‘System’ process using full disk all the time. Unable to solve.

So Farrare

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-07-2021 01 Ran by Satan (administrator) on SATAN (28-07-2021 02:05:03) Running from D: Loaded Profiles: Satan Platform: Windows 10 Pro Version 21H1 19043.1110 (X64) Language: English (United States) Default browser: Edge Boot Mode: Normal   ==================== Processes (Whitelisted) =================   […]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-07-2021 01

Ran by Satan (administrator) on SATAN (28-07-2021 02:05:03)

Running from D:

Loaded Profiles: Satan

Platform: Windows 10 Pro Version 21H1 19043.1110 (X64) Language: English (United States)

Default browser: Edge

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:Program Files (x86)CorsairCORSAIR iCUE SoftwareCorsair.Service.CpuIdRemote64.exe

(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:Program Files (x86)CorsairCORSAIR iCUE SoftwareCorsair.Service.DisplayAdapter.exe

(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:Program Files (x86)CorsairCORSAIR iCUE SoftwareCorsair.Service.exe

(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:Program Files (x86)CorsairCORSAIR iCUE SoftwareCueLLAccessService.exe

(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:Program Files (x86)CorsairCORSAIR iCUE SoftwareiCUE.exe

(ESET, spol. s r.o. -> ESET) C:Program FilesESETESET SecurityeguiProxy.exe

(ESET, spol. s r.o. -> ESET) C:Program FilesESETESET Securityekrn.exe

(ESET, spol. s r.o. -> ESET) C:Program FilesESETESET SecurityeOppFrame.exe

(EVGA Corp. -> EVGA Co., Ltd.) C:Program FilesEVGAPrecision X1PrecisionX_x64.exe

(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:Program FilesCommon FilesIntelWirelessCommonRegSrvc.exe

(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:Program FilesIntelWiFibinEvtEng.exe

(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:Program FilesIntelWiFibinZeroConfigService.exe

(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositorydal.inf_amd64_ffc75848a6342fdfjhi_service.exe

(Intel® Network Platform Group -> Intel Corporation) C:WindowsSystem32IPROSetMonitor.exe

(Microsoft Corporation -> Microsoft Corporation) C:Program Files (x86)MicrosoftEdgeApplicationmsedge.exe <13>

(Microsoft Corporation -> Microsoft Corporation) C:Program Files (x86)MicrosoftEdgeUpdateMicrosoftEdgeUpdate.exe

(Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbweCalculator.exe

(Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.WindowsStore_12105.1001.23.0_x64__8wekyb3d8bbweWinStore.App.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32dllhost.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32oobeUserOOBEBroker.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32smartscreen.exe

(Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.) C:WindowsSystem32CorsairGamingAudioCfgService64.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:WindowsSystem32DriverStoreFileRepositorynv_dispi.inf_amd64_1c83a5d7cffd7bffDisplay.NvContainerNVDisplay.Container.exe <2>

(TEFINCOM S.A. -> TEFINCOM S.A.) C:Program FilesNordVPNNordVPN.exe

(TEFINCOM S.A. -> TEFINCOM S.A.) C:Program FilesNordVPNnordvpn-service.exe

 

==================== Registry (Whitelisted) ===================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM…Run: [SteelSeriesGG] => C:Program FilesSteelSeriesSteelSeries Engine 3SteelSeriesGG.exe [15181136 2021-06-17] (SteelSeries ApS -> SteelSeries ApS)

HKLM…Run: [IAStorIcon] => C:Program FilesIntelIntel® Rapid Storage TechnologyIAStorIcon.exe [321096 2017-03-29] (Intel® Rapid Storage Technology -> Intel Corporation)

HKLM…Run: [egui] => C:Program FilesESETESET Securityecmds.exe [165928 2021-06-27] (ESET, spol. s r.o. -> ESET)

HKLM-x32…Run: [CORSAIR iCUE Software] => C:Program Files (x86)CorsairCORSAIR iCUE SoftwareiCUE Launcher.exe [409760 2021-03-05] (Corsair Memory, Inc. -> Corsair Memory, Inc.)

HKLMSOFTWAREPoliciesMicrosoftWindows Defender: Restriction <==== ATTENTION

HKUS-1-5-21-298663841-3732577230-3592466626-1001…Run: [CCleaner Smart Cleaning] => C:Program FilesCCleanerCCleaner64.exe [34508416 2021-06-16] (Piriform Software Ltd -> Piriform Software Ltd)

HKUS-1-5-21-298663841-3732577230-3592466626-1001…Run: [Steam] => D:SteamRsteam.exe [4109032 2021-06-08] (Valve -> Valve Corporation)

HKUS-1-5-21-298663841-3732577230-3592466626-1001…Run: [NordVPN] => C:Program FilesNordVPNNordVPN.exe [277688 2021-06-09] (TEFINCOM S.A. -> TEFINCOM S.A.)

