PowerShell/MaleficAms Powershell Infection Please Help

Status
Not open for further replies.

Krighton

New Member
Thread author
Jul 3, 2022
1
I have this from Windows Defender. I've read other posts and have completed the first step and have pasted the contents of my FRST file. (I didn't see an option to upload it.)
Date: 2022-07-03 23:34:45
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: VirTool:powerShell/MaleficAms
Severity: Severe
Category: Tool
Path: amsi:_\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.369.708.0, AS: 1.369.708.0, NIS: 1.369.708.0
Engine Version: AM: 1.1.19300.2, NIS: 1.1.19300.2


++BEGIN FRST FILE++

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-06-2022 01
Ran by krigh (administrator) on DESKTOP (ASUS System Product Name) (03-07-2022 23:50:59)
Running from C:\Users\krigh\Downloads
Loaded Profiles: krigh
Platform: Microsoft Windows 11 Home Version 21H2 22000.778 (X64) Language: English (United States)
Default browser: Vivaldi
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe ->) (ASUSTeK COMPUTER INC. -> ) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent\ArmourySwAgent.exe
(C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe ->) (ASUSTeK COMPUTER INC. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmouryWebBrowserEdge.exe
(C:\Program Files (x86)\Steam\steam.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.UserSessionHelper.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe ->) (Nvidia Corporation -> NVIDIA) C:\Program Files\NVIDIA Corporation\FrameViewSDK\bin\nvrla.exe
(C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe ->) (Nvidia Corporation -> NVIDIA) C:\Program Files\NVIDIA Corporation\FrameViewSDK\bin\PresentMon_x64.exe <2>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(explorer.exe ->) (EVGA Corp. -> EVGA Co., Ltd.) C:\Program Files (x86)\EVGA\Unleash RGB\UnleashRGB.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.44\msedgewebview2.exe <18>
(explorer.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
(explorer.exe ->) (Vivaldi Technologies AS -> Vivaldi Technologies AS) C:\Users\krigh\AppData\Local\Vivaldi\Application\vivaldi.exe <15>
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(services.exe ->) (ASUSTeK Computer Inc. -> ASUSTek COMPUTER INC.) C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe
(services.exe ->) (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\2.01.13\AsusFanControlService.exe
(services.exe ->) (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AXSP\4.02.12\atkexComSvc.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.) C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) C:\Program Files (x86)\LightingService\LightingService.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe
(services.exe ->) (DTS, Inc. -> ) C:\Windows\System32\DTS\PC\APO3x\DTSAPO3Service.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_246e95e4066041ad\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Nvidia Corporation -> NVIDIA) C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe
(services.exe ->) (Piriform Software Ltd -> ) C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_e8d71250669d562e\RtkAudUService64.exe <2>
(services.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\steamservice.exe
(svchost.exe ->) (ASUSTeK Computer Inc. -> ) C:\Program Files\ASUS\KINGSTON_Aac_DRAM\AacKingstonDramHal_x86.exe
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
(svchost.exe ->) (ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\NoiseCancelingEngine.exe
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek Compputer Inc.) C:\Program Files\ASUS\AacMB\Aac3572MbHal_x86.exe <2>
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe <4>
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.) C:\Program Files\ASUS\AacExtCard\extensionCardHal_x86.exe
(svchost.exe ->) (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files\ASUS\ASUS_Aac_DRAM\Aac3572DramHal_x86.exe
(svchost.exe ->) (EVGA Corp. -> EVGA Co., Ltd.) C:\Program Files\EVGA\Precision X1\PrecisionX_x64.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SecHealthUI_1000.22000.1.0_neutral__8wekyb3d8bbwe\SecHealthUI.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.425.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
(svchost.exe ->) (SKOWSAND SERVICOS DE PROVEDORES E INTERNET LTDA -> ) C:\Program Files (x86)\ExitLag\ExitLag.exe
(Wesley Pyburn -> TechNobo (Wesley Pyburn)) D:\TcNo-Acc-Switcher_2022-05-26_01\TcNo-Acc-Switcher_main.exe
(Wesley Pyburn -> TechNobo (Wesley Pyburn)) D:\TcNo-Acc-Switcher_2022-05-26_01\TcNo-Acc-Switcher-Tray_main.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_e8d71250669d562e\RtkAudUService64.exe [1350240 2021-09-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-1231033977-4115729400-3113959970-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4282328 2022-06-07] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-1231033977-4115729400-3113959970-1001\...\Run: [EVGAUnleashRGB] => C:\Program Files (x86)\EVGA\Unleash RGB\UnleashRGB.exe [5766560 2022-07-01] (EVGA Corp. -> EVGA Co., Ltd.)
HKU\S-1-5-21-1231033977-4115729400-3113959970-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> D:\Fliqlo.scr [388096 2022-07-02] (9031) [File not signed]
IFEO\osppsvc.exe: [VerifierDlls] SppExtComObjHook.dll
IFEO\SppExtComObj.exe: [VerifierDlls] SppExtComObjHook.dll
Startup: C:\Users\krigh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TcNo Account Switcher - Tray.lnk [2022-07-02]
ShortcutTarget: TcNo Account Switcher - Tray.lnk -> D:\TcNo-Acc-Switcher_2022-05-26_01\TcNo-Acc-Switcher-Tray.exe (Wesley Pyburn -> TechNobo (Wesley Pyburn))

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1A4F0473-96E6-4081-A361-0BE492C120B8} - System32\Tasks\ASUS\ArmourySocketServer => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe [1842200 2022-06-13] (ASUSTeK COMPUTER INC. -> ASUS)
Task: {1E5CFCA3-8FF8-4D3D-ABD8-A3DAF8F0AA3B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906752 2022-06-23] (Nvidia Corporation -> NVIDIA Corporation)
Task: {2717E15C-B80C-4637-B1C5-66E99F92F28C} - System32\Tasks\VivaldiUpdateCheck-c93191a246345092 => C:\Users\krigh\AppData\Local\Vivaldi\Application\update_notifier.exe [3323792 2022-06-21] (Vivaldi Technologies AS -> Vivaldi Technologies AS)
Task: {3B5D348A-BA45-4D19-B170-D4A8205753A0} - System32\Tasks\ASUS\AcPowerNotification => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe [305176 2022-06-13] (ASUSTeK COMPUTER INC. -> ASUS)
Task: {3D2A02D6-414F-4594-8D6E-5D2ADB807B74} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1231033977-4115729400-3113959970-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4214144 2022-07-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {5B193C5D-4748-4A48-915A-B89F9B39E5DD} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe (No File)
Task: {5BD0939A-AD81-47ED-B678-86AC764A550B} - System32\Tasks\ExitLag-S-1-5-21-1231033977-4115729400-3113959970-1001 => C:\Program Files (x86)\ExitLag\ExitLag.exe [5770552 2022-06-09] (SKOWSAND SERVICOS DE PROVEDORES E INTERNET LTDA -> )
Task: {67341D66-EC6D-44CD-8C2D-D060D86B44BB} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646344 2022-06-23] (Nvidia Corporation -> NVIDIA Corporation)
Task: {6768EEF1-1062-4696-B9F7-23F26878E412} - System32\Tasks\ASUS\ASUSUpdateTaskMachineCore1d88e2ca904910a => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [153112 2022-07-02] (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.)
Task: {6CCA011A-F186-4C00-9F62-089A307BE8B3} - System32\Tasks\CCleanerSkipUAC - krigh => C:\Program Files\CCleaner\CCleaner.exe [31027800 2022-06-14] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {6FC17DB7-56C3-4F18-B19E-EA012A5B9447} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906752 2022-06-23] (Nvidia Corporation -> NVIDIA Corporation)
Task: {8501013F-94CE-40BA-B645-BFD1C90D2FEE} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-06-23] (Nvidia Corporation -> NVIDIA Corporation)
Task: {9168AF12-2310-4875-8F46-C32216E0AFD4} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-06-23] (Nvidia Corporation -> NVIDIA Corporation)
Task: {97C65DE1-CFAD-4A23-835A-92FA29DE3B7A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [7053720 2022-07-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {9829DA22-42F0-42DD-A13C-21B34C873394} - System32\Tasks\EVGAPrecisionX => C:\Program Files\EVGA\Precision X1\PrecisionX_x64.exe [20735904 2022-06-28] (EVGA Corp. -> EVGA Co., Ltd.)
Task: {A806823A-EE6C-429D-AE79-2B0A4CFCE4C8} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-06-23] (Nvidia Corporation -> NVIDIA Corporation)
Task: {AD48F321-DF45-4098-8A3B-663125AA1170} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4214144 2022-07-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {AED03F43-47D0-4D71-B03E-09974F1BE3D8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [7053720 2022-07-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {B3932A99-9919-4109-A1BC-00ECAD5D5BD9} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-06-14] (Piriform Software Ltd -> Piriform)
Task: {BC9CE554-1D07-4E6E-8472-A4E25A43515A} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141232 2022-07-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {BE39AC77-744D-4A51-BD28-8A33E24AF1F3} - System32\Tasks\ASUS\ASUSUpdateTaskMachineUA => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [153112 2022-07-02] (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.)
Task: {D32607EB-EA1F-4182-9A45-0490D4C3AE0E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21864352 2022-04-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {D531C8C4-805A-4F0B-A98E-6E3F0D575BC6} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-06-23] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {DF49110F-3D11-419D-ADBD-3E405FB311FE} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-06-23] (Nvidia Corporation -> NVIDIA Corporation)
Task: {E5BB2B46-98E3-4A27-AE26-25DF25A3572E} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342080 2022-06-23] (Nvidia Corporation -> NVIDIA Corporation)
Task: {E5C21C96-F6EA-42C8-9060-525A7EA20B75} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21864352 2022-04-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {E86AEDF4-B59C-4012-8606-5B0562E1F9F3} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141232 2022-07-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {F48DA1F2-7E36-463F-99F9-C23B721AFECD} - System32\Tasks\ASUS\NoiseCancelingEngine => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\NoiseCancelingEngine.exe [1241960 2021-11-24] (ASUSTeK Computer Inc. -> ASUS)
Task: {F7759C84-8EBA-41FD-AC59-EE63BD805E61} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-17] (Adobe Inc. -> Adobe Inc.)
Task: {FEE22B32-E26D-44D3-97CE-C5C178A5843F} - System32\Tasks\ASUS\Framework Service => C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe [43030328 2022-06-07] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.50.1
Tcpip\..\Interfaces\{4739c0e8-453f-4a81-8a0a-a13eaa7d985a}: [DhcpNameServer] 192.168.50.1

