Laptop Requests to Random Brasil Bank Domains Once a Day

So Farrare

Hi, the laptop has a virus that connects to lots of brasil bank (i’m not even living in brasil), social networks websites once/twice a day. Checked with all antiviruses and can’t find. Checked windows event viewer, i found firefox & edge update before these requests. Added FRST.   (Windows 10 […]

Hi, the laptop has a virus that connects to lots of brasil bank (i’m not even living in brasil), social networks websites once/twice a day. Checked with all antiviruses and can’t find. Checked windows event viewer, i found firefox & edge update before these requests. Added FRST.

 

(Windows 10 21H1) Also found Avast Premium is sending too much data, even with all analytics options are disabled, i’ll stop using their spyware.

 

 

[07.21 10:37:48] wordpress.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:48] twitter.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:48] apple.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:48] myspace.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:48] qq.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:48] baidu.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:48] secure-ncc.avast.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:48] weebly.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:48] mail.ru – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:48] odnoklassniki.ru – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:48] aol.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:49] ebay.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:49] alibaba.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:49] eset.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:49] 360.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:49] kaspersky.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:49] paypal.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:49] wellsfargo.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:49] onclickads.net – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:49] ib.adnxs.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:49] fiddler2.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:49] db.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:49] www.unicreditgroup.eu – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:49] facebook.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:49] yahoo.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:49] yandex.ru – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:49] vk.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:50] google.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:50] google.co.uk – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:50] google.com.br – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:50] google.de – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:50] goo.gl – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:50] gmail.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:50] www.google-analytics.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:50] ssl.google-analytics.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:50] www.gstatic.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:50] pagead2.googlesyndication.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:50] play.google.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:50] ajax.googleapis.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:50] accounts.google.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:50] virustotal.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:50] uber.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:50] connectivitycheck.gstatic.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:50] connectivitycheck.android.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:50] pubads.g.doubleclick.net – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:50] bit.ly – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:50] tidd.ly – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:50] i.ytimg.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:50] yt3.ggpht.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:50] avast.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:50] avg.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:50] adobe.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:50] www.barclays.co.uk – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:50] bradesco.com.br – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:50] banco.bradesco – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:51] bradescoprime.com.br – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:51] www.gstatic.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:51] bradescopj.com.br – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:51] itau.com.br – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:51] www.itau.com.br – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:51] itaupersonnalite.com.br – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:51] santander.com.br – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:51] bancosantander.es – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:51] www.santanderbank.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:51] cibc.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:51] www.americanexpress.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:51] usaa.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:51] axisbank.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:51] sicredi.com.br – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:51] scotiabank.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:52] widgets.outbrain.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:52] b.scorecardresearch.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:52] 53.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:52] pnc.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:52] bmo.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:52] ing.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:52] www.appleiphonecell.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:52] www.msftncsi.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:52] walmart.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:52] www.bb.com.br – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:52] bb.com.br – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:52] aapj.bb.com.br – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:52] bancobrasil.com.br – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:55] www.bb.com.br – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:55] aapj.bb.com.br – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:56] www.bb.com.br – request timeout : server=New DNS server

[07.21 10:37:56] aapj.bb.com.br – request timeout : server=New DNS server

[07.21 10:37:56] caixa.gov.br – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:56] www.caixa.gov.br – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:56] cef.com.br – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:57] citibank.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:57] citibank.com.br – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:57] citigroup.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:57] amazon.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:57] amazon.co.uk – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:57] amazon.de – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:57] www.netflix.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:57] instagram.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:58] nab.com.au – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:58] aws.amazon.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:58] malwarebytes.org – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:58] bing.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:58] live.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:58] microsoft.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:58] msn.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:58] linkedin.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:58] www.msftconnecttest.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:58] hsbc.com.br – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:58] cloudflare.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:58] cdnjs.cloudflare.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:58] maxcdn.bootstrapcdn.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:58] cdn.engine.4dsply.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:58] popcash.net – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:58] widgets.amung.us – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:58] webs.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:58] cdn.taboola.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:58] jimdo.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:59] redditblog.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:59] ajax.aspnetcdn.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:59] td.com – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:59] uol.com.br – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:59] pagseguro.com.br – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:59] pagseguro.uol.com.br – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:59] cox.net – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:59] www.japanpost.jp – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:59] serasa.com.br – process : server=New DNS server (DNS over HTTPS), rule=Default

[07.21 10:37:59] serasaexperian.com.br – process : server=New DNS server (DNS over HTTPS), rule=Default

 

Event viewer screenshot: 

 

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-07-2021 01

Ran by etosu (administrator) on LAPTOP-1C4GVFSU (LENOVO 81FV) (21-07-2021 11:07:29)

Running from C:UsersetosuDownloadsPrograms

Loaded Profiles: etosu

Platform: Windows 10 Home Version 21H1 19043.1110 (X64) Language: İngilizce (Amerikan) -> Türkçe (Türkiye)

Default browser: “C:UsersetosuAppDataLocalGoogleChrome SxSApplicationchrome.exe” –single-argument %1

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Avast Software s.r.o. -> AVAST Software) C:Program FilesAVAST SoftwareAvastafwServ.exe

(Avast Software s.r.o. -> AVAST Software) C:Program FilesAVAST SoftwareAvastaswEngSrv.exe

(Avast Software s.r.o. -> AVAST Software) C:Program FilesAVAST SoftwareAvastaswidsagent.exe

(Avast Software s.r.o. -> AVAST Software) C:Program FilesAVAST SoftwareAvastaswToolsSvc.exe

(Avast Software s.r.o. -> AVAST Software) C:Program FilesAVAST SoftwareAvastAvastSvc.exe

(Avast Software s.r.o. -> AVAST Software) C:Program FilesAVAST SoftwareAvastAvastUI.exe <4>

(Avast Software s.r.o. -> AVAST Software) C:Program FilesAVAST SoftwareAvastwsc_proxy.exe

(Dolby Laboratories, Inc. -> ) C:WindowsSystem32dolbyaposvcDAX3API.exe

(Google Inc -> Google Inc.) C:UsersetosuAppDataLocalGoogleUpdateGoogleUpdate.exe

(Google LLC -> Google LLC) C:Program Files (x86)GoogleUpdate1.3.36.92GoogleCrashHandler.exe

(Google LLC -> Google LLC) C:Program Files (x86)GoogleUpdate1.3.36.92GoogleCrashHandler64.exe

(Google LLC -> Google LLC) C:UsersetosuAppDataLocalGoogleChrome SxSApplicationchrome.exe <29>

(Initeks, OOO -> Initex) C:Program Files (x86)YogaDNSYogaDNS.exe

(INTEL CORP) C:Program FilesWindowsAppsAppUp.IntelGraphicsExperience_1.100.3325.0_x64__8j3eq9eme6cttGCP.ML.BackgroundSysTrayIGCCTray.exe

(INTEL CORP) C:Program FilesWindowsAppsAppUp.IntelGraphicsExperience_1.100.3325.0_x64__8j3eq9eme6cttIGCC.exe

(Intel Corporation -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositorydptf_cpu.inf_amd64_7ecc5be6ca7b3b0desif_uf.exe

(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:Program Files (x86)IntelIntel® Management Engine ComponentsLMSLMS.exe

(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositorydal.inf_amd64_0b214be229a13e84jhi_service.exe

(Intel® pGFX 2020 -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepository74_lenovo_coffeelake_hws_iigd_dch.inf_amd64_63f832327ca01e5aIntelCpHDCPSvc.exe

(Intel® pGFX 2020 -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepository74_lenovo_coffeelake_hws_iigd_dch.inf_amd64_63f832327ca01e5aIntelCpHeciSvc.exe

(Intel® pGFX 2020 -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositorycui_dch.inf_amd64_be3225e69a24711aigfxCUIService.exe

(Intel® pGFX 2020 -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositorycui_dch.inf_amd64_be3225e69a24711aigfxEM.exe

(Intel® pGFX 2020 -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositoryigcc_dch.inf_amd64_fa57e3e9c94e09cfOneApp.IGCC.WinService.exe

(Intel® Rapid Storage Technology -> Intel Corporation) C:Program FilesIntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe

(Intel® Rapid Storage Technology -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositoryiaahcic.inf_amd64_120314e52c04567cRstMwService.exe

(Lenovo -> Lenovo Group Ltd.) C:WindowsLenovoImControllerPluginHostLenovo.Modern.ImController.PluginHost.CompanionApp.exe

(Lenovo -> Lenovo Group Ltd.) C:WindowsLenovoImControllerPluginHostLenovo.Modern.ImController.PluginHost.Device.exe <2>

(Lenovo -> Lenovo Group Ltd.) C:WindowsLenovoImControllerPluginHostLenovo.Modern.ImController.PluginHost.SettingsApp.exe

(Lenovo -> Lenovo Group Ltd.) C:WindowsLenovoImControllerPluginHost86Lenovo.Modern.ImController.PluginHost.CompanionApp.exe

(Lenovo -> Lenovo Group Ltd.) C:WindowsLenovoImControllerPluginHost86Lenovo.Modern.ImController.PluginHost.Device.exe

(Lenovo -> Lenovo Group Ltd.) C:WindowsLenovoImControllerServiceLenovo.Modern.ImController.exe

(Logitech Inc -> Logitech, Inc.) C:Program FilesLGHUBlghub.exe <3>

(Logitech Inc -> Logitech, Inc.) C:Program FilesLGHUBlghub_agent.exe

(Logitech Inc -> Logitech, Inc.) C:Program FilesLGHUBlghub_updater.exe

(Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.GamingServices_2.53.28001.0_x64__8wekyb3d8bbweGamingServices.exe

(Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.GamingServices_2.53.28001.0_x64__8wekyb3d8bbweGamingServicesNet.exe

(Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.Office.Desktop_16051.14312.20008.0_x86__8wekyb3d8bbweOffice16SDXHelper.exe

(Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.Office.Desktop_16051.14312.20008.0_x86__8wekyb3d8bbweOffice16SDXHelperBgt.exe

(Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.ScreenSketch_10.2008.2277.0_x64__8wekyb3d8bbweScreenSketch.exe

(Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.WindowsStore_12105.1001.23.0_x64__8wekyb3d8bbweWinStore.App.exe

(Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.XboxGamingOverlay_5.721.6282.0_x64__8wekyb3d8bbweGameBar.exe

(Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.XboxGamingOverlay_5.721.6282.0_x64__8wekyb3d8bbweGameBarFTServer.exe

(Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.YourPhone_1.21062.147.0_x64__8wekyb3d8bbweYourPhoneAppProxyYourPhoneAppProxy.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32dllhost.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32MoUsoCoreWorker.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32oobeUserOOBEBroker.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32rundll32.exe <2>

(Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:WindowsSystem32FMService64.exe

(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:WindowsRtkBtManServ.exe

(NVIDIA Corporation -> Node.js) C:Program Files (x86)NVIDIA CorporationNvNodeNVIDIA Web Helper.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe <2>

(Nvidia Corporation -> NVIDIA Corporation) C:WindowsSystem32DriverStoreFileRepositorynvlti.inf_amd64_c6fc6328fcbac4e0Display.NvContainerNVDisplay.Container.exe <2>

(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:WindowsSystem32RtkAudUService64.exe <2>

(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:Program Files (x86)TeamViewerTeamViewer_Service.exe

(Tonec Inc. -> Tonec Inc.) C:Program Files (x86)Internet Download ManagerIDMan.exe

(VS Revo Group Ltd. -> VS Revo Group) C:Program FilesVS Revo GroupRevo Uninstaller ProRevoUninPro.exe

 

==================== Registry (Whitelisted) ===================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM…Run: [RtkAudUService] => C:WINDOWSSystem32RtkAudUService64.exe [922616 2019-07-04] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

HKLM…Run: [AvastUI.exe] => C:Program FilesAVAST SoftwareAvastAvLaunch.exe [123672 2021-06-18] (Avast Software s.r.o. -> AVAST Software)

HKLM…Run: [Riot Vanguard] => C:Program FilesRiot Vanguardvgtray.exe [3086208 2021-06-22] (Riot Games, Inc. -> Riot Games, Inc.)

