ->) (Overwolf Ltd -> Overwolf LTD) C:\Users\George\AppData\Local\Programs\CurseForge Windows\resources\app.asar.unpacked\plugins\curse\win\Curse.Agent.Host.exe
(C:\Users\George\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe ->) (Wondershare Technology Group Co.,Ltd -> Wondershare) C:\Users\George\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe
(cmd.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe
(Discord Inc. -> Discord Inc.) C:\Users\George\AppData\Local\Discord\app-1.0.9181\Discord.exe <6>
(explorer.exe ->) (Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(explorer.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\system_tray\lghub_system_tray.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <15>
(explorer.exe ->) (Overwolf Ltd -> Overwolf) C:\Users\George\AppData\Local\Programs\CurseForge Windows\CurseForge.exe <7>
(explorer.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
(GIANTS Software GmbH -> GIANTS Software GmbH) C:\Program Files (x86)\Steam\steamapps\common\Farming Simulator 25\x64\FarmingSimulator2025Game.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\25.005.0112.0003\Microsoft.SharePoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoNotificationUx.exe
(NortonLifeLock Inc. -> Gen Digital Inc.) C:\Program Files\Norton\Suite\NortonUI.exe <3>
(RealDefense LLC -> SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(services.exe ->) (Adlice (Julien Ascoet) -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(services.exe ->) (ASUSTeK Computer Inc. -> ASUSTek COMPUTER INC.) C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe
(services.exe ->) (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\2.01.07\AsusFanControlService.exe
(services.exe ->) (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AXSP\4.02.12\atkexComSvc.exe
(services.exe ->) (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\LightingService\LightingService.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.) C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe
(services.exe ->) (ASUSTEK COMPUTER INCORPORATION -> ASUSTeK COMPUTER INC.) C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Windows\System32\DriverStore\FileRepository\logi_lamparray_usb.inf_amd64_3786a31d1dad269d\logi_lamparray_service.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncHelper.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc) C:\Windows\System32\DriverStore\FileRepository\amd3dvcache.inf_amd64_558311a8a60226a4\amd3dvcacheSvc.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\DriverStore\FileRepository\amdfendr.inf_amd64_05bfde18331c4d58\amdfendrsr.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe
(services.exe ->) (NortonLifeLock Inc. -> Gen Digital Inc.) C:\Program Files\Norton\Suite\AvDump.exe
(services.exe ->) (NortonLifeLock Inc. -> Gen Digital Inc.) C:\Program Files\Norton\Suite\nllToolsSvc.exe
(services.exe ->) (NortonLifeLock Inc. -> Gen Digital Inc.) C:\Program Files\Norton\Suite\NortonSvc.exe
(services.exe ->) (NortonLifeLock Inc. -> Gen Digital Inc.) C:\Program Files\Norton\Suite\VpnSvc.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <4>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvrfi.inf_amd64_2c09ed8a3f940967\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (NVIDIA Corporation -> NVIDIA) C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe
(services.exe ->) (RealDefense LLC -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(services.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\steamservice.exe
(services.exe ->) (Wondershare Technology Group Co.,Ltd -> Wondershare) C:\Users\George\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe
(sihost.exe ->) (04797BBC-C7BB-462F-9B66-331C81E27C0E -> TranslucentTB Open Source Developers) C:\Program Files\WindowsApps\28017CharlesMilette.TranslucentTB_2024.3.0.0_x64__v826wp6bftszj\TranslucentTB.exe
(sihost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_15.3.138.0_x64__nzyj5cx40ttqa\iCloud\iCloudDrive.exe
(sihost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_15.3.138.0_x64__nzyj5cx40ttqa\iCloud\iCloudHome.exe
(sihost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_15.3.138.0_x64__nzyj5cx40ttqa\iCloud\iCloudPhotos.exe
(sihost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingApp_2501.1001.3.0_x64__8wekyb3d8bbwe\XboxPcTray.exe
(sihost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.25011.11.0_x64__cw5n1h2txyewy\CrossDeviceService.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2504.2.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> ) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.256.502.0_x64__zpdnekdrzrea0\XboxGameBarSpotify.exe
(svchost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_15.3.138.0_x64__nzyj5cx40ttqa\iCloud\ApplePhotoStreams.exe
(svchost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_15.3.138.0_x64__nzyj5cx40ttqa\iCloud\APSDaemon.exe
(svchost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_15.3.138.0_x64__nzyj5cx40ttqa\iCloud\iCloudOutlookConfig.exe
(svchost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple, Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_15.3.138.0_x64__nzyj5cx40ttqa\iCloud\secd.exe
(svchost.exe ->) (ASUSTeK Computer Inc. -> ) C:\Program Files\ASUS\KINGSTON_Aac_DRAM\AacKingstonDramHal_x64.exe
(svchost.exe ->) (ASUSTeK Computer Inc. -> ) C:\Program Files\ASUS\KINGSTON_Aac_DRAM\AacKingstonDramHal_x86.exe
(svchost.exe ->) (ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe
(svchost.exe ->) (ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
(svchost.exe ->) (ASUSTeK Computer Inc. -> ASUSTek Compputer Inc.) C:\Program Files\ASUS\AacMB\Aac3572MbHal_x86.exe <2>
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe <3>
(svchost.exe ->) (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files\ASUS\AacExtCard\extensionCardHal_x86.exe
(svchost.exe ->) (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files\ASUS\ASUS_Aac_DRAM\Aac3572DramHal_x86.exe
(svchost.exe ->) (ASUSTeK Computer Inc. -> TODO: <Company name>) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\ArmouryAIOFanServer.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileCoAuth.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingApp_2501.1001.3.0_x64__8wekyb3d8bbwe\XboxPcApp.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingApp_2501.1001.3.0_x64__8wekyb3d8bbwe\XboxPcAppFT.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\mmgaserver.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NortonUI.exe] => C:\Program Files\Norton\Suite\AvLaunch.exe [429160 2025-01-19] (NortonLifeLock Inc. -> Gen Digital Inc.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2025-01-19] (Adobe Inc. -> )
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2024-09-29] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\Update\OneDriveSetup.exe" (No File)
HKLM\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\StandaloneUpdater\OneDriveSetup.exe" [84027432 2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2398525475-854880265-1321228765-1001\...\Run: [MicrosoftEdgeAutoLaunch_6F6B3163EF0F3AC776BF72C240C65766] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3923496 2025-01-30] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2398525475-854880265-1321228765-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [5007376 2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2398525475-854880265-1321228765-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4435552 2025-01-28] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-2398525475-854880265-1321228765-1001\...\Run: [Discord] => C:\Users\George\AppData\Local\Discord\Update.exe [1512608 2021-09-21] (Discord Inc. -> GitHub)
HKU\S-1-5-21-2398525475-854880265-1321228765-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [36981208 2025-01-08] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-2398525475-854880265-1321228765-1001\...\Run: [LGHUB] => C:\Program Files\LGHUB\system_tray\lghub_system_tray.exe [22470552 2025-01-27] (Logitech Inc -> Logitech, Inc.)
HKU\S-1-5-21-2398525475-854880265-1321228765-1001\...\Run: [electron.app.CurseForge] => C:\Users\George\AppData\Local\Programs\CurseForge Windows\CurseForge.exe [182262200 2025-02-02] (Overwolf Ltd -> Overwolf)
HKU\S-1-5-21-2398525475-854880265-1321228765-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [12022808 2025-01-23] (RealDefense LLC -> SUPERAntiSpyware)
HKU\S-1-5-18\...\Run: [Norton Download ManagerFORCE_UPGRADE_22_23_10] => C:\PROGRA~3\Norton\{0C55C~1\NORTON~1.EXE /m /noui (No File)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\132.0.6834.160\Installer\chrmstp.exe [2025-01-31] (Google LLC -> Google LLC)
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {8549B7DF-DC12-4516-A322-5DF02D7A9B6C} - System32\Tasks\ASUS\AcPowerNotification => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe [115464 2021-12-17] (ASUSTeK Computer Inc. -> ASUS)
Task: {50356136-FB3F-4632-8156-CE0A90191306} - System32\Tasks\ASUS\ArmouryAIOFanServer => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\ArmouryAIOFanServer.exe [764152 2021-06-10] (ASUSTeK Computer Inc. -> TODO: <Company name>)
Task: {F20F3816-65AC-424B-A1C4-02190572B2A7} - System32\Tasks\ASUS\ArmourySocketServer => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe [2248120 2021-12-17] (ASUSTeK Computer Inc. -> ASUS)
Task: {7E0C90AB-FF83-415D-A8C4-D2AF2C81C9CB} - System32\Tasks\ASUS\ASUSUpdateTaskMachineCore => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [158224 2025-01-03] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {9445463B-C95E-47A6-83CB-507FF5CB79F0} - System32\Tasks\ASUS\ASUSUpdateTaskMachineUA => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [158224 2025-01-03] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {CD4047FA-8E1B-46A8-8D02-D276CFC7AE4D} - System32\Tasks\ASUS\Framework Service => C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe [44443608 2021-12-23] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
Task: {C8130F25-7864-4031-9696-03CE201D15DE} - System32\Tasks\ASUS\NoiseCancelingEngine => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\NoiseCancelingEngine.exe [1241448 2021-10-13] (ASUSTeK Computer Inc. -> ASUS)
Task: {F07A7919-6EED-4D99-A52A-8DE58BCAEB95} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe  (No File)
Task: {2CDAFD2E-5551-47AC-BFEC-30D47DD15EF0} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem134.0.6985.0{0714AEC6-A3FC-4C97-BB8F-6A125F689480} => C:\Program Files (x86)\Google\GoogleUpdater\134.0.6985.0\updater.exe [5672544 2025-01-28] (Google LLC -> Google LLC)
Task: {4917DF1A-8FCD-40B4-BB61-1675CC88651B} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28707056 2025-01-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {96160AFE-D986-4294-A3FF-66B9F24B3003} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28707056 2025-01-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {5FFA0FAF-C6FB-4045-A1B4-D70091F002A8} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [222840 2025-01-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {D0CBDC7A-0C61-4E04-B3FB-771272ECBCDF} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [222840 2025-01-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {63A36C17-E3BB-4286-AAA4-1563314E2D3D} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4439384 2025-01-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
Task: {534C11A0-5DE5-40AF-804A-C969910DF85F} - System32\Tasks\Norton\Norton 360 Patcher => C:\Program Files\Common Files\Norton\Icarus\norton-suite\icarus.exe [8661096 2024-12-16] (NortonLifeLock Inc. -> Gen Digital Inc.)
Task: {50D15020-C3C1-409A-A18B-58C32A935864} - System32\Tasks\Norton\Norton VPN Bug Report => C:\Program Files\Norton\Suite\AvBugReport.exe [5998184 2025-01-19] (NortonLifeLock Inc. -> Gen Digital Inc.) -> --send "dumps|report" --silent --product 187 --programpath "C:\Program Files\Norton\Suite" --configpath "C:\ProgramData\Norton\VPN" --path "C:\ProgramData\Norton\VPN\log" --path "C:\ProgramData\Norton\Icarus\Logs" --logpath "C:\ProgramData\Norton\VPN\log" --guid f4aae419-45f9-4563-87ae-f5ea1a7544e2
Task: {F9D79EE7-E436-45EB-A354-AB67F2F50848} - System32\Tasks\Norton\Overseer => C:\Program Files\Common Files\Norton\Overseer\overseer.exe [2566760 2025-01-19] (NortonLifeLock Inc. -> Gen Digital Inc.)
Task: {DFB2D882-C6F4-4FF2-A1D9-61C78B4C7382} - System32\Tasks\Norton\Suite Emergency Update => C:\Program Files\Norton\Suite\AvEmUpdate.exe [5215848 2025-01-19] (NortonLifeLock Inc. -> Gen Digital Inc.)
Task: {B6C48A63-3033-41D3-956C-711C9EB69479} - System32\Tasks\NVIDIA app SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA app\CEF\NVIDIA app.exe [3287080 2025-01-25] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {115A060C-A64E-4277-8D50-178A4AD90362} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4222504 2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {F4AF8AFB-B23E-4D76-94D1-2ECD92C50225} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2398525475-854880265-1321228765-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4222504 2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {FA1E6EB8-1EFD-4716-968A-4A4859CB53D2} - System32\Tasks\OneDrive Startup Task-S-1-5-21-2398525475-854880265-1321228765-1001 => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\OneDriveLauncher.exe [447032 2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{ae325af8-a8be-43fa-9a49-fbcd068c3910}: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{ae325af8-a8be-43fa-9a49-fbcd068c3910}: [DhcpDomain] localdomain
Tcpip\..\Interfaces\{e735db10-5068-48cf-9185-f8572a2ef0e9}: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{e735db10-5068-48cf-9185-f8572a2ef0e9}: [DhcpDomain] localdomain
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\George\AppData\Local\Microsoft\Edge\User Data\Default [2025-02-06]
Edge DefaultSearchURL: Default -> hxxps://www.searchwithouthistorysearch.com/search/?category=web&s=eepr&vert=private&q={searchTerms}
Edge DefaultSearchKeyword: Default -> Search With Incognito
Edge DefaultSuggestURL: Default -> hxxps://sug.searchwithouthistorysearch.com/v1/sug/?yid=eepr&vert=private&q={searchTerms}
Edge Extension: (Search With Incognito) - C:\Users\George\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\aegpbigghghmkomaolphakjjppnebdhb [2025-01-06]
Edge Extension: (Honey: Automatic Coupons & Rewards) - C:\Users\George\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\amnbcmdbanbkjhnfoeceemmmdiepnbpp [2025-01-06]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\George\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn [2025-01-23]
Edge Extension: (MetaMask) - C:\Users\George\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ejbalbakoplchlghecdalmeeeajnimhm [2025-01-30]
Edge Extension: (Microsoft Bing Search with Rewards) - C:\Users\George\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fbgcedjacmlbgleddnoacbnijgmiolem [2025-01-06]
Edge Extension: (Google Docs Offline) - C:\Users\George\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-02-05]
Edge Extension: (APK Downloader) - C:\Users\George\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\glngapejbnmnicniccdcemghaoaopdji [2025-01-06]
Edge Extension: (Coinbase Wallet extension) - C:\Users\George\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hnfanknocfeofbddgcijnmhnfnkdnaad [2025-02-05]
Edge Extension: (Edge relevant text changes) - C:\Users\George\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2025-01-06]
Edge Extension: (Custom Cursor for Chrome™) - C:\Users\George\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ogdlpmhglpejoiomcodnpjnfgcpmgale [2025-01-06]
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
 
FireFox:
========
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2025-01-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2025-01-24] (Microsoft Corporation -> Microsoft Corporation)
 