HKLMSOFTWAREPoliciesMicrosoftEdge: Restriction <==== ATTENTION

HKUS-1-5-21-298663841-3732577230-3592466626-1001SOFTWAREPoliciesMicrosoftEdge: Restriction <==== ATTENTION

 

==================== Scheduled Tasks (Whitelisted) ============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: 2184041F-1FD9-49E1-A1A5-E77A81E50BDF – System32TasksIntel PTT EK Recertification => C:WINDOWSSystem32DriverStoreFileRepositoryiclsclient.inf_amd64_75ffca5eec865b4blibIntelPTTEKRecertification.exe [918288 2020-04-22] (Intel® Trust Services -> Intel® Corporation)

Task: 3C2AD719-1663-4308-A49B-86715243CF73 – System32TasksCCleaner Update => C:Program FilesCCleanerCCUpdate.exe [684976 2021-06-16] (Piriform Software Ltd -> Piriform)

Task: 4CE94B2E-1464-4D88-B010-BBE03BFE26CD – System32TasksEVGAPrecisionX => C:Program FilesEVGAPrecision X1PrecisionX_x64.exe [27708040 2021-06-23] (EVGA Corp. -> EVGA Co., Ltd.)

Task: 876C6A78-0FE3-4FC4-8209-B6D216770EE4 – System32TasksUninstaller_SkipUac_Satan => D:IObit UninstallerIObitUninstaler.exe [6712856 2021-06-15] (IObit CO., LTD -> IObit)

Task: CD5C75A6-E1EF-4793-A777-E265CB3A1AC3 – System32TasksCCleanerSkipUAC => C:Program FilesCCleanerCCleaner.exe [28880512 2021-06-16] (Piriform Software Ltd -> Piriform Software Ltd)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

TcpipParameters: [DhcpNameServer] 192.168.40.1

Tcpip..Interfacescbd44cb7-aa8e-47ad-8b09-1714c122b912: [DhcpNameServer] 192.168.40.1

 

Edge: 

=======

Edge DefaultProfile: Default

Edge Profile: C:UsersSatanAppDataLocalMicrosoftEdgeUser DataDefault [2021-07-28]

Edge DownloadDir: Default -> D:

Edge StartupUrls: Default -> “hxxps://www.google.com/”

Edge Extension: (HTTPS Everywhere) – C:UsersSatanAppDataLocalMicrosoftEdgeUser DataDefaultExtensionsfchjpkplmbeeeaaogdbhjbgbknjobohb [2021-07-21]

Edge Extension: (uBlock Origin) – C:UsersSatanAppDataLocalMicrosoftEdgeUser DataDefaultExtensionsodfafepnkmbhccpbejgmiehpchacaeak [2021-07-15]

Edge HKUS-1-5-21-298663841-3732577230-3592466626-1001SOFTWAREMicrosoftEdgeExtensions…EdgeExtension: [llbjbkhnmlidjebalopleeepgdfgcpec] – D:Internet Download ManagerIDMEdgeExt.crx <not found>

 

Chrome: 

=======

CHR Profile: C:UsersSatanAppDataLocalGoogleChromeUser DataDefault [2021-06-07]

CHR DownloadDir: D:

CHR HomePage: Default -> hxxp://www.google.com

CHR StartupUrls: Default -> “hxxp://www.google.com/”

CHR Extension: (Google Drive) – C:UsersSatanAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf [2021-05-07]

CHR Extension: (YouTube) – C:UsersSatanAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [2021-05-07]

CHR Extension: (uBlock Origin) – C:UsersSatanAppDataLocalGoogleChromeUser DataDefaultExtensionscjpalhdlnbpafiamejdnhcphjbkeiagm [2021-05-07]

CHR Extension: (HTTPS Everywhere) – C:UsersSatanAppDataLocalGoogleChromeUser DataDefaultExtensionsgcbommkclmclpchllfjekcdonpmejbdp [2021-05-07]

CHR Extension: (Into The Mist) – C:UsersSatanAppDataLocalGoogleChromeUser DataDefaultExtensionsmgihmkgobaljfehcadcckdggpeojaadh [2021-05-07]

CHR Extension: (Chrome Web Store Payments) – C:UsersSatanAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [2021-05-07]

CHR Extension: (Gmail) – C:UsersSatanAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia [2021-05-07]

CHR Extension: (Chrome Media Router) – C:UsersSatanAppDataLocalGoogleChromeUser DataDefaultExtensionspkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-05-25]

CHR Profile: C:UsersSatanAppDataLocalGoogleChromeUser DataSystem Profile [2021-06-07]

 

==================== Services (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 CorsairGamingAudioConfig; C:WINDOWSsystem32CorsairGamingAudioCfgService64.exe [616344 2021-01-11] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)

R2 CorsairLLAService; C:Program Files (x86)CorsairCORSAIR iCUE SoftwareCueLLAccessService.exe [421536 2021-03-05] (Corsair Memory, Inc. -> Corsair Memory, Inc.)

R2 CorsairService; C:Program Files (x86)CorsairCORSAIR iCUE SoftwareCorsair.Service.exe [80544 2021-03-05] (Corsair Memory, Inc. -> Corsair Memory, Inc.)

