Inactive Browser hijacker removal problem

Status
This thread has been Locked and is not open to further replies. The original thread starter may use the Report button to request it be reopened but anyone else with a similar issue should start a New Thread. Watch our Welcome Guide to learn how to use this site.

D3M0V

Thread Starter
Joined
Sep 17, 2021
Messages
4
Hello guys!

Lately I've been battling a horrendously annoying browser hijacker, which is installing itself whenever I enter a browser by the name of "yUpdateEvery". It installs from a folder under C:/ProgramData/Unft/XXXXXXX (I enterd it by X's, because the created subfolder everytime has a different name consisting of random letters and numbers), which creates automatically, as I said before, every time I open a browser. It doesn't really do anything that I can see, sometimes the CPU usage randomly jumps to 70-90% and the browser shuts down and restarts when it reinstalls itself, which is odd. I've tried everything I could and saw on the internet. I deleted all suspicious programs via Control Panel, I even changed the DNS server of my system. If I try to delete this "Unft" folder, it just recreates itself later, which may indicate (at least I think so), that there is a script hidden deep down somewhere I can't see. I forgot to mention, I used 3 different anti-malware/anti-virus softwares [ Norton, 360TotalSecurity, MalwareFox ] to scan my whole PC and specified folders, but even with the norton premium 'Power Eraser' it didn't detect nothing. I also did the thing with checking&restoring the device health in CMD Prompt but to no effect. I really don't know what to do, I don't want to reinstall my windows clean, as I have tons of important data to me and I wouldn't have the ability to backup 500GB+ of data. Let me know if I missed something or if any logs are needed, I would really use some help.

Have a great day/night <3
 

Attachments

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,623
Fass Post Preview
Hello D3M0V and welcome to TSG,

Disable smart screen ONLY if it interferes with software we may have to use:

https://support.microsoft.com/en-us...otect-me-1c9a874a-6826-be5e-45b1-67fa445a74c8

Please remember to enable when we are finished....

Next,

Disable any Anti-virus software you have installed ONLY if it stops software we may use from working:

https://www.bleepingcomputer.com/fo...nti-virus-firewall-and-anti-malware-programs/

Please remember to enable AV software when we are finished running scans....

Next,

Lets grab some logs and see whats going on, continue with the following:

If you do not have Malwarebytes installed do the following:

Download Malwarebytes version 4 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts.

When the install completes or Malwarebytes is already installed do the following:

Open Malwarebytes, select > small cog wheel top right hand corner, that will open "settings" from there select "Security" tab.

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Close out the settings window, this will take you back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:

  • Open Malwarebytes
  • Click on the Detection History tab > from main interface.
  • Then click on "History" that will open to a historical list
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply


  • Please use "Text file (*.txt), then name the file and save to a place of choice, recommend "Desktop" then attach to reply

Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror

  • Right-click on AdwCleaner.exe and select
    user posted image
    Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status... If English is not your primary language Right click on FRST/FRST64 and rename FRSTEnglish/FRST64English


  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image


  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.

Let me see those logs in your reply...

Thank you,

Kevin....
 

D3M0V

Thread Starter
Joined
Sep 17, 2021
Messages
4
[REPLY PART 1]
Hello Kevin,
Here is the scan log, as I could notice, malwarebytes was the only software that detected the folder as a virus:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 18/09/2021
Scan Time: 09:50
Log File: 0c8d5aba-1855-11ec-b909-a8a159601832.json

-Software Information-
Version: 4.4.6.132
Components Version: 1.0.1453
Update Package Version: 1.0.45060
Licence: Trial

-System Information-
OS: Windows 10 (Build 19041.1165)
CPU: x64
File System: NTFS
User: PC-DESKTOP\kacpe

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 357210
Threats Detected: 14
Threats Quarantined: 14
Time Elapsed: 3 min, 4 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 4
Spyware.PasswordStealer, HKU\S-1-5-21-181470130-150577284-3770952112-1001\SOFTWARE\ffdroider, Quarantined, 555, 954910, 1.0.45060, , ame, , ,
Trojan.BrowserHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft\Windows\AppID\powershell_ise.resrv21, Quarantined, 2710, 944578, , , , , ,
Trojan.BrowserHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{55E0500C-4030-4952-AA3D-6CD6D4517D50}, Quarantined, 2710, 944578, , , , , ,
Trojan.BrowserHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\BOOT\{55E0500C-4030-4952-AA3D-6CD6D4517D50}, Quarantined, 2710, 944578, , , , , ,

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 2
Trojan.BrowserHijack, C:\ProgramData\Unft\Hqxdite\ECC78A3, Quarantined, 2710, 940996, , , , , ,
Trojan.BrowserHijack, C:\PROGRAMDATA\UNFT\HQXDITE, Quarantined, 2710, 940996, 1.0.45060, , ame, , ,

File: 8
Trojan.BrowserHijack, C:\PROGRAMDATA\UNFT\HQXDITE\ECC78A3\BACKGROUND.JS, Quarantined, 2710, 940996, 1.0.45060, , ame, , 837D504919C4DEEC618D69D6D5022783, DD1680A313D61C423F0132F92C7647844033276F8974408D33C3AFB26E1A0B1D
Trojan.BrowserHijack, C:\ProgramData\Unft\Hqxdite\ECC78A3\ahkw, Quarantined, 2710, 940996, , , , , F1BCED43EDECBE2A8E1F89BA8399FB69, D2A452EEDBC4D6BD6470837D24734C6772490B975D88E7A17CF61B4FDF948F62
Trojan.BrowserHijack, C:\ProgramData\Unft\Hqxdite\ECC78A3\icon128.png, Quarantined, 2710, 940996, , , , , 86DF701CE3B2191A415BDEF3222AB59F, E2712D19AA6AA4A29827E76C4DF53F54B5207AB9C90C0CB2202635072D41AA22
Trojan.BrowserHijack, C:\ProgramData\Unft\Hqxdite\ECC78A3\manifest.json, Quarantined, 2710, 940996, , , , , B88E4DCAD76E64941C023002B157385C, 3242DA38A9EDE8A84AE2A9ABBF91506CA1AF78B19DDE44BDCD3E0FF1AE74DA0B
Trojan.BrowserHijack, C:\WINDOWS\SYSTEM32\TASKS\Microsoft\Windows\AppID\powershell_ise.resrv21, Quarantined, 2710, 944578, , , , , 9F716F37DC0727D3CF758DB54FCE971D, 8979B058A3900919DD4BAA5AC494CBC713EE59403C07FE5DB0D35282011C3377
Trojan.BrowserHijack, C:\PROGRAM FILES (X86)\COMMON FILES\STARTNOTE\DUSCOVERINJER\NDICS_SYSTEPQON.DLL, Quarantined, 2710, 944578, 1.0.45060, , ame, , 63B829CFD0E789B142537D5EA1A9BC9C, A6D03925F4BC8088F85C0B983E48F8D6F77A7B750C6B8EFA135E6CAE8E4B9075
RiskWare.ShortcutHijack, C:\USERS\KACPE\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\BRAVE.LNK, Quarantined, 15892, 940778, 1.0.45060, , ame, , 51A41B8203CE07C4AE21132D1B6B7F72, 830253E00DDC57450FBD7E02D845EAC493DB04C5542C40DBBDE1B60270B26A12
RiskWare.ShortcutHijack, C:\USERS\KACPE\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\USER PINNED\TASKBAR\BRAVE.LNK, Quarantined, 15892, 940778, 1.0.45060, , ame, , D65F5185E557E64FF5FE2181AE692E97, FAC8502978BD198485D153538C93ACA83C9CFF884BAE571889CFDDE5BFE8D039

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

AdwCleaner log:

# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build: 06-29-2021
# Database: 2021-09-09.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 09-18-2021
# Duration: 00:00:00
# OS: Windows 10 Home
# Cleaned: 1
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1481 octets] - [18/09/2021 09:57:50]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

D3M0V

Thread Starter
Joined
Sep 17, 2021
Messages
4
[REPLY PART 2]


Farbar Recovery Scan Tool:
-FRST.txt:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-09-2021
Ran by kacpe (administrator) on PC-DESKTOP (18-09-2021 10:00:15)
Running from C:\Users\kacpe\Downloads
Loaded Profiles: kacpe
Platform: Windows 10 Home Version 2004 19041.1165 (X64) Language: Polish (Poland) -> English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\CoolerMaster\PORTAL\CMService.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe <9>
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
(Cooler Master Technology Inc. -> ) C:\Program Files (x86)\CoolerMaster\PORTAL\cm-blackhawk.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Users\kacpe\Downloads\adwcleaner_8.3.0.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MsMpEng.exe
(NortonLifeLock Inc. -> Broadcom) C:\Program Files\Norton Security\Engine\22.21.8.62\NortonSecurity.exe <2>
(NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton Security\Engine\22.21.8.62\nsWscSvc.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_253e24b785ea60ca\Display.NvContainer\NVDisplay.Container.exe <2>
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ZAM] => C:\Program Files (x86)\MalwareFox AntiMalware\ZAM.exe [15775888 2017-08-09] (Zemana Bilişim Teknolojileri Sanayi Ticaret Limited Şirketi -> Copyright 2017.)
HKLM\...\Run: [SteelSeriesGG] => C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesGG.exe [14546768 2021-09-08] (SteelSeries ApS -> SteelSeries ApS)
HKU\S-1-5-21-181470130-150577284-3770952112-1001\...\Run: [Wargaming.net Game Center] => C:\ProgramData\Wargaming.net\GameCenter\wgc.exe [2147776 2021-09-16] (Wargaming.net Limited -> Wargaming.net)
HKU\S-1-5-21-181470130-150577284-3770952112-1001\...\Run: [utweb] => "C:\Users\kacpe\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED
HKU\S-1-5-21-181470130-150577284-3770952112-1001\...\Run: [Gaijin.Net Updater] => C:\Users\kacpe\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2374376 2020-12-03] (Gaijin Network LTD -> Gaijin)
HKU\S-1-5-21-181470130-150577284-3770952112-1001\...\Run: [Steam] => D:\steeam\steam.exe [4282600 2021-09-10] (Valve -> Valve Corporation)
HKU\S-1-5-21-181470130-150577284-3770952112-1001\...\Run: [GoogleChromeAutoLaunch_98FA4B11ABB039E48EE07BFB82EC823D] => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
HKU\S-1-5-21-181470130-150577284-3770952112-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35093120 2021-09-10] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-181470130-150577284-3770952112-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\92.0.4515.159\Installer\chrmstp.exe [2021-08-20] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\93.1.29.81\Installer\chrmstp.exe [2021-09-16] (Brave Software, Inc. -> Brave Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NTKDaemon.lnk [2021-08-21]
ShortcutTarget: NTKDaemon.lnk -> C:\Program Files\Common Files\Native Instruments\NTK\NTKDaemon.exe (Native Instruments GmbH -> Native Instruments GmbH)
Startup: C:\Users\kacpe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2021-09-07]
ShortcutTarget: ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team) [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {153CA0E1-6DE1-4360-AF94-FA507C63D193} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2021-08-20] (Google Inc -> Google Inc.)
Task: {1ED52A1D-21AA-4A4B-8907-CA67E572EB2F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2021-08-20] (Google Inc -> Google Inc.)
Task: {2B432552-20AC-4775-AEAD-ADB0EB48C6E5} - System32\Tasks\Launcher GIGABYTE AORUS GRAPHICS ENGINE => C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\AORUS.exe [33947520 2021-06-15] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGABYTE Technology Co.,Ltd.)
Task: {2CB5E815-536D-491A-AB12-988B950A9510} - System32\Tasks\CCleanerSkipUAC - kacpe => C:\Program Files\CCleaner\CCleaner.exe [29155968 2021-09-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {2EA31E31-E094-4E15-9B71-2242A61BB5E6} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [645488 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2F16547B-2A42-4305-A7EA-829BCC4D52D3} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3862B472-1438-4E36-A8E7-D806B2D288B3} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {3F71FDF4-DCA8-4A8A-8B2A-1ED11D9CB245} - System32\Tasks\Norton AntiVirus Plus\Norton AntiVirus Error Analyzer => C:\Program Files\Norton Security\Engine\22.21.8.62\SymErr.exe [108752 2021-09-02] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {412D02E1-BFD3-4CFF-8185-BCB077F9DE7E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {47200505-6F72-402D-B4E3-7011E1BEB7F3} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.21.8.62\WSCStub.exe [646520 2021-09-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {4AA31A10-60E3-40AB-871D-6ABD00D5B610} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-09-10] (Piriform Software Ltd -> Piriform)
Task: {52BB2058-4BFB-4CB5-AA0F-512BBBC90F56} - System32\Tasks\intel ptt ek recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {52E0AD19-B086-4D8F-B44F-CFCF8F5C3630} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1156824 2016-09-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {5A068054-99E9-4305-9CA7-2B7F135BA998} - System32\Tasks\Norton AntiVirus Plus\Norton AntiVirus Error Processor => C:\Program Files\Norton Security\Engine\22.21.8.62\SymErr.exe [108752 2021-09-02] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {5DB19725-1165-4412-BABF-86E8062CE7F9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {674E5C61-E77F-4186-B07F-4AFBAF22FA49} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {69693AE8-9F90-4199-BD89-C312EF65ACB1} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {78D89D70-5B7D-495D-AD99-27DBF67C5376} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8576BFBE-B3CF-4D16-9F06-6A1C83241F7C} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8A085B25-AF15-4821-A062-8F3B199D3A49} - System32\Tasks\Norton AntiVirus Plus\Norton AntiVirus Autofix => C:\Program Files\Norton Security\Engine\22.21.8.62\SymErr.exe [108752 2021-09-02] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {A1521D22-7255-4ACC-B768-CFC23B0B54CC} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {A29E87FB-4FDE-4F54-A815-095836E57522} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2021-09-16] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {A348DFC7-E8EF-43CF-9EAE-7C894B7B3071} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A5EAF44F-DE31-47D5-A9D5-354358BEC03D} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CA282D40-33FA-4FB6-B20C-E387E88D15B2} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton AntiVirus\Upgrade.exe [2352488 2021-09-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {D220B08A-BEFE-429C-9E38-C8DF833FFC1D} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3339120 2021-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E00B10B1-DB18-4876-841F-FE1FF38F9440} - System32\Tasks\Opera scheduled Autoupdate 1628804661 => C:\Users\kacpe\AppData\Local\Programs\Opera\launcher.exe [3123408 2021-08-25] (Opera Software AS -> Opera Software)
Task: {ED68673D-5AC2-41F0-9A4C-0F78C91772DD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FAE24849-8DBF-4F9B-949D-69EB9984EF7B} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2021-09-16] (Brave Software, Inc. -> BraveSoftware Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{34adfd77-60cf-43d6-9896-73b39c9df18e}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{9b29381b-de19-461d-9229-9f2044d3e274}: [NameServer] 1.1.1.1,1.0.0.1
Tcpip\..\Interfaces\{9b29381b-de19-461d-9229-9f2044d3e274}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{e5ab5aae-6056-40d1-8f8c-39643d7c938e}: [DhcpNameServer] 192.168.8.1 192.168.8.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\kacpe\AppData\Local\Microsoft\Edge\User Data\Default [2021-09-17]
Edge Extension: (360 Internet Protection) - C:\Users\kacpe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\okdacpiidbbphpjpfmecjjhicomjdeie [2021-09-11]

FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.301.2 -> C:\Program Files (x86)\Java\jre1.8.0_301\bin\dtplugin\npDeployJava1.dll [2021-08-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.301.2 -> C:\Program Files (x86)\Java\jre1.8.0_301\bin\plugin2\npjp2.dll [2021-08-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2021-08-20] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2021-08-20] (Google Inc -> Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\kacpe\AppData\Local\Google\Chrome\User Data\Default [2021-09-18]
CHR Notifications: Default -> hxxps://www.reddit.com
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR NewTab: Default -> Not-active:"chrome-extension://mhffmephdchhhbfjmdpoaldedhhdanbn/homePageRedirect.html"
CHR DefaultSearchURL: Default -> hxxps://searchsafe.norton.com/search?omnisearch=yes&q={searchTerms}
CHR DefaultSearchKeyword: Default -> nortonsafe
CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?limit=10&li=ff&hl=en&q={searchTerms}
CHR Session Restore: Default -> is enabled.
CHR Extension: (Norton Password Manager) - C:\Users\kacpe\AppData\Local\Google\Chrome\User Data\Default\Extensions\admmjipmmciaobhojoghlmleefbicajg [2021-09-11]
CHR Extension: (AdBlock on YouTube™) - C:\Users\kacpe\AppData\Local\Google\Chrome\User Data\Default\Extensions\emngkmlligggbbiioginlkphcmffbncb [2021-09-09]
CHR Extension: (Norton Safe Web) - C:\Users\kacpe\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnpbeacklnhmkkilekogeiekaglbmmka [2021-09-11]
CHR Extension: (Adblocker for Youtube™) - C:\Users\kacpe\AppData\Local\Google\Chrome\User Data\Default\Extensions\maekfnoeejhpjfkfmdlckioggdcdofpg [2021-09-09]
CHR Extension: (Norton Home Page) - C:\Users\kacpe\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhffmephdchhhbfjmdpoaldedhhdanbn [2021-09-11]
CHR Extension: (Norton Safe) - C:\Users\kacpe\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpnlkmlkncncpgnnkmkgoobfpnjmblnk [2021-09-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\kacpe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-08-20]
CHR Extension: (Chrome Media Router) - C:\Users\kacpe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-08-20]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]

Opera:
=======
OPR Profile: C:\Users\kacpe\AppData\Roaming\Opera Software\Opera Stable [2021-09-17]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\kacpe\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-09-11]

