for a few weeks now Avast never found anything so i uninstalled it and installed AVG Free and now AVG finds virus after i turn PC on. never any other time. also when playing a larger game my PC will just turn off then back on again. "Bug checked most of the parts and installs" I have run a few different malware checkers with no luck. the attached GIF is a picture of the virus warning i get.
any help would be appreciated thanks.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.04.2024 01
Ran by dwood (administrator) on DESKTOP-GJSJAIJ (Gigabyte Technology Co., Ltd. Default string) (08-04-2024 06:48:46)
Running from C:\Users\dwood\Downloads\FRST64.exe
Loaded Profiles: dwood
Platform: Microsoft Windows 10 Home Version 22H2 19045.4239 (X64) Language: English (United Kingdom)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(A225F3B5-240D-4EE9-BCF4-697A07F5E93E -> Micro-Star INT'L CO., LTD.) C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.MSICenter_2.0.34.0_x64__kzh8wxbdkxb8p\DCv2\DCv2.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(AVG Technologies USA, LLC -> Gen Digital Inc.) C:\Program Files\AVG\Antivirus\AVGUI.exe <4>
(C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <2>
(C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe ->) (Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Systems Incorporated -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe ->) (AVerMedia TECHNOLOGIES, Inc -> ) C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
(C:\Program Files (x86)\GIGABYTE\GService\GCloud.exe ->) (GIGA-BYTE TECHNOLOGY CO., LTD. -> Microsoft) C:\Program Files (x86)\GIGABYTE\CloudStation_Server\HomeCloud\HCLOUD.exe
(C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe ->) (Gigabyte Technology CO., LTD.) [File not signed] C:\Program Files (x86)\GIGABYTE\Smart TimeLock\AlarmClock.exe
(C:\Program Files (x86)\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files (x86)\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files (x86)\MSI\MSI Center\MSI.CentralServer.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\MSI Center\Engine\CC_Engine_x64.exe
(C:\Program Files (x86)\MSI\MSI Center\MSI_Central_Service.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\MSI.CentralServer.exe
(C:\Program Files (x86)\OpenDNS\DNSCrypt\OpenDNSCryptService.exe ->) () [File not signed] C:\Program Files (x86)\OpenDNS\DNSCrypt\dnscrypt-proxy.exe
(C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe ->) (Plex, Inc. -> ) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe
(C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe ->) (Plex, Inc. -> ) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe <4>
(C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzAppManager
(C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzBTLEManager
(C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzDeviceManager
(C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzDiagnostic
(C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzIoTDeviceManager
(C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSmartlightingDeviceManager
(C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe ->) (Razer USA Ltd. -> The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe <5>
(C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
(C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe ->) (Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\Synapse3\UserProcess\Razer Synapse Service Process.exe
(C:\Program Files\AVG\Antivirus\AVGSvc.exe ->) (AVG Technologies USA, LLC -> Gen Digital Inc.) C:\Program Files\AVG\Antivirus\aswEngSrv.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(C:\Windows\runSW.exe ->) (Realtek Semiconductor Corp. -> Realtek) C:\Windows\SwUSB.exe
(explorer.exe ->) (cFos Software GmbH -> cFos Software GmbH) C:\Program Files\cFosSpeed\cfosspeed.exe
(explorer.exe ->) (MEDIATEK INC. -> Mediatek Inc.) [File not signed] C:\Program Files (x86)\MediatekWiFi\Common\RaUI.exe
(explorer.exe ->) (Plex, Inc. -> Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(explorer.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
(GIGA-BYTE TECHNOLOGY CO., LTD. -> ) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <8>
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <16>
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Power Software Limited -> Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Razer USA Ltd. -> Razer Inc.) [File not signed] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(services.exe ->) () [File not signed] C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
(services.exe ->) () [File not signed] C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe
(services.exe ->) () [File not signed] C:\Program Files (x86)\OpenDNS\DNSCrypt\OpenDNSCryptService.exe
(services.exe ->) () [File not signed] C:\Program Files (x86)\Wondershare\MobileTrans\ElevationService.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Autodesk, Inc -> Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(services.exe ->) (AVerMedia TECHNOLOGIES, Inc -> AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\wsc_proxy.exe
(services.exe ->) (AVG Technologies USA, LLC -> Gen Digital Inc.) C:\Program Files\AVG\Antivirus\afwServ.exe
(services.exe ->) (AVG Technologies USA, LLC -> Gen Digital Inc.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(services.exe ->) (AVG Technologies USA, LLC -> Gen Digital Inc.) C:\Program Files\AVG\Antivirus\avgToolsSvc.exe
(services.exe ->) (Canon U.S.A., INC. -> Canon U.S.A., Inc.) E:\Program Files\Canon\EOS Webcam Utility\EWCService.exe
(services.exe ->) (cFos Software GmbH -> cFos Software GmbH) C:\Program Files\cFosSpeed\spd.exe
(services.exe ->) (Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(services.exe ->) (GIGA-BYTE TECHNOLOGY CO., LTD. -> Microsoft) C:\Program Files (x86)\GIGABYTE\GService\GCloud.exe
(services.exe ->) (Gigabyte Technology CO., LTD.) [File not signed] C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe
(services.exe ->) (GuinpinSoft inc) [File not signed] C:\Program Files\Common Files\cdarbsvc\cdarbsvc_v1.2.0_x64.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(services.exe ->) (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\SysWOW64\XtuService.exe
(services.exe ->) (LAVASOFT SOFTWARE CANADA INC -> ) C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files (x86)\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (MEDIATEK INC. -> Mediatek Inc.) C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry.exe
(services.exe ->) (MEDIATEK INC. -> Mediatek Inc.) C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry64.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Case\MSI_Case_Service.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\MSI_Central_Service.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Voice Control\VoiceControl_Service.exe
(services.exe ->) (ND_Apps -> Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <5>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvaei.inf_amd64_89430f5327945961\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Plex, Inc. -> Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(services.exe ->) (Protexis Inc. -> Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzChromaStreamServer.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
(services.exe ->) (Realtek Semiconductor Corp -> ) C:\Windows\runSW.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(services.exe ->) (Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF3\3.0.0.308\WsAppService3.exe
(sihost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.OutlookForWindows_1.2024.327.300_x64__8wekyb3d8bbwe\olk.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2401.0.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\dwood\AppData\Local\Microsoft\OneDrive\24.055.0317.0002\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe <2>
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\MSI.TerminalServer.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Voice Control\VoiceControl_Engine.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech -> Logitech Inc.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [856288 2019-10-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Gigabyte Speed] => C:\Program Files\cFosSpeed\cFosSpeed.exe [1724248 2019-03-21] (cFos Software GmbH -> cFos Software GmbH)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [460736 2024-04-07] (AVG Technologies USA, LLC -> Gen Digital Inc.)