R2 ekrn; C:Program FilesESETESET Securityekrn.exe [3079464 2021-06-27] (ESET, spol. s r.o. -> ESET)

R3 ekrnEpfw; C:Program FilesESETESET Securityekrn.exe [3079464 2021-06-27] (ESET, spol. s r.o. -> ESET)

S2 IObitUnSvr; D:IObit UninstallerIUService.exe [158992 2021-06-15] (IObit Information Technology -> IObit)

S2 MBAMService; C:Program FilesMalwarebytesAnti-MalwareMBAMService.exe [7391408 2021-05-07] (Malwarebytes Inc -> Malwarebytes)

R2 nordvpn-service; C:Program FilesNordVPNnordvpn-service.exe [277688 2021-06-09] (TEFINCOM S.A. -> TEFINCOM S.A.)

S3 Sense; C:Program FilesWindows Defender Advanced Threat ProtectionMsSense.exe [5395384 2021-07-23] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 SteelSeriesUpdateService; C:Program FilesSteelSeriesSteelSeries Engine 3SteelSeriesUpdateService.exe [31568 2021-06-17] (SteelSeries ApS -> )

S3 WdNisSvc; C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2106.6-0NisSrv.exe [2665432 2021-07-24] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 WinDefend; C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2106.6-0MsMpEng.exe [136640 2021-07-24] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 NVDisplay.ContainerLocalSystem; C:WINDOWSSystem32DriverStoreFileRepositorynv_dispi.inf_amd64_1c83a5d7cffd7bffDisplay.NvContainerNVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%NVIDIANVDisplay.ContainerLocalSystem.log -l 3 -d C:WINDOWSSystem32DriverStoreFileRepositorynv_dispi.inf_amd64_1c83a5d7cffd7bffDisplay.NvContainerpluginsLocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystemLocalSystem

 

===================== Drivers (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 AsrDrv101; C:WINDOWSSysWOW64DriversAsrDrv101.sys [22280 2021-05-07] (ASROCK Incorporation -> ASRock Incorporation)

S3 CorsairGamingAudioService; C:WINDOWSsystem32DRIVERSCorsairGamingAudio64.sys [60312 2021-01-11] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)

R2 CorsairLLAccess3B84E98236B28D4E075D5737DF9F567A1FB76E8A; C:Program Files (x86)CorsairCORSAIR iCUE SoftwareCorsairLLAccess64.sys [21752 2021-01-11] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)

R3 CorsairVBusDriver; C:WINDOWSSystem32driversCorsairVBusDriver.sys [45984 2021-01-11] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)

R3 CorsairVHidDriver; C:WINDOWSSystem32driversCorsairVHidDriver.sys [21920 2021-01-11] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)

R3 cpuz150; C:WINDOWStempcpuz150cpuz150_x64.sys [44832 2021-07-28] (CPUID S.A.R.L.U. -> CPUID)

R3 Driver; C:Program FilesEVGAPrecision X1driver-x64.sys [39856 2020-07-23] (EVGA Corp. -> )

R1 eamonm; C:WINDOWSSystem32DRIVERSeamonm.sys [169368 2021-06-25] (ESET, spol. s r.o. -> ESET)

R0 edevmon; C:WINDOWSSystem32DRIVERSedevmon.sys [123424 2021-06-25] (ESET, spol. s r.o. -> ESET)

S0 eelam; C:WINDOWSSystem32DRIVERSeelam.sys [15824 2021-06-21] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)

R1 ehdrv; C:WINDOWSsystem32DRIVERSehdrv.sys [194728 2021-06-25] (ESET, spol. s r.o. -> ESET)

R2 ekbdflt; C:WINDOWSsystem32DRIVERSekbdflt.sys [43832 2021-06-25] (ESET, spol. s r.o. -> ESET)

R1 epfw; C:WINDOWSsystem32DRIVERSepfw.sys [70184 2021-06-25] (ESET, spol. s r.o. -> ESET)

R1 epfwwfp; C:WINDOWSsystem32DRIVERSepfwwfp.sys [107408 2021-06-25] (ESET, spol. s r.o. -> ESET)

S0 MbamElam; C:WINDOWSSystem32DRIVERSMbamElam.sys [19912 2021-05-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)

S3 MBAMSwissArmy; C:WINDOWSSystem32Driversmbamswissarmy.sys [248992 2021-07-26] (Malwarebytes Inc -> Malwarebytes)

R2 NDivert; C:WINDOWSSystem32driversNDivert.sys [105184 2021-06-10] (TEFINCOM S.A. -> )

R3 nlwt; C:WINDOWSsystem32DRIVERSnlwt.sys [39360 2021-06-30] (TEFINCOM S.A. -> WireGuard LLC)

R1 nordlwf; C:WINDOWSsystem32DRIVERSnordlwf.sys [38608 2020-12-14] (TEFINCOM S.A. -> TEFINCOM S.A.)