Chrome: 
=======
CHR Profile: C:\Users\George\AppData\Local\Google\Chrome\User Data\Default [2025-02-05]
CHR Extension: (Google Docs Offline) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-02-05]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2025-01-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2025-01-24]
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [231456 2024-08-23] (RealDefense LLC -> SUPERAntiSpyware.com)
R2 amd3dvcacheSvc; C:\Windows\System32\DriverStore\FileRepository\amd3dvcache.inf_amd64_558311a8a60226a4\amd3dvcacheSvc.exe [143432 2024-04-17] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc)
S2 amdpmfservice; C:\Windows\System32\amdpmfservice.exe [52936 2024-05-14] (Advanced Micro Devices -> Advanced Micro Devices, Inc)
R2 ArmouryCrateService; C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe [349408 2021-12-01] (ASUSTEK COMPUTER INCORPORATION -> ASUSTeK COMPUTER INC.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.02.12\atkexComSvc.exe [457544 2021-10-21] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S2 asus; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [158224 2025-01-03] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 AsusCertService; C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe [313008 2021-10-21] (ASUSTeK Computer Inc. -> ASUSTek COMPUTER INC.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\2.01.07\AsusFanControlService.exe [2092872 2021-11-26] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S3 asusm; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [158224 2025-01-03] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S2 AsusUpdateCheck; C:\Windows\System32\AsusUpdateCheck.exe [845256 2025-02-06] (ASUSTeK Computer Inc. -> )
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [18663720 2025-01-29] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13572312 2025-01-03] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1135648 2025-01-06] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [965872 2025-01-17] (EasyAntiCheat Oy -> Epic Games, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [367064 2024-11-23] (Epic Games Inc. -> Epic Games, Inc.)
R3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncHelper.exe [3532816 2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [15900568 2025-01-27] (Logitech Inc -> Logitech, Inc.)
R2 LightingService; C:\Program Files (x86)\LightingService\LightingService.exe [3683496 2021-11-24] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
R2 logi_lamparray_service; C:\Windows\System32\DriverStore\FileRepository\logi_lamparray_usb.inf_amd64_3786a31d1dad269d\logi_lamparray_service.exe [11177064 2025-01-08] (Logitech Inc -> Logitech, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9441760 2025-01-23] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2788304 2025-01-23] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe [1447680 2025-01-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NativePushService; C:\Users\George\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe [564104 2024-12-19] (Wondershare Technology Group Co.,Ltd -> Wondershare)
R2 Norton Antivirus; C:\Program Files\Norton\Suite\NortonSvc.exe [779880 2025-01-19] (NortonLifeLock Inc. -> Gen Digital Inc.)
R2 Norton Tools; C:\Program Files\Norton\Suite\nllToolsSvc.exe [1230952 2025-01-19] (NortonLifeLock Inc. -> Gen Digital Inc.)
R2 nortonAvDumper64; C:\Program Files\Norton\Suite\AvDump.exe [3498088 2025-01-19] (NortonLifeLock Inc. -> Gen Digital Inc.)
R2 NortonVpn; C:\Program Files\Norton\Suite\VpnSvc.exe [12924008 2025-01-19] (NortonLifeLock Inc. -> Gen Digital Inc.)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvrfi.inf_amd64_2c09ed8a3f940967\Display.NvContainer\NVDisplay.Container.exe [1275536 2025-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\25.005.0112.0003\OneDriveUpdaterService.exe [3879464 2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [15897232 2025-01-30] (Adlice (Julien Ascoet) -> )
R2 ROG Live Service; C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe [1665648 2023-07-25] (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [559368 2025-01-06] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe [3199672 2025-01-06] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe [141952 2025-01-06] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 amd3dvcache; C:\Windows\System32\DriverStore\FileRepository\amd3dvcache.inf_amd64_558311a8a60226a4\amd3dvcache.sys [42720 2024-04-17] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
S3 amdacpbus; C:\Windows\System32\DriverStore\FileRepository\amdacpbus2.inf_amd64_5290d8fce0ae2ac2\amdacpbus2.sys [526648 2024-09-20] (Advanced Micro Devices -> Advanced Micro Devices)
R3 amdfendrmgr; C:\Windows\System32\DriverStore\FileRepository\amdfendr.inf_amd64_05bfde18331c4d58\amdfendrmgr.sys [36016 2024-07-30] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdgpio3; C:\Windows\System32\drivers\amdgpio3.sys [33504 2024-07-11] (ASMedia Technology Inc. -> Advanced Micro Devices, Inc)
S3 amdpmf; C:\Windows\System32\drivers\amdpmf.sys [203976 2024-05-14] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
S3 amdsdwc; C:\Windows\System32\DriverStore\FileRepository\amdsdwc.inf_amd64_344a905c03918d5a\amdsdwc.sys [502992 2024-09-20] (Advanced Micro Devices -> Advanced Micro Devices)
S3 amducsi; C:\Windows\System32\drivers\amducsi.sys [81656 2024-03-26] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
S3 amdusb4cm; C:\Windows\System32\drivers\amdusb4cm.sys [593032 2024-04-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
S3 amdwirelessbutton; C:\Windows\System32\drivers\amdwirelessbutton.sys [39032 2024-04-15] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R3 AMDXE; C:\Windows\System32\drivers\amdxe.sys [63008 2024-05-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 AMS-MailBoxDrv; C:\Windows\System32\drivers\AMS-MailBoxDrv.sys [133944 2024-06-04] (Advanced Micro Devices -> Advanced Micro Devices, Inc)
R1 Asusgio2; C:\Windows\system32\drivers\AsIO2.sys [34384 2021-10-21] (ASUSTeK Computer Inc. -> )
R1 Asusgio3; C:\Windows\system32\drivers\AsIO3.sys [43160 2021-10-21] (ASUSTeK Computer Inc. -> )
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [188416 2024-08-14] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [File not signed]
S3 cpuz152; C:\Windows\temp\cpuz152\cpuz152_x64.sys [35840 2025-01-03] (Microsoft Windows Hardware Compatibility Publisher -> CPUID) <==== ATTENTION
R1 CTIIO; C:\Windows\system32\drivers\CtiIo64.sys [30728 2025-01-03] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Innovation Co., LTd.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2025-01-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 logi_audio_surround; C:\Windows\System32\DriverStore\FileRepository\logi_audio.inf_amd64_affafe6e263c4f51\logi_audio_surround.sys [44112 2025-01-08] (Microsoft Windows Hardware Compatibility Publisher -> Logitech, Inc.)
R3 logi_joy_bus_enum; C:\Windows\system32\drivers\logi_joy_bus_enum.sys [44880 2025-01-08] (Logitech Inc -> Logitech)
R3 logi_joy_vir_hid; C:\Windows\system32\drivers\logi_joy_vir_hid.sys [32080 2025-01-08] (Logitech Inc -> Logitech)
R3 logi_joy_xlcore; C:\Windows\system32\drivers\logi_joy_xlcore.sys [73040 2025-01-08] (Logitech Inc -> Logitech)
R3 logi_lamparray; C:\Windows\System32\DriverStore\FileRepository\logi_lamparray_usb.inf_amd64_3786a31d1dad269d\logi_lamparray.sys [89192 2025-01-08] (Logitech Inc -> Logitech, Inc.)
R2 mbamchameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [232024 2025-01-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2025-01-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\DRIVERS\farflt11.sys [234168 2025-02-06] (Malwarebytes Inc. -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [80448 2025-02-06] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239568 2025-01-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [189776 2025-02-06] (Malwarebytes Inc. -> Malwarebytes)
R1 MSIO; C:\Windows\system32\drivers\MsIo64.sys [17424 2020-01-19] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd)
R0 nllArDisk; C:\Windows\System32\drivers\nllArDisk.sys [20560 2025-01-19] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 nllbidsh; C:\Windows\System32\drivers\nllbidsh.sys [296016 2025-01-19] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 nllbuniv; C:\Windows\System32\drivers\nllbuniv.sys [84560 2025-01-19] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 nllElam; C:\Windows\System32\drivers\nllElam.sys [28280 2025-01-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Gen Digital Inc.)
R1 nllMonFlt; C:\Windows\System32\drivers\nllMonFlt.sys [275024 2025-01-19] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 nllRvrt; C:\Windows\System32\drivers\nllRvrt.sys [69712 2025-01-19] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 nllSP; C:\Windows\System32\drivers\nllSP.sys [1424952 2025-01-19] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
S3 nllVpnRdr; C:\Windows\System32\drivers\nllVpnRdr.sys [80504 2025-01-19] (Microsoft Windows Hardware Compatibility Publisher -> NortonLifelock Inc.)
S3 nllWireGuard; C:\Windows\System32\drivers\nllWireguard.sys [174680 2025-01-19] (Microsoft Windows Hardware Compatibility Publisher -> NortonLifeLock Inc.)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [23072 2024-08-23] (RealDefense LLC -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [15600 2023-08-25] (RealDefense, LLC -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [22104 2025-01-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [606624 2025-01-06] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105888 2025-01-06] (Microsoft Windows -> Microsoft Corporation)
U3 Norton Firewall; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2025-02-06 13:24 - 2025-02-06 13:25 - 000040186 _____ C:\Users\George\Downloads\FRST.txt
2025-02-06 13:23 - 2025-02-06 13:25 - 000000000 ____D C:\FRST
2025-02-06 13:23 - 2025-02-06 13:24 - 000000000 ____D C:\Users\George\Downloads\FRST-OlderVersion
2025-02-06 13:22 - 2025-02-06 13:24 - 002403328 _____ (Farbar) C:\Users\George\Downloads\FRST64.exe
2025-02-06 13:21 - 2025-02-06 13:21 - 000003546 _____ C:\Windows\system32\Tasks\OneDrive Startup Task-S-1-5-21-2398525475-854880265-1321228765-1001
2025-02-06 12:58 - 2025-02-06 12:58 - 000000000 ____D C:\Users\George\AppData\Roaming\SUPERAntiSpyware.com
2025-02-06 12:58 - 2025-02-06 12:58 - 000000000 ____D C:\Users\George\AppData\Local\ToolLib
2025-02-06 12:58 - 2025-02-06 12:58 - 000000000 ____D C:\ProgramData\ToolLib
2025-02-06 12:56 - 2025-02-06 12:58 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2025-02-06 12:56 - 2025-02-06 12:56 - 218172328 _____ (SUPERAntiSpyware) C:\Users\George\Downloads\SUPERAntiSpyware.exe
2025-02-06 12:56 - 2025-02-06 12:56 - 000001856 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2025-02-06 12:56 - 2025-02-06 12:56 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2025-02-06 12:56 - 2025-02-06 12:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2025-02-06 12:45 - 2025-02-06 12:49 - 000000000 ____D C:\ProgramData\RogueKiller
2025-02-06 12:45 - 2025-02-06 12:45 - 051405480 _____ (Adlice Software ) C:\Users\George\Downloads\RogueKiller_setup (1).exe
2025-02-06 12:45 - 2025-02-06 12:45 - 000000906 _____ C:\Users\Public\Desktop\Adlice Protect.lnk
2025-02-06 12:45 - 2025-02-06 12:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2025-02-06 12:45 - 2025-02-06 12:45 - 000000000 ____D C:\Program Files\RogueKiller
2025-02-06 12:44 - 2025-02-06 12:44 - 051405480 _____ (Adlice Software ) C:\Users\George\Downloads\Unconfirmed 415832.crdownload
2025-02-06 11:27 - 2025-02-06 11:27 - 000810698 _____ C:\Windows\system32\perfh00C.dat
2025-02-06 11:27 - 2025-02-06 11:27 - 000808258 _____ C:\Windows\system32\perfh00A.dat
2025-02-06 11:27 - 2025-02-06 11:27 - 000802470 _____ C:\Windows\system32\perfh015.dat
2025-02-06 11:27 - 2025-02-06 11:27 - 000796598 _____ C:\Windows\system32\perfh010.dat
2025-02-06 11:27 - 2025-02-06 11:27 - 000760930 _____ C:\Windows\system32\perfh007.dat
2025-02-06 11:27 - 2025-02-06 11:27 - 000166350 _____ C:\Windows\system32\perfc00A.dat
2025-02-06 11:27 - 2025-02-06 11:27 - 000162354 _____ C:\Windows\system32\perfc015.dat
2025-02-06 11:27 - 2025-02-06 11:27 - 000160786 _____ C:\Windows\system32\perfc007.dat
2025-02-06 11:27 - 2025-02-06 11:27 - 000160344 _____ C:\Windows\system32\perfc00C.dat
2025-02-06 11:27 - 2025-02-06 11:27 - 000154380 _____ C:\Windows\system32\perfc010.dat
2025-02-06 11:20 - 2025-02-06 13:25 - 000000000 ____D C:\Windows\SysWOW64\lock.lock
2025-02-06 11:20 - 2025-02-06 11:20 - 000234168 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt11.sys
2025-02-06 11:20 - 2025-02-06 11:20 - 000189776 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2025-02-05 15:25 - 2025-02-05 15:25 - 000000000 ____D C:\Users\George\AppData\Roaming\ufcphsom
2025-02-05 15:21 - 2025-02-05 15:22 - 000000000 ____D C:\Windows\LastGood.Tmp
2025-02-05 15:20 - 2025-01-26 18:36 - 000125048 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2025-02-05 15:19 - 2025-01-27 04:45 - 002072440 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2025-02-05 15:19 - 2025-01-27 04:45 - 002072440 _____ C:\Windows\system32\vulkaninfo.exe
2025-02-05 15:19 - 2025-01-27 04:45 - 001614192 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2025-02-05 15:19 - 2025-01-27 04:45 - 001614192 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2025-02-05 15:19 - 2025-01-27 04:45 - 001576840 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2025-02-05 15:19 - 2025-01-27 04:45 - 001576840 _____ C:\Windows\system32\vulkan-1.dll
2025-02-05 15:19 - 2025-01-27 04:45 - 001389960 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2025-02-05 15:19 - 2025-01-27 04:45 - 001389960 _____ C:\Windows\SysWOW64\vulkan-1.dll
2025-02-05 15:19 - 2025-01-27 04:45 - 000477832 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2025-02-05 15:19 - 2025-01-27 04:45 - 000374408 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2025-02-05 15:18 - 2025-01-27 04:41 - 001183392 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2025-02-05 15:18 - 2025-01-27 04:41 - 000670352 _____ (NVIDIA Corporation) C:\Windows\system32\nvofapi64.dll
2025-02-05 15:18 - 2025-01-27 04:41 - 000506008 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvofapi.dll
2025-02-05 15:18 - 2025-01-27 04:40 - 025643168 _____ C:\Windows\system32\nvidia-pcc.exe
2025-02-05 15:18 - 2025-01-27 04:40 - 002194088 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2025-02-05 15:18 - 2025-01-27 04:40 - 001641120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2025-02-05 15:18 - 2025-01-27 04:40 - 001563784 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2025-02-05 15:18 - 2025-01-27 04:40 - 001215624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2025-02-05 15:18 - 2025-01-27 04:40 - 001046168 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2025-02-05 15:18 - 2025-01-27 04:40 - 000903856 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2025-02-05 15:18 - 2025-01-27 04:40 - 000804528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2025-02-05 15:18 - 2025-01-27 04:39 - 019904168 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2025-02-05 15:18 - 2025-01-27 04:39 - 019329200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2025-02-05 15:18 - 2025-01-27 04:39 - 007225008 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2025-02-05 15:18 - 2025-01-27 04:39 - 005500064 _____ (NVIDIA Corporation) C:\Windows\system32\nvcudadebugger.dll
2025-02-05 15:18 - 2025-01-27 04:39 - 003944616 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2025-02-05 15:18 - 2025-01-27 04:39 - 000462496 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2025-02-05 15:18 - 2025-01-27 04:38 - 005913248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2025-02-05 15:18 - 2025-01-27 04:38 - 000853656 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2025-02-05 15:18 - 2025-01-27 04:37 - 005552256 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2025-02-05 15:18 - 2025-01-27 04:37 - 004856992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2025-02-05 15:18 - 2025-01-26 18:36 - 000137640 _____ C:\Windows\system32\nvinfo.pb
2025-02-04 20:52 - 2025-02-04 20:52 - 000000000 ____D C:\Users\George\AppData\Local\GIANTS Crash Reporter
2025-02-04 20:15 - 2025-02-04 20:15 - 000000223 _____ C:\Users\George\Desktop\Farming Simulator 25.url
2025-02-04 11:45 - 2025-02-04 11:45 - 000000000 ____D C:\Users\George\Documents\Custom Office Templates
2025-02-04 11:37 - 2025-02-04 11:37 - 000000000 ____D C:\Users\George\AppData\Roaming\Microsoft\UProof
2025-02-03 14:56 - 2025-02-03 14:56 - 000446013 _____ C:\Users\George\Downloads\Screenshot_3-2-2025_145610_www.amazon.co.uk.jpeg
2025-02-03 14:53 - 2025-02-03 14:53 - 000022310 _____ C:\Users\George\Downloads\Screenshot_3-2-2025_145313_www.amazon.co.uk.jpeg
2025-02-03 14:26 - 2025-02-03 14:26 - 000000282 _____ C:\Users\George\Downloads\shopify_recovery_codes (1).txt
2025-02-03 14:10 - 2025-02-03 14:10 - 000106466 _____ C:\Users\George\Downloads\Screenshot_3-2-2025_141043_www.amazon.co.uk.jpeg
2025-02-03 14:04 - 2025-02-03 14:04 - 000353938 _____ C:\Users\George\Downloads\Screenshot_3-2-2025_14440_www.amazon.co.uk.jpeg
2025-02-03 13:42 - 2025-02-03 13:42 - 000101587 _____ C:\Users\George\Downloads\Screenshot_3-2-2025_134250_www.amazon.co.uk.jpeg
2025-02-03 13:42 - 2025-02-03 13:42 - 000045119 _____ C:\Users\George\Downloads\Screenshot_3-2-2025_134237_www.amazon.co.uk.jpeg
2025-02-03 13:39 - 2025-02-03 13:39 - 000192823 _____ C:\Users\George\Downloads\Screenshot_3-2-2025_13395_www.bing.com.jpeg
2025-02-03 13:23 - 2025-02-03 13:23 - 000061720 _____ C:\Users\George\Downloads\Screenshot_3-2-2025_13233_www.amazon.co.uk.jpeg
2025-02-03 13:22 - 2025-02-03 13:22 - 000069758 _____ C:\Users\George\Downloads\Screenshot_3-2-2025_132247_www.amazon.co.uk.jpeg
2025-02-02 20:57 - 2025-02-02 21:03 - 3990299077 _____ C:\Users\George\Downloads\The Batman (2022) Scenepack 4K.mp4
2025-01-31 12:07 - 2025-01-31 12:07 - 000000223 _____ C:\Users\George\Desktop\Arma Reforger.url
2025-01-28 17:25 - 2025-01-28 17:25 - 000000000 ____D C:\Users\George\AppData\Local\ToastNotificationManagerCompat
2025-01-28 14:29 - 2025-01-28 14:29 - 027106246 _____ C:\Users\George\Downloads\11131359-hd_1080_1920_30fps.mp4
2025-01-28 14:21 - 2025-02-02 14:17 - 000000000 ____D C:\Users\George\AppData\Roaming\HandBrake
2025-01-28 14:21 - 2025-01-28 14:21 - 002652992 _____ (MiniTool) C:\Users\George\Downloads\mmm-setup.exe
2025-01-28 14:21 - 2025-01-28 14:21 - 000000000 ____D C:\Program Files\dotnet
2025-01-28 14:20 - 2025-01-28 14:20 - 024255496 _____ C:\Users\George\Downloads\HandBrake-1.9.0-x86_64-Win_GUI.exe
2025-01-28 14:20 - 2025-01-28 14:20 - 002017152 _____ (MiniTool) C:\Users\George\Downloads\vc-setup.exe
2025-01-28 14:20 - 2025-01-28 14:20 - 000000880 _____ C:\Users\Public\Desktop\HandBrake.lnk
2025-01-28 14:20 - 2025-01-28 14:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HandBrake
2025-01-28 14:20 - 2025-01-28 14:20 - 000000000 ____D C:\Program Files\HandBrake
2025-01-28 13:46 - 2025-01-28 13:46 - 196056840 _____ C:\Users\George\Downloads\156324-812554785.mp4
2025-01-28 13:33 - 2025-01-28 13:33 - 116643956 _____ C:\Users\George\Downloads\12515366_2160_3840_60fps.mp4
2025-01-28 13:30 - 2025-01-28 13:30 - 019895065 _____ C:\Users\George\Downloads\7539471-uhd_2160_3840_24fps (1).mp4
2025-01-28 13:29 - 2025-01-28 13:29 - 019895065 _____ C:\Users\George\Downloads\7539471-uhd_2160_3840_24fps.mp4
2025-01-28 13:17 - 2025-01-28 13:17 - 007884465 _____ C:\Users\George\Downloads\6924608-hd_1080_1920_24fps.mp4
2025-01-28 13:04 - 2025-01-28 13:04 - 000000856 _____ C:\Users\Public\Desktop\Logitech G HUB.lnk
2025-01-28 13:04 - 2025-01-28 13:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2025-01-28 13:04 - 2025-01-28 13:04 - 000000000 ____D C:\Program Files\LGHUB
2025-01-27 14:39 - 2025-01-27 14:39 - 028106373 _____ C:\Users\George\Downloads\12314373_1080_1920_30fps.mp4
2025-01-27 14:15 - 2025-01-27 14:15 - 021650452 _____ C:\Users\George\Downloads\123482-728292535.mp4
2025-01-27 13:05 - 2025-01-27 13:05 - 051002818 _____ C:\Users\George\Downloads\12797774_2160_3840_30fps.mp4
2025-01-27 13:01 - 2025-01-27 13:02 - 024607473 _____ C:\Users\George\Downloads\183968-872226596.mp4
2025-01-26 21:53 - 2025-01-26 21:53 - 000000000 ____D C:\Users\George\curseforge
2025-01-26 21:52 - 2025-02-06 13:21 - 000000000 ____D C:\Users\George\AppData\Roaming\CurseForge
2025-01-26 21:52 - 2025-01-27 14:08 - 000000000 ____D C:\Users\George\AppData\Local\curseforge-updater
2025-01-26 21:52 - 2025-01-26 21:52 - 002195832 _____ (Overwolf Ltd.) C:\Users\George\Downloads\CurseForge Windows - Installer.exe
2025-01-26 21:52 - 2025-01-26 21:52 - 000002441 _____ C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CurseForge.lnk
2025-01-26 21:52 - 2025-01-26 21:52 - 000002433 _____ C:\Users\George\Desktop\CurseForge.lnk
2025-01-26 21:52 - 2025-01-26 21:52 - 000000000 ____D C:\Users\George\AppData\Roaming\ow-electron
2025-01-26 21:52 - 2025-01-26 21:52 - 000000000 ____D C:\Users\George\AppData\Local\Overwolf
2025-01-26 21:39 - 2025-01-26 21:55 - 000000000 ____D C:\Users\George\AppData\Roaming\.minecraft
2025-01-26 18:55 - 2025-01-26 18:55 - 029436625 _____ C:\Users\George\Downloads\149459-797188993.mp4
2025-01-26 18:54 - 2025-01-26 18:54 - 007966884 _____ C:\Users\George\Downloads\199347-910162309.mp4
2025-01-26 18:53 - 2025-01-26 18:53 - 044594760 _____ C:\Users\George\Downloads\149593-797189032.mp4
2025-01-26 15:23 - 2025-01-26 15:23 - 000815632 _____ (Open Media LLC) C:\Users\George\Downloads\4ktokkit_2.7.4_x64_online (1).exe
2025-01-26 15:23 - 2025-01-26 15:23 - 000000842 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Tokkit.lnk
2025-01-26 15:23 - 2025-01-26 15:23 - 000000830 _____ C:\Users\Public\Desktop\4K Tokkit.lnk
2025-01-26 15:22 - 2025-01-26 15:22 - 000815632 _____ (Open Media LLC) C:\Users\George\Downloads\4ktokkit_2.7.4_x64_online.exe
2025-01-26 13:48 - 2025-01-26 13:48 - 000000000 ____D C:\Users\George\AppData\Local\StreamingVideoProvider
2025-01-25 22:57 - 2025-01-25 22:58 - 128114807 _____ C:\Users\George\Downloads\Strike Industries P320 Modular Chassis ALPHA-5390-1-0-1737654017.zip
2025-01-25 21:47 - 2025-01-25 21:47 - 1389891105 _____ C:\Users\George\Downloads\411scenes - Anakin Skywalker - Ahoska S01 [2023] - [WEB-DL 4K HEVC-H265] - chaszq (1).mp4
2025-01-25 21:45 - 2025-01-25 21:45 - 1389891105 _____ C:\Users\George\Downloads\411scenes - Anakin Skywalker - Ahoska S01 [2023] - [WEB-DL 4K HEVC-H265] - chaszq.mp4
2025-01-25 21:12 - 2025-01-25 21:14 - 4288903647 _____ C:\Users\George\Downloads\411scenes - Anakin Skywalker - Star Wars Revenge of the Sith [2005] - [REMUX 1080p HEVC-H265] - chaszq (1).mp4
2025-01-25 21:03 - 2025-01-25 21:03 - 1777516844 _____ C:\Users\George\Downloads\411scenes - Darth Vader - Star Wars Return of the Jedi [1983] - [WEB-DL 4K HEVC-H265] - chaszq.mp4
2025-01-25 20:57 - 2025-01-25 20:57 - 377938238 _____ C:\Users\George\Downloads\411scenes - Darth Vader - Rogue One [2016] - [REMUX 4K HEVC-H265] - chaszq.mp4
2025-01-25 19:17 - 2025-01-25 19:18 - 2390296830 _____ C:\Users\George\Downloads\411scenes - Darth Vader - Obi-Wan Kenobi S01 [2022] - [REMUX 4K HEVC-H265] - chaszq.mp4
2025-01-25 19:16 - 2025-01-25 19:16 - 007140466 _____ C:\Users\George\Downloads\#!Se𝓉-Up--4461__Pa̲$$WorḌ!# (1).zip
2025-01-25 17:22 - 2025-01-25 17:22 - 058146902 _____ C:\Users\George\Downloads\MG338 20250119 UPDATE2-5293-5-3-9-1737283309.zip
2025-01-25 16:23 - 2025-01-25 16:23 - 000000000 ____D C:\Users\George\AppData\Local\Bytedance
2025-01-25 16:04 - 2025-01-25 16:04 - 002930240 _____ C:\Users\George\Downloads\capcut_capcutpc_invitefission_1.2.7_installer.exe
2025-01-25 15:54 - 2025-01-25 15:54 - 000000000 ____D C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CapCut
2025-01-25 15:52 - 2025-01-25 15:54 - 000001365 _____ C:\Users\George\Desktop\CapCut.lnk
2025-01-25 15:51 - 2025-01-25 18:06 - 000000000 ____D C:\Users\George\AppData\Local\CapCut
2025-01-25 12:22 - 2025-02-06 13:21 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2025-01-25 12:22 - 2025-01-25 12:22 - 000000000 ____D C:\Windows\system32\%userprofile%
2025-01-24 22:51 - 2025-01-24 22:51 - 041150319 _____ C:\Users\George\Downloads\pakchunk99-Mods_Israel_NESHER_P.pak
2025-01-24 22:51 - 2025-01-24 22:51 - 038094690 _____ C:\Users\George\Downloads\pakchunk9999-Mods_AirforceXII_50Beowulf_DLC2_P.pak
2025-01-24 22:51 - 2025-01-24 22:51 - 035469178 _____ C:\Users\George\Downloads\pakchunk999-Mods_ProjectGIS-V2.2_P.pak
2025-01-24 22:51 - 2025-01-24 22:51 - 025167719 _____ C:\Users\George\Downloads\pakchunk99-Mods_MP5A3Custom0_AllInOne_P.pak
2025-01-24 22:51 - 2025-01-24 22:51 - 024353335 _____ C:\Users\George\Downloads\pakchunk999-YU_TTI_Glock19_Gen5_P.pak
2025-01-24 22:51 - 2025-01-24 22:51 - 021980994 _____ C:\Users\George\Downloads\pakchunk999-Mods_AVP_BetterVestsRemastared_P.pak
2025-01-24 22:51 - 2025-01-24 22:51 - 008496144 _____ C:\Users\George\Downloads\pakchunk99-Mods_LegacyPVS15_AllInOne_P.pak
2025-01-24 22:51 - 2025-01-24 22:51 - 000124902 _____ C:\Users\George\Downloads\pakchunk999-Mod_SimpleBlueprintLoader_P.pak
2025-01-24 22:50 - 2025-01-24 22:50 - 010756893 _____ C:\Users\George\Downloads\pakchunk99-Mods_DeltaForceDesertCamo_1_P.pak
2025-01-24 22:50 - 2025-01-24 22:50 - 004274657 _____ C:\Users\George\Downloads\pakchunk99-Mod_SimpleModMenu.pak
2025-01-24 22:50 - 2025-01-24 22:50 - 002535244 _____ C:\Users\George\Downloads\pakchunk99-Mods_AK103_unlock_P.pak
2025-01-24 22:50 - 2025-01-24 22:50 - 000958765 _____ C:\Users\George\Downloads\pakchunk99-Mods_SwatFemaleHeadPrescott_P.pak
2025-01-24 22:50 - 2025-01-24 22:50 - 000724434 _____ C:\Users\George\Downloads\pakchunk99-Mods_Gunfighter_5_AIO_P (1).pak
2025-01-24 22:50 - 2025-01-24 22:50 - 000342343 _____ C:\Users\George\Downloads\pakchunk998-Mods_BAL_UE5_Customization-Unlocked_P (1).pak
2025-01-24 22:50 - 2025-01-24 22:50 - 000177498 _____ C:\Users\George\Downloads\pakchunk99-Mods_HE_AirforceXII_Unlock_M24_P.pak
2025-01-24 22:50 - 2025-01-24 22:50 - 000028194 _____ C:\Users\George\Downloads\pakchunk9999-Mods_HE-125Slots_P (2).pak
2025-01-24 22:50 - 2025-01-24 22:50 - 000025127 _____ C:\Users\George\Downloads\pakchunk99-Mods_lessRecoil[AIO]_P (1).pak
2025-01-24 22:50 - 2025-01-24 22:50 - 000018039 _____ C:\Users\George\Downloads\pakchunk99-CustomWeaponLoader_P.pak
2025-01-24 22:50 - 2025-01-24 22:50 - 000013861 _____ C:\Users\George\Downloads\pakchunk99-LoadAttachments_P.pak
2025-01-24 22:50 - 2025-01-24 22:50 - 000011861 _____ C:\Users\George\Downloads\pakchunk99-Mod_NoUpperRightText_P.pak
2025-01-24 22:50 - 2025-01-24 22:50 - 000010224 _____ C:\Users\George\Downloads\pakchunk99-Mods_NVI_00_P.pak
2025-01-24 22:50 - 2025-01-24 22:50 - 000005535 _____ C:\Users\George\Downloads\pakchunk99-FixAmmoUI_P.pak
2025-01-24 22:50 - 2025-01-24 22:50 - 000003565 _____ C:\Users\George\Downloads\pakchunk99-Mods_NoMercy_P (1).pak
2025-01-24 22:49 - 2025-01-24 22:49 - 000023933 _____ C:\Users\George\Downloads\pakchunk99-Mod_PlayerLimitEdit_P.pak
2025-01-24 22:30 - 2025-01-31 11:44 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-01-24 22:30 - 2025-01-31 11:44 - 000002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2025-01-24 22:30 - 2025-01-24 22:30 - 010384768 _____ (Google LLC) C:\Users\George\Downloads\ChromeSetup.exe
2025-01-24 22:30 - 2025-01-24 22:30 - 000000000 ____D C:\Windows\system32\Tasks\GoogleSystem
2025-01-24 22:30 - 2025-01-24 22:30 - 000000000 ____D C:\Users\George\AppData\Local\Google
2025-01-24 22:30 - 2025-01-24 22:30 - 000000000 ____D C:\Program Files\Google
2025-01-24 22:30 - 2025-01-24 22:30 - 000000000 ____D C:\Program Files (x86)\Google
2025-01-24 22:18 - 2025-01-24 22:18 - 000000000 ____D C:\Users\George\AppData\Roaming\Topaz Labs LLC
2025-01-24 22:18 - 2025-01-24 22:18 - 000000000 ____D C:\Users\George\AppData\Local\Topaz Labs LLC
2025-01-24 21:59 - 2025-01-24 21:59 - 000002527 _____ C:\Users\Public\Desktop\Topaz Video AI.lnk
2025-01-24 21:59 - 2025-01-24 21:59 - 000000000 ____D C:\ProgramData\Topaz Labs LLC
2025-01-24 21:59 - 2025-01-24 21:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Topaz Video AI
2025-01-24 21:59 - 2025-01-24 21:59 - 000000000 ____D C:\Program Files\Topaz Labs LLC
2025-01-24 21:56 - 2025-01-24 21:58 - 682171536 _____ C:\Users\George\Downloads\Topaz Video AI 3.3.10 (Win) (1).zip
2025-01-24 21:38 - 2025-01-24 21:38 - 000000000 ____D C:\Users\George\.cache
2025-01-24 21:36 - 2025-01-24 21:36 - 007808856 _____ (anyukit-setup) C:\Users\George\Downloads\anyukit-win.exe
2025-01-24 21:36 - 2025-01-24 21:36 - 000000553 _____ C:\Users\George\Desktop\AnyUkit.lnk
2025-01-24 21:36 - 2025-01-24 21:36 - 000000000 ____D C:\Users\George\Downloads\AnyUkit
2025-01-24 21:36 - 2025-01-24 21:36 - 000000000 ____D C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyUkit
2025-01-24 21:36 - 2025-01-24 21:36 - 000000000 ____D C:\Users\George\AppData\Local\AnyUkit
2025-01-24 21:36 - 2025-01-24 21:36 - 000000000 ____D C:\Program Files\AnyUkit
2025-01-24 21:32 - 2025-01-24 21:32 - 000832120 _____ (Open Media LLC) C:\Users\George\Downloads\4kvideodownloaderplus_1.10.5_x64_online (1).exe
2025-01-24 16:46 - 2025-01-24 16:46 - 000000000 ____D C:\Users\George\AppData\LocalLow\Endnight
2025-01-24 16:43 - 2025-01-24 16:43 - 000000223 _____ C:\Users\George\Desktop\Sons Of The Forest.url
2025-01-24 16:41 - 2025-01-24 16:41 - 000000223 _____ C:\Users\George\Desktop\ARK Survival Ascended.url
2025-01-24 16:10 - 2025-01-24 16:10 - 000000000 ____D C:\Users\George\AppData\Roaming\Valve Corporation
2025-01-24 13:32 - 2025-01-24 13:33 - 000000000 ____D C:\Users\George\Desktop\CapCut Pro Crack
2025-01-24 13:16 - 2025-01-24 13:16 - 012332831 _____ C:\Users\George\Downloads\8538236-uhd_1440_2514_30fps.mp4
2025-01-24 13:16 - 2025-01-24 13:16 - 007461294 _____ C:\Users\George\Downloads\4448895-hd_1080_1920_30fps.mp4
2025-01-24 11:24 - 2025-01-24 11:24 - 006374000 _____ C:\Users\George\Downloads\iCloud Photos (1).zip
2025-01-24 11:16 - 2025-01-24 11:16 - 000000000 ____D C:\Users\George\AppData\Roaming\Microsoft\Proof
2025-01-24 11:13 - 2025-02-06 13:21 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2025-01-24 11:13 - 2025-02-06 13:21 - 000002139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2025-01-24 11:13 - 2025-02-04 11:42 - 000000000 ____D C:\Users\George\AppData\Roaming\Microsoft\Word
2025-01-24 11:13 - 2025-02-04 11:37 - 000000000 ____D C:\Users\George\AppData\Roaming\Microsoft\Office
2025-01-24 11:13 - 2025-01-25 12:22 - 000000000 ___RD C:\Users\Default\OneDrive
2025-01-24 11:13 - 2025-01-24 11:13 - 000000000 ____D C:\Users\George\AppData\Roaming\Microsoft\AddIns
2025-01-24 11:11 - 2025-01-24 11:11 - 000002541 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2025-01-24 11:11 - 2025-01-24 11:11 - 000002503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2025-01-24 11:11 - 2025-01-24 11:11 - 000002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2025-01-24 11:11 - 2025-01-24 11:11 - 000002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2025-01-24 11:11 - 2025-01-24 11:11 - 000002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sticky Notes (new).lnk
2025-01-24 11:11 - 2025-01-24 11:11 - 000002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2025-01-24 11:11 - 2025-01-24 11:11 - 000002460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2025-01-24 11:11 - 2025-01-24 11:11 - 000002454 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook (classic).lnk
2025-01-24 11:11 - 2025-01-24 11:11 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2025-01-24 11:11 - 2025-01-24 11:11 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2025-01-24 11:11 - 2025-01-24 11:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2025-01-24 11:05 - 2025-01-24 13:52 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2025-01-24 11:05 - 2025-01-24 11:05 - 000000000 ____D C:\Program Files\Microsoft Office 15
2025-01-24 10:51 - 2025-01-24 10:51 - 000000000 ____D C:\Users\George\AppData\LocalLow\Temp
2025-01-23 22:35 - 2025-01-23 22:35 - 011176691 _____ C:\Users\George\Downloads\202661-918730338.mp4
2025-01-23 22:19 - 2025-01-23 22:19 - 004912118 _____ C:\Users\George\Downloads\189925-886596590_small.mp4
2025-01-23 22:18 - 2025-01-23 22:18 - 003644644 _____ C:\Users\George\Downloads\41282-428319236_medium.mp4
2025-01-23 21:48 - 2025-02-06 11:21 - 000000000 ___RD C:\Users\George\iCloudDrive
2025-01-23 21:44 - 2025-01-23 21:44 - 000000000 ____D C:\ProgramData\Apple Computer
2025-01-23 21:42 - 2025-01-23 21:42 - 000000000 ____D C:\ProgramData\Apple Inc
2025-01-23 21:42 - 2025-01-23 21:42 - 000000000 ____D C:\ProgramData\Apple
2025-01-23 21:39 - 2025-01-23 21:39 - 000217500 _____ C:\Users\George\Downloads\IMG_0114.JPEG
2025-01-23 21:38 - 2025-01-23 21:38 - 000462260 _____ C:\Users\George\Downloads\IMG_0105.JPEG
2025-01-23 21:36 - 2025-01-23 21:36 - 004466800 _____ C:\Users\George\Downloads\recorded-3293871293207.MP4
2025-01-23 21:35 - 2025-01-23 21:35 - 000864497 _____ C:\Users\George\Downloads\IMG_0061.JPEG
2025-01-23 21:35 - 2025-01-23 21:35 - 000230824 _____ C:\Users\George\Downloads\IMG_5929.JPEG
2025-01-23 21:31 - 2025-01-23 21:31 - 000352227 _____ C:\Users\George\Downloads\IMG_5574.JPEG
2025-01-23 21:31 - 2025-01-23 21:31 - 000250271 _____ C:\Users\George\Downloads\IMG_5630.JPEG
2025-01-23 21:30 - 2025-01-23 21:30 - 000388522 _____ C:\Users\George\Downloads\IMG_5159.JPEG
2025-01-23 21:27 - 2025-01-23 21:27 - 000426514 _____ C:\Users\George\Downloads\IMG_4939.JPEG
2025-01-23 21:26 - 2025-01-23 21:26 - 000332034 _____ C:\Users\George\Downloads\IMG_4695.JPEG
2025-01-23 21:25 - 2025-01-23 21:26 - 001230445 _____ C:\Users\George\Downloads\iCloud Photos.zip
2025-01-23 21:24 - 2025-01-23 21:24 - 000276776 _____ C:\Users\George\Downloads\IMG_4507.JPEG
2025-01-23 21:24 - 2025-01-23 21:24 - 000140243 _____ C:\Users\George\Downloads\IMG_4480.JPEG
2025-01-23 21:22 - 2025-01-23 21:22 - 000411832 _____ C:\Users\George\Downloads\IMG_4337.JPEG
2025-01-23 21:21 - 2025-01-23 21:21 - 000481047 _____ C:\Users\George\Downloads\IMG_4321.JPEG
2025-01-23 21:20 - 2025-01-23 21:20 - 000396221 _____ C:\Users\George\Downloads\IMG_4292.JPEG
2025-01-23 21:19 - 2025-01-23 21:19 - 000420771 _____ C:\Users\George\Downloads\cm-chat-media-video-1_a1bf4ff9-c9bb-4fde-a625-dff80a3a8206_292_0_0.MP4
2025-01-23 21:18 - 2025-01-23 21:18 - 000281457 _____ C:\Users\George\Downloads\cm-chat-media-video-1_3da2915d-a3d8-4c1a-aa8a-5afd96ebd0f5_8872_0_0.MP4
2025-01-23 21:18 - 2025-01-23 21:18 - 000267140 _____ C:\Users\George\Downloads\IMG_3815.JPEG
2025-01-23 21:13 - 2025-01-23 21:13 - 000153757 _____ C:\Users\George\Downloads\IMG_4544.JPEG
2025-01-23 21:10 - 2025-01-23 21:10 - 002015302 _____ C:\Users\George\Downloads\cm-chat-media-video-1_3fa51bbc-19c4-4693-bdf9-2615fa659739_2143_0_0.MP4
2025-01-23 21:09 - 2025-01-23 21:09 - 000307702 _____ C:\Users\George\Downloads\IMG_3890.JPEG
2025-01-23 21:08 - 2025-01-23 21:08 - 002161233 _____ C:\Users\George\Downloads\cm-chat-media-video-1_4b3b4927-045d-5607-9a6f-67fff24af273_2233_0_0.MP4
2025-01-23 21:07 - 2025-01-23 21:07 - 007245191 _____ C:\Users\George\Downloads\IMG_3676.MP4
2025-01-23 21:06 - 2025-01-23 21:06 - 000323011 _____ C:\Users\George\Downloads\IMG_3385.JPEG
2025-01-23 21:03 - 2025-01-23 21:03 - 001386792 _____ C:\Users\George\Downloads\cm-chat-media-video-1_3da2915d-a3d8-4c1a-aa8a-5afd96ebd0f5_456_0_0.MP4
2025-01-23 21:03 - 2025-01-23 21:03 - 000250235 _____ C:\Users\George\Downloads\cm-chat-media-video-1_ffb46382-9fa0-4df4-aa8f-c1a45d190ecd_1245_0_0.MP4
2025-01-23 21:02 - 2025-01-23 21:02 - 002730637 _____ C:\Users\George\Downloads\recorded-1591967364903.MP4
2025-01-23 21:02 - 2025-01-23 21:02 - 000148201 _____ C:\Users\George\Downloads\cm-chat-media-video-1_53d29437-de4c-54dc-add1-57df9f2591ce_5182_0_0.MP4
2025-01-23 21:01 - 2025-01-23 21:01 - 000454971 _____ C:\Users\George\Downloads\97309218375c47f191eb9ffc561ab73a.MP4
2025-01-23 20:59 - 2025-01-23 20:59 - 000302586 _____ C:\Users\George\Downloads\F36A1744-4588-4CBC-9F3F-41D8F673A544.JPEG
2025-01-23 20:59 - 2025-01-23 20:59 - 000116452 _____ C:\Users\George\Downloads\9DBCB5B8-3B14-4B82-8B18-E4F4ADC3B0FE.JPEG
2025-01-23 20:58 - 2025-01-23 20:58 - 000371128 _____ C:\Users\George\Downloads\7f34b05f78bb4a67ade6fd7c76d9cead.MP4
2025-01-23 20:58 - 2025-01-23 20:58 - 000282420 _____ C:\Users\George\Downloads\IMG_2584.JPEG
2025-01-23 20:57 - 2025-01-23 20:57 - 000215897 _____ C:\Users\George\Downloads\D2E05845-22C9-4443-B493-D1285DDD0F34.JPEG
2025-01-23 20:56 - 2025-01-23 20:56 - 004547172 _____ C:\Users\George\Downloads\IMG_2535.MP4
2025-01-23 20:56 - 2025-01-23 20:56 - 000197620 _____ C:\Users\George\Downloads\3917ab91-bf62-4d1a-8cd0-d16bdcacf51e.JPEG
2025-01-23 20:55 - 2025-01-23 20:55 - 000048203 _____ C:\Users\George\Downloads\af66e137-0b8b-451d-bb8e-f5c1083abb4e.JPEG
2025-01-23 20:52 - 2025-01-23 20:52 - 000173805 _____ C:\Users\George\Downloads\a2aff766-543b-44ea-921a-67686fbeb2bb.JPEG
2025-01-23 20:51 - 2025-01-23 20:51 - 013929862 _____ C:\Users\George\Downloads\IMG_8595.MP4
2025-01-23 20:50 - 2025-01-23 20:50 - 000244560 _____ C:\Users\George\Downloads\cm-chat-media-video-1_53d29437-de4c-54dc-add1-57df9f2591ce_3766_1_0.MP4
2025-01-23 20:50 - 2025-01-23 20:50 - 000237103 _____ C:\Users\George\Downloads\cm-chat-media-video-1_4b3b4927-045d-5607-9a6f-67fff24af273_81_0_0.MP4
2025-01-23 20:49 - 2025-01-23 20:49 - 020549579 _____ C:\Users\George\Downloads\BC24AE5F-1D60-475C-BFFE-E83A4CCFA069.MP4
2025-01-23 20:49 - 2025-01-23 20:49 - 002333784 _____ C:\Users\George\Downloads\IMG_0917.MP4
2025-01-23 20:48 - 2025-01-23 20:48 - 000783762 _____ C:\Users\George\Downloads\IMG_0740.JPEG
2025-01-23 20:48 - 2025-01-23 20:48 - 000754348 _____ C:\Users\George\Downloads\IMG_0399.JPEG
2025-01-23 20:47 - 2025-01-23 20:47 - 001276177 _____ C:\Users\George\Downloads\VID_69880529_152541_611.MP4
2025-01-23 20:47 - 2025-01-23 20:47 - 000080151 _____ C:\Users\George\Downloads\IMG_20211205_022831_598.JPEG
2025-01-23 20:46 - 2025-01-23 20:46 - 000352424 _____ C:\Users\George\Downloads\Screenshot_20211129-203441_WhatsApp.JPEG
2025-01-23 20:45 - 2025-01-23 20:45 - 000754113 _____ C:\Users\George\Downloads\Snapchat-1051254761.MP4
2025-01-23 20:04 - 2025-01-24 13:34 - 002305440 _____ C:\Users\George\Downloads\CapCut_7441457733406162999_installer.exe
2025-01-23 19:16 - 2025-02-06 13:16 - 000000000 ____D C:\Users\George\AppData\Local\Malwarebytes
2025-01-23 19:16 - 2025-01-23 19:16 - 000002100 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2025-01-23 19:16 - 2025-01-23 19:16 - 000002088 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2025-01-23 19:16 - 2025-01-23 19:16 - 000000000 ____D C:\ProgramData\Malwarebytes
2025-01-23 19:16 - 2025-01-23 19:16 - 000000000 ____D C:\Program Files\Malwarebytes
2025-01-23 19:14 - 2025-01-23 19:14 - 000000000 ____D C:\Users\George\AppData\Roaming\Manage
2025-01-23 19:14 - 2025-01-23 19:14 - 000000000 ____D C:\Users\George\AppData\LocalLow\boost_interprocess
2025-01-23 16:44 - 2025-01-24 10:40 - 000000000 ____D C:\ProgramData\Wondershare
2025-01-23 16:44 - 2025-01-23 16:46 - 000000000 ____D C:\ProgramData\Wondershare Filmora
2025-01-23 16:44 - 2025-01-23 16:45 - 000000000 ____D C:\Users\George\AppData\Roaming\Wondershare
2025-01-23 16:44 - 2025-01-23 16:44 - 000001468 _____ C:\Users\George\Desktop\Wondershare Filmora 14.lnk
2025-01-23 16:44 - 2025-01-23 16:44 - 000000000 ____D C:\Voiceover
2025-01-23 16:44 - 2025-01-23 16:44 - 000000000 ____D C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wondershare
2025-01-23 16:44 - 2025-01-23 16:44 - 000000000 ____D C:\Users\George\AppData\Local\Wondershare
2025-01-23 16:44 - 2024-12-06 15:49 - 000754688 _____ C:\Windows\system32\FilmoraContextMenu.dll
2025-01-23 16:42 - 2025-01-23 16:44 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2025-01-23 16:41 - 2025-01-23 16:41 - 002074096 _____ C:\Users\George\Downloads\filmora-idco_setup_full1901.exe
2025-01-23 16:39 - 2025-01-23 16:39 - 031122059 _____ C:\Users\George\Downloads\130426-746957113_1.mp4
2025-01-23 16:38 - 2025-01-23 16:38 - 030923534 _____ C:\Users\George\Downloads\130426-746957113.mp4
2025-01-22 21:19 - 2025-01-22 21:19 - 000000000 ____D C:\Users\George\AppData\Roaming\.HitPawVideoEnhancerCache
2025-01-22 21:11 - 2025-02-05 15:26 - 000000000 ____D C:\Users\George\AppData\Local\HitPaw Software
2025-01-22 21:11 - 2025-01-22 21:11 - 000000000 ____D C:\Users\George\downloadtemp
2025-01-22 21:11 - 2025-01-22 21:11 - 000000000 ____D C:\Users\George\AppData\Roaming\TSHelpService
2025-01-22 21:10 - 2025-02-05 15:25 - 000000000 ____D C:\Program Files (x86)\HitPaw
2025-01-22 21:10 - 2025-01-22 21:10 - 002882816 _____ (HitPaw) C:\Users\George\Downloads\hitpaw-vikpea-bing_11737580208101781601.exe
2025-01-22 17:27 - 2025-01-22 17:29 - 1370361625 _____ C:\Users\George\Downloads\Adobe Media Encoder 2024 (1).zip
2025-01-22 17:00 - 2025-01-22 17:00 - 009373989 _____ C:\Users\George\Downloads\bjorn ironside _ scp swalesprods _ #bjornironside #vikings #viking #fyp #forupage #edit #ragnarlothbrok @ᴀꜱᴏɪᴀꜰ ᴇᴅɪᴛᴏʀ @lucassproductions @✧ @♘ @drkvfxs ✯ @𝐀𝐒𝐂𝐄𝐍𝐒𝐈𝐎𝐍  @-LUCAS- @꧁꫱꧂ 𝒦𝒾𝓇𝒶 ꧁꫱꧂ ıllıllı @.mp4
2025-01-21 20:36 - 2025-01-21 20:36 - 000000000 ____D C:\Users\George\AppData\Roaming\mssdk
2025-01-21 20:36 - 2025-01-21 20:36 - 000000000 ____D C:\Users\George\AppData\Local\VEDetector
2025-01-20 20:22 - 2025-01-20 20:22 - 000254958 _____ C:\Users\George\Downloads\banana gun-3790-1-0-1709118194.zip
2025-01-20 20:02 - 2025-01-20 20:03 - 069790930 _____ C:\Users\George\Downloads\Hoodie-3938-1-2-1722611123.rar
2025-01-20 19:54 - 2025-01-20 19:55 - 242212572 _____ C:\Users\George\Downloads\SAS-1724-1-0-1661635825.rar
2025-01-20 00:27 - 2025-01-20 00:27 - 000560002 _____ C:\Users\George\Downloads\Anakin and obi 1.aep
2025-01-19 23:24 - 2025-01-19 23:24 - 003863976 _____ C:\Users\George\Downloads\#!Sat_Uᴘ--9957__Ṕ@$$wØrḌ!#.zip
2025-01-19 22:37 - 2025-01-19 22:37 - 000316008 _____ (Gen Digital Inc.) C:\Windows\system32\nllBoot.exe
2025-01-19 22:37 - 2025-01-19 22:37 - 000053048 _____ (Gen Digital Inc.) C:\Windows\system32\icarus_rvrt.exe
2025-01-19 22:37 - 2025-01-19 22:37 - 000002142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton VPN Standard.lnk
2025-01-19 22:37 - 2025-01-19 22:37 - 000002130 _____ C:\Users\Public\Desktop\Norton VPN Standard.lnk
2025-01-19 22:37 - 2025-01-19 22:37 - 000000000 ____D C:\Users\George\AppData\Roaming\Norton
2025-01-19 22:37 - 2025-01-19 22:37 - 000000000 ____D C:\Program Files\Norton
2025-01-19 22:37 - 2025-01-19 22:37 - 000000000 ____D C:\Program Files\Common Files\Norton
2025-01-19 22:34 - 2025-01-19 22:37 - 000000000 ____D C:\Windows\system32\Tasks\Norton
2025-01-19 22:33 - 2025-01-19 22:33 - 001928936 _____ (Gen Digital Inc.) C:\Users\George\Downloads\norton_vpn_online_setup.exe
2025-01-19 21:49 - 2025-01-19 21:51 - 682171536 _____ C:\Users\George\Downloads\Topaz Video AI 3.3.10 (Win).zip
2025-01-19 21:01 - 2025-01-19 21:01 - 035120113 _____ C:\Users\George\Downloads\Untitled video - Made with Clipchamp (5).mp4
2025-01-19 20:55 - 2025-01-22 17:33 - 000001149 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder 2024.lnk
2025-01-19 20:40 - 2025-01-19 20:46 - 1370361625 _____ C:\Users\George\Downloads\Adobe Media Encoder 2024.zip
2025-01-19 20:25 - 2025-01-19 20:25 - 002660505 _____ C:\Users\George\Downloads\Untitled video - Made with Clipchamp (4).mp4
2025-01-19 20:18 - 2025-01-19 20:18 - 008370652 _____ C:\Users\George\Downloads\Untitled video - Made with Clipchamp (3).mp4
2025-01-19 20:10 - 2025-01-19 20:10 - 003341451 _____ C:\Users\George\Downloads\Untitled video - Made with Clipchamp (2).mp4
2025-01-19 20:02 - 2025-01-19 20:02 - 010466038 _____ C:\Users\George\Downloads\Untitled video - Made with Clipchamp (1).mp4
2025-01-19 19:48 - 2025-01-19 19:49 - 002371564 _____ C:\Users\George\Downloads\Untitled video - Made with Clipchamp.mp4
2025-01-19 19:40 - 2025-01-19 19:40 - 000001545 _____ C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\4K Video Downloader+.lnk
2025-01-19 19:27 - 2025-02-05 15:26 - 000000000 ____D C:\Users\George\AppData\Local\cache
2025-01-19 19:27 - 2025-01-26 15:23 - 000000000 ____D C:\Users\George\AppData\Local\4kdownload.com
2025-01-19 19:27 - 2025-01-26 15:23 - 000000000 ____D C:\Program Files\4KDownload
2025-01-19 19:27 - 2025-01-24 21:32 - 000000996 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Video Downloader+.lnk
2025-01-19 19:27 - 2025-01-24 21:32 - 000000984 _____ C:\Users\Public\Desktop\4K Video Downloader+.lnk
2025-01-19 19:27 - 2025-01-19 19:27 - 000832120 _____ (Open Media LLC) C:\Users\George\Downloads\4kvideodownloaderplus_1.10.5_x64_online.exe
2025-01-19 18:15 - 2025-01-19 20:56 - 000000000 ____D C:\Users\George\AppData\Roaming\com.adobe.dunamis
2025-01-19 18:14 - 2025-01-19 20:56 - 000000000 ____D C:\Users\George\Documents\Adobe
2025-01-19 17:39 - 2025-01-19 17:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxon
2025-01-19 17:36 - 2025-01-19 17:40 - 000000000 ____D C:\Program Files\Maxon Cinema 4D 2024
2025-01-19 17:35 - 2025-02-05 15:25 - 000000000 ____D C:\Program Files\Adobe
2025-01-19 17:35 - 2025-01-19 17:35 - 000000000 ____D C:\Program Files (x86)\Adobe
2025-01-19 17:34 - 2025-02-05 15:25 - 000000000 ____D C:\Users\George\AppData\Local\Adobe
2025-01-19 17:34 - 2025-02-05 15:25 - 000000000 ____D C:\ProgramData\Adobe
2025-01-19 17:34 - 2025-02-05 15:25 - 000000000 ____D C:\Program Files\Common Files\Adobe
2025-01-19 17:33 - 2025-01-19 17:33 - 000000000 ____D C:\Users\George\AppData\Local\OneDrive
2025-01-19 17:29 - 2025-01-19 17:29 - 003742184 _____ (Alexander Roshal) C:\Users\George\Downloads\winrar-x64-710b3.exe
2025-01-19 17:29 - 2025-01-19 17:29 - 000000000 ____D C:\Users\George\AppData\Roaming\WinRAR
2025-01-19 17:29 - 2025-01-19 17:29 - 000000000 ____D C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2025-01-19 17:29 - 2025-01-19 17:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2025-01-19 17:29 - 2025-01-19 17:29 - 000000000 ____D C:\Program Files\WinRAR
2025-01-19 17:06 - 2025-01-19 17:06 - 000025127 _____ C:\Users\George\Downloads\pakchunk99-Mods_lessRecoil[AIO]_P.pak
2025-01-19 17:05 - 2025-01-19 17:05 - 000003565 _____ C:\Users\George\Downloads\pakchunk99-Mods_NoMercy_P.pak
2025-01-19 13:41 - 2025-01-19 13:41 - 000000000 ____D C:\Users\George\AppData\LocalLow\TheGameBakers
2025-01-18 21:10 - 2025-01-18 21:10 - 000000000 ____D C:\Users\Public\mod.io
2025-01-18 21:09 - 2025-01-18 21:09 - 188813587 _____ C:\Users\George\Downloads\pakchunk9999-Mods_CazanusVisceralBlud_P.pak
2025-01-18 21:09 - 2025-01-18 21:09 - 000724434 _____ C:\Users\George\Downloads\pakchunk99-Mods_Gunfighter_5_AIO_P.pak
2025-01-18 21:09 - 2025-01-18 21:09 - 000342343 _____ C:\Users\George\Downloads\pakchunk998-Mods_BAL_UE5_Customization-Unlocked_P.pak
2025-01-18 21:06 - 2025-01-18 21:06 - 000000000 ____D C:\Users\George\AppData\Local\mod.io
2025-01-18 21:02 - 2025-01-24 22:52 - 000000000 ____D C:\Users\George\AppData\Local\ReadyOrNot
2025-01-18 20:52 - 2025-01-18 20:52 - 000028194 _____ C:\Users\George\Downloads\pakchunk9999-Mods_HE-125Slots_P.pak
2025-01-18 20:52 - 2025-01-18 20:52 - 000028194 _____ C:\Users\George\Downloads\pakchunk9999-Mods_HE-125Slots_P (1).pak
2025-01-17 21:51 - 2025-01-17 21:51 - 000000000 ___SH C:\Users\Public\Shared Files
2025-01-17 21:44 - 2025-01-17 21:44 - 000000000 ____D C:\Users\George\AppData\Local\FortniteGame
2025-01-17 21:44 - 2025-01-17 21:44 - 000000000 ____D C:\Users\George\AppData\Local\CrashReportClient
2025-01-17 21:16 - 2025-01-17 21:16 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2025-01-15 13:03 - 2025-01-15 13:03 - 000000000 ____D C:\Users\George\AppData\LocalLow\LuckyVR
2025-01-15 13:03 - 2025-01-15 13:03 - 000000000 ____D C:\Users\George\AppData\Local\AWSToolkit
2025-01-13 12:52 - 2025-01-17 21:44 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat_EOS
2025-01-13 12:52 - 2025-01-13 12:52 - 000000000 ____D C:\Users\George\AppData\LocalLow\Facepunch Studios LTD
2025-01-13 12:52 - 2025-01-13 12:52 - 000000000 ____D C:\Users\George\AppData\Local\GameAnalytics
2025-01-12 18:37 - 2025-01-12 18:37 - 000000000 ____D C:\Users\George\AppData\Roaming\fltk.org
2025-01-12 18:37 - 2025-01-12 18:37 - 000000000 ____D C:\ProgramData\fltk.org
2025-01-12 00:19 - 2025-01-12 00:19 - 000000000 ____D C:\Users\George\AppData\Roaming\Microsoft\MMC
2025-01-11 17:42 - 2025-01-11 17:43 - 000000000 ____D C:\Users\George\AppData\Local\Ubisoft
2025-01-09 20:35 - 2025-01-19 22:34 - 000000000 ____D C:\Windows\system32\Tasks\Remediation
2025-01-09 17:06 - 2025-01-09 17:06 - 000235213 _____ C:\Users\George\Downloads\M4A2E8 Fury.lxf
2025-01-09 16:42 - 2025-01-10 11:38 - 000000000 ____D C:\Users\George\AppData\Local\Norton
2025-01-08 15:06 - 2025-01-08 15:06 - 000000000 ____D C:\Users\George\AppData\Local\ElevatedDiagnostics
2025-01-08 15:03 - 2025-01-08 15:03 - 000000000 ____D C:\ProgramData\LGHUBData
2025-01-08 15:02 - 2025-02-05 20:16 - 000000000 ____D C:\Users\George\AppData\Local\LGHUB
2025-01-08 15:02 - 2025-01-28 13:07 - 000000000 ____D C:\Users\George\AppData\Roaming\G HUB
2025-01-08 15:02 - 2025-01-28 13:04 - 000000000 ____D C:\Users\George\AppData\Roaming\lghub
2025-01-08 15:02 - 2025-01-24 10:39 - 000000000 ____D C:\Program Files\Logi
2025-01-08 15:02 - 2025-01-08 15:02 - 000073040 _____ (Logitech) C:\Windows\system32\Drivers\logi_joy_xlcore.sys
2025-01-08 15:02 - 2025-01-08 15:02 - 000044880 _____ (Logitech) C:\Windows\system32\Drivers\logi_joy_bus_enum.sys
2025-01-08 15:02 - 2025-01-08 15:02 - 000032080 _____ (Logitech) C:\Windows\system32\Drivers\logi_joy_vir_hid.sys
2025-01-08 15:02 - 2025-01-08 15:02 - 000000000 ____D C:\ProgramData\Logishrd
2025-01-08 15:02 - 2025-01-08 15:02 - 000000000 ____D C:\Program Files\Logitech
2025-01-08 15:01 - 2025-01-08 15:02 - 000000000 ____D C:\ProgramData\LGHUB
2025-01-08 15:01 - 2025-01-08 15:01 - 058003352 _____ (Logitech, Inc.) C:\Users\George\Downloads\lghub_installer.exe
2025-01-08 15:01 - 2025-01-08 15:01 - 000000000 ____D C:\Users\George\AppData\Local\Sentry
2025-01-08 13:50 - 2025-02-02 13:33 - 000000000 ____D C:\Program Files\Epic Games
2025-01-08 13:25 - 2025-01-18 21:05 - 000000000 ____D C:\Users\George\AppData\Local\UnrealEngine
2025-01-08 13:25 - 2025-01-15 13:04 - 000000000 ____D C:\Users\George\AppData\Local\Epic Games
2025-01-08 13:25 - 2025-01-08 13:25 - 000000000 ____D C:\Users\George\AppData\Local\UnrealEngineLauncher
2025-01-08 13:25 - 2025-01-08 13:25 - 000000000 ____D C:\Users\George\AppData\Local\EpicGamesLauncher
2025-01-08 13:24 - 2025-01-08 13:26 - 000000000 ____D C:\ProgramData\Epic
2025-01-08 13:24 - 2025-01-08 13:24 - 000001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2025-01-08 13:24 - 2025-01-08 13:24 - 000001258 _____ C:\Users\Public\Desktop\Epic Games Launcher.lnk
2025-01-08 13:24 - 2025-01-08 13:24 - 000000000 ____D C:\Program Files (x86)\Epic Games
2025-01-08 13:22 - 2025-01-08 13:23 - 203468800 _____ C:\Users\George\Downloads\EpicInstaller-17.2.0.msi
2025-01-07 16:44 - 2025-01-07 16:44 - 000000000 ____D C:\Users\Public\Downloads\Norton
2025-01-07 16:36 - 2025-01-07 16:36 - 000000000 ____D C:\Users\George\AppData\Local\Backup
2025-01-07 16:01 - 2025-01-09 20:35 - 000000000 ____D C:\Program Files\Common Files\AV
2025-01-07 15:39 - 2025-01-07 15:39 - 000000000 ___HD C:\OneDriveTemp
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2025-02-06 13:23 - 2022-05-07 05:24 - 000000000 ____D C:\Windows\SystemTemp
2025-02-06 13:21 - 2025-01-06 13:38 - 000000000 ____D C:\Users\George\AppData\Local\Discord
2025-02-06 13:21 - 2025-01-06 13:08 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2398525475-854880265-1321228765-1001
2025-02-06 13:21 - 2025-01-06 13:08 - 000000000 ___RD C:\Users\George\OneDrive
2025-02-06 13:21 - 2022-05-07 05:24 - 000000000 ___HD C:\Program Files\WindowsApps
2025-02-06 13:21 - 2022-05-07 05:24 - 000000000 ____D C:\Windows\AppReadiness
2025-02-06 13:21 - 2022-05-07 05:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-02-06 13:13 - 2025-01-06 13:34 - 000000000 ____D C:\Program Files (x86)\Steam
2025-02-06 11:42 - 2025-01-03 14:32 - 000000000 ____D C:\Windows\system32\SleepStudy
2025-02-06 11:27 - 2025-01-03 14:39 - 005546664 _____ C:\Windows\system32\PerfStringBackup.INI
2025-02-06 11:27 - 2022-05-07 05:22 - 000000000 ____D C:\Windows\INF
2025-02-06 11:22 - 2025-01-06 13:38 - 000000000 ____D C:\Users\George\AppData\Roaming\discord
2025-02-06 11:20 - 2025-01-06 13:07 - 000000000 ____D C:\ProgramData\Norton
2025-02-06 11:20 - 2025-01-03 14:37 - 000000000 ____D C:\ProgramData\NVIDIA
2025-02-06 11:20 - 2025-01-03 14:34 - 000001623 _____ C:\Windows\system32\config\VSMIDK
2025-02-06 11:20 - 2025-01-03 14:32 - 000901328 _____ () C:\Windows\system32\wpbbin.exe
2025-02-06 11:20 - 2025-01-03 14:32 - 000845256 _____ C:\Windows\system32\AsusUpdateCheck.exe
2025-02-06 11:20 - 2025-01-03 14:32 - 000012288 ___SH C:\DumpStack.log.tmp
2025-02-06 11:20 - 2025-01-03 14:32 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2025-02-05 20:33 - 2022-05-07 05:17 - 000786432 _____ C:\Windows\system32\config\BBI
2025-02-05 20:18 - 2025-01-06 13:07 - 000000000 ____D C:\Users\George\AppData\Local\D3DSCache
2025-02-05 20:16 - 2025-01-06 13:38 - 000002255 _____ C:\Users\George\Desktop\Discord.lnk
2025-02-05 20:16 - 2025-01-06 13:21 - 000000000 ____D C:\Users\George\AppData\Local\NVIDIA
2025-02-05 17:06 - 2025-01-03 14:40 - 000000000 ____D C:\Program Files\ASUS
2025-02-05 16:09 - 2025-01-06 13:34 - 000000000 ____D C:\Users\George\AppData\Local\Steam
2025-02-05 15:22 - 2025-01-06 14:46 - 000000000 ____D C:\Users\George\AppData\Local\CrashDumps
2025-02-05 15:22 - 2025-01-06 13:07 - 000000000 ____D C:\Users\George\AppData\LocalLow\NVIDIA
2025-02-05 15:22 - 2025-01-03 14:37 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2025-02-05 15:20 - 2025-01-06 13:07 - 000000000 ____D C:\Users\George\AppData\Local\NVIDIA Corporation
2025-02-05 15:03 - 2025-01-06 13:27 - 000003834 _____ C:\Windows\system32\Tasks\NVIDIA app SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2025-02-05 15:03 - 2025-01-06 13:27 - 000001437 _____ C:\Users\Public\Desktop\NVIDIA.lnk
2025-02-05 15:03 - 2025-01-03 14:37 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2025-02-04 20:52 - 2025-01-06 14:18 - 000000000 ____D C:\Users\George\Documents\My Games
2025-02-04 20:15 - 2025-01-06 13:35 - 000000000 ____D C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2025-02-04 20:08 - 2025-01-06 14:30 - 000000000 ____D C:\Users\George\AppData\Local\Ubisoft Game Launcher
2025-02-04 11:42 - 2022-05-07 05:24 - 000000000 ____D C:\Windows\Registration
2025-02-03 20:58 - 2025-01-03 14:32 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-02-03 20:58 - 2025-01-03 14:32 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2025-01-31 12:05 - 2025-01-06 12:56 - 000000000 ____D C:\Users\George
2025-01-31 11:47 - 2025-01-06 13:07 - 000000000 ____D C:\Users\George\AppData\Local\Packages
2025-01-29 13:59 - 2025-01-06 14:18 - 000000000 ____D C:\Users\George\AppData\Local\BattlEye
2025-01-29 13:59 - 2025-01-03 14:37 - 000000000 ____D C:\ProgramData\Package Cache
2025-01-28 17:25 - 2025-01-06 17:15 - 000000000 ____D C:\Users\George\AppData\Roaming\EasyAntiCheat
2025-01-26 21:47 - 2025-01-06 13:08 - 000000000 ____D C:\Users\George\AppData\Local\PlaceholderTileLogoFolder
2025-01-26 21:39 - 2025-01-06 13:41 - 000000000 ____D C:\XboxGames
2025-01-26 21:39 - 2025-01-03 14:34 - 000000000 ____D C:\ProgramData\Packages
2025-01-25 12:25 - 2025-01-06 13:27 - 003108904 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2025-01-25 12:25 - 2025-01-06 13:27 - 002398760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2025-01-25 12:25 - 2025-01-03 14:37 - 000271912 _____ C:\Windows\system32\FvSDK_x64.dll
2025-01-25 12:25 - 2025-01-03 14:37 - 000245800 _____ C:\Windows\SysWOW64\FvSDK_x86.dll
2025-01-25 12:21 - 2025-01-03 14:32 - 000475224 _____ C:\Windows\system32\FNTCACHE.DAT
2025-01-25 12:05 - 2025-01-03 14:37 - 000180760 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2025-01-25 12:05 - 2025-01-03 14:37 - 000159768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2025-01-25 12:05 - 2025-01-03 14:37 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2025-01-24 11:05 - 2022-05-07 05:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2025-01-23 19:16 - 2022-05-07 05:24 - 000000000 ___HD C:\Windows\ELAMBKUP
2025-01-20 12:19 - 2022-05-07 05:24 - 000000000 ____D C:\ProgramData\USOPrivate
2025-01-20 12:04 - 2022-05-07 05:17 - 000000000 ____D C:\Windows\CbsTemp
2025-01-19 22:34 - 2025-01-06 13:07 - 000000000 ____D C:\ProgramData\NortonInstaller
2025-01-19 22:34 - 2022-05-07 05:17 - 000032768 _____ C:\Windows\system32\config\ELAM
2025-01-19 20:55 - 2025-01-06 13:07 - 000000000 ____D C:\Users\George\AppData\Roaming\Adobe
2025-01-17 21:51 - 2022-05-07 05:24 - 000000000 __SHD C:\Users\Public\Libraries
2025-01-16 22:00 - 2024-08-14 17:23 - 000000000 ____D C:\Windows\system32\Microsoft-Edge-WebView
2025-01-16 22:00 - 2022-05-07 05:24 - 000000000 ____D C:\Windows\SystemResources
2025-01-16 22:00 - 2022-05-07 05:24 - 000000000 ____D C:\Windows\system32\Sgrm
2025-01-16 22:00 - 2022-05-07 05:24 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2025-01-16 22:00 - 2022-05-07 05:24 - 000000000 ____D C:\Windows\system32\appraiser
2025-01-16 22:00 - 2022-05-07 05:24 - 000000000 ____D C:\Windows\DiagTrack
2025-01-16 22:00 - 2022-05-07 05:24 - 000000000 ____D C:\Windows\bcastdvr
2025-01-16 14:41 - 2025-01-06 15:26 - 206927936 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2025-01-16 14:41 - 2025-01-06 15:26 - 000000000 ____D C:\Windows\system32\MRT
2025-01-14 18:39 - 2025-01-03 22:29 - 000000000 ____D C:\Windows\system32\AMD
2025-01-12 18:37 - 2025-01-06 17:15 - 000000000 ____D C:\ProgramData\WarThunder
2025-01-09 17:18 - 2022-05-07 05:24 - 000000000 ____D C:\Windows\system32\AppLocker
2025-01-08 15:02 - 2025-01-06 13:07 - 000000000 ___SD C:\Users\George\AppData\Roaming\Microsoft\Credentials
2025-01-08 13:55 - 2022-05-07 05:24 - 000000000 ____D C:\Windows\system32\SecurityHealth
2025-01-08 13:45 - 2025-01-03 22:28 - 000000000 ____D C:\Windows\Panther
2025-01-07 15:49 - 2025-01-03 14:37 - 000000000 ____D C:\Program Files (x86)\ASUS
2025-01-07 15:49 - 2025-01-03 14:32 - 000000000 ____D C:\ProgramData\ASUS
2025-01-07 15:38 - 2025-01-06 13:07 - 000000000 ____D C:\Users\George\AppData\Local\ConnectedDevicesPlatform
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-02-2025
Ran by George (06-02-2025 13:25:46)
Running from C:\Users\George\Downloads
Microsoft Windows 11 Pro Version 23H2 22631.4751 (X64) (2025-01-06 12:47:32)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-2398525475-854880265-1321228765-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2398525475-854880265-1321228765-503 - Limited - Disabled)
George (S-1-5-21-2398525475-854880265-1321228765-1001 - Administrator - Enabled) => C:\Users\George
Guest (S-1-5-21-2398525475-854880265-1321228765-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2398525475-854880265-1321228765-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4K Tokkit (HKLM\...\{0BBE76AE-D243-456A-8CC2-BA4E51B224CC}) (Version: 2.7.4.0960 - Open Media LLC) Hidden
4K Tokkit (HKLM-x32\...\{1d67ea5c-81e6-437a-898b-e0f14051a1a4}) (Version: 2.7.4.960 - Open Media LLC)
4K Video Downloader+ (HKLM\...\{BEBE6CDF-A16C-467E-BA06-CFAE91562C32}) (Version: 1.10.5.0171 - Open Media LLC) Hidden
4K Video Downloader+ (HKLM-x32\...\{fdfc1deb-f7af-4ec0-942a-263b7d09b224}) (Version: 1.10.5.171 - Open Media LLC)
Adlice Protect version 16.0.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 16.0.1.0 - Adlice Software)
Adobe Media Encoder 2024 (HKLM-x32\...\AME_24_2_1) (Version: 24.2.1 - Adobe Inc.)
AnyUkit 10.8.2 (HKLM-x32\...\AnyUkit) (Version: 10.8.2 - AmoyShare)
ARMOURY CRATE Lite Service (HKLM\...\{EF3944FF-2501-4568-B15C-5701E726719E}) (Version: 5.0.8 - ASUS)
ASUS AIOFan HAL (HKLM\...\{EAE80DED-1A39-41C5-9F60-87CC947F6454}) (Version: 1.1.40.0 - ASUSTek COMPUTER INC.) Hidden
ASUS AIOFan HAL (HKLM-x32\...\{10f6ee35-55c3-46eb-91a6-816ce9af34c7}) (Version: 1.1.40.0 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA Extension Card HAL (HKLM\...\{237E1CAC-1708-4940-AC34-DF15C079AB70}) (Version: 1.1.0.13 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Extension Card HAL (HKLM-x32\...\{c398adfb-d090-4897-8845-baca53f7ecde}) (Version: 1.1.0.13 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Motherboard HAL (HKLM\...\{4EBEAC95-76BC-46A8-8644-6E2F1C87CF70}) (Version: 1.2.7.0 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Motherboard HAL (HKLM-x32\...\{b42ffcda-b685-4ba0-8640-2971ae4a70c6}) (Version: 1.2.7.0 - ASUSTeK COMPUTER INC.) Hidden
ASUS Aura SDK (HKLM\...\{CF8E6E00-9C03-4440-81C0-21FACB921A6B}) (Version: 3.04.11 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA VGA Component (HKLM\...\{71BB96A6-EAC4-45AE-A17D-D3ED43FF1D14}) (Version: 0.0.4.3 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA VGA Component (HKLM-x32\...\{7a0d5159-cb5e-4f66-91f8-bab46f864f14}) (Version: 0.0.4.3 - ASUSTek COMPUTER INC. ) Hidden
ASUS FanCard HAL (HKLM\...\{A7A1C301-E788-4603-9F55-02344F50624F}) (Version: 1.0.6.2 - ASUSTek COMPUTER INC.) Hidden
ASUS FanCard HAL (HKLM-x32\...\{9e790e07-66a9-430d-b0e4-624a5f3a1d96}) (Version: 1.0.6.2 - ASUSTek COMPUTER INC.) Hidden
ASUS Framework Service (HKLM-x32\...\{cf5b2f79-6f67-4543-b5d5-6f1fb9ad6d06}) (Version: 2.1.2.3 - ASUSTek COMPUTER INC.)
ASUS Framework Service (HKLM-x32\...\{EA6A87BE-8AD3-40D2-944C-9DF5FBFF4332}) (Version: 2.1.2.3 - ASUSTek COMPUTER INC.) Hidden
ASUS MB Peripheral Products (HKLM\...\{BFED9861-7D96-4528-89F1-B090ABBF11A7}) (Version: 1.0.35 - ASUSTeK Computer Inc.) Hidden
ASUS MB Peripheral Products (HKLM-x32\...\{193a2068-8738-4276-ab1b-9133f9403487}) (Version: 1.0.35 - ASUSTeK Computer Inc.) Hidden
ASUS Motherboard (HKLM-x32\...\{93795eb8-bd86-4d4d-ab27-ff80f9467b37}) (Version: 3.00.01 - ASUSTek Computer Inc.)
ASUS Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.107.129 - ASUSTeK Computer Inc.) Hidden
AURA DRAM Component (HKLM\...\{9AFE5429-866B-457D-A864-80BCF7672EE8}) (Version: 1.1.16 - ASUS) Hidden
AURA DRAM Component (HKLM-x32\...\{41a78792-5489-400c-a567-b78d40b8c878}) (Version: 1.1.16 - ASUS) Hidden
AURA lighting effect add-on (HKLM-x32\...\{1E2EA04B-FCA7-457E-B6F4-F33E1858E859}) (Version: 0.0.21 - ASUS)
AURA lighting effect add-on x64 (HKLM\...\{C5A4A164-4428-4931-B728-96EEF0FA3C44}) (Version: 0.0.21 - ASUS)
AURA Service (HKLM-x32\...\{0E536061-3B55-4D45-BF58-0BDA261C94B0}) (Version: 3.05.29 - ASUSTeK Computer Inc.) Hidden
AURA Service (HKLM-x32\...\{abff099e-96f5-4bf4-9c6e-6f435f9f6c55}) (Version: 3.05.29 - ASUSTeK Computer Inc.)
CapCut (HKU\S-1-5-21-2398525475-854880265-1321228765-1001\...\CapCut) (Version: 5.7.0.2081 - Bytedance Pte. Ltd.)
CurseForge 1.271.0-23001 (HKU\S-1-5-21-2398525475-854880265-1321228765-1001\...\ca0e291c-abd4-5fc3-b6a0-3d4333eccbd7) (Version: 1.271.0-23001 - Overwolf)
Discord (HKU\S-1-5-21-2398525475-854880265-1321228765-1001\...\Discord) (Version: 1.0.9003 - Discord Inc.)
ENE RGB HAL (HKLM\...\{E050E98C-5524-4AFB-9E53-97700BEF2C02}) (Version: 1.1.39.5 - Ene Tech.) Hidden
ENE RGB HAL (HKLM-x32\...\{09239bb1-d62b-4710-991f-f8cf987be42b}) (Version: 1.1.39.5 - Ene Tech.) Hidden
ENE_EHD_M2_HAL (HKLM\...\{37A48B7F-D4EA-4863-844E-A284E2AA3C5D}) (Version: 1.0.9.6 - ENE TECHNOLOGY INC.) Hidden
ENE_EHD_M2_HAL (HKLM-x32\...\{fb849319-e131-4301-9dc9-458db90abe1d}) (Version: 1.0.9.6 - ENE TECHNOLOGY INC.) Hidden
Epic Games Launcher (HKLM-x32\...\{C5C3EE71-4047-4144-946E-18D500510CB5}) (Version: 1.3.128.0 - Epic Games, Inc.)
Epic Online Services (HKLM-x32\...\{5122B8BC-D6DF-48FF-8D4E-15A63EEC5073}) (Version: 2.8.1 - Epic Games, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 132.0.6834.160 - Google LLC)
HandBrake 1.9.0 (HKLM-x32\...\HandBrake) (Version: 1.9.0 - )
iCloud Outlook (HKLM\...\{76DBE4BD-97A4-4657-A75F-4DA83272360F}) (Version: 15.3.0.138 - Apple Inc.)
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Kingston AURA DRAM Component (HKLM\...\{965CDF5F-901C-476F-B3A8-7396701B1129}) (Version: 1.1.12 - KINGSTON COMPONENTS INC.) Hidden
Kingston AURA DRAM Component (HKLM-x32\...\{2237a879-7fa4-4e21-ae3b-00f6a649b9d9}) (Version: 1.1.12 - KINGSTON COMPONENTS INC.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: 2025.1.673329 - Logitech)
Malwarebytes version 5.2.5.158 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.2.5.158 - Malwarebytes)
Maxon Cinema 4D 2024 (HKLM\...\Maxon Cinema 4D 2024) (Version: 2024 - Maxon)
Microsoft .NET Host - 8.0.12 (x64) (HKLM\...\{C4C6E39D-48AE-426C-960C-46ED3447DDEB}) (Version: 64.48.26165 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 8.0.12 (x64) (HKLM\...\{C9C872D5-3CA9-4E0E-AF90-1B85325F9243}) (Version: 64.48.26165 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 8.0.12 (x64) (HKLM\...\{1E606649-7E56-452F-8AC4-495C70D1E341}) (Version: 64.48.26165 - Microsoft Corporation) Hidden
Microsoft 365 Apps for enterprise - en-gb (HKLM\...\O365ProPlusRetail - en-gb) (Version: 16.0.18324.20194 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 132.0.2957.140 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 132.0.2957.140 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2016 - hu-hu (HKLM\...\ProPlusRetail - hu-hu) (Version: 16.0.18324.20194 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 25.005.0112.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (HKLM\...\{764384C5-BCA9-307C-9AAC-FD443662686A}) (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (HKLM\...\{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}) (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.42.34433 (HKLM-x32\...\{804e7d66-ccc2-4c12-84ba-476da31d103d}) (Version: 14.42.34433.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.42.34433 (HKLM-x32\...\{e7802eac-3305-4da0-9378-e55d1ed05518}) (Version: 14.42.34433.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.42.34433 (HKLM\...\{E1902FC6-C423-4719-AB8A-AC7B2694B367}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.42.34433 (HKLM\...\{382F1166-A409-4C5B-9B1E-85ED538B8291}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.42.34433 (HKLM-x32\...\{84E3E712-6343-484B-8B6C-9F145F019A70}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.42.34433 (HKLM-x32\...\{C2BB95AA-90F3-4891-81C1-A7E565BB836C}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 8.0.12 (x64) (HKLM\...\{71CD19D6-C448-4B5D-9A38-018741753290}) (Version: 64.48.26178 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 8.0.12 (x64) (HKLM-x32\...\{aafaa0cc-b975-4ffa-ba33-8690e64683c4}) (Version: 8.0.12.34404 - Microsoft Corporation)
Nagyvállalati Microsoft 365-alkalmazások - hu-hu (HKLM\...\O365ProPlusRetail - hu-hu) (Version: 16.0.18324.20194 - Microsoft Corporation)
Norton VPN Standard (HKLM\...\Norton 360) (Version: 24.12.9725.1248 - Gen Digital Inc.)
NVIDIA app 11.0.2.312 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NvApp) (Version: 11.0.2.312 - NVIDIA Corporation)
NVIDIA FrameView SDK 1.5.10819.35301613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.5.10819.35301613 - NVIDIA Corporation)
NVIDIA Graphics Driver 572.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 572.16 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.4.3.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.4.3.2 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.23.1019 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.23.1019 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.18324.20194 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.18324.20194 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.18324.20168 - Microsoft Corporation) Hidden
Patriot Viper DRAM RGB (HKLM\...\{1F9C282E-CCB4-4D8E-A5CB-7B74DFCD8C95}) (Version: 1.0.9.2 - Patriot Memory) Hidden
Patriot Viper DRAM RGB (HKLM-x32\...\{fdc098ce-d76c-4e2e-a0a6-01a24e9a1f7d}) (Version: 1.0.9.2 - Patriot Memory)
Patriot Viper M2 SSD RGB (HKLM\...\{8B4C0A3D-C135-4E1F-98D8-3926494B4D61}) (Version: 1.0.6.5 - Patriot Memory) Hidden
Patriot Viper M2 SSD RGB (HKLM-x32\...\{387596e5-692e-4baf-bec2-3338d555df7a}) (Version: 1.0.6.5 - Patriot Memory)
PHISON HAL (HKLM\...\{966E33F0-6786-4B38-AA29-C1B3F6C1955D}) (Version: 1.0.9.0 - PHISON Electronics Corp.) Hidden
PHISON HAL (HKLM-x32\...\{549da357-1b81-456b-83f2-dcc47c41dfff}) (Version: 1.0.9.0 - PHISON Electronics Corp.) Hidden
ROG FAN CARD 3 (HKLM-x32\...\{19a626ed-783a-4d0e-8e7b-5fa069ad348b}) (Version: 2.08.07 - ASUSTek Computer Inc.)
ROG Live Service (HKLM\...\{2D87BFB6-C184-4A59-9BBE-3E20CE797631}) (Version: 2.1.5.0 - ASUSTek COMPUTER INC.)
ROG STRIX LC (HKLM-x32\...\{53bdfdff-511a-442d-bcfd-5a251503c720}) (Version: 1.03.13 - ASUSTek Computer Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 10.0.1272 - SUPERAntiSpyware.com)
Topaz Video AI (HKLM\...\{E41A37EA-E32C-4E3B-B2BA-2C9787A1828B}) (Version: 3.3.10 - Topaz Labs LLC)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 157.1.11142 - Ubisoft)
UE Prerequisites (x64) (HKLM\...\{C4175120-313E-467B-AAA7-825979CBAEE7}) (Version: 1.0.20.0 - Epic Games, Inc.) Hidden
UE Prerequisites (x64) (HKLM-x32\...\{b24cae82-bb64-4ad2-820a-dc2c4031c914}) (Version: 1.0.20.0 - Epic Games, Inc.) Hidden
Universal Holtek RGB DRAM (HKLM\...\{826388E4-E31F-4514-948B-3BB954FB3EAF}) (Version: 1.0.0.2 - PD) Hidden
Universal Holtek RGB DRAM (HKLM-x32\...\{6870588f-9f28-488b-a169-cf548ad6b393}) (Version: 1.0.0.2 - PD)
WD_BLACK AN1500 (HKLM\...\{085E2365-0A70-4230-B664-02D5E4FE7E9C}) (Version: 1.0.14.0 - ENE TECHNOLOGY INC.) Hidden
WD_BLACK AN1500 (HKLM-x32\...\{e42c5874-37b0-4977-9e8d-70bf006e1f76}) (Version: 1.0.14.0 - ENE TECHNOLOGY INC.) Hidden
WinRAR 7.10 beta 3 (64-bit) (HKLM\...\WinRAR archiver) (Version: 7.10.3 - win.rar GmbH)
Wondershare Filmora 14(Build 14.3.2.11147) (HKU\S-1-5-21-2398525475-854880265-1321228765-1001\...\Wondershare Filmora 14_is1) (Version:  - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
Wondershare NativePush(Build 1.1.0.0) (HKU\S-1-5-21-2398525475-854880265-1321228765-1001\...\Wondershare NativePush_is1) (Version:  - Wondershare Software)
 