Brave:
=======
BRA Profile: C:\Users\kacpe\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-09-18]
BRA Extension: (Safe Torrent Scanner) - C:\Users\kacpe\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2021-09-16]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\kacpe\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2021-09-16]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\kacpe\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2021-09-18]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\kacpe\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2021-09-16]
BRA Extension: (Brave NTP sponsored images) - C:\Users\kacpe\AppData\Local\BraveSoftware\Brave-Browser\User Data\mjpbonbjgpinifgnneajcbigekbpfige [2021-09-18]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\kacpe\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2021-09-16]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [82128 2016-09-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2021-09-16] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2021-09-16] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 CMService; C:\Program Files (x86)\CoolerMaster\PORTAL\CMService.exe [123392 2020-05-11] () [File not signed]
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [818304 2020-12-03] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [1955680 2021-08-19] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6484832 2021-07-16] (GOG Sp. z o.o. -> GOG.com)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7785656 2021-09-18] (Malwarebytes Inc -> Malwarebytes)
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.21.8.62\NortonSecurity.exe [343336 2021-09-02] (NortonLifeLock Inc. -> Broadcom)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.21.8.62\nsWscSvc.exe [1058664 2021-09-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [2020144 2021-09-16] (Rockstar Games, Inc. -> Rockstar Games)
S3 SteelSeriesUpdateService; C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesUpdateService.exe [31568 2021-09-08] (SteelSeries ApS -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\NisSrv.exe [2772856 2021-09-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MsMpEng.exe [136640 2021-09-11] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 ZAMSvc; C:\Program Files (x86)\MalwareFox AntiMalware\ZAM.exe [15775888 2017-08-09] (Zemana Bilişim Teknolojileri Sanayi Ticaret Limited Şirketi -> Copyright 2017.)
S2 NIHostIntegrationAgent; C:\Program Files\Common Files\Native Instruments\Hardware\NIHostIntegrationAgent.exe [X]
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_253e24b785ea60ca\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_253e24b785ea60ca\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdTools64; C:\WINDOWS\System32\drivers\AmdTools64.sys [63392 2020-06-16] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AsrDrv103; C:\WINDOWS\SysWOW64\Drivers\AsrDrv103.sys [34568 2021-09-12] (ASROCK Incorporation -> ASRock Incorporation) [File not signed]
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.21.6.53\Definitions\BASHDefs\20210915.001\BHDrvx64.sys [2018776 2021-09-14] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 bomebus; C:\WINDOWS\System32\drivers\bomebus.sys [56376 2018-05-16] (Bome Software GmbH & Co.KG -> Bome Software GmbH & Co. KG)
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1615080.03E\ccSetx64.sys [192256 2021-09-02] (Symantec Corporation -> Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [516168 2021-01-22] (Symantec Corporation -> Broadcom)
R1 EneTechIo; C:\WINDOWS\system32\drivers\ene.sys [20992 2020-05-12] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153672 2021-09-11] (Symantec Corporation -> Broadcom)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2021-09-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 FocusriteUSB; C:\WINDOWS\System32\drivers\FocusriteUSB.sys [123456 2020-06-02] (WDKTestCert builds,132265248139626354 -> Focusrite Audio Engineering Ltd.)
R3 FocusriteusbSwRoot; C:\WINDOWS\System32\drivers\FocusriteusbSwRoot.sys [92568 2020-06-02] (WDKTestCert builds,132265248139626354 -> Focusrite Audio Engineering Ltd.)
R3 Focusriteusb_AUDIO; C:\WINDOWS\system32\drivers\FocusriteusbAudio.sys [87912 2020-06-02] (WDKTestCert builds,132265248139626354 -> Focusrite Audio Engineering Ltd.)
S3 gdrv3; C:\WINDOWS\gdrv3.sys [36352 2021-08-13] (GIGA-BYTE Technology Co., Ltd. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
R1 GLCKIO2; C:\WINDOWS\system32\drivers\GLCKIO2.sys [19392 2018-04-23] (ASUSTeK Computer Inc. -> )
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.21.6.53\Definitions\IPSDefs\20210916.061\IDSvia64.sys [1480128 2021-09-10] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210344 2021-09-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-09-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198888 2021-09-18] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [68528 2021-09-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-09-18] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [149424 2021-09-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R1 MSIO; C:\WINDOWS\system32\drivers\MsIo64.sys [17424 2021-08-13] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd)
S3 nsvst_NGC; C:\WINDOWS\System32\drivers\NGCx64\1615080.03E\nsvst.sys [56080 2021-09-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
S3 rzbtendpt; C:\WINDOWS\System32\drivers\rzbtendpt.sys [52240 2019-01-14] (Razer USA Ltd. -> Razer Inc)
S3 rzdaendpt; C:\WINDOWS\System32\drivers\rzdaendpt.sys [42000 2019-01-14] (Razer USA Ltd. -> Razer Inc)
S3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [52240 2019-01-14] (Razer USA Ltd. -> Razer Inc)
S3 rzhnet; C:\WINDOWS\System32\Drivers\rzhnet.sys [29712 2019-01-14] (Razer USA Ltd. -> Razer Inc)
S3 rzjstk; C:\WINDOWS\System32\drivers\rzjstk.sys [36376 2019-01-14] (Razer USA Ltd. -> Razer Inc)
S3 rzkeypadendpt; C:\WINDOWS\System32\drivers\rzkeypadendpt.sys [45592 2019-01-14] (Razer USA Ltd. -> Razer Inc)
S3 rzmpos; C:\WINDOWS\System32\drivers\rzmpos.sys [48144 2019-01-14] (Razer USA Ltd. -> Razer Inc)
S3 rzp1endpt; C:\WINDOWS\System32\drivers\rzp1endpt.sys [52240 2019-01-14] (Razer USA Ltd. -> Razer Inc)
S3 rzvkeyboard; C:\WINDOWS\System32\drivers\rzvkeyboard.sys [44048 2019-01-14] (Razer USA Ltd. -> Razer Inc)
S3 rzvmouse; C:\WINDOWS\System32\drivers\rzvmouse.sys [44048 2019-01-14] (Razer USA Ltd. -> Razer Inc)
R3 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1615080.03E\SRTSP64.SYS [892616 2021-09-02] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1615080.03E\SRTSPX64.SYS [48848 2021-09-02] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [47784 2021-09-03] (SteelSeries ApS -> SteelSeries ApS)
R3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [47760 2021-09-03] (SteelSeries ApS -> SteelSeries ApS)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64912 2019-01-14] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1615080.03E\SYMEFASI64.SYS [2059968 2021-09-02] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1615080.03E\SymELAM.sys [31992 2021-09-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Broadcom Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [93152 2021-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 SymEvnt; C:\Program Files\Norton Security\NortonData\22.21.6.53\SymPlatform\SymEvnt.sys [712432 2021-07-13] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1615080.03E\Ironx64.SYS [319192 2021-09-02] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1615080.03E\symnets.sys [575344 2021-09-02] (Symantec Corporation -> Symantec Corporation)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39920 2021-07-23] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R3 V0520Vid; C:\WINDOWS\system32\DRIVERS\V0520Vid.sys [280704 2019-01-14] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2021-09-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [433384 2021-09-11] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86264 2021-09-11] (Microsoft Windows -> Microsoft Corporation)
S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1615080.03E\wpCtrlDrv.sys [1015760 2021-09-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2021-09-09] (Zemana Ltd. -> Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2021-09-09] (Zemana Ltd. -> Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-09-18 10:00 - 2021-09-18 10:00 - 000029014 _____ C:\Users\kacpe\Downloads\FRST.txt
2021-09-18 09:57 - 2021-09-18 09:58 - 000000000 ____D C:\AdwCleaner
2021-09-18 09:56 - 2021-09-18 09:56 - 008553680 _____ (Malwarebytes) C:\Users\kacpe\Downloads\adwcleaner_8.3.0.exe
2021-09-18 09:54 - 2021-09-18 09:54 - 000198888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-09-18 09:54 - 2021-09-18 09:54 - 000149424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-09-18 09:54 - 2021-09-18 09:54 - 000068528 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-09-18 09:54 - 2021-09-18 09:54 - 000000000 ____D C:\Users\kacpe\AppData\LocalLow\IGDump
2021-09-18 09:49 - 2021-09-18 09:49 - 000000000 ____D C:\Users\kacpe\AppData\Local\mbam
2021-09-18 09:48 - 2021-09-18 09:48 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-09-18 09:48 - 2021-09-18 09:48 - 000210344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-09-18 09:48 - 2021-09-18 09:48 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-09-18 09:48 - 2021-09-18 09:48 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-09-18 09:48 - 2021-09-18 09:48 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-09-18 09:48 - 2021-09-18 09:48 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-09-18 09:47 - 2021-09-18 09:47 - 000000000 ____D C:\Program Files\Malwarebytes
2021-09-18 09:46 - 2021-09-18 09:46 - 002101944 _____ (Malwarebytes) C:\Users\kacpe\Downloads\MBSetup-119967.119967-consumer.exe
2021-09-17 23:15 - 2021-09-17 23:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\Remediation
2021-09-17 22:57 - 2021-09-18 10:00 - 000000000 ____D C:\FRST
2021-09-17 22:56 - 2021-09-17 22:56 - 002304000 _____ (Farbar) C:\Users\kacpe\Downloads\FRST64.exe
2021-09-17 22:50 - 2021-09-18 09:53 - 000000000 ___HD C:\ProgramData\Unft
2021-09-17 22:49 - 2021-09-17 22:49 - 000000000 ____D C:\Users\kacpe\AppData\Local\VirtualStore
2021-09-17 22:32 - 2021-09-18 09:56 - 000000000 ____D C:\Program Files\CCleaner
2021-09-17 22:32 - 2021-09-17 22:32 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-09-17 22:32 - 2021-09-17 22:32 - 000002894 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - kacpe
2021-09-17 22:32 - 2021-09-17 22:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2021-09-17 22:31 - 2021-09-17 22:31 - 036181616 _____ (Piriform Software Ltd) C:\Users\kacpe\Downloads\ccsetup585.exe
2021-09-16 20:42 - 2021-09-16 21:14 - 000229068 _____ C:\Users\kacpe\Downloads\jukeblocks - Drum & Bass (1).flp
2021-09-16 20:42 - 2021-09-16 20:42 - 000050973 _____ C:\Users\kacpe\Downloads\jukeblocks - Drum & Bass.flp
2021-09-16 17:46 - 2021-09-16 17:46 - 000313687 _____ C:\Users\kacpe\OneDrive\Dokumenty\Untitled.xcf
2021-09-16 17:46 - 2021-09-16 17:46 - 000005509 _____ C:\Users\kacpe\AppData\Local\recently-used.xbel
2021-09-16 15:57 - 2021-09-16 15:57 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2021-09-16 15:57 - 2021-09-16 15:57 - 000000000 ____D C:\Program Files\BraveSoftware
2021-09-16 15:54 - 2021-09-16 15:54 - 001243560 _____ (BraveSoftware Inc.) C:\Users\kacpe\Downloads\BraveBrowserSetup (1).exe
2021-09-16 15:54 - 2021-09-16 15:54 - 000003438 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineUA
2021-09-16 15:54 - 2021-09-16 15:54 - 000003314 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineCore
2021-09-15 22:55 - 2021-09-15 22:57 - 106463966 _____ (Aslain ) C:\Users\kacpe\Downloads\Aslains_WoT_Modpack_Installer_v.1.14.0.2_11.exe
2021-09-15 13:31 - 2021-09-15 13:31 - 000000039 _____ C:\Users\kacpe\AppData\Local\kritadisplayrc
2021-09-15 12:59 - 2021-09-15 13:31 - 000018372 _____ C:\Users\kacpe\AppData\Local\kritarc
2021-09-15 12:59 - 2021-09-15 12:59 - 000000000 ____D C:\Users\kacpe\AppData\Roaming\krita
2021-09-15 12:59 - 2021-09-15 12:59 - 000000000 ____D C:\Users\kacpe\AppData\Local\krita
2021-09-15 12:58 - 2021-09-15 12:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Krita
2021-09-15 12:58 - 2021-09-15 12:58 - 000000000 ____D C:\Program Files\Krita (x64)
2021-09-15 12:55 - 2021-09-15 12:57 - 141208128 _____ (Krita Foundation) C:\Users\kacpe\Downloads\krita-x64-4.4.8-setup.exe
2021-09-12 21:10 - 2021-09-12 21:15 - 106461001 _____ (Aslain ) C:\Users\kacpe\Downloads\Aslains_WoT_Modpack_Installer_v.1.14.0.2_10.exe
2021-09-12 15:38 - 2021-09-12 15:38 - 000034568 _____ (ASRock Incorporation) C:\WINDOWS\SysWOW64\Drivers\AsrDrv103.sys
2021-09-12 15:38 - 2021-09-12 15:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASRock Utility
2021-09-12 15:38 - 2021-09-12 15:38 - 000000000 ____D C:\Program Files\ASUS COMPUTER INC
2021-09-12 15:38 - 2021-09-12 15:38 - 000000000 ____D C:\Program Files (x86)\ASUS
2021-09-12 15:38 - 2021-09-12 15:38 - 000000000 ____D C:\Program Files (x86)\ASRock Utility
2021-09-12 15:38 - 2018-04-23 15:12 - 000019392 _____ C:\WINDOWS\system32\Drivers\GLCKIO2.sys
2021-09-12 15:35 - 2021-09-12 15:38 - 069884260 _____ C:\Users\kacpe\Downloads\PolychromeRGB(v1.0.60).zip
2021-09-12 14:55 - 2021-09-12 14:55 - 000224505 _____ C:\Users\kacpe\Downloads\1121-Treść artykułu-381-1-10-20201207.pdf
2021-09-12 13:37 - 2021-09-18 09:53 - 098304000 _____ C:\WINDOWS\system32\config\SOFTWARE
2021-09-12 13:34 - 2021-09-12 13:37 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2021-09-11 01:12 - 2021-09-11 01:12 - 000000000 ____D C:\Program Files\Common Files\AV
2021-09-11 00:46 - 2021-09-18 10:00 - 000000000 ____D C:\WINDOWS\system32\Tasks\Norton AntiVirus Plus
2021-09-11 00:41 - 2021-09-12 12:30 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2021-09-11 00:41 - 2021-09-11 00:41 - 000003376 _____ C:\WINDOWS\system32\Tasks\Norton WSC Integration
2021-09-11 00:37 - 2021-09-11 00:40 - 000000000 ____D C:\Users\kacpe\AppData\Local\NPE
2021-09-11 00:31 - 2021-09-11 00:31 - 000093152 _____ (Broadcom) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2021-09-11 00:31 - 2021-09-11 00:31 - 000010201 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2021-09-11 00:31 - 2021-09-11 00:31 - 000000000 ____D C:\Program Files\Common Files\Symantec Shared
2021-09-11 00:30 - 2021-09-11 00:41 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
2021-09-11 00:30 - 2021-09-11 00:30 - 000000000 ____D C:\Program Files\Norton Security
2021-09-11 00:28 - 2021-09-11 00:28 - 000000000 ____D C:\ProgramData\NortonInstaller
2021-09-11 00:28 - 2021-09-11 00:28 - 000000000 ____D C:\Program Files (x86)\NortonInstaller
2021-09-11 00:26 - 2021-09-11 00:37 - 000000000 ____D C:\ProgramData\Norton
2021-09-11 00:26 - 2021-09-11 00:26 - 003805192 _____ (NortonLifeLock Inc.) C:\Users\kacpe\Downloads\NAVPlusDownloader.exe
2021-09-11 00:26 - 2021-09-11 00:26 - 000000000 ____D C:\Users\Public\Downloads\Norton
2021-09-10 23:06 - 2021-09-10 23:06 - 000045016 _____ C:\Users\kacpe\Downloads\jukeblocks - House.flp
2021-09-10 21:34 - 2021-09-10 21:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2021-09-10 21:32 - 2021-09-10 21:32 - 001770744 _____ C:\Users\kacpe\Downloads\SteamSetup.exe
2021-09-10 16:35 - 2020-02-02 07:08 - 000142480 _____ (360.cn) C:\WINDOWS\system32\Drivers\FileAbap64.sys.902
2021-09-10 16:30 - 2021-09-10 16:49 - 000000000 ____D C:\Program Files (x86)\VPNMaster
2021-09-10 16:23 - 2021-09-10 16:24 - 008299816 _____ (AxCrypt AB) C:\Users\kacpe\Downloads\AxCrypt-2.1.1618.0-Setup.exe
2021-09-10 15:16 - 2021-09-10 15:16 - 000000000 ____D C:\WINDOWS\pss
2021-09-10 13:29 - 2021-09-10 13:36 - 000000000 ____D C:\Users\kacpe\AppData\Roaming\steelseries-gg-client
2021-09-10 13:29 - 2021-09-10 13:29 - 000000000 ____D C:\ProgramData\obs-studio-hook
2021-09-10 13:29 - 2021-09-10 13:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SteelSeries
2021-09-10 13:28 - 2021-09-10 13:28 - 000000000 ____D C:\ProgramData\SteelSeries
2021-09-10 13:26 - 2021-09-10 13:27 - 218370152 _____ C:\Users\kacpe\Downloads\SteelSeriesGG8.0.0Setup.exe
2021-09-10 13:16 - 2021-09-11 12:41 - 000000000 ____D C:\Users\kacpe\AppData\Local\SPC GEAR GK630K Torunament Kailh RGB
2021-09-10 13:09 - 2021-09-11 12:23 - 000000000 ____D C:\Program Files (x86)\SPCGEAR
2021-09-10 13:09 - 2021-09-10 13:09 - 036053643 _____ C:\Users\kacpe\Downloads\spg056-spg057-spg058-spcgear-gk630k-software-v1.0.1.4.zip
2021-09-10 13:09 - 2021-09-10 13:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GK630K Keyboard
2021-09-09 22:20 - 2021-09-09 22:20 - 000000000 ____D C:\Users\kacpe\AppData\LocalLow\HD
2021-09-09 14:04 - 2021-09-09 14:04 - 000000000 ____D C:\Users\kacpe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2021-09-09 13:26 - 2021-09-18 10:00 - 000085550 _____ C:\WINDOWS\ZAM.krnl.trace
2021-09-09 13:26 - 2021-09-18 10:00 - 000050459 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2021-09-09 13:25 - 2021-09-09 13:25 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2021-09-09 13:25 - 2021-09-09 13:25 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2021-09-09 13:25 - 2021-09-09 13:25 - 000000000 ____D C:\Users\kacpe\AppData\Local\Zemana
2021-09-09 13:25 - 2021-09-09 13:25 - 000000000 ____D C:\Users\kacpe\AppData\Local\Wolf of Webstreet OPC Private Limited
2021-09-09 13:25 - 2021-09-09 13:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MalwareFox AntiMalware
2021-09-09 13:25 - 2021-09-09 13:25 - 000000000 ____D C:\Program Files (x86)\MalwareFox AntiMalware
2021-09-07 19:59 - 2021-09-18 00:16 - 000000000 ____D C:\Users\kacpe\OneDrive\Dokumenty\ShareX
2021-09-07 19:59 - 2021-09-07 19:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShareX
2021-09-07 19:59 - 2021-09-07 19:59 - 000000000 ____D C:\Program Files\ShareX
2021-09-07 19:58 - 2021-09-07 19:58 - 000000000 ____D C:\Users\kacpe\AppData\LocalLow\Temp
2021-09-05 20:45 - 2021-09-05 20:46 - 000000000 ____D C:\Users\kacpe\AppData\Local\enlisted
2021-09-05 20:45 - 2021-09-05 20:45 - 000000000 ____D C:\Users\kacpe\AppData\Roaming\EasyAntiCheat
2021-09-05 20:45 - 2021-09-05 20:45 - 000000000 ____D C:\ProgramData\enlisted
2021-09-05 20:45 - 2021-09-05 20:45 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2021-09-05 18:49 - 2021-09-05 18:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2021-09-05 18:49 - 2021-09-05 18:49 - 000000000 ____D C:\Program Files\Intel
2021-09-05 18:26 - 2021-09-09 23:05 - 000000266 __RSH C:\ProgramData\ntuser.pol
2021-09-05 18:25 - 2021-09-05 18:25 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-09-05 16:27 - 2021-09-05 16:27 - 000000000 ____D C:\Users\kacpe\AppData\Local\Gaijin
2021-09-05 16:27 - 2021-09-05 16:27 - 000000000 ____D C:\ProgramData\Gaijin
2021-09-05 16:26 - 2021-09-09 22:20 - 000000000 ____D C:\Users\kacpe\OneDrive\Dokumenty\My Games
2021-09-05 16:26 - 2021-09-05 16:26 - 000000000 ____D C:\Users\kacpe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Enlisted
2021-09-03 19:08 - 2021-09-03 19:08 - 000303176 _____ (SteelSeries) C:\WINDOWS\system32\engineco.dll
2021-09-03 19:08 - 2021-09-03 19:08 - 000047760 _____ (SteelSeries ApS) C:\WINDOWS\system32\Drivers\sshid.sys
2021-08-29 23:57 - 2021-08-29 23:57 - 013080188 _____ C:\Users\kacpe\OneDrive\Dokumenty\HORIZONS.xcf
2021-08-29 15:07 - 2021-08-29 15:07 - 000000000 ____D C:\Users\kacpe\AppData\Roaming\ValhallaPlate
2021-08-26 13:54 - 2021-08-26 13:54 - 000000000 ____D C:\Users\kacpe\OneDrive\Dokumenty\Audacity
2021-08-26 13:47 - 2021-08-26 13:47 - 000000000 ____D C:\Users\kacpe\OneDrive\Dokumenty\czarek faktury
2021-08-26 13:38 - 2021-08-29 22:07 - 000000000 ____D C:\Users\kacpe\AppData\Roaming\audacity
2021-08-26 13:38 - 2021-08-26 13:38 - 000000865 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2021-08-26 13:38 - 2021-08-26 13:38 - 000000000 ____D C:\Users\kacpe\AppData\Local\audacity
2021-08-26 13:38 - 2021-08-26 13:38 - 000000000 ____D C:\Program Files\Audacity
2021-08-26 11:55 - 2021-09-16 17:46 - 000000000 ____D C:\Users\kacpe\AppData\Local\gtk-2.0
2021-08-26 11:26 - 2021-09-16 17:46 - 000000000 ____D C:\Users\kacpe\AppData\Local\babl-0.1
2021-08-26 11:26 - 2021-08-26 11:26 - 000000946 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.10.24.lnk
2021-08-26 11:26 - 2021-08-26 11:26 - 000000000 ____D C:\Users\kacpe\AppData\Roaming\GIMP
2021-08-26 11:26 - 2021-08-26 11:26 - 000000000 ____D C:\Users\kacpe\AppData\Local\GIMP
2021-08-26 11:26 - 2021-08-26 11:26 - 000000000 ____D C:\Users\kacpe\AppData\Local\gegl-0.4
2021-08-26 11:26 - 2021-08-26 11:26 - 000000000 ____D C:\Users\kacpe\.cache
2021-08-26 11:24 - 2021-08-26 11:25 - 000000000 ____D C:\Program Files\GIMP 2
2021-08-25 12:37 - 2021-08-25 12:37 - 000000000 ____D C:\WINDOWS\system32\CleanLog
2021-08-23 22:22 - 2021-08-23 22:44 - 000000000 ____D C:\Users\kacpe\AppData\LocalLow\uTorrent
2021-08-23 02:12 - 2021-08-23 02:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reFX
2021-08-23 02:12 - 2009-10-24 21:15 - 001332224 _____ (AD © 2009) C:\WINDOWS\SysWOW64\SYNSOEMU.DLL
2021-08-22 10:24 - 2021-08-22 10:24 - 000000000 ____D C:\Users\kacpe\AppData\Roaming\Ugritone
2021-08-22 10:22 - 2021-08-22 10:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KVLT Drums II, OSDM Expansion
2021-08-22 10:20 - 2021-08-22 10:20 - 000000000 ____D C:\ProgramData\Ugritone
2021-08-22 10:20 - 2021-08-22 10:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KVLT Drums II
2021-08-21 13:49 - 2021-08-21 13:49 - 000000000 ____D C:\Users\kacpe\AppData\Roaming\ValhallaDelay
2021-08-21 12:31 - 2021-08-21 12:31 - 000000000 ____D C:\Users\kacpe\AppData\Local\Piter
2021-08-21 12:25 - 2021-08-21 12:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReValver HPSE x64
2021-08-21 12:18 - 2021-08-21 12:18 - 000000000 ____D C:\ProgramData\Peavey Electronics
2021-08-21 12:18 - 2021-08-21 12:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReValver 4 x64
2021-08-21 10:50 - 2021-08-21 10:50 - 000000000 ____D C:\Users\kacpe\AppData\Local\One Kit Wonder - Metal
2021-08-21 02:49 - 2021-08-21 02:49 - 000000000 ____D C:\Users\kacpe\AppData\LocalLow\Adobe
2021-08-21 02:49 - 2021-08-21 02:49 - 000000000 ____D C:\Users\kacpe\AppData\Local\Adobe
2021-08-21 02:23 - 2021-08-21 02:23 - 000000000 ____D C:\Users\kacpe\AppData\Roaming\ValhallaRoomPreferences
2021-08-21 02:22 - 2021-09-16 23:18 - 000000000 ____D C:\ProgramData\ValhallaRoomPreferences
2021-08-21 02:22 - 2021-08-21 02:22 - 000000000 ____D C:\Users\kacpe\AppData\Roaming\ValhallaRoom
2021-08-21 02:21 - 2021-09-16 23:18 - 000000000 ____D C:\ProgramData\ValhallaRoom
2021-08-21 02:21 - 2021-08-29 15:07 - 000000000 ____D C:\ProgramData\ValhallaPlate
2021-08-21 02:21 - 2021-08-24 00:58 - 000000000 ____D C:\ProgramData\ValhallaDelay
2021-08-21 02:21 - 2021-08-21 02:21 - 000000000 ____D C:\Users\kacpe\AppData\Roaming\Valhalla DSP, LLC
2021-08-21 02:21 - 2021-08-21 02:21 - 000000000 ____D C:\ProgramData\ValhallaVintageVerb
2021-08-21 02:21 - 2021-08-21 02:21 - 000000000 ____D C:\ProgramData\ValhallaUberMod
2021-08-21 02:21 - 2021-08-21 02:21 - 000000000 ____D C:\ProgramData\ValhallaShimmer
2021-08-21 02:21 - 2021-08-21 02:21 - 000000000 ____D C:\ProgramData\Valhalla DSP, LLC
2021-08-21 02:21 - 2021-08-21 02:21 - 000000000 ____D C:\Program Files\Valhalla DSP
2021-08-21 02:16 - 2021-08-21 02:16 - 000000000 ____D C:\Users\kacpe\AppData\Local\One Kit Wonder - Aggressive Rock
2021-08-21 00:50 - 2021-08-21 00:50 - 000000000 ____D C:\ProgramData\boost_interprocess
2021-08-21 00:45 - 2021-08-21 00:45 - 000000000 ____D C:\ProgramData\Bome Software
2021-08-21 00:45 - 2021-08-21 00:45 - 000000000 ____D C:\Program Files\Common Files\Steinberg
2021-08-21 00:45 - 2018-05-16 17:23 - 000056376 _____ (Bome Software GmbH & Co. KG) C:\WINDOWS\system32\Drivers\bomebus.sys
2021-08-21 00:45 - 2018-05-16 14:57 - 000207416 _____ (Bome Software GmbH & Co. KG) C:\WINDOWS\system32\bmidilib.dll
2021-08-21 00:45 - 2018-05-16 14:57 - 000102456 _____ (Bome Software GmbH & Co. KG) C:\WINDOWS\system32\bmidilib2.dll
2021-08-21 00:45 - 2018-05-16 14:55 - 000182328 _____ (Bome Software GmbH & Co. KG) C:\WINDOWS\SysWOW64\bmidilib.dll
2021-08-21 00:45 - 2018-05-16 14:54 - 000089144 _____ (Bome Software GmbH & Co. KG) C:\WINDOWS\SysWOW64\bmidilib2.dll
2021-08-21 00:43 - 2021-08-23 02:17 - 000000000 ____D C:\Users\kacpe\OneDrive\Dokumenty\Native Instruments
2021-08-21 00:43 - 2021-08-23 02:00 - 000000000 ____D C:\Users\kacpe\AppData\Local\Native Instruments
2021-08-21 00:43 - 2021-08-21 11:16 - 000000000 ____D C:\Program Files\Common Files\Native Instruments
2021-08-21 00:43 - 2021-08-21 00:43 - 000000000 ____D C:\Users\kacpe\AppData\Roaming\Native Instruments
2021-08-21 00:42 - 2021-08-23 02:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2021-08-21 00:42 - 2021-08-23 02:16 - 000000000 ____D C:\Program Files\Native Instruments
2021-08-21 00:42 - 2021-08-21 00:45 - 000000000 ____D C:\ProgramData\Native Instruments
2021-08-21 00:35 - 2021-08-21 00:35 - 000000000 ____D C:\Program Files\Camel Audio
2021-08-21 00:34 - 2021-08-21 00:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camel Audio
2021-08-21 00:34 - 2021-08-21 00:34 - 000000000 ____D C:\ProgramData\Camel Audio
2021-08-21 00:34 - 2021-08-21 00:34 - 000000000 ____D C:\Program Files (x86)\Camel Audio
2021-08-21 00:30 - 2021-08-29 15:07 - 000000000 ____D C:\Users\kacpe\AppData\Roaming\iZotope
2021-08-21 00:30 - 2021-08-21 00:32 - 000000000 ____D C:\Users\kacpe\OneDrive\Dokumenty\iZotope
2021-08-21 00:30 - 2021-08-21 00:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iZotope
2021-08-21 00:15 - 2021-09-03 22:11 - 000000000 ____D C:\Users\kacpe\AppData\Roaming\FabFilter
2021-08-21 00:10 - 2021-08-21 00:10 - 000000000 ____D C:\Program Files\Steinberg
2021-08-21 00:10 - 2021-08-21 00:10 - 000000000 ____D C:\Program Files (x86)\Steinberg
2021-08-21 00:07 - 2021-08-21 02:21 - 000000000 ____D C:\Program Files\Common Files\VST3
2021-08-21 00:07 - 2021-08-21 00:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FabFilter
2021-08-21 00:07 - 2021-08-21 00:15 - 000000000 ____D C:\Program Files\FabFilter
2021-08-21 00:07 - 2021-08-21 00:07 - 000000000 ____D C:\Users\kacpe\OneDrive\Dokumenty\FabFilter
2021-08-21 00:07 - 2021-08-21 00:07 - 000000000 ____D C:\Program Files\Common Files\Avid
2021-08-20 13:58 - 2021-08-20 13:58 - 000000000 ____D C:\Users\kacpe\Downloads\Telegram Desktop
2021-08-20 13:43 - 2021-09-09 22:14 - 000000000 ____D C:\Users\kacpe\AppData\Roaming\Telegram Desktop
2021-08-20 13:43 - 2021-08-21 00:43 - 000000000 ____D C:\Users\kacpe\AppData\Local\cache
2021-08-20 13:09 - 2021-08-20 13:09 - 000000016 _____ C:\ProgramData\mntemp
2021-08-20 02:04 - 2021-08-29 15:54 - 000000000 ____D C:\Users\kacpe\AppData\Roaming\Xfer
2021-08-20 01:55 - 2021-08-20 01:57 - 000000000 ____D C:\Users\kacpe\AppData\Local\Xfer
2021-08-20 01:55 - 2021-08-20 01:55 - 000000000 ____D C:\Users\kacpe\OneDrive\Dokumenty\Xfer
2021-08-20 01:41 - 2021-08-24 00:31 - 000000000 ____D C:\Users\kacpe\OneDrive\Dokumenty\Image-Line
2021-08-20 01:40 - 2021-08-23 22:41 - 000000000 ____D C:\Program Files (x86)\VstPlugins
2021-08-20 01:40 - 2021-08-20 01:40 - 000000000 ____D C:\Users\kacpe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2021-08-20 01:40 - 2021-08-20 01:40 - 000000000 ____D C:\Users\kacpe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2021-08-20 01:40 - 2021-08-20 01:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2021-08-20 01:40 - 2021-08-20 01:40 - 000000000 ____D C:\Program Files\Common Files\VST2
2021-08-20 01:40 - 2021-08-20 01:40 - 000000000 ____D C:\Program Files\Common Files\Propellerhead Software
2021-08-20 01:40 - 2021-08-20 01:40 - 000000000 ____D C:\Program Files (x86)\ASIO4ALL v2
2021-08-20 01:36 - 2021-08-20 01:40 - 000000000 ____D C:\Program Files\Image-Line
2021-08-20 01:27 - 2021-09-11 10:26 - 000000000 ____D C:\Users\kacpe\AppData\Roaming\uTorrent
2021-08-20 01:19 - 2021-09-10 15:19 - 000000000 ____D C:\Users\kacpe\AppData\Local\BitTorrentHelper
2021-08-20 01:19 - 2021-09-01 20:33 - 000000000 ____D C:\Users\kacpe\AppData\Local\Google
2021-08-20 01:19 - 2021-08-20 01:22 - 000003406 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-08-20 01:19 - 2021-08-20 01:22 - 000003182 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-08-20 01:19 - 2021-08-20 01:19 - 000002325 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-08-20 01:19 - 2021-08-20 01:19 - 000000000 ____D C:\Program Files\Google
2021-08-20 01:18 - 2021-08-20 01:19 - 000000000 ____D C:\Program Files (x86)\Google
2021-08-20 01:18 - 2021-08-20 01:18 - 000001865 _____ C:\Users\kacpe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent Web.lnk
2021-08-20 01:17 - 2021-08-20 01:17 - 011670546 _____ C:\Users\kacpe\67ca293b__fl-studio-produ.zip
2021-08-19 10:43 - 2021-09-11 00:54 - 000000000 ____D C:\Users\kacpe\OneDrive\Dokumenty\VlcpVideoV1.0.1
2021-08-19 10:43 - 2021-08-19 10:43 - 000000000 ____D C:\Program Files (x86)\FarLabUninstaller
2021-08-19 10:42 - 2021-08-19 10:43 - 000000000 ____D C:\WINDOWS\PublicGaming
2021-08-19 10:41 - 2021-08-19 10:41 - 011670618 _____ C:\Users\kacpe\94003b05__fl-studio-12-5-.zip
2021-08-19 10:39 - 2021-08-19 10:39 - 000416588 _____ C:\Users\kacpe\8d2afe3c__fl-studio-20-7-.zip
2021-08-19 10:38 - 2021-08-25 12:37 - 000000000 ____D C:\Users\kacpe\AppData\Local\ElevatedDiagnostics
2021-08-19 10:36 - 2021-08-19 10:36 - 000416690 _____ C:\Users\kacpe\80d694b0__fl-studio-12-5-.zip
2021-08-19 10:35 - 2021-08-25 12:37 - 000000000 ____D C:\Users\kacpe\AppData\Local\CrashDumps
2021-08-19 10:34 - 2021-08-19 10:34 - 000416690 _____ C:\Users\kacpe\79b75551__fl-studio-12-5-.zip