HKLM-x32\...\Run: [Syncios device service] => C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe [1592472 2017-03-07] (Anvsoft Inc. -> )
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3500056 2017-11-02] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [493960 2014-12-05] (Autodesk, Inc -> Autodesk Inc.)
HKLM-x32\...\Run: [Standby] => c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe [105632 2010-01-07] (Corel Corporation -> Corel)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-12-09] (Apple Inc.) [File not signed]
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2407008 2017-09-20] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1667072 2012-02-28] (AimerSoft) [File not signed]
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [599056 2021-10-28] (Razer USA Ltd. -> Razer Inc.) [File not signed]
HKLM-x32\...\Run: [AutoAD] => C:\Program Files (x86)\Wondershare\MobileTrans\AutoAD.exe [64520 2021-09-09] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [468936 2023-05-15] (Power Software Limited -> Power Software Ltd)
HKLM-x32\...\RunOnce: [PreRun] => C:\Program Files (x86)\Gigabyte\AppCenter\PreRun.exe [14632 2016-02-26] (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
HKLM-x32\...\RunOnce: [DualBiosRescue] => C:\Program Files (x86)\GIGABYTE\GigabyteFirmwareUpdateUtility\dbrro.exe [12096 2015-08-19] (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-559634521-2701541241-958822180-1001\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1310088 2015-01-27] (Autodesk, Inc -> Autodesk, Inc.)
HKU\S-1-5-21-559634521-2701541241-958822180-1001\...\Run: [PeerBlock] => C:\Program Files\PeerBlock\peerblock.exe [2513992 2014-01-14] (PeerBlock, LLC -> PeerBlock, LLC)
HKU\S-1-5-21-559634521-2701541241-958822180-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [45285792 2024-03-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-559634521-2701541241-958822180-1001\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3593992 2024-03-27] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-5-21-559634521-2701541241-958822180-1001\...\Run: [EADM] => C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALauncher.exe [2735208 2024-04-07] (Electronic Arts, Inc. -> Electronic Arts)
HKU\S-1-5-21-559634521-2701541241-958822180-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [26130208 2024-02-13] (Plex, Inc. -> Plex, Inc.)
HKU\S-1-5-21-559634521-2701541241-958822180-1001\...\Run: [AutoAD] => C:\Program Files (x86)\Wondershare\MobileTrans\AutoAD.exe [64520 2021-09-09] (Wondershare Technology Co.,Ltd -> Wondershare)
HKU\S-1-5-21-559634521-2701541241-958822180-1001\...\Run: [MicrosoftEdgeAutoLaunch_547977740F2BA2F5630427A598A6F857] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4063784 2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-559634521-2701541241-958822180-1001\...\Run: [movavi_videoconverter_agent] => D:\Program Files (x86)\MOVAVI\Movavi Video Converter 23\ConverterAgent.exe [1151608 2023-05-03] (Movavi Software Limited -> Movavi)
HKU\S-1-5-21-559634521-2701541241-958822180-1001\...\Run: [btweb] => "C:\Users\dwood\AppData\Roaming\BitTorrent Web\btweb.exe" /MINIMIZED (No File)
HKU\S-1-5-21-559634521-2701541241-958822180-1001\...\Policies\Explorer: []
HKU\S-1-5-21-559634521-2701541241-958822180-1001\...\MountPoints2: F - "F:\AUTORUN.EXE"
HKU\S-1-5-18\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [26130208 2024-02-13] (Plex, Inc. -> Plex, Inc.)
HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3593992 2024-03-27] (Razer USA Ltd. -> Razer Inc.)
HKLM\...\Windows x64\Print Processors\Canon iP4500 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPD92.DLL [27648 2007-05-01] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [55432 2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc)
HKLM\...\Print\Monitors\Canon BJ Language Monitor iP4500 series: C:\WINDOWS\system32\CNMLM92.DLL [258560 2007-05-01] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG3000 series: CNMLMDG.DLL (No File)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MX470 series XPS: C:\WINDOWS\system32\CNMXLMC2.DLL [394240 2013-09-12] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\Canon BJNP Port: C:\WINDOWS\system32\CNMN6PPM.DLL [360448 2013-09-11] (CANON INC.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> "C:\Program Files (x86)\AVAST Software\Browser\Application\92.2.11577.159\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\123.0.6312.106\Installer\chrmstp.exe [2024-04-05] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> "C:\Program Files (x86)\AVAST Software\Browser\Application\88.0.7980.150\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
Startup: C:\Users\dwood\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2024-01-08]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVer HID Receiver.lnk [2021-01-16]
ShortcutTarget: AVer HID Receiver.lnk -> C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe (AVerMedia TECHNOLOGIES, Inc -> )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVerQuick.lnk [2021-01-16]
ShortcutTarget: AVerQuick.lnk -> C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe (AVerMedia TECHNOLOGIES, Inc -> AVerMedia TECHNOLOGIES, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Mediatek Wireless Utility.lnk [2019-08-15]
ShortcutTarget: Mediatek Wireless Utility.lnk -> C:\Program Files (x86)\MediatekWiFi\Common\RaUI.exe (MEDIATEK INC. -> Mediatek Inc.) [File not signed] <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MTWSAndroidAppHelper.lnk [2021-09-15]
ShortcutTarget: MTWSAndroidAppHelper.lnk -> C:\Program Files (x86)\Wondershare\MobileTrans\WSAndroidAppHelper.exe (Wondershare Technology Co.,Ltd -> Microsoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MTWSAppHelper.lnk [2021-09-15]
ShortcutTarget: MTWSAppHelper.lnk -> C:\Program Files (x86)\Wondershare\MobileTrans\WSAppHelper.exe (Wondershare Technology Co.,Ltd -> Microsoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OpenDNSCrypt.lnk [2019-04-30]
ShortcutTarget: OpenDNSCrypt.lnk -> C:\Windows\Installer\{DEF3592F-0751-4632-9875-8BF9AD602898}\_60ADE4ADDDB9C7178BB901.exe () [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {FE2347DF-8042-4E90-90C4-29030B9EAF83} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {2A09D7A9-DC66-4D79-B228-43A3011FEC52} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. -> Adobe Inc.)