HKLM-x32…Run: [Adobe CCXProcess] => C:Program Files (x86)AdobeAdobe Creative Cloud ExperienceCCXProcess.exe [129288 2021-02-11] (Adobe Inc. -> )

HKLM-x32…Run: [SunJavaUpdateSched] => C:Program Files (x86)Common FilesJavaJava Updatejusched.exe [706288 2021-04-09] (Oracle America, Inc. -> Oracle Corporation)

HKUS-1-5-21-1384657201-1200848540-4243129229-1001…Run: [IDMan] => C:Program Files (x86)Internet Download ManagerIDMan.exe [5708192 2021-07-14] (Tonec Inc. -> Tonec Inc.)

HKUS-1-5-21-1384657201-1200848540-4243129229-1001…Run: [Google Update] => C:UsersetosuAppDataLocalGoogleUpdate1.3.36.92GoogleUpdateCore.exe [222616 2021-07-16] (Google LLC -> Google LLC)

HKUS-1-5-21-1384657201-1200848540-4243129229-1001…Run: [CCXProcess] => C:Program FilesAdobeAdobe Creative Cloud ExperienceCCXProcess.exe [680728 2021-05-31] (Adobe Inc. -> Adobe Systems Incorporated)

HKUS-1-5-21-1384657201-1200848540-4243129229-1001…Run: [LGHUB] => C:Program FilesLGHUBlghub.exe [123792288 2021-06-30] (Logitech Inc -> Logitech, Inc.)

HKUS-1-5-21-1384657201-1200848540-4243129229-1001…Run: [YogaDNS] => C:Program Files (x86)YogaDNSYogaDNS.exe [4847536 2021-06-15] (Initeks, OOO -> Initex)

IFEOLogTransport2.exe: [Debugger] 0

GroupPolicy: Restriction ? <==== ATTENTION

Policies: C:ProgramDataNTUSER.pol: Restriction <==== ATTENTION

HKLMSOFTWAREPoliciesGoogle: Restriction <==== ATTENTION

 

==================== Scheduled Tasks (Whitelisted) ============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: 042977AF-E06D-437C-9311-E106E685402C – System32TasksLenovoVantageScheduleDailyTelemetryTransmission => C:Program Files (x86)LenovoVantageService3.7.19.0ScheduleEventAction.exe [23968 2021-05-17] (Lenovo -> Lenovo Group Ltd.)

Task: 0B58601C-1C52-4B6E-A4F0-9A85D7F9F867 – System32TasksLenovoImControllerTimeBasedEventsa97dac63-84f3-48c5-8c45-e27b0c7ee882 => C:WINDOWSLenovoImControllerServiceLenovo.Modern.ImController.exe [81912 2021-06-17] (Lenovo -> Lenovo Group Ltd.)

Task: 11DC92D5-98BD-4DF4-8D9F-97B05E73704B – System32TasksAvast TUNEUP Update => C:Program Files (x86)AVAST SoftwareAvast CleanupTUNEUpdate.exe

Task: 16D95CF7-D889-46E9-879B-3FB9B01D5EB1 – System32TasksGoogleUpdateTaskMachineCore => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [156104 2020-07-18] (Google LLC -> Google LLC)

Task: 17456133-C5C0-457F-A945-38171FD5AAB0 – System32TasksLenovoUtility Task => C:Windowsexplorer.exe lenovo-utility://

Task: 187CEA28-4C68-49A9-A993-1532A422B296 – System32TasksLenovoVantageScheduleVantageTelemetryAddinTask => C:Program Files (x86)LenovoVantageService3.6.15.0ScheduleEventAction.exe

Task: 1B948921-364B-4433-8D24-D86952098570 – System32TasksLenovoImControllerPluginsLenovoSystemUpdatePlugin_WeeklyTask => %windir%System32reg.exe add hklmSOFTWARELenovoSystemUpdatePluginscheduler  /v start /t reg_dword /d 1 /f /reg:32

Task: 38E7AB49-0E95-495F-A861-61F67257AF6F – System32TasksLenovoImControllerLenovo iM Controller Scheduled Maintenance => “%windir%system32sc.exe” START ImControllerService

Task: 3B69195D-B13E-4E59-90FD-4CF38FA660E3 – System32TasksLenovoBatteryGaugeBatteryGaugeMaintenance => C:ProgramDataLenovoImControllerPluginsLenovoBatteryGaugePackagex64BGHelper.exe [144456 2021-05-19] (Lenovo -> Lenovo Group Ltd.)

Task: 3B84C500-F17B-46F1-8679-FE9A4C0D24E7 – System32TasksAuto Dark ModeADM Logon => C:UsersetosuAppDataLocalAuto-Dark-ModeAutoDarkMode.exe [764928 2020-08-01] (Armin Osaj) [File not signed]

Task: 3EEAF06B-0C27-40CF-B65F-7B23C4B15DF6 – System32TasksAvast Emergency Update => C:Program FilesAVAST SoftwareAvastAvEmUpdate.exe [4903192 2021-06-18] (Avast Software s.r.o. -> AVAST Software)

Task: 40C765CC-0A97-4F2D-AF66-4D18AEC11F33 – System32TasksNvTmRep_CrashReport1_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8 => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: 4816DE04-44CB-4A37-98D3-620700F31F75 – System32TasksGoogleUpdateTaskUserS-1-5-21-1384657201-1200848540-4243129229-1001Core => C:UsersetosuAppDataLocalGoogleUpdateGoogleUpdate.exe [153168 2018-07-28] (Google Inc -> Google Inc.)

Task: 514CAC80-5737-4026-BC54-7D3D54E52219 – System32TasksLenovoImControllerTimeBasedEvents86f3ce82-2204-4c14-b212-a581e0a7a61a => C:WINDOWSLenovoImControllerServiceLenovo.Modern.ImController.exe [81912 2021-06-17] (Lenovo -> Lenovo Group Ltd.)

Task: 52D9E4EF-9053-4F89-A8CC-4436C7FDF32E – System32TasksAVAST SoftwareGaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN “[email protected]” /ENABLE

Task: 52D9E4EF-9053-4F89-A8CC-4436C7FDF32E – System32TasksAVAST SoftwareGaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN “CreateExplorerShellUnelevatedTask” /ENABLE

Task: 52D9E4EF-9053-4F89-A8CC-4436C7FDF32E – System32TasksAVAST SoftwareGaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN “GoogleUpdateTaskMachineCore” /ENABLE

Task: 52D9E4EF-9053-4F89-A8CC-4436C7FDF32E – System32TasksAVAST SoftwareGaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN “GoogleUpdateTaskMachineUA” /ENABLE

Task: 52D9E4EF-9053-4F89-A8CC-4436C7FDF32E – System32TasksAVAST SoftwareGaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN “GoogleUpdateTaskUserS-1-5-21-1384657201-1200848540-4243129229-1001Core” /ENABLE

Task: 52D9E4EF-9053-4F89-A8CC-4436C7FDF32E – System32TasksAVAST SoftwareGaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN “GoogleUpdateTaskUserS-1-5-21-1384657201-1200848540-4243129229-1001UA” /ENABLE

Task: 52D9E4EF-9053-4F89-A8CC-4436C7FDF32E – System32TasksAVAST SoftwareGaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN “LenovoUtility Task” /ENABLE

Task: 52D9E4EF-9053-4F89-A8CC-4436C7FDF32E – System32TasksAVAST SoftwareGaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN “MicrosoftEdgeUpdateTaskMachineCore” /ENABLE

Task: 52D9E4EF-9053-4F89-A8CC-4436C7FDF32E – System32TasksAVAST SoftwareGaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN “MicrosoftEdgeUpdateTaskMachineUA” /ENABLE

Task: 52D9E4EF-9053-4F89-A8CC-4436C7FDF32E – System32TasksAVAST SoftwareGaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN “NvBatteryBoostCheckOnLogon_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8” /ENABLE

Task: 52D9E4EF-9053-4F89-A8CC-4436C7FDF32E – System32TasksAVAST SoftwareGaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN “NvDriverUpdateCheckDaily_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8” /ENABLE

Task: 52D9E4EF-9053-4F89-A8CC-4436C7FDF32E – System32TasksAVAST SoftwareGaming mode Task Scheduler recovery => Command(12): schtasks.exe -> /Change /TN “NVIDIA GeForce Experience SelfUpdate_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8” /ENABLE

Task: 52D9E4EF-9053-4F89-A8CC-4436C7FDF32E – System32TasksAVAST SoftwareGaming mode Task Scheduler recovery => Command(13): schtasks.exe -> /Change /TN “NvNodeLauncher_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8” /ENABLE

Task: 52D9E4EF-9053-4F89-A8CC-4436C7FDF32E – System32TasksAVAST SoftwareGaming mode Task Scheduler recovery => Command(14): schtasks.exe -> /Change /TN “NvProfileUpdaterDaily_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8” /ENABLE

Task: 52D9E4EF-9053-4F89-A8CC-4436C7FDF32E – System32TasksAVAST SoftwareGaming mode Task Scheduler recovery => Command(15): schtasks.exe -> /Change /TN “NvProfileUpdaterOnLogon_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8” /ENABLE

Task: 52D9E4EF-9053-4F89-A8CC-4436C7FDF32E – System32TasksAVAST SoftwareGaming mode Task Scheduler recovery => Command(16): schtasks.exe -> /Change /TN “NvTmRep_CrashReport1_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8” /ENABLE

Task: 52D9E4EF-9053-4F89-A8CC-4436C7FDF32E – System32TasksAVAST SoftwareGaming mode Task Scheduler recovery => Command(17): schtasks.exe -> /Change /TN “NvTmRep_CrashReport2_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8” /ENABLE

Task: 52D9E4EF-9053-4F89-A8CC-4436C7FDF32E – System32TasksAVAST SoftwareGaming mode Task Scheduler recovery => Command(18): schtasks.exe -> /Change /TN “NvTmRep_CrashReport3_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8” /ENABLE

Task: 52D9E4EF-9053-4F89-A8CC-4436C7FDF32E – System32TasksAVAST SoftwareGaming mode Task Scheduler recovery => Command(19): schtasks.exe -> /Change /TN “NvTmRep_CrashReport4_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8” /ENABLE

Task: 52D9E4EF-9053-4F89-A8CC-4436C7FDF32E – System32TasksAVAST SoftwareGaming mode Task Scheduler recovery => Command(20): schtasks.exe -> /Change /TN “OneDrive Standalone Update Task v2” /ENABLE

Task: 52D9E4EF-9053-4F89-A8CC-4436C7FDF32E – System32TasksAVAST SoftwareGaming mode Task Scheduler recovery => Command(21): schtasks.exe -> /Change /TN “OneDrive Standalone Update Task-S-1-5-21-1384657201-1200848540-4243129229-1001” /ENABLE

Task: 52D9E4EF-9053-4F89-A8CC-4436C7FDF32E – System32TasksAVAST SoftwareGaming mode Task Scheduler recovery => Command(22): schtasks.exe -> /Change /TN “AVAST SoftwareGaming mode Task Scheduler recovery” /DISABLE

Task: 533A73AC-54E8-4A98-BE60-278AABED516A – System32TasksAuto Dark ModeADM DarkSwitch => C:UsersetosuAppDataLocalAuto-Dark-ModeAutoDarkMode.exe [764928 2020-08-01] (Armin Osaj) [File not signed]

Task: 59641D0E-08EA-4109-98EB-F5883D545276 – System32TasksNvNodeLauncher_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8 => C:Program Files (x86)NVIDIA CorporationNvNodenvnodejslauncher.exe [645488 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: 5C02A8F7-95F6-471D-A752-9ED1F6852ED0 – System32TasksGoogleUpdateTaskMachineUA => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [156104 2020-07-18] (Google LLC -> Google LLC)