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-09-18 09:58 - 2021-08-12 14:10 - 000000000 ____D C:\ProgramData\NVIDIA
2021-09-18 09:56 - 2021-08-12 14:47 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-09-18 09:54 - 2021-08-12 14:09 - 000008192 ___SH C:\DumpStack.log.tmp
2021-09-18 09:54 - 2021-08-12 14:09 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-09-18 09:53 - 2021-08-12 14:42 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-09-18 09:48 - 2021-08-12 14:51 - 000760504 _____ C:\WINDOWS\system32\perfh019.dat
2021-09-18 09:48 - 2021-08-12 14:51 - 000151212 _____ C:\WINDOWS\system32\perfc019.dat
2021-09-18 09:48 - 2021-08-12 14:50 - 000784172 _____ C:\WINDOWS\system32\perfh015.dat
2021-09-18 09:48 - 2021-08-12 14:50 - 000780536 _____ C:\WINDOWS\system32\perfh00C.dat
2021-09-18 09:48 - 2021-08-12 14:50 - 000152068 _____ C:\WINDOWS\system32\perfc015.dat
2021-09-18 09:48 - 2021-08-12 14:50 - 000149202 _____ C:\WINDOWS\system32\perfc00C.dat
2021-09-18 09:48 - 2021-08-12 14:49 - 000732110 _____ C:\WINDOWS\system32\perfh007.dat
2021-09-18 09:48 - 2021-08-12 14:49 - 000149510 _____ C:\WINDOWS\system32\perfc007.dat
2021-09-18 09:48 - 2021-08-12 14:47 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-09-18 09:48 - 2021-08-12 14:46 - 000000000 ____D C:\WINDOWS\INF
2021-09-18 09:48 - 2021-08-12 14:16 - 004492764 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-09-18 09:43 - 2021-08-12 14:42 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-09-17 22:59 - 2021-08-12 22:20 - 000803176 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-09-17 22:06 - 2021-08-12 14:09 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-09-17 15:44 - 2021-08-12 14:11 - 000000000 ____D C:\Users\kacpe
2021-09-16 20:59 - 2021-08-12 14:47 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-09-16 15:57 - 2021-08-12 22:59 - 000000000 ____D C:\Users\kacpe\AppData\Local\BraveSoftware
2021-09-16 15:54 - 2021-08-12 22:59 - 000000000 ____D C:\Program Files (x86)\BraveSoftware
2021-09-16 00:02 - 2021-08-12 14:43 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-09-13 15:00 - 2021-08-12 14:47 - 000000000 ___HD C:\Program Files\WindowsApps
2021-09-13 15:00 - 2021-08-12 14:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-09-13 15:00 - 2021-08-12 14:09 - 000002448 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-09-13 14:51 - 2021-08-12 14:09 - 000295656 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-09-12 21:41 - 2021-08-12 22:31 - 000000000 ____D C:\Users\kacpe\AppData\Local\D3DSCache
2021-09-12 15:51 - 2021-06-11 16:37 - 000006656 _____ C:\WINDOWS\system32\lpcio.dll
2021-09-12 15:38 - 2021-08-13 23:52 - 000000000 ____D C:\Program Files\ENE
2021-09-12 15:38 - 2021-08-12 22:31 - 000000000 ____D C:\ProgramData\Package Cache
2021-09-12 12:31 - 2021-08-12 15:00 - 000000000 ____D C:\WINDOWS\Panther
2021-09-12 10:23 - 2021-08-12 14:14 - 000003366 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-181470130-150577284-3770952112-1001
2021-09-12 10:23 - 2021-08-12 14:11 - 000002379 _____ C:\Users\kacpe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-09-11 23:56 - 2021-08-12 22:10 - 000000000 ____D C:\Users\kacpe\OneDrive\Dokumenty\The Witcher 3
2021-09-11 10:24 - 2021-08-12 23:38 - 000000000 ____D C:\Program Files (x86)\360
2021-09-11 00:31 - 2021-08-12 23:44 - 000001383 _____ C:\Users\kacpe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Przeglądarka Opera.lnk
2021-09-11 00:31 - 2021-08-12 14:09 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-09-11 00:30 - 2021-08-13 23:52 - 000000000 __SHD C:\$360Section
2021-09-11 00:30 - 2021-08-13 14:31 - 000000000 ____D C:\Users\kacpe\AppData\Roaming\360DesktopLite
2021-09-10 16:44 - 2021-08-15 14:41 - 000000000 ____D C:\Users\kacpe\AppData\Roaming\Notepad++
2021-09-10 16:40 - 2021-08-12 19:14 - 000000000 ____D C:\WINDOWS\Tasks\360Disabled
2021-09-10 16:29 - 2021-08-12 23:43 - 000000000 ____D C:\Users\kacpe\Downloads\TS Recommended Apps
2021-09-10 13:28 - 2021-08-12 14:54 - 000000000 ____D C:\Program Files\SteelSeries
2021-09-05 18:24 - 2021-08-12 14:47 - 000000000 ____D C:\WINDOWS\SystemResources
2021-09-05 18:24 - 2021-08-12 14:47 - 000000000 ____D C:\WINDOWS\security
2021-09-05 18:24 - 2021-08-12 14:47 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-09-05 18:24 - 2021-01-14 12:21 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\appmgr.dll
2021-09-05 18:24 - 2021-01-14 12:21 - 000404992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppIdPolicyEngineApi.dll
2021-09-05 18:24 - 2021-01-14 12:21 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuditPolicyGPInterop.dll
2021-09-05 18:24 - 2020-11-25 01:17 - 000553984 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrptadm.dll
2021-09-05 18:24 - 2020-11-25 01:17 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AdmTmpl.dll
2021-09-05 18:24 - 2019-12-07 11:10 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuditNativeSnapIn.dll
2021-09-05 18:24 - 2019-12-07 11:10 - 000147439 _____ C:\WINDOWS\system32\gpedit.msc
2021-09-05 18:24 - 2019-12-07 11:10 - 000120458 _____ C:\WINDOWS\system32\secpol.msc
2021-09-05 18:24 - 2019-12-07 11:10 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\auditpolmsg.dll
2021-09-05 18:24 - 2019-12-07 11:10 - 000043566 _____ C:\WINDOWS\system32\rsop.msc
2021-09-05 18:24 - 2019-12-07 11:10 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\SrpUxNativeSnapIn.dll
2021-09-05 18:23 - 2020-11-25 01:17 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll
2021-09-05 18:22 - 2020-11-25 01:17 - 000207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\appmgmts.dll
2021-09-05 18:22 - 2020-11-25 01:17 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpscript.dll
2021-09-05 18:22 - 2020-11-25 01:17 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpscript.exe
2021-09-03 19:08 - 2021-04-14 19:48 - 000047784 _____ (SteelSeries ApS) C:\WINDOWS\system32\Drivers\ssdevfactory.sys
2021-08-29 16:02 - 2021-08-12 22:41 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-08-28 19:42 - 2021-08-12 22:30 - 000000000 ____D C:\Users\kacpe\AppData\Roaming\.minecraft
2021-08-28 01:10 - 2021-08-12 22:33 - 000000000 ____D C:\Program Files\Rockstar Games
2021-08-28 01:10 - 2021-08-12 22:33 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2021-08-25 12:37 - 2021-08-15 14:41 - 000000000 ____D C:\Program Files (x86)\Notepad++
2021-08-25 12:37 - 2021-08-13 23:52 - 000000000 ____D C:\Users\kacpe\AppData\Local\Downloaded Installations
2021-08-22 10:54 - 2021-08-12 14:14 - 000000000 ____D C:\Users\kacpe\AppData\Local\PlaceholderTileLogoFolder
2021-08-21 02:49 - 2021-08-12 23:41 - 000000000 ____D C:\ProgramData\Adobe
2021-08-21 02:49 - 2021-08-12 14:13 - 000000000 ____D C:\Users\kacpe\AppData\Roaming\Adobe
2021-08-20 22:49 - 2021-08-12 23:47 - 000000000 ____D C:\Users\kacpe\AppData\Roaming\discord
2021-08-20 22:24 - 2021-08-12 23:47 - 000000000 ____D C:\Users\kacpe\AppData\Local\Discord
2021-08-20 12:34 - 2021-08-12 22:05 - 000000000 ____D C:\Program Files (x86)\GOG Galaxy