Edge:
=======
Edge Profile: C:\Users\krigh\AppData\Local\Microsoft\Edge\User Data\Default [2022-07-03]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-07-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-06-04] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-07-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-07-02] (Microsoft Corporation -> Microsoft Corporation)

Vivaldi:
=======
VIV Profile: C:\Users\krigh\AppData\Local\Vivaldi\User Data\Default [2022-07-03]
VIV Notifications: Default -> hxxps://calendar.google.com; hxxps://meet.google.com
VIV HomePage: Default -> vivaldi://startpage
VIV StartupUrls: Default -> "hxxp://Qwant.com"
VIV DefaultSearchURL: Default -> hxxps://www.google.com/search?q={searchTerms}&{google:eek:riginalQueryForSuggestion}{google:prefetchSource}{google:sourceId}{google:contextualSearchVersion}ie={inputEncoding}
VIV DefaultSearchKeyword: Default -> g
VIV Extension: (PayPal Honey: Automatic Coupons & Cash Back) - C:\Users\krigh\AppData\Local\Vivaldi\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2022-07-01]
VIV Extension: (Google Docs Offline) - C:\Users\krigh\AppData\Local\Vivaldi\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-07-01]
VIV Extension: (AdBlock — best ad blocker) - C:\Users\krigh\AppData\Local\Vivaldi\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2022-07-01]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-17] (Adobe Inc. -> Adobe Inc.)
R2 ArmouryCrateService; C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe [372456 2022-07-02] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.02.12\atkexComSvc.exe [457544 2022-02-10] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S2 asus; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [153112 2022-07-02] (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.)
R2 AsusCertService; C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe [181576 2021-09-30] (ASUSTeK Computer Inc. -> ASUSTek COMPUTER INC.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\2.01.13\AsusFanControlService.exe [2216264 2022-03-09] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S3 asusm; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [153112 2022-07-02] (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.)
S2 AsusROGLSLService; C:\Program Files (x86)\ASUS\AsusROGLSLService\AsusROGLSLService.exe [651800 2022-07-02] (ASUSTeK COMPUTER INC. -> ASUS)
S2 AsusUpdateCheck; C:\Windows\System32\AsusUpdateCheck.exe [1132000 2022-07-03] (ASUSTeK COMPUTER INC. -> )
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8885112 2022-07-02] (BattlEye Innovations e.K. -> )
R2 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1081432 2022-06-14] (Piriform Software Ltd -> )
S4 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9191816 2022-04-28] (Microsoft Corporation -> Microsoft Corporation)
R2 DTSAPO3Service; C:\Windows\System32\DTS\PC\APO3x\DTSAPO3Service.exe [222104 2020-07-16] (DTS, Inc. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1135648 2022-07-03] (EasyAntiCheat Oy -> Epic Games, Inc)
S4 FileSyncHelper; C:\Program Files\Microsoft OneDrive\22.136.0626.0001\FileSyncHelper.exe [3384200 2022-07-03] (Microsoft Corporation -> Microsoft Corporation)
S4 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [2275928 2022-06-01] (GOG Sp. z o.o. -> GOG.com)
S4 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7166552 2022-06-01] (GOG Sp. z o.o. -> GOG.com)
S4 GameSDK Service; C:\Program Files (x86)\ASUS\GameSDK Service\GameSDK.exe [397544 2022-05-31] (ASUSTeK COMPUTER INC. -> ASUS Inc.)
R2 LightingService; C:\Program Files (x86)\LightingService\LightingService.exe [3835360 2022-03-10] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8677120 2022-07-03] (Malwarebytes Inc. -> Malwarebytes)
S4 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\22.136.0626.0001\OneDriveUpdaterService.exe [3824008 2022-07-03] (Microsoft Corporation -> Microsoft Corporation)
R2 ROG Live Service; C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe [6304488 2022-04-25] (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe [3120992 2022-07-01] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe [133544 2022-07-01] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_246e95e4066041ad\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_246e95e4066041ad\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Asusgio2; C:\Windows\system32\drivers\AsIO2.sys [34384 2022-02-10] (ASUSTeK Computer Inc. -> )
R1 Asusgio3; C:\Windows\system32\drivers\AsIO3.sys [43168 2021-09-30] (ASUSTeK Computer Inc. -> )
R1 CTIAIO; C:\Windows\system32\drivers\CtiAIo64.sys [32304 2022-07-02] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Innovation Co., LTd.)
R2 Driver; C:\Program Files (x86)\EVGA\Kernel\driver-x64.sys [39856 2022-02-07] (EVGA Corp. -> )
S3 e2f68; C:\Windows\System32\drivers\e2f68.sys [485376 2021-06-01] (Microsoft Windows -> Intel Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2022-07-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 Hsp; C:\Windows\System32\drivers\Hsp.sys [111960 2022-07-01] (Microsoft Windows -> Microsoft Corporation)
R3 iaLPSS2_GPIO2_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_2546dafe2183e972\iaLPSS2_GPIO2_TGL.sys [131224 2021-07-19] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_1308f85f1b0adf27\iaLPSS2_I2C_TGL.sys [204440 2021-07-19] (Intel Corporation -> Intel Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223176 2022-07-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2022-07-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [192960 2022-07-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [74704 2022-07-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2022-07-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [181992 2022-07-03] (Malwarebytes Inc. -> Malwarebytes)
S3 MpKsl97310e6d; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4C43CE78-A84F-45F1-84CF-F3C89570F6B3}\MpKslDrv.sys [141568 2022-07-03] (Microsoft Windows -> Microsoft Corporation)
R1 MSIO; C:\Windows\system32\drivers\MsIo64.sys [17424 2020-01-19] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd)
R1 ndextlag; C:\Windows\system32\DRIVERS\ndextlag.sys [48640 2018-04-11] (Mainline Net Holdings Limited -> SKOWSAND SERVICOS DE PROVEDORES E INTERNET LTDA - ME)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [48552 2022-06-23] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [49576 2022-07-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [452856 2022-07-01] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [91384 2022-07-01] (Microsoft Windows -> Microsoft Corporation)
S1 amsdk; \??\C:\Windows\system32\drivers\amsdk.sys [X]
S3 cpuz153; \??\C:\Windows\temp\cpuz153\cpuz153_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-07-03 23:50 - 2022-07-03 23:51 - 000026540 _____ C:\Users\krigh\Downloads\FRST.txt
2022-07-03 23:46 - 2022-07-03 23:51 - 000000000 ____D C:\FRST
2022-07-03 23:45 - 2022-07-03 23:45 - 002369024 _____ (Farbar) C:\Users\krigh\Downloads\FRST64.exe