Task: 684861D7-B299-4438-8860-BC6E18D1DFCC – System32TasksAvast SoftwareOverseer => C:Program FilesCommon FilesAVAST SoftwareOverseeroverseer.exe [1790184 2021-04-30] (Avast Software s.r.o. -> Avast Software)

Task: 6961DFDA-08E5-4412-9821-3F4ECCB036FB – System32TasksAuto Dark ModeADM AppUpdater => C:UsersetosuAppDataLocalAuto-Dark-ModeAutoDarkMode.exe [764928 2020-08-01] (Armin Osaj) [File not signed]

Task: 6BB27EEB-252B-40F2-B457-55E089C91C58 – System32TasksKaranlık Modu Aç => Reg add HKCUSOFTWAREMicrosoftWindowsCurrentVersionThemesPersonalize /v AppsUseLightTheme /t REG_DWORD /d 0 /f

Task: 70FD29E5-8C92-4D0F-8251-D9600B7C9A2A – System32TasksAuto Dark ModeADM LightSwitch => C:UsersetosuAppDataLocalAuto-Dark-ModeAutoDarkMode.exe [764928 2020-08-01] (Armin Osaj) [File not signed]

Task: 78098DF3-2A5A-4879-8AF4-CBA8C492C042 – System32TasksNvTmRep_CrashReport4_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8 => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: 802237DB-6FF9-404C-9BC9-C4CA7D4F2698 – System32TasksGoogleUpdateTaskUserS-1-5-21-1384657201-1200848540-4243129229-1001UA => C:UsersetosuAppDataLocalGoogleUpdateGoogleUpdate.exe [153168 2018-07-28] (Google Inc -> Google Inc.)

Task: 95CB3C46-C5E3-42C0-8065-687B36FF8B57 – System32TasksMicrosoftVisualStudioUpdatesBackgroundDownload => C:Program Files (x86)Microsoft Visual StudioInstaller.f764aa554f174c7ba1951ae631efcc66resourcesappServiceHubServicesMicrosoft.VisualStudio.Setup.ServiceBackgroundDownload.exe

Task: 95CEAE37-29E6-4DDD-922B-579DE06C0550 – System32TasksKaranlık Modu Kapat (Aydınlığa Geç) => Reg add HKCUSOFTWAREMicrosoftWindowsCurrentVersionThemesPersonalize /v AppsUseLightTheme /t REG_DWORD /d 1 /f

Task: 9A7A2F3D-713D-424F-8E0B-2618FDCA7BC6 – System32TasksLenovoImControllerLenovo iM Controller Monitor => C:WINDOWSsystem32ImController.InfInstaller.exe [62448 2021-06-17] (Lenovo -> Lenovo Group Ltd.)

Task: 9D70CC4B-3034-43AC-9070-2D315AD230EC – [email protected]ook.com => C:Program Files (x86)Common FilesAdobeAdobeGCClientAGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)

Task: A9294D03-F697-46AB-8B88-8F0734B5416B – System32TasksNvTmRep_CrashReport3_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8 => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: ADC557B3-DF75-4A60-83C8-C4F54804D956 – System32TasksNvDriverUpdateCheckDaily_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8 => C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d “C:Program FilesNVIDIA CorporationNvDriverUpdateCheck” -l 3 -f C:ProgramDataNVIDIANvContainerDriverUpdateCheck.log

Task: AFAADD35-E9F2-4F26-9A1F-237434BAA284 – System32TasksCreateExplorerShellUnelevatedTask => C:WINDOWSexplorer.exe /NOUACCHECK

Task: BA7EE7DE-E63E-4E13-82D0-1566FCD62136 – System32TasksLenovoVantageLenovo.Vantage.ServiceMaintainance => %systemroot%system32sc.exe start LenovoVantageService

Task: C2201395-B759-4BC3-8B62-B4FBD9DA7A6B – System32TasksNvBatteryBoostCheckOnLogon_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8 => C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d “C:Program FilesNVIDIA CorporationNvBackendNvBatteryBoostCheck” -l 3 -f C:ProgramDataNVIDIANvContainerBatteryBoostCheck.log

Task: D505DA63-152C-42AE-A49D-1F022E3F14E6 – System32TasksLenovoImControllerTimeBasedEventsd41fe4e7-cedb-471d-9587-a09d9753c9d8 => C:WINDOWSLenovoImControllerServiceLenovo.Modern.ImController.exe [81912 2021-06-17] (Lenovo -> Lenovo Group Ltd.)

Task: D76EF9E2-771E-477D-9457-AF145BC68424 – System32TasksNvProfileUpdaterOnLogon_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8 => C:Program FilesNVIDIA CorporationUpdate CoreNvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: DF1FBB66-9B12-4624-9651-1B5453B1AB74 – System32TasksNvProfileUpdaterDaily_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8 => C:Program FilesNVIDIA CorporationUpdate CoreNvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: E6033B3C-1123-4703-8EB7-803C889A6A14 – System32TasksNvTmRep_CrashReport2_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8 => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: E9849C37-F7E2-4966-9A36-5EE7D36CF34C – System32TasksLenovoImControllerTimeBasedEvents45eae5ad-ca91-45eb-a086-1307bb9e4e89 => C:WINDOWSLenovoImControllerServiceLenovo.Modern.ImController.exe [81912 2021-06-17] (Lenovo -> Lenovo Group Ltd.)

Task: EE0A9BC9-EC8A-4243-9DDE-8A22EE93178C – System32TasksAuto Dark ModeADM Hibernation => C:UsersetosuAppDataLocalAuto-Dark-ModeAutoDarkMode.exe [764928 2020-08-01] (Armin Osaj) [File not signed]

Task: FFE565EC-9A9F-40F7-BCF0-1664B604B17A – System32TasksNVIDIA GeForce Experience SelfUpdate_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8 => C:Program FilesNVIDIA CorporationNVIDIA GeForce ExperienceNVIDIA GeForce Experience.exe [3339120 2021-06-15] (NVIDIA Corporation -> NVIDIA Corporation)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:WINDOWSTasksCreateExplorerShellUnelevatedTask.job => C:WINDOWSexplorer.exe

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

ProxyServer: [S-1-5-21-1384657201-1200848540-4243129229-1001] => 127.0.0.1:8085

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

TcpipParameters: [DhcpNameServer] 192.168.1.1

Tcpip..Interfaces1b177cdc-86af-42ac-8341-0d2697796f4f: [DhcpNameServer] 192.168.1.1

Tcpip..Interfaces2bed250d-d4af-431e-afe4-6218910d462d: [DhcpNameServer] 192.168.1.1

Tcpip..Interfaces78790d34-1b21-4ac4-8dfc-7f3cc560a0a1: [NameServer] 208.67.222.222,216.146.35.35

Tcpip..Interfaces78790d34-1b21-4ac4-8dfc-7f3cc560a0a1: [DhcpNameServer] 198.18.0.1 198.18.0.2

Tcpip..Interfacese9bcf9a1-c51f-4143-9540-eab9462522a4: [DhcpNameServer] 192.168.1.1

 

Edge: 

=======

DownloadDir: C:UsersetosuDownloads

Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsAutoFormFill [not found]

Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsBookViewer [not found]

Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsLearningTools [not found]

Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsPinJSAPI [not found]

Edge DefaultProfile: Default

Edge Profile: C:UsersetosuAppDataLocalMicrosoftEdgeUser DataDefault [2021-07-21]

Edge DownloadDir: Default -> C:UsersetosuDownloads

Edge HomePage: Default -> hxxps://www.google.com.tr/

Edge StartupUrls: Default -> “hxxps://www.google.com/”

Edge Extension: (uBlock Origin) – C:UsersetosuAppDataLocalMicrosoftEdgeUser DataDefaultExtensionscjpalhdlnbpafiamejdnhcphjbkeiagm [2021-07-07]

Edge Extension: (Disable Page Visibility API) – C:UsersetosuAppDataLocalMicrosoftEdgeUser DataDefaultExtensionseecfoibnnhheckhfokpihgefmlnenofb [2021-06-22]

Edge Extension: (Always active Window – Always Visible) – C:UsersetosuAppDataLocalMicrosoftEdgeUser DataDefaultExtensionsehllkhjndgnlokhomdlhgbineffifcbj [2021-07-08]

Edge Extension: (ClearURLs) – C:UsersetosuAppDataLocalMicrosoftEdgeUser DataDefaultExtensionslckanjgmijmafbedllaakclkaicjfmnk [2021-03-25]

Edge Extension: (IDM Integration Module) – C:UsersetosuAppDataLocalMicrosoftEdgeUser DataDefaultExtensionsllbjbkhnmlidjebalopleeepgdfgcpec [2021-03-10]

Edge Extension: (Redirector) – C:UsersetosuAppDataLocalMicrosoftEdgeUser DataDefaultExtensionsocgpenflpmgnfapjedencafcfakcekcd [2021-01-07]

Edge HKUS-1-5-21-1384657201-1200848540-4243129229-1001SOFTWAREMicrosoftEdgeExtensions…EdgeExtension: [llbjbkhnmlidjebalopleeepgdfgcpec] – C:Program Files (x86)Internet Download ManagerIDMEdgeExt.crx [2021-07-14]

Edge HKUS-1-5-21-1384657201-1200848540-4243129229-1001SOFTWAREMicrosoftEdgeExtensions…EdgeExtension: [ngpampappnmepgilojfohadhhmbhlaek] – C:Program Files (x86)Internet Download ManagerIDMGCExt.crx [2021-07-14]

 

FireFox:

========

FF HKUS-1-5-21-1384657201-1200848540-4243129229-1001…SeaMonkeyExtensions: [[email protected]] – C:UsersetosuAppDataRoamingIDMidmmzcc5

FF Extension: (IDM CC) – C:UsersetosuAppDataRoamingIDMidmmzcc5 [2018-07-27] [Legacy] [not signed]

FF HKUS-1-5-21-1384657201-1200848540-4243129229-1001…SeaMonkeyExtensions: [[email protected]] – C:Program Files (x86)Internet Download Manageridmmzcc2.xpi

FF Extension: (IDM integration) – C:Program Files (x86)Internet Download Manageridmmzcc2.xpi [2017-12-20] [Legacy]

FF Plugin: @java.com/DTPlugin,version=11.291.2 -> C:Program FilesJavajre1.8.0_291bindtpluginnpDeployJava1.dll [2021-05-18] (Oracle America, Inc. -> Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.291.2 -> C:Program FilesJavajre1.8.0_291binplugin2npjp2.dll [2021-05-18] (Oracle America, Inc. -> Oracle Corporation)

 

Chrome: 

=======

CHR HKLM…ChromeExtension: [ngpampappnmepgilojfohadhhmbhlaek] – C:Program Files (x86)Internet Download ManagerIDMGCExt.crx [2021-07-14]

CHR HKUS-1-5-21-1384657201-1200848540-4243129229-1001SOFTWAREGoogleChromeExtensions…ChromeExtension: [ngpampappnmepgilojfohadhhmbhlaek] – C:Program Files (x86)Internet Download ManagerIDMGCExt.crx [2021-07-14]

CHR HKLM-x32…ChromeExtension: [ngpampappnmepgilojfohadhhmbhlaek] – C:Program Files (x86)Internet Download ManagerIDMGCExt.crx [2021-07-14]

 

==================== Services (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S4 AGMService; C:Program Files (x86)Common FilesAdobeAdobeGCClientAGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)

S4 AGSService; C:Program Files (x86)Common FilesAdobeAdobeGCClientAGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)

R3 aswbIDSAgent; C:Program FilesAVAST SoftwareAvastaswidsagent.exe [8249936 2021-06-18] (Avast Software s.r.o. -> AVAST Software)

R2 avast! Antivirus; C:Program FilesAVAST SoftwareAvastAvastSvc.exe [625432 2021-06-18] (Avast Software s.r.o. -> AVAST Software)

R2 avast! Firewall; C:Program FilesAVAST SoftwareAvastafwServ.exe [1381656 2021-06-18] (Avast Software s.r.o. -> AVAST Software)

R2 avast! Tools; C:Program FilesAVAST SoftwareAvastaswToolsSvc.exe [373528 2021-06-18] (Avast Software s.r.o. -> AVAST Software)

R2 AvastWscReporter; C:Program FilesAVAST SoftwareAvastwsc_proxy.exe [56912 2021-05-27] (Avast Software s.r.o. -> AVAST Software)

S4 BEService; C:Program Files (x86)Common FilesBattlEyeBEService.exe [8894752 2021-01-31] (BattlEye Innovations e.K. -> )

R2 DolbyDAXAPI; C:WINDOWSsystem32dolbyaposvcDAX3API.exe [598384 2019-01-30] (Dolby Laboratories, Inc. -> )

S4 EasyAntiCheat; C:Program Files (x86)EasyAntiCheatEasyAntiCheat.exe [802432 2021-02-19] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)

R2 FMAPOService; C:WINDOWSSystem32FMService64.exe [360016 2019-05-21] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)

R2 ImControllerService; C:WINDOWSLenovoImControllerServiceLenovo.Modern.ImController.exe [81912 2021-06-17] (Lenovo -> Lenovo Group Ltd.)