==================== Files in the root of some directories ========

2021-08-12 23:37 - 2021-08-12 23:37 - 092119120 _____ () C:\Users\kacpe\360TS_Setup.exe
2021-08-12 23:37 - 2021-08-12 23:37 - 001533504 _____ (Qihoo 360 Technology Co. Ltd.) C:\Users\kacpe\360TS_Setup_Mini.exe
2021-08-12 23:46 - 2021-08-12 23:47 - 070858912 _____ (Discord Inc.) C:\Users\kacpe\DiscordSetup.exe
2021-08-12 23:23 - 2021-08-12 23:23 - 009534704 _____ (Focusrite Audio Engineering, Ltd. ) C:\Users\kacpe\Focusrite_Usb_4.65.5.658.exe
2021-08-12 18:54 - 2021-08-12 18:55 - 129403048 _____ (NVIDIA Corporation New) C:\Users\kacpe\GeForce_Experience_v3.23.0.74.exe
2021-08-12 22:02 - 2021-08-12 22:02 - 000983624 _____ (GOG Sp. z o.o.) C:\Users\kacpe\GOG_Galaxy_2.0.exe
2021-08-12 23:07 - 2021-08-12 23:07 - 001842880 _____ (CPUID, Inc. ) C:\Users\kacpe\hwmonitor-pro_1.45.exe
2021-08-12 22:50 - 2021-08-12 22:50 - 002102080 _____ (Oracle Corporation) C:\Users\kacpe\jre-8u301-windows-i586-iftw.exe
2021-08-15 14:40 - 2021-08-15 14:40 - 004049928 _____ (Don HO don.h@free.fr) C:\Users\kacpe\npp.8.1.3.Installer.exe
2021-08-13 23:50 - 2021-08-13 23:51 - 153647488 _____ (GIGABYTE Technology Co.,Inc. ) C:\Users\kacpe\vga_utility_aorus_setup_v2.0.4.exe
2021-09-15 12:59 - 2021-09-15 12:59 - 000002703 _____ () C:\Users\kacpe\AppData\Local\krita-sysinfo.log
2021-09-15 12:59 - 2021-09-15 13:31 - 000003292 _____ () C:\Users\kacpe\AppData\Local\krita.log
2021-09-15 13:31 - 2021-09-15 13:31 - 000000039 _____ () C:\Users\kacpe\AppData\Local\kritadisplayrc
2021-09-15 12:59 - 2021-09-15 13:31 - 000018372 _____ () C:\Users\kacpe\AppData\Local\kritarc
2021-09-16 17:46 - 2021-09-16 17:46 - 000005509 _____ () C:\Users\kacpe\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 