R3 NVHDA; C:WINDOWSsystem32driversnvhda64v.sys [129960 2021-07-12] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)

R3 ssdevfactory; C:WINDOWSSystem32driversssdevfactory.sys [48848 2021-04-05] (SteelSeries ApS -> SteelSeries ApS)

R3 sshid; C:WINDOWSsystem32DRIVERSsshid.sys [57440 2021-04-05] (SteelSeries ApS -> SteelSeries ApS)

R3 tapnordvpn; C:WINDOWSSystem32driverstapnordvpn.sys [44896 2020-06-09] (TEFINCOM S.A. -> The OpenVPN Project)

S3 WdBoot; C:WINDOWSsystem32driverswdWdBoot.sys [49560 2021-07-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

S3 WdFilter; C:WINDOWSsystem32driverswdWdFilter.sys [425192 2021-07-24] (Microsoft Windows -> Microsoft Corporation)

S3 WdNisDrv; C:WINDOWSSystem32driverswdWdNisDrv.sys [76008 2021-07-24] (Microsoft Windows -> Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One month (created) (Whitelisted) =========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2021-07-28 02:04 – 2021-07-28 02:05 – 000000000 ____D C:FRST

2021-07-28 00:38 – 2021-07-28 00:38 – 000000463 _____ C:UsersPublicDesktopMAME UI.lnk

2021-07-27 23:51 – 2021-07-27 23:51 – 000000000 ____D C:UsersSatanAppDataRoamingNVIDIA

2021-07-27 14:28 – 2021-07-27 14:28 – 000000000 ____D C:UsersSatanDocumentsPlayer

2021-07-27 14:28 – 2021-07-27 14:28 – 000000000 ____D C:UsersSatanAppDataLocalLowKittyInABox

2021-07-27 14:25 – 2021-07-27 14:25 – 000000759 _____ C:UsersPublicDesktopMini Racing World.lnk

2021-07-26 23:08 – 2021-07-26 23:08 – 000001243 _____ C:UsersSatanDesktopOrcs Must Die! 3 – Shortcut.lnk

2021-07-26 23:07 – 2021-07-26 23:07 – 000000000 ____D C:UsersSatanAppDataLocalRobot Entertainment

2021-07-26 23:04 – 2021-07-26 23:04 – 000000000 ____D C:UsersSatanAppDataLocalLowEpiXR Games

2021-07-26 23:02 – 2021-07-26 23:02 – 000000581 _____ C:UsersPublicDesktopAery – Calm Mind.lnk

2021-07-26 22:57 – 2021-07-26 23:07 – 000000000 ____D C:UsersSatanAppDataLocalUnrealEngine

2021-07-26 22:57 – 2021-07-26 22:57 – 000000000 ____D C:UsersSatanAppDataLocalSuperLife

2021-07-26 22:56 – 2021-07-26 22:56 – 000000207 _____ C:WINDOWStweaking.com-regbackup-SATAN-Windows-10-Pro-(64-bit).dat

2021-07-26 22:56 – 2021-07-26 22:56 – 000000000 ____D C:RegBackup

2021-07-26 22:51 – 2021-07-26 22:51 – 000000561 _____ C:UsersPublicDesktopSuper Life (RPG).lnk

2021-07-26 12:10 – 2020-10-07 13:34 – 001023216 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvml.dll

2021-07-26 12:10 – 2020-10-07 13:34 – 000816368 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvmcumd.dll

2021-07-26 12:10 – 2020-10-07 13:34 – 000673520 _____ C:WINDOWSsystem32nvofapi64.dll

2021-07-26 12:10 – 2020-10-07 13:34 – 000670616 _____ (NVIDIA Corporation) C:WINDOWSsystem32NvIFROpenGL.dll

2021-07-26 12:10 – 2020-10-07 13:34 – 000555248 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64NvIFROpenGL.dll

2021-07-26 12:10 – 2020-10-07 13:34 – 000543128 _____ C:WINDOWSSysWOW64nvofapi.dll

2021-07-26 12:10 – 2020-10-07 13:33 – 007707544 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvcuvid.dll

2021-07-26 12:10 – 2020-10-07 13:33 – 006860184 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64nvcuvid.dll

2021-07-26 12:10 – 2020-10-07 13:33 – 004174064 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64nvcuda.dll

2021-07-26 12:10 – 2020-10-07 13:33 – 002508528 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvcuda.dll

2021-07-26 12:10 – 2020-10-07 13:33 – 002098072 _____ (NVIDIA Corporation) C:WINDOWSsystem32NvFBC64.dll

2021-07-26 12:10 – 2020-10-07 13:33 – 001585560 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64NvFBC.dll

2021-07-26 12:10 – 2020-10-07 13:33 – 001507224 _____ (NVIDIA Corporation) C:WINDOWSsystem32NvIFR64.dll

2021-07-26 12:10 – 2020-10-07 13:33 – 001161112 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64NvIFR.dll

2021-07-26 12:10 – 2020-10-07 13:33 – 000813464 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvEncodeAPI64.dll

2021-07-26 12:10 – 2020-10-07 13:33 – 000657304 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64nvEncodeAPI.dll

2021-07-26 12:10 – 2020-10-07 13:33 – 000589208 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvidia-smi.exe