2022-07-03 23:34 - 2022-07-03 23:34 - 000192960 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2022-07-03 23:34 - 2022-07-03 23:34 - 000181992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2022-07-03 23:34 - 2022-07-03 23:34 - 000074704 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2022-07-03 23:32 - 2022-07-03 23:32 - 000000000 ____D C:\ProgramData\Piriform
2022-07-03 23:15 - 2022-07-03 23:15 - 000000505 _____ C:\Users\krigh\Desktop\Programs and Features.lnk
2022-07-03 23:09 - 2022-07-03 23:09 - 000000000 ____D C:\Users\krigh\AppData\Local\FirmwareUpdateTool
2022-07-03 23:09 - 2022-07-03 23:09 - 000000000 ____D C:\ProgramData\Logishrd
2022-07-03 17:06 - 2022-07-03 17:06 - 000000000 ____D C:\Users\krigh\AppData\Roaming\Bungie
2022-07-03 17:05 - 2022-07-03 17:05 - 000000000 ____D C:\Users\krigh\AppData\Local\BattlEye
2022-07-03 16:56 - 2022-07-03 16:56 - 000000000 ____D C:\Users\krigh\Documents\My Games
2022-07-03 16:56 - 2022-07-03 16:56 - 000000000 ____D C:\Users\krigh\AppData\Local\My Games
2022-07-03 16:44 - 2022-07-03 16:44 - 000000000 ____D C:\plc_debug
2022-07-03 16:16 - 2022-07-03 16:16 - 000000000 ____D C:\ProgramData\Emsisoft
2022-07-03 16:10 - 2022-07-03 16:21 - 000092993 _____ C:\Windows\ZAM.krnl.trace
2022-07-03 16:10 - 2022-07-03 16:21 - 000000000 ____D C:\Users\krigh\AppData\Local\AMSDK
2022-07-03 16:10 - 2022-07-03 16:10 - 000000000 ____D C:\Users\krigh\AppData\Local\Zemana
2022-07-03 15:30 - 2022-07-03 15:32 - 000000000 ____D C:\ProgramData\HitmanPro
2022-07-03 15:08 - 2022-07-03 15:08 - 000000000 ____D C:\ProgramData\TEMP
2022-07-03 15:07 - 2022-07-03 16:25 - 000000000 ____D C:\Program Files (x86)\Trojan Remover
2022-07-03 10:43 - 2022-07-03 10:43 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2022-07-03 10:37 - 2022-07-03 10:37 - 000000812 _____ C:\Users\krigh\Desktop\GPU-Z.2.46.0.lnk
2022-07-03 10:23 - 2022-07-03 16:29 - 000000000 ____D C:\Users\krigh\AppData\Local\mbam
2022-07-03 10:23 - 2022-07-03 10:23 - 000239544 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2022-07-03 10:23 - 2022-07-03 10:23 - 000223176 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2022-07-03 10:23 - 2022-07-03 10:23 - 000158640 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2022-07-03 10:23 - 2022-07-03 10:23 - 000021480 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2022-07-03 10:23 - 2022-07-03 10:23 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-07-03 10:23 - 2022-07-03 10:23 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-07-03 10:22 - 2022-07-03 10:22 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-07-03 10:22 - 2022-07-03 10:22 - 000000000 ____D C:\Program Files\Malwarebytes
2022-07-03 10:14 - 2022-07-03 10:23 - 000000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2022-07-02 23:07 - 2022-07-02 23:07 - 000000928 _____ C:\Users\Public\Desktop\Overwatch.lnk
2022-07-02 23:07 - 2022-07-02 23:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch
2022-07-02 22:44 - 2022-07-02 22:51 - 000000000 ____D C:\Users\krigh\AppData\Roaming\discord
2022-07-02 22:44 - 2022-07-02 22:45 - 000000000 ____D C:\Users\krigh\AppData\Local\Discord
2022-07-02 22:44 - 2022-07-02 22:44 - 000002231 _____ C:\Users\krigh\Desktop\Discord.lnk
2022-07-02 22:44 - 2022-07-02 22:44 - 000000000 ____D C:\Users\krigh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2022-07-02 22:41 - 2022-07-02 22:41 - 000000234 _____ C:\Users\krigh\Desktop\Tom Clancy's The Division 2.url
2022-07-02 22:40 - 2022-07-02 23:07 - 000000000 ____D C:\Program Files (x86)\Overwatch
2022-07-02 22:40 - 2022-07-02 22:40 - 000000000 ____D C:\ProgramData\Ubisoft
2022-07-02 22:40 - 2022-07-02 22:40 - 000000000 ____D C:\ProgramData\Blizzard Entertainment
2022-07-02 22:39 - 2022-07-03 17:05 - 000000000 ____D C:\Users\krigh\AppData\Local\Ubisoft Game Launcher
2022-07-02 22:39 - 2022-07-02 23:08 - 000000000 ____D C:\Users\krigh\AppData\Local\Battle.net
2022-07-02 22:39 - 2022-07-02 22:40 - 000000000 ____D C:\Users\krigh\AppData\Roaming\Battle.net
2022-07-02 22:39 - 2022-07-02 22:39 - 000001327 _____ C:\Users\krigh\Desktop\Ubisoft Connect.lnk
2022-07-02 22:39 - 2022-07-02 22:39 - 000000940 _____ C:\Users\Public\Desktop\Battle.net.lnk
2022-07-02 22:39 - 2022-07-02 22:39 - 000000000 ____D C:\Users\krigh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2022-07-02 22:39 - 2022-07-02 22:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2022-07-02 22:39 - 2022-07-02 22:39 - 000000000 ____D C:\Program Files (x86)\Ubisoft
2022-07-02 22:38 - 2022-07-02 22:40 - 000000000 ____D C:\Users\krigh\AppData\Local\Blizzard Entertainment
2022-07-02 22:38 - 2022-07-02 22:40 - 000000000 ____D C:\Program Files (x86)\Battle.net
2022-07-02 22:37 - 2022-07-02 22:38 - 000000000 ____D C:\ProgramData\Battle.net
2022-07-02 22:34 - 2022-07-02 22:35 - 000000000 ____D C:\Program Files (x86)\GOG Galaxy
2022-07-02 22:34 - 2022-07-02 22:34 - 000001211 _____ C:\Users\Public\Desktop\GOG GALAXY.lnk
2022-07-02 22:34 - 2022-07-02 22:34 - 000000000 ____D C:\Users\krigh\AppData\Local\GOG.com
2022-07-02 22:34 - 2022-07-02 22:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2022-07-02 22:34 - 2022-07-02 22:34 - 000000000 ____D C:\ProgramData\GOG.com
2022-07-02 22:31 - 2022-07-02 22:31 - 000000223 _____ C:\Users\krigh\Desktop\Destiny 2.url
2022-07-02 22:31 - 2022-07-02 22:31 - 000000222 _____ C:\Users\krigh\Desktop\OUTRIDERS.url
2022-07-02 21:58 - 2022-07-02 21:58 - 000639773 _____ C:\Windows\system32\dgq0fe5p.uwy
2022-07-02 21:28 - 2022-07-02 21:28 - 000001252 _____ C:\Users\krigh\Desktop\AIDA64 Extreme.lnk
2022-07-02 21:28 - 2022-07-02 21:28 - 000000000 ____D C:\Windows\OFy5c7
2022-07-02 21:27 - 2022-07-02 21:27 - 000000000 ____D C:\Program Files (x86)\FinalWire
2022-07-02 16:51 - 2022-07-03 16:43 - 000000000 ____D C:\Users\krigh\AppData\Local\CrashDumps
2022-07-02 14:17 - 2022-07-02 14:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSEdgeRedirect
2022-07-02 14:17 - 2022-07-02 14:17 - 000000000 ____D C:\Program Files\MSEdgeRedirect
2022-07-02 14:16 - 2022-07-02 14:16 - 000000000 ____D C:\Users\krigh\AppData\Local\MSEdgeRedirect
2022-07-02 12:14 - 2022-07-02 12:14 - 000001609 _____ C:\Users\krigh\Desktop\ARMOURY CRATE.lnk
2022-07-02 12:12 - 2022-07-02 12:12 - 000000000 ____D C:\ProgramData\DTSAudio
2022-07-02 12:10 - 2022-07-02 12:12 - 000000000 ____D C:\ProgramData\UWP
2022-07-02 12:09 - 2022-07-02 12:10 - 000000000 ____D C:\Program Files\Intel
2022-07-02 12:09 - 2022-07-02 12:09 - 000000000 ___HD C:\Program Files (x86)\Temp
2022-07-02 12:09 - 2022-07-02 12:09 - 000000000 ____D C:\Windows\system32\DTS
2022-07-02 12:09 - 2022-07-02 12:09 - 000000000 ____D C:\Users\krigh\Intel
2022-07-02 12:09 - 2022-07-02 12:09 - 000000000 ____D C:\ProgramData\Intel
2022-07-02 12:09 - 2022-07-02 12:09 - 000000000 ____D C:\Program Files (x86)\Realtek
2022-07-02 12:09 - 2021-09-16 01:44 - 000276848 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTHDASIO64.dll
2022-07-02 12:09 - 2021-09-16 01:44 - 000231280 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RTHDASIO.dll