Packages:
=========
ARMOURY CRATE -> C:\Program Files\WindowsApps\B9ECED6F.ArmouryCrate_5.9.13.0_x64__qmba6cd70vzyy [2025-01-06] (ASUSTeK COMPUTER INC.)
iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_15.3.138.0_x64__nzyj5cx40ttqa [2025-01-23] (Apple Inc.) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2025-01-06] (Microsoft Corp.)
Minecraft for Windows -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.21.5101.0_x64__8wekyb3d8bbwe [2025-01-26] (Microsoft Studios)
Minecraft Launcher -> C:\Program Files\WindowsApps\Microsoft.4297127D64EC6_2.1.3.0_x64__8wekyb3d8bbwe [2025-01-26] (Microsoft Studios)
Minecraft: Java Edition -> C:\Program Files\WindowsApps\Microsoft.MinecraftJavaEdition_1.0.5.0_x64__8wekyb3d8bbwe [2025-01-26] (Microsoft Studios)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.967.0_x64__56jybvy8sckqj [2025-02-05] (NVIDIA Corp.)
Snapchat -> C:\Program Files\WindowsApps\SnapInc.Snapchat_3.0.1.0_neutral__k1zn018256b8e [2025-01-23] (Snap Inc.)
SpotifyAB.SpotifyMusic -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.256.502.0_x64__zpdnekdrzrea0 [2025-01-31] (Spotify AB) [Startup Task]
TikTok -> C:\Program Files\WindowsApps\BytedancePte.Ltd.TikTok_1.0.5.0_neutral__6yccndn6064se [2025-01-24] (Bytedance Pte. Ltd.)
TranslucentTB -> C:\Program Files\WindowsApps\28017CharlesMilette.TranslucentTB_2024.3.0.0_x64__v826wp6bftszj [2025-02-05] (Charles Milette) [Startup Task]
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2504.2.0_x64__cv1g1gvanyjgm [2025-02-05] (WhatsApp Inc.) [Startup Task]
WinRAR -> C:\Program Files\WinRAR [2025-01-19] (win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2398525475-854880265-1321228765-1001_Classes\CLSID\{14100442-9664-1407-2647-000000000000}\localserver32 -> C:\Users\George\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe (Wondershare Technology Group Co.,Ltd -> Wondershare)
CustomCLSID: HKU\S-1-5-21-2398525475-854880265-1321228765-1001_Classes\CLSID\{1a46400f-4c81-802a-c2c1-1e9a687a9340}\localserver32 -> C:\Program Files\HandBrake\HandBrake.exe (HandBrake Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2398525475-854880265-1321228765-1001_Classes\CLSID\{83560CA7-0D45-48BE-BD3D-76602CDBD01B} -> [iCloud Photos] => C:\Users\George\Pictures\iCloud Photos\Photos [2025-01-23 21:48]
CustomCLSID: HKU\S-1-5-21-2398525475-854880265-1321228765-1001_Classes\CLSID\{FD59DB17-562E-41FC-8FB5-8443CDFE8E6D} -> [iCloud Drive] => C:\Users\George\iCloudDrive [2025-01-23 21:48]
ShellIconOverlayIdentifiers: [    OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2025-01-19] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2025-01-19] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2025-01-19] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [  BUOverlayExcluded] -> {42DE06EE-09E4-4808-A8AA-F63B1D3F6CE5} => C:\Program Files\Norton\Suite\ashShell.dll [2025-01-19] (NortonLifeLock Inc. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers: [  BUOverlayPending] -> {5A4597A9-CC87-4ED2-A7E5-3BC62CF54901} => C:\Program Files\Norton\Suite\ashShell.dll [2025-01-19] (NortonLifeLock Inc. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers: [  BUOverlayProtected] -> {9C11454A-4B5C-4586-B0BB-E51BB6033668} => C:\Program Files\Norton\Suite\ashShell.dll [2025-01-19] (NortonLifeLock Inc. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers: [00nll] -> {472083B2-C522-11CF-8763-00608CC02F24} => C:\Program Files\Norton\Suite\ashShell.dll [2025-01-19] (NortonLifeLock Inc. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers-x32: [    OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [00nll] -> {472083B2-C522-11CF-8763-00608CC02F24} => C:\Program Files\Norton\Suite\ashShell.dll [2025-01-19] (NortonLifeLock Inc. -> Gen Digital Inc.)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2025-01-19] (Adobe Inc. -> )
ContextMenuHandlers1: [ContextMenuHandlerFilmora] -> {5F542218-AF8A-4CF8-8ACA-DF63B73C528D} => C:\Windows\system32\FilmoraContextMenu.dll [2024-12-06] () [File not signed]
ContextMenuHandlers1: [norton] -> {472083B2-C522-11CF-8763-00608CC02F24} => C:\Program Files\Norton\Suite\ashShell.dll [2025-01-19] (NortonLifeLock Inc. -> Gen Digital Inc.)
ContextMenuHandlers3: [00nll] -> {472083B2-C522-11CF-8763-00608CC02F24} => C:\Program Files\Norton\Suite\ashShell.dll [2025-01-19] (NortonLifeLock Inc. -> Gen Digital Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-01-23] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvrfi.inf_amd64_2c09ed8a3f940967\nvshext.dll [2025-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2025-01-19] (Adobe Inc. -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-01-23] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [norton] -> {472083B2-C522-11CF-8763-00608CC02F24} => C:\Program Files\Norton\Suite\ashShell.dll [2025-01-19] (NortonLifeLock Inc. -> Gen Digital Inc.)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2021-12-23 15:51 - 2021-12-23 15:51 - 000477696 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\ffi-napi\prebuilds\win32-ia32\node.napi.node
2021-12-23 15:51 - 2021-12-23 15:51 - 000471040 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\ref-napi\prebuilds\win32-ia32\node.napi.node
2021-12-23 15:51 - 2021-12-23 15:51 - 000454656 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\registry-js\prebuilds\win32-ia32\node.napi.node
2025-01-03 14:41 - 2021-02-18 12:07 - 000085504 _____ () [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\zlib1.dll
2025-01-03 14:40 - 2021-12-10 17:55 - 000093184 _____ () [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\zlibwapi.dll
2021-12-23 15:51 - 2021-12-23 15:51 - 000081920 _____ () [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\WindowID\WindowID.dll
2025-01-23 16:44 - 2024-09-29 14:45 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2025-01-23 16:44 - 2024-09-29 14:45 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2025-01-06 13:34 - 2024-01-26 21:04 - 007470592 _____ () [File not signed] C:\Program Files (x86)\Steam\aom.dll
2025-01-06 13:34 - 2024-01-26 21:04 - 001066496 _____ () [File not signed] C:\Program Files (x86)\Steam\dav1d.dll
2025-01-06 13:34 - 2024-07-11 01:46 - 000701952 _____ () [File not signed] C:\Program Files (x86)\Steam\libavif-16.dll
2025-01-26 21:52 - 2025-02-02 12:06 - 002682880 _____ () [File not signed] C:\Users\George\AppData\Local\Programs\CurseForge Windows\ffmpeg.dll
2025-01-26 21:52 - 2025-02-02 12:06 - 000481280 _____ () [File not signed] C:\Users\George\AppData\Local\Programs\CurseForge Windows\libegl.dll
2025-01-26 21:52 - 2025-02-02 12:06 - 008058368 _____ () [File not signed] C:\Users\George\AppData\Local\Programs\CurseForge Windows\libglesv2.dll
2025-01-26 21:52 - 2025-02-02 12:06 - 005475328 _____ () [File not signed] C:\Users\George\AppData\Local\Programs\CurseForge Windows\vk_swiftshader.dll
2020-05-26 17:08 - 2020-05-26 17:08 - 002831360 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\LightingService\log4cxx.dll
2021-12-27 09:04 - 2021-12-27 09:04 - 000047104 _____ (CTI) [File not signed] C:\Program Files\ENE\Aac_ENE RGB HAL\x86\MsIo32_ENE.dll
2025-01-06 13:34 - 2024-12-03 20:40 - 005378048 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\Steam\libavcodec-61.dll
2025-01-06 13:34 - 2024-12-03 20:40 - 000875008 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\Steam\libavfilter-10.dll
2025-01-06 13:34 - 2024-12-03 20:40 - 001674240 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\Steam\libavformat-61.dll
2025-01-06 13:34 - 2024-12-03 20:40 - 001640960 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\Steam\libavutil-59.dll
2025-01-06 13:34 - 2024-12-03 20:40 - 000630272 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\Steam\libswresample-5.dll
2025-01-06 13:34 - 2024-12-03 20:40 - 001092608 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\Steam\libswscale-8.dll
2025-01-03 14:41 - 2021-02-18 12:07 - 000287232 _____ (The curl library, hxxps://curl.haxx.se/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\libcurl.dll
2025-01-03 14:41 - 2021-02-18 12:07 - 003394560 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\libcrypto-1_1-x64.dll
2025-01-03 14:41 - 2021-02-18 12:07 - 002281984 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\LIBEAY32.dll
2025-01-03 14:41 - 2021-02-18 12:07 - 000679424 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\libssl-1_1-x64.dll
2025-01-03 14:41 - 2021-02-18 12:07 - 000361472 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\SSLEAY32.dll
2025-01-03 14:40 - 2021-12-10 17:55 - 003394560 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\libcrypto-1_1-x64.dll
2025-01-03 14:40 - 2021-12-10 17:55 - 000679424 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\libssl-1_1-x64.dll
2025-01-23 16:44 - 2024-09-29 14:45 - 000708096 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\George\Downloads\4ktokkit_2.7.4_x64_online (1).exe:MBAM.Zone.Identifier [151]
AlternateDataStreams: C:\Users\George\Downloads\4kvideodownloaderplus_1.10.5_x64_online (1).exe:MBAM.Zone.Identifier [165]
AlternateDataStreams: C:\Users\George\Downloads\anyukit-win.exe:MBAM.Zone.Identifier [151]
AlternateDataStreams: C:\Users\George\Downloads\CapCut_7441457733406162999_installer.exe:MBAM.Zone.Identifier [59]
AlternateDataStreams: C:\Users\George\Downloads\capcut_capcutpc_invitefission_1.2.7_installer.exe:MBAM.Zone.Identifier [189]
AlternateDataStreams: C:\Users\George\Downloads\ChromeSetup.exe:MBAM.Zone.Identifier [387]
AlternateDataStreams: C:\Users\George\Downloads\CurseForge Windows - Installer.exe:MBAM.Zone.Identifier [195]
AlternateDataStreams: C:\Users\George\Downloads\HandBrake-1.9.0-x86_64-Win_GUI.exe:MBAM.Zone.Identifier [566]
AlternateDataStreams: C:\Users\George\Downloads\mmm-setup.exe:MBAM.Zone.Identifier [125]
AlternateDataStreams: C:\Users\George\Downloads\OfficeSetup.exe:MBAM.Zone.Identifier [237]
AlternateDataStreams: C:\Users\George\Downloads\RogueKiller_setup (1).exe:MBAM.Zone.Identifier [185]
AlternateDataStreams: C:\Users\George\Downloads\Snapchat Installer.exe:MBAM.Zone.Identifier [63]
AlternateDataStreams: C:\Users\George\Downloads\SUPERAntiSpyware.exe:MBAM.Zone.Identifier [92]
AlternateDataStreams: C:\Users\George\Downloads\TikTok Installer.exe:MBAM.Zone.Identifier [63]
AlternateDataStreams: C:\Users\George\Downloads\WhatsApp Installer.exe:MBAM.Zone.Identifier [152]
AlternateDataStreams: C:\Users\George\Downloads\windowsdesktop-runtime-8.0.12-win-x64.exe:MBAM.Zone.Identifier [246]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [4288]
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\nllSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nllSP.sys => ""="Driver"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) =============
 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2025-01-24] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2025-01-24] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2025-01-24] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2025-01-24] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2025-01-24] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2025-01-24] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2025-01-24] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2025-01-24] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2398525475-854880265-1321228765-1001\...\sharepoint.com -> hxxps://midkentcollege-files.sharepoint.com
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2022-05-07 05:24 - 2022-05-07 05:22 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64\compiler;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA app\NvDLISR;C:\Program Files\dotnet\
HKU\S-1-5-21-2398525475-854880265-1321228765-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\George\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\Microsoft\IrisService\14860579008521974080\133828833997050959.jpg
DNS Servers: 192.168.10.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
Network Binding:
=============
WiFi: Realtek 8852BE Wireless LAN WiFi 6 PCI-E NIC -> rtwlane601.sys
Ethernet: Realtek Gaming 2.5GbE Family Controller -> rt640x64.sys
Bluetooth Network Connection: Bluetooth Device (Personal Area Network) -> bthpan.sys
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{904C411E-F96A-47E0-8395-6F8184773620}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe (ASUSTeK Computer Inc. -> ASUS)
FirewallRules: [{D9AE05E9-AA68-4ECE-93D1-F53AC0A736B3}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
FirewallRules: [{281325F4-2D73-43D4-893A-69B6DC8BA4AD}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmouryHtmlDebugServer.exe (ASUSTeK Computer Inc. -> ASUS)
FirewallRules: [{38406B6B-C0A6-4F7D-A4CE-2FBD0F71B23A}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24334.1103.3302.5694_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BA7687AA-F172-4373-A01F-F9CAF1CDF33D}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24334.1103.3302.5694_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{863391D0-D046-4051-B44A-8EFE3655F458}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{33536E5A-64AC-4C97-9500-C3A783C4EA78}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{99BFECE1-1661-493E-A047-63DB3933D9DB}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{84CC256B-85AE-47F8-80E4-AA34AD967B28}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{511AAE6C-AFE7-41CA-923B-DD36376584B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe (Skutta Software GmbH -> )
FirewallRules: [{5DD11117-A24D-463D-B893-471B93A6C65C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe (Skutta Software GmbH -> )
FirewallRules: [{29054ADA-8433-4E15-83B3-0F3B46BF4EC8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War Thunder\eac_wt_mlauncher.exe (Gaijin Entertainment) [File not signed]
FirewallRules: [{EAF799D3-DF41-47C6-B73A-5177EE81FED3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War Thunder\eac_wt_mlauncher.exe (Gaijin Entertainment) [File not signed]
FirewallRules: [{6683DEA9-952B-4729-BE96-2C5920CA80A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War Thunder\launcher.exe (GAIJIN NETWORK LTD -> Gaijin)
FirewallRules: [{8C2A17E1-47CE-4230-A910-E5C9CECDBE97}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War Thunder\launcher.exe (GAIJIN NETWORK LTD -> Gaijin)
FirewallRules: [TCP Query User{0A9B6556-900C-4C02-A2A7-FD5ADB609EC0}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe (GAIJIN NETWORK LTD -> Gaijin Entertainment)
FirewallRules: [UDP Query User{78E314C6-DF58-4473-8DB8-3A94BE11D5C7}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe (GAIJIN NETWORK LTD -> Gaijin Entertainment)
FirewallRules: [{A8A02E9B-4E99-4070-8BB5-8EAC6B282667}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Buckshot Roulette\Buckshot Roulette_windows\Buckshot Roulette.exe (Mike Klubnika) [File not signed]
FirewallRules: [{E32101B6-39AD-4047-8E92-3C78A51CA829}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Buckshot Roulette\Buckshot Roulette_windows\Buckshot Roulette.exe (Mike Klubnika) [File not signed]
FirewallRules: [{B4A51DE5-D380-4FC0-B49A-B5A11E983A26}] => (Allow) C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
FirewallRules: [{5EB5E61D-23B1-4ED3-9687-5386D0BE5F99}] => (Allow) C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
FirewallRules: [{EBAE04E1-C6BD-4CFD-9A31-6B740054E64F}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe => No File
FirewallRules: [{582F90B1-4377-4869-8EAC-5A218EC24AD5}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe => No File
FirewallRules: [{97351440-DD16-4540-B252-DCE76DCB51FC}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe => No File
FirewallRules: [{0919CFA6-1633-49CF-98BF-8FCE1DD30F13}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe => No File
FirewallRules: [{10EEE460-C9CB-457C-9085-EA4897DA4212}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix_DX11.exe => No File
FirewallRules: [{3121491F-42CE-4D19-848E-3949DE620872}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix_DX11.exe => No File
FirewallRules: [{CC3AD8DB-928F-4D87-A1BA-C5578B8C89F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ready Or Not\Engine\Binaries\Win64\CrashReporter.exe => No File
FirewallRules: [{63C3BA27-98E5-492F-8302-86A506E68E88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ready Or Not\Engine\Binaries\Win64\CrashReporter.exe => No File
FirewallRules: [{E53E42F1-0D69-448A-8E86-562A4DA00A7B}] => (Allow) C:\Program Files\Norton\Suite\NortonUI.exe (NortonLifeLock Inc. -> Gen Digital Inc.)
FirewallRules: [{E06BCDC2-C2F0-443E-8338-C814B5C38034}] => (Allow) C:\Program Files\Norton\Suite\NortonUI.exe (NortonLifeLock Inc. -> Gen Digital Inc.)
FirewallRules: [TCP Query User{A3012A8F-6B68-4382-9088-45E669EC38F5}C:\users\george\appdata\local\capcut\apps\5.5.0.2028\capcut.exe] => (Allow) C:\users\george\appdata\local\capcut\apps\5.5.0.2028\capcut.exe (Bytedance Pte. Ltd. -> ByteDance)
FirewallRules: [UDP Query User{BE33A590-4871-4C1A-8DC7-8AB4CBE88B14}C:\users\george\appdata\local\capcut\apps\5.5.0.2028\capcut.exe] => (Allow) C:\users\george\appdata\local\capcut\apps\5.5.0.2028\capcut.exe (Bytedance Pte. Ltd. -> ByteDance)
FirewallRules: [{AC967B42-DFD7-4B9D-B42E-2798BDB2AA9C}] => (Allow) C:\Users\George\Downloads\hitpaw-vikpea-bing_11737580208101781601.exe (HITPAW CO., LIMITED -> HitPaw)
FirewallRules: [{D20750F1-9239-4C57-BBE5-CB85C2C24113}] => (Allow) C:\Users\George\Downloads\hitpaw-vikpea-bing_11737580208101781601.exe (HITPAW CO., LIMITED -> HitPaw)
FirewallRules: [{7392BE3D-E06A-45DD-981A-3243C37AD011}] => (Allow) C:\Users\George\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe (Wondershare Technology Group Co.,Ltd -> Wondershare)
FirewallRules: [{557FC47E-6BDB-4FC0-8BE3-4BC075129E8B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A23E4016-0B7A-47DC-9781-5A4A071525D0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CA42211E-8F13-47E6-917F-1ABC8D8B7C19}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{29D9141F-8C04-4710-9C26-2BA1D964FD20}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{59947B4E-ACF8-4CFE-962B-E065EE9EA8A5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{5A135330-CDD6-4B39-8945-8BE40D0BD8C6}C:\xboxgames\ark- survival ascended\content\shootergame\binaries\wingdk\arkascended.exe] => (Allow) C:\xboxgames\ark- survival ascended\content\shootergame\binaries\wingdk\arkascended.exe => No File
FirewallRules: [UDP Query User{CEB353E0-8404-4DE2-AAC5-95DBE1F8368C}C:\xboxgames\ark- survival ascended\content\shootergame\binaries\wingdk\arkascended.exe] => (Allow) C:\xboxgames\ark- survival ascended\content\shootergame\binaries\wingdk\arkascended.exe => No File
FirewallRules: [{71774D5A-55E0-4127-BC93-4173A7004802}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sons Of The Forest\SonsOfTheForest.exe () [File not signed]
FirewallRules: [{F6C46B5F-9C51-4351-AABA-4B25BDEEA2FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sons Of The Forest\SonsOfTheForest.exe () [File not signed]
FirewallRules: [{1253A423-57C4-412F-8BA3-85A086FF1BCB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK Survival Ascended\ShooterGame\Binaries\Win64\ArkAscended_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{45FF44D7-52E2-4853-93D5-D5787244B5B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK Survival Ascended\ShooterGame\Binaries\Win64\ArkAscended_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{E046F8EA-C7DD-415A-98EA-74A1912A31FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK Survival Ascended\ShooterGame\Binaries\Win64\ArkAscended.exe (Wildcard Properties LLC -> Epic Games, Inc.)
FirewallRules: [{E736B25A-13B5-415B-96CC-229409C38CCA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK Survival Ascended\ShooterGame\Binaries\Win64\ArkAscended.exe (Wildcard Properties LLC -> Epic Games, Inc.)
FirewallRules: [TCP Query User{CD64CBFC-F1D6-4B04-8DB0-5A9188C67E34}C:\users\george\appdata\local\capcut\apps\5.7.0.2081\capcut.exe] => (Allow) C:\users\george\appdata\local\capcut\apps\5.7.0.2081\capcut.exe (Bytedance Pte. Ltd. -> ByteDance)
FirewallRules: [UDP Query User{4BD8F4BA-2EB1-436C-94ED-238F3485D378}C:\users\george\appdata\local\capcut\apps\5.7.0.2081\capcut.exe] => (Allow) C:\users\george\appdata\local\capcut\apps\5.7.0.2081\capcut.exe (Bytedance Pte. Ltd. -> ByteDance)
FirewallRules: [TCP Query User{84EDA45C-17F8-416D-84C2-BF39C49B4F0B}C:\program files\4kdownload\4kvideodownloaderplus\4kvideodownloaderplus.exe] => (Allow) C:\program files\4kdownload\4kvideodownloaderplus\4kvideodownloaderplus.exe (Open Media LLC -> Open Media LLC)
FirewallRules: [UDP Query User{17CA30AD-640F-4D90-91F4-C97889485819}C:\program files\4kdownload\4kvideodownloaderplus\4kvideodownloaderplus.exe] => (Allow) C:\program files\4kdownload\4kvideodownloaderplus\4kvideodownloaderplus.exe (Open Media LLC -> Open Media LLC)
FirewallRules: [TCP Query User{0149D5B6-8F51-42CF-95A9-47A185AA9B9F}C:\users\george\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-delta\windows-x64\java-runtime-delta\bin\javaw.exe] => (Allow) C:\users\george\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-delta\windows-x64\java-runtime-delta\bin\javaw.exe
FirewallRules: [UDP Query User{B5450F9D-FC31-4E64-A242-2879E1C02D7B}C:\users\george\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-delta\windows-x64\java-runtime-delta\bin\javaw.exe] => (Allow) C:\users\george\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-delta\windows-x64\java-runtime-delta\bin\javaw.exe
FirewallRules: [{4A233CB8-5BCF-4881-9398-7AD31ADB7681}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.256.502.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{82E06EE4-8CE6-47F6-BFA8-0B5FB910F2B7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.256.502.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{525FA78E-3554-42A7-A764-1862FE63D4A7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.256.502.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{A0432CFA-8983-4178-8939-39AB1CE066A1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.256.502.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{899069BB-F870-4806-86B7-D349548D1221}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.256.502.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{B1CFDBC6-F3E5-48D9-B8BD-18B6C37A0C13}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.256.502.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{DC04898E-0CE7-4016-BD4E-74B58A1B41C9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.256.502.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{C6C6495D-76FC-4E71-9796-449F75645702}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.256.502.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{E367E1A5-38BF-46F3-AE6E-CBA5235E0713}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.256.502.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{E8A4B503-C8F0-4C3A-9A8B-E71724AE335E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.256.502.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{18C69C2F-6B69-43F2-B774-4D6797367F38}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{8862EF54-6432-4265-8790-55D8943168A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma Reforger\ArmaReforger_BE.exe (BOHEMIA INTERACTIVE a.s. -> BattlEye Innovations)
FirewallRules: [{CD48F7F4-92CD-4781-B184-19CEA418C424}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma Reforger\ArmaReforger_BE.exe (BOHEMIA INTERACTIVE a.s. -> BattlEye Innovations)
FirewallRules: [{715655E2-D054-4DBD-ACDF-1C390E3E3286}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C5B37941-C77B-4412-ABE9-CB3497C3FAFE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Farming Simulator 25\FarmingSimulator2025.exe (GIANTS Software GmbH -> GIANTS Software GmbH)
FirewallRules: [{2EB87BE7-E1D3-4176-B6C2-E56EA95AAF3F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Farming Simulator 25\FarmingSimulator2025.exe (GIANTS Software GmbH -> GIANTS Software GmbH)
 