2021-07-26 12:10 – 2020-10-07 13:33 – 000445848 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvdebugdump.exe

2021-07-26 12:10 – 2020-10-07 13:32 – 000849648 _____ (NVIDIA Corporation) C:WINDOWSsystem32MCU.exe

2021-07-26 12:10 – 2020-10-07 13:29 – 005972824 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64nvapi.dll

2021-07-26 12:10 – 2020-10-07 13:11 – 000080930 _____ C:WINDOWSsystem32nvinfo.pb

2021-07-26 12:09 – 2021-07-26 12:11 – 000000000 ____D C:WINDOWSsystem32DriversNVIDIA Corporation

2021-07-26 12:09 – 2021-07-26 12:09 – 000000000 ____D C:WINDOWSsystem32lxss

2021-07-26 12:09 – 2021-07-12 03:14 – 005672136 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvcpl.dll

2021-07-26 12:09 – 2021-07-12 03:14 – 002639568 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvsvc64.dll

2021-07-26 12:09 – 2021-07-12 03:14 – 001758416 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvsvcr.dll

2021-07-26 12:09 – 2021-07-12 03:14 – 000991432 _____ (NVIDIA Corporation) C:WINDOWSsystem32nv3dappshext.dll

2021-07-26 12:09 – 2021-07-12 03:14 – 000120520 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvshext.dll

2021-07-26 12:09 – 2021-07-12 03:14 – 000082632 _____ (NVIDIA Corporation) C:WINDOWSsystem32nv3dappshextr.dll

2021-07-26 12:09 – 2021-07-09 15:01 – 009637147 _____ C:WINDOWSsystem32nvcoproc.bin

2021-07-26 12:09 – 2021-04-26 11:58 – 000001951 _____ C:WINDOWSNvContainerRecovery.bat

2021-07-26 12:08 – 2021-07-13 14:24 – 001858672 _____ C:WINDOWSsystem32vulkaninfo-1-999-0-0-0.exe

2021-07-26 12:08 – 2021-07-13 14:24 – 001858672 _____ C:WINDOWSsystem32vulkaninfo.exe

2021-07-26 12:08 – 2021-07-13 14:24 – 001474704 _____ (Khronos Group) C:WINDOWSsystem32OpenCL.dll

2021-07-26 12:08 – 2021-07-13 14:24 – 001438840 _____ C:WINDOWSSysWOW64vulkaninfo-1-999-0-0-0.exe

2021-07-26 12:08 – 2021-07-13 14:24 – 001438840 _____ C:WINDOWSSysWOW64vulkaninfo.exe

2021-07-26 12:08 – 2021-07-13 14:24 – 001212536 _____ (Khronos Group) C:WINDOWSSysWOW64OpenCL.dll

2021-07-26 12:08 – 2021-07-13 14:24 – 001097832 _____ C:WINDOWSsystem32vulkan-1-999-0-0-0.dll

2021-07-26 12:08 – 2021-07-13 14:24 – 001097832 _____ C:WINDOWSsystem32vulkan-1.dll

2021-07-26 12:08 – 2021-07-13 14:24 – 000951928 _____ C:WINDOWSSysWOW64vulkan-1-999-0-0-0.dll

2021-07-26 12:08 – 2021-07-13 14:24 – 000951928 _____ C:WINDOWSSysWOW64vulkan-1.dll

2021-07-26 12:08 – 2021-07-13 14:20 – 001731728 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvdispco6447141.dll

2021-07-26 12:08 – 2021-07-13 14:20 – 001491592 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvdispgenco6447141.dll

2021-07-26 12:08 – 2021-07-12 07:27 – 001682384 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvhdagenco6420103.dll

2021-07-26 12:08 – 2021-07-12 07:27 – 000129960 _____ (NVIDIA Corporation) C:WINDOWSsystem32Driversnvhda64v.sys

2021-07-26 12:08 – 2021-07-12 07:27 – 000037680 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvhdap64.dll

2021-07-26 12:08 – 2020-10-07 13:29 – 007001536 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvapi64.dll

2021-07-26 06:48 – 2021-07-26 06:48 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsqBittorrent

2021-07-26 06:48 – 2021-07-26 06:48 – 000000000 ____D C:Program FilesqBittorrent

2021-07-25 19:16 – 2021-07-26 20:38 – 000002408 _____ C:WINDOWSsystem32TasksUninstaller_SkipUac_Satan

2021-07-25 19:16 – 2021-07-26 03:36 – 000000000 ____D C:ProgramDataProductData

2021-07-25 19:16 – 2021-07-25 19:17 – 000000000 ____D C:UsersSatanAppDataLocalLowIObit

2021-07-25 19:16 – 2021-07-25 19:16 – 000000746 _____ C:UsersPublicDesktopIObit Uninstaller.lnk

2021-07-25 19:16 – 2021-07-25 19:16 – 000000746 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsIObit Uninstaller.lnk

2021-07-25 19:16 – 2021-07-25 19:16 – 000000000 ____D C:UsersSatanAppDataRoamingIObit