S4 LenovoVantageService; C:Program Files (x86)LenovoVantageService3.7.19.0LenovoVantageService.exe [28576 2021-05-17] (Lenovo -> Lenovo Group Ltd.)

R2 LGHUBUpdaterService; C:Program FilesLGHUBlghub_updater.exe [10752928 2021-06-30] (Logitech Inc -> Logitech, Inc.)

S4 MEmuSVC; C:Program Files (x86)MicrovirtMEmuMemuService.exe [85304 2019-09-12] (Shanghai Microvirt Software Technology Co., Ltd. -> )

S4 Origin Client Service; C:Program Files (x86)OriginOriginClientService.exe [2556048 2021-07-05] (Electronic Arts, Inc. -> Electronic Arts)

S4 Origin Web Helper Service; C:Program Files (x86)OriginOriginWebHelperService.exe [3474584 2021-07-05] (Electronic Arts, Inc. -> Electronic Arts)

S4 Rockstar Service; E:OyunlarRockstar GamesLauncherRockstarService.exe [1934744 2021-06-23] (Rockstar Games, Inc. -> Rockstar Games)

S4 ss_conn_service; C:Program Files (x86)SamsungUSB Drivers27_ssconnconnss_conn_service.exe [752224 2017-01-16] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)

R2 TeamViewer; C:Program Files (x86)TeamViewerTeamViewer_Service.exe [13261608 2021-05-28] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

S4 ucldr_battlegrounds_gl; C:Program FilesCommon FilesUncheaterucldr_battlegrounds_gl.exe [6969856 2021-01-31] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)

S4 uncheater_bgl; C:Program FilesCommon FilesUncheateruncheater_bgl.exe [2097008 2019-05-28] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)

S3 vgc; C:Program FilesRiot Vanguardvgc.exe [10147296 2021-06-22] (Riot Games, Inc. -> Riot Games, Inc.)

S3 VSStandardCollectorService150; E:Microsoft Visual StudioSharedCommonDiagnosticsHub.Collection.ServiceStandardCollector.Service.exe [147392 2019-04-30] (Microsoft Corporation -> Microsoft Corporation)

S3 WdNisSvc; C:ProgramDataMicrosoftWindows Defenderplatform4.18.2102.4-0NisSrv.exe [2483616 2021-04-07] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 WinDefend; C:ProgramDataMicrosoftWindows Defenderplatform4.18.2102.4-0MsMpEng.exe [128376 2021-04-07] (Microsoft Windows Publisher -> Microsoft Corporation)

S4 zksvc; C:Program FilesCommon FilesPUBGzksvc.exe [7023744 2021-01-31] (PUBG CORPORATION -> PUBG Corporation)

R2 NVDisplay.ContainerLocalSystem; C:WINDOWSSystem32DriverStoreFileRepositorynvlti.inf_amd64_c6fc6328fcbac4e0Display.NvContainerNVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%NVIDIANVDisplay.ContainerLocalSystem.log -l 3 -d C:WINDOWSSystem32DriverStoreFileRepositorynvlti.inf_amd64_c6fc6328fcbac4e0Display.NvContainerpluginsLocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystemLocalSystem

S4 Wondershare InstallAssist; C:ProgramDataWondershareServiceInstallAssistService.exe [X]

 

===================== Drivers (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 AppleKmdfFilter; C:WINDOWSSystem32driversAppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)

S3 AppleLowerFilter; C:WINDOWSSystem32driversAppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)

R1 aswArPot; C:WINDOWSSystem32driversaswArPot.sys [216928 2021-06-18] (Avast Software s.r.o. -> AVAST Software)

R1 aswbidsdriver; C:WINDOWSSystem32driversaswbidsdriver.sys [366616 2021-06-18] (Avast Software s.r.o. -> AVAST Software)

R0 aswbidsh; C:WINDOWSSystem32driversaswbidsh.sys [250392 2021-06-18] (Avast Software s.r.o. -> AVAST Software)

R0 aswbuniv; C:WINDOWSSystem32driversaswbuniv.sys [99352 2021-06-18] (Avast Software s.r.o. -> AVAST Software)

R0 aswElam; C:WINDOWSSystem32driversaswElam.sys [17328 2021-05-27] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)

R1 aswKbd; C:WINDOWSSystem32driversaswKbd.sys [41352 2021-06-18] (Avast Software s.r.o. -> AVAST Software)

R1 aswMonFlt; C:WINDOWSSystem32driversaswMonFlt.sys [182600 2021-06-18] (Avast Software s.r.o. -> AVAST Software)

R1 aswNetHub; C:WINDOWSSystem32driversaswNetHub.sys [524400 2021-06-18] (Avast Software s.r.o. -> AVAST Software)

R1 aswRdr; C:WINDOWSSystem32driversaswRdr2.sys [107848 2021-06-18] (Avast Software s.r.o. -> AVAST Software)

R0 aswRvrt; C:WINDOWSSystem32driversaswRvrt.sys [82912 2021-06-18] (Avast Software s.r.o. -> AVAST Software)

R1 aswSnx; C:WINDOWSSystem32driversaswSnx.sys [851192 2021-06-18] (Avast Software s.r.o. -> AVAST Software)

R1 aswSP; C:WINDOWSSystem32driversaswSP.sys [471920 2021-06-18] (Avast Software s.r.o. -> AVAST Software)

R2 aswStm; C:WINDOWSSystem32driversaswStm.sys [215384 2021-06-18] (Avast Software s.r.o. -> AVAST Software)

S3 aswTap; C:WINDOWSSystem32driversaswTap.sys [53904 2021-06-20] (AVAST Software s.r.o. -> The OpenVPN Project)

R0 aswVmm; C:WINDOWSSystem32driversaswVmm.sys [327536 2021-06-18] (Avast Software s.r.o. -> AVAST Software)

S3 aswWintun; C:WINDOWSSystem32driversaswWintun.sys [37104 2021-07-07] (Avast Software s.r.o. -> WireGuard LLC)

R2 BlueStacksDrv; C:Program FilesBlueStacksBstkDrv_bgp.sys [315976 2020-10-05] (Bluestack Systems, Inc -> Bluestack System Inc.)

R2 DnsFltEngineDrv; C:WINDOWSsystem32DRIVERSDnsFltEngineDrv.sys [57080 2021-01-20] (Initeks, OOO -> Initex)

S3 evserial9; C:WINDOWSsystem32DRIVERSevserial9.sys [38544 2019-04-16] (Electronic Team, Inc. -> Electronic Team, Inc.)

S3 FBNetFilter; C:WINDOWSSystem32driversFBNetFlt.sys [52688 2020-05-21] (LENOVO (UNITED STATES) INC. -> Lenovo Group Ltd.)

R1 HWiNFO32; C:WINDOWSSysWOW64driversHWiNFO64A.SYS [27552 2019-10-05] (Martin Malik – REALiX -> REALiX™)

S3 ksapi64; C:WINDOWSsystem32driversksapi64.sys [89776 2020-07-15] (Beijing Kingsoft Security software Co.,Ltd -> Kingsoft Corporation)

R2 LGHUBTemperatureService; C:Program FilesLGHUBlogi_core_temp.sys [22864 2021-06-30] (Logitech Inc -> Logitech)

R3 logi_joy_bus_enum; C:WINDOWSsystem32driverslogi_joy_bus_enum.sys [37200 2021-06-30] (Logitech Inc -> Logitech)

R3 logi_joy_vir_hid; C:WINDOWSsystem32driverslogi_joy_vir_hid.sys [25928 2021-06-30] (Logitech Inc -> Logitech)

R3 logi_joy_xlcore; C:WINDOWSsystem32driverslogi_joy_xlcore.sys [66896 2021-06-30] (Logitech Inc -> Logitech)

R1 MEmuDrv; C:WINDOWSsystem32DRIVERSMEmuDrv.sys [320360 2021-01-04] (Shanghai Microvirt Software Technology Co., Ltd. -> Maiwei Corporation)

R1 MEmuNetLwf; C:WINDOWSsystem32DRIVERSMEmuNetLwf.sys [220560 2020-09-29] (Shanghai Microvirt Software Technology Co., Ltd. -> Maiwei Corporation)

S3 ProcLaunchMon; C:WINDOWSsystem32driversProcLaunchMon.sys [43448 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

S3 PSKMAD; C:WINDOWSSystem32DRIVERSPSKMAD.sys [50320 2015-01-29] (Panda Security S.L. -> Panda Security, S.L.)

R0 pwdrvio; C:WINDOWSSystem32pwdrvio.sys [19152 2019-11-08] (MiniTool Solution Ltd -> )

S3 pwdspio; C:WINDOWSsystem32pwdspio.sys [12504 2019-11-08] (MiniTool Solution Ltd -> )

S3 Revoflt; C:WINDOWSSystem32DRIVERSrevoflt.sys [38400 2020-10-14] (Microsoft Windows Hardware Compatibility Publisher -> VS Revo Group)

S3 RtlWlanu; C:WINDOWSSystem32driversrtwlanu.sys [12041824 2020-10-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)

S0 secnvme; C:WINDOWSSystem32driverssecnvme.sys [134120 2018-02-13] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd)

R3 tap0901; C:WINDOWSSystem32driverstap0901.sys [27136 2018-12-05] (OpenVPN Technologies, Inc. -> The OpenVPN Project)

S3 tapnordvpn; C:WINDOWSSystem32driverstapnordvpn.sys [44896 2020-06-09] (TEFINCOM S.A. -> The OpenVPN Project)

S3 tapwindscribe0901; C:WINDOWSSystem32driverstapwindscribe0901.sys [54896 2018-07-06] (Windscribe Limited -> The OpenVPN Project)

S3 VBoxNetAdp; C:WINDOWSsystem32DRIVERSVBoxNetAdp6.sys [235832 2019-01-28] (Oracle Corporation -> Oracle Corporation)

R1 vgk; C:Program FilesRiot Vanguardvgk.sys [8241992 2021-06-22] (Riot Games, Inc. -> Riot Games, Inc.)

S3 VSBC9; C:WINDOWSSystem32driversevsbc9.sys [126096 2019-04-16] (Electronic Team, Inc. -> Electronic Team, Inc.)