==================== Restore Points =========================
 
04-02-2025 11:09:50 Windows Update
 
==================== Faulty Device Manager Devices ============
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (02/05/2025 08:33:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress..
 
Error: (02/05/2025 08:33:28 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]
 
Error: (02/05/2025 08:33:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress..
 
Error: (02/05/2025 08:33:28 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]
 
Error: (02/05/2025 08:16:55 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\George\AppData\Local\CapCut\Apps\CapCut.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.4541_none_6ebe089c8800e98b.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.4541_none_2710d1c57384c085.manifest.
 
Error: (02/05/2025 04:01:00 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\George\AppData\Local\CapCut\Apps\CapCut.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.4541_none_6ebe089c8800e98b.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.4541_none_2710d1c57384c085.manifest.
 
Error: (02/05/2025 03:22:04 PM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: nvcontainer.exe, version: 1.42.3485.3667, time stamp: 0x66e983b0
Faulting module name: nvapi64.dll_unloaded, version: 32.0.15.6636, time stamp: 0x674f5d87
Exception code: 0xc0000005
Fault offset: 0x000000000041bdab
Faulting process id: 0x0x7f84
Faulting application start time: 0x0x1db77df1792865e
Faulting application path: C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
Faulting module path: nvapi64.dll
Report Id: e6e8fd9a-6de1-4d83-9a9f-32d114d16680
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/05/2025 03:22:02 PM) (Source: Application Error) (EventID: 1000) (User: 322442-1-1)
Description: Faulting application name: FarmingSimulator2025Game.exe, version: 10.0.0.0, time stamp: 0x67990664
Faulting module name: FarmingSimulator2025Game.exe, version: 10.0.0.0, time stamp: 0x67990664
Exception code: 0xc0000005
Fault offset: 0x00000000001c8c94
Faulting process id: 0x0x9518
Faulting application start time: 0x0x1db77e06f2aed19
Faulting application path: C:\Program Files (x86)\Steam\steamapps\common\Farming Simulator 25\x64\FarmingSimulator2025Game.exe
Faulting module path: C:\Program Files (x86)\Steam\steamapps\common\Farming Simulator 25\x64\FarmingSimulator2025Game.exe
Report Id: 068c6e24-77c2-45f8-b5b4-54037a3cef03
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (02/06/2025 12:57:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SASKUTIL service failed to start due to the following error: 
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Error: (02/06/2025 11:45:19 AM) (Source: DCOM) (EventID: 10010) (User: 322442-1-1)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.
 