D3M0V

Thread Starter
Joined
Sep 17, 2021
Messages
4
[REPLY PART 3]


-Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-09-2021
Ran by kacpe (18-09-2021 10:00:58)
Running from C:\Users\kacpe\Downloads
Windows 10 Home Version 2004 19041.1165 (X64) (2021-08-12 12:10:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-181470130-150577284-3770952112-500 - Administrator - Disabled)
Gość (S-1-5-21-181470130-150577284-3770952112-501 - Limited - Disabled)
kacpe (S-1-5-21-181470130-150577284-3770952112-1001 - Administrator - Enabled) => C:\Users\kacpe
Konto domyślne (S-1-5-21-181470130-150577284-3770952112-503 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-181470130-150577284-3770952112-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton AntiVirus (Enabled - Up to date) {AECE2126-F4E7-6909-11F2-1B69D1FBCBD0}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
FW: Norton AntiVirus (Enabled) {96F5A003-BE88-6851-3AAD-B25C2F288CAB}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20039 - Adobe Systems Incorporated)
AORUS ENGINE (HKLM-x32\...\AORUS ENGINE_is1) (Version: 2.0.4.0 - GIGABYTE Technology Co.,Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Aslain's WoT Modpack (wersja 1.14.0.2.11) (HKLM-x32\...\Aslains_WoT_Modpack_Installer_is1) (Version: 1.14.0.2.11 - Aslain)
ASRRGBLED v1.0.60 (HKLM-x32\...\ASRock RGB LED_is1) (Version: 1.0.60 - ASRock Inc.)
ASUS DRAM_LIB (HKLM\...\{2F0D3D1A-1B75-4DFC-8C0E-C55C4EAB67F8}) (Version: 1.0.22 - ASUS COMPUTER INC.) Hidden
ASUS DRAM_LIB (HKLM-x32\...\{6bd55e2a-f475-4183-b862-1dd70c1ce699}) (Version: 1.0.22 - ASUS COMPUTER INC.) Hidden
ASUS GLCKIO2 Driver (HKLM-x32\...\{548dd834-70c5-4426-8065-fbeabdd2bb5d}) (Version: 1.0.10 - ASUSTeK Computer Inc.) Hidden
ASUS GLCKIO2 Driver (HKLM-x32\...\{5960FD0F-BB3B-49AF-B175-F77DC91E995A}) (Version: 1.0.10 - ASUSTeK Computer Inc.) Hidden
Audacity 3.0.4 (HKLM\...\Audacity_is1) (Version: 3.0.4 - Audacity Team)
Blood and Wine (HKLM-x32\...\1441620909_is1) (Version: 1.32 - GOG.com)
Bome Virtual MIDI 2.1.0.44 (HKLM\...\BMIDI_Driver1.0.0.11_is1) (Version: - Bome Software GmbH & Co. KG)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 93.1.29.81 - Brave Software Inc)
Camel Audio CamelCrusher (HKLM-x32\...\Camel Audio CamelCrusher) (Version: 1.01.0 - Camel Audio)
Camel Audio CamelCrusher64 (HKLM-x32\...\Camel Audio CamelCrusher64) (Version: 1.01.0 - Camel Audio)
CCleaner (HKLM\...\CCleaner) (Version: 5.85 - Piriform)
CPUID HWMonitor Pro 1.45 (HKLM\...\CPUID HWMonitorPro_is1) (Version: 1.45 - CPUID, Inc.)
Creative Live! Cam Sync (VF0520) Driver (1.01.04.00) (HKLM\...\Creative VF0520) (Version: - Creative Technology Ltd.)
Discord (HKU\S-1-5-21-181470130-150577284-3770952112-1001\...\Discord) (Version: 1.0.9002 - Discord Inc.)
ENE RGB HAL (HKLM\...\{2914DF72-932B-4DF2-9696-C2821EDA1CA9}) (Version: 1.00.09 - Ene Tech.) Hidden
ENE RGB HAL (HKLM-x32\...\{546469ee-3f9d-4fe4-bf1c-893f79cf7327}) (Version: 1.00.09 - Ene Tech.) Hidden
ENE_AIC_Marvell_HAL (HKLM\...\{085E2365-0A70-4230-B664-02D5E4FE7E9C}) (Version: 1.0.7.0 - ENE TECHNOLOGY INC.) Hidden
ENE_AIC_Marvell_HAL (HKLM-x32\...\{887e18fb-6bc3-4cd4-b34e-32d9ff71bbae}) (Version: 1.0.7.0 - ENE TECHNOLOGY INC.) Hidden
ENE_DRAM_RGB_AIO (HKLM\...\{1745D314-9077-46C9-8562-1C62BAE189B7}) (Version: 1.0.2.2 - Ene Tech.) Hidden
ENE_DRAM_RGB_AIO (HKLM-x32\...\{c0cc7253-fa06-46c2-9ceb-f8641408262f}) (Version: 1.0.2.2 - Ene Tech.) Hidden
ENE_EHD_HAL (HKLM\...\{F56EC5A0-3A93-492E-882A-E036F5897CC7}) (Version: 1.00.04 - ENE TECHNOLOGY INC.) Hidden
ENE_EHD_HAL (HKLM-x32\...\{cc33eebd-777b-4177-8cd7-6ab9fd06ceed}) (Version: 1.00.04 - ENE TECHNOLOGY INC.) Hidden
ENE_EHD_M2_HAL (HKLM\...\{37A48B7F-D4EA-4863-844E-A284E2AA3C5D}) (Version: 1.0.8.13 - ENE TECHNOLOGY INC.) Hidden
ENE_EHD_M2_HAL (HKLM-x32\...\{54d3d2b5-db16-446d-b6dd-f4964b166b3b}) (Version: 1.0.8.13 - ENE TECHNOLOGY INC.) Hidden
ENE_MousePad_HAL (HKLM\...\{9E97178A-ADB8-4778-BE60-7E28E2A72721}) (Version: 1.0.1.8 - ENE TECHNOLOGY INC.) Hidden
ENE_MousePad_HAL (HKLM-x32\...\{bf256b46-8ff7-48be-ab7f-5661e9a0651f}) (Version: 1.0.1.8 - ENE TECHNOLOGY INC.) Hidden
ENE_X_AIC_HAL (HKLM\...\{CF703694-01C6-4062-B797-84DB215662BC}) (Version: 1.0.4.0 - ENE TECHNOLOGY INC.) Hidden
ENE_X_AIC_HAL (HKLM-x32\...\{ec10ac91-2e61-460a-b493-33f794a07682}) (Version: 1.0.4.0 - ENE TECHNOLOGY INC.) Hidden
ENE_X-JMI_HAL (HKLM\...\{2B8E611F-0B51-4FAC-87BB-AF50D82E7DDA}) (Version: 1.0.6.0 - ENE Tech) Hidden
ENE_X-JMI_HAL (HKLM-x32\...\{27822d04-20a7-439d-a5e4-0125815fa927}) (Version: 1.0.6.0 - ENE Tech) Hidden
Enlisted Launcher 1.0.3.68 (HKU\S-1-5-21-181470130-150577284-3770952112-1001\...\{5fcad5a5-d0d8-4edf-a5ba-040b397eac31}}_is1) (Version: - Gaijin Network)
FabFilter Total Bundle (HKLM\...\FabFilter Total Bundle_is1) (Version: 2020.12 - FabFilter & Team V.R)
FarLabUninstaller v1.53.323 (HKLM-x32\...\FarLabUninstaller.exe_is1) (Version: 1.53.0.234 - )
FL Studio 20 (HKLM-x32\...\FL Studio 20) (Version: - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line)
Focusrite Usb 4.65.5.658 (HKLM\...\Focusrite Usb_is1) (Version: 4.65.5.658 - Focusrite Audio Engineering, Ltd.)
Free DLC program (16 DLC) (HKLM-x32\...\1430743168_is1) (Version: 1.32 - GOG.com)
Get Good Drums One Kit Wonder - Aggressive Rock (HKLM-x32\...\Get Good Drums One Kit Wonder - Aggressive Rock) (Version: 1.0.0.2 - Get Good Drums)
GIMP 2.10.24 (HKLM\...\GIMP-2_is1) (Version: 2.10.24 - The GIMP Team)
GK630K Keyboard (HKU\S-1-5-21-181470130-150577284-3770952112-1001\...\GK630K Keyboard) (Version: 1.0.1.4 - COOLING.PL Zdziech Spółka Jawna)
GOG GALAXY (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 92.0.4515.159 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.101.0 - Google LLC) Hidden
Hearts of Stone (HKLM-x32\...\1441355562_is1) (Version: 1.32 - GOG.com)
Intel(R) Network Connections 26.4.0.5 (HKLM\...\PROSetDX) (Version: 26.4.0.5 - Intel)
iZotope Meter Tap 3 (HKLM\...\Meter Tap 3_is1) (Version: 1.0.3 - iZotope)
iZotope Ozone 9 (HKLM\...\Ozone 9_is1) (Version: 9.1.0 - iZotope)
iZotope Relay (HKLM\...\Relay_is1) (Version: 1.0.4 - iZotope)
iZotope Tonal Balance Control II (HKLM\...\Tonal Balance Control II_is1) (Version: 2.1.0 - iZotope)
Java 8 Update 301 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180301F0}) (Version: 8.0.3010.9 - Oracle Corporation)
Krita (x64) 4.4.8 (HKLM\...\Krita_x64) (Version: 4.4.8.0 - Krita Foundation)
KVLT Drums II (HKLM\...\{437044FC-8A8C-40B5-8D12-7640F18CA481}_is1) (Version: 3.0.6 - Ugritone)
Malwarebytes version 4.4.6.132 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.6.132 - Malwarebytes)
MalwareFox AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Wolf of Webstreet OPC Private Limited)
MasterPlus(PER. Only) version 2.0.6 (HKLM-x32\...\{14311144-3814-4FA3-A02F-42584C5D372D}_is1) (Version: 2.0.6 - CoolerMaster)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 93.0.961.47 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-181470130-150577284-3770952112-1001\...\OneDriveSetup.exe) (Version: 21.160.0808.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B981965-2FBC-433C-B4B3-E183EE97CD29}) (Version: 2.83.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30133 (HKLM-x32\...\{295d1583-fdb9-414b-a4c8-da539362a26b}) (Version: 14.29.30133.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30133 (HKLM-x32\...\{38b2c744-ad08-4d5b-91a2-3fb6f739ff3e}) (Version: 14.29.30133.0 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{733C3ACB-432D-4880-B0E1-660000D7974D}) (Version: 1.0.0.0 - Mojang)
Movie Studio 17.0 - Steam Powered (HKLM\...\{18814670-DB64-11EB-81D2-00155D975ACB}) (Version: 17.0.178 - VEGAS)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 2.6.2.547 - Native Instruments)
Native Instruments Komplete Kontrol (HKLM-x32\...\Native Instruments Komplete Kontrol) (Version: 2.6.3.211 - Native Instruments)
Native Instruments Komplete Kontrol Driver (HKLM-x32\...\Native Instruments Komplete Kontrol Driver) (Version: - Native Instruments)
Native Instruments Komplete Kontrol MK2 Driver (HKLM-x32\...\Native Instruments Komplete Kontrol MK2 Driver) (Version: - Native Instruments)
Native Instruments Kontakt (HKLM-x32\...\Native Instruments Kontakt) (Version: 6.6.0.133 - Native Instruments)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.6.0.46 - Native Instruments)
Native Instruments Kontakt 5 Demo Content (HKLM-x32\...\Native Instruments Kontakt 5 Demo Content) (Version: - Native Instruments)
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version: - Native Instruments)
Native Instruments Native Access (HKLM-x32\...\Native Instruments Native Access) (Version: 1.13.3.136 - Native Instruments)
Native Instruments NIHostIntegrationAgent (HKLM-x32\...\Native Instruments NIHostIntegrationAgent) (Version: 1.10.5.223 - Native Instruments)
Native Instruments NTKDaemon (HKLM-x32\...\Native Instruments NTKDaemon) (Version: 1.1.0.96 - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: - Native Instruments)
Native Instruments Symphony Essentials String Ensemble (HKLM-x32\...\Native Instruments Symphony Essentials String Ensemble) (Version: 1.4.1.1 - Native Instruments)
Norton AntiVirus (HKLM-x32\...\NGC) (Version: 22.21.8.62 - NortonLifeLock Inc)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 8.1.3 - Notepad++ Team)
NVIDIA FrameView SDK 1.1.4923.29968894 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29968894 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.23.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.23.0.74 - NVIDIA Corporation)
NVIDIA Oprogramowanie systemu PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NVIDIA Sterownik dźwięku HD 1.3.38.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.60 - NVIDIA Corporation)
NVIDIA Sterownik graficzny 471.68 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 471.68 - NVIDIA Corporation)
NVIDIA USBC Driver 1.46.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.46.831.832 - NVIDIA Corporation)
Opera Stable 78.0.4093.184 (HKU\S-1-5-21-181470130-150577284-3770952112-1001\...\Opera 78.0.4093.184) (Version: 78.0.4093.184 - Opera Software)
OSDM Expansion (HKLM\...\{4C415427-DF3D-42BF-A0DA-166437ACECEF}_is1) (Version: 1.0.0 - Ugritone)
Overlay (HKLM-x32\...\1430742867_is1) (Version: 1.32 - GOG.com)
Patriot Viper M2 SSD RGB (HKLM\...\{0886A906-0625-4A43-930D-AA92F6665AF4}) (Version: 1.00.04 - Patriot Memory) Hidden
Patriot Viper M2 SSD RGB (HKLM-x32\...\{ebb7013c-0b03-497c-bed1-1e48e806a593}) (Version: 1.00.04 - Patriot Memory)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7599 - Realtek Semiconductor Corp.)
Red Dead Redemption 2 (HKLM-x32\...\Red Dead Redemption 2) (Version: 1.0.1436.26 - Rockstar Games)
ReValver 4 x64 (HKLM\...\ReValver 4 x64_is1) (Version: - )
ReValver HPSE x64 (HKLM\...\ReValver HPSE x64_is1) (Version: - )
RGB Fusion (HKLM-x32\...\{FFA8F1FA-3C2C-4A94-AC0B-0DF47272C25F}) (Version: 3.21.0608.1 - GIGABYTE)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.47.484 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.9.0 - Rockstar Games)
Serum by Xfer Records (HKLM-x32\...\Serum) (Version: - )
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 13.5.0 - ShareX Team)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries GG 8.0.0 (HKLM\...\SteelSeries Engine 3) (Version: 8.0.0 - SteelSeries ApS)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.14.1 - Synaptics Incorporated)
The Witcher 3: Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.32 - GOG.com)
Valhalla DSP bundle 2020.11 (HKLM\...\ValhallaDSP bundle_is1) (Version: 2020.11 - Valhalla DSP, LLC & Team V.R)
Wargaming.net Game Center (HKU\S-1-5-21-181470130-150577284-3770952112-1001\...\Wargaming.net Game Center) (Version: 21.6.0.6455 - Wargaming.net)
WinRAR 6.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.01.0 - win.rar GmbH)
World of Tanks Common Test (HKU\S-1-5-21-181470130-150577284-3770952112-1001\...\WOT.CT.PRODUCTION) (Version: - Wargaming.net)
World of Tanks EU (HKU\S-1-5-21-181470130-150577284-3770952112-1001\...\WOT.EU.PRODUCTION) (Version: - Wargaming.net)
World of Tanks Sandbox (HKU\S-1-5-21-181470130-150577284-3770952112-1001\...\WOT.SB.PRODUCTION) (Version: - Wargaming.net)