S3 WdBoot; C:WINDOWSsystem32driverswdWdBoot.sys [49560 2021-04-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

S3 WDC_SAM; C:WINDOWSSystem32driverswdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)

S3 WdFilter; C:WINDOWSsystem32driverswdWdFilter.sys [420072 2021-04-07] (Microsoft Windows -> Microsoft Corporation)

S3 wdm_usb; C:WINDOWSsystem32DRIVERSusb2ser.sys [140672 2017-04-10] (MBB) [File not signed]

S3 WdNisDrv; C:WINDOWSSystem32driverswdWdNisDrv.sys [72952 2021-04-07] (Microsoft Windows -> Microsoft Corporation)

S3 wintun; C:WINDOWSsystem32DRIVERSwintun.sys [36936 2021-07-04] (WireGuard LLC -> WireGuard LLC)

S3 xhunter1; C:WINDOWSxhunter1.sys [2742720 2021-01-31] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)

S3 GDPL_BOOM; SystemRootsystem32driversboomvad.sys [X]

U4 npcap_wifi; no ImagePath

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One month (created) (Whitelisted) =========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2021-07-21 11:07 – 2021-07-21 11:07 – 000000000 ____D C:FRST

2021-07-20 15:56 – 2021-07-20 15:56 – 000000000 ____D C:UsersetosuAppDataRoamingYogaDNS

2021-07-20 15:56 – 2021-07-20 15:56 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsYogaDNS

2021-07-20 15:56 – 2021-07-20 15:56 – 000000000 ____D C:Program Files (x86)YogaDNS

2021-07-20 15:56 – 2021-01-20 15:37 – 000057080 _____ (Initex) C:WINDOWSsystem32DriversDnsFltEngineDrv.sys

2021-07-20 12:17 – 2021-07-20 12:36 – 000000000 ____D C:ProgramDataHitmanPro

2021-07-20 12:12 – 2021-07-20 12:12 – 000119048 _____ (Symantec Corporation) C:WINDOWSsystem32DriversSMR540.SYS.bak

2021-07-20 12:12 – 2021-07-20 12:12 – 000000000 ____D C:ProgramDataEmsisoft

2021-07-20 12:05 – 2021-07-20 12:05 – 000000000 ____D C:UsersetosuDoctor Web

2021-07-20 12:00 – 2021-07-20 12:12 – 000000000 ____D C:Program Files (x86)stinger

2021-07-20 11:59 – 2021-07-20 11:59 – 000075725 _____ C:ProgramDatahva.1626771558.bdinstall.bin

2021-07-20 11:59 – 2015-09-14 13:03 – 000039672 _____ C:WINDOWSsystem32DriversDasPtct.SYS

2021-07-20 11:55 – 2021-07-20 11:55 – 000115472 _____ C:ProgramDataagent.1626771302.bdinstall.v2.bin

2021-07-20 11:55 – 2021-07-20 11:55 – 000000000 ____D C:UsersetosuAppDataLocalNPE

2021-07-20 11:55 – 2021-07-20 11:55 – 000000000 ____D C:ProgramDataNorton

2021-07-20 11:40 – 2021-07-20 11:40 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsPotPlayer

2021-07-20 11:29 – 2021-07-20 11:29 – 000000000 ____D C:KVRT2020_Data

2021-07-20 11:19 – 2021-07-20 11:19 – 001080528 _____ C:UsersetosuAppDataLocalcensus.cache

2021-07-20 11:18 – 2021-07-20 11:18 – 000486531 _____ C:UsersetosuAppDataLocalars.cache

2021-07-20 11:12 – 2021-07-20 11:12 – 000000010 _____ C:UsersetosuAppDataLocalsponge.last.runtime.cache

2021-07-20 11:07 – 2021-07-20 11:07 – 000000036 _____ C:UsersetosuAppDataLocalhousecall.guid.cache

2021-07-19 22:54 – 2021-07-19 22:54 – 000000000 ____D C:WINDOWSLastGood.Tmp

2021-07-19 22:34 – 2021-07-13 20:07 – 001858664 _____ C:WINDOWSsystem32vulkaninfo-1-999-0-0-0.exe

2021-07-19 22:34 – 2021-07-13 20:07 – 001858664 _____ C:WINDOWSsystem32vulkaninfo.exe

2021-07-19 22:34 – 2021-07-13 20:07 – 001438824 _____ C:WINDOWSSysWOW64vulkaninfo-1-999-0-0-0.exe

2021-07-19 22:34 – 2021-07-13 20:07 – 001438824 _____ C:WINDOWSSysWOW64vulkaninfo.exe

2021-07-19 22:34 – 2021-07-13 20:07 – 001097856 _____ C:WINDOWSsystem32vulkan-1-999-0-0-0.dll

2021-07-19 22:34 – 2021-07-13 20:07 – 001097856 _____ C:WINDOWSsystem32vulkan-1.dll

2021-07-19 22:34 – 2021-07-13 20:07 – 000951936 _____ C:WINDOWSSysWOW64vulkan-1-999-0-0-0.dll

2021-07-19 22:34 – 2021-07-13 20:07 – 000951936 _____ C:WINDOWSSysWOW64vulkan-1.dll

2021-07-19 22:34 – 2021-07-13 20:06 – 001474704 _____ (Khronos Group) C:WINDOWSsystem32OpenCL.dll

2021-07-19 22:34 – 2021-07-13 20:06 – 001212560 _____ (Khronos Group) C:WINDOWSSysWOW64OpenCL.dll

2021-07-19 22:34 – 2021-07-13 20:02 – 001520776 _____ (NVIDIA Corporation) C:WINDOWSsystem32NvIFR64.dll

2021-07-19 22:34 – 2021-07-13 20:02 – 000716912 _____ C:WINDOWSsystem32nvofapi64.dll

2021-07-19 22:34 – 2021-07-13 20:02 – 000676480 _____ (NVIDIA Corporation) C:WINDOWSsystem32NvIFROpenGL.dll

2021-07-19 22:34 – 2021-07-13 20:02 – 000645232 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvml.dll

2021-07-19 22:34 – 2021-07-13 20:02 – 000577152 _____ C:WINDOWSSysWOW64nvofapi.dll

2021-07-19 22:34 – 2021-07-13 20:02 – 000564352 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64NvIFROpenGL.dll

2021-07-19 22:34 – 2021-07-13 20:01 – 002112128 _____ (NVIDIA Corporation) C:WINDOWSsystem32NvFBC64.dll

2021-07-19 22:34 – 2021-07-13 20:01 – 001595520 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64NvFBC.dll

2021-07-19 22:34 – 2021-07-13 20:01 – 001171072 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64NvIFR.dll

2021-07-19 22:34 – 2021-07-13 20:01 – 000919168 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvEncodeAPI64.dll

2021-07-19 22:34 – 2021-07-13 20:01 – 000750208 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64nvEncodeAPI.dll

2021-07-19 22:34 – 2021-07-13 20:01 – 000706176 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvidia-smi.exe

2021-07-19 22:34 – 2021-07-13 20:00 – 008854144 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvcuvid.dll

2021-07-19 22:34 – 2021-07-13 20:00 – 007920768 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64nvcuvid.dll

2021-07-19 22:34 – 2021-07-13 20:00 – 005680760 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvcpl.dll

2021-07-19 22:34 – 2021-07-13 20:00 – 004987520 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64nvcuda.dll

2021-07-19 22:34 – 2021-07-13 20:00 – 002925696 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvcuda.dll

2021-07-19 22:34 – 2021-07-13 20:00 – 000447104 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvdebugdump.exe

2021-07-19 22:34 – 2021-07-13 19:59 – 000849008 _____ (NVIDIA Corporation) C:WINDOWSsystem32MCU.exe

2021-07-19 22:34 – 2021-07-13 19:57 – 006215792 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64nvapi.dll

2021-07-19 22:34 – 2021-07-12 14:32 – 000083062 _____ C:WINDOWSsystem32nvinfo.pb

2021-07-19 18:45 – 2021-07-19 18:45 – 003639972 _____ C:WINDOWSMinidump71921-30593-01.dmp

2021-07-19 08:56 – 2021-07-19 09:08 – 000000000 ____D C:Program FilesMalwarebytes

2021-07-18 00:53 – 2021-07-18 00:53 – 000000000 ____D C:UsersetosuAppDataRoamingMicrosoftWindowsStart MenuProgramsStremio

2021-07-18 00:44 – 2021-07-18 00:44 – 000001806 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsVisual Studio 2019.lnk

2021-07-16 14:55 – 2021-07-16 14:55 – 003612340 _____ C:WINDOWSMinidump71621-31218-01.dmp

2021-07-14 17:00 – 2018-12-20 02:05 – 000229296 _____ (Tonec Inc.) C:WINDOWSsystem32Driversidmwfp.sys

2021-07-14 12:06 – 2021-07-14 12:06 – 000000000 ____D C:UsersetosuDocumentsAudacity

2021-07-14 10:44 – 2021-07-14 10:44 – 001823280 _____ (Microsoft Corporation) C:WINDOWSsystem32winload.efi

2021-07-14 10:44 – 2021-07-14 10:44 – 000011357 _____ C:WINDOWSsystem32DrtmAuthTxt.wim

2021-07-14 10:44 – 2021-07-14 10:44 – 000007680 _____ (Microsoft Corporation) C:WINDOWSSysWOW64MsraLegacy.tlb

2021-07-14 10:44 – 2021-07-14 10:44 – 000007680 _____ (Microsoft Corporation) C:WINDOWSsystem32MsraLegacy.tlb

2021-07-14 10:44 – 2021-07-14 10:44 – 000006656 _____ (Microsoft Corporation) C:WINDOWSSysWOW64rendezvousSession.tlb

2021-07-14 10:44 – 2021-07-14 10:44 – 000006656 _____ (Microsoft Corporation) C:WINDOWSsystem32rendezvousSession.tlb

2021-07-12 20:36 – 2020-10-26 08:51 – 012041824 _____ (Realtek Semiconductor Corporation ) C:WINDOWSsystem32Driversrtwlanu.sys

2021-07-12 20:36 – 2010-12-01 09:31 – 000451072 _____ C:WINDOWSSysWOW64ISSRemoveSP.exe

2021-07-07 18:52 – 2021-07-07 18:52 – 000037104 _____ (WireGuard LLC) C:WINDOWSsystem32DriversaswWintun.sys

2021-07-07 18:41 – 2021-07-07 18:41 – 003675228 _____ C:WINDOWSMinidump70721-31390-01.dmp

2021-07-05 14:20 – 2021-07-05 14:20 – 000001307 _____ C:UsersetosuDownloadsgoogle-services (3).json

2021-07-05 14:05 – 2021-07-05 14:05 – 000000000 ____D C:UsersetosuAppDataLocalkotlin

2021-07-04 19:40 – 2021-07-04 19:40 – 000036936 _____ (WireGuard LLC) C:WINDOWSsystem32Driverswintun.sys

2021-07-04 11:15 – 2021-07-20 10:34 – 000002555 _____ C:UsersetosuAppDataRoamingMicrosoftWindowsStart MenuProgramsGoogle Chrome Canary.lnk

2021-07-04 11:15 – 2021-07-04 11:19 – 000001728 _____ C:UsersetosuDesktopGoogle Chrome.lnk

2021-07-04 11:15 – 2021-07-04 11:15 – 001310832 _____ (Google LLC) C:UsersetosuDownloadsChromeSetup.exe

2021-07-03 22:49 – 2021-07-03 22:49 – 000000000 ____D C:UsersetosuAppDataLocalapktool

2021-07-03 22:42 – 2021-07-03 22:44 – 000000000 ____D C:Usersetosubundle412

2021-07-03 22:40 – 2021-07-03 22:49 – 000000000 ____D C:UsersetosuDownloadsbundle

2021-07-03 20:50 – 2021-06-10 21:26 – 000317864 _____ C:WINDOWSsystem32libmfxhw64.dll

2021-07-03 20:50 – 2021-06-10 21:26 – 000265960 _____ C:WINDOWSSysWOW64libmfxhw32.dll