Error: (02/06/2025 11:26:46 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error (-2147020471 = Secure Boot is not enabled on this machine.). For more information, please see https://go.microsoft...?linkid=2169931
 
Error: (02/06/2025 11:22:39 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error (-2147020471 = Secure Boot is not enabled on this machine.). For more information, please see https://go.microsoft...?linkid=2169931
 
Error: (02/05/2025 08:17:56 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error (-2147020471 = Secure Boot is not enabled on this machine.). For more information, please see https://go.microsoft...?linkid=2169931
 
Error: (02/05/2025 08:15:14 PM) (Source: DCOM) (EventID: 10010) (User: 322442-1-1)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
Error: (02/05/2025 08:15:14 PM) (Source: DCOM) (EventID: 10010) (User: 322442-1-1)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
Error: (02/05/2025 08:15:14 PM) (Source: DCOM) (EventID: 10010) (User: 322442-1-1)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
 
Windows Defender:
================
Date: 2025-01-23 19:12:39
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Phonzy.B!ml
Severity: Severe
Category: Trojan
Path: containerfile:_C:\Users\George\Downloads\CapCut Pro 5602062 Crack For PC Free Download 2025.zip; file:_C:\Users\George\Downloads\CapCut Pro 5602062 Crack For PC Free Download 2025.zip->CapCut Pro 5602062 Crack For PC Free Download 2025.exe; webfile:_C:\Users\George\Downloads\CapCut Pro 5602062 Crack For PC Free Download 2025.zip|https://s3.amazonaws...821331573221963
Detection Origin: Internet
Detection Type: FastPath
Detection Source: Downloads and attachments
Process Name: Unknown
Security intelligence Version: AV: 1.421.1506.0, AS: 1.421.1506.0, NIS: 1.421.1506.0
Engine Version: AM: 1.1.24090.11, NIS: 1.1.24090.11 
 
Date: 2025-01-23 17:42:29
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2025-01-23 17:06:02
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2025-01-20 12:05:33
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2025-01-19 23:25:05
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Wacatac.B!ml
Severity: Severe
Category: Trojan
Path: file:_C:\Users\George\AppData\Local\Temp\Rar$EXb2492.39301.rartemp\!Open--FileZ\setup.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Program Files\WinRAR\WinRAR.exe
Security intelligence Version: AV: 1.421.1442.0, AS: 1.421.1442.0, NIS: 1.421.1442.0
Engine Version: AM: 1.1.24090.11, NIS: 1.1.24090.11 
Event[0]
 
Date: 2025-02-05 20:15:25
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x8007045b
Error description: A system shutdown is in progress. 
Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the device. 
 
Date: 2025-02-04 21:28:11
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80501102
Error description: An unexpected problem occurred. Install any available updates, then try to start the program again. For information on installing updates, see Help and Support. 
Security intelligence Version: 1.421.1630.0;1.421.1630.0
Engine Version: 1.1.24090.11 
 
Date: 2025-01-31 12:06:10
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.421.1506.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.24090.11
Error code: 0x80240017
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.  
 
Date: 2025-01-31 12:05:05
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80501102
Error description: An unexpected problem occurred. Install any available updates, then try to start the program again. For information on installing updates, see Help and Support. 
Security intelligence Version: 1.421.1506.0;1.421.1506.0
Engine Version: 1.1.24090.11 
 
Date: 2025-01-30 14:51:25
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.421.1506.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.24090.11
Error code: 0x80240017
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.  
 
CodeIntegrity:
===============
Date: 2025-02-06 13:26:30
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Windows signing level requirements. 
 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. 3024 08/02/2024
Motherboard: ASUSTeK COMPUTER INC. PRIME B650M-A WIFI II
Processor: AMD Ryzen 9 7900X 12-Core Processor 
Percentage of memory in use: 50%
Total physical RAM: 32404.75 MB
Available physical RAM: 16172.57 MB
Total Virtual: 44692.75 MB
Available Virtual: 22209.07 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:912.84 GB) (Free:233.85 GB) (Model: ADATA LEGEND 800) NTFS
 
\\?\Volume{22dae432-26de-4ffd-86e7-4cce9f2d0826}\ (Recovery tools) (Fixed) (Total:18.55 GB) (Free:4.69 GB) NTFS
\\?\Volume{bd241936-7691-485b-b43b-aeefae1ff068}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A863A42A)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

 


  • 0

Advertisements

#2
DR M
Posted 06 February 2025 - 08:10 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,422 posts

Hi, greencamel.

Welcome to Geeks to Go Forums. EPFGbk7.gif

I will be assisting you regarding your computer's issues. Here, we will check your computer for malware.

Please, adhere to the guidelines below. As soon as I have your consent, I'll start the cleaning procedure.

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.


  • 0

#3
greencamel
Posted 06 February 2025 - 09:50 AM

greencamel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

I'm ready to start, thankyou.


  • 1

#4
DR M
Posted 06 February 2025 - 09:59 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,422 posts

OK!

 

I'll be back to you in a couple of hours.


  • 0

#5
DR M
Posted 06 February 2025 - 11:09 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,422 posts

We must start from somewhere.

 

 

Pirated programs

 

There is evidence that you are using pirated programs. As I noted in my first post, this is the best and faster way to infect your system. Using such programs, as well as cracks, keygens etc., consist of a security risk. Thus, regardless the ethical part, it's a waste of time to clean a system exposed to all these, since it will get infected, soon or later. 

 

So, I would ask you to remove all programs for which you haven't got a genuine license. Have in mind that the tools we are going to use will possibly remove parts of these programs, so they won't function properly. Let me know if you agree with that. 


  • 0

#6
greencamel
Posted 06 February 2025 - 12:19 PM

greencamel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

yes i agree but i don't know what programs are pirated so if you want is it possible if you could remove all of the illegal programs please.


  • 0

#7
DR M
Posted 06 February 2025 - 02:36 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,422 posts

I can't do that for all the pirated programs a system has. But the tools we use can remove cracks or patches or keygens which are used to bypass a genuine activation. 

 

For example:

 

This is from your logs:

 

C:\Users\George\Downloads\CapCut Pro 5602062 Crack For PC Free Download 2025.zip
 
As you can see, you have downloaded a crack for CapCut. So, if CapCut is not activated with a genuine license, must be removed. You are the one you know better. I am a malware analyst, not a policeman. :)
 
So, since you are with me and you agree, please go on and uninstall programs you are sure they are not activated with a genuine license. After that, run FRST tool as you did before, and attach for me fresh logs to check.
 
Something else:
 
Did you intentionally installed Search With Incognito extension for Edge? As a result of this, your search engine now is hxxps://www.searchwithouthistorysearch.com. That is why it is call "browser hijacker". 
 
So...
 
In your next reply I expect to see:
  1. Fresh logs after uninstalling CapCut and other programs
  2. A reply about Search with Incognito extension
 
P.S. My time zone is UTC +2, so now I'm going to shut down. I'll be back to you tomorrow.

  • 0

#8
greencamel
Posted 07 February 2025 - 02:57 PM

greencamel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Okay ill have a look through all my files now and get back to you as soon as possible.


  • 0

#9
DR M
Posted 08 February 2025 - 01:53 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,422 posts

Thank you.

 

I'll be here.


  • 0

#10
greencamel
Posted 08 February 2025 - 05:33 AM

greencamel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

I think I've removed a as much as i know of.

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-02-2025
Ran by George (08-02-2025 11:27:04)
Running from C:\Users\George\Downloads
Microsoft Windows 11 Pro Version 23H2 22631.4751 (X64) (2025-01-06 12:47:32)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-2398525475-854880265-1321228765-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2398525475-854880265-1321228765-503 - Limited - Disabled)
George (S-1-5-21-2398525475-854880265-1321228765-1001 - Administrator - Enabled) => C:\Users\George
Guest (S-1-5-21-2398525475-854880265-1321228765-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2398525475-854880265-1321228765-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Bitdefender Antivirus (Enabled - Up to date) {0F59B032-EA77-E3A8-2382-74A4346E5522}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4K Tokkit (HKLM\...\{0BBE76AE-D243-456A-8CC2-BA4E51B224CC}) (Version: 2.7.4.0960 - Open Media LLC) Hidden
4K Tokkit (HKLM-x32\...\{1d67ea5c-81e6-437a-898b-e0f14051a1a4}) (Version: 2.7.4.960 - Open Media LLC)
4K Video Downloader+ (HKLM\...\{BEBE6CDF-A16C-467E-BA06-CFAE91562C32}) (Version: 1.10.5.0171 - Open Media LLC) Hidden
4K Video Downloader+ (HKLM-x32\...\{fdfc1deb-f7af-4ec0-942a-263b7d09b224}) (Version: 1.10.5.171 - Open Media LLC)
AnyUkit 10.8.2 (HKLM-x32\...\AnyUkit) (Version: 10.8.2 - AmoyShare)
ARMOURY CRATE Lite Service (HKLM\...\{EF3944FF-2501-4568-B15C-5701E726719E}) (Version: 5.0.8 - ASUS)
ASUS AIOFan HAL (HKLM\...\{EAE80DED-1A39-41C5-9F60-87CC947F6454}) (Version: 1.1.40.0 - ASUSTek COMPUTER INC.) Hidden
ASUS AIOFan HAL (HKLM-x32\...\{10f6ee35-55c3-46eb-91a6-816ce9af34c7}) (Version: 1.1.40.0 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA Extension Card HAL (HKLM\...\{237E1CAC-1708-4940-AC34-DF15C079AB70}) (Version: 1.1.0.13 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Extension Card HAL (HKLM-x32\...\{c398adfb-d090-4897-8845-baca53f7ecde}) (Version: 1.1.0.13 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Motherboard HAL (HKLM\...\{4EBEAC95-76BC-46A8-8644-6E2F1C87CF70}) (Version: 1.2.7.0 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Motherboard HAL (HKLM-x32\...\{b42ffcda-b685-4ba0-8640-2971ae4a70c6}) (Version: 1.2.7.0 - ASUSTeK COMPUTER INC.) Hidden
ASUS Aura SDK (HKLM\...\{CF8E6E00-9C03-4440-81C0-21FACB921A6B}) (Version: 3.04.11 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA VGA Component (HKLM\...\{71BB96A6-EAC4-45AE-A17D-D3ED43FF1D14}) (Version: 0.0.4.3 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA VGA Component (HKLM-x32\...\{7a0d5159-cb5e-4f66-91f8-bab46f864f14}) (Version: 0.0.4.3 - ASUSTek COMPUTER INC. ) Hidden
ASUS FanCard HAL (HKLM\...\{A7A1C301-E788-4603-9F55-02344F50624F}) (Version: 1.0.6.2 - ASUSTek COMPUTER INC.) Hidden
ASUS FanCard HAL (HKLM-x32\...\{9e790e07-66a9-430d-b0e4-624a5f3a1d96}) (Version: 1.0.6.2 - ASUSTek COMPUTER INC.) Hidden
ASUS Framework Service (HKLM-x32\...\{cf5b2f79-6f67-4543-b5d5-6f1fb9ad6d06}) (Version: 2.1.2.3 - ASUSTek COMPUTER INC.)
ASUS Framework Service (HKLM-x32\...\{EA6A87BE-8AD3-40D2-944C-9DF5FBFF4332}) (Version: 2.1.2.3 - ASUSTek COMPUTER INC.) Hidden
ASUS MB Peripheral Products (HKLM\...\{BFED9861-7D96-4528-89F1-B090ABBF11A7}) (Version: 1.0.35 - ASUSTeK Computer Inc.) Hidden
ASUS MB Peripheral Products (HKLM-x32\...\{193a2068-8738-4276-ab1b-9133f9403487}) (Version: 1.0.35 - ASUSTeK Computer Inc.) Hidden
ASUS Motherboard (HKLM-x32\...\{93795eb8-bd86-4d4d-ab27-ff80f9467b37}) (Version: 3.00.01 - ASUSTek Computer Inc.)
ASUS Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.107.129 - ASUSTeK Computer Inc.) Hidden
AURA DRAM Component (HKLM\...\{9AFE5429-866B-457D-A864-80BCF7672EE8}) (Version: 1.1.16 - ASUS) Hidden
AURA DRAM Component (HKLM-x32\...\{41a78792-5489-400c-a567-b78d40b8c878}) (Version: 1.1.16 - ASUS) Hidden
AURA lighting effect add-on (HKLM-x32\...\{1E2EA04B-FCA7-457E-B6F4-F33E1858E859}) (Version: 0.0.21 - ASUS)
AURA lighting effect add-on x64 (HKLM\...\{C5A4A164-4428-4931-B728-96EEF0FA3C44}) (Version: 0.0.21 - ASUS)
AURA Service (HKLM-x32\...\{0E536061-3B55-4D45-BF58-0BDA261C94B0}) (Version: 3.05.29 - ASUSTeK Computer Inc.) Hidden
AURA Service (HKLM-x32\...\{abff099e-96f5-4bf4-9c6e-6f435f9f6c55}) (Version: 3.05.29 - ASUSTeK Computer Inc.)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 27.1.1.11 - Bitdefender)
Bitdefender Antivirus Free (HKLM\...\Bitdefender) (Version: 27.0.47.235 - Bitdefender)
CapCut (HKU\S-1-5-21-2398525475-854880265-1321228765-1001\...\CapCut) (Version: 5.7.0.2081 - Bytedance Pte. Ltd.)
CurseForge 1.271.0-23001 (HKU\S-1-5-21-2398525475-854880265-1321228765-1001\...\ca0e291c-abd4-5fc3-b6a0-3d4333eccbd7) (Version: 1.271.0-23001 - Overwolf)
Discord (HKU\S-1-5-21-2398525475-854880265-1321228765-1001\...\Discord) (Version: 1.0.9003 - Discord Inc.)
ENE RGB HAL (HKLM\...\{E050E98C-5524-4AFB-9E53-97700BEF2C02}) (Version: 1.1.39.5 - Ene Tech.) Hidden
ENE RGB HAL (HKLM-x32\...\{09239bb1-d62b-4710-991f-f8cf987be42b}) (Version: 1.1.39.5 - Ene Tech.) Hidden
ENE_EHD_M2_HAL (HKLM\...\{37A48B7F-D4EA-4863-844E-A284E2AA3C5D}) (Version: 1.0.9.6 - ENE TECHNOLOGY INC.) Hidden
ENE_EHD_M2_HAL (HKLM-x32\...\{fb849319-e131-4301-9dc9-458db90abe1d}) (Version: 1.0.9.6 - ENE TECHNOLOGY INC.) Hidden
Epic Games Launcher (HKLM-x32\...\{C5C3EE71-4047-4144-946E-18D500510CB5}) (Version: 1.3.128.0 - Epic Games, Inc.)
Epic Online Services (HKLM-x32\...\{5122B8BC-D6DF-48FF-8D4E-15A63EEC5073}) (Version: 2.8.1 - Epic Games, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 133.0.6943.59 - Google LLC)
HandBrake 1.9.0 (HKLM-x32\...\HandBrake) (Version: 1.9.0 - )
iCloud Outlook (HKLM\...\{76DBE4BD-97A4-4657-A75F-4DA83272360F}) (Version: 15.3.0.138 - Apple Inc.)
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Kingston AURA DRAM Component (HKLM\...\{965CDF5F-901C-476F-B3A8-7396701B1129}) (Version: 1.1.12 - KINGSTON COMPONENTS INC.) Hidden
Kingston AURA DRAM Component (HKLM-x32\...\{2237a879-7fa4-4e21-ae3b-00f6a649b9d9}) (Version: 1.1.12 - KINGSTON COMPONENTS INC.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: 2025.1.673329 - Logitech)
Maxon Cinema 4D 2024 (HKLM\...\Maxon Cinema 4D 2024) (Version: 2024 - Maxon)
Microsoft .NET Host - 8.0.12 (x64) (HKLM\...\{C4C6E39D-48AE-426C-960C-46ED3447DDEB}) (Version: 64.48.26165 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 8.0.12 (x64) (HKLM\...\{C9C872D5-3CA9-4E0E-AF90-1B85325F9243}) (Version: 64.48.26165 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 8.0.12 (x64) (HKLM\...\{1E606649-7E56-452F-8AC4-495C70D1E341}) (Version: 64.48.26165 - Microsoft Corporation) Hidden
Microsoft 365 Apps for enterprise - en-gb (HKLM\...\O365ProPlusRetail - en-gb) (Version: 16.0.18429.20132 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 132.0.2957.140 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 132.0.2957.140 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2016 - hu-hu (HKLM\...\ProPlusRetail - hu-hu) (Version: 16.0.18429.20132 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 25.005.0112.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (HKLM\...\{764384C5-BCA9-307C-9AAC-FD443662686A}) (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (HKLM\...\{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}) (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.42.34433 (HKLM-x32\...\{804e7d66-ccc2-4c12-84ba-476da31d103d}) (Version: 14.42.34433.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.42.34433 (HKLM-x32\...\{e7802eac-3305-4da0-9378-e55d1ed05518}) (Version: 14.42.34433.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.42.34433 (HKLM\...\{E1902FC6-C423-4719-AB8A-AC7B2694B367}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.42.34433 (HKLM\...\{382F1166-A409-4C5B-9B1E-85ED538B8291}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.42.34433 (HKLM-x32\...\{84E3E712-6343-484B-8B6C-9F145F019A70}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.42.34433 (HKLM-x32\...\{C2BB95AA-90F3-4891-81C1-A7E565BB836C}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 8.0.12 (x64) (HKLM\...\{71CD19D6-C448-4B5D-9A38-018741753290}) (Version: 64.48.26178 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 8.0.12 (x64) (HKLM-x32\...\{aafaa0cc-b975-4ffa-ba33-8690e64683c4}) (Version: 8.0.12.34404 - Microsoft Corporation)
Nagyvállalati Microsoft 365-alkalmazások - hu-hu (HKLM\...\O365ProPlusRetail - hu-hu) (Version: 16.0.18429.20132 - Microsoft Corporation)
NVIDIA app 11.0.2.312 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NvApp) (Version: 11.0.2.312 - NVIDIA Corporation)
NVIDIA FrameView SDK 1.5.10819.35301613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.5.10819.35301613 - NVIDIA Corporation)
NVIDIA Graphics Driver 572.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 572.16 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.4.3.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.4.3.2 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.23.1019 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.23.1019 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.18429.20044 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.18429.20044 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.18429.20132 - Microsoft Corporation) Hidden
Patriot Viper DRAM RGB (HKLM\...\{1F9C282E-CCB4-4D8E-A5CB-7B74DFCD8C95}) (Version: 1.0.9.2 - Patriot Memory) Hidden
Patriot Viper DRAM RGB (HKLM-x32\...\{fdc098ce-d76c-4e2e-a0a6-01a24e9a1f7d}) (Version: 1.0.9.2 - Patriot Memory)
Patriot Viper M2 SSD RGB (HKLM\...\{8B4C0A3D-C135-4E1F-98D8-3926494B4D61}) (Version: 1.0.6.5 - Patriot Memory) Hidden
Patriot Viper M2 SSD RGB (HKLM-x32\...\{387596e5-692e-4baf-bec2-3338d555df7a}) (Version: 1.0.6.5 - Patriot Memory)
PHISON HAL (HKLM\...\{966E33F0-6786-4B38-AA29-C1B3F6C1955D}) (Version: 1.0.9.0 - PHISON Electronics Corp.) Hidden
PHISON HAL (HKLM-x32\...\{549da357-1b81-456b-83f2-dcc47c41dfff}) (Version: 1.0.9.0 - PHISON Electronics Corp.) Hidden
ROG FAN CARD 3 (HKLM-x32\...\{19a626ed-783a-4d0e-8e7b-5fa069ad348b}) (Version: 2.08.07 - ASUSTek Computer Inc.)
ROG Live Service (HKLM\...\{2D87BFB6-C184-4A59-9BBE-3E20CE797631}) (Version: 2.1.5.0 - ASUSTek COMPUTER INC.)
ROG STRIX LC (HKLM-x32\...\{53bdfdff-511a-442d-bcfd-5a251503c720}) (Version: 1.03.13 - ASUSTek Computer Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Topaz Video AI (HKLM\...\{E41A37EA-E32C-4E3B-B2BA-2C9787A1828B}) (Version: 3.3.10 - Topaz Labs LLC)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 157.1.11142 - Ubisoft)
UE Prerequisites (x64) (HKLM\...\{C4175120-313E-467B-AAA7-825979CBAEE7}) (Version: 1.0.20.0 - Epic Games, Inc.) Hidden
UE Prerequisites (x64) (HKLM-x32\...\{b24cae82-bb64-4ad2-820a-dc2c4031c914}) (Version: 1.0.20.0 - Epic Games, Inc.) Hidden
Universal Holtek RGB DRAM (HKLM\...\{826388E4-E31F-4514-948B-3BB954FB3EAF}) (Version: 1.0.0.2 - PD) Hidden
Universal Holtek RGB DRAM (HKLM-x32\...\{6870588f-9f28-488b-a169-cf548ad6b393}) (Version: 1.0.0.2 - PD)
WD_BLACK AN1500 (HKLM\...\{085E2365-0A70-4230-B664-02D5E4FE7E9C}) (Version: 1.0.14.0 - ENE TECHNOLOGY INC.) Hidden
WD_BLACK AN1500 (HKLM-x32\...\{e42c5874-37b0-4977-9e8d-70bf006e1f76}) (Version: 1.0.14.0 - ENE TECHNOLOGY INC.) Hidden
WinRAR 7.10 beta 3 (64-bit) (HKLM\...\WinRAR archiver) (Version: 7.10.3 - win.rar GmbH)
Wondershare Filmora 14(Build 14.3.2.11147) (HKU\S-1-5-21-2398525475-854880265-1321228765-1001\...\Wondershare Filmora 14_is1) (Version:  - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
Wondershare NativePush(Build 1.1.0.0) (HKU\S-1-5-21-2398525475-854880265-1321228765-1001\...\Wondershare NativePush_is1) (Version:  - Wondershare Software)
 
Packages:
=========
ARMOURY CRATE -> C:\Program Files\WindowsApps\B9ECED6F.ArmouryCrate_5.9.13.0_x64__qmba6cd70vzyy [2025-01-06] (ASUSTeK COMPUTER INC.)
Bitdefender CL Contextual Menu -> C:\Program Files\Bitdefender\Bitdefender Security App [2025-02-08] (Bitdefender)
BlockBuster: Adventures Puzzle -> C:\Program Files\WindowsApps\www.msn.com-67375229_1.0.0.0_neutral__q77jw2zwjvy92 [2025-02-07] (www.msn.com)
iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_15.3.138.0_x64__nzyj5cx40ttqa [2025-01-23] (Apple Inc.) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2025-01-06] (Microsoft Corp.)
Minecraft for Windows -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.21.5101.0_x64__8wekyb3d8bbwe [2025-01-26] (Microsoft Studios)
Minecraft Launcher -> C:\Program Files\WindowsApps\Microsoft.4297127D64EC6_2.1.3.0_x64__8wekyb3d8bbwe [2025-01-26] (Microsoft Studios)
Minecraft: Java Edition -> C:\Program Files\WindowsApps\Microsoft.MinecraftJavaEdition_1.0.5.0_x64__8wekyb3d8bbwe [2025-01-26] (Microsoft Studios)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.967.0_x64__56jybvy8sckqj [2025-02-05] (NVIDIA Corp.)
Snapchat -> C:\Program Files\WindowsApps\SnapInc.Snapchat_3.0.1.0_neutral__k1zn018256b8e [2025-01-23] (Snap Inc.)
SpotifyAB.SpotifyMusic -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.256.502.0_x64__zpdnekdrzrea0 [2025-01-31] (Spotify AB) [Startup Task]
TikTok -> C:\Program Files\WindowsApps\BytedancePte.Ltd.TikTok_1.0.5.0_neutral__6yccndn6064se [2025-01-24] (Bytedance Pte. Ltd.)
TranslucentTB -> C:\Program Files\WindowsApps\28017CharlesMilette.TranslucentTB_2024.3.0.0_x64__v826wp6bftszj [2025-02-05] (Charles Milette) [Startup Task]
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2504.2.0_x64__cv1g1gvanyjgm [2025-02-05] (WhatsApp Inc.) [Startup Task]
WinRAR -> C:\Program Files\WinRAR [2025-01-19] (win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2398525475-854880265-1321228765-1001_Classes\CLSID\{14100442-9664-1407-2647-000000000000}\localserver32 -> C:\Users\George\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe (Wondershare Technology Group Co.,Ltd -> Wondershare)
CustomCLSID: HKU\S-1-5-21-2398525475-854880265-1321228765-1001_Classes\CLSID\{1a46400f-4c81-802a-c2c1-1e9a687a9340}\localserver32 -> C:\Program Files\HandBrake\HandBrake.exe (HandBrake Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-2398525475-854880265-1321228765-1001_Classes\CLSID\{83560CA7-0D45-48BE-BD3D-76602CDBD01B} -> [iCloud Photos] => C:\Users\George\Pictures\iCloud Photos\Photos [2025-01-23 21:48]
CustomCLSID: HKU\S-1-5-21-2398525475-854880265-1321228765-1001_Classes\CLSID\{FD59DB17-562E-41FC-8FB5-8443CDFE8E6D} -> [iCloud Drive] => C:\Users\George\iCloudDrive [2025-01-23 21:48]
ShellIconOverlayIdentifiers: [    OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2025-01-19] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2025-01-19] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2025-01-19] (Adobe Inc. -> )
ShellIconOverlayIdentifiers-x32: [    OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2025-01-19] (Adobe Inc. -> )
ContextMenuHandlers1: [ContextMenuHandlerFilmora] -> {5F542218-AF8A-4CF8-8ACA-DF63B73C528D} => C:\Windows\system32\FilmoraContextMenu.dll [2024-12-06] () [File not signed]
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvrfi.inf_amd64_2c09ed8a3f940967\nvshext.dll [2025-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2025-01-19] (Adobe Inc. -> )
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2021-12-23 15:51 - 2021-12-23 15:51 - 000477696 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\ffi-napi\prebuilds\win32-ia32\node.napi.node
2021-12-23 15:51 - 2021-12-23 15:51 - 000471040 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\ref-napi\prebuilds\win32-ia32\node.napi.node
2021-12-23 15:51 - 2021-12-23 15:51 - 000454656 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\registry-js\prebuilds\win32-ia32\node.napi.node
2025-01-03 14:41 - 2021-02-18 12:07 - 000085504 _____ () [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\zlib1.dll
2025-01-03 14:40 - 2021-12-10 17:55 - 000093184 _____ () [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\zlibwapi.dll
2021-12-23 15:51 - 2021-12-23 15:51 - 000081920 _____ () [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\WindowID\WindowID.dll
2025-01-23 16:44 - 2024-09-29 14:45 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2025-01-23 16:44 - 2024-09-29 14:45 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2025-01-06 13:34 - 2024-01-26 21:04 - 007470592 _____ () [File not signed] C:\Program Files (x86)\Steam\aom.dll
2025-01-06 13:34 - 2024-01-26 21:04 - 001066496 _____ () [File not signed] C:\Program Files (x86)\Steam\dav1d.dll
2025-01-06 13:34 - 2024-07-11 01:46 - 000701952 _____ () [File not signed] C:\Program Files (x86)\Steam\libavif-16.dll
2025-01-26 21:52 - 2025-02-02 12:06 - 002682880 _____ () [File not signed] C:\Users\George\AppData\Local\Programs\CurseForge Windows\ffmpeg.dll
2025-01-26 21:52 - 2025-02-02 12:06 - 000481280 _____ () [File not signed] C:\Users\George\AppData\Local\Programs\CurseForge Windows\libegl.dll
2025-01-26 21:52 - 2025-02-02 12:06 - 008058368 _____ () [File not signed] C:\Users\George\AppData\Local\Programs\CurseForge Windows\libglesv2.dll
2025-01-26 21:52 - 2025-02-02 12:06 - 005475328 _____ () [File not signed] C:\Users\George\AppData\Local\Programs\CurseForge Windows\vk_swiftshader.dll
2025-01-23 16:44 - 2024-12-06 15:49 - 000754688 _____ () [File not signed] C:\Windows\system32\FilmoraContextMenu.dll
2020-05-26 17:08 - 2020-05-26 17:08 - 002831360 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\LightingService\log4cxx.dll
2021-12-27 09:04 - 2021-12-27 09:04 - 000047104 _____ (CTI) [File not signed] C:\Program Files\ENE\Aac_ENE RGB HAL\x86\MsIo32_ENE.dll
2025-01-06 13:34 - 2024-12-03 20:40 - 005378048 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\Steam\libavcodec-61.dll
2025-01-06 13:34 - 2024-12-03 20:40 - 000875008 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\Steam\libavfilter-10.dll
2025-01-06 13:34 - 2024-12-03 20:40 - 001674240 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\Steam\libavformat-61.dll
2025-01-06 13:34 - 2024-12-03 20:40 - 001640960 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\Steam\libavutil-59.dll
2025-01-06 13:34 - 2024-12-03 20:40 - 000630272 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\Steam\libswresample-5.dll
2025-01-06 13:34 - 2024-12-03 20:40 - 001092608 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\Steam\libswscale-8.dll
2025-01-03 14:41 - 2021-02-18 12:07 - 000287232 _____ (The curl library, hxxps://curl.haxx.se/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\libcurl.dll
2025-01-03 14:41 - 2021-02-18 12:07 - 003394560 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\libcrypto-1_1-x64.dll
2025-01-03 14:41 - 2021-02-18 12:07 - 002281984 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\LIBEAY32.dll
2025-01-03 14:41 - 2021-02-18 12:07 - 000679424 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\libssl-1_1-x64.dll
2025-01-03 14:41 - 2021-02-18 12:07 - 000361472 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\SSLEAY32.dll
2025-01-03 14:40 - 2021-12-10 17:55 - 003394560 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\libcrypto-1_1-x64.dll
2025-01-03 14:40 - 2021-12-10 17:55 - 000679424 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\libssl-1_1-x64.dll
2025-01-23 16:44 - 2024-09-29 14:45 - 000708096 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\George\Downloads\4ktokkit_2.7.4_x64_online (1).exe:MBAM.Zone.Identifier [151]
AlternateDataStreams: C:\Users\George\Downloads\4kvideodownloaderplus_1.10.5_x64_online (1).exe:MBAM.Zone.Identifier [165]
AlternateDataStreams: C:\Users\George\Downloads\anyukit-win.exe:MBAM.Zone.Identifier [151]
AlternateDataStreams: C:\Users\George\Downloads\bitdefender_avfree.exe:MBAM.Zone.Identifier [181]
AlternateDataStreams: C:\Users\George\Downloads\CapCut_7441457733406162999_installer.exe:MBAM.Zone.Identifier [59]
AlternateDataStreams: C:\Users\George\Downloads\ChromeSetup.exe:MBAM.Zone.Identifier [387]
AlternateDataStreams: C:\Users\George\Downloads\CurseForge Windows - Installer.exe:MBAM.Zone.Identifier [195]
AlternateDataStreams: C:\Users\George\Downloads\HandBrake-1.9.0-x86_64-Win_GUI.exe:MBAM.Zone.Identifier [566]
AlternateDataStreams: C:\Users\George\Downloads\mmm-setup.exe:MBAM.Zone.Identifier [125]
AlternateDataStreams: C:\Users\George\Downloads\OfficeSetup.exe:MBAM.Zone.Identifier [237]
AlternateDataStreams: C:\Users\George\Downloads\RogueKiller_setup (1).exe:MBAM.Zone.Identifier [185]
AlternateDataStreams: C:\Users\George\Downloads\Snapchat Installer.exe:MBAM.Zone.Identifier [63]
AlternateDataStreams: C:\Users\George\Downloads\SUPERAntiSpyware.exe:MBAM.Zone.Identifier [92]
AlternateDataStreams: C:\Users\George\Downloads\TikTok Installer.exe:MBAM.Zone.Identifier [63]
AlternateDataStreams: C:\Users\George\Downloads\WhatsApp Installer.exe:MBAM.Zone.Identifier [152]
AlternateDataStreams: C:\Users\George\Downloads\windowsdesktop-runtime-8.0.12-win-x64.exe:MBAM.Zone.Identifier [246]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [4288]
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) =============
 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2025-01-24] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2025-02-07] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2025-01-24] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2025-02-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2025-02-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2025-02-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2025-02-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2025-02-07] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2398525475-854880265-1321228765-1001\...\sharepoint.com -> hxxps://midkentcollege-files.sharepoint.com
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2022-05-07 05:24 - 2022-05-07 05:22 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64\compiler;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA app\NvDLISR;C:\Program Files\dotnet\
HKU\S-1-5-21-2398525475-854880265-1321228765-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\George\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\Microsoft\IrisService\14860579008521974080\133834136952248660.jpg
DNS Servers: 192.168.10.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
Network Binding:
=============
WiFi: Realtek 8852BE Wireless LAN WiFi 6 PCI-E NIC -> rtwlane601.sys
Ethernet: Realtek Gaming 2.5GbE Family Controller -> rt640x64.sys
Bluetooth Network Connection: Bluetooth Device (Personal Area Network) -> bthpan.sys
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{904C411E-F96A-47E0-8395-6F8184773620}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe (ASUSTeK Computer Inc. -> ASUS)
FirewallRules: [{D9AE05E9-AA68-4ECE-93D1-F53AC0A736B3}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
FirewallRules: [{281325F4-2D73-43D4-893A-69B6DC8BA4AD}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmouryHtmlDebugServer.exe (ASUSTeK Computer Inc. -> ASUS)
FirewallRules: [{38406B6B-C0A6-4F7D-A4CE-2FBD0F71B23A}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24334.1103.3302.5694_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BA7687AA-F172-4373-A01F-F9CAF1CDF33D}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24334.1103.3302.5694_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{863391D0-D046-4051-B44A-8EFE3655F458}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{33536E5A-64AC-4C97-9500-C3A783C4EA78}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{99BFECE1-1661-493E-A047-63DB3933D9DB}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{84CC256B-85AE-47F8-80E4-AA34AD967B28}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{511AAE6C-AFE7-41CA-923B-DD36376584B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe (Skutta Software GmbH -> )
FirewallRules: [{5DD11117-A24D-463D-B893-471B93A6C65C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe (Skutta Software GmbH -> )
FirewallRules: [{29054ADA-8433-4E15-83B3-0F3B46BF4EC8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War Thunder\eac_wt_mlauncher.exe (Gaijin Entertainment) [File not signed]
FirewallRules: [{EAF799D3-DF41-47C6-B73A-5177EE81FED3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War Thunder\eac_wt_mlauncher.exe (Gaijin Entertainment) [File not signed]
FirewallRules: [{6683DEA9-952B-4729-BE96-2C5920CA80A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War Thunder\launcher.exe (GAIJIN NETWORK LTD -> Gaijin)
FirewallRules: [{8C2A17E1-47CE-4230-A910-E5C9CECDBE97}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War Thunder\launcher.exe (GAIJIN NETWORK LTD -> Gaijin)
FirewallRules: [TCP Query User{0A9B6556-900C-4C02-A2A7-FD5ADB609EC0}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe (GAIJIN NETWORK LTD -> Gaijin Entertainment)
FirewallRules: [UDP Query User{78E314C6-DF58-4473-8DB8-3A94BE11D5C7}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe (GAIJIN NETWORK LTD -> Gaijin Entertainment)
FirewallRules: [{A8A02E9B-4E99-4070-8BB5-8EAC6B282667}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Buckshot Roulette\Buckshot Roulette_windows\Buckshot Roulette.exe (Mike Klubnika) [File not signed]
FirewallRules: [{E32101B6-39AD-4047-8E92-3C78A51CA829}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Buckshot Roulette\Buckshot Roulette_windows\Buckshot Roulette.exe (Mike Klubnika) [File not signed]
FirewallRules: [{B4A51DE5-D380-4FC0-B49A-B5A11E983A26}] => (Allow) C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
FirewallRules: [{5EB5E61D-23B1-4ED3-9687-5386D0BE5F99}] => (Allow) C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
FirewallRules: [{EBAE04E1-C6BD-4CFD-9A31-6B740054E64F}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe => No File
FirewallRules: [{582F90B1-4377-4869-8EAC-5A218EC24AD5}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe => No File
FirewallRules: [{97351440-DD16-4540-B252-DCE76DCB51FC}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe => No File
FirewallRules: [{0919CFA6-1633-49CF-98BF-8FCE1DD30F13}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe => No File
FirewallRules: [{10EEE460-C9CB-457C-9085-EA4897DA4212}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix_DX11.exe => No File
FirewallRules: [{3121491F-42CE-4D19-848E-3949DE620872}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix_DX11.exe => No File
FirewallRules: [{CC3AD8DB-928F-4D87-A1BA-C5578B8C89F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ready Or Not\Engine\Binaries\Win64\CrashReporter.exe => No File
FirewallRules: [{63C3BA27-98E5-492F-8302-86A506E68E88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ready Or Not\Engine\Binaries\Win64\CrashReporter.exe => No File
FirewallRules: [TCP Query User{A3012A8F-6B68-4382-9088-45E669EC38F5}C:\users\george\appdata\local\capcut\apps\5.5.0.2028\capcut.exe] => (Allow) C:\users\george\appdata\local\capcut\apps\5.5.0.2028\capcut.exe (Bytedance Pte. Ltd. -> ByteDance)
FirewallRules: [UDP Query User{BE33A590-4871-4C1A-8DC7-8AB4CBE88B14}C:\users\george\appdata\local\capcut\apps\5.5.0.2028\capcut.exe] => (Allow) C:\users\george\appdata\local\capcut\apps\5.5.0.2028\capcut.exe (Bytedance Pte. Ltd. -> ByteDance)
FirewallRules: [{AC967B42-DFD7-4B9D-B42E-2798BDB2AA9C}] => (Allow) C:\Users\George\Downloads\hitpaw-vikpea-bing_11737580208101781601.exe (HITPAW CO., LIMITED -> HitPaw)
FirewallRules: [{D20750F1-9239-4C57-BBE5-CB85C2C24113}] => (Allow) C:\Users\George\Downloads\hitpaw-vikpea-bing_11737580208101781601.exe (HITPAW CO., LIMITED -> HitPaw)
FirewallRules: [{7392BE3D-E06A-45DD-981A-3243C37AD011}] => (Allow) C:\Users\George\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe (Wondershare Technology Group Co.,Ltd -> Wondershare)
FirewallRules: [{557FC47E-6BDB-4FC0-8BE3-4BC075129E8B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A23E4016-0B7A-47DC-9781-5A4A071525D0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CA42211E-8F13-47E6-917F-1ABC8D8B7C19}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{29D9141F-8C04-4710-9C26-2BA1D964FD20}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{59947B4E-ACF8-4CFE-962B-E065EE9EA8A5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{5A135330-CDD6-4B39-8945-8BE40D0BD8C6}C:\xboxgames\ark- survival ascended\content\shootergame\binaries\wingdk\arkascended.exe] => (Allow) C:\xboxgames\ark- survival ascended\content\shootergame\binaries\wingdk\arkascended.exe => No File
FirewallRules: [UDP Query User{CEB353E0-8404-4DE2-AAC5-95DBE1F8368C}C:\xboxgames\ark- survival ascended\content\shootergame\binaries\wingdk\arkascended.exe] => (Allow) C:\xboxgames\ark- survival ascended\content\shootergame\binaries\wingdk\arkascended.exe => No File
FirewallRules: [{71774D5A-55E0-4127-BC93-4173A7004802}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sons Of The Forest\SonsOfTheForest.exe () [File not signed]
FirewallRules: [{F6C46B5F-9C51-4351-AABA-4B25BDEEA2FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sons Of The Forest\SonsOfTheForest.exe () [File not signed]
FirewallRules: [{1253A423-57C4-412F-8BA3-85A086FF1BCB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK Survival Ascended\ShooterGame\Binaries\Win64\ArkAscended_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{45FF44D7-52E2-4853-93D5-D5787244B5B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK Survival Ascended\ShooterGame\Binaries\Win64\ArkAscended_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{E046F8EA-C7DD-415A-98EA-74A1912A31FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK Survival Ascended\ShooterGame\Binaries\Win64\ArkAscended.exe (Wildcard Properties LLC -> Epic Games, Inc.)
FirewallRules: [{E736B25A-13B5-415B-96CC-229409C38CCA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK Survival Ascended\ShooterGame\Binaries\Win64\ArkAscended.exe (Wildcard Properties LLC -> Epic Games, Inc.)
FirewallRules: [TCP Query User{CD64CBFC-F1D6-4B04-8DB0-5A9188C67E34}C:\users\george\appdata\local\capcut\apps\5.7.0.2081\capcut.exe] => (Allow) C:\users\george\appdata\local\capcut\apps\5.7.0.2081\capcut.exe (Bytedance Pte. Ltd. -> ByteDance)
FirewallRules: [UDP Query User{4BD8F4BA-2EB1-436C-94ED-238F3485D378}C:\users\george\appdata\local\capcut\apps\5.7.0.2081\capcut.exe] => (Allow) C:\users\george\appdata\local\capcut\apps\5.7.0.2081\capcut.exe (Bytedance Pte. Ltd. -> ByteDance)
FirewallRules: [TCP Query User{84EDA45C-17F8-416D-84C2-BF39C49B4F0B}C:\program files\4kdownload\4kvideodownloaderplus\4kvideodownloaderplus.exe] => (Allow) C:\program files\4kdownload\4kvideodownloaderplus\4kvideodownloaderplus.exe (Open Media LLC -> Open Media LLC)
FirewallRules: [UDP Query User{17CA30AD-640F-4D90-91F4-C97889485819}C:\program files\4kdownload\4kvideodownloaderplus\4kvideodownloaderplus.exe] => (Allow) C:\program files\4kdownload\4kvideodownloaderplus\4kvideodownloaderplus.exe (Open Media LLC -> Open Media LLC)
FirewallRules: [TCP Query User{0149D5B6-8F51-42CF-95A9-47A185AA9B9F}C:\users\george\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-delta\windows-x64\java-runtime-delta\bin\javaw.exe] => (Allow) C:\users\george\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-delta\windows-x64\java-runtime-delta\bin\javaw.exe
FirewallRules: [UDP Query User{B5450F9D-FC31-4E64-A242-2879E1C02D7B}C:\users\george\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-delta\windows-x64\java-runtime-delta\bin\javaw.exe] => (Allow) C:\users\george\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-delta\windows-x64\java-runtime-delta\bin\javaw.exe
FirewallRules: [{4A233CB8-5BCF-4881-9398-7AD31ADB7681}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.256.502.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{82E06EE4-8CE6-47F6-BFA8-0B5FB910F2B7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.256.502.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{525FA78E-3554-42A7-A764-1862FE63D4A7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.256.502.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{A0432CFA-8983-4178-8939-39AB1CE066A1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.256.502.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{899069BB-F870-4806-86B7-D349548D1221}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.256.502.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{B1CFDBC6-F3E5-48D9-B8BD-18B6C37A0C13}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.256.502.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{DC04898E-0CE7-4016-BD4E-74B58A1B41C9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.256.502.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{C6C6495D-76FC-4E71-9796-449F75645702}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.256.502.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{E367E1A5-38BF-46F3-AE6E-CBA5235E0713}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.256.502.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{E8A4B503-C8F0-4C3A-9A8B-E71724AE335E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.256.502.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{8862EF54-6432-4265-8790-55D8943168A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma Reforger\ArmaReforger_BE.exe (BOHEMIA INTERACTIVE a.s. -> BattlEye Innovations)
FirewallRules: [{CD48F7F4-92CD-4781-B184-19CEA418C424}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma Reforger\ArmaReforger_BE.exe (BOHEMIA INTERACTIVE a.s. -> BattlEye Innovations)
FirewallRules: [{715655E2-D054-4DBD-ACDF-1C390E3E3286}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C5B37941-C77B-4412-ABE9-CB3497C3FAFE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Farming Simulator 25\FarmingSimulator2025.exe (GIANTS Software GmbH -> GIANTS Software GmbH)
FirewallRules: [{2EB87BE7-E1D3-4176-B6C2-E56EA95AAF3F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Farming Simulator 25\FarmingSimulator2025.exe (GIANTS Software GmbH -> GIANTS Software GmbH)
FirewallRules: [{D0542713-5F78-4ECB-A8B7-048D51FC5767}] => (Allow) C:\Program Files\Bitdefender\Bitdefender Security\bdntwrk.exe (Bitdefender SRL -> Bitdefender)
FirewallRules: [{1706CC2A-4506-44F2-9058-009662358713}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{42840536-6692-41F9-9919-38B5F5057CB7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cryptic Studios\Neverwinter.exe (CRYPTIC STUDIOS, INC -> )
FirewallRules: [{14B7A4E2-0D99-4C94-95B7-22845377D3EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cryptic Studios\Neverwinter.exe (CRYPTIC STUDIOS, INC -> )
 