Task: {F1B6FA2B-C0EE-4190-A990-E72B38F45469} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2023-11-18] (Adobe Inc. -> Adobe)
Task: {2E951F32-64E6-4C44-87F7-04AA4D9FD5B1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2023-11-18] (Adobe Inc. -> Adobe)
Task: {D0E98185-6597-49BB-86DF-588C066A109D} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-*** => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {143DEA42-37A1-4E2B-BA98-DCC1DDF7A804} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-*** => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe -mode=scheduled (No File)
Task: {A583CF59-D7CD-4FD1-92BE-AA0DC0610220} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe -> C:\Program Files\Common Files\AV\avast! Antivirus\/backup /iavs
Task: {9F093820-BBFB-4892-99B6-E1FA3D32B3E4} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Adobe Acrobat Update Task" /ENABLE
Task: {9F093820-BBFB-4892-99B6-E1FA3D32B3E4} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore" /ENABLE
Task: {9F093820-BBFB-4892-99B6-E1FA3D32B3E4} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineUA" /ENABLE
Task: {9F093820-BBFB-4892-99B6-E1FA3D32B3E4} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(12): schtasks.exe -> /Change /TN "\MSIAfterburner" /ENABLE
Task: {9F093820-BBFB-4892-99B6-E1FA3D32B3E4} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(13): schtasks.exe -> /Change /TN "\OneDrive Reporting Task-S-1-5-21-559634521-2701541241-958822180-1001" /ENABLE
Task: {9F093820-BBFB-4892-99B6-E1FA3D32B3E4} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(14): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-559634521-2701541241-958822180-1001" /ENABLE
Task: {9F093820-BBFB-4892-99B6-E1FA3D32B3E4} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(15): schtasks.exe -> /Change /TN "\TA Unofficial Patch Updater" /ENABLE
Task: {9F093820-BBFB-4892-99B6-E1FA3D32B3E4} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(16): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {9F093820-BBFB-4892-99B6-E1FA3D32B3E4} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\CCleaner Update" /ENABLE
Task: {9F093820-BBFB-4892-99B6-E1FA3D32B3E4} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\CCleanerCrashReporting" /ENABLE
Task: {9F093820-BBFB-4892-99B6-E1FA3D32B3E4} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\CCleanerSkipUAC - dwood" /ENABLE
Task: {9F093820-BBFB-4892-99B6-E1FA3D32B3E4} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\EasyTune" /ENABLE
Task: {9F093820-BBFB-4892-99B6-E1FA3D32B3E4} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\EasyTune 1" /ENABLE
Task: {9F093820-BBFB-4892-99B6-E1FA3D32B3E4} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {9F093820-BBFB-4892-99B6-E1FA3D32B3E4} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {9F093820-BBFB-4892-99B6-E1FA3D32B3E4} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\GraphicsCardEngine" /ENABLE
Task: {D47185B3-6408-41C7-A421-8223AFE0B3BA} - System32\Tasks\AVG\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [5225408 2024-04-07] (AVG Technologies USA, LLC -> Gen Digital Inc.)
Task: {8D152EB9-5B09-417A-9799-64308CC114BD} - System32\Tasks\AVG\AVG Antivirus Patcher => C:\Program Files\Common Files\AVG\Icarus\avg-av\icarus.exe [7991232 2024-04-03] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {7DCAB8EE-AB97-4ACE-A19C-5AE444ABABB2} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2385856 2024-04-07] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {EE163075-9BAB-45A7-B1EA-AA50C2CE37FF} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2024-03-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {FF4E6760-8F29-4436-9AE1-A41C661CC3A8} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [5074848 2024-03-11] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc. All rights reserved.) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "5216ef3f-5867-44c0-bb2f-45dd5fc340c4" --version "6.22.10977" --silent
Task: {881EAFD7-82FA-437C-A983-3DD0EA709A65} - System32\Tasks\CCleanerSkipUAC - dwood => C:\Program Files\CCleaner\CCleaner.exe [39024544 2024-03-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {1CA43168-A296-428C-88B2-BCC4D6BCAE1C} - System32\Tasks\cFos\Registration Tasks\Open Browser => c:\program files (x86)\microsoft\edge\application\msedge.exe [4063784 2024-04-04] (Microsoft Corporation -> Microsoft Corporation) -> "hxxps://www.cfos.de/en/cfosspeed/documentation/status.htm?reg-10.50.2338-gigabyte"
Task: {1E588A0A-8098-4D7B-9825-48EECA55F1F1} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe [5656192 2024-03-27] (Microsoft Windows -> Microsoft Corporation)
Task: {C75311BA-32BC-42A5-912E-C31A04CF8A04} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-08-25] (Google Inc -> Google Inc.)
Task: {1C427A96-8206-43BC-803F-B2DA8337309B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-08-25] (Google Inc -> Google Inc.)
Task: {30FCECE3-7AAD-4947-9CE0-7C2527B8DB04} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [64464 2024-03-09] (HP Inc. -> HP Inc.)
Task: {6B04099E-0B5F-4546-91CF-1456869CBB5F} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [64464 2024-03-09] (HP Inc. -> HP Inc.)
Task: {E1460A6C-3709-4CE3-BAA7-8AB29A7F3A7E} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [1625400 2018-06-28] (Intel® Software -> Intel Corporation)
Task: {3443EAA6-682D-43F3-8C05-1A6568B507FE} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28452976 2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {63CC07ED-3E3F-48C2-9CDF-6535DB31B856} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28452976 2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {531CDD3F-09F3-4186-BE70-7DF9A37BC976} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [221360 2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {E713534E-BCB3-485A-A442-383F01693D00} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [221360 2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {1A93CAA3-2F24-40D0-86ED-CDD7C4D6EDB3} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2463600 2021-09-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {CEF80AB3-08F9-4449-AE03-50C8F8AA64D2} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1938792 2021-09-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {5ACB714F-600D-49E7-8B9E-64E0AF1260D9} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2335600 2021-09-08] (Microsoft Corporation -> Microsoft)
Task: {F8676D32-9A65-4341-A7C2-C717CA487E15} - System32\Tasks\Microsoft_MKC_Logon_Task_ceip.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\CEIP.exe [32632 2021-09-08] (Microsoft Corporation -> Microsoft)
Task: {F9EF0111-3850-4C97-926C-968E69CF6185} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2463600 2021-09-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {ACAB0846-89DC-4529-84BF-FF40C9EA449B} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1938792 2021-09-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {5A3639A5-8BCF-4E1F-BC3C-8D15868A28CA} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [34720 2024-04-05] (Mozilla Corporation -> Mozilla Foundation)
Task: {7FB4568C-E4D5-462C-93CA-C11C09DFCA82} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe /s (No File)