2021-07-03 20:50 – 2021-06-10 21:26 – 000182184 _____ (Intel Corporation) C:WINDOWSsystem32intel_gfx_api-x64.dll

2021-07-03 20:50 – 2021-06-10 21:26 – 000157264 _____ (Intel Corporation) C:WINDOWSSysWOW64intel_gfx_api-x86.dll

2021-07-03 20:50 – 2021-06-10 21:25 – 026685248 _____ (Intel Corporation) C:WINDOWSsystem32mfxplugin64_hw.dll

2021-07-03 20:50 – 2021-06-10 21:25 – 013528896 _____ (Intel Corporation) C:WINDOWSSysWOW64mfxplugin32_hw.dll

2021-07-02 10:49 – 2021-07-02 10:49 – 002189804 _____ C:WINDOWSMinidump70221-32125-01.dmp

2021-06-30 20:29 – 2021-06-30 20:29 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsqBittorrent

2021-06-30 20:29 – 2021-06-30 20:29 – 000000000 ____D C:Program FilesqBittorrent

2021-06-30 20:09 – 2021-06-30 20:09 – 000000000 ____D C:UsersetosuAppDataRoamingMicrosoftWindowsStart MenuProgramsZoom

2021-06-30 12:39 – 2021-07-21 10:29 – 000000000 ____D C:UsersetosuAppDataRoamingLGHUB

2021-06-30 12:39 – 2021-07-21 10:29 – 000000000 ____D C:UsersetosuAppDataLocalLGHUB

2021-06-30 12:39 – 2021-06-30 12:39 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsLogi

2021-06-30 12:39 – 2021-06-30 12:39 – 000000000 ____D C:ProgramDataLogishrd

2021-06-30 12:39 – 2021-06-30 12:39 – 000000000 ____D C:Program FilesLGHUB

2021-06-30 12:38 – 2021-06-30 12:38 – 000066896 _____ (Logitech) C:WINDOWSsystem32Driverslogi_joy_xlcore.sys

2021-06-30 12:38 – 2021-06-30 12:38 – 000037200 _____ (Logitech) C:WINDOWSsystem32Driverslogi_joy_bus_enum.sys

2021-06-30 12:38 – 2021-06-30 12:38 – 000025928 _____ (Logitech) C:WINDOWSsystem32Driverslogi_joy_vir_hid.sys

2021-06-30 12:37 – 2021-06-30 12:39 – 000000000 ____D C:ProgramDataLGHUB

2021-06-24 08:09 – 2021-06-24 08:09 – 000002245 _____ C:UsersPublicDesktopApache NetBeans IDE 12.4.lnk

2021-06-24 08:08 – 2021-06-24 08:09 – 000000000 ____D C:Program FilesNetBeans-12.4

2021-06-23 18:21 – 2021-05-04 10:49 – 000001951 _____ C:WINDOWSNvContainerRecovery.bat

2021-06-22 13:04 – 2021-06-22 13:04 – 000000000 ____D C:WINDOWSsystem32TasksAgent Activation Runtime

2021-06-21 13:38 – 2021-06-21 13:38 – 003939940 _____ C:WINDOWSMinidump62121-20312-01.dmp

 

==================== One month (modified) ==================

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2021-07-21 11:08 – 2019-12-07 12:14 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft

2021-07-21 11:04 – 2019-11-02 15:28 – 000000000 ____D C:UsersetosuAppDataRoamingHandBrake

2021-07-21 11:04 – 2018-08-13 14:52 – 000000000 ____D C:UsersetosuAppDataRoamingMozilla

2021-07-21 11:04 – 2018-08-13 14:52 – 000000000 ____D C:UsersetosuAppDataLocalMozilla

2021-07-21 10:54 – 2020-07-18 10:53 – 000000000 ____D C:Program Files (x86)Google

2021-07-21 10:49 – 2018-11-04 17:48 – 000000000 ____D C:ProgramDataMozilla

2021-07-21 10:48 – 2018-08-13 14:52 – 000000000 ____D C:UsersetosuAppDataLocalLowMozilla

2021-07-21 10:35 – 2020-05-15 20:00 – 000673064 _____ C:WINDOWSsystem32perfh01F.dat

2021-07-21 10:35 – 2020-05-15 20:00 – 000137242 _____ C:WINDOWSsystem32perfc01F.dat

2021-07-21 10:35 – 2020-05-15 09:20 – 001594714 _____ C:WINDOWSsystem32PerfStringBackup.INI

2021-07-21 10:35 – 2019-12-07 12:13 – 000000000 ____D C:WINDOWSINF

2021-07-21 10:30 – 2021-06-10 16:14 – 000000001 _____ C:WINDOWSvgkbootstatus.dat

2021-07-21 10:28 – 2018-07-28 09:54 – 000000000 __SHD C:UsersetosuIntelGraphicsProfiles

2021-07-21 10:28 – 2018-07-12 08:15 – 000000000 ____D C:ProgramDataNVIDIA

2021-07-21 10:27 – 2020-07-22 19:49 – 000000000 ____D C:Program Files (x86)TeamViewer

2021-07-21 10:27 – 2020-07-18 10:53 – 000003468 _____ C:WINDOWSsystem32TasksGoogleUpdateTaskMachineUA

2021-07-21 10:27 – 2020-07-18 10:53 – 000003244 _____ C:WINDOWSsystem32TasksGoogleUpdateTaskMachineCore

2021-07-21 10:27 – 2020-05-15 09:21 – 000003646 _____ C:WINDOWSsystem32TasksGoogleUpdateTaskUserS-1-5-21-1384657201-1200848540-4243129229-1001UA

2021-07-21 10:27 – 2020-05-15 09:21 – 000003494 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskMachineUA

2021-07-21 10:27 – 2020-05-15 09:21 – 000003492 _____ C:WINDOWSsystem32TasksLenovoUtility Task

2021-07-21 10:27 – 2020-05-15 09:21 – 000003398 _____ C:WINDOWSsystem32TasksNvDriverUpdateCheckDaily_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8

2021-07-21 10:27 – 2020-05-15 09:21 – 000003378 _____ C:WINDOWSsystem32TasksGoogleUpdateTaskUserS-1-5-21-1384657201-1200848540-4243129229-1001Core

2021-07-21 10:27 – 2020-05-15 09:21 – 000003270 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskMachineCore

2021-07-21 10:27 – 2020-05-15 09:21 – 000003196 _____ C:WINDOWSsystem32TasksNvBatteryBoostCheckOnLogon_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8

2021-07-21 10:27 – 2020-05-15 09:21 – 000003152 _____ C:WINDOWSsystem32TasksNVIDIA GeForce Experience SelfUpdate_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8

2021-07-21 10:27 – 2020-05-15 09:21 – 000002984 _____ C:WINDOWSsystem32TasksNvProfileUpdaterDaily_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8

2021-07-21 10:27 – 2020-05-15 09:21 – 000002948 _____ C:WINDOWSsystem32TasksNvTmRep_CrashReport4_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8

2021-07-21 10:27 – 2020-05-15 09:21 – 000002948 _____ C:WINDOWSsystem32TasksNvTmRep_CrashReport3_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8

2021-07-21 10:27 – 2020-05-15 09:21 – 000002948 _____ C:WINDOWSsystem32TasksNvTmRep_CrashReport2_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8

2021-07-21 10:27 – 2020-05-15 09:21 – 000002948 _____ C:WINDOWSsystem32TasksNvTmRep_CrashReport1_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8

2021-07-21 10:27 – 2020-05-15 09:21 – 000002914 _____ C:WINDOWSsystem32TasksNvNodeLauncher_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8

2021-07-21 10:27 – 2020-05-15 09:21 – 000002862 _____ C:WINDOWSsystem32TasksOneDrive Standalone Update Task-S-1-5-21-1384657201-1200848540-4243129229-1001

2021-07-21 10:27 – 2020-05-15 09:21 – 000002856 _____ C:WIN[email protected]outlook.com

2021-07-21 10:27 – 2020-05-15 09:21 – 000002770 _____ C:WINDOWSsystem32TasksOneDrive Standalone Update Task v2

2021-07-21 10:27 – 2020-05-15 09:21 – 000002744 _____ C:WINDOWSsystem32TasksNvProfileUpdaterOnLogon_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8

2021-07-21 10:27 – 2020-05-15 09:21 – 000002590 _____ C:WINDOWSsystem32TasksCreateExplorerShellUnelevatedTask

2021-07-21 10:27 – 2020-05-15 09:21 – 000000006 ____H C:WINDOWSTasksSA.DAT

2021-07-21 10:27 – 2020-05-15 09:10 – 000008192 ___SH C:DumpStack.log.tmp

2021-07-21 10:27 – 2020-05-15 09:10 – 000000000 ____D C:WINDOWSsystem32SleepStudy

2021-07-21 10:27 – 2019-12-07 12:14 – 000000000 ____D C:WINDOWSServiceState

2021-07-21 10:27 – 2019-10-04 21:33 – 000000134 _____ C:WINDOWSsystem32regtest.txt

2021-07-21 10:27 – 2018-07-12 08:11 – 000000000 ___HD C:Intel

2021-07-21 03:52 – 2018-07-27 22:53 – 000000000 ____D C:Program Files (x86)Steam

2021-07-21 00:31 – 2021-03-13 00:40 – 000000000 ____D C:UsersetosuDownloadsMEmu Download

2021-07-21 00:31 – 2020-05-20 09:40 – 000000000 ____D C:Usersetosu.MemuHyperv

2021-07-20 23:29 – 2020-05-15 09:21 – 000000000 ____D C:WINDOWSsystem32TasksAvast Software

2021-07-20 22:56 – 2019-12-07 12:14 – 000000000 ___HD C:Program FilesWindowsApps

2021-07-20 22:55 – 2020-02-15 15:03 – 000002445 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Edge.lnk

2021-07-20 22:42 – 2018-09-15 13:00 – 000000000 ____D C:UsersetosuAppDataRoamingqBittorrent

2021-07-20 22:28 – 2019-12-07 12:14 – 000000000 ____D C:WINDOWSAppReadiness

2021-07-20 22:18 – 2018-07-27 21:07 – 000000000 ____D C:UsersetosuAppDataRoamingDMCache

2021-07-20 22:16 – 2020-07-06 20:02 – 000000000 ____D C:UsersetosuAppDataRoamingWhatsApp

2021-07-20 17:36 – 2018-08-20 00:13 – 000000000 ____D C:UsersetosuDownloadsCompressed

2021-07-20 16:31 – 2020-05-15 09:11 – 000002364 _____ C:UsersetosuAppDataRoamingMicrosoftWindowsStart MenuProgramsOneDrive.lnk

2021-07-20 16:31 – 2018-07-28 09:56 – 000000000 ___RD C:UsersetosuOneDrive

2021-07-20 16:28 – 2020-05-15 09:11 – 000000000 ____D C:Usersetosu

2021-07-20 16:28 – 2018-07-28 10:04 – 000000000 ____D C:ProgramDataAVAST Software

2021-07-20 16:28 – 2018-07-27 23:37 – 000000000 ____D C:Program FilesCommon FilesAVAST Software

2021-07-20 16:27 – 2019-12-07 12:03 – 001310720 _____ C:WINDOWSsystem32configBBI

2021-07-20 15:16 – 2019-12-07 12:03 – 000032768 _____ C:WINDOWSsystem32configELAM

2021-07-20 13:20 – 2018-07-27 23:23 – 000000000 ____D C:Program FilesAVAST Software

2021-07-20 13:05 – 2018-07-28 10:06 – 000000000 ____D C:UsersetosuAppDataLocalNVIDIA

2021-07-20 13:04 – 2018-07-28 10:01 – 000000000 ____D C:UsersetosuAppDataLocalCrashDumps

2021-07-20 13:03 – 2021-06-10 14:53 – 000000000 ____D C:ProgramDataRiot Games

2021-07-20 12:23 – 2019-06-04 23:26 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsRevo Uninstaller Pro