Packages:
=========
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-08-12] (Microsoft Studios) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-08-12] (NVIDIA Corp.)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.580.0_x86__zpdnekdrzrea0 [2021-08-26] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.21.8.62\buShell.dll [2021-09-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.21.8.62\buShell.dll [2021-09-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.21.8.62\buShell.dll [2021-09-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.21.8.62\buShell.dll [2021-09-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.21.8.62\buShell.dll [2021-09-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.21.8.62\buShell.dll [2021-09-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\MalwareFox AntiMalware\ZAMShellExt64.dll [2021-09-09] (Zemana Ltd. -> )
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2021-08-10] (Notepad++ -> )
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.21.8.62\buShell.dll [2021-09-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.21.8.62\NavShExt.dll [2021-09-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.21.8.62\NavShExt.dll [2021-09-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-09-18] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_253e24b785ea60ca\nvshext.dll [2021-08-06] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\MalwareFox AntiMalware\ZAMShellExt64.dll [2021-09-09] (Zemana Ltd. -> )
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.21.8.62\buShell.dll [2021-09-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-09-18] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.21.8.62\NavShExt.dll [2021-09-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\kacpe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=agimnkijcaahngcdmfeangaknmldooml

==================== Loaded Modules (Whitelisted) =============

2021-08-13 23:57 - 2020-05-11 11:51 - 000009728 _____ () [File not signed] C:\Program Files (x86)\CoolerMaster\PORTAL\cm-hook.dll
2021-08-13 23:57 - 2020-05-11 11:54 - 002353664 _____ () [File not signed] C:\Program Files (x86)\CoolerMaster\PORTAL\CMUOT.dll
2021-08-13 23:57 - 2020-05-11 11:51 - 000014336 _____ () [File not signed] C:\Program Files (x86)\CoolerMaster\PORTAL\hidapi.dll
2021-08-13 23:57 - 2020-05-11 17:14 - 000192000 _____ () [File not signed] C:\Program Files (x86)\CoolerMaster\PORTAL\OledDataConvert.dll
2021-08-13 23:57 - 2019-05-30 15:22 - 000060416 _____ (Chicony Electronics Co., Ltd.) [File not signed] C:\Program Files (x86)\CoolerMaster\PORTAL\audiobox.dll
2021-08-13 23:57 - 2018-06-07 03:22 - 001097216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CoolerMaster\PORTAL\platforms\qwindows.dll
2021-08-13 23:57 - 2019-07-08 17:05 - 004779008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CoolerMaster\PORTAL\Qt5Core.dll
2021-08-13 23:57 - 2018-06-07 03:17 - 004969472 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CoolerMaster\PORTAL\Qt5Gui.dll
2021-08-13 23:57 - 2018-06-07 03:20 - 004468224 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CoolerMaster\PORTAL\Qt5Widgets.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