==================== Restore Points =========================
 
04-02-2025 11:09:50 Windows Update
 
==================== Faulty Device Manager Devices ============
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (02/08/2025 11:10:39 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\George\AppData\Local\CapCut\Apps\CapCut.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.4541_none_6ebe089c8800e98b.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.4541_none_2710d1c57384c085.manifest.
 
Error: (02/08/2025 11:10:39 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\George\AppData\Local\CapCut\Apps\CapCut.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.4541_none_6ebe089c8800e98b.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.4541_none_2710d1c57384c085.manifest.
 
Error: (02/07/2025 08:42:47 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\George\AppData\Local\CapCut\Apps\CapCut.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.4541_none_6ebe089c8800e98b.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.4541_none_2710d1c57384c085.manifest.
 
Error: (02/07/2025 05:24:44 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\George\AppData\Local\CapCut\Apps\CapCut.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.4541_none_6ebe089c8800e98b.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.4541_none_2710d1c57384c085.manifest.
 
Error: (02/07/2025 05:24:20 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: 322442-1-1)
Description: Application or service 'MMGA Server' could not be shut down.
 
Error: (02/07/2025 05:17:18 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\George\AppData\Local\CapCut\Apps\CapCut.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.4541_none_6ebe089c8800e98b.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.4541_none_2710d1c57384c085.manifest.
 
Error: (02/07/2025 12:18:18 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\George\AppData\Local\CapCut\Apps\CapCut.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.4541_none_6ebe089c8800e98b.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.4541_none_2710d1c57384c085.manifest.
 
Error: (02/07/2025 11:47:21 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\George\AppData\Local\CapCut\Apps\CapCut.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.4541_none_6ebe089c8800e98b.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.4541_none_2710d1c57384c085.manifest.
 
 
System errors:
=============
Error: (02/08/2025 11:10:33 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error (-2147020471 = Secure Boot is not enabled on this machine.). For more information, please see https://go.microsoft...?linkid=2169931
 
Error: (02/08/2025 11:04:36 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error (-2147020471 = Secure Boot is not enabled on this machine.). For more information, please see https://go.microsoft...?linkid=2169931
 
Error: (02/07/2025 09:37:05 PM) (Source: DCOM) (EventID: 10010) (User: 322442-1-1)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
Error: (02/07/2025 09:37:05 PM) (Source: DCOM) (EventID: 10010) (User: 322442-1-1)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
Error: (02/07/2025 09:37:05 PM) (Source: DCOM) (EventID: 10010) (User: 322442-1-1)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
Error: (02/07/2025 09:37:05 PM) (Source: DCOM) (EventID: 10010) (User: 322442-1-1)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
Error: (02/07/2025 09:37:05 PM) (Source: DCOM) (EventID: 10010) (User: 322442-1-1)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
Error: (02/07/2025 09:37:05 PM) (Source: DCOM) (EventID: 10010) (User: 322442-1-1)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
 
Windows Defender:
================
Date: 2025-01-23 19:12:39
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Phonzy.B!ml
Severity: Severe
Category: Trojan
Path: containerfile:_C:\Users\George\Downloads\CapCut Pro 5602062 Crack For PC Free Download 2025.zip; file:_C:\Users\George\Downloads\CapCut Pro 5602062 Crack For PC Free Download 2025.zip->CapCut Pro 5602062 Crack For PC Free Download 2025.exe; webfile:_C:\Users\George\Downloads\CapCut Pro 5602062 Crack For PC Free Download 2025.zip|https://s3.amazonaws...821331573221963
Detection Origin: Internet
Detection Type: FastPath
Detection Source: Downloads and attachments
Process Name: Unknown
Security intelligence Version: AV: 1.421.1506.0, AS: 1.421.1506.0, NIS: 1.421.1506.0
Engine Version: AM: 1.1.24090.11, NIS: 1.1.24090.11 
 
Date: 2025-01-23 17:42:29
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2025-01-23 17:06:02
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2025-01-20 12:05:33
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2025-01-19 23:25:05
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Wacatac.B!ml
Severity: Severe
Category: Trojan
Path: file:_C:\Users\George\AppData\Local\Temp\Rar$EXb2492.39301.rartemp\!Open--FileZ\setup.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Program Files\WinRAR\WinRAR.exe
Security intelligence Version: AV: 1.421.1442.0, AS: 1.421.1442.0, NIS: 1.421.1442.0
Engine Version: AM: 1.1.24090.11, NIS: 1.1.24090.11 
Event[0]
 
Date: 2025-02-05 20:15:25
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x8007045b
Error description: A system shutdown is in progress. 
Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the device. 
 
Date: 2025-02-04 21:28:11
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80501102
Error description: An unexpected problem occurred. Install any available updates, then try to start the program again. For information on installing updates, see Help and Support. 
Security intelligence Version: 1.421.1630.0;1.421.1630.0
Engine Version: 1.1.24090.11 
 
Date: 2025-01-31 12:06:10
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.421.1506.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.24090.11
Error code: 0x80240017
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.  
 
Date: 2025-01-31 12:05:05
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80501102
Error description: An unexpected problem occurred. Install any available updates, then try to start the program again. For information on installing updates, see Help and Support. 
Security intelligence Version: 1.421.1506.0;1.421.1506.0
Engine Version: 1.1.24090.11 
 
Date: 2025-01-30 14:51:25
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.421.1506.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.24090.11
Error code: 0x80240017
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.  
 
CodeIntegrity:
===============
Date: 2025-02-06 13:44:30
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender Security\bdamsi\dlls_267059357120000000\antimalware_provider64.dll that did not meet the Windows signing level requirements. 
 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. 3024 08/02/2024
Motherboard: ASUSTeK COMPUTER INC. PRIME B650M-A WIFI II
Processor: AMD Ryzen 9 7900X 12-Core Processor 
Percentage of memory in use: 51%
Total physical RAM: 32404.75 MB
Available physical RAM: 15741 MB
Total Virtual: 44692.75 MB
Available Virtual: 21969.09 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:912.84 GB) (Free:225.16 GB) (Model: ADATA LEGEND 800) NTFS
 
\\?\Volume{22dae432-26de-4ffd-86e7-4cce9f2d0826}\ (Recovery tools) (Fixed) (Total:18.55 GB) (Free:4.69 GB) NTFS
\\?\Volume{bd241936-7691-485b-b43b-aeefae1ff068}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A863A42A)
 
Partition: GPT.
 
==================== End of Addition.txt =======================
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-02-2025
Ran by George (administrator) on 322442-1-1 (ASUS System Product Name) (08-02-2025 11:26:17)
Running from C:\Users\George\Downloads\FRST64.exe
Loaded Profiles: George
Platform: Microsoft Windows 11 Pro Version 23H2 22631.4751 (X64) Language: English (United Kingdom)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.256.502.0_x64__zpdnekdrzrea0\Spotify.exe <6>
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe ->) (ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent\ArmourySwAgent.exe
(C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe ->) (ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmouryWebBrowserEdge.exe
(C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmouryWebBrowserEdge.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe <6>
(C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe ->) (Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe <2>
(C:\Program Files (x86)\Steam\steam.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe ->) (Ubisoft Entertainment Sweden AB -> Ubisoft) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UplayWebCore.exe <6>
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe ->) (ASUSTEK COMPUTER INCORPORATION -> ASUSTeK COMPUTER INC.) C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.UserSessionHelper.exe
(C:\Program Files\Bitdefender Agent\ProductAgentService.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\27.1.1.11\DiscoverySrv.exe
(C:\Program Files\Bitdefender\Bitdefender Security App\bdservicehost.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security App\bdagent.exe
(C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdntwrk.exe
(C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe ->) (S.C. BITDEFENDER S.R.L. -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\wsccommunicator.exe
(C:\Program Files\LGHUB\lghub_agent.exe ->) (Logitech Inc -> Sentry and Logitech, Inc.) C:\Program Files\LGHUB\logi_crashpad_handler.exe <2>
(C:\Program Files\LGHUB\system_tray\lghub_system_tray.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_agent.exe
(C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe ->) (NVIDIA Corporation -> ) C:\Program Files\NVIDIA Corporation\FrameViewSDK\bin\PresentMon_x64.exe
(C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\FrameViewSDK\FvContainer\FvContainer.exe
(C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\FrameViewSDK\FvContainer\FvContainer.System.exe
(C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe ->) (NVIDIA Corporation -> NVIDIA) C:\Program Files\NVIDIA Corporation\FrameViewSDK\bin\nvrla.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA app\CEF\NVIDIA Overlay.exe <5>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA app\ShadowPlay\nvsphelper64.exe
(C:\Program Files\WindowsApps\AppleInc.iCloud_15.3.138.0_x64__nzyj5cx40ttqa\iCloud\iCloudHome.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc) C:\Program Files\WindowsApps\AppleInc.iCloud_15.3.138.0_x64__nzyj5cx40ttqa\iCloud\iCloudCKKS.exe
(C:\Users\George\AppData\Local\Programs\CurseForge Windows\CurseForge.exe ->) (Overwolf Ltd -> Overwolf LTD) C:\Users\George\AppData\Local\Programs\CurseForge Windows\resources\app.asar.unpacked\plugins\curse\win\Curse.Agent.Host.exe
(C:\Users\George\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe ->) (Wondershare Technology Group Co.,Ltd -> Wondershare) C:\Users\George\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe
(C:\Windows\ImmersiveControlPanel\SystemSettings.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SystemSettingsAdminFlows.exe
(Discord Inc. -> Discord Inc.) C:\Users\George\AppData\Local\Discord\app-1.0.9181\Discord.exe <6>
(explorer.exe ->) (Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <11>
(explorer.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\system_tray\lghub_system_tray.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(explorer.exe ->) (Overwolf Ltd -> Overwolf) C:\Users\George\AppData\Local\Programs\CurseForge Windows\CurseForge.exe <8>
(explorer.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <10>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoNotificationUx.exe
(services.exe ->) (ASUSTeK Computer Inc. -> ASUSTek COMPUTER INC.) C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe
(services.exe ->) (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\2.01.07\AsusFanControlService.exe
(services.exe ->) (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AXSP\4.02.12\atkexComSvc.exe
(services.exe ->) (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\LightingService\LightingService.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.) C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe
(services.exe ->) (ASUSTEK COMPUTER INCORPORATION -> ASUSTeK COMPUTER INC.) C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\redline\bdredline.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security App\bdservicehost.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security App\Safepay\bdservicehost.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe <3>
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Windows\System32\DriverStore\FileRepository\logi_lamparray_usb.inf_amd64_3786a31d1dad269d\logi_lamparray_service.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncHelper.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc) C:\Windows\System32\DriverStore\FileRepository\amd3dvcache.inf_amd64_558311a8a60226a4\amd3dvcacheSvc.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\DriverStore\FileRepository\amdfendr.inf_amd64_05bfde18331c4d58\amdfendrsr.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <4>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvrfi.inf_amd64_2c09ed8a3f940967\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (NVIDIA Corporation -> NVIDIA) C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe
(services.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\steamservice.exe
(services.exe ->) (Wondershare Technology Group Co.,Ltd -> Wondershare) C:\Users\George\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe
(sihost.exe ->) (04797BBC-C7BB-462F-9B66-331C81E27C0E -> TranslucentTB Open Source Developers) C:\Program Files\WindowsApps\28017CharlesMilette.TranslucentTB_2024.3.0.0_x64__v826wp6bftszj\TranslucentTB.exe
(sihost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_15.3.138.0_x64__nzyj5cx40ttqa\iCloud\iCloudDrive.exe
(sihost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_15.3.138.0_x64__nzyj5cx40ttqa\iCloud\iCloudHome.exe
(sihost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_15.3.138.0_x64__nzyj5cx40ttqa\iCloud\iCloudPhotos.exe
(sihost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingApp_2501.1001.3.0_x64__8wekyb3d8bbwe\XboxPcTray.exe
(sihost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.25011.11.0_x64__cw5n1h2txyewy\CrossDeviceService.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2504.2.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> ) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.256.502.0_x64__zpdnekdrzrea0\XboxGameBarSpotify.exe
(svchost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_15.3.138.0_x64__nzyj5cx40ttqa\iCloud\ApplePhotoStreams.exe
(svchost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_15.3.138.0_x64__nzyj5cx40ttqa\iCloud\APSDaemon.exe
(svchost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_15.3.138.0_x64__nzyj5cx40ttqa\iCloud\iCloudOutlookConfig.exe
(svchost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple, Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_15.3.138.0_x64__nzyj5cx40ttqa\iCloud\secd.exe
(svchost.exe ->) (ASUSTeK Computer Inc. -> ) C:\Program Files\ASUS\KINGSTON_Aac_DRAM\AacKingstonDramHal_x64.exe
(svchost.exe ->) (ASUSTeK Computer Inc. -> ) C:\Program Files\ASUS\KINGSTON_Aac_DRAM\AacKingstonDramHal_x86.exe
(svchost.exe ->) (ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe
(svchost.exe ->) (ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
(svchost.exe ->) (ASUSTeK Computer Inc. -> ASUSTek Compputer Inc.) C:\Program Files\ASUS\AacMB\Aac3572MbHal_x86.exe <2>
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe <3>
(svchost.exe ->) (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files\ASUS\AacExtCard\extensionCardHal_x86.exe
(svchost.exe ->) (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files\ASUS\ASUS_Aac_DRAM\Aac3572DramHal_x86.exe
(svchost.exe ->) (ASUSTeK Computer Inc. -> TODO: <Company name>) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\ArmouryAIOFanServer.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileCoAuth.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingApp_2501.1001.3.0_x64__8wekyb3d8bbwe\XboxPcApp.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingApp_2501.1001.3.0_x64__8wekyb3d8bbwe\XboxPcAppFT.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <6>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\mmgaserver.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.22621.4740_none_e928b4ac42f6002b\TiWorker.exe
(svchost.exe ->) (Ubisoft Entertainment Sweden AB -> Ubisoft) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftExtension.exe
(SystemSettingsAdminFlows.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Dism\DismHost.exe
(Ubisoft Entertainment Sweden AB -> Ubisoft) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender Security App\bdagent.exe [1088224 2025-01-23] (Bitdefender SRL -> Bitdefender)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe (No File)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2024-09-29] (Wondershare Technology Co.,Ltd -> Wondershare)
HKU\S-1-5-21-2398525475-854880265-1321228765-1001\...\Run: [MicrosoftEdgeAutoLaunch_6F6B3163EF0F3AC776BF72C240C65766] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3923496 2025-01-30] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2398525475-854880265-1321228765-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [5007376 2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2398525475-854880265-1321228765-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4435552 2025-01-28] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-2398525475-854880265-1321228765-1001\...\Run: [Discord] => C:\Users\George\AppData\Local\Discord\Update.exe [1512608 2021-09-21] (Discord Inc. -> GitHub)
HKU\S-1-5-21-2398525475-854880265-1321228765-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [36981208 2025-01-08] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-2398525475-854880265-1321228765-1001\...\Run: [LGHUB] => C:\Program Files\LGHUB\system_tray\lghub_system_tray.exe [22470552 2025-01-27] (Logitech Inc -> Logitech, Inc.)
HKU\S-1-5-21-2398525475-854880265-1321228765-1001\...\Run: [electron.app.CurseForge] => C:\Users\George\AppData\Local\Programs\CurseForge Windows\CurseForge.exe [182262200 2025-02-02] (Overwolf Ltd -> Overwolf)
HKU\S-1-5-18\...\Run: [Norton Download ManagerFORCE_UPGRADE_22_23_10] => C:\PROGRA~3\Norton\{0C55C~1\NORTON~1.EXE /m /noui (No File)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\133.0.6943.59\Installer\chrmstp.exe [2025-02-07] (Google LLC -> Google LLC)
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {8549B7DF-DC12-4516-A322-5DF02D7A9B6C} - System32\Tasks\ASUS\AcPowerNotification => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe [115464 2021-12-17] (ASUSTeK Computer Inc. -> ASUS)
Task: {50356136-FB3F-4632-8156-CE0A90191306} - System32\Tasks\ASUS\ArmouryAIOFanServer => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\ArmouryAIOFanServer.exe [764152 2021-06-10] (ASUSTeK Computer Inc. -> TODO: <Company name>)
Task: {F20F3816-65AC-424B-A1C4-02190572B2A7} - System32\Tasks\ASUS\ArmourySocketServer => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe [2248120 2021-12-17] (ASUSTeK Computer Inc. -> ASUS)
Task: {7E0C90AB-FF83-415D-A8C4-D2AF2C81C9CB} - System32\Tasks\ASUS\ASUSUpdateTaskMachineCore => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [158224 2025-01-03] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {9445463B-C95E-47A6-83CB-507FF5CB79F0} - System32\Tasks\ASUS\ASUSUpdateTaskMachineUA => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [158224 2025-01-03] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {CD4047FA-8E1B-46A8-8D02-D276CFC7AE4D} - System32\Tasks\ASUS\Framework Service => C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe [44443608 2021-12-23] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
Task: {C8130F25-7864-4031-9696-03CE201D15DE} - System32\Tasks\ASUS\NoiseCancelingEngine => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\NoiseCancelingEngine.exe [1241448 2021-10-13] (ASUSTeK Computer Inc. -> ASUS)
Task: {F07A7919-6EED-4D99-A52A-8DE58BCAEB95} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe  (No File)
Task: {13E3318E-9084-4403-8ACF-37DD00D95BEA} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\27.1.1.11\WatchDog.exe [1156400 2025-02-04] (Bitdefender SRL -> Bitdefender) -> C:\Program Files\Bitdefender Agent\27.1.1.11\repair
Task: {2CDAFD2E-5551-47AC-BFEC-30D47DD15EF0} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem134.0.6985.0{0714AEC6-A3FC-4C97-BB8F-6A125F689480} => C:\Program Files (x86)\Google\GoogleUpdater\134.0.6985.0\updater.exe [5672544 2025-01-28] (Google LLC -> Google LLC)
Task: {4E1B8BD3-27AA-46FD-8305-EE958B0BAB62} - System32\Tasks\Microsoft\Office\Office Apps Prewarm => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [222840 2025-02-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {57F2A872-5324-4B10-936E-A0070F60265D} - System32\Tasks\Microsoft\Office\Office Apps Prewarm Recurring => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [222840 2025-02-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {770F9363-557D-4353-B045-008B4C6EC2F3} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28752104 2025-01-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {8EB4A293-F2A0-4F61-B76A-2B52EA4623A8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28752104 2025-01-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {7C1D83AB-0028-467E-B66C-77D87DCE8A0B} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [222840 2025-02-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {CB8E24B5-FEC3-47FF-B83E-32A48D21615D} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [222840 2025-02-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {EE1B2267-C511-4428-AD79-C8C3BA3E83EF} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4488592 2025-01-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
Task: {B6C48A63-3033-41D3-956C-711C9EB69479} - System32\Tasks\NVIDIA app SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA app\CEF\NVIDIA app.exe [3287080 2025-01-25] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {115A060C-A64E-4277-8D50-178A4AD90362} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4222504 2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {F4AF8AFB-B23E-4D76-94D1-2ECD92C50225} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2398525475-854880265-1321228765-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4222504 2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {FA1E6EB8-1EFD-4716-968A-4A4859CB53D2} - System32\Tasks\OneDrive Startup Task-S-1-5-21-2398525475-854880265-1321228765-1001 => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\OneDriveLauncher.exe [447032 2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{ae325af8-a8be-43fa-9a49-fbcd068c3910}: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{ae325af8-a8be-43fa-9a49-fbcd068c3910}: [DhcpDomain] localdomain
Tcpip\..\Interfaces\{e735db10-5068-48cf-9185-f8572a2ef0e9}: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{e735db10-5068-48cf-9185-f8572a2ef0e9}: [DhcpDomain] localdomain
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\George\AppData\Local\Microsoft\Edge\User Data\Default [2025-02-08]
Edge DefaultSearchURL: Default -> hxxps://www.searchwithouthistorysearch.com/search/?category=web&s=eepr&vert=private&q={searchTerms}
Edge DefaultSearchKeyword: Default -> Search With Incognito
Edge DefaultSuggestURL: Default -> hxxps://sug.searchwithouthistorysearch.com/v1/sug/?yid=eepr&vert=private&q={searchTerms}
Edge Extension: (Search With Incognito) - C:\Users\George\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\aegpbigghghmkomaolphakjjppnebdhb [2025-01-06]
Edge Extension: (Honey: Automatic Coupons & Rewards) - C:\Users\George\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\amnbcmdbanbkjhnfoeceemmmdiepnbpp [2025-01-06]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\George\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn [2025-01-23]
Edge Extension: (MetaMask) - C:\Users\George\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ejbalbakoplchlghecdalmeeeajnimhm [2025-01-30]
Edge Extension: (Microsoft Bing Search with Rewards) - C:\Users\George\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fbgcedjacmlbgleddnoacbnijgmiolem [2025-01-06]
Edge Extension: (Google Docs Offline) - C:\Users\George\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-02-05]
Edge Extension: (APK Downloader) - C:\Users\George\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\glngapejbnmnicniccdcemghaoaopdji [2025-01-06]
Edge Extension: (Coinbase Wallet extension) - C:\Users\George\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hnfanknocfeofbddgcijnmhnfnkdnaad [2025-02-05]
Edge Extension: (Edge relevant text changes) - C:\Users\George\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2025-01-06]
Edge Extension: (Custom Cursor for Chrome™) - C:\Users\George\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ogdlpmhglpejoiomcodnpjnfgcpmgale [2025-01-06]
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
 
FireFox:
========
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2025-01-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2025-01-24] (Microsoft Corporation -> Microsoft Corporation)
 