2021-07-19 22:53 – 2018-07-12 08:14 – 000000000 ____D C:ProgramDataNVIDIA Corporation

2021-07-19 18:45 – 2021-05-09 16:32 – 1905121158 _____ C:WINDOWSMEMORY.DMP

2021-07-19 18:45 – 2020-07-25 10:22 – 000000000 ____D C:WINDOWSMinidump

2021-07-19 12:57 – 2018-07-28 12:26 – 000000000 ____D C:Usersetosu.android

2021-07-19 09:35 – 2018-07-27 21:09 – 000000884 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsNotepad++.lnk

2021-07-19 09:35 – 2018-07-27 21:09 – 000000000 ____D C:UsersetosuAppDataRoamingNotepad++

2021-07-19 09:35 – 2018-07-27 21:09 – 000000000 ____D C:Program FilesNotepad++

2021-07-19 09:29 – 2019-12-07 12:14 – 000000000 ___HD C:WINDOWSELAMBKUP

2021-07-19 08:20 – 2020-05-15 09:21 – 000004264 _____ C:WINDOWSsystem32TasksAvast Emergency Update

2021-07-18 09:54 – 2019-12-29 13:35 – 000000000 ____D C:Program Files (x86)Microsoft Visual Studio

2021-07-18 00:54 – 2020-12-10 22:55 – 000001483 _____ C:UsersetosuAppDataRoamingMicrosoftWindowsStart MenuProgramsNVIDIA GeForce NOW.lnk

2021-07-18 00:54 – 2018-07-28 09:54 – 000000000 ____D C:UsersetosuAppDataLocalNVIDIA Corporation

2021-07-18 00:46 – 2019-12-29 14:04 – 000000000 ____D C:UsersetosuAppDataLocal.IdentityService

2021-07-18 00:43 – 2019-12-29 13:36 – 000001440 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsVisual Studio Installer.lnk

2021-07-18 00:42 – 2021-06-15 23:20 – 000000000 ____D C:UsersetosuAppDataRoamingvlc

2021-07-17 15:28 – 2020-07-06 20:14 – 000000000 ____D C:UsersetosuAppDataLocalWhatsApp

2021-07-16 14:55 – 2019-12-07 12:14 – 000000000 ____D C:WINDOWSLiveKernelReports

2021-07-16 14:55 – 2018-07-27 21:06 – 000000000 ____D C:Program Files (x86)Internet Download Manager

2021-07-16 10:49 – 2018-07-27 21:07 – 000000000 ____D C:UsersetosuAppDataRoamingIDM

2021-07-15 09:32 – 2020-05-15 09:10 – 000565672 _____ C:WINDOWSsystem32FNTCACHE.DAT

2021-07-15 09:31 – 2019-12-07 12:14 – 000000000 ____D C:WINDOWSSystemResources

2021-07-15 09:31 – 2019-12-07 12:14 – 000000000 ____D C:WINDOWSsystem32WinBioPlugIns

2021-07-15 09:31 – 2019-12-07 12:14 – 000000000 ____D C:WINDOWSbcastdvr

2021-07-15 09:31 – 2019-12-07 12:14 – 000000000 ____D C:Program FilesCommon FilesSystem

2021-07-14 11:30 – 2021-05-16 18:26 – 000000000 ____D C:UsersetosuAppDataRoamingOrigin

2021-07-14 11:30 – 2021-01-22 22:15 – 000000000 ____D C:ProgramDataOrigin

2021-07-14 11:30 – 2020-07-18 21:16 – 000000000 ____D C:UsersetosuAppDataLocalUbisoft Game Launcher

2021-07-14 11:28 – 2021-05-16 02:19 – 000000000 ____D C:Program Files (x86)Origin Games

2021-07-14 11:28 – 2021-01-22 22:15 – 000000000 ____D C:UsersetosuAppDataLocalOrigin

2021-07-14 10:45 – 2019-12-07 12:03 – 000000000 ____D C:WINDOWSCbsTemp

2021-07-14 10:38 – 2018-07-27 21:55 – 000000000 ____D C:WINDOWSsystem32MRT

2021-07-14 10:35 – 2018-07-27 21:55 – 133422552 ____C (Microsoft Corporation) C:WINDOWSsystem32MRT.exe

2021-07-13 19:57 – 2020-04-16 18:45 – 007280312 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvapi64.dll

2021-07-12 23:22 – 2018-12-26 17:43 – 000000000 ___HD C:Program Files (x86)InstallShield Installation Information

2021-07-12 23:20 – 2019-12-07 12:14 – 000000000 ____D C:WINDOWSsystem32NDF

2021-07-12 23:17 – 2019-01-21 19:42 – 000000644 _____ C:WINDOWSsystem32Driversetchosts.ics

2021-07-12 09:01 – 2021-06-10 15:09 – 000000000 ____D C:Program FilesRiot Vanguard

2021-07-11 13:47 – 2018-07-27 22:51 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsK-Lite Codec Pack

2021-07-11 13:47 – 2018-07-27 22:51 – 000000000 ____D C:Program Files (x86)K-Lite Codec Pack

2021-07-11 13:43 – 2018-08-08 14:41 – 000000000 ____D C:UsersetosuAppDataRoamingMicrosoftWindowsStart MenuProgramsFileZilla FTP Client

2021-07-11 13:43 – 2018-08-08 14:41 – 000000000 ____D C:UsersetosuAppDataRoamingFileZilla

2021-07-11 13:43 – 2018-08-08 14:41 – 000000000 ____D C:Program FilesFileZilla FTP Client

2021-07-11 12:05 – 2019-10-29 23:16 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsTechSmith

2021-07-11 12:05 – 2018-07-12 08:09 – 000000000 ____D C:ProgramDataPackage Cache

2021-07-09 20:18 – 2020-08-24 20:32 – 000000000 ____D C:UsersetosuAppDataRoamingDownloaded Installations

2021-07-07 19:05 – 2018-07-28 09:55 – 000000000 ____D C:UsersetosuAppDataLocalPlaceholderTileLogoFolder

2021-07-05 13:58 – 2018-08-14 17:34 – 000000000 ____D C:Usersetosu.gradle

2021-07-05 12:18 – 2021-01-22 22:16 – 000000000 ____D C:Program Files (x86)Origin

2021-07-05 10:08 – 2018-07-28 10:04 – 000000000 ____D C:UsersetosuAppDataRoamingGoogle

2021-07-05 10:08 – 2018-07-28 09:58 – 000000000 ____D C:UsersetosuAppDataLocalGoogle

2021-07-05 10:07 – 2018-07-28 12:22 – 000000000 ____D C:Program FilesAndroid

2021-07-05 09:08 – 2020-07-18 10:54 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsBackup and Sync from Google

2021-07-04 19:21 – 2020-08-04 20:20 – 000001081 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsWireGuard.lnk

2021-07-04 19:21 – 2020-08-04 20:20 – 000000000 ____D C:Program FilesWireGuard

2021-07-04 17:57 – 2020-10-03 20:55 – 000000914 _____ C:UsersetosuDownloadssettings.ini

2021-07-04 17:57 – 2020-10-03 20:55 – 000000000 _____ C:UsersetosuDownloadsuser-whitelist.txt

2021-07-04 17:57 – 2020-10-03 20:55 – 000000000 _____ C:UsersetosuDownloadsuser-blacklist.txt

2021-07-01 17:35 – 2018-07-28 11:15 – 000000000 ____D C:Program FilesWinRAR

2021-06-30 20:25 – 2018-07-27 21:02 – 000000000 ____D C:UsersetosuAppDataRoamingMicrosoftWindowsStart MenuProgramsWinRAR

2021-06-30 20:25 – 2018-07-27 21:02 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsWinRAR

2021-06-30 20:09 – 2020-07-03 23:48 – 000001938 _____ C:UsersetosuDesktopZoom.lnk

2021-06-30 20:09 – 2020-03-25 13:32 – 000000000 ____D C:UsersetosuAppDataRoamingZoom

2021-06-29 15:07 – 2020-04-20 22:47 – 000000000 ____D C:UsersetosuAppDataLocalSquirrelTemp

2021-06-25 09:17 – 2018-11-03 17:43 – 000000000 ____D C:UsersetosuAppDataRoamingMicrosoftWindowsStart MenuProgramsEclipse

2021-06-24 08:37 – 2018-11-03 17:35 – 000000000 ____D C:Usersetosueclipse

2021-06-24 08:37 – 2018-11-03 17:34 – 000000000 ____D C:Usersetosu.p2

2021-06-24 08:19 – 2019-12-24 15:49 – 000000000 ____D C:UsersetosuAppDataRoamingNetBeans

2021-06-24 08:17 – 2019-12-27 19:00 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsApache NetBeans

2021-06-24 08:17 – 2019-12-24 15:38 – 000000000 ____D C:Usersetosu.nbi

2021-06-23 18:45 – 2020-06-03 13:30 – 000000000 ____D C:UsersetosuAppDataLocalDeployment

2021-06-23 18:21 – 2018-07-12 08:15 – 000000000 ____D C:Program Files (x86)NVIDIA Corporation

2021-06-23 18:21 – 2018-07-12 08:13 – 000000000 ____D C:Program FilesNVIDIA Corporation

2021-06-23 11:45 – 2018-08-03 22:45 – 000000000 ____D C:Program Files (x86)Rockstar Games

2021-06-23 11:45 – 2018-08-03 22:43 – 000000000 ____D C:Program FilesRockstar Games

2021-06-22 12:50 – 2020-07-15 16:59 – 000000000 ____D C:UsersetosuAppDataRoamingAnyDesk

 

==================== Files in the root of some directories ========

 

2020-10-17 00:17 – 2020-10-17 00:17 – 000000256 _____ () C:ProgramDatafontcacheev1.dat

2021-07-20 16:27 – 2021-07-20 16:28 – 000006628 _____ () C:ProgramDataSMRResults540.dat

2020-08-23 06:36 – 2020-08-23 06:36 – 000000048 ____H () C:Program Files (x86)718wjx1frq.dat

2020-07-31 20:35 – 2020-07-31 20:35 – 000000068 _____ () C:UsersetosuAppDataRoamingchangzhi_leidian.data

2019-12-07 09:31 – 2019-12-07 14:03 – 000000600 _____ () C:UsersetosuAppDataRoamingPUTTY.RND

2019-12-06 23:35 – 2019-12-06 23:35 – 000000600 _____ () C:UsersetosuAppDataRoamingwinscp.rnd

2019-02-24 00:09 – 2021-03-21 19:07 – 000001889 _____ () C:UsersetosuAppDataLocalAdobe Web için kaydet 13.0 Prefs

2021-07-20 11:18 – 2021-07-20 11:18 – 000486531 _____ () C:UsersetosuAppDataLocalars.cache

2021-07-20 11:19 – 2021-07-20 11:19 – 001080528 _____ () C:UsersetosuAppDataLocalcensus.cache

2021-07-20 11:07 – 2021-07-20 11:07 – 000000036 _____ () C:UsersetosuAppDataLocalhousecall.guid.cache

2018-11-17 04:35 – 2018-11-17 04:35 – 000000000 _____ () C:UsersetosuAppDataLocaloobelibMkey.log

2018-11-18 12:07 – 2020-12-01 19:57 – 000000128 _____ () C:UsersetosuAppDataLocalPUTTY.RND

2018-08-20 23:43 – 2020-10-21 20:27 – 000007593 _____ () C:UsersetosuAppDataLocalResmon.ResmonCfg

2021-07-20 11:12 – 2021-07-20 11:12 – 000000010 _____ () C:UsersetosuAppDataLocalsponge.last.runtime.cache

2019-07-01 19:01 – 2019-07-01 19:36 – 000000127 _____ () C:UsersetosuAppDataLocaluts.ini

 

==================== SigCheckExt =========================

 