SearchScopes: HKU\S-1-5-21-181470130-150577284-3770952112-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.21.8.62\coIEPlg.dll [2021-09-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.21.8.62\coIEPlg.dll [2021-09-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_301\bin\ssv.dll [2021-08-12] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_301\bin\jp2ssv.dll [2021-08-12] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.21.8.62\coIEPlg.dll [2021-09-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.21.8.62\coIEPlg.dll [2021-09-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2021-08-12 14:47 - 2021-08-12 14:45 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-21-181470130-150577284-3770952112-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 1.1.1.1 - 1.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "NTKDaemon.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "ZAM"
HKU\S-1-5-21-181470130-150577284-3770952112-1001\...\StartupApproved\StartupFolder: => "ShareX.lnk"
HKU\S-1-5-21-181470130-150577284-3770952112-1001\...\StartupApproved\Run: => "utweb"
HKU\S-1-5-21-181470130-150577284-3770952112-1001\...\StartupApproved\Run: => "Gaijin.Net Updater"
HKU\S-1-5-21-181470130-150577284-3770952112-1001\...\StartupApproved\Run: => "Wargaming.net Game Center"
HKU\S-1-5-21-181470130-150577284-3770952112-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7F216BB2-F723-471A-8319-80845B9BE12F}] => (Allow) D:\STEAM\steam.exe => No File
FirewallRules: [{F0B5A6E5-A12A-4980-B53C-8C6DBE098484}] => (Allow) D:\STEAM\steam.exe => No File
FirewallRules: [{79BFB8E4-BAC9-472D-B770-3F8DFA61FCD8}] => (Allow) D:\STEAM\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{BBEC83AE-09B0-4D06-B37C-1EC963BFB837}] => (Allow) D:\STEAM\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{675EE30F-1AA5-4154-B400-10A25F1FC139}] => (Allow) D:\STEAM\steamapps\common\Geometry Dash\GeometryDash.exe => No File
FirewallRules: [{DFA84E84-704C-4ED5-816D-529B6837FBEC}] => (Allow) D:\STEAM\steamapps\common\Geometry Dash\GeometryDash.exe => No File
FirewallRules: [TCP Query User{8CDAA0B2-E15F-4D10-B246-ADE486C3F142}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{A5545646-A9C5-4BC9-9EB4-C9BA89F42931}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [TCP Query User{E5FA948E-EFBD-4E8E-91EE-0B3535303220}D:\wot\world_of_tanks_eu\win64\worldoftanks.exe] => (Allow) D:\wot\world_of_tanks_eu\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{E4D0FBA2-70A9-4977-BF11-C0CB78DC7B92}D:\wot\world_of_tanks_eu\win64\worldoftanks.exe] => (Allow) D:\wot\world_of_tanks_eu\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{D9001852-3216-449C-A822-E38CB0D85AA8}] => (Allow) C:\Program Files (x86)\360\Total Security\360TsLiveUpd.exe => No File
FirewallRules: [{7E070FFF-B3E0-4C4E-9FB5-AE87BCB60CDC}] => (Allow) C:\Program Files (x86)\360\Total Security\360TsLiveUpd.exe => No File
FirewallRules: [{4DE6CC54-8490-4E87-9ED9-5D2382226816}] => (Allow) C:\Users\kacpe\AppData\Local\Programs\Opera\51.0.2830.40\opera.exe => No File
FirewallRules: [{FAA31896-A54D-4A5A-9F0A-7266EFCCF9AC}] => (Allow) C:\Users\kacpe\AppData\Local\Programs\Opera\77.0.4054.277\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{EACE8157-0E93-4327-85EE-088BA38FEB4C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{B46E47AD-C6AF-45E8-AE60-3209F14058C7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{0E2FAA99-9D1C-400F-A1C2-0D583C3871A5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{9EF9B609-C988-417E-B0EC-8A5B7911B095}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{E46409C0-CC21-4C02-8ABC-33A4CA46B574}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{46011C11-B1C0-4F11-8FDA-385D833A59A7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{9FF2AD0E-9439-47F3-A744-CF0E70CA2BB1}D:\rockstar games launcher\red dead redemption 2\rdr2.exe] => (Allow) D:\rockstar games launcher\red dead redemption 2\rdr2.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [UDP Query User{AF8AC8DD-17DB-44AB-AB5E-A47D1F79B506}D:\rockstar games launcher\red dead redemption 2\rdr2.exe] => (Allow) D:\rockstar games launcher\red dead redemption 2\rdr2.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{7A06F129-3B51-4901-B445-9B89C8628A36}] => (Allow) D:\STEAM\steamapps\common\Grand Theft Auto V\PlayGTAV.exe => No File
FirewallRules: [{78C2E8DC-8095-4EF9-8D36-8E283138B0A3}] => (Allow) D:\STEAM\steamapps\common\Grand Theft Auto V\PlayGTAV.exe => No File
FirewallRules: [{9BEFF6A1-3742-4397-B74E-59A0739B9F0C}] => (Allow) D:\STEAM\steamapps\common\Movie Studio 17.0\Movie Studio 17.0\launch_MovieStudioHD170.exe => No File
FirewallRules: [{55CAC411-A5EA-4852-AF34-A0D81AE18A01}] => (Allow) D:\STEAM\steamapps\common\Movie Studio 17.0\Movie Studio 17.0\launch_MovieStudioHD170.exe => No File
FirewallRules: [TCP Query User{E96983C7-0617-451D-B922-B3A545E1D649}D:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steam\steamapps\common\grand theft auto v\gta5.exe => No File
FirewallRules: [UDP Query User{DBB2B19C-E446-44B4-89C0-F0E0434E0DFE}D:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steam\steamapps\common\grand theft auto v\gta5.exe => No File
FirewallRules: [{02B4A73D-0D2A-4EBE-981E-6FE8F77F4F91}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CCA8C6AF-F6E7-4E8F-AB87-42D0E40A4460}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{AAE8306B-20CF-4CA5-A179-E3DF832A6B04}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{70F211E4-B9D0-4B01-947E-79ADAF37A8BF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{70ED0A97-F0A3-4E4A-8AC4-3A5222BDF6E8}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{178A1C6A-1487-41DB-A796-46AB5BEDDB38}] => (Allow) C:\Users\kacpe\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{5DBB732B-D8AD-40EE-94E0-DA5DC4B55F27}] => (Allow) C:\Users\kacpe\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{1BE9CB75-DC0F-4872-BB1F-8CBF04004919}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.580.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{504F63B2-D60B-48FC-85CA-964DC032A071}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.580.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8812B7F8-0339-42B3-A559-48AB92BF283A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.580.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9F729131-1397-49EB-ACE9-525A660D697D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.580.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3AA0A524-4A2D-4404-B00F-91E2826B53D6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.580.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6548CA22-ADD0-4A7A-960C-1BA0924A179E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.580.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{197958F9-1E43-474D-B1E7-2A6EBD064D11}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.580.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E4A5001E-B579-4B3C-BE13-905CACBB332D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.580.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{C3E76692-7421-449C-B2B8-BDB0B7AE99A8}D:\enlisted\launcher.exe] => (Allow) D:\enlisted\launcher.exe (Gaijin Network LTD -> Gaijin)
FirewallRules: [UDP Query User{3E96FA27-7895-4919-8C1A-4D1DCC048E74}D:\enlisted\launcher.exe] => (Allow) D:\enlisted\launcher.exe (Gaijin Network LTD -> Gaijin)
FirewallRules: [TCP Query User{4671C4FA-F412-4BA2-A473-FA7382E45191}D:\enlisted\win64\enlisted.exe] => (Allow) D:\enlisted\win64\enlisted.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [UDP Query User{B77A4017-D866-4A11-A06B-771CC5B2BB2A}D:\enlisted\win64\enlisted.exe] => (Allow) D:\enlisted\win64\enlisted.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [TCP Query User{B15142B8-58D6-4FC8-A5DD-48D6626B7D6D}C:\program files\cpuid\hwmonitorpro\hwmonitorpro.exe] => (Block) C:\program files\cpuid\hwmonitorpro\hwmonitorpro.exe (CPUID S.A.R.L.U. -> CPUID)
FirewallRules: [UDP Query User{80A13240-12ED-4C2A-8CE1-718B12B7330A}C:\program files\cpuid\hwmonitorpro\hwmonitorpro.exe] => (Block) C:\program files\cpuid\hwmonitorpro\hwmonitorpro.exe (CPUID S.A.R.L.U. -> CPUID)
FirewallRules: [{6E2FE578-1352-40CB-827C-67DF5390FFF7}] => (Allow) D:\STEAM\steamapps\common\Sprocket\Sprocket.exe => No File
FirewallRules: [{5425C830-CD30-4C2E-AB3B-89C7BF451C2C}] => (Allow) D:\STEAM\steamapps\common\Sprocket\Sprocket.exe => No File
FirewallRules: [{201BBA71-6E3B-4F92-9AA8-85E7B613F054}] => (Allow) C:\Program Files (x86)\360\Total Security\Utils\360AdvToolExecutor.exe => No File
FirewallRules: [{1955D1AB-9479-499F-8E83-989D9EF31F8A}] => (Allow) C:\Program Files (x86)\360\Total Security\Utils\360AdvToolExecutor.exe => No File
FirewallRules: [TCP Query User{F6095007-6881-42B5-9D50-0AA863D0B052}C:\users\kacpe\appdata\local\axcrypt\bemjslku\steam.exe] => (Allow) C:\users\kacpe\appdata\local\axcrypt\bemjslku\steam.exe => No File
FirewallRules: [UDP Query User{18FACEC6-2425-422B-B567-DA0DD7EB5B9F}C:\users\kacpe\appdata\local\axcrypt\bemjslku\steam.exe] => (Allow) C:\users\kacpe\appdata\local\axcrypt\bemjslku\steam.exe => No File
FirewallRules: [{99CEFB4F-61F6-435A-ACE6-ABCCA99C1BCD}] => (Allow) C:\Users\kacpe\AppData\Local\AxCrypt\bemjslku\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{93D71110-3F7A-41E2-B2F9-CEAF7FC0DC68}] => (Allow) C:\Users\kacpe\AppData\Local\AxCrypt\bemjslku\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{87E668C7-C534-4879-9C33-85252F682D5D}] => (Allow) D:\steeam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{58C09028-A522-44E2-91CC-39380A3E4980}] => (Allow) D:\steeam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{B118456F-CB1A-4E31-B8CD-191B1CF93C9F}] => (Allow) D:\steeam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{1DAC55BD-6CDB-4154-9147-F3B4A78DCB0C}] => (Allow) D:\steeam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{3CA194B3-5478-48F1-A4F1-CB70C31C1197}] => (Allow) D:\steeam\steamapps\common\Sprocket\Sprocket.exe () [File not signed]
FirewallRules: [{E16172E0-ED39-4D6B-A51A-61F3E5C9AB69}] => (Allow) D:\steeam\steamapps\common\Sprocket\Sprocket.exe () [File not signed]
FirewallRules: [{7B40B823-D448-43D2-B925-43EC1B451CD6}] => (Allow) D:\steeam\steamapps\common\Geometry Dash\GeometryDash.exe () [File not signed]
FirewallRules: [{2515F542-47E7-4D18-A47C-2F9DD4A1F478}] => (Allow) D:\steeam\steamapps\common\Geometry Dash\GeometryDash.exe () [File not signed]
FirewallRules: [TCP Query User{03DE0A1B-61C7-4D1C-AA35-156C6F535045}D:\steeam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steeam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [UDP Query User{B97AF573-9F49-4E05-991F-D2F9A1F57897}D:\steeam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steeam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{00B9BB71-21ED-4DF2-AA4A-AD206E0728AE}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:110.44 GB) (Free:40.68 GB) (37%)

==================== Faulty Device Manager Devices ============

Name: PCI Data Acquisition and Signal Processing Controller
Description: PCI Data Acquisition and Signal Processing Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Memory Controller
Description: PCI Memory Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (09/16/2021 11:19:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FL64.exe version 20.7.2.1863 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: ee8

Start Time: 01d7ab3eedb199a4

Termination Time: 11

Application Path: C:\Program Files\Image-Line\FL Studio 20\FL64.exe

Report Id: 97fcdb72-fc24-4625-9e07-9984c0366e11

Faulting package full name:

Faulting package-relative application ID:

Hang type: Cross-thread

Error: (09/16/2021 09:21:41 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, Trwa proces zamykania systemu.
.

Error: (09/16/2021 09:21:41 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, Trwa proces zamykania systemu.
]

Error: (09/16/2021 09:21:41 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, Trwa proces zamykania systemu.
.

Error: (09/16/2021 09:21:41 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, Trwa proces zamykania systemu.
]

Error: (09/16/2021 09:21:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program NPE.exe version 6.0.1.2095 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2f00

Start Time: 01d7ab03062c805e

Termination Time: 4294967295

Application Path: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NGC_22.21.6.53\NPE.exe

Report Id: 7fd4ee27-e5b0-4046-aa94-880214e71820

Faulting package full name:

Faulting package-relative application ID:

Hang type: Top level window is idle

Error: (09/16/2021 09:21:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FL64.exe version 20.7.2.1863 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 524

Start Time: 01d7ab2a8e45609c

Termination Time: 4294967295

Application Path: C:\Program Files\Image-Line\FL Studio 20\FL64.exe

Report Id: 1d4fb328-ab67-4b11-b9da-ebc475e64d06

Faulting package full name:

Faulting package-relative application ID:

Hang type: Top level window is idle

Error: (09/15/2021 07:46:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FL64.exe version 20.7.2.1863 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 864

Start Time: 01d7aa52be771574

Termination Time: 4294967295

Application Path: C:\Program Files\Image-Line\FL Studio 20\FL64.exe

Report Id: cab5a0ef-efff-485d-91dc-3227a870982e

Faulting package full name:

Faulting package-relative application ID:

Hang type: Top level window is idle


System errors:
=============
Error: (09/18/2021 09:58:30 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The CoolerMaster Teachnology Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Uruchom usługę ponownie.

Error: (09/18/2021 09:58:30 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Uruchom usługę ponownie.

Error: (09/18/2021 09:58:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NIHardwareService service terminated unexpectedly. It has done this 1 time(s).

Error: (09/18/2021 09:58:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/18/2021 09:58:30 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Display Container LS service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Uruchom usługę ponownie.

Error: (09/18/2021 09:58:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) PROSet Monitoring Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/18/2021 09:54:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NIHostIntegrationAgent service failed to start due to the following error:
The system cannot find the file specified.

Error: (09/18/2021 09:41:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NIHostIntegrationAgent service failed to start due to the following error:
The system cannot find the file specified.


Windows Defender:
================
Date: 2021-09-17 15:43:40
Description:
Program antywirusowy Microsoft Defender has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li..._BundleInstaller&threatid=290702&enterprise=0
Name: PUA:Win32/uTorrent_BundleInstaller
Severity: Niski
Category: Potencjalnie niechciane oprogramowanie
Path: file:_C:\Users\kacpe\OneDrive\Pulpit\uTorrent.exe; file:_c:\users\kacpe\utweb_installer.exe
Detection Origin: Komputer lokalny
Detection Type: Konkretne
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.349.884.0, AS: 1.349.884.0, NIS: 1.349.884.0
Engine Version: AM: 1.1.18500.10, NIS: 1.1.18500.10

Date: 2021-09-17 14:41:24
Description:
Program antywirusowy Microsoft Defender scan has been stopped before completion.
Scan Type: Narzędzia chroniące przed złośliwym oprogramowaniem
Scan Parameters: Szybkie skanowanie

Date: 2021-09-17 14:32:23
Description:
Program antywirusowy Microsoft Defender scan has been stopped before completion.
Scan Type: Narzędzia chroniące przed złośliwym oprogramowaniem
Scan Parameters: Szybkie skanowanie

Date: 2021-09-17 14:00:53
Description:
Program antywirusowy Microsoft Defender scan has been stopped before completion.
Scan Type: Narzędzia chroniące przed złośliwym oprogramowaniem
Scan Parameters: Szybkie skanowanie

Date: 2021-09-15 15:49:51
Description:
Program antywirusowy Microsoft Defender scan has been stopped before completion.
Scan Type: Narzędzia chroniące przed złośliwym oprogramowaniem
Scan Parameters: Szybkie skanowanie

CodeIntegrity:
===============
Date: 2021-09-18 09:59:25
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Norton Security\Engine\22.21.8.62\symamsi.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. P4.30 05/14/2020
Motherboard: ASRock B365 Pro4
Processor: Intel(R) Core(TM) i7-9700K CPU @ 3.60GHz
Percentage of memory in use: 26%
Total physical RAM: 16313.88 MB
Available physical RAM: 12008.75 MB
Total Virtual: 17337.88 MB
Available Virtual: 11528.93 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:110.44 GB) (Free:40.68 GB) NTFS
Drive d: (Nowy) (Fixed) (Total:931.51 GB) (Free:221.02 GB) NTFS

\\?\Volume{6713d403-0000-0000-0000-100000000000}\ (Zastrzeżone przez system) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
\\?\Volume{6713d403-0000-0000-0000-a0bb1b000000}\ () (Fixed) (Total:0.86 GB) (Free:0.41 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 6713D403)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=110.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=877 MB) - (Type=27)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: EA23EAA5)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,623
Hiya D3MOV,

Thanks for those logs, continue:

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.

NOTE. It's important that both files, FRST or FRSTEnglish, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.



The system will be rebooted after the fix has run.

Next,

Download "Microsoft's Safety Scanner" and save direct to the desktop

Ensure to get the correct version for your system....

https://docs.microsoft.com/en-us/wi...otection/intelligence/safety-scanner-download


Right click on the Tool, select Run as Administrator the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.


Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\msert.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

Thank you,

Kevin
 

Attachments

Status
This thread has been Locked and is not open to further replies. The original thread starter may use the Report button to request it be reopened but anyone else with a similar issue should start a New Thread. Watch our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top