2021-07-25 19:16 – 2021-07-25 19:16 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsIObit Uninstaller

2021-07-25 19:16 – 2021-07-25 19:16 – 000000000 ____D C:ProgramDataIObit

2021-07-24 02:09 – 2021-07-24 02:09 – 000048851 _____ C:UsersSatanDesktopUDiHHjTN.jpeg

2021-07-23 16:52 – 2021-07-23 16:52 – 000129602 _____ C:UsersSatanDesktoplKSznPCE.jpeg

2021-07-23 14:08 – 2021-07-23 14:08 – 001823280 _____ (Microsoft Corporation) C:WINDOWSsystem32winload.efi

2021-07-23 14:08 – 2021-07-23 14:08 – 000011357 _____ C:WINDOWSsystem32DrtmAuthTxt.wim

2021-07-23 14:08 – 2021-07-23 14:08 – 000007680 _____ (Microsoft Corporation) C:WINDOWSSysWOW64MsraLegacy.tlb

2021-07-23 14:08 – 2021-07-23 14:08 – 000007680 _____ (Microsoft Corporation) C:WINDOWSsystem32MsraLegacy.tlb

2021-07-23 14:08 – 2021-07-23 14:08 – 000006656 _____ (Microsoft Corporation) C:WINDOWSSysWOW64rendezvousSession.tlb

2021-07-23 14:08 – 2021-07-23 14:08 – 000006656 _____ (Microsoft Corporation) C:WINDOWSsystem32rendezvousSession.tlb

2021-07-23 06:38 – 2021-07-23 06:38 – 000000005 _____ C:UsersSatanDesktopdepression.txt

2021-07-19 18:23 – 2021-07-19 18:23 – 000001616 _____ C:UsersSatanDesktopworse.txt

2021-07-19 07:44 – 2021-07-19 07:44 – 000684855 _____ C:UsersSatanDesktopBallot Request Application.pdf

2021-07-14 22:53 – 2021-07-14 22:53 – 000000000 ____D C:UsersSatanDesktopRimWorld.v1.3.3056

2021-07-14 15:09 – 2021-07-14 15:09 – 000002016 _____ C:UsersPublicDesktopESET Banking & Payment protection.lnk

2021-07-14 15:08 – 2021-07-14 15:08 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsESET

2021-07-14 15:08 – 2021-07-14 15:08 – 000000000 ____D C:ProgramDataESET

2021-07-14 15:08 – 2021-07-14 15:08 – 000000000 ____D C:Program FilesESET

2021-07-11 12:04 – 2021-07-11 12:04 – 000097527 _____ C:UsersSatanDesktopmain-qimg-2eae8163bddde23d6a54e7da7536d61e.jfif

2021-07-10 02:19 – 2021-07-10 02:19 – 000097420 _____ C:UsersSatanDesktopYTsnH6B.jpeg

2021-07-08 10:49 – 2021-07-08 10:49 – 000000017 _____ C:UsersSatanDesktopthrursday 15th.txt

2021-07-07 23:05 – 2021-07-07 23:05 – 000001962 _____ C:UsersPublicDesktopHitmanPro.lnk

2021-07-07 23:05 – 2021-07-07 23:05 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsHitmanPro

2021-07-07 22:47 – 2021-07-07 23:05 – 000000000 ____D C:Program FilesHitmanPro

2021-07-05 21:32 – 2021-07-05 21:33 – 000000000 ____D C:UsersSatanAppDataLocalSteam

2021-07-05 21:32 – 2021-07-05 21:32 – 000000000 ____D C:UsersSatanAppDataRoamingCreamAPI

2021-07-05 21:31 – 2021-07-05 21:31 – 000000559 _____ C:UsersPublicDesktopSteam.lnk

2021-07-05 21:31 – 2021-07-05 21:31 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsSteam

2021-07-05 21:30 – 2021-07-05 21:30 – 000000000 ____D C:UsersSatanAppDataLocalLowInnersloth

2021-07-05 10:16 – 2021-07-05 10:16 – 000000000 ____D C:ProgramDataobs-studio-hook

2021-07-04 04:57 – 2021-07-04 04:57 – 000000000 ____D C:UsersSatanAppDataRoamingDOGE

2021-07-04 04:57 – 2021-07-04 04:57 – 000000000 ____D C:UsersSatanAppDataLocalLowTeam Salvato

2021-06-30 22:32 – 2021-06-30 22:32 – 000000000 ____D C:UsersSatanAppDataRoamingMPC-HC

2021-06-30 21:56 – 2021-06-30 22:01 – 000000000 ____D C:UsersSatanAppDataLocalNordVPN

2021-06-30 21:56 – 2021-06-30 21:56 – 000039360 _____ (WireGuard LLC) C:WINDOWSsystem32Driversnlwt.sys

2021-06-30 21:56 – 2021-06-30 21:56 – 000001798 _____ C:UsersSatanDesktopNordVPN.lnk

2021-06-30 21:56 – 2021-06-30 21:56 – 000000000 ____D C:ProgramDataNordVPN

2021-06-30 21:56 – 2021-06-30 21:56 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsNordSec

2021-06-30 21:56 – 2021-06-30 21:56 – 000000000 ____D C:Program FilesNordVPN network TUN

2021-06-30 21:56 – 2021-06-30 21:56 – 000000000 ____D C:Program FilesNordVPN

2021-06-30 21:56 – 2021-06-30 21:56 – 000000000 ____D C:Program Files (x86)NordVPN network TAP

2021-06-30 21:56 – 2021-06-10 12:10 – 000105184 _____ C:WINDOWSsystem32DriversNDivert.sys

2021-06-30 21:56 – 2020-12-14 11:21 – 000038608 _____ (TEFINCOM S.A.) C:WINDOWSsystem32Driversnordlwf.sys

2021-06-30 20:21 – 2021-06-30 20:21 – 002371072 _____ C:WINDOWSsystem32rdpnano.dll

2021-06-30 20:21 – 2021-06-30 20:21 – 002260992 _____ C:WINDOWSsystem32TextInputMethodFormatter.dll

2021-06-30 20:21 – 2021-06-30 20:21 – 001393504 _____ (Microsoft Corporation) C:WINDOWSsystem32winresume.efi

2021-06-30 20:21 – 2021-06-30 20:21 – 001314128 _____ (Microsoft Corporation) C:WINDOWSsystem32SecConfig.efi

2021-06-30 20:21 – 2021-06-30 20:21 – 000570880 _____ (Microsoft Corporation) C:WINDOWSsystem32inetcpl.cpl

2021-06-30 20:21 – 2021-06-30 20:21 – 000452608 _____ (Microsoft Corporation) C:WINDOWSSysWOW64inetcpl.cpl

2021-06-30 20:21 – 2021-06-30 20:21 – 000097792 _____ C:WINDOWSsystem32Driverscimfs.sys

2021-06-30 20:21 – 2021-06-30 20:21 – 000084992 _____ (Microsoft Corporation) C:WINDOWSsystem32wscui.cpl

2021-06-30 20:21 – 2021-06-30 20:21 – 000067584 _____ (Microsoft Corporation) C:WINDOWSSysWOW64wscui.cpl

2021-06-30 20:21 – 2021-06-30 20:21 – 000060928 _____ C:WINDOWSsystem32runexehelper.exe

2021-06-30 20:06 – 2021-06-30 20:06 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsK-Lite Codec Pack

2021-06-30 20:06 – 2021-06-30 20:06 – 000000000 ____D C:Program Files (x86)K-Lite Codec Pack

2021-06-28 20:14 – 2021-06-28 20:14 – 000000000 ____D C:UsersSatanAppDataRoamingRenPy

2021-06-28 08:06 – 2021-06-28 08:06 – 000000000 ____D C:UsersSatanDocumentsDARKSiDERS

2021-06-28 08:06 – 2021-06-28 08:06 – 000000000 ____D C:UsersSatanAppDataLocalLowOrgipix

 

==================== One month (modified) ==================

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2021-07-28 02:01 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSAppReadiness

2021-07-28 01:55 – 2019-12-07 05:14 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft

2021-07-28 01:49 – 2021-06-07 16:25 – 000000000 ____D C:ProgramDataNVIDIA

2021-07-28 01:48 – 2021-05-07 22:04 – 000000000 ____D C:UsersSatanAppDataLocalD3DSCache

2021-07-28 01:42 – 2019-12-07 05:03 – 000000000 ____D C:WINDOWSCbsTemp

2021-07-28 01:38 – 2021-05-07 15:42 – 000000000 ____D C:UsersSatanAppDataRoamingqBittorrent

2021-07-28 01:12 – 2021-05-07 16:15 – 000000000 ____D C:WINDOWSSysWOW64directx

2021-07-27 22:35 – 2021-05-07 14:39 – 000000000 ____D C:WINDOWSsystem32SleepStudy

2021-07-27 21:55 – 2021-05-07 14:56 – 000000000 ____D C:Program FilesCCleaner

2021-07-27 00:12 – 2021-05-07 17:22 – 000003298 _____ C:WINDOWSsystem32TasksEVGAPrecisionX

2021-07-26 20:39 – 2021-05-07 14:47 – 000842414 _____ C:WINDOWSsystem32PerfStringBackup.INI

2021-07-26 20:39 – 2019-12-07 05:13 – 000000000 ____D C:WINDOWSINF

2021-07-26 20:38 – 2021-05-07 14:56 – 000002296 _____ C:WINDOWSsystem32TasksCCleanerSkipUAC

2021-07-26 20:37 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSServiceState

2021-07-26 20:35 – 2021-05-07 15:41 – 000248992 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbamswissarmy.sys

2021-07-26 20:33 – 2021-05-07 14:42 – 000000006 ____H C:WINDOWSTasksSA.DAT

2021-07-26 20:33 – 2021-05-07 14:39 – 000008192 ___SH C:DumpStack.log.tmp

2021-07-26 20:33 – 2021-05-07 13:56 – 000000000 ____D C:ProgramDataPackage Cache

2021-07-26 20:28 – 2021-05-07 14:02 – 000000000 ____D C:UsersSatanAppDataRoamingsteelseries-engine-3-client

2021-07-26 20:26 – 2021-05-12 03:08 – 000000000 ____D C:UsersSatanAppDataLocalCrashDumps

2021-07-26 12:12 – 2021-05-07 13:45 – 000000000 ____D C:ProgramDataNVIDIA Corporation

2021-07-26 12:11 – 2021-05-07 13:45 – 000000000 ____D C:UsersSatanAppDataLocalPackages

2021-07-26 12:11 – 2019-12-07 05:14 – 000000000 ___HD C:Program FilesWindowsApps

2021-07-26 12:09 – 2021-06-07 16:24 – 000000000 ____D C:Program FilesNVIDIA Corporation

2021-07-26 12:08 – 2021-06-16 19:11 – 000000000 ____D C:UsersSatanAppDataLocalNVIDIA

2021-07-26 11:27 – 2021-05-21 02:08 – 000037432 _____ C:UsersSatanDesktop11.reg

2021-07-25 21:59 – 2021-05-11 21:13 – 000000000 ____D C:UsersSatanAppDataLocalLowMozilla

2021-07-24 22:46 – 2021-05-07 16:39 – 000000000 ____D C:WINDOWSsystem32Driverswd

2021-07-24 22:45 – 2019-12-07 05:03 – 000032768 _____ C:WINDOWSsystem32configELAM

2021-07-24 09:37 – 2021-06-07 10:05 – 000002438 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Edge.lnk

2021-07-24 09:37 – 2021-06-07 10:05 – 000002276 _____ C:UsersPublicDesktopMicrosoft Edge.lnk

2021-07-23 14:13 – 2021-05-07 14:39 – 000257904 _____ C:WINDOWSsystem32FNTCACHE.DAT

2021-07-23 14:13 – 2019-12-07 05:03 – 000524288 _____ C:WINDOWSsystem32configBBI

2021-07-23 14:12 – 2019-12-07 05:54 – 000000000 ____D C:Program FilesWindows Defender Advanced Threat Protection

2021-07-23 14:12 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSSystemResources

2021-07-23 14:12 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32WinBioPlugIns

2021-07-23 14:12 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSbcastdvr

2021-07-23 14:12 – 2019-12-07 05:14 – 000000000 ____D C:Program FilesCommon FilesSystem

2021-07-23 14:02 – 2021-05-07 14:22 – 000000000 ____D C:WINDOWSsystem32MRT

2021-07-23 14:01 – 2021-05-07 14:22 – 133422552 ____C (Microsoft Corporation) C:WINDOWSsystem32MRT.exe

2021-07-14 15:08 – 2019-12-07 05:14 – 000000000 ___HD C:WINDOWSELAMBKUP

2021-07-14 15:06 – 2021-06-07 16:41 – 000001272 _____ C:UsersSatanDesktopESET Online Scanner.lnk

2021-07-14 15:06 – 2021-05-22 10:34 – 000001378 _____ C:UsersSatanAppDataRoamingMicrosoftWindowsStart MenuProgramsESET Online Scanner.lnk

2021-07-14 15:05 – 2021-05-07 14:40 – 000000000 ____D C:UsersSatan

2021-07-08 18:19 – 2021-06-07 10:04 – 000003468 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskMachineUA

2021-07-08 18:19 – 2021-06-07 10:04 – 000003244 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskMachineCore

2021-07-07 22:47 – 2021-05-21 06:11 – 000000000 ____D C:ProgramDataHitmanPro

2021-07-01 09:00 – 2019-12-07 05:14 – 000000000 ___RD C:WINDOWSImmersiveControlPanel

2021-07-01 09:00 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSSysWOW64setup

2021-07-01 09:00 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSSysWOW64oobe

2021-07-01 09:00 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSSysWOW64Dism

2021-07-01 09:00 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32setup

2021-07-01 09:00 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32oobe

2021-07-01 09:00 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32Dism

2021-07-01 09:00 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSProvisioning

2021-07-01 09:00 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSPolicyDefinitions

2021-06-30 19:45 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSsystem32NDF

2021-06-30 10:14 – 2021-05-07 14:56 – 000004210 _____ C:WINDOWSsystem32TasksCCleaner Update

2021-06-29 11:02 – 2019-12-07 05:14 – 000000000 ____D C:WINDOWSLiveKernelReports

2021-06-28 20:12 – 2021-05-07 14:23 – 000000000 ____D C:Program FilesMicrosoft Update Health Tools

 

==================== SigCheck ============================

 

(There is no automatic fix for files that do not pass verification.)

 

==================== End of FRST.txt ========================

Next Post

Best cheap VPN 2021: VPN services under $2 a month

One of the questions I’m asked most often by readers is: Why do VPNs have to be so expensive? Many of these folks say they loath to add yet another fee to their monthly bills or that they are operating on a limited budget. Must read: The best free VPNs: Why […]