2022-07-02 12:09 - 2021-09-16 01:42 - 006519336 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2022-07-02 12:09 - 2021-09-16 01:31 - 048712576 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2022-07-02 12:09 - 2021-05-17 09:50 - 002875968 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2022-07-02 12:07 - 2022-07-02 12:07 - 000000000 _____ C:\Windows\SysWOW64\Drivers\1043_ASUSTeK_System Product Name.alu
2022-07-02 12:03 - 2022-07-02 12:04 - 000000000 ____D C:\Program Files (x86)\LightingService
2022-07-02 12:03 - 2022-07-02 12:03 - 000000000 ____D C:\Users\krigh\AppData\Local\ASUS
2022-07-02 12:03 - 2022-07-02 12:03 - 000000000 ____D C:\Program Files\PD
2022-07-02 12:02 - 2022-07-03 16:48 - 000000000 ____D C:\Program Files\ASUS
2022-07-02 12:02 - 2022-07-02 12:02 - 000032304 _____ (Creative Technology Innovation Co., LTd.) C:\Windows\system32\Drivers\CtiAIo64.sys
2022-07-02 12:02 - 2022-07-02 12:02 - 000000000 ____D C:\Program Files\PHISON
2022-07-02 12:02 - 2022-07-02 12:02 - 000000000 ____D C:\Program Files\Patriot
2022-07-02 12:02 - 2022-02-10 11:20 - 000120880 _____ C:\Windows\system32\AsIO2.dll
2022-07-02 12:02 - 2022-02-10 11:20 - 000095280 _____ C:\Windows\SysWOW64\AsIO2.dll
2022-07-02 12:02 - 2022-02-10 11:20 - 000034384 _____ C:\Windows\system32\Drivers\AsIO2.sys
2022-07-02 12:02 - 2020-01-19 19:49 - 000017424 _____ (MICSYS Technology Co., LTd) C:\Windows\system32\Drivers\MsIo64.sys
2022-07-02 12:02 - 2020-01-19 19:49 - 000017424 _____ (MICSYS Technology Co., LTd) C:\Windows\system32\Drivers\MsIo64.old
2022-07-02 12:01 - 2022-07-02 12:09 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2022-07-02 12:01 - 2022-07-02 12:03 - 000000000 ____D C:\Users\krigh\AppData\Local\AcSdkInsLog
2022-07-02 11:59 - 2022-07-02 12:03 - 000000000 ____D C:\Windows\system32\Tasks\ASUS
2022-07-02 11:59 - 2022-07-02 11:59 - 000000061 _____ C:\Windows\skipsavetoini
2022-07-02 11:58 - 2022-07-03 16:48 - 000000000 ____D C:\Program Files (x86)\ASUS
2022-07-02 11:58 - 2021-09-30 10:14 - 000043168 _____ C:\Windows\system32\Drivers\AsIO3.sys
2022-07-02 11:58 - 2021-09-16 16:25 - 000151608 _____ (©ASUSTeK Computer Inc.) C:\Windows\system32\AsIO3.dll
2022-07-02 11:58 - 2021-09-16 16:25 - 000123744 _____ (©ASUSTeK Computer Inc.) C:\Windows\SysWOW64\AsIO3.dll
2022-07-02 10:55 - 2022-07-03 23:33 - 000003130 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1231033977-4115729400-3113959970-1001
2022-07-02 10:55 - 2022-07-03 10:43 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-07-02 07:23 - 2022-07-02 07:23 - 000003490 _____ C:\Windows\system32\Tasks\ExitLag-S-1-5-21-1231033977-4115729400-3113959970-1001
2022-07-02 07:15 - 2022-07-02 07:15 - 000003302 _____ C:\Windows\system32\Tasks\EVGAPrecisionX
2022-07-02 03:13 - 2022-07-03 10:32 - 000000000 ____D C:\Windows\Panther
2022-07-02 02:16 - 2022-07-02 02:16 - 000000000 _SHDL C:\Documents and Settings
2022-07-02 02:15 - 2022-07-03 23:34 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-07-02 02:15 - 2022-07-02 12:04 - 000000000 ____D C:\ProgramData\ASUS
2022-07-02 02:15 - 2022-07-02 02:16 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-07-02 02:15 - 2022-07-02 02:15 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2022-07-02 02:15 - 2022-07-01 23:43 - 000000000 ____D C:\Windows\system32\Drivers\wd
2022-07-02 02:15 - 2022-07-01 23:30 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-07-02 02:15 - 2022-07-01 23:30 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-07-02 02:14 - 2022-07-03 23:34 - 001180016 _____ () C:\Windows\system32\wpbbin.exe
2022-07-02 02:14 - 2022-07-03 23:34 - 001132000 _____ C:\Windows\system32\AsusUpdateCheck.exe
2022-07-02 02:14 - 2022-07-03 23:34 - 000012288 ___SH C:\DumpStack.log.tmp
2022-07-02 02:14 - 2022-07-03 14:47 - 000000000 ____D C:\Windows\system32\SleepStudy
2022-07-02 02:14 - 2022-07-03 10:29 - 000480168 _____ C:\Windows\system32\FNTCACHE.DAT
2022-07-02 02:14 - 2022-07-02 02:14 - 000000000 ____D C:\Windows\ServiceProfiles
2022-07-02 00:46 - 2022-07-03 17:32 - 000000000 ____D C:\Users\krigh\AppData\Local\Persona
2022-07-02 00:44 - 2022-07-03 16:56 - 000000000 ____D C:\Users\krigh\AppData\Roaming\EasyAntiCheat
2022-07-02 00:44 - 2022-07-02 07:24 - 000000000 ____D C:\Users\krigh\AppData\Local\ExitLag
2022-07-02 00:44 - 2022-07-02 07:23 - 000000000 ____D C:\Users\krigh\AppData\Roaming\ExitLag
2022-07-02 00:44 - 2022-07-02 00:44 - 000000000 ____D C:\Users\krigh\AppData\Roaming\NVIDIA
2022-07-02 00:44 - 2022-07-02 00:44 - 000000000 ____D C:\Users\krigh\AppData\Roaming\AGS
2022-07-02 00:44 - 2022-07-02 00:44 - 000000000 ____D C:\Users\krigh\AppData\Local\AGS
2022-07-02 00:44 - 2022-07-02 00:44 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2022-07-02 00:41 - 2022-07-02 22:44 - 000000000 ____D C:\Users\krigh\AppData\Local\SquirrelTemp
2022-07-02 00:41 - 2022-07-02 00:41 - 000000000 ____D C:\Users\krigh\AppData\Roaming\Teams
2022-07-02 00:36 - 2022-07-03 23:36 - 000000000 ____D C:\Program Files\CCleaner
2022-07-02 00:36 - 2022-07-02 00:36 - 000003936 _____ C:\Windows\system32\Tasks\CCleaner Update
2022-07-02 00:36 - 2022-07-02 00:36 - 000002888 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC - krigh
2022-07-02 00:36 - 2022-07-02 00:36 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2022-07-02 00:36 - 2022-07-02 00:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2022-07-02 00:29 - 2022-07-03 16:28 - 000000000 ____D C:\Users\krigh\AppData\Local\cache
2022-07-02 00:29 - 2022-07-02 12:02 - 000000000 ____D C:\Program Files\ENE
2022-07-02 00:29 - 2022-07-02 00:29 - 000002240 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dashboard.lnk
2022-07-02 00:29 - 2022-07-02 00:29 - 000002228 _____ C:\Users\krigh\Desktop\Dashboard.lnk
2022-07-02 00:29 - 2022-07-02 00:29 - 000000000 ____D C:\Users\krigh\AppData\Local\Western Digital
2022-07-02 00:28 - 2022-07-02 00:28 - 000000000 ____D C:\Program Files (x86)\Western Digital
2022-07-02 00:26 - 2022-07-03 10:15 - 000000000 ____D C:\Users\krigh\AppData\Roaming\qBittorrent
2022-07-02 00:26 - 2022-07-02 00:26 - 000000000 ____D C:\Users\krigh\AppData\Local\qBittorrent
2022-07-02 00:25 - 2022-07-02 00:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2022-07-02 00:25 - 2022-07-02 00:25 - 000000000 ____D C:\Program Files\qBittorrent
2022-07-02 00:14 - 2022-07-02 22:31 - 000000000 ____D C:\Users\krigh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2022-07-02 00:14 - 2022-07-02 00:14 - 000000223 _____ C:\Users\krigh\Desktop\New World.url
2022-07-02 00:08 - 2022-07-02 00:08 - 000000000 ____D C:\Users\krigh\AppData\LocalLow\Adobe
2022-07-02 00:08 - 2022-07-02 00:08 - 000000000 ____D C:\Users\krigh\AppData\Local\SolidDocuments
2022-07-02 00:08 - 2022-07-02 00:08 - 000000000 ____D C:\Users\krigh\.ms-ad
2022-07-02 00:07 - 2022-07-03 23:33 - 000002776 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2022-07-02 00:07 - 2022-07-03 10:32 - 000003542 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2022-07-02 00:07 - 2022-07-02 07:22 - 000001796 _____ C:\Users\krigh\Desktop\TcNo Account Switcher.lnk
2022-07-02 00:07 - 2022-07-02 00:08 - 000000000 ____D C:\ProgramData\Adobe
2022-07-02 00:07 - 2022-07-02 00:07 - 000019968 _____ C:\Windows\system32\SppExtComObjHook.dll