2019-03-18 19:18 – 2019-03-18 19:18 – 000459264 _____ (Microsoft Corporation) C:WINDOWSsystem32d3dref9.dll

2018-04-12 02:34 – 2018-04-12 02:34 – 001210368 _____ (Microsoft Corporation) C:WINDOWSsystem32dml.dll

2018-07-29 02:19 – 2018-07-29 02:19 – 001308672 _____ C:WINDOWSsystem32FaceProcessor.dll

2018-04-12 02:34 – 2018-04-12 02:34 – 000051200 _____ (Microsoft Corporation) C:WINDOWSsystem32gamemonitor.dll

2020-08-18 19:38 – 2021-06-08 10:41 – 000091136 _____ (Microsoft Corporation) C:WINDOWSsystem32gamingtcuihelpers.dll

2018-09-13 16:05 – 2018-08-28 09:49 – 000677376 _____ (Microsoft Corporation) C:WINDOWSsystem32HeadTrackerStorage.dll

2018-04-12 02:34 – 2018-04-12 02:34 – 000251392 _____ (Microsoft Corporation) C:WINDOWSsystem32IPPMon.dll

2018-04-12 02:34 – 2018-04-12 02:34 – 000049664 _____ C:WINDOWSsystem32PerceptionSimulationInput.exe

2018-08-19 20:17 – 2019-11-08 09:15 – 003600896 _____ C:WINDOWSsystem32pwNative.exe

2018-07-30 18:29 – 2006-08-25 23:17 – 000086016 _____ (Microsoft Corporation) C:WINDOWSSysWOW64atl70.dll

2018-07-30 18:29 – 2011-01-12 12:53 – 000090112 _____ (Microsoft Corporation) C:WINDOWSSysWOW64atl71.dll

2018-04-12 02:34 – 2018-04-12 02:34 – 000072192 _____ (Microsoft Corporation) C:WINDOWSSysWOW64cflapi.dll

2018-08-09 14:53 – 2018-08-09 14:53 – 000332800 _____ (Microsoft Corporation) C:WINDOWSSysWOW64D2D1Debug2.dll

2018-08-09 14:56 – 2018-08-09 14:56 – 000575488 _____ (Microsoft Corporation) C:WINDOWSSysWOW64d3d11sdklayers.dll

2018-08-09 14:56 – 2018-08-09 14:56 – 000698368 _____ (Microsoft Corporation) C:WINDOWSSysWOW64d3d11_1sdklayers.dll

2018-08-09 14:56 – 2018-08-09 14:56 – 000936960 _____ (Microsoft Corporation) C:WINDOWSSysWOW64d3d11_2sdklayers.dll

2019-03-18 18:10 – 2019-03-18 18:10 – 000375808 _____ (Microsoft Corporation) C:WINDOWSSysWOW64d3dref9.dll

2018-04-12 02:34 – 2018-04-12 02:34 – 001161216 _____ (Microsoft Corporation) C:WINDOWSSysWOW64dml.dll

2018-04-12 02:34 – 2018-04-12 02:34 – 000041472 _____ (Microsoft Corporation) C:WINDOWSSysWOW64gamemonitor.dll

2021-07-12 20:36 – 2010-12-01 09:31 – 000451072 _____ C:WINDOWSSysWOW64ISSRemoveSP.exe

2018-07-30 18:29 – 2006-08-26 00:07 – 001024000 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mfc70.dll

2018-07-30 18:29 – 2006-08-26 00:15 – 000040960 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mfc70chs.dll

2018-07-30 18:29 – 2006-08-26 00:15 – 000045056 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mfc70cht.dll

2018-07-30 18:29 – 2006-08-26 00:15 – 000061440 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mfc70deu.dll

2018-07-30 18:29 – 2006-08-26 00:15 – 000057344 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mfc70enu.dll

2018-07-30 18:29 – 2006-08-26 00:15 – 000061440 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mfc70esp.dll

2018-07-30 18:29 – 2006-08-26 00:15 – 000061440 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mfc70fra.dll

2018-07-30 18:29 – 2006-08-26 00:15 – 000061440 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mfc70ita.dll

2018-07-30 18:29 – 2006-08-26 00:15 – 000049152 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mfc70jpn.dll

2018-07-30 18:29 – 2006-08-26 00:15 – 000049152 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mfc70kor.dll

2018-07-30 18:29 – 2006-08-26 00:28 – 001017344 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mfc70u.dll

2018-07-30 18:29 – 2011-01-12 13:19 – 001060864 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mfc71.dll

2018-07-30 18:29 – 2011-01-12 13:25 – 000040960 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mfc71chs.dll

2018-07-30 18:29 – 2011-01-12 13:25 – 000045056 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mfc71cht.dll

2018-07-30 18:29 – 2011-01-12 13:25 – 000065536 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mfc71deu.dll

2018-07-30 18:29 – 2011-01-12 13:25 – 000057344 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mfc71enu.dll

2018-07-30 18:29 – 2011-01-12 13:25 – 000061440 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mfc71esp.dll

2018-07-30 18:29 – 2011-01-12 13:25 – 000061440 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mfc71fra.dll

2018-07-30 18:29 – 2011-01-12 13:25 – 000061440 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mfc71ita.dll

2018-07-30 18:29 – 2011-01-12 13:25 – 000049152 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mfc71jpn.dll

2018-07-30 18:29 – 2011-01-12 13:25 – 000049152 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mfc71kor.dll

2018-07-30 18:29 – 2011-01-12 13:36 – 001054208 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mfc71u.dll

2018-07-30 18:29 – 2001-08-23 00:00 – 001355776 _____ (Microsoft Corporation) C:WINDOWSSysWOW64msvbvm50.dll

2018-07-30 18:29 – 2005-01-20 19:25 – 000054784 _____ (Microsoft Corporation) C:WINDOWSSysWOW64msvci70.dll

2018-07-30 18:29 – 2002-01-05 05:40 – 000487424 _____ (Microsoft Corporation) C:WINDOWSSysWOW64msvcp70.dll

2018-07-30 18:29 – 2007-02-01 22:13 – 000503808 _____ (Microsoft Corporation) C:WINDOWSSysWOW64msvcp71.dll

2018-07-30 18:29 – 2007-01-30 22:04 – 000339968 _____ (Microsoft Corporation) C:WINDOWSSysWOW64msvcr70.dll

2018-07-30 18:29 – 2007-02-01 19:11 – 000344064 _____ (Microsoft Corporation) C:WINDOWSSysWOW64msvcr71.dll

2018-07-30 18:29 – 1993-07-23 19:31 – 000210944 _____ C:WINDOWSSysWOW64msvcrt10.dll

2018-07-30 18:29 – 1996-01-12 03:00 – 000722192 _____ (Microsoft Corporation) C:WINDOWSSysWOW64vb40032.dll

2019-11-10 10:07 – 2019-11-10 10:09 – 001978740 _____ C:UsersetosuDocumentsUntitled1.exe

2019-10-01 09:09 – 2019-10-01 09:10 – 001920923 _____ C:UsersetosuDocumentsUntitled2.exe

 

==================== SigCheck ============================

 

(There is no automatic fix for files that do not pass verification.)

 

 

==================== BCD ================================

 

Firmware Boot Manager

———————

identifier              fwbootmgr

displayorder            bootmgr

                        64716f17-8f53-11eb-93d7-806e6f6e6963

                        74ff3189-19f1-11eb-a1b3-8c1645ba551c

                        74ff3188-19f1-11eb-a1b3-8c1645ba551c

                        74ff318a-19f1-11eb-a1b3-8c1645ba551c

                        74ff318b-19f1-11eb-a1b3-8c1645ba551c

timeout                 0

 

Windows Boot Manager

——————–

identifier              bootmgr

device                  partition=DeviceHarddiskVolume6

path                    EFIMicrosoftBootbootmgfw.efi

description             Windows Boot Manager

locale                  en-us

inherit                 globalsettings

flightsigning           Yes

default                 current

resumeobject            74ff3190-19f1-11eb-a1b3-8c1645ba551c

displayorder            current

toolsdisplayorder       memdiag

timeout                 30

 

Firmware Application (101fffff)

——————————-

identifier              64716f17-8f53-11eb-93d7-806e6f6e6963

device                  partition=DeviceHarddiskVolume6

path                    EFIMicrosoftBootbootmgfw.efi

description             Windows Boot Manager

 

Firmware Application (101fffff)

——————————-

identifier              64716f18-8f53-11eb-93d7-806e6f6e6963

description             EFI PXE 0 for IPv4 (8C-16-45-BA-55-1C) 

 

Firmware Application (101fffff)

——————————-

identifier              64716f19-8f53-11eb-93d7-806e6f6e6963

description             EFI PXE 0 for IPv6 (8C-16-45-BA-55-1C) 

 

Firmware Application (101fffff)

——————————-

identifier              74ff3188-19f1-11eb-a1b3-8c1645ba551c

description             EFI USB Device

 

Firmware Application (101fffff)

——————————-

identifier              74ff3189-19f1-11eb-a1b3-8c1645ba551c

device                  partition=DeviceHarddiskVolume1

path                    EFIMicrosoftBootbootmgfw.efi

description             Windows Boot Manager

 

Firmware Application (101fffff)

——————————-

identifier              74ff318a-19f1-11eb-a1b3-8c1645ba551c

description             EFI DVD/CDROM

 

Firmware Application (101fffff)

——————————-

identifier              74ff318b-19f1-11eb-a1b3-8c1645ba551c

description             EFI Network

 

Windows Boot Loader

——————-

identifier              current

device                  partition=C:

path                    WINDOWSsystem32winload.efi

description             Windows 10

locale                  en-us

inherit                 bootloadersettings

isolatedcontext         Yes

flightsigning           Yes

allowedinmemorysettings 0x15000075

osdevice                partition=C:

systemroot              WINDOWS

resumeobject            74ff3190-19f1-11eb-a1b3-8c1645ba551c

nx                      OptIn

bootmenupolicy          Standard

 

Resume from Hibernate

———————

identifier              74ff3190-19f1-11eb-a1b3-8c1645ba551c

device                  partition=C:

path                    WINDOWSsystem32winresume.efi

description             Windows Resume Application

locale                  en-us

inherit                 resumeloadersettings

isolatedcontext         Yes

allowedinmemorysettings 0x15000075

filedevice              partition=C:

filepath                hiberfil.sys

bootmenupolicy          Standard

debugoptionenabled      No

 

Windows Memory Tester

———————

identifier              memdiag

device                  partition=DeviceHarddiskVolume6

path                    EFIMicrosoftBootmemtest.efi

description             Windows Memory Diagnostic

locale                  en-us

inherit                 globalsettings

badmemoryaccess         Yes

 

EMS Settings

————

identifier              emssettings

bootems                 No

 

Debugger Settings

—————–

identifier              dbgsettings

debugtype               Local

 

RAM Defects

———–

identifier              badmemory

 

Global Settings

—————

identifier              globalsettings

inherit                 dbgsettings

                        emssettings

                        badmemory

 

Boot Loader Settings

——————–

identifier              bootloadersettings

inherit                 globalsettings

                        hypervisorsettings

 

Hypervisor Settings

——————-

identifier              hypervisorsettings

hypervisordebugtype     Serial

hypervisordebugport     1

hypervisorbaudrate      115200

 

Resume Loader Settings

———————-

identifier              resumeloadersettings

inherit                 globalsettings

 

==================== End of FRST.txt ========================

Edited by tosunkaya, 21 July 2021 – 03:45 AM.

Next Post

Development Micro World wide web Stability assessment: A likeable suite with a character of its personal

Whilst not accurately a stripped-down package deal, Pattern Micro World-wide-web Safety doesn’t bother with interruptions like an built-in backup module or a redundant firewall to copy the features of the Windows just one. Somewhat, it partners its virus-scanning skills with a considerate range of more attributes, such as parental controls […]