Chrome: 
=======
CHR Profile: C:\Users\George\AppData\Local\Google\Chrome\User Data\Default [2025-02-08]
CHR Extension: (Google Docs Offline) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-02-05]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2025-01-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2025-01-24]
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 amd3dvcacheSvc; C:\Windows\System32\DriverStore\FileRepository\amd3dvcache.inf_amd64_558311a8a60226a4\amd3dvcacheSvc.exe [143432 2024-04-17] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc)
S2 amdpmfservice; C:\Windows\System32\amdpmfservice.exe [52936 2024-05-14] (Advanced Micro Devices -> Advanced Micro Devices, Inc)
R2 ArmouryCrateService; C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe [349408 2021-12-01] (ASUSTEK COMPUTER INCORPORATION -> ASUSTeK COMPUTER INC.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.02.12\atkexComSvc.exe [457544 2021-10-21] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S2 asus; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [158224 2025-01-03] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 AsusCertService; C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe [313008 2021-10-21] (ASUSTeK Computer Inc. -> ASUSTek COMPUTER INC.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\2.01.07\AsusFanControlService.exe [2092872 2021-11-26] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S3 asusm; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [158224 2025-01-03] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S2 AsusUpdateCheck; C:\Windows\System32\AsusUpdateCheck.exe [845256 2025-02-08] (ASUSTeK Computer Inc. -> )
R2 BDAppSrv; C:\Program Files\Bitdefender\Bitdefender Security App\bdservicehost.exe [851640 2025-01-23] (Bitdefender SRL -> Bitdefender)
R2 BDAuxSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [852152 2025-01-23] (Bitdefender SRL -> Bitdefender)
R2 BDProtSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [852152 2025-01-23] (Bitdefender SRL -> Bitdefender)
R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2966176 2023-07-20] (Bitdefender SRL -> Bitdefender)
R2 bdredline_agent; C:\Program Files\Bitdefender Agent\redline\bdredline.exe [2577184 2023-07-20] (Bitdefender SRL -> Bitdefender)
R2 BDSafepaySrv; C:\Program Files\Bitdefender\Bitdefender Security App\Safepay\bdservicehost.exe [852152 2025-01-23] (Bitdefender SRL -> Bitdefender)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [18663720 2025-01-29] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13617336 2025-01-29] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1135648 2025-01-06] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [965872 2025-01-17] (EasyAntiCheat Oy -> Epic Games, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [367064 2024-11-23] (Epic Games Inc. -> Epic Games, Inc.)
R3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncHelper.exe [3532816 2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [15900568 2025-01-27] (Logitech Inc -> Logitech, Inc.)
R2 LightingService; C:\Program Files (x86)\LightingService\LightingService.exe [3683496 2021-11-24] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
R2 logi_lamparray_service; C:\Windows\System32\DriverStore\FileRepository\logi_lamparray_usb.inf_amd64_3786a31d1dad269d\logi_lamparray_service.exe [11177064 2025-01-08] (Logitech Inc -> Logitech, Inc.)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe [1447680 2025-01-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NativePushService; C:\Users\George\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe [564104 2024-12-19] (Wondershare Technology Group Co.,Ltd -> Wondershare)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvrfi.inf_amd64_2c09ed8a3f940967\Display.NvContainer\NVDisplay.Container.exe [1275536 2025-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\25.005.0112.0003\OneDriveUpdaterService.exe [3879464 2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [750872 2025-02-04] (Bitdefender SRL -> Bitdefender)
R2 ROG Live Service; C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe [1665648 2023-07-25] (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [559368 2025-01-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [291224 2025-01-23] (Bitdefender SRL -> Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [852152 2025-01-23] (Bitdefender SRL -> Bitdefender)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe [3199672 2025-01-06] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe [141952 2025-01-06] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 amd3dvcache; C:\Windows\System32\DriverStore\FileRepository\amd3dvcache.inf_amd64_558311a8a60226a4\amd3dvcache.sys [42720 2024-04-17] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
S3 amdacpbus; C:\Windows\System32\DriverStore\FileRepository\amdacpbus2.inf_amd64_5290d8fce0ae2ac2\amdacpbus2.sys [526648 2024-09-20] (Advanced Micro Devices -> Advanced Micro Devices)
R3 amdfendrmgr; C:\Windows\System32\DriverStore\FileRepository\amdfendr.inf_amd64_05bfde18331c4d58\amdfendrmgr.sys [36016 2024-07-30] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdgpio3; C:\Windows\System32\drivers\amdgpio3.sys [33504 2024-07-11] (ASMedia Technology Inc. -> Advanced Micro Devices, Inc)
S3 amdpmf; C:\Windows\System32\drivers\amdpmf.sys [203976 2024-05-14] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
S3 amdsdwc; C:\Windows\System32\DriverStore\FileRepository\amdsdwc.inf_amd64_344a905c03918d5a\amdsdwc.sys [502992 2024-09-20] (Advanced Micro Devices -> Advanced Micro Devices)
S3 amducsi; C:\Windows\System32\drivers\amducsi.sys [81656 2024-03-26] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
S3 amdusb4cm; C:\Windows\System32\drivers\amdusb4cm.sys [593032 2024-04-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
S3 amdwirelessbutton; C:\Windows\System32\drivers\amdwirelessbutton.sys [39032 2024-04-15] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R3 AMDXE; C:\Windows\System32\drivers\amdxe.sys [63008 2024-05-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 AMS-MailBoxDrv; C:\Windows\System32\drivers\AMS-MailBoxDrv.sys [133944 2024-06-04] (Advanced Micro Devices -> Advanced Micro Devices, Inc)
R1 Asusgio2; C:\Windows\system32\drivers\AsIO2.sys [34384 2021-10-21] (ASUSTeK Computer Inc. -> )
R1 Asusgio3; C:\Windows\system32\drivers\AsIO3.sys [43160 2021-10-21] (ASUSTeK Computer Inc. -> )
R1 atc; C:\Windows\System32\DRIVERS\atc.sys [7643696 2024-11-14] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender S.R.L. Bucharest, ROMANIA)
R2 BdDci4; C:\Windows\system32\DRIVERS\bddci4.sys [969776 2024-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [24568 2023-05-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
S3 bdprivmon; C:\Windows\system32\DRIVERS\bdprivmon.sys [49200 2023-08-09] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender SRL)
S3 bduefiscan; C:\Windows\system32\DRIVERS\bduefiscan.sys [42432 2024-07-02] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [188416 2024-08-14] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [File not signed]
S3 cpuz152; C:\Windows\temp\cpuz152\cpuz152_x64.sys [35840 2025-01-03] (Microsoft Windows Hardware Compatibility Publisher -> CPUID) <==== ATTENTION
R1 CTIIO; C:\Windows\system32\drivers\CtiIo64.sys [30728 2025-01-03] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Innovation Co., LTd.)
R1 Gemma; C:\Windows\System32\DRIVERS\gemma.sys [1791064 2024-11-14] (Microsoft Windows Hardware Compatibility Publisher -> BitDefender S.R.L. Bucharest, ROMANIA)
S3 Ignisv2; C:\Windows\system32\DRIVERS\ignisv2.sys [849968 2024-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
R3 logi_audio_surround; C:\Windows\System32\DriverStore\FileRepository\logi_audio.inf_amd64_affafe6e263c4f51\logi_audio_surround.sys [44112 2025-01-08] (Microsoft Windows Hardware Compatibility Publisher -> Logitech, Inc.)
R3 logi_joy_bus_enum; C:\Windows\system32\drivers\logi_joy_bus_enum.sys [44880 2025-01-08] (Logitech Inc -> Logitech)
R3 logi_joy_vir_hid; C:\Windows\system32\drivers\logi_joy_vir_hid.sys [32080 2025-01-08] (Logitech Inc -> Logitech)
R3 logi_joy_xlcore; C:\Windows\system32\drivers\logi_joy_xlcore.sys [73040 2025-01-08] (Logitech Inc -> Logitech)
R3 logi_lamparray; C:\Windows\System32\DriverStore\FileRepository\logi_lamparray_usb.inf_amd64_3786a31d1dad269d\logi_lamparray.sys [89192 2025-01-08] (Logitech Inc -> Logitech, Inc.)
R1 MSIO; C:\Windows\system32\drivers\MsIo64.sys [17424 2020-01-19] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd)
R2 trufos; C:\Windows\System32\DRIVERS\trufos.sys [629184 2023-07-20] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
R0 vlflt; C:\Windows\System32\DRIVERS\vlflt.sys [1403456 2024-09-23] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
S3 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [22104 2025-01-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [606624 2025-01-06] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105888 2025-01-06] (Microsoft Windows -> Microsoft Corporation)
S3 nllWireGuard; \SystemRoot\System32\drivers\nllWireguard.sys [X]
U3 Norton Firewall; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2025-02-08 11:09 - 2025-02-08 11:09 - 000810698 _____ C:\Windows\system32\perfh00C.dat
2025-02-08 11:09 - 2025-02-08 11:09 - 000808258 _____ C:\Windows\system32\perfh00A.dat
2025-02-08 11:09 - 2025-02-08 11:09 - 000802470 _____ C:\Windows\system32\perfh015.dat
2025-02-08 11:09 - 2025-02-08 11:09 - 000796598 _____ C:\Windows\system32\perfh010.dat
2025-02-08 11:09 - 2025-02-08 11:09 - 000760930 _____ C:\Windows\system32\perfh007.dat
2025-02-08 11:09 - 2025-02-08 11:09 - 000166350 _____ C:\Windows\system32\perfc00A.dat
2025-02-08 11:09 - 2025-02-08 11:09 - 000162354 _____ C:\Windows\system32\perfc015.dat
2025-02-08 11:09 - 2025-02-08 11:09 - 000160786 _____ C:\Windows\system32\perfc007.dat
2025-02-08 11:09 - 2025-02-08 11:09 - 000160344 _____ C:\Windows\system32\perfc00C.dat
2025-02-08 11:09 - 2025-02-08 11:09 - 000154380 _____ C:\Windows\system32\perfc010.dat
2025-02-08 11:02 - 2025-02-08 11:26 - 000000000 ____D C:\Windows\SysWOW64\lock.lock
2025-02-07 17:24 - 2025-02-07 17:24 - 000000000 ____D C:\cryptic
2025-02-07 17:22 - 2025-02-07 17:22 - 000000222 _____ C:\Users\George\Desktop\Neverwinter.url
2025-02-06 13:43 - 2025-02-06 13:43 - 000000318 _____ C:\Windows\system32\httpproxy.json
2025-02-06 13:40 - 2025-02-06 13:40 - 000706628 _____ C:\ProgramData\cl.1738849026.bdinstall.v2.bin
2025-02-06 13:40 - 2025-02-06 13:40 - 000132684 _____ C:\ProgramData\cl.kit.1738849025.bdinstall.v2.bin
2025-02-06 13:37 - 2025-02-07 11:46 - 000000000 ____D C:\ProgramData\Bitdefender
2025-02-06 13:37 - 2025-02-06 13:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender Security
2025-02-06 13:37 - 2025-02-06 13:44 - 000000000 ____D C:\Program Files\Common Files\Bitdefender
2025-02-06 13:37 - 2025-02-06 13:42 - 000000000 ____D C:\ProgramData\BDLogging
2025-02-06 13:37 - 2025-02-06 13:37 - 000003842 _____ C:\Windows\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2025-02-06 13:37 - 2025-02-06 13:37 - 000002381 _____ C:\Users\Public\Desktop\Bitdefender.lnk
2025-02-06 13:37 - 2025-02-06 13:37 - 000000000 ____D C:\Windows\system32\elambkup
2025-02-06 13:37 - 2025-02-06 13:37 - 000000000 ____D C:\Users\George\AppData\Roaming\Bitdefender Security App
2025-02-06 13:37 - 2025-02-06 13:37 - 000000000 ____D C:\Users\George\AppData\Roaming\Bitdefender
2025-02-06 13:37 - 2025-02-06 13:37 - 000000000 ____D C:\ProgramData\Gemma
2025-02-06 13:37 - 2025-02-06 13:37 - 000000000 ____D C:\ProgramData\Atc
2025-02-06 13:37 - 2025-02-06 13:37 - 000000000 ____D C:\ProgramData\48C4687D-9760-4F5B-BAB3-60351B0841E4
2025-02-06 13:37 - 2025-02-06 13:37 - 000000000 ____D C:\Program Files\Bitdefender
2025-02-06 13:35 - 2025-02-06 13:35 - 018929976 _____ C:\Users\George\Downloads\bitdefender_avfree.exe
2025-02-06 13:35 - 2025-02-06 13:35 - 000144736 _____ C:\ProgramData\agent.1738848941.bdinstall.v2.bin
2025-02-06 13:35 - 2025-02-06 13:35 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2025-02-06 13:35 - 2025-02-06 13:35 - 000000000 ____D C:\Program Files\Bitdefender Agent
2025-02-06 13:25 - 2025-02-06 13:26 - 000064237 _____ C:\Users\George\Downloads\Addition.txt
2025-02-06 13:24 - 2025-02-08 11:26 - 000038641 _____ C:\Users\George\Downloads\FRST.txt
2025-02-06 13:23 - 2025-02-08 11:26 - 000000000 ____D C:\FRST
2025-02-06 13:23 - 2025-02-06 13:24 - 000000000 ____D C:\Users\George\Downloads\FRST-OlderVersion
2025-02-06 13:22 - 2025-02-06 13:24 - 002403328 _____ (Farbar) C:\Users\George\Downloads\FRST64.exe
2025-02-06 13:21 - 2025-02-06 13:21 - 000003546 _____ C:\Windows\system32\Tasks\OneDrive Startup Task-S-1-5-21-2398525475-854880265-1321228765-1001
2025-02-06 12:58 - 2025-02-06 12:58 - 000000000 ____D C:\Users\George\AppData\Local\ToolLib
2025-02-06 12:58 - 2025-02-06 12:58 - 000000000 ____D C:\ProgramData\ToolLib
2025-02-06 12:56 - 2025-02-06 12:56 - 218172328 _____ (SUPERAntiSpyware) C:\Users\George\Downloads\SUPERAntiSpyware.exe
2025-02-06 12:45 - 2025-02-06 12:45 - 051405480 _____ (Adlice Software ) C:\Users\George\Downloads\RogueKiller_setup (1).exe
2025-02-06 12:44 - 2025-02-06 12:44 - 051405480 _____ (Adlice Software ) C:\Users\George\Downloads\Unconfirmed 415832.crdownload
2025-02-05 15:25 - 2025-02-05 15:25 - 000000000 ____D C:\Users\George\AppData\Roaming\ufcphsom
2025-02-05 15:21 - 2025-02-05 15:22 - 000000000 ____D C:\Windows\LastGood.Tmp
2025-02-05 15:20 - 2025-01-26 18:36 - 000125048 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2025-02-05 15:19 - 2025-01-27 04:45 - 002072440 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2025-02-05 15:19 - 2025-01-27 04:45 - 002072440 _____ C:\Windows\system32\vulkaninfo.exe
2025-02-05 15:19 - 2025-01-27 04:45 - 001614192 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2025-02-05 15:19 - 2025-01-27 04:45 - 001614192 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2025-02-05 15:19 - 2025-01-27 04:45 - 001576840 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2025-02-05 15:19 - 2025-01-27 04:45 - 001576840 _____ C:\Windows\system32\vulkan-1.dll
2025-02-05 15:19 - 2025-01-27 04:45 - 001389960 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2025-02-05 15:19 - 2025-01-27 04:45 - 001389960 _____ C:\Windows\SysWOW64\vulkan-1.dll
2025-02-05 15:19 - 2025-01-27 04:45 - 000477832 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2025-02-05 15:19 - 2025-01-27 04:45 - 000374408 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2025-02-05 15:18 - 2025-01-27 04:41 - 001183392 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2025-02-05 15:18 - 2025-01-27 04:41 - 000670352 _____ (NVIDIA Corporation) C:\Windows\system32\nvofapi64.dll
2025-02-05 15:18 - 2025-01-27 04:41 - 000506008 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvofapi.dll
2025-02-05 15:18 - 2025-01-27 04:40 - 025643168 _____ C:\Windows\system32\nvidia-pcc.exe
2025-02-05 15:18 - 2025-01-27 04:40 - 002194088 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2025-02-05 15:18 - 2025-01-27 04:40 - 001641120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2025-02-05 15:18 - 2025-01-27 04:40 - 001563784 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2025-02-05 15:18 - 2025-01-27 04:40 - 001215624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2025-02-05 15:18 - 2025-01-27 04:40 - 001046168 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2025-02-05 15:18 - 2025-01-27 04:40 - 000903856 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2025-02-05 15:18 - 2025-01-27 04:40 - 000804528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2025-02-05 15:18 - 2025-01-27 04:39 - 019904168 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2025-02-05 15:18 - 2025-01-27 04:39 - 019329200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2025-02-05 15:18 - 2025-01-27 04:39 - 007225008 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2025-02-05 15:18 - 2025-01-27 04:39 - 005500064 _____ (NVIDIA Corporation) C:\Windows\system32\nvcudadebugger.dll
2025-02-05 15:18 - 2025-01-27 04:39 - 003944616 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2025-02-05 15:18 - 2025-01-27 04:39 - 000462496 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2025-02-05 15:18 - 2025-01-27 04:38 - 005913248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2025-02-05 15:18 - 2025-01-27 04:38 - 000853656 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2025-02-05 15:18 - 2025-01-27 04:37 - 005552256 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2025-02-05 15:18 - 2025-01-27 04:37 - 004856992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2025-02-05 15:18 - 2025-01-26 18:36 - 000137640 _____ C:\Windows\system32\nvinfo.pb
2025-02-04 20:52 - 2025-02-04 20:52 - 000000000 ____D C:\Users\George\AppData\Local\GIANTS Crash Reporter
2025-02-04 20:15 - 2025-02-04 20:15 - 000000223 _____ C:\Users\George\Desktop\Farming Simulator 25.url
2025-02-04 11:45 - 2025-02-04 11:45 - 000000000 ____D C:\Users\George\Documents\Custom Office Templates
2025-02-04 11:37 - 2025-02-04 11:37 - 000000000 ____D C:\Users\George\AppData\Roaming\Microsoft\UProof
2025-02-03 14:56 - 2025-02-03 14:56 - 000446013 _____ C:\Users\George\Downloads\Screenshot_3-2-2025_145610_www.amazon.co.uk.jpeg
2025-02-03 14:53 - 2025-02-03 14:53 - 000022310 _____ C:\Users\George\Downloads\Screenshot_3-2-2025_145313_www.amazon.co.uk.jpeg
2025-02-03 14:26 - 2025-02-03 14:26 - 000000282 _____ C:\Users\George\Downloads\shopify_recovery_codes (1).txt
2025-02-03 14:10 - 2025-02-03 14:10 - 000106466 _____ C:\Users\George\Downloads\Screenshot_3-2-2025_141043_www.amazon.co.uk.jpeg
2025-02-03 14:04 - 2025-02-03 14:04 - 000353938 _____ C:\Users\George\Downloads\Screenshot_3-2-2025_14440_www.amazon.co.uk.jpeg
2025-02-03 13:42 - 2025-02-03 13:42 - 000101587 _____ C:\Users\George\Downloads\Screenshot_3-2-2025_134250_www.amazon.co.uk.jpeg
2025-02-03 13:42 - 2025-02-03 13:42 - 000045119 _____ C:\Users\George\Downloads\Screenshot_3-2-2025_134237_www.amazon.co.uk.jpeg
2025-02-03 13:39 - 2025-02-03 13:39 - 000192823 _____ C:\Users\George\Downloads\Screenshot_3-2-2025_13395_www.bing.com.jpeg
2025-02-03 13:23 - 2025-02-03 13:23 - 000061720 _____ C:\Users\George\Downloads\Screenshot_3-2-2025_13233_www.amazon.co.uk.jpeg
2025-02-03 13:22 - 2025-02-03 13:22 - 000069758 _____ C:\Users\George\Downloads\Screenshot_3-2-2025_132247_www.amazon.co.uk.jpeg
2025-01-31 12:07 - 2025-01-31 12:07 - 000000223 _____ C:\Users\George\Desktop\Arma Reforger.url
2025-01-28 17:25 - 2025-01-28 17:25 - 000000000 ____D C:\Users\George\AppData\Local\ToastNotificationManagerCompat
2025-01-28 14:21 - 2025-02-02 14:17 - 000000000 ____D C:\Users\George\AppData\Roaming\HandBrake
2025-01-28 14:21 - 2025-01-28 14:21 - 002652992 _____ (MiniTool) C:\Users\George\Downloads\mmm-setup.exe
2025-01-28 14:21 - 2025-01-28 14:21 - 000000000 ____D C:\Program Files\dotnet
2025-01-28 14:20 - 2025-01-28 14:20 - 024255496 _____ C:\Users\George\Downloads\HandBrake-1.9.0-x86_64-Win_GUI.exe
2025-01-28 14:20 - 2025-01-28 14:20 - 002017152 _____ (MiniTool) C:\Users\George\Downloads\vc-setup.exe
2025-01-28 14:20 - 2025-01-28 14:20 - 000000880 _____ C:\Users\Public\Desktop\HandBrake.lnk
2025-01-28 14:20 - 2025-01-28 14:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HandBrake
2025-01-28 14:20 - 2025-01-28 14:20 - 000000000 ____D C:\Program Files\HandBrake
2025-01-28 13:04 - 2025-01-28 13:04 - 000000856 _____ C:\Users\Public\Desktop\Logitech G HUB.lnk
2025-01-28 13:04 - 2025-01-28 13:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2025-01-28 13:04 - 2025-01-28 13:04 - 000000000 ____D C:\Program Files\LGHUB
2025-01-26 21:53 - 2025-01-26 21:53 - 000000000 ____D C:\Users\George\curseforge
2025-01-26 21:52 - 2025-02-08 11:18 - 000000000 ____D C:\Users\George\AppData\Roaming\CurseForge
2025-01-26 21:52 - 2025-01-27 14:08 - 000000000 ____D C:\Users\George\AppData\Local\curseforge-updater
2025-01-26 21:52 - 2025-01-26 21:52 - 002195832 _____ (Overwolf Ltd.) C:\Users\George\Downloads\CurseForge Windows - Installer.exe
2025-01-26 21:52 - 2025-01-26 21:52 - 000002441 _____ C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CurseForge.lnk
2025-01-26 21:52 - 2025-01-26 21:52 - 000002433 _____ C:\Users\George\Desktop\CurseForge.lnk
2025-01-26 21:52 - 2025-01-26 21:52 - 000000000 ____D C:\Users\George\AppData\Roaming\ow-electron
2025-01-26 21:52 - 2025-01-26 21:52 - 000000000 ____D C:\Users\George\AppData\Local\Overwolf
2025-01-26 21:39 - 2025-01-26 21:55 - 000000000 ____D C:\Users\George\AppData\Roaming\.minecraft
2025-01-26 15:23 - 2025-01-26 15:23 - 000815632 _____ (Open Media LLC) C:\Users\George\Downloads\4ktokkit_2.7.4_x64_online (1).exe
2025-01-26 15:23 - 2025-01-26 15:23 - 000000842 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Tokkit.lnk
2025-01-26 15:23 - 2025-01-26 15:23 - 000000830 _____ C:\Users\Public\Desktop\4K Tokkit.lnk
2025-01-26 15:22 - 2025-01-26 15:22 - 000815632 _____ (Open Media LLC) C:\Users\George\Downloads\4ktokkit_2.7.4_x64_online.exe
2025-01-26 13:48 - 2025-01-26 13:48 - 000000000 ____D C:\Users\George\AppData\Local\StreamingVideoProvider
2025-01-25 16:23 - 2025-01-25 16:23 - 000000000 ____D C:\Users\George\AppData\Local\Bytedance
2025-01-25 15:54 - 2025-01-25 15:54 - 000000000 ____D C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CapCut
2025-01-25 15:52 - 2025-01-25 15:54 - 000001365 _____ C:\Users\George\Desktop\CapCut.lnk
2025-01-25 15:51 - 2025-01-25 18:06 - 000000000 ____D C:\Users\George\AppData\Local\CapCut
2025-01-25 12:22 - 2025-02-06 14:51 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2025-01-25 12:22 - 2025-01-25 12:22 - 000000000 ____D C:\Windows\system32\%userprofile%
2025-01-24 22:30 - 2025-02-07 11:30 - 000002214 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-01-24 22:30 - 2025-02-07 11:30 - 000002173 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2025-01-24 22:30 - 2025-01-24 22:30 - 010384768 _____ (Google LLC) C:\Users\George\Downloads\ChromeSetup.exe
2025-01-24 22:30 - 2025-01-24 22:30 - 000000000 ____D C:\Windows\system32\Tasks\GoogleSystem
2025-01-24 22:30 - 2025-01-24 22:30 - 000000000 ____D C:\Users\George\AppData\Local\Google
2025-01-24 22:30 - 2025-01-24 22:30 - 000000000 ____D C:\Program Files\Google
2025-01-24 22:30 - 2025-01-24 22:30 - 000000000 ____D C:\Program Files (x86)\Google
2025-01-24 22:18 - 2025-01-24 22:18 - 000000000 ____D C:\Users\George\AppData\Roaming\Topaz Labs LLC
2025-01-24 22:18 - 2025-01-24 22:18 - 000000000 ____D C:\Users\George\AppData\Local\Topaz Labs LLC
2025-01-24 21:59 - 2025-01-24 21:59 - 000000000 ____D C:\ProgramData\Topaz Labs LLC
2025-01-24 21:59 - 2025-01-24 21:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Topaz Video AI
2025-01-24 21:59 - 2025-01-24 21:59 - 000000000 ____D C:\Program Files\Topaz Labs LLC
2025-01-24 21:38 - 2025-01-24 21:38 - 000000000 ____D C:\Users\George\.cache
2025-01-24 21:36 - 2025-01-24 21:36 - 007808856 _____ (anyukit-setup) C:\Users\George\Downloads\anyukit-win.exe
2025-01-24 21:36 - 2025-01-24 21:36 - 000000553 _____ C:\Users\George\Desktop\AnyUkit.lnk
2025-01-24 21:36 - 2025-01-24 21:36 - 000000000 ____D C:\Users\George\Downloads\AnyUkit
2025-01-24 21:36 - 2025-01-24 21:36 - 000000000 ____D C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyUkit
2025-01-24 21:36 - 2025-01-24 21:36 - 000000000 ____D C:\Users\George\AppData\Local\AnyUkit
2025-01-24 21:36 - 2025-01-24 21:36 - 000000000 ____D C:\Program Files\AnyUkit
2025-01-24 21:32 - 2025-01-24 21:32 - 000832120 _____ (Open Media LLC) C:\Users\George\Downloads\4kvideodownloaderplus_1.10.5_x64_online (1).exe
2025-01-24 16:46 - 2025-01-24 16:46 - 000000000 ____D C:\Users\George\AppData\LocalLow\Endnight
2025-01-24 16:43 - 2025-01-24 16:43 - 000000223 _____ C:\Users\George\Desktop\Sons Of The Forest.url
2025-01-24 16:41 - 2025-01-24 16:41 - 000000223 _____ C:\Users\George\Desktop\ARK Survival Ascended.url
2025-01-24 16:10 - 2025-01-24 16:10 - 000000000 ____D C:\Users\George\AppData\Roaming\Valve Corporation
2025-01-24 11:24 - 2025-01-24 11:24 - 006374000 _____ C:\Users\George\Downloads\iCloud Photos (1).zip
2025-01-24 11:16 - 2025-01-24 11:16 - 000000000 ____D C:\Users\George\AppData\Roaming\Microsoft\Proof
2025-01-24 11:13 - 2025-02-06 13:21 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2025-01-24 11:13 - 2025-02-06 13:21 - 000002139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2025-01-24 11:13 - 2025-02-04 11:42 - 000000000 ____D C:\Users\George\AppData\Roaming\Microsoft\Word
2025-01-24 11:13 - 2025-02-04 11:37 - 000000000 ____D C:\Users\George\AppData\Roaming\Microsoft\Office
2025-01-24 11:13 - 2025-01-25 12:22 - 000000000 ___RD C:\Users\Default\OneDrive
2025-01-24 11:13 - 2025-01-24 11:13 - 000000000 ____D C:\Users\George\AppData\Roaming\Microsoft\AddIns
2025-01-24 11:11 - 2025-01-24 11:11 - 000002541 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2025-01-24 11:11 - 2025-01-24 11:11 - 000002503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2025-01-24 11:11 - 2025-01-24 11:11 - 000002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2025-01-24 11:11 - 2025-01-24 11:11 - 000002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2025-01-24 11:11 - 2025-01-24 11:11 - 000002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sticky Notes (new).lnk
2025-01-24 11:11 - 2025-01-24 11:11 - 000002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2025-01-24 11:11 - 2025-01-24 11:11 - 000002460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2025-01-24 11:11 - 2025-01-24 11:11 - 000002454 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook (classic).lnk
2025-01-24 11:11 - 2025-01-24 11:11 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2025-01-24 11:11 - 2025-01-24 11:11 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2025-01-24 11:11 - 2025-01-24 11:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2025-01-24 11:05 - 2025-02-07 17:25 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2025-01-24 11:05 - 2025-01-24 11:05 - 000000000 ____D C:\Program Files\Microsoft Office 15
2025-01-24 10:51 - 2025-01-24 10:51 - 000000000 ____D C:\Users\George\AppData\LocalLow\Temp
2025-01-23 21:48 - 2025-02-08 11:03 - 000000000 ___RD C:\Users\George\iCloudDrive
2025-01-23 21:44 - 2025-01-23 21:44 - 000000000 ____D C:\ProgramData\Apple Computer
2025-01-23 21:42 - 2025-01-23 21:42 - 000000000 ____D C:\ProgramData\Apple Inc
2025-01-23 21:42 - 2025-01-23 21:42 - 000000000 ____D C:\ProgramData\Apple
2025-01-23 21:39 - 2025-01-23 21:39 - 000217500 _____ C:\Users\George\Downloads\IMG_0114.JPEG
2025-01-23 21:38 - 2025-01-23 21:38 - 000462260 _____ C:\Users\George\Downloads\IMG_0105.JPEG
2025-01-23 21:35 - 2025-01-23 21:35 - 000864497 _____ C:\Users\George\Downloads\IMG_0061.JPEG
2025-01-23 21:35 - 2025-01-23 21:35 - 000230824 _____ C:\Users\George\Downloads\IMG_5929.JPEG
2025-01-23 21:31 - 2025-01-23 21:31 - 000352227 _____ C:\Users\George\Downloads\IMG_5574.JPEG
2025-01-23 21:31 - 2025-01-23 21:31 - 000250271 _____ C:\Users\George\Downloads\IMG_5630.JPEG
2025-01-23 21:30 - 2025-01-23 21:30 - 000388522 _____ C:\Users\George\Downloads\IMG_5159.JPEG
2025-01-23 21:27 - 2025-01-23 21:27 - 000426514 _____ C:\Users\George\Downloads\IMG_4939.JPEG
2025-01-23 21:26 - 2025-01-23 21:26 - 000332034 _____ C:\Users\George\Downloads\IMG_4695.JPEG
2025-01-23 21:25 - 2025-01-23 21:26 - 001230445 _____ C:\Users\George\Downloads\iCloud Photos.zip
2025-01-23 21:24 - 2025-01-23 21:24 - 000276776 _____ C:\Users\George\Downloads\IMG_4507.JPEG
2025-01-23 21:24 - 2025-01-23 21:24 - 000140243 _____ C:\Users\George\Downloads\IMG_4480.JPEG
2025-01-23 21:22 - 2025-01-23 21:22 - 000411832 _____ C:\Users\George\Downloads\IMG_4337.JPEG
2025-01-23 21:21 - 2025-01-23 21:21 - 000481047 _____ C:\Users\George\Downloads\IMG_4321.JPEG
2025-01-23 21:20 - 2025-01-23 21:20 - 000396221 _____ C:\Users\George\Downloads\IMG_4292.JPEG
2025-01-23 21:18 - 2025-01-23 21:18 - 000267140 _____ C:\Users\George\Downloads\IMG_3815.JPEG
2025-01-23 21:13 - 2025-01-23 21:13 - 000153757 _____ C:\Users\George\Downloads\IMG_4544.JPEG
2025-01-23 21:09 - 2025-01-23 21:09 - 000307702 _____ C:\Users\George\Downloads\IMG_3890.JPEG
2025-01-23 21:06 - 2025-01-23 21:06 - 000323011 _____ C:\Users\George\Downloads\IMG_3385.JPEG
2025-01-23 20:59 - 2025-01-23 20:59 - 000302586 _____ C:\Users\George\Downloads\F36A1744-4588-4CBC-9F3F-41D8F673A544.JPEG
2025-01-23 20:59 - 2025-01-23 20:59 - 000116452 _____ C:\Users\George\Downloads\9DBCB5B8-3B14-4B82-8B18-E4F4ADC3B0FE.JPEG
2025-01-23 20:58 - 2025-01-23 20:58 - 000282420 _____ C:\Users\George\Downloads\IMG_2584.JPEG
2025-01-23 20:57 - 2025-01-23 20:57 - 000215897 _____ C:\Users\George\Downloads\D2E05845-22C9-4443-B493-D1285DDD0F34.JPEG
2025-01-23 20:56 - 2025-01-23 20:56 - 000197620 _____ C:\Users\George\Downloads\3917ab91-bf62-4d1a-8cd0-d16bdcacf51e.JPEG
2025-01-23 20:55 - 2025-01-23 20:55 - 000048203 _____ C:\Users\George\Downloads\af66e137-0b8b-451d-bb8e-f5c1083abb4e.JPEG
2025-01-23 20:52 - 2025-01-23 20:52 - 000173805 _____ C:\Users\George\Downloads\a2aff766-543b-44ea-921a-67686fbeb2bb.JPEG
2025-01-23 20:48 - 2025-01-23 20:48 - 000783762 _____ C:\Users\George\Downloads\IMG_0740.JPEG
2025-01-23 20:48 - 2025-01-23 20:48 - 000754348 _____ C:\Users\George\Downloads\IMG_0399.JPEG
2025-01-23 20:47 - 2025-01-23 20:47 - 000080151 _____ C:\Users\George\Downloads\IMG_20211205_022831_598.JPEG
2025-01-23 20:46 - 2025-01-23 20:46 - 000352424 _____ C:\Users\George\Downloads\Screenshot_20211129-203441_WhatsApp.JPEG
2025-01-23 20:04 - 2025-01-24 13:34 - 002305440 _____ C:\Users\George\Downloads\CapCut_7441457733406162999_installer.exe
2025-01-23 19:16 - 2025-01-23 19:16 - 000000000 ____D C:\ProgramData\Malwarebytes
2025-01-23 19:16 - 2025-01-23 19:16 - 000000000 ____D C:\Program Files\Malwarebytes
2025-01-23 19:14 - 2025-01-23 19:14 - 000000000 ____D C:\Users\George\AppData\Roaming\Manage
2025-01-23 19:14 - 2025-01-23 19:14 - 000000000 ____D C:\Users\George\AppData\LocalLow\boost_interprocess
2025-01-23 16:44 - 2025-01-24 10:40 - 000000000 ____D C:\ProgramData\Wondershare
2025-01-23 16:44 - 2025-01-23 16:46 - 000000000 ____D C:\ProgramData\Wondershare Filmora
2025-01-23 16:44 - 2025-01-23 16:45 - 000000000 ____D C:\Users\George\AppData\Roaming\Wondershare
2025-01-23 16:44 - 2025-01-23 16:44 - 000001468 _____ C:\Users\George\Desktop\Wondershare Filmora 14.lnk
2025-01-23 16:44 - 2025-01-23 16:44 - 000000000 ____D C:\Voiceover
2025-01-23 16:44 - 2025-01-23 16:44 - 000000000 ____D C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wondershare
2025-01-23 16:44 - 2025-01-23 16:44 - 000000000 ____D C:\Users\George\AppData\Local\Wondershare
2025-01-23 16:44 - 2024-12-06 15:49 - 000754688 _____ C:\Windows\system32\FilmoraContextMenu.dll
2025-01-23 16:42 - 2025-01-23 16:44 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2025-01-22 21:19 - 2025-01-22 21:19 - 000000000 ____D C:\Users\George\AppData\Roaming\.HitPawVideoEnhancerCache
2025-01-22 21:11 - 2025-02-05 15:26 - 000000000 ____D C:\Users\George\AppData\Local\HitPaw Software
2025-01-22 21:11 - 2025-01-22 21:11 - 000000000 ____D C:\Users\George\downloadtemp
2025-01-22 21:11 - 2025-01-22 21:11 - 000000000 ____D C:\Users\George\AppData\Roaming\TSHelpService
2025-01-22 21:10 - 2025-02-05 15:25 - 000000000 ____D C:\Program Files (x86)\HitPaw
2025-01-22 21:10 - 2025-01-22 21:10 - 002882816 _____ (HitPaw) C:\Users\George\Downloads\hitpaw-vikpea-bing_11737580208101781601.exe
2025-01-21 20:36 - 2025-01-21 20:36 - 000000000 ____D C:\Users\George\AppData\Roaming\mssdk
2025-01-21 20:36 - 2025-01-21 20:36 - 000000000 ____D C:\Users\George\AppData\Local\VEDetector
2025-01-19 22:37 - 2025-01-19 22:37 - 000000000 ____D C:\Users\George\AppData\Roaming\Norton
2025-01-19 22:33 - 2025-01-19 22:33 - 001928936 _____ (Gen Digital Inc.) C:\Users\George\Downloads\norton_vpn_online_setup.exe
2025-01-19 19:40 - 2025-01-19 19:40 - 000001545 _____ C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\4K Video Downloader+.lnk
2025-01-19 19:27 - 2025-02-05 15:26 - 000000000 ____D C:\Users\George\AppData\Local\cache
2025-01-19 19:27 - 2025-01-26 15:23 - 000000000 ____D C:\Users\George\AppData\Local\4kdownload.com
2025-01-19 19:27 - 2025-01-26 15:23 - 000000000 ____D C:\Program Files\4KDownload
2025-01-19 19:27 - 2025-01-24 21:32 - 000000996 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Video Downloader+.lnk
2025-01-19 19:27 - 2025-01-24 21:32 - 000000984 _____ C:\Users\Public\Desktop\4K Video Downloader+.lnk
2025-01-19 19:27 - 2025-01-19 19:27 - 000832120 _____ (Open Media LLC) C:\Users\George\Downloads\4kvideodownloaderplus_1.10.5_x64_online.exe
2025-01-19 18:15 - 2025-01-19 20:56 - 000000000 ____D C:\Users\George\AppData\Roaming\com.adobe.dunamis
2025-01-19 17:39 - 2025-01-19 17:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxon
2025-01-19 17:36 - 2025-01-19 17:40 - 000000000 ____D C:\Program Files\Maxon Cinema 4D 2024
2025-01-19 17:35 - 2025-02-06 15:45 - 000000000 ____D C:\Program Files\Adobe
2025-01-19 17:34 - 2025-02-06 15:45 - 000000000 ____D C:\Program Files\Common Files\Adobe
2025-01-19 17:34 - 2025-02-05 15:25 - 000000000 ____D C:\Users\George\AppData\Local\Adobe
2025-01-19 17:34 - 2025-02-05 15:25 - 000000000 ____D C:\ProgramData\Adobe
2025-01-19 17:33 - 2025-01-19 17:33 - 000000000 ____D C:\Users\George\AppData\Local\OneDrive
2025-01-19 17:29 - 2025-01-19 17:29 - 000000000 ____D C:\Users\George\AppData\Roaming\WinRAR
2025-01-19 17:29 - 2025-01-19 17:29 - 000000000 ____D C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2025-01-19 17:29 - 2025-01-19 17:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2025-01-19 17:29 - 2025-01-19 17:29 - 000000000 ____D C:\Program Files\WinRAR
2025-01-19 13:41 - 2025-01-19 13:41 - 000000000 ____D C:\Users\George\AppData\LocalLow\TheGameBakers
2025-01-18 21:10 - 2025-01-18 21:10 - 000000000 ____D C:\Users\Public\mod.io
2025-01-18 21:06 - 2025-01-18 21:06 - 000000000 ____D C:\Users\George\AppData\Local\mod.io
2025-01-18 21:02 - 2025-01-24 22:52 - 000000000 ____D C:\Users\George\AppData\Local\ReadyOrNot
2025-01-17 21:51 - 2025-01-17 21:51 - 000000000 ___SH C:\Users\Public\Shared Files
2025-01-17 21:44 - 2025-01-17 21:44 - 000000000 ____D C:\Users\George\AppData\Local\FortniteGame
2025-01-17 21:44 - 2025-01-17 21:44 - 000000000 ____D C:\Users\George\AppData\Local\CrashReportClient
2025-01-17 21:16 - 2025-01-17 21:16 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2025-01-15 13:03 - 2025-01-15 13:03 - 000000000 ____D C:\Users\George\AppData\LocalLow\LuckyVR
2025-01-15 13:03 - 2025-01-15 13:03 - 000000000 ____D C:\Users\George\AppData\Local\AWSToolkit
2025-01-13 12:52 - 2025-01-17 21:44 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat_EOS
2025-01-13 12:52 - 2025-01-13 12:52 - 000000000 ____D C:\Users\George\AppData\LocalLow\Facepunch Studios LTD
2025-01-13 12:52 - 2025-01-13 12:52 - 000000000 ____D C:\Users\George\AppData\Local\GameAnalytics
2025-01-12 18:37 - 2025-01-12 18:37 - 000000000 ____D C:\Users\George\AppData\Roaming\fltk.org
2025-01-12 18:37 - 2025-01-12 18:37 - 000000000 ____D C:\ProgramData\fltk.org
2025-01-12 00:19 - 2025-01-12 00:19 - 000000000 ____D C:\Users\George\AppData\Roaming\Microsoft\MMC
2025-01-11 17:42 - 2025-01-11 17:43 - 000000000 ____D C:\Users\George\AppData\Local\Ubisoft
2025-01-09 20:35 - 2025-01-19 22:34 - 000000000 ____D C:\Windows\system32\Tasks\Remediation
2025-01-09 16:42 - 2025-01-10 11:38 - 000000000 ____D C:\Users\George\AppData\Local\Norton
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2025-02-08 11:26 - 2025-01-06 13:34 - 000000000 ____D C:\Program Files (x86)\Steam
2025-02-08 11:18 - 2022-05-07 05:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-02-08 11:09 - 2025-01-03 14:39 - 005546664 _____ C:\Windows\system32\PerfStringBackup.INI
2025-02-08 11:09 - 2022-05-07 05:22 - 000000000 ____D C:\Windows\INF
2025-02-08 11:06 - 2025-01-06 14:30 - 000000000 ____D C:\Users\George\AppData\Local\Ubisoft Game Launcher
2025-02-08 11:04 - 2025-01-06 13:38 - 000000000 ____D C:\Users\George\AppData\Roaming\discord
2025-02-08 11:03 - 2025-01-08 15:02 - 000000000 ____D C:\Users\George\AppData\Local\LGHUB
2025-02-08 11:03 - 2025-01-06 13:38 - 000000000 ____D C:\Users\George\AppData\Local\Discord
2025-02-08 11:02 - 2025-01-06 13:08 - 000000000 ___RD C:\Users\George\OneDrive
2025-02-08 11:02 - 2025-01-03 14:37 - 000000000 ____D C:\ProgramData\NVIDIA
2025-02-08 11:02 - 2025-01-03 14:32 - 000901328 _____ () C:\Windows\system32\wpbbin.exe
2025-02-08 11:02 - 2025-01-03 14:32 - 000845256 _____ C:\Windows\system32\AsusUpdateCheck.exe
2025-02-08 11:02 - 2025-01-03 14:32 - 000012288 ___SH C:\DumpStack.log.tmp
2025-02-08 11:02 - 2025-01-03 14:32 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2025-02-08 11:02 - 2025-01-03 14:32 - 000000000 ____D C:\Windows\system32\SleepStudy
2025-02-08 11:02 - 2022-05-07 05:24 - 000000000 ____D C:\Windows\AppReadiness
2025-02-07 21:37 - 2022-05-07 05:17 - 000786432 _____ C:\Windows\system32\config\BBI
2025-02-07 18:18 - 2025-01-03 14:40 - 000000000 ____D C:\Program Files\ASUS
2025-02-07 17:41 - 2022-05-07 05:24 - 000000000 ____D C:\Windows\SystemTemp
2025-02-07 17:26 - 2025-01-06 13:07 - 000000000 ____D C:\Users\George\AppData\Local\D3DSCache
2025-02-07 17:22 - 2025-01-06 13:35 - 000000000 ____D C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2025-02-07 17:17 - 2025-01-06 13:07 - 000000000 ____D C:\Users\George\AppData\Local\Packages
2025-02-07 17:17 - 2022-05-07 05:24 - 000000000 ___HD C:\Program Files\WindowsApps
2025-02-06 18:15 - 2025-01-06 14:46 - 000000000 ____D C:\Users\George\AppData\Local\CrashDumps
2025-02-06 14:51 - 2025-01-06 13:07 - 000000000 ____D C:\ProgramData\Norton
2025-02-06 14:51 - 2025-01-03 14:34 - 000001623 _____ C:\Windows\system32\config\VSMIDK
2025-02-06 13:42 - 2022-05-07 05:24 - 000000000 ___HD C:\Windows\ELAMBKUP
2025-02-06 13:40 - 2025-01-03 14:34 - 000000000 ____D C:\ProgramData\Packages
2025-02-06 13:37 - 2022-05-07 05:17 - 000032768 _____ C:\Windows\system32\config\ELAM
2025-02-06 13:32 - 2025-01-06 12:56 - 000000000 ____D C:\Users\George\AppData\Roaming\Microsoft\Spelling
2025-02-06 13:21 - 2025-01-06 13:08 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2398525475-854880265-1321228765-1001
2025-02-05 20:16 - 2025-01-06 13:38 - 000002255 _____ C:\Users\George\Desktop\Discord.lnk
2025-02-05 20:16 - 2025-01-06 13:21 - 000000000 ____D C:\Users\George\AppData\Local\NVIDIA
2025-02-05 16:09 - 2025-01-06 13:34 - 000000000 ____D C:\Users\George\AppData\Local\Steam
2025-02-05 15:22 - 2025-01-06 13:07 - 000000000 ____D C:\Users\George\AppData\LocalLow\NVIDIA
2025-02-05 15:22 - 2025-01-03 14:37 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2025-02-05 15:20 - 2025-01-06 13:07 - 000000000 ____D C:\Users\George\AppData\Local\NVIDIA Corporation
2025-02-05 15:03 - 2025-01-06 13:27 - 000003834 _____ C:\Windows\system32\Tasks\NVIDIA app SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2025-02-05 15:03 - 2025-01-06 13:27 - 000001437 _____ C:\Users\Public\Desktop\NVIDIA.lnk
2025-02-05 15:03 - 2025-01-03 14:37 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2025-02-04 20:52 - 2025-01-06 14:18 - 000000000 ____D C:\Users\George\Documents\My Games
2025-02-04 11:42 - 2022-05-07 05:24 - 000000000 ____D C:\Windows\Registration
2025-02-03 20:58 - 2025-01-03 14:32 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-02-03 20:58 - 2025-01-03 14:32 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2025-02-02 13:33 - 2025-01-08 13:50 - 000000000 ____D C:\Program Files\Epic Games
2025-01-31 12:05 - 2025-01-06 12:56 - 000000000 ____D C:\Users\George
2025-01-29 13:59 - 2025-01-06 14:18 - 000000000 ____D C:\Users\George\AppData\Local\BattlEye
2025-01-29 13:59 - 2025-01-03 14:37 - 000000000 ____D C:\ProgramData\Package Cache
2025-01-28 17:25 - 2025-01-06 17:15 - 000000000 ____D C:\Users\George\AppData\Roaming\EasyAntiCheat
2025-01-28 13:07 - 2025-01-08 15:02 - 000000000 ____D C:\Users\George\AppData\Roaming\G HUB
2025-01-28 13:04 - 2025-01-08 15:02 - 000000000 ____D C:\Users\George\AppData\Roaming\lghub
2025-01-26 21:47 - 2025-01-06 13:08 - 000000000 ____D C:\Users\George\AppData\Local\PlaceholderTileLogoFolder
2025-01-26 21:39 - 2025-01-06 13:41 - 000000000 ____D C:\XboxGames
2025-01-25 12:25 - 2025-01-06 13:27 - 003108904 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2025-01-25 12:25 - 2025-01-06 13:27 - 002398760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2025-01-25 12:25 - 2025-01-03 14:37 - 000271912 _____ C:\Windows\system32\FvSDK_x64.dll
2025-01-25 12:25 - 2025-01-03 14:37 - 000245800 _____ C:\Windows\SysWOW64\FvSDK_x86.dll
2025-01-25 12:21 - 2025-01-03 14:32 - 000475224 _____ C:\Windows\system32\FNTCACHE.DAT
2025-01-25 12:05 - 2025-01-03 14:37 - 000180760 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2025-01-25 12:05 - 2025-01-03 14:37 - 000159768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2025-01-25 12:05 - 2025-01-03 14:37 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2025-01-24 11:05 - 2022-05-07 05:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2025-01-24 10:39 - 2025-01-08 15:02 - 000000000 ____D C:\Program Files\Logi
2025-01-20 12:19 - 2022-05-07 05:24 - 000000000 ____D C:\ProgramData\USOPrivate
2025-01-20 12:04 - 2022-05-07 05:17 - 000000000 ____D C:\Windows\CbsTemp
2025-01-19 22:34 - 2025-01-06 13:07 - 000000000 ____D C:\ProgramData\NortonInstaller
2025-01-19 20:55 - 2025-01-06 13:07 - 000000000 ____D C:\Users\George\AppData\Roaming\Adobe
2025-01-18 21:05 - 2025-01-08 13:25 - 000000000 ____D C:\Users\George\AppData\Local\UnrealEngine
2025-01-17 21:51 - 2022-05-07 05:24 - 000000000 __SHD C:\Users\Public\Libraries
2025-01-16 22:00 - 2024-08-14 17:23 - 000000000 ____D C:\Windows\system32\Microsoft-Edge-WebView
2025-01-16 22:00 - 2022-05-07 05:24 - 000000000 ____D C:\Windows\SystemResources
2025-01-16 22:00 - 2022-05-07 05:24 - 000000000 ____D C:\Windows\system32\Sgrm
2025-01-16 22:00 - 2022-05-07 05:24 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2025-01-16 22:00 - 2022-05-07 05:24 - 000000000 ____D C:\Windows\system32\appraiser
2025-01-16 22:00 - 2022-05-07 05:24 - 000000000 ____D C:\Windows\DiagTrack
2025-01-16 22:00 - 2022-05-07 05:24 - 000000000 ____D C:\Windows\bcastdvr
2025-01-16 14:41 - 2025-01-06 15:26 - 206927936 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2025-01-16 14:41 - 2025-01-06 15:26 - 000000000 ____D C:\Windows\system32\MRT
2025-01-15 13:04 - 2025-01-08 13:25 - 000000000 ____D C:\Users\George\AppData\Local\Epic Games
2025-01-14 18:39 - 2025-01-03 22:29 - 000000000 ____D C:\Windows\system32\AMD
2025-01-12 18:37 - 2025-01-06 17:15 - 000000000 ____D C:\ProgramData\WarThunder
2025-01-09 20:35 - 2025-01-07 16:01 - 000000000 ____D C:\Program Files\Common Files\AV
2025-01-09 17:18 - 2022-05-07 05:24 - 000000000 ____D C:\Windows\system32\AppLocker
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================