2022-07-02 00:07 - 2022-07-02 00:07 - 000002451 _____ C:\Users\krigh\Desktop\Word.lnk
2022-07-02 00:07 - 2022-07-02 00:07 - 000002450 _____ C:\Users\krigh\Desktop\PowerPoint.lnk
2022-07-02 00:07 - 2022-07-02 00:07 - 000002414 _____ C:\Users\krigh\Desktop\Access.lnk
2022-07-02 00:07 - 2022-07-02 00:07 - 000002413 _____ C:\Users\krigh\Desktop\Excel.lnk
2022-07-02 00:07 - 2022-07-02 00:07 - 000002407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2022-07-02 00:07 - 2022-07-02 00:07 - 000002401 _____ C:\Users\krigh\Desktop\Publisher.lnk
2022-07-02 00:07 - 2022-07-02 00:07 - 000002393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2022-07-02 00:07 - 2022-07-02 00:07 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2022-07-02 00:07 - 2022-07-02 00:07 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
2022-07-02 00:07 - 2022-07-02 00:07 - 000000000 ___RD C:\Users\Default\OneDrive
2022-07-02 00:07 - 2022-07-02 00:07 - 000000000 ____D C:\Users\krigh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TcNo Account Switcher
2022-07-02 00:07 - 2022-07-02 00:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2022-07-02 00:07 - 2022-07-02 00:07 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2022-07-02 00:07 - 2022-07-02 00:07 - 000000000 ____D C:\Program Files\Common Files\Adobe
2022-07-02 00:07 - 2022-07-02 00:07 - 000000000 ____D C:\Program Files\Adobe
2022-07-02 00:06 - 2022-07-02 00:07 - 000000000 ____D C:\Program Files\Microsoft Office
2022-07-02 00:06 - 2022-07-02 00:06 - 000000000 ____D C:\Program Files\Microsoft Office 15
2022-07-02 00:05 - 2022-07-02 00:53 - 000000000 ____D C:\Users\krigh\AppData\Local\Adobe
2022-07-02 00:01 - 2022-07-02 00:08 - 000000000 ____D C:\Users\krigh\AppData\Roaming\Azeron Software
2022-07-02 00:01 - 2022-07-02 00:01 - 000002451 _____ C:\Users\krigh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Azeron Software.lnk
2022-07-02 00:01 - 2022-07-02 00:01 - 000002443 _____ C:\Users\krigh\Desktop\Azeron Software.lnk
2022-07-02 00:01 - 2022-07-02 00:01 - 000000000 ____D C:\Users\krigh\AppData\Local\azeron-software-updater
2022-07-01 23:59 - 2022-07-02 11:03 - 000000000 ____D C:\Users\krigh\AppData\Local\NVIDIA Corporation
2022-07-01 23:59 - 2022-07-01 23:59 - 000001447 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2022-07-01 23:59 - 2022-07-01 23:59 - 000001014 _____ C:\Users\Public\Desktop\EVGA Precision X1.lnk
2022-07-01 23:59 - 2022-07-01 23:59 - 000000000 ____D C:\Users\krigh\AppData\Roaming\EVGA
2022-07-01 23:59 - 2022-07-01 23:59 - 000000000 ____D C:\Users\krigh\AppData\Local\EVGA_Co.,_Ltd
2022-07-01 23:59 - 2022-07-01 23:59 - 000000000 ____D C:\Users\krigh\AppData\Local\DBG
2022-07-01 23:59 - 2022-07-01 23:59 - 000000000 ____D C:\Users\krigh\ansel
2022-07-01 23:58 - 2022-07-03 23:34 - 000003212 _____ C:\Windows\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-07-01 23:58 - 2022-07-01 23:59 - 000000000 ____D C:\Windows\SysWOW64\directx
2022-07-01 23:58 - 2022-07-01 23:58 - 000004308 _____ C:\Windows\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-07-01 23:58 - 2022-07-01 23:58 - 000003940 _____ C:\Windows\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-07-01 23:58 - 2022-07-01 23:58 - 000003894 _____ C:\Windows\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-07-01 23:58 - 2022-07-01 23:58 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-07-01 23:58 - 2022-07-01 23:58 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-07-01 23:58 - 2022-07-01 23:58 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-07-01 23:58 - 2022-07-01 23:58 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-07-01 23:58 - 2022-07-01 23:58 - 000003654 _____ C:\Windows\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-07-01 23:58 - 2022-07-01 23:58 - 000001218 _____ C:\Users\Public\Desktop\EVGA Unleash RGB.lnk
2022-07-01 23:58 - 2022-07-01 23:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2022-07-01 23:58 - 2022-07-01 23:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EVGA
2022-07-01 23:58 - 2022-07-01 23:58 - 000000000 ____D C:\ProgramData\EVGA
2022-07-01 23:58 - 2022-07-01 23:58 - 000000000 ____D C:\Program Files\EVGA
2022-07-01 23:58 - 2022-07-01 23:58 - 000000000 ____D C:\Program Files (x86)\EVGA
2022-07-01 23:58 - 2022-06-23 23:05 - 002859264 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2022-07-01 23:58 - 2022-06-23 23:05 - 002200272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2022-07-01 23:58 - 2022-06-23 23:05 - 001295104 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll
2022-07-01 23:58 - 2022-06-23 23:05 - 000082552 _____ C:\Windows\system32\FvSDK_x64.dll
2022-07-01 23:58 - 2022-06-23 23:05 - 000071288 _____ C:\Windows\SysWOW64\FvSDK_x86.dll
2022-07-01 23:58 - 2022-06-23 23:05 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2022-07-01 23:57 - 2022-07-01 23:58 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2022-07-01 23:57 - 2022-07-01 23:57 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2022-07-01 23:57 - 2022-06-23 23:05 - 000168656 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2022-07-01 23:57 - 2022-06-23 23:05 - 000144592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2022-07-01 23:56 - 2022-06-24 11:26 - 001905936 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2022-07-01 23:56 - 2022-06-24 11:26 - 001905936 _____ C:\Windows\system32\vulkaninfo.exe
2022-07-01 23:56 - 2022-06-24 11:26 - 001478384 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2022-07-01 23:56 - 2022-06-24 11:26 - 001478384 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2022-07-01 23:56 - 2022-06-24 11:26 - 001472552 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2022-07-01 23:56 - 2022-06-24 11:26 - 001432304 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2022-07-01 23:56 - 2022-06-24 11:26 - 001432304 _____ C:\Windows\system32\vulkan-1.dll
2022-07-01 23:56 - 2022-06-24 11:26 - 001213416 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2022-07-01 23:56 - 2022-06-24 11:26 - 001145584 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2022-07-01 23:56 - 2022-06-24 11:26 - 001145584 _____ C:\Windows\SysWOW64\vulkan-1.dll
2022-07-01 23:56 - 2022-06-24 11:23 - 000866344 _____ C:\Windows\system32\nvofapi64.dll
2022-07-01 23:56 - 2022-06-24 11:23 - 000687592 _____ C:\Windows\SysWOW64\nvofapi.dll
2022-07-01 23:56 - 2022-06-24 11:22 - 001537064 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2022-07-01 23:56 - 2022-06-24 11:22 - 001182696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2022-07-01 23:56 - 2022-06-24 11:22 - 000771560 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2022-07-01 23:56 - 2022-06-24 11:22 - 000715304 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2022-07-01 23:56 - 2022-06-24 11:21 - 002127864 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2022-07-01 23:56 - 2022-06-24 11:21 - 001608232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2022-07-01 23:56 - 2022-06-24 11:21 - 001059904 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2022-07-01 23:56 - 2022-06-24 11:21 - 000845304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2022-07-01 23:56 - 2022-06-24 11:21 - 000456168 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2022-07-01 23:56 - 2022-06-24 11:20 - 010270256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2022-07-01 23:56 - 2022-06-24 11:20 - 008804400 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2022-07-01 23:56 - 2022-06-24 11:20 - 005734392 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2022-07-01 23:56 - 2022-06-24 11:20 - 005363248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2022-07-01 23:56 - 2022-06-24 11:20 - 003067440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2022-07-01 23:56 - 2022-06-24 11:19 - 000853568 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2022-07-01 23:56 - 2022-06-24 10:40 - 007483904 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2022-07-01 23:56 - 2022-06-24 10:40 - 006366896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2022-07-01 23:56 - 2022-06-23 23:05 - 000093241 _____ C:\Windows\system32\nvinfo.pb
2022-07-01 23:56 - 2022-06-23 23:05 - 000067464 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2022-07-01 23:56 - 2022-06-23 23:05 - 000050272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\NvModuleTracker.sys
2022-07-01 23:56 - 2022-06-23 23:05 - 000048552 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2022-07-01 23:56 - 2022-06-23 23:05 - 000041984 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhdap64.dll
2022-07-01 23:55 - 2022-07-03 23:40 - 000000000 ____D C:\Users\krigh\AppData\Roaming\TcNo Account Switcher
2022-07-01 23:55 - 2022-07-01 23:55 - 000000000 ____D C:\Users\krigh\AppData\Local\ASP.NET
2022-07-01 23:54 - 2022-07-01 23:54 - 000000914 _____ C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2022-07-01 23:54 - 2022-07-01 23:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2022-07-01 23:54 - 2022-07-01 23:54 - 000000000 ____D C:\Program Files\CPUID
2022-07-01 23:53 - 2022-07-01 23:54 - 000000000 ____D C:\Program Files (x86)\ExitLag
2022-07-01 23:53 - 2022-07-01 23:53 - 000001076 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExitLag.lnk
2022-07-01 23:53 - 2022-07-01 23:53 - 000001064 _____ C:\Users\Public\Desktop\ExitLag.lnk
2022-07-01 23:53 - 2022-07-01 23:53 - 000001048 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z.lnk
2022-07-01 23:53 - 2022-07-01 23:53 - 000000000 ____D C:\Program Files\dotnet
2022-07-01 23:53 - 2022-07-01 23:53 - 000000000 ____D C:\Program Files (x86)\GPU-Z
2022-07-01 23:53 - 2018-04-11 13:42 - 000048640 _____ (SKOWSAND SERVICOS DE PROVEDORES E INTERNET LTDA - ME) C:\Windows\system32\Drivers\ndextlag.sys
2022-07-01 23:39 - 2022-07-01 23:39 - 000335872 _____ C:\Windows\system32\Windows.Management.InprocObjects.dll
2022-07-01 23:39 - 2022-07-01 23:39 - 000015024 _____ C:\Windows\system32\DrtmAuthTxt.wim
2022-07-01 23:38 - 2022-07-03 20:58 - 000000000 ____D C:\Users\krigh\AppData\Roaming\Kodi
2022-07-01 23:38 - 2022-07-01 23:38 - 000000000 ___HD C:\$WinREAgent
2022-07-01 23:36 - 2022-07-03 23:48 - 000000000 ____D C:\Program Files (x86)\Steam
2022-07-01 23:36 - 2022-07-03 16:55 - 000000000 ____D C:\ProgramData\Package Cache
2022-07-01 23:36 - 2022-07-02 00:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodi
2022-07-01 23:36 - 2022-07-01 23:36 - 000001689 _____ C:\Users\krigh\Desktop\Kodi.lnk
2022-07-01 23:36 - 2022-07-01 23:36 - 000001036 _____ C:\Users\Public\Desktop\Steam.lnk
2022-07-01 23:36 - 2022-07-01 23:36 - 000000000 ____D C:\Users\krigh\AppData\Local\Steam
2022-07-01 23:36 - 2022-07-01 23:36 - 000000000 ____D C:\Users\krigh\AppData\Local\ElevatedDiagnostics
2022-07-01 23:36 - 2022-07-01 23:36 - 000000000 ____D C:\Users\krigh\AppData\Local\CEF
2022-07-01 23:36 - 2022-07-01 23:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2022-07-01 23:36 - 2022-07-01 23:36 - 000000000 ____D C:\Program Files\Kodi
2022-07-01 23:34 - 2022-07-01 23:34 - 000000000 ____D C:\Windows\system32\HealthAttestationClient
2022-07-01 23:30 - 2022-07-01 23:30 - 000831488 _____ (Microsoft Corporation) C:\Windows\system32\Bubbles.scr
2022-07-01 23:30 - 2022-07-01 23:30 - 000774144 _____ C:\Windows\system32\FsNVSDeviceSource.dll
2022-07-01 23:30 - 2022-07-01 23:30 - 000557056 _____ (Microsoft Corporation) C:\Windows\system32\PhotoScreensaver.scr
2022-07-01 23:30 - 2022-07-01 23:30 - 000523776 _____ (curl, hxxps://curl.se/) C:\Windows\system32\curl.exe
2022-07-01 23:30 - 2022-07-01 23:30 - 000485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoScreensaver.scr
2022-07-01 23:30 - 2022-07-01 23:30 - 000464384 _____ (curl, hxxps://curl.se/) C:\Windows\SysWOW64\curl.exe
2022-07-01 23:30 - 2022-07-01 23:30 - 000442368 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2022-07-01 23:30 - 2022-07-01 23:30 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2022-07-01 23:30 - 2022-07-01 23:30 - 000323584 _____ (Microsoft Corporation) C:\Windows\system32\unimdm.tsp
2022-07-01 23:30 - 2022-07-01 23:30 - 000299008 _____ C:\Windows\system32\EsclScan.dll
2022-07-01 23:30 - 2022-07-01 23:30 - 000254976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unimdm.tsp
2022-07-01 23:30 - 2022-07-01 23:30 - 000253952 _____ (Microsoft Corporation) C:\Windows\system32\ssText3d.scr
2022-07-01 23:30 - 2022-07-01 23:30 - 000247808 _____ C:\Windows\SysWOW64\pku2u.dll
2022-07-01 23:30 - 2022-07-01 23:30 - 000208896 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\system32\l3codecp.acm
2022-07-01 23:30 - 2022-07-01 23:30 - 000196096 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\SysWOW64\l3codecp.acm
2022-07-01 23:30 - 2022-07-01 23:30 - 000180224 _____ C:\Windows\system32\EsclProtocol.dll
2022-07-01 23:30 - 2022-07-01 23:30 - 000176128 _____ (Microsoft Corporation) C:\Windows\system32\Ribbons.scr
2022-07-01 23:30 - 2022-07-01 23:30 - 000176128 _____ (Microsoft Corporation) C:\Windows\system32\Mystify.scr
2022-07-01 23:30 - 2022-07-01 23:30 - 000122880 _____ (Microsoft Corporation) C:\Windows\system32\remotesp.tsp
2022-07-01 23:30 - 2022-07-01 23:30 - 000088064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\remotesp.tsp
2022-07-01 23:30 - 2022-07-01 23:30 - 000079192 _____ C:\Windows\system32\Drivers\NDKPerf.sys
2022-07-01 23:30 - 2022-07-01 23:30 - 000061440 _____ (Microsoft Corporation) C:\Windows\system32\hidphone.tsp
2022-07-01 23:30 - 2022-07-01 23:30 - 000051712 _____ C:\Windows\SysWOW64\CredProvCommonCore.dll
2022-07-01 23:30 - 2022-07-01 23:30 - 000049152 _____ (Microsoft Corporation) C:\Windows\system32\more.com
2022-07-01 23:30 - 2022-07-01 23:30 - 000049152 _____ (Microsoft Corporation) C:\Windows\system32\mode.com
2022-07-01 23:30 - 2022-07-01 23:30 - 000046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\format.com
2022-07-01 23:30 - 2022-07-01 23:30 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\tree.com
2022-07-01 23:30 - 2022-07-01 23:30 - 000039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kmddsp.tsp
2022-07-01 23:30 - 2022-07-01 23:30 - 000032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hidphone.tsp
2022-07-01 23:30 - 2022-07-01 23:30 - 000027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mode.com
2022-07-01 23:30 - 2022-07-01 23:30 - 000024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\more.com
2022-07-01 23:30 - 2022-07-01 23:30 - 000019456 _____ C:\Windows\SysWOW64\WsdProviderUtil.dll
2022-07-01 23:30 - 2022-07-01 23:30 - 000017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tree.com
2022-07-01 23:30 - 2022-07-01 23:30 - 000013824 _____ C:\Windows\SysWOW64\prxyqry.dll
2022-07-01 23:29 - 2022-07-01 23:29 - 002550832 _____ (The ICU Project) C:\Windows\system32\icu.dll
2022-07-01 23:29 - 2022-07-01 23:29 - 002125824 _____ C:\Windows\system32\dwmscene.dll
2022-07-01 23:29 - 2022-07-01 23:29 - 002080992 _____ (The ICU Project) C:\Windows\SysWOW64\icu.dll
2022-07-01 23:29 - 2022-07-01 23:29 - 000643072 _____ C:\Windows\system32\SettingSyncDownloadHelper.dll
2022-07-01 23:29 - 2022-07-01 23:29 - 000614400 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2022-07-01 23:29 - 2022-07-01 23:29 - 000460800 _____ C:\Windows\SysWOW64\SettingSyncDownloadHelper.dll
2022-07-01 23:29 - 2022-07-01 23:29 - 000372736 _____ C:\Windows\system32\hwreqchk.dll
2022-07-01 23:29 - 2022-07-01 23:29 - 000356352 _____ C:\Windows\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2022-07-01 23:29 - 2022-07-01 23:29 - 000339968 _____ C:\Windows\system32\pku2u.dll
2022-07-01 23:29 - 2022-07-01 23:29 - 000335872 _____ C:\Windows\system32\Windows.Internal.UI.Dialogs.dll
2022-07-01 23:29 - 2022-07-01 23:29 - 000294912 _____ C:\Windows\system32\pnpdiag.dll
2022-07-01 23:29 - 2022-07-01 23:29 - 000286720 _____ C:\Windows\system32\Microsoft.Bluetooth.Audio.dll
2022-07-01 23:29 - 2022-07-01 23:29 - 000210432 _____ C:\Windows\system32\CloudIdWxhExtension.dll
2022-07-01 23:29 - 2022-07-01 23:29 - 000208896 _____ C:\Windows\system32\BthpanContextHandler.dll
2022-07-01 23:29 - 2022-07-01 23:29 - 000180224 _____ C:\Windows\system32\CloudExperienceHostRedirection.dll
2022-07-01 23:29 - 2022-07-01 23:29 - 000098304 _____ C:\Windows\system32\sstpcfg.dll
2022-07-01 23:29 - 2022-07-01 23:29 - 000086016 _____ C:\Windows\system32\printticketvalidation.dll
2022-07-01 23:29 - 2022-07-01 23:29 - 000086016 _____ C:\Windows\system32\CredProvCommonCore.dll
2022-07-01 23:29 - 2022-07-01 23:29 - 000077824 _____ C:\Windows\system32\APMonUI.dll
2022-07-01 23:29 - 2022-07-01 23:29 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp
2022-07-01 23:29 - 2022-07-01 23:29 - 000069632 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2022-07-01 23:29 - 2022-07-01 23:29 - 000067528 _____ (Microsoft Corporation) C:\Windows\system32\msgsm32.acm
2022-07-01 23:29 - 2022-07-01 23:29 - 000065536 _____ (Microsoft Corporation) C:\Windows\system32\format.com
2022-07-01 23:29 - 2022-07-01 23:29 - 000063392 _____ (Microsoft Corporation) C:\Windows\system32\imaadp32.acm
2022-07-01 23:29 - 2022-07-01 23:29 - 000061440 _____ (Microsoft Corporation) C:\Windows\system32\scrnsave.scr
2022-07-01 23:29 - 2022-07-01 23:29 - 000059264 _____ (Microsoft Corporation) C:\Windows\system32\msadp32.acm
2022-07-01 23:29 - 2022-07-01 23:29 - 000042752 _____ C:\Windows\system32\wow64base.dll
2022-07-01 23:29 - 2022-07-01 23:29 - 000040960 _____ C:\Windows\system32\WsdProviderUtil.dll
2022-07-01 23:29 - 2022-07-01 23:29 - 000040960 _____ C:\Windows\system32\prxyqry.dll
2022-07-01 23:29 - 2022-07-01 23:29 - 000038760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msgsm32.acm
2022-07-01 23:29 - 2022-07-01 23:29 - 000034112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imaadp32.acm
2022-07-01 23:29 - 2022-07-01 23:29 - 000033568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msadp32.acm
2022-07-01 23:29 - 2022-07-01 23:29 - 000032768 _____ C:\Windows\system32\agentactivationruntimestarter.exe
2022-07-01 23:29 - 2022-07-01 23:29 - 000032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrnsave.scr
2022-07-01 23:27 - 2022-07-03 23:35 - 000002980 _____ C:\Windows\system32\Tasks\VivaldiUpdateCheck-c93191a246345092
2022-07-01 23:27 - 2022-07-03 10:13 - 000000527 _____ C:\Users\krigh\.vivaldi_reporting_data
2022-07-01 23:27 - 2022-07-01 23:27 - 000002389 _____ C:\Users\krigh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2022-07-01 23:27 - 2022-07-01 23:27 - 000002352 _____ C:\Users\krigh\Desktop\Vivaldi.lnk
2022-07-01 23:27 - 2022-07-01 23:27 - 000000000 ____D C:\Users\krigh\AppData\Local\Vivaldi
2022-07-01 23:26 - 2022-07-01 23:59 - 000000000 ____D C:\Users\krigh\AppData\Local\NVIDIA
2022-07-01 23:25 - 2022-07-01 23:25 - 000000000 ____D C:\Users\krigh\AppData\Local\OneDrive
2022-07-01 23:25 - 2022-07-01 23:25 - 000000000 ____D C:\Users\krigh\AppData\Local\Comms
2022-07-01 23:25 - 2022-07-01 23:25 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-07-01 23:24 - 2022-07-02 10:55 - 000000000 ___RD C:\Users\krigh\OneDrive
2022-07-01 23:24 - 2022-07-02 00:21 - 000000000 ____D C:\Users\krigh\AppData\Local\PlaceholderTileLogoFolder
2022-07-01 23:24 - 2022-07-01 23:25 - 000000000 ____D C:\Windows\system32\MRT
2022-07-01 23:24 - 2022-07-01 23:24 - 000000000 ____D C:\Users\krigh\AppData\Local\VirtualStore
2022-07-01 23:24 - 2022-07-01 23:24 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2022-07-01 23:23 - 2022-07-01 23:23 - 000000000 ____D C:\Users\krigh\AppData\Local\Publishers
2022-07-01 23:22 - 2022-07-03 10:31 - 000000000 ____D C:\Users\krigh\AppData\Local\D3DSCache
2022-07-01 23:22 - 2022-07-02 12:12 - 000000000 ____D C:\Users\krigh\AppData\Local\Packages
2022-07-01 23:22 - 2022-07-02 00:08 - 000000000 ____D C:\Users\krigh\AppData\Roaming\Adobe
2022-07-01 23:22 - 2022-07-01 23:35 - 000000000 ____D C:\Users\krigh\AppData\Local\ConnectedDevicesPlatform
2022-07-01 23:22 - 2022-07-01 23:24 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-07-01 23:21 - 2022-07-03 23:41 - 000803404 _____ C:\Windows\system32\PerfStringBackup.INI
2022-07-01 23:20 - 2022-07-03 23:34 - 000000000 ____D C:\ProgramData\NVIDIA
2022-07-01 23:20 - 2022-07-02 12:09 - 000000000 ____D C:\Users\krigh
2022-07-01 23:20 - 2022-07-02 12:04 - 000000000 ____D C:\ProgramData\Packages
2022-07-01 23:20 - 2022-07-02 08:55 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2022-07-01 23:20 - 2022-07-01 23:58 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2022-07-01 23:20 - 2022-07-01 23:20 - 000000020 ___SH C:\Users\krigh\ntuser.ini
2022-07-01 23:20 - 2022-06-23 23:05 - 000129032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2022-07-01 23:20 - 2021-06-05 08:04 - 000001281 _____ C:\Users\krigh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools.lnk
2022-07-01 23:20 - 2021-06-05 08:04 - 000000407 _____ C:\Users\krigh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Explorer.lnk
2022-07-01 23:18 - 2022-07-01 23:22 - 000338040 _____ () C:\Windows\system32\AsusDownLoadLicense.exe
2022-07-01 20:53 - 2022-07-01 23:52 - 000000000 ____D C:\Users\krigh\Desktop\Redemption Energy
2022-06-06 22:53 - 2022-06-06 22:53 - 055466752 _____ C:\Windows\system32\Drivers\Netwfw10.dat
2022-06-06 22:53 - 2022-06-06 22:53 - 004946512 _____ (Intel Corporation) C:\Windows\system32\Drivers\Netwtw10.sys
2022-06-06 22:53 - 2022-06-06 22:53 - 001626200 _____ (Intel Corporation) C:\Windows\system32\IntelIHVRouter10.dll

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-07-03 23:41 - 2021-06-05 08:09 - 000000000 ____D C:\Windows\INF
2022-07-03 23:36 - 2021-06-05 08:10 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-07-03 23:34 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\SystemTemp
2022-07-03 23:34 - 2021-06-05 08:01 - 000524288 _____ C:\Windows\system32\config\BBI
2022-07-03 16:25 - 2021-06-05 08:01 - 000032768 _____ C:\Windows\system32\config\ELAM
2022-07-03 14:12 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\AppReadiness
2022-07-03 10:30 - 2021-06-05 08:10 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2022-07-03 10:23 - 2021-06-05 08:10 - 000000000 ___HD C:\Windows\ELAMBKUP
2022-07-02 23:59 - 2021-06-05 08:10 - 000000000 ___HD C:\Program Files\WindowsApps
2022-07-02 23:58 - 2021-06-05 08:01 - 000000000 ____D C:\Windows\CbsTemp
2022-07-02 07:19 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\appcompat
2022-07-02 03:13 - 2021-06-05 08:08 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2022-07-02 02:16 - 2021-06-05 09:16 - 000000000 ____D C:\Windows\system32\FxsTmp
2022-07-02 02:16 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2022-07-02 02:16 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\system32\spool
2022-07-02 02:16 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\ServiceState
2022-07-02 02:16 - 2021-06-05 08:10 - 000000000 ____D C:\ProgramData\USOPrivate
2022-07-02 00:07 - 2021-06-05 08:10 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2022-07-02 00:07 - 2021-06-05 08:01 - 000000000 ____D C:\Windows\servicing
2022-07-01 23:43 - 2021-06-05 08:10 - 000000000 ____D C:\Program Files\Windows Defender
2022-07-01 23:42 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\SysWOW64\eu-ES
2022-07-01 23:42 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\SysWOW64\Dism
2022-07-01 23:42 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\SystemResources
2022-07-01 23:42 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\system32\oobe
2022-07-01 23:42 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\system32\eu-ES
2022-07-01 23:42 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\system32\Dism
2022-07-01 23:42 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\system32\appraiser
2022-07-01 23:42 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\ShellExperiences
2022-07-01 23:42 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\Provisioning
2022-07-01 23:42 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\PolicyDefinitions
2022-07-01 23:42 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\bcastdvr
2022-07-01 23:35 - 2021-06-05 08:10 - 000000000 ___RD C:\Windows\PrintDialog
2022-07-01 23:35 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\system32\Drivers\DriverData
2022-07-01 23:34 - 2021-06-05 09:17 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2022-07-01 23:34 - 2021-06-05 09:17 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2022-07-01 23:34 - 2021-06-05 08:10 - 000000000 ___SD C:\Windows\SysWOW64\F12
2022-07-01 23:34 - 2021-06-05 08:10 - 000000000 ___SD C:\Windows\system32\UNP
2022-07-01 23:34 - 2021-06-05 08:10 - 000000000 ___SD C:\Windows\system32\F12
2022-07-01 23:34 - 2021-06-05 08:10 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2022-07-01 23:34 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\SysWOW64\vi-VN
2022-07-01 23:34 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\SysWOW64\setup
2022-07-01 23:34 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\SysWOW64\oobe
2022-07-01 23:34 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\SysWOW64\lv-LV
2022-07-01 23:34 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\SysWOW64\lt-LT
2022-07-01 23:34 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\SysWOW64\id-ID
2022-07-01 23:34 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\SysWOW64\gl-ES
2022-07-01 23:34 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\SysWOW64\et-EE
2022-07-01 23:34 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\SysWOW64\es-MX
2022-07-01 23:34 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\SysWOW64\Com
2022-07-01 23:34 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\SysWOW64\ca-ES
2022-07-01 23:34 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2022-07-01 23:34 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\system32\vi-VN
2022-07-01 23:34 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2022-07-01 23:34 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\system32\Sysprep
2022-07-01 23:34 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\system32\setup
2022-07-01 23:34 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\system32\migwiz
2022-07-01 23:34 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\system32\lv-LV
2022-07-01 23:34 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\system32\lt-LT
2022-07-01 23:34 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\system32\id-ID
2022-07-01 23:34 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\system32\gl-ES
2022-07-01 23:34 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\system32\et-EE
2022-07-01 23:34 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\system32\es-MX
2022-07-01 23:34 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\system32\DDFs
2022-07-01 23:34 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\system32\Com
2022-07-01 23:34 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\system32\ca-ES
2022-07-01 23:34 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\ShellComponents
2022-07-01 23:34 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\IME
2022-07-01 23:34 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\DiagTrack
2022-07-01 23:34 - 2021-06-05 08:10 - 000000000 ____D C:\Program Files\Common Files\System
2022-07-01 23:32 - 2021-06-05 08:08 - 000245760 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2022-07-01 23:32 - 2021-06-05 08:08 - 000207360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,425
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

The only log you submitted is clean of malware.
I suspect that Windows Defender did protect you.
Some files are still in the Quarantined folder and will take care of that.


Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Before you post the logs clean the Windows Defender's quarantined files.


How to: Delete quarantined files.

Follow the directives on the page to delete all the files in the quarantine folder.

Restart the computer when done.
<<<>>>


Please post the Fixlog.txt

If the problem persists include the Addition.txt log that was created by the Farbar scan.
 

Attachments

  • Fixlist.txt
    902 bytes · Views: 28
  • Like
Reactions: upnorth
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top