Task: {3728EE4B-B44A-4C49-A6A4-C160C293757D} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-03-16] (Nvidia Corporation -> NVIDIA Corporation) -> C:\Program Files\NVIDIA Corporation\NvContainer\-d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {9C891B24-D12D-49D1-95F8-881F007A754B} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342376 2023-01-28] (Nvidia Corporation -> NVIDIA Corporation)
Task: {155ACFD5-F68E-4D81-9A08-3F1C4AD1AC65} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649784 2023-01-21] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files (x86)\NVIDIA Corporation\NvNode\--launcher=TaskScheduler
Task: {19F679F8-6968-4508-BDAF-A7A098646C8A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-01-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6F6FDDF0-FEB0-4B6A-8A60-AD261508B131} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-01-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5CE8E1B0-1B60-48E2-A97C-F0CF0AD88FC1} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F1E4BE2F-B2FD-4401-983D-D12643BFB7F8} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B4AE3F81-E575-475B-9E5E-B494B553C30D} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {70D6751B-7A5E-48E4-8ACE-B264FFC180D7} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {770E6CBC-81C1-45A7-8EF2-52DD6D7D8D0F} - System32\Tasks\OpenDNS => C:\Program Files (x86)\OpenDNS\DNSCrypt\OpenDNSInterface.exe [98072 2012-08-03] (OpenDNS -> OpenDNS)
Task: {F7CADAE3-D3CE-418A-AFAA-E00E58F1A5A8} - System32\Tasks\PeerBlock => C:\Program Files\PeerBlock\peerblock.exe [2513992 2014-01-14] (PeerBlock, LLC -> PeerBlock, LLC)
Task: {5FB53082-D306-44AE-A863-67BE9315B823} - System32\Tasks\SIV => C:\Program Files (x86)\GIGABYTE\SIV\Thermald.exe [389504 2021-06-29] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
Task: {6E16B6B9-1746-406A-A2ED-A074A36D509A} - System32\Tasks\SIV-VGA => C:\Program Files (x86)\GIGABYTE\SIV\Sensord.exe [257408 2021-06-29] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
Task: {FC40F59D-706F-47BC-9851-6B557C4209D6} - System32\Tasks\TA Unofficial Patch Updater => C:\CAVEDOG\TOTALA\updater.exe [321024 2013-10-03] (Total Annihilation Universe) [File not signed] -> C:\CAVEDOG\TOTALA\\/silent
Task: {67CFA657-454C-40CB-ACA9-84E79EB5BA2E} - System32\Tasks\ViGEmBus_Updater => C:\Program Files\Nefarius Software Solutions\ViGEm Bus Driver\ViGEmBus_Updater.exe [1117096 2022-09-28] (Nefarius Software Solutions e.U. -> Nefarius Software Solutions e.U.) -> C:\Program Files\Nefarius Software Solutions\ViGEm Bus Driver\\/silent
Task: {34975612-F7B2-4407-B186-3ADFE7D50EED} - System32\Tasks\V-Tuner => C:\Program Files (x86)\GIGABYTE\VTuner\VTuner.exe [837040 2017-08-17] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\TA Unofficial Patch Updater.job => C:\CAVEDOG\TOTALA\updater.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{045def29-266b-42e7-b701-874d8def1c89}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3131b18f-b2e5-44c1-b3d9-f97249feb17a}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{487d9e87-bfdd-431b-8bed-9423967d7f60}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{487d9e87-bfdd-431b-8bed-9423967d7f60}: [DhcpDomain] modem
Tcpip\..\Interfaces\{487d9e87-bfdd-431b-8bed-9423967d7f60}\4556C637472716244434142373: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{487d9e87-bfdd-431b-8bed-9423967d7f60}\4556C637472716244434142373: [DhcpDomain] modem
Tcpip\..\Interfaces\{79b2cdf3-6246-4c8a-84ae-137a571ab8b9}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{b4d16a22-695f-439c-a0b3-89be470b5b68}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{b4d16a22-695f-439c-a0b3-89be470b5b68}: [DhcpDomain] modem
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\dwood\AppData\Local\Microsoft\Edge\User Data\Default [2024-04-08]
Edge DownloadDir: Default -> C:\Users\dwood\Downloads
Edge Notifications: Default -> hxxps://web.snapchat.com
Edge HomePage: Default -> hxxp://google.com.au/
Edge Extension: (Google Docs Offline) - C:\Users\dwood\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-27]
Edge Extension: (Edge relevant text changes) - C:\Users\dwood\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-26]
Edge Extension: (Coupert - Automatic Coupon Finder & Cashback) - C:\Users\dwood\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pefhciejnkgdgoahgfeklebcbpmhnhhd [2024-03-28]
FireFox:
========
FF DefaultProfile: imu8yuar.default
FF ProfilePath: C:\Users\dwood\AppData\Roaming\Mozilla\Firefox\Profiles\imu8yuar.default [2024-04-08]
FF Homepage: Mozilla\Firefox\Profiles\imu8yuar.default -> hxxps://www.google.com.au/
FF NetworkProxy: Mozilla\Firefox\Profiles\imu8yuar.default -> type", 0
FF NewTabOverride: Mozilla\Firefox\Profiles\imu8yuar.default -> Disabled: @new-tab
FF NewTabOverride: Mozilla\Firefox\Profiles\imu8yuar.default -> Enabled: AdBlockerLavaSoftFF@lavasoft.com
FF NewTabOverride: Mozilla\Firefox\Profiles\imu8yuar.default -> Enabled: @contain-facebook
FF NewTabOverride: Mozilla\Firefox\Profiles\imu8yuar.default -> Enabled: ebay@search.mozilla.org
FF Extension: (Adaware Web Protection) - C:\Users\dwood\AppData\Roaming\Mozilla\Firefox\Profiles\imu8yuar.default\Extensions\@adaware_webprotection.xpi [2019-05-13] [UpdateUrl:hxxps://ext.adaware.com/wp/updates.json]
FF Extension: (Facebook Container) - C:\Users\dwood\AppData\Roaming\Mozilla\Firefox\Profiles\imu8yuar.default\Extensions\@contain-facebook.xpi [2023-07-23]
FF Extension: (Adaware Secure Search) - C:\Users\dwood\AppData\Roaming\Mozilla\Firefox\Profiles\imu8yuar.default\Extensions\@new-tab.xpi [2019-05-13] [UpdateUrl:hxxps://ext.adaware.com/ff_newtab_update.rdf]
FF Extension: (Adaware AdBlock) - C:\Users\dwood\AppData\Roaming\Mozilla\Firefox\Profiles\imu8yuar.default\Extensions\AdBlockerLavaSoftFF@lavasoft.com.xpi [2023-06-27]
FF Extension: (AVG Online Security) - C:\Users\dwood\AppData\Roaming\Mozilla\Firefox\Profiles\imu8yuar.default\Extensions\aos@avg.com.xpi [2024-04-07]
FF Extension: (Dreamer – Balanced) - C:\Users\dwood\AppData\Roaming\Mozilla\Firefox\Profiles\imu8yuar.default\Extensions\dreamer-balanced-colorway@mozilla.org.xpi [2023-03-16]
FF Extension: (English (Australian) Dictionary) - C:\Users\dwood\AppData\Roaming\Mozilla\Firefox\Profiles\imu8yuar.default\Extensions\en-AU@dictionaries.addons.mozilla.org.xpi [2020-01-09]
FF Extension: (Enhancer for YouTube™) - C:\Users\dwood\AppData\Roaming\Mozilla\Firefox\Profiles\imu8yuar.default\Extensions\enhancerforyoutube@maximerf.addons.mozilla.org.xpi [2024-03-19]
FF Extension: (Ghostery Tracker Ad Blocker - Privacy AdBlock) - C:\Users\dwood\AppData\Roaming\Mozilla\Firefox\Profiles\imu8yuar.default\Extensions\firefox@ghostery.com.xpi [2024-03-28]
FF Extension: (Video DownloadHelper) - C:\Users\dwood\AppData\Roaming\Mozilla\Firefox\Profiles\imu8yuar.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2024-03-23]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2017-11-01]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_465.dll [2023-11-18] (Adobe Inc. -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.14 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.19 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-09-20] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [2023-11-18] (Adobe Inc. -> )
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-04] (Electronic Sports Network i Sverige AB -> ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB) [File not signed]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-02-25] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-02-25] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.10 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.12 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.20 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2017-11-02] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2024-03-31] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-09-20] (Adobe Systems Incorporated -> Adobe Systems)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\dwood\AppData\Local\Google\Chrome\User Data\Default [2024-03-27]
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?pc=COS2&ptag=D052518-N0640AD26CBEB7DD&form=CONBDF&conlogo=CT3335811&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing®
CHR DefaultNewTabURL: Default -> hxxps://www.bing.com/chrome/newtab?pc=COS2&ptag=D052518-N0630AD26CBEB7DD&form=CONMHP&conlogo=CT3335811
CHR DefaultSuggestURL: Default -> hxxp://api.bing.com/qsml.aspx?query={searchTerms}
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\dwood\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-06-30]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\dwood\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2023-06-30]
CHR Extension: (Google Docs Offline) - C:\Users\dwood\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-12-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dwood\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-06]
CHR Extension: (Avast AntiTrack Premium) - C:\Users\dwood\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppdidpcihajhihmghhhkfnpklgdehold [2023-06-30]
CHR HKU\S-1-5-21-559634521-2701541241-958822180-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2017-11-02]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [599944 2014-12-05] (Autodesk, Inc -> Autodesk Inc.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-01-31] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2023-11-18] (Adobe Inc. -> Adobe)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-20] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
S3 AppleChargerSrv; C:\WINDOWS\System32\AppleChargerSrv.exe [31272 2010-04-06] (Giga-Byte Technology -> )
S2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [31160 2015-02-05] (Autodesk, Inc -> Autodesk, Inc.)
R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [377664 2015-06-25] (AVerMedia TECHNOLOGIES, Inc -> AVerMedia)
R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [771072 2017-02-06] () [File not signed]
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [802752 2024-04-07] (AVG Technologies USA, LLC -> Gen Digital Inc.)
R2 AVG Firewall; C:\Program Files\AVG\Antivirus\afwServ.exe [2348984 2024-04-07] (AVG Technologies USA, LLC -> Gen Digital Inc.)
R2 AVG Tools; C:\Program Files\AVG\Antivirus\avgToolsSvc.exe [1238456 2024-04-07] (AVG Technologies USA, LLC -> Gen Digital Inc.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [9164216 2024-04-07] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AVGWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [109480 2024-04-07] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 battlenet_helpersvc; C:\ProgramData\Battle.net_components\battlenet_helpersvc\AgentHelper.exe [2562696 2024-03-23] (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1081248 2024-03-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
R2 CdRomArbiterService; C:\Program Files\Common Files\cdarbsvc\cdarbsvc_v1.2.0_x64.exe [9728 2023-06-28] (GuinpinSoft inc) [File not signed]
R2 cFosSpeedS; C:\Program Files\cFosSpeed\spd.exe [595288 2019-03-21] (cFos Software GmbH -> cFos Software GmbH)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14221312 2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
R2 DNSCrypt; C:\Program Files (x86)\OpenDNS\DNSCrypt\OpenDNSCryptService.exe [14336 2012-08-03] () [File not signed]
S3 EAAntiCheatService; C:\Program Files\EA\AC\eaanticheat.gameservice.exe [47716384 2023-08-28] (Electronic Arts, Inc. -> Electronic Arts)
S3 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [12200040 2024-04-07] (Electronic Arts, Inc. -> Electronic Arts)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [774272 2018-03-29] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 ElevationService; C:\Program Files (x86)\Wondershare\MobileTrans\ElevationService.exe [913408 2021-07-16] () [File not signed]
R2 EWCService.exe; E:\Program Files\Canon\EOS Webcam Utility\EWCService.exe [2261944 2022-08-22] (Canon U.S.A., INC. -> Canon U.S.A., Inc.)
R2 Gservice; C:\Program Files (x86)\GIGABYTE\GService\GCloud.exe [19888 2016-12-02] (GIGA-BYTE TECHNOLOGY CO., LTD. -> Microsoft)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [234968 2024-03-09] (HP Inc. -> HP Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMService; C:\Program Files (x86)\Malwarebytes\Anti-Malware\MBAMService.exe [8882936 2024-04-07] (Malwarebytes Inc. -> Malwarebytes)
R2 MediatekRegistryWriter; C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry.exe [405136 2014-12-04] (MEDIATEK INC. -> Mediatek Inc.)
R2 MediatekRegistryWriter64; C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry64.exe [454288 2014-12-04] (MEDIATEK INC. -> Mediatek Inc.)
R2 MSI_Case_Service; C:\Program Files (x86)\MSI\MSI Center\Case\MSI_Case_Service.exe [74336 2023-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 MSI_Center_Service; C:\Program Files (x86)\MSI\MSI Center\MSI_Central_Service.exe [154216 2023-08-17] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
R2 MSI_VoiceControl_Service; C:\Program Files (x86)\MSI\MSI Center\Voice Control\VoiceControl_Service.exe [36880 2023-04-27] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 MyService1; C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe [18944 2021-04-08] () [File not signed]
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvaei.inf_amd64_89430f5327945961\Display.NvContainer\NVDisplay.Container.exe [1275544 2023-10-30] (NVIDIA Corporation -> NVIDIA Corporation)
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [828696 2024-02-13] (Plex, Inc. -> Plex, Inc.)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2017-04-15] (Even Balance, Inc. -> )
R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [1874864 2024-03-21] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [231856 2024-03-21] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Chroma Stream Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzChromaStreamServer.exe [1361360 2023-03-06] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [256264 2023-02-10] (Razer USA Ltd. -> Razer Inc)
R2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [298248 2024-03-27] (Razer USA Ltd. -> Razer Inc.)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [6669296 2024-02-21] (Rockstar Games, Inc. -> Rockstar Games)
R2 RunSwUSB; C:\Windows\runSW.exe [44760 2019-07-26] (Realtek Semiconductor Corp -> )
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [538424 2023-11-09] (Razer USA Ltd. -> Razer Inc.)
R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe [102400 2013-02-22] (Gigabyte Technology CO., LTD.) [File not signed]
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182392 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2020-11-26] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files (x86)\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [919992 2020-11-26] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [28760 2019-11-30] (LAVASOFT SOFTWARE CANADA INC -> ) <==== ATTENTION
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\WINDOWS\system32\WirelessKB850NotificationService.exe [176624 2018-05-14] (Microsoft Corporation -> Microsoft Corporation)
R2 WsAppService3; C:\Program Files (x86)\Wondershare\WAF3\3.0.0.308\WsAppService3.exe [83232 2019-06-26] (Wondershare Technology Co.,Ltd -> Wondershare)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\MobileTrans\DriverInstall.exe [119072 2019-09-05] (Wondershare Technology Co.,Ltd -> Wondershare)
S2 OCButtonService; "C:\Program Files (x86)\Gigabyte\EasyTuneEngineService\OcButtonService.exe" [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 AppleCharger; C:\WINDOWS\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AVerIT13x; C:\WINDOWS\System32\Drivers\AVerIT13x_x64.sys [198272 2012-12-06] (Microsoft Windows Hardware Compatibility Publisher -> AVerMedia TECHNOLOGIES, Inc.)
R0 avgArDisk; C:\WINDOWS\System32\drivers\avgArDisk.sys [20528 2024-04-07] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [230448 2024-04-07] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriver.sys [379960 2024-04-07] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsh.sys [292920 2024-04-07] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniv.sys [84536 2024-04-07] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [27760 2024-04-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Gen Digital Inc.)
R1 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [28728 2024-04-07] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [268856 2024-04-07] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 avgNetHub; C:\WINDOWS\System32\drivers\avgNetHub.sys [548912 2024-04-07] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [93752 2024-04-07] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [69176 2024-04-07] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [935992 2024-04-07] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [695864 2024-04-07] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R3 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [201784 2024-04-07] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [306232 2024-04-07] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R3 bcmsmbsp; C:\WINDOWS\System32\drivers\bcmsmbsp.sys [54048 2015-09-10] (Broadcom Corporation -> Broadcom Corporation.)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-06-21] (Bluestack Systems, Inc. -> Bluestack System Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [280064 2022-10-12] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [147968 2022-04-13] (Microsoft Corporation) [File not signed]
R1 cFosSpeed; C:\WINDOWS\system32\DRIVERS\cfosspeed6.sys [1595456 2019-03-21] (cFos Software GmbH -> cFos Software GmbH)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 gdrv; C:\WINDOWS\gdrv.sys [26792 2023-11-18] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
R3 gdrv2; C:\WINDOWS\gdrv2.sys [32600 2024-04-07] (GIGA-BYTE Technology Co., Ltd. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
R3 gdrv3; C:\WINDOWS\System32\drivers\gdrv3.sys [51520 2024-03-02] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
S3 GoodixTouchDriver; C:\WINDOWS\System32\drivers\GoodixTouchDriver.sys [53760 2014-11-19] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [42040 2024-04-07] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 i8042HDR; C:\WINDOWS\system32\DRIVERS\i8042HDR.sys [15920 2009-08-15] (Chicony Electronics Co., Ltd. -> Windows ® Codename Longhorn DDK provider)
S3 IObitUnlocker; C:\ProgramData\IObitUnlocker\IObitUnlocker.sys [66824 2017-06-16] (IObit Information Technology -> IObit)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223296 2024-04-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-04-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-04-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 NTIOLib_CC_Clock; C:\Program Files (x86)\MSI\MSI Center\Lib\NTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 NTIOLib_CC_COMM; C:\Program Files (x86)\MSI\MSI Center\Lib\SYS\NTIOLib_X64.sys [32424 2023-07-31] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 NvModuleTracker; C:\WINDOWS\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2022-07-14] (Nvidia Corporation -> NVIDIA Corporation)
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-14] (PeerBlock, LLC -> )
S3 RzCommon; C:\WINDOWS\System32\drivers\RzCommon.sys [54632 2021-03-31] (Razer USA Ltd. -> Razer Inc)
S3 RzDev_0221; C:\WINDOWS\System32\drivers\RzDev_0221.sys [54168 2020-08-24] (Razer USA Ltd. -> Razer Inc)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-06] (Bruce James -> Scarlet.Crush Productions)
S3 ssudcdf; C:\WINDOWS\System32\drivers\ssudcdf.sys [36608 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2017-07-29] (Valve Corp. -> )
R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2017-07-21] (Valve Corp. -> )
S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [25608 2020-01-17] (AVG Technologies CZ, s.r.o. -> SlimWare Utilities, Inc.)
S1 UsbCharger; C:\WINDOWS\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
R1 ViGEmBus; C:\WINDOWS\System32\drivers\ViGEmBus.sys [249400 2022-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Nefarius Software Solutions e.U.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (NGO -> MBB)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WsAudio_Device(1); C:\WINDOWS\system32\drivers\VirtualAudio1.sys [31080 2014-11-26] (Wondershare Software Co., Ltd. -> Wondershare)
R3 XSplit_Dummy; C:\WINDOWS\system32\drivers\xspltspk.sys [37816 2021-06-30] (SplitmediaLabs Limited -> SplitmediaLabs Limited)
R3 XSpltAud; C:\WINDOWS\System32\drivers\XSpltAud.sys [82440 2021-08-25] (Microsoft Windows Hardware Compatibility Publisher -> SplitmediaLabs Limited)
R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [312776 2020-09-20] (Microsoft Windows Hardware Compatibility Publisher -> Nox Limited Corporation)
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
S3 EAAntiCheat; system32\drivers\eaanticheat.sys [X]
S3 PCASp60; System32\Drivers\PCASp60.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-04-08 06:48 - 2024-04-08 06:49 - 000070111 _____ C:\Users\dwood\Downloads\FRST.txt
2024-04-08 06:48 - 2024-04-08 06:49 - 000000000 ____D C:\FRST
2024-04-08 06:46 - 2024-04-08 06:46 - 002393600 _____ (Farbar) C:\Users\dwood\Downloads\FRST64.exe
2024-04-07 13:54 - 2024-04-07 13:58 - 000354244 _____ C:\WINDOWS\ntbtlog.txt
2024-04-07 13:54 - 2024-04-07 13:54 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2024-04-07 13:26 - 2024-04-07 13:26 - 000001262 _____ C:\WINDOWS\system32\.crusader
2024-04-07 13:20 - 2024-04-07 13:26 - 000000000 ____D C:\ProgramData\HitmanPro
2024-04-07 13:16 - 2024-04-07 13:16 - 014287912 _____ (Sophos B.V.) C:\Users\dwood\Downloads\HitmanPro_x64.exe
2024-04-07 13:14 - 2024-04-07 13:19 - 000002478 _____ C:\Users\dwood\Desktop\Rkill.txt
2024-04-07 13:14 - 2024-04-07 13:14 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\dwood\Downloads\rkill.exe
2024-04-07 13:07 - 2024-04-07 13:07 - 000003656 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask
2024-04-07 12:38 - 2024-04-07 12:38 - 000000000 ___HD C:\$AV_AVG
2024-04-07 11:53 - 2024-04-07 15:01 - 000000000 ____D C:\Users\dwood\AppData\Local\AVG
2024-04-07 11:50 - 2024-04-07 11:50 - 000002071 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG AntiVirus Free.lnk
2024-04-07 11:50 - 2024-04-07 11:50 - 000002059 _____ C:\Users\Public\Desktop\AVG AntiVirus Free.lnk
2024-04-07 11:50 - 2024-04-07 11:50 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVG
2024-04-07 11:50 - 2024-04-07 11:50 - 000000000 ____D C:\Users\dwood\AppData\Roaming\AVG
2024-04-07 11:50 - 2024-04-07 11:49 - 000314816 _____ (Gen Digital Inc.) C:\WINDOWS\system32\avgBoot.exe
2024-04-07 11:49 - 2024-04-08 06:40 - 000000000 ____D C:\ProgramData\AVG
2024-04-07 11:49 - 2024-04-07 11:49 - 000888600 _____ (Google LLC) C:\Users\Public\Documents\gcapi.dll
2024-04-07 11:49 - 2024-04-07 11:49 - 000050976 _____ (Avast Software) C:\WINDOWS\system32\icarus_rvrt.exe
2024-04-07 11:49 - 2024-04-07 11:49 - 000000000 ____D C:\Program Files\Common Files\AVG
2024-04-07 11:49 - 2024-04-07 11:49 - 000000000 ____D C:\Program Files\AVG
2024-04-07 11:06 - 2024-04-07 11:46 - 000032600 ____N (GIGA-BYTE TECHNOLOGY CO., LTD.) C:\WINDOWS\gdrv2.sys
2024-04-07 11:05 - 2024-04-07 11:05 - 000000000 ____D C:\WINDOWS\system32\o2
2024-04-05 05:52 - 2024-04-07 11:05 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2024-04-05 05:46 - 2024-04-07 09:38 - 000000961 _____ C:\Users\dwood\Desktop\BitTorrent.lnk
2024-04-05 05:46 - 2024-04-05 05:46 - 000000941 _____ C:\Users\dwood\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2024-04-05 05:43 - 2024-04-05 05:43 - 000001928 _____ C:\Users\dwood\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitTorrent Web.lnk
2024-03-27 14:37 - 2024-03-27 14:37 - 000020861 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-03-27 14:37 - 2024-03-27 14:37 - 000020861 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-03-27 13:38 - 2024-03-27 13:38 - 000000000 ___HD C:\$WinREAgent
2024-03-23 14:24 - 2024-03-23 14:24 - 000000000 ____D C:\ProgramData\Battle.net_components
2024-03-21 17:17 - 2024-03-21 17:17 - 000351664 _____ (Razer Inc.) C:\WINDOWS\system32\RzChromaSDK64.dll
2024-03-21 17:11 - 2024-03-21 17:11 - 000312752 _____ (Razer Inc.) C:\WINDOWS\SysWOW64\RzChromaSDK.dll
2024-03-15 06:53 - 2024-03-15 06:53 - 000002253 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2024-03-15 06:53 - 2024-03-15 06:53 - 000002241 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2024-03-15 06:52 - 2024-03-15 06:52 - 000000000 ____D C:\Program Files\Google
2024-03-14 05:57 - 2024-03-14 05:57 - 000000000 ____D C:\ProgramData\Piriform
2024-03-14 05:57 - 2024-03-14 05:57 - 000000000 ____D C:\ProgramData\Norton
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-04-08 06:47 - 2020-10-10 14:47 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-04-08 06:47 - 2019-12-07 19:13 - 000000000 ____D C:\WINDOWS\INF
2024-04-08 06:45 - 2018-05-19 14:32 - 000000000 ____D C:\Users\dwood\AppData\Local\D3DSCache
2024-04-08 06:42 - 2021-12-16 10:59 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-04-08 06:42 - 2017-08-25 01:56 - 000000000 ____D C:\Program Files (x86)\Google
2024-04-08 06:41 - 2023-05-09 02:52 - 000000000 ____D C:\Users\dwood\AppData\Local\Malwarebytes
2024-04-08 06:41 - 2022-12-01 11:56 - 000000000 ____D C:\MSI
2024-04-08 06:41 - 2017-05-19 20:19 - 000000000 ____D C:\Users\dwood\AppData\Local\Plex Media Server
2024-04-08 06:41 - 2017-03-02 20:52 - 000000000 ____D C:\Program Files\CCleaner
2024-04-08 06:41 - 2017-02-15 14:19 - 000000000 ____D C:\ProgramData\NVIDIA
2024-04-08 06:40 - 2020-10-10 14:50 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-04-08 06:40 - 2020-10-10 14:37 - 000008192 ___SH C:\DumpStack.log.tmp
2024-04-08 06:40 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\ServiceState
2024-04-08 06:40 - 2019-12-07 19:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-04-08 06:39 - 2020-10-10 14:39 - 000000000 ____D C:\Users\dwood
2024-04-08 06:39 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-04-08 06:39 - 2019-12-07 19:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2024-04-08 06:36 - 2020-10-10 14:37 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-04-08 06:34 - 2022-11-30 08:49 - 000000000 ____D C:\Users\dwood\Documents\American Truck Simulator
2024-04-07 18:33 - 2022-12-01 10:37 - 000000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2024-04-07 17:02 - 2017-02-27 16:41 - 000000000 ____D C:\Users\dwood\AppData\Roaming\vlc
2024-04-07 16:20 - 2019-12-07 19:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-04-07 16:20 - 2017-11-12 17:06 - 000000000 ____D C:\Users\dwood\AppData\Local\Packages
2024-04-07 13:59 - 2023-12-03 10:46 - 000239576 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2024-04-07 13:40 - 2017-05-08 07:51 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2024-04-07 13:33 - 2017-05-09 12:09 - 000000000 ____D C:\Program Files (x86)\Direct Video Downloader
2024-04-07 13:32 - 2017-04-15 19:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avidemux (64 bits)
2024-04-07 13:26 - 2019-11-28 23:59 - 000000000 ____D C:\Users\dwood\AppData\Roaming\Movavi Video Editor Plus 2020
2024-04-07 13:18 - 2021-03-30 10:17 - 000000000 ____D C:\Users\dwood\AppData\LocalLow\IGDump
2024-04-07 12:37 - 2017-02-15 15:47 - 000000000 ____D C:\Users\dwood\AppData\Local\CrashDumps
2024-04-07 12:18 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2024-04-07 11:52 - 2018-07-25 12:31 - 000000000 ____D C:\Program Files (x86)\GIGABYTE
2024-04-07 11:51 - 2018-12-08 20:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
2024-04-07 11:50 - 2019-12-07 19:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2024-04-07 11:48 - 2019-02-01 09:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2024-04-07 11:47 - 2019-02-01 09:05 - 000000000 ____D C:\Program Files (x86)\Razer Chroma SDK
2024-04-07 11:46 - 2024-03-02 06:23 - 000000000 ____D C:\WINDOWS\Minidumps
2024-04-07 11:46 - 2024-01-12 06:37 - 000000310 _____ C:\WINDOWS\Tasks\TA Unofficial Patch Updater.job
2024-04-07 11:46 - 2022-09-21 06:12 - 000000666 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2024-04-07 11:44 - 2018-04-11 09:46 - 000000000 ____D C:\Users\dwood\AppData\Local\AVAST Software
2024-04-07 11:23 - 2020-10-10 14:50 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2024-04-07 11:23 - 2017-02-16 20:34 - 000000000 ____D C:\ProgramData\AVAST Software
2024-04-07 11:22 - 2020-10-10 14:39 - 000000000 ____D C:\Users\defaultuser0
2024-04-07 11:11 - 2024-01-12 07:46 - 000000000 ____D C:\Users\dwood\Documents\Pool
2024-04-07 11:08 - 2017-02-17 13:25 - 000000000 ____D C:\Users\dwood\AppData\Roaming\BitTorrent
2024-04-07 11:07 - 2021-03-05 09:46 - 000000000 ____D C:\Users\dwood\AppData\Local\BitTorrentHelper
2024-04-07 11:07 - 2017-02-16 20:24 - 000000000 ____D C:\Users\dwood\AppData\Local\Adobe
2024-04-07 11:05 - 2024-01-12 06:37 - 000002694 _____ C:\WINDOWS\system32\Tasks\TA Unofficial Patch Updater
2024-04-07 11:05 - 2023-07-25 14:28 - 000002430 _____ C:\WINDOWS\system32\Tasks\MSIAfterburner
2024-04-07 11:05 - 2023-04-01 07:30 - 000003058 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-559634521-2701541241-958822180-1001
2024-04-07 11:05 - 2022-09-21 06:12 - 000002950 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2024-04-07 11:05 - 2021-08-19 08:26 - 000002250 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - dwood
2024-04-07 11:05 - 2020-10-10 14:50 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2024-04-07 11:05 - 2020-10-10 14:50 - 000003464 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-04-07 11:05 - 2020-10-10 14:50 - 000003356 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2024-04-07 11:05 - 2020-10-10 14:50 - 000003240 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-04-07 11:05 - 2020-10-10 14:50 - 000003132 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2024-04-07 11:05 - 2020-10-10 14:50 - 000002988 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2024-04-07 11:05 - 2020-10-10 14:50 - 000002854 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-559634521-2701541241-958822180-1001
2024-04-07 11:05 - 2017-02-16 20:18 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-04-07 09:51 - 2023-04-18 17:54 - 000000000 ____D C:\ProgramData\EA Desktop
2024-04-07 09:49 - 2020-01-29 00:41 - 000000000 ____D C:\Users\dwood\dwhelper
2024-04-07 05:34 - 2020-06-13 23:13 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-04-06 07:00 - 2017-02-16 20:18 - 000001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-04-05 17:41 - 2022-10-14 16:48 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader.lnk
2024-04-05 05:53 - 2017-08-25 01:58 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-04-05 04:24 - 2017-02-17 11:57 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2024-04-04 01:53 - 2020-10-10 14:39 - 000002424 _____ C:\Users\dwood\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-04-03 18:04 - 2017-02-27 07:52 - 000000000 ____D C:\Users\dwood\AppData\Roaming\Microsoft\Excel
2024-03-31 05:37 - 2022-02-11 23:37 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-03-28 09:53 - 2024-01-05 14:14 - 000000000 ____D C:\Users\dwood\Documents\incident 5.1
2024-03-27 16:16 - 2019-12-07 19:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-03-27 16:14 - 2020-10-10 14:37 - 005299096 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-03-27 16:09 - 2023-12-16 15:45 - 000000000 ____D C:\WINDOWS\InboxApps
2024-03-27 16:09 - 2019-12-08 00:44 - 000000000 ____D C:\WINDOWS\en-GB
2024-03-27 16:09 - 2019-12-07 19:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2024-03-27 16:09 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-03-27 16:09 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-03-27 16:09 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2024-03-27 16:09 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-03-27 16:09 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\Provisioning
2024-03-27 16:09 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-03-27 14:39 - 2019-12-07 19:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-03-27 14:37 - 2020-10-10 14:38 - 003017216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-03-23 14:23 - 2020-11-22 13:24 - 000000000 ____D C:\Users\dwood\AppData\Local\Battle.net
2024-03-23 09:10 - 2017-02-20 11:57 - 000000000 ____D C:\Users\dwood\AppData\Roaming\Microsoft\Word
2024-03-22 14:48 - 2022-09-15 14:57 - 000000000 ____D C:\Users\dwood\AppData\Roaming\com.adobe.dunamis
2024-03-21 17:09 - 2023-10-07 15:18 - 000000000 ____D C:\Program Files\RUXIM
2024-03-18 19:13 - 2023-06-07 07:07 - 000000000 ___RD C:\Users\dwood\Desktop\
2024-03-15 08:17 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-03-15 08:17 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-03-15 08:17 - 2019-12-07 19:03 - 000000000 ____D C:\WINDOWS\servicing
2024-03-14 00:26 - 2017-02-15 14:35 - 000000000 ____D C:\ProgramData\Package Cache
2024-03-14 00:25 - 2023-09-30 17:25 - 000000000 ____D C:\Program Files\dotnet
2024-03-14 00:25 - 2017-02-15 16:30 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-03-14 00:19 - 2017-02-15 16:30 - 190470136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-03-12 05:52 - 2024-02-18 16:59 - 000000000 ____D C:\ProgramData\WinZip
2024-03-09 23:19 - 2021-10-18 10:01 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP
2024-03-09 23:19 - 2021-10-18 09:59 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
==================== Files in the root of some directories ========
2019-10-13 13:37 - 2019-10-13 13:37 - 000000000 _____ () C:\Program Files (x86)\GUM6F.tmp
2015-03-26 21:48 - 2015-03-26 21:48 - 002174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2018-11-25 12:31 - 2018-11-25 12:31 - 000001456 _____ () C:\Users\dwood\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-05-19 18:43 - 2021-04-24 14:55 - 000009216 _____ () C:\Users\dwood\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-09-22 22:32 - 2018-09-22 22:32 - 000000000 _____ () C:\Users\dwood\AppData\Local\oobelibMkey.log
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Edited by Oh My!, 07 April 2024 - 06:56 PM.
Back to top
to 