  • 0

Advertisements

#11
DR M
Posted 08 February 2025 - 07:13 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,422 posts

I still see CapCut in the installed programs. If it's not activated with a legal license, my fixes will possibly make it not work properly. Is that fine with you?

 

Also, I see that you installed BitDefender. Please, DO NOT install any other program unless I instruct you to do so. 

 

You didn't tell me if you intentionally installed Search with Incognito extension in Chrome. 


  • 0

#12
greencamel
Posted 08 February 2025 - 07:51 AM

greencamel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Yes that cap cut version I paid for the pro version after the cracked illegal one didn't work.

 

Yes sorry about the bit defender one.

And the Browser extension I don't remember downloading that I'm not sure about that.

 

Also I'm fine with you doing anything you have to do to help, please.

 

Thankyou.


  • 0

#13
DR M
Posted 08 February 2025 - 10:29 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,422 posts

OK, Greencamel.
 
Let's move a bit. First, make sure to move the FRST tool from your Downloads folder on to your Desktop. 
 
 
1. Remove the Search with Incognito
 
Please remove this extension from Edge.
 
 
2. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [4288]
FirewallRules: [{EBAE04E1-C6BD-4CFD-9A31-6B740054E64F}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe => No File
FirewallRules: [{582F90B1-4377-4869-8EAC-5A218EC24AD5}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe => No File
FirewallRules: [{97351440-DD16-4540-B252-DCE76DCB51FC}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe => No File
FirewallRules: [{0919CFA6-1633-49CF-98BF-8FCE1DD30F13}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe => No File
FirewallRules: [{10EEE460-C9CB-457C-9085-EA4897DA4212}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix_DX11.exe => No File
FirewallRules: [{3121491F-42CE-4D19-848E-3949DE620872}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix_DX11.exe => No File
FirewallRules: [{CC3AD8DB-928F-4D87-A1BA-C5578B8C89F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ready Or Not\Engine\Binaries\Win64\CrashReporter.exe => No File
FirewallRules: [{63C3BA27-98E5-492F-8302-86A506E68E88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ready Or Not\Engine\Binaries\Win64\CrashReporter.exe => No File
FirewallRules: [TCP Query User{5A135330-CDD6-4B39-8945-8BE40D0BD8C6}C:\xboxgames\ark- survival ascended\content\shootergame\binaries\wingdk\arkascended.exe] => (Allow) C:\xboxgames\ark- survival ascended\content\shootergame\binaries\wingdk\arkascended.exe => No File
FirewallRules: [UDP Query User{CEB353E0-8404-4DE2-AAC5-95DBE1F8368C}C:\xboxgames\ark- survival ascended\content\shootergame\binaries\wingdk\arkascended.exe] => (Allow) C:\xboxgames\ark- survival ascended\content\shootergame\binaries\wingdk\arkascended.exe => No File
C:\Users\George\Downloads\CapCut Pro 5602062 Crack For PC Free Download 2025.zip
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe (No File)
HKU\S-1-5-18\...\Run: [Norton Download ManagerFORCE_UPGRADE_22_23_10] => C:\PROGRA~3\Norton\{0C55C~1\NORTON~1.EXE /m /noui (No File)
Task: {F07A7919-6EED-4D99-A52A-8DE58BCAEB95} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe  (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Edge DefaultSearchURL: Default -> hxxps://www.searchwithouthistorysearch.com/search/?category=web&s=eepr&vert=private&q={searchTerms}
Edge DefaultSearchKeyword: Default -> Search With Incognito
Edge DefaultSuggestURL: Default -> hxxps://sug.searchwithouthistorysearch.com/v1/sug/?yid=eepr&vert=private&q={searchTerms}
S3 cpuz152; C:\Windows\temp\cpuz152\cpuz152_x64.sys [35840 2025-01-03] (Microsoft Windows Hardware Compatibility Publisher -> CPUID) <==== ATTENTION
S3 nllWireGuard; \SystemRoot\System32\drivers\nllWireguard.sys [X]
U3 Norton Firewall; no ImagePath
2025-02-05 15:25 - 2025-02-05 15:25 - 000000000 ____D C:\Users\George\AppData\Roaming\ufcphsom
2025-02-06 12:56 - 2025-02-06 12:56 - 218172328 _____ (SUPERAntiSpyware) C:\Users\George\Downloads\SUPERAntiSpyware.exe
2025-02-06 12:45 - 2025-02-06 12:45 - 051405480 _____ (Adlice Software ) C:\Users\George\Downloads\RogueKiller_setup (1).exe
2025-02-06 12:44 - 2025-02-06 12:44 - 051405480 _____ (Adlice Software ) C:\Users\George\Downloads\Unconfirmed 415832.crdownload
Hosts:
RemoveProxy:
EmptyTemp:
Folder: C:\Windows\SysWOW64\lock.lock
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.

 

 

3. Eset Online Scan

Download ESET Online Scanner and save it to your desktop.

  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

 

 

 

In your next reply, please post:

  • If uninstalling the extension ran smoothly
  • The fixlog.txt
  • The eset.txt

  • 0

#14
greencamel
Posted 09 February 2025 - 07:03 AM

greencamel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

the uninstallation of the extension went well

Sorry i had to type the file names of the malware found, but esset didn't give me the option to save it as text.

eset found:

a variant of generik.KXBMPXM trojan

a variant of MSIL/Microsoft.Bing.C potentially unwanted application

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 03-02-2025
Ran by George (09-02-2025 11:57:34) Run:1
Running from C:\Users\George\Downloads
Loaded Profiles: George
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [4288]
FirewallRules: [{EBAE04E1-C6BD-4CFD-9A31-6B740054E64F}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe => No File
FirewallRules: [{582F90B1-4377-4869-8EAC-5A218EC24AD5}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe => No File
FirewallRules: [{97351440-DD16-4540-B252-DCE76DCB51FC}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe => No File
FirewallRules: [{0919CFA6-1633-49CF-98BF-8FCE1DD30F13}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe => No File
FirewallRules: [{10EEE460-C9CB-457C-9085-EA4897DA4212}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix_DX11.exe => No File
FirewallRules: [{3121491F-42CE-4D19-848E-3949DE620872}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix_DX11.exe => No File
FirewallRules: [{CC3AD8DB-928F-4D87-A1BA-C5578B8C89F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ready Or Not\Engine\Binaries\Win64\CrashReporter.exe => No File
FirewallRules: [{63C3BA27-98E5-492F-8302-86A506E68E88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ready Or Not\Engine\Binaries\Win64\CrashReporter.exe => No File
FirewallRules: [TCP Query User{5A135330-CDD6-4B39-8945-8BE40D0BD8C6}C:\xboxgames\ark- survival ascended\content\shootergame\binaries\wingdk\arkascended.exe] => (Allow) C:\xboxgames\ark- survival ascended\content\shootergame\binaries\wingdk\arkascended.exe => No File
FirewallRules: [UDP Query User{CEB353E0-8404-4DE2-AAC5-95DBE1F8368C}C:\xboxgames\ark- survival ascended\content\shootergame\binaries\wingdk\arkascended.exe] => (Allow) C:\xboxgames\ark- survival ascended\content\shootergame\binaries\wingdk\arkascended.exe => No File
C:\Users\George\Downloads\CapCut Pro 5602062 Crack For PC Free Download 2025.zip
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe (No File)
HKU\S-1-5-18\...\Run: [Norton Download ManagerFORCE_UPGRADE_22_23_10] => C:\PROGRA~3\Norton\{0C55C~1\NORTON~1.EXE /m /noui (No File)
Task: {F07A7919-6EED-4D99-A52A-8DE58BCAEB95} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe  (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Edge DefaultSearchURL: Default -> hxxps://www.searchwithouthistorysearch.com/search/?category=web&s=eepr&vert=private&q={searchTerms}
Edge DefaultSearchKeyword: Default -> Search With Incognito
Edge DefaultSuggestURL: Default -> hxxps://sug.searchwithouthistorysearch.com/v1/sug/?yid=eepr&vert=private&q={searchTerms}
S3 cpuz152; C:\Windows\temp\cpuz152\cpuz152_x64.sys [35840 2025-01-03] (Microsoft Windows Hardware Compatibility Publisher -> CPUID) <==== ATTENTION
S3 nllWireGuard; \SystemRoot\System32\drivers\nllWireguard.sys [X]
U3 Norton Firewall; no ImagePath
2025-02-05 15:25 - 2025-02-05 15:25 - 000000000 ____D C:\Users\George\AppData\Roaming\ufcphsom
2025-02-06 12:56 - 2025-02-06 12:56 - 218172328 _____ (SUPERAntiSpyware) C:\Users\George\Downloads\SUPERAntiSpyware.exe
2025-02-06 12:45 - 2025-02-06 12:45 - 051405480 _____ (Adlice Software ) C:\Users\George\Downloads\RogueKiller_setup (1).exe
2025-02-06 12:44 - 2025-02-06 12:44 - 051405480 _____ (Adlice Software ) C:\Users\George\Downloads\Unconfirmed 415832.crdownload
Hosts:
RemoveProxy:
EmptyTemp:
Folder: C:\Windows\SysWOW64\lock.lock
End::
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EBAE04E1-C6BD-4CFD-9A31-6B740054E64F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{582F90B1-4377-4869-8EAC-5A218EC24AD5}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{97351440-DD16-4540-B252-DCE76DCB51FC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0919CFA6-1633-49CF-98BF-8FCE1DD30F13}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{10EEE460-C9CB-457C-9085-EA4897DA4212}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3121491F-42CE-4D19-848E-3949DE620872}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CC3AD8DB-928F-4D87-A1BA-C5578B8C89F5}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{63C3BA27-98E5-492F-8302-86A506E68E88}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{5A135330-CDD6-4B39-8945-8BE40D0BD8C6}C:\xboxgames\ark- survival ascended\content\shootergame\binaries\wingdk\arkascended.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{CEB353E0-8404-4DE2-AAC5-95DBE1F8368C}C:\xboxgames\ark- survival ascended\content\shootergame\binaries\wingdk\arkascended.exe" => removed successfully
"C:\Users\George\Downloads\CapCut Pro 5602062 Crack For PC Free Download 2025.zip" => not found
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe CCXProcess" => removed successfully
"HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Norton Download ManagerFORCE_UPGRADE_22_23_10" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F07A7919-6EED-4D99-A52A-8DE58BCAEB95}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F07A7919-6EED-4D99-A52A-8DE58BCAEB95}" => removed successfully
C:\Windows\System32\Tasks\ASUS\P508PowerAgent_sdk => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS\P508PowerAgent_sdk" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
"Edge DefaultSearchURL" => removed successfully
"Edge DefaultSearchKeyword" => not found
"Edge DefaultSuggestURL" => removed successfully
HKLM\System\CurrentControlSet\Services\cpuz152 => removed successfully
cpuz152 => service removed successfully
HKLM\System\CurrentControlSet\Services\nllWireGuard => removed successfully
nllWireGuard => service removed successfully
HKLM\System\CurrentControlSet\Services\Norton Firewall => removed successfully
Norton Firewall => service removed successfully
 
"C:\Users\George\AppData\Roaming\ufcphsom" Folder move:
 
C:\Users\George\AppData\Roaming\ufcphsom => moved successfully
C:\Users\George\Downloads\SUPERAntiSpyware.exe => moved successfully
C:\Users\George\Downloads\RogueKiller_setup (1).exe => moved successfully
C:\Users\George\Downloads\Unconfirmed 415832.crdownload => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
========= RemoveProxy: =========
 
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-2398525475-854880265-1321228765-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2398525475-854880265-1321228765-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
 
 
========= End of RemoveProxy: =========
 
 
========================= Folder: C:\Windows\SysWOW64\lock.lock ========================
 
 
====== End of Folder: ======
 
 
=========== EmptyTemp: ==========
 
FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 863050132 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 989614315 B
Windows/system/drivers => 373722108 B
Edge => 0 B
Chrome => 544071473 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 74039741 B
systemprofile32 => 74039741 B
LocalService => 74960361 B
NetworkService => 88652811 B
George => 78281560618 B
 
RecycleBin => 51061680399 B
EmptyTemp: => 123.3 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 11:58:15 ====

  • 0

#15
DR M
Posted 10 February 2025 - 01:10 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,422 posts

Hi, greencamel.
 
Apologies for the delay.
 
According to Eset site:
 

The path to the log file is the following: C:\Users\username\AppData\Local\Temp\log.txt


Can you please go and check there? You must first enable the Show hidden files and folders option
 
After that:

1. Run AdwCleaner (scan only)

Download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click the Scan Now button.
  • Once the scan completes, AdwCleaner shows you all detected PUPs and adware. DO NOT check anything found, and click Next.
  • If any preinstalled software was detected on your device, a message notifies you that your action is requested. DO NOT check anything, and click Cancel to continue.
  • Click the Log Files tab.
  • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
  • A Notepad file will open containing the results of the removal.
  • Please post the contents of the file in your next reply.

Note: Click Skip Basic Repair if you are asked to.

 

2. Run Malwarebytes (scan only)

  • Open Malwarebytes you have already installed. 
  • Click the little gear on the top right (Settings) and when it opens, click the General tab. Under the title Windows Security Center, make sure the option is disabled.
  • Click the Scan and Detections tab and under the Scan options title, enable Scan for rootkits option. Do not change any other option.
  • Return to the Dashboard and choose Scan.
  • When finished, you will see the Threat Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.

    If threats are found, make sure that all threats are not selected,close the program and proceed to the next steps below.
    • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
    • Find the report with the most recent date and double click on it.
    • Click on Export and then Copy to Clipboard.
    • Paste its content here, in your next reply.

 

 

In your next reply, please post:

  • The eset.txt
  • The AdwCleaner[S0*].txt
  • The Malwarebytes report

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP