Solved Virus remain after format [Moved by Staff]

Status
Not open for further replies.

Strike

Level 1
Thread author
Jun 12, 2022
23
Hi,my pc is infected with Remote access trojan (RAT).
Which remain after system format.
And is 100% undetectable my any antivirus software i used.
I also paid for virus removal at pc service ,but when i back at home the virus it wasn't removed.
What to do?
 
  • Sad
  • Like
Reactions: kylprq and Trident

icotonev

Moderator
Verified
Staff Member
Mar 9, 2017
532
Hello,Strike..! :)

My name is icotonev and I'm here to help you remove malware ..! Before we begin, please note the following:
  • First, please keep in mind most of us at MalwareTips volunteer our assistance for your benefit in your time of need. Please try to match our commitment to you with your patience toward us.Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.
  • It is important to not run any tools or take any steps other than those I will provide for you.Also, do not uninstall or install any software during the procedure, unless I ask you to do so.
  • Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.
  • Please perform all steps in the order they are listed. If things are not clear or you experience problems be sure to stop and let me know.
  • Please attach all logs into your post unless otherwise requested.
  • When your computer is clean I will let you know, provide instructions to remove tools and reports, and offer you information about how you can combat future infections.
  • If you do not reply to your topic after 5 days I will assume it has been abandoned and I will close it.

Please follow the following instruction ..:

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.
If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe

Note
: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.
---------------------------------------------------

In your next reply, please include:
  • FRST.txt
  • Addition.txt
 
  • Like
Reactions: Trident

Strike

Level 1
Thread author
Jun 12, 2022
23
Здрасти,брато. :)
Ето ги и логовете :
FRST Log :
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2024 01
Ran by Ahimsa (administrator) on DESKTOP-EIMTHTM (Gigabyte Technology Co., Ltd. GA-MA770T-UD3) (02-02-2024 19:19:07)
Running from C:\Users\Ahimsa\Desktop\FRST64.exe
Loaded Profiles: Ahimsa
Platform: Microsoft Windows 10 Home Version 22H2 19045.3996 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Mullvad VPN AB) [File not signed] C:\Users\Ahimsa\Desktop\Mullvad Browser\Browser\mullvadbrowser.exe <11>
(services.exe ->) (Bkav Corporation -> Bkav Restore Service) C:\Windows\SysWOW64\BkavRestoreService.exe
(services.exe ->) (Glarysoft Ltd -> Glarysoft Ltd) C:\Program Files (x86)\Common Files\Glarysoft\StartupManager\1.0\GUBootService.exe
(services.exe ->) (Glarysoft Ltd -> Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities\x64\MemfilesService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2312.7.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\Software\Policies\...\system: [HiberbootEnabled] 0
HKU\S-1-5-21-3628294698-195839899-1095030745-1001\...\Run: [MicrosoftEdgeAutoLaunch_017B8FE825A7F9F4CD0DEE0D211F9E3B] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3788224 2024-01-25] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3628294698-195839899-1095030745-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4388200 2024-01-13] (Valve Corp. -> Valve Corporation)
BootExecute: autocheck autochk *
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01D73DE7-B495-4191-9301-988D62C00E12} - System32\Tasks\ASC_SkipUac_Ahimsa => "C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe" /SkipUac (No File)
Task: {5BEFE441-A41E-4D4A-83AB-BEB88BDB92F3} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\27.0.1.266\WatchDog.exe repair (No File)
Task: {5B91E047-CA7A-4B08-AE28-7AD1D8EB8C5E} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\Initialize.exe [143256 2024-01-15] (Glarysoft Ltd -> Glarysoft Ltd)
Task: {FFEE23B2-F5E4-4650-B02A-38CBF8236145} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2024-01-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5B4D61D5-1C54-477C-8EDF-E9B52E23B72F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2024-01-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {94090E05-E37E-4499-9B92-3FA4BDCED0B8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2024-01-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3158F5CB-45E6-4657-9348-86A728FA0F28} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2024-01-10] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{448aed84-857d-4de9-8f7d-dfa46b35df50}: [DhcpNameServer] 192.168.1.1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

Edge:
=======
Edge Profile: C:\Users\Ahimsa\AppData\Local\Microsoft\Edge\User Data\Default [2024-02-02]
Edge Extension: (Bitdefender Anti-tracker) - C:\Users\Ahimsa\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dbconhplchnbippmjabbcedokimacfjl [2024-01-31]
Edge Extension: (Google Docs Offline) - C:\Users\Ahimsa\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-01-10]
Edge Extension: (Edge relevant text changes) - C:\Users\Ahimsa\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]
Edge HKU\S-1-5-21-3628294698-195839899-1095030745-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [jcpgbnbdnakoblgfkbgggankeidkfcdl]
Edge HKLM-x32\...\Edge\Extension: [dbconhplchnbippmjabbcedokimacfjl]
Edge HKLM-x32\...\Edge\Extension: [jcpgbnbdnakoblgfkbgggankeidkfcdl]

FireFox:
========
FF HKLM\...\Firefox\Extensions: [@revesafebrowsing] - C:\ProgramData\REVE Antivirus\Modules\plugins\mozilla\reve_safebrowsing-1.1.46-fx+an.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [@revesafebrowsing] - C:\ProgramData\REVE Antivirus\Modules\plugins\mozilla\reve_safebrowsing-1.1.46-fx+an.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [bkavsiteadvisor@bkav.com.vn] - C:\Program Files (x86)\BkavHome\SiteAdvisor\Firefox => not found
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [hlkkiebmffkgpgkajeeedjgehnlogjlg] - C <not found>
CHR HKLM-x32\...\Chrome\Extension: [kjomkjjpbjeennhagfmlahfnlgleecmn] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [pcnancbdijenfaameanloddnkbjhfaal] - C:\Program Files (x86)\BkavHome\SiteAdvisor\BkavChrSiteAdvisor.crx <not found>

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BkavRestoreService; C:\Windows\SysWOW64\BkavRestoreService.exe [333792 2024-02-01] (Bkav Corporation -> Bkav Restore Service)
R2 GUBootService; C:\Program Files (x86)\Common Files\Glarysoft\StartupManager\1.0\GUBootService.exe [888216 2024-01-15] (Glarysoft Ltd -> Glarysoft Ltd)
R2 GUMemfilesService; C:\Program Files (x86)\Glary Utilities\x64\MemfilesService.exe [433560 2024-01-15] (Glarysoft Ltd -> Glarysoft Ltd)
S3 GUPMService; C:\Program Files (x86)\Glary Utilities\GUPMService.exe [76696 2024-01-15] (Glarysoft Ltd -> Glarysoft Ltd)
S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [807352 2024-01-15] (Oracle Corporation -> Oracle and/or its affiliates)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23110.3-0\NisSrv.exe [3174840 2024-01-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23110.3-0\MsMpEng.exe [133592 2024-01-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 NVDisplay.ContainerLocalSystem; no ImagePath
S3 WMPNetworkSvc; no ImagePath

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 amsdk; no ImagePath
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S1 epp; no ImagePath
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [23568 2024-01-31] (Microsoft Windows Hardware Compatibility Publisher -> Glarysoft Ltd)
R3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [254664 2024-01-15] (Oracle Corporation -> Oracle and/or its affiliates)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [265536 2024-01-15] (Oracle Corporation -> Oracle and/or its affiliates)
R1 VBoxSup; C:\Windows\system32\DRIVERS\VBoxSup.sys [1064064 2024-01-15] (Oracle Corporation -> Oracle and/or its affiliates)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [189304 2024-01-15] (Oracle Corporation -> Oracle and/or its affiliates)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [55856 2024-01-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [594304 2024-01-10] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105856 2024-01-10] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-02-02 19:19 - 2024-02-02 19:20 - 000010537 _____ C:\Users\Ahimsa\Desktop\FRST.txt
2024-02-02 19:18 - 2024-02-02 19:19 - 000000000 ____D C:\FRST
2024-02-02 19:16 - 2024-02-02 19:16 - 002389504 _____ (Farbar) C:\Users\Ahimsa\Desktop\FRST64.exe
2024-02-02 18:41 - 2024-02-02 18:41 - 000000015 _____ C:\Users\Ahimsa\Desktop\malware tips pw.txt
2024-02-02 14:29 - 2024-02-02 14:29 - 000000000 ____D C:\Users\Ahimsa\AppData\Local\cleaneronepro-updater
2024-02-02 14:29 - 2024-02-02 14:29 - 000000000 ____D C:\ProgramData\Trend Micro
2024-02-02 14:19 - 2024-02-02 14:20 - 000000000 ____D C:\Program Files\Trend Micro
2024-02-01 18:32 - 2024-02-01 18:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BkavHome
2024-02-01 18:32 - 2024-02-01 18:32 - 000000000 ____D C:\Users\Ahimsa\AppData\Roaming\Bkav
2024-02-01 18:32 - 2024-02-01 18:32 - 000000000 ____D C:\Users\Ahimsa\AppData\Roaming\Backup
2024-02-01 18:23 - 2024-02-01 18:07 - 000333792 _____ (Bkav Restore Service) C:\Windows\SysWOW64\BkavRestoreService.exe
2024-02-01 18:21 - 2024-02-01 18:25 - 000000000 ____D C:\Program Files (x86)\BkavBackup
2024-02-01 18:16 - 2024-02-01 18:16 - 000000107 ___SH C:\bkavsysinfo_free.sys
2024-02-01 18:10 - 2024-02-01 18:16 - 000001048 _____ C:\Windows\system32\Drivers\BkavSR.lbd
2024-02-01 18:08 - 2024-02-01 18:11 - 000000000 ____D C:\ProgramData\Bkav
2024-02-01 18:06 - 2024-02-02 17:57 - 000000000 ____D C:\Program Files (x86)\Bkav Corporation
2024-02-01 18:06 - 2024-02-01 18:29 - 000000000 ____D C:\Program Files (x86)\BkavPro
2024-02-01 17:52 - 2024-02-01 17:52 - 000304272 _____ C:\ProgramData\uninstalltool.1706802622.bdinstall.v2.bin
2024-02-01 17:52 - 2024-02-01 17:52 - 000000000 ____D C:\Users\Ahimsa\AppData\Local\Bitdefender
2024-02-01 17:48 - 2024-02-01 18:07 - 000005094 _____ C:\Program Files\SDLog.txt
2024-01-31 17:35 - 2024-01-31 17:36 - 000000000 ____D C:\ProgramData\GlarySoft
2024-01-31 17:28 - 2024-02-02 18:05 - 000000000 ____D C:\Program Files (x86)\Glary Utilities
2024-01-31 17:28 - 2024-01-31 17:38 - 000000000 ____D C:\Users\Ahimsa\AppData\Roaming\GlarySoft
2024-01-31 17:28 - 2024-01-31 17:28 - 000003276 _____ C:\Windows\system32\Tasks\GlaryInitialize
2024-01-31 17:28 - 2024-01-31 17:28 - 000001155 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities.lnk
2024-01-31 17:28 - 2024-01-31 17:28 - 000001143 _____ C:\Users\Public\Desktop\Glary Utilities.lnk
2024-01-31 17:28 - 2024-01-31 17:28 - 000000000 ____D C:\Users\Ahimsa\AppData\Roaming\DiskDefrag
2024-01-31 17:28 - 2024-01-31 17:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities
2024-01-31 15:07 - 2024-01-31 15:18 - 000000000 ____D C:\Users\Ahimsa\AppData\Local\Steam
2024-01-31 15:05 - 2024-01-31 18:12 - 000000000 ____D C:\Program Files (x86)\Steam
2024-01-31 15:05 - 2024-01-31 15:05 - 002296488 _____ C:\Users\Ahimsa\Downloads\SteamSetup.exe
2024-01-31 15:05 - 2024-01-31 15:05 - 000001032 _____ C:\Users\Public\Desktop\Steam.lnk
2024-01-31 15:05 - 2024-01-31 15:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2024-01-31 14:52 - 2024-01-31 14:52 - 008797968 _____ (Malwarebytes) C:\Users\Ahimsa\Desktop\adwcleaner(1).exe
2024-01-30 19:14 - 2024-01-30 19:14 - 000197752 _____ C:\ProgramData\vpn.1706634850.bdinstall.v2.bin
2024-01-30 19:14 - 2024-01-30 19:14 - 000000000 ____D C:\ProgramData\UnifiedSDK.Service
2024-01-30 19:07 - 2024-01-30 19:07 - 000703228 _____ C:\ProgramData\cl.1706634233.bdinstall.v2.bin
2024-01-30 19:07 - 2024-01-30 19:07 - 000126564 _____ C:\ProgramData\cl.kit.1706634230.bdinstall.v2.bin
2024-01-30 19:06 - 2024-01-30 19:06 - 000000000 ____D C:\ProgramData\Gemma
2024-01-30 19:06 - 2024-01-30 19:06 - 000000000 ____D C:\ProgramData\48C4687D-9760-4F5B-BAB3-60351B0841E4
2024-01-30 19:01 - 2024-01-30 19:01 - 000143476 _____ C:\ProgramData\agent.1706634059.bdinstall.v2.bin
2024-01-30 19:00 - 2024-01-30 19:00 - 014769744 _____ C:\Users\Ahimsa\Downloads\bitdefender_tsecurity.exe
2024-01-28 00:53 - 2024-01-28 00:53 - 000000258 __RSH C:\ProgramData\ntuser.pol
2024-01-27 23:39 - 2024-01-27 23:39 - 000000000 ____D C:\Users\Ahimsa\AppData\Roaming\LiveUpdate
2024-01-27 23:39 - 2024-01-27 23:39 - 000000000 ____D C:\ProgramData\boost_interprocess
2024-01-27 23:37 - 2024-01-28 00:35 - 000000000 ____D C:\Program Files\DVDFab
2024-01-27 23:24 - 2024-01-27 23:31 - 000000000 ____D C:\Users\Ahimsa\AppData\Roaming\ReasonLabs
2024-01-27 23:21 - 2017-06-07 02:36 - 000138296 _____ (Power Software Ltd) C:\Windows\system32\Drivers\scdemu.sys
2024-01-27 23:16 - 2024-01-27 23:16 - 000000000 ____D C:\Users\Ahimsa\AppData\Roaming\dvdcss
2024-01-27 23:16 - 2024-01-27 23:16 - 000000000 ____D C:\Users\Ahimsa\AppData\Roaming\Digiarty
2024-01-27 22:59 - 2024-01-27 22:59 - 000000017 _____ C:\Users\Ahimsa\AppData\Local\resmon.resmoncfg
2024-01-27 14:12 - 2024-01-27 14:12 - 000000000 ____D C:\Users\Ahimsa\AppData\Roaming\REVEAVPCSCAN
2024-01-27 13:31 - 2024-01-30 18:59 - 000000000 ____D C:\REVE Antivirus Data Backup
2024-01-26 11:01 - 2024-01-26 11:01 - 000000000 ____D C:\ProgramData\Emsisoft
2024-01-26 01:11 - 2024-01-26 01:54 - 511152128 _____ C:\Users\Ahimsa\Desktop\Redcore.Linux.Hardened.2401.Tarazed.KDE.amd64.iso
2024-01-26 00:20 - 2024-01-25 17:33 - 077070336 _____ C:\Windows\system32\config\SOFTWARE.dw_backup
2024-01-26 00:19 - 2024-01-25 17:33 - 013631488 _____ C:\Windows\system32\config\SYSTEM.dw_backup
2024-01-26 00:18 - 2024-01-26 00:18 - 000000000 ____D C:\DrWeb Quarantine
2024-01-25 23:01 - 2024-01-26 00:50 - 000000012 _____ C:\ProgramData\oianbuax.xrl
2024-01-25 23:01 - 2024-01-26 00:50 - 000000012 _____ C:\ProgramData\nwckvbae.sbg
2024-01-25 23:01 - 2024-01-25 23:01 - 000000016 _____ C:\ProgramData\rtpeskt
2024-01-25 23:01 - 2024-01-25 23:01 - 000000012 _____ C:\ProgramData\tdcwanbf.gos
2024-01-25 23:01 - 2024-01-25 23:01 - 000000012 _____ C:\ProgramData\jjpoqeig.pvf
2024-01-25 23:01 - 2024-01-25 23:01 - 000000008 _____ C:\ProgramData\okekxhuw.kxh
2024-01-25 23:01 - 2024-01-25 23:01 - 000000008 _____ C:\ProgramData\ewmjdrdx.ejw
2024-01-25 23:00 - 2024-01-26 00:52 - 000000000 ____D C:\Program Files\NoVirusThanks
2024-01-25 22:53 - 2024-01-25 22:54 - 000000000 ____D C:\AdwCleaner
2024-01-25 16:10 - 2024-01-25 22:21 - 000000000 ____D C:\ProgramData\McAfee
2024-01-25 16:09 - 2024-01-25 22:21 - 000000000 ____D C:\Program Files\Common Files\McAfee
2024-01-25 16:08 - 2024-01-25 16:12 - 000000000 ____D C:\Program Files (x86)\stinger
2024-01-25 16:06 - 2024-01-25 16:06 - 000000000 ____D C:\Program Files\McAfee
2024-01-25 15:43 - 2024-01-25 15:43 - 000000036 _____ C:\Users\Ahimsa\AppData\Local\housecall.guid.cache
2024-01-25 15:43 - 2024-01-25 15:43 - 000000000 ____D C:\TMRescueDisk
2024-01-25 15:28 - 2024-01-25 15:28 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2024-01-25 15:23 - 2024-01-25 15:23 - 000000000 ____D C:\Windows\pss
2024-01-24 20:10 - 2024-01-24 20:10 - 076967936 _____ C:\Windows\system32\config\SOFTWARE.iobit
2024-01-24 20:10 - 2024-01-24 20:10 - 053075968 _____ C:\Windows\system32\config\COMPONENTS.iobit
2024-01-24 20:10 - 2024-01-24 20:10 - 000385024 _____ C:\Windows\system32\config\DEFAULT.iobit
2024-01-24 20:10 - 2024-01-24 20:10 - 000049152 _____ C:\Windows\system32\config\SAM.iobit
2024-01-24 20:10 - 2024-01-24 20:10 - 000028672 _____ C:\Windows\system32\config\SECURITY.iobit
2024-01-24 20:07 - 2024-01-24 20:07 - 000000000 ____D C:\ProgramData\iTop
2024-01-24 20:05 - 2024-01-24 20:06 - 000000000 ____D C:\ProgramData\ProductData
2024-01-24 20:05 - 2024-01-24 20:05 - 000003098 _____ C:\Windows\system32\Tasks\ASC_SkipUac_Ahimsa
2024-01-24 20:05 - 2024-01-24 20:05 - 000000000 ____D C:\ProgramData\ProductData3
2024-01-24 20:05 - 2024-01-24 20:05 - 000000000 ____D C:\ProgramData\{7D4F950D-61ED-482D-A05D-43620B49B610}
2024-01-24 20:04 - 2024-01-25 22:54 - 000000000 ____D C:\Users\Ahimsa\AppData\LocalLow\IObit
2024-01-24 20:04 - 2024-01-25 22:24 - 000000000 ____D C:\Program Files (x86)\IObit
2024-01-24 20:03 - 2024-01-25 22:54 - 000000000 ____D C:\Users\Ahimsa\AppData\Roaming\IObit
2024-01-24 20:03 - 2024-01-25 22:54 - 000000000 ____D C:\ProgramData\IObit
2024-01-24 19:54 - 2024-01-24 19:54 - 000019697 _____ C:\Windows\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-01-24 19:52 - 2024-01-24 19:52 - 000019697 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2024-01-24 19:13 - 2024-01-24 19:13 - 000000000 ___HD C:\$WinREAgent
2024-01-24 18:42 - 2024-01-24 19:05 - 000000000 ____D C:\Users\Ahimsa\Doctor Web
2024-01-21 20:55 - 2024-01-21 20:57 - 000000000 ____D C:\Users\Ahimsa\VirtualBox VMs
2024-01-21 20:41 - 2024-01-21 20:57 - 000000000 ____D C:\Users\Ahimsa\.VirtualBox
2024-01-21 20:41 - 2024-01-21 20:41 - 000000000 ____D C:\ProgramData\VirtualBox
2024-01-21 20:40 - 2024-01-21 20:40 - 000001149 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2024-01-21 20:40 - 2024-01-21 20:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2024-01-21 20:40 - 2024-01-21 20:40 - 000000000 ____D C:\Program Files\Oracle
2024-01-21 20:40 - 2024-01-15 07:35 - 001064064 _____ (Oracle and/or its affiliates) C:\Windows\system32\Drivers\VBoxSup.sys
2024-01-21 20:40 - 2024-01-15 07:35 - 000204328 _____ (Oracle and/or its affiliates) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2024-01-18 18:53 - 2024-01-18 18:53 - 000000000 ____D C:\Users\Ahimsa\Library
2024-01-18 18:51 - 2024-01-21 20:37 - 000000000 ____D C:\ProgramData\Package Cache
2024-01-18 18:51 - 2024-01-18 18:51 - 000000000 ____D C:\Program Files\dotnet
2024-01-18 18:50 - 2024-01-18 18:51 - 000000000 ____D C:\ProgramData\Apple
2024-01-18 10:41 - 2024-01-24 20:25 - 000259496 _____ C:\Windows\system32\FNTCACHE.DAT
2024-01-17 19:54 - 2024-01-18 19:38 - 000000000 ____D C:\Windows\system32\Tasks\WiseCleaner
2024-01-17 19:22 - 2024-01-17 19:22 - 000000000 ____D C:\Users\Ahimsa\AppData\Roaming\Microsoft\MMC
2024-01-16 23:18 - 2024-01-16 23:18 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\75158321.sys
2024-01-16 23:17 - 2024-01-16 23:32 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2024-01-16 22:58 - 2024-01-16 22:58 - 000000000 ____D C:\Users\Ahimsa\AppData\Local\mbam
2024-01-16 17:10 - 2024-01-30 16:06 - 000000000 ____D C:\Users\Ahimsa\AppData\Local\CrashDumps
2024-01-16 16:04 - 2024-01-16 16:04 - 000000930 _____ C:\Users\Public\Desktop\Diablo Immortal.lnk
2024-01-16 16:04 - 2024-01-16 16:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo Immortal
2024-01-16 14:29 - 2024-01-17 19:58 - 000000000 ____D C:\Windows\system32\Tasks\Symantec Endpoint Protection
2024-01-16 14:22 - 2024-01-16 14:22 - 000000000 ____D C:\Windows\system32\Drivers\SEP
2024-01-16 14:21 - 2024-01-16 14:21 - 000000000 ____D C:\Program Files\Symantec
2024-01-16 14:15 - 2024-01-16 15:54 - 000111510 _____ C:\Windows\ZAM.krnl.trace
2024-01-16 14:14 - 2024-01-16 15:54 - 000000000 ____D C:\Users\Ahimsa\AppData\Local\AMSDK
2024-01-16 14:09 - 2024-01-16 14:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2024-01-16 14:09 - 2024-01-16 14:09 - 000000000 ____D C:\Program Files\7-Zip
2024-01-15 17:01 - 2024-01-15 17:01 - 000000112 ___SH C:\bootTel.dat
2024-01-15 07:35 - 2024-01-15 07:35 - 000265536 _____ (Oracle and/or its affiliates) C:\Windows\system32\Drivers\VBoxNetLwf.sys
2024-01-15 07:35 - 2024-01-15 07:35 - 000254664 _____ (Oracle and/or its affiliates) C:\Windows\system32\Drivers\VBoxNetAdp6.sys
2024-01-15 07:35 - 2024-01-15 07:35 - 000189304 _____ (Oracle and/or its affiliates) C:\Windows\system32\Drivers\VBoxUSB.sys
2024-01-14 14:04 - 2024-01-14 14:04 - 000000000 ____D C:\found.001
2024-01-14 13:29 - 2024-01-14 13:29 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2024-01-14 11:50 - 2024-01-14 11:50 - 000000000 ____D C:\Windows\InboxApps
2024-01-12 21:18 - 2024-01-12 21:18 - 000000027 _____ C:\Windows\system32\ctc.json
2024-01-12 21:17 - 2024-01-12 21:17 - 000000318 _____ C:\Windows\system32\httpproxy.json
2024-01-12 21:01 - 2024-01-12 21:03 - 000000000 ____D C:\ProgramData\BDLogging
2024-01-12 21:01 - 2024-01-12 21:01 - 000000000 ____D C:\Windows\system32\elambkup
2024-01-12 20:55 - 2024-01-30 19:03 - 000003846 _____ C:\Windows\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2024-01-12 20:46 - 2024-01-12 21:33 - 000000000 ____D C:\Users\Ahimsa\Desktop\muzika
2024-01-12 15:07 - 2024-01-12 15:10 - 000000000 ____D C:\Windows\system32\MRT
2024-01-11 20:58 - 2024-01-24 20:16 - 000000000 ____D C:\Windows\Panther
2024-01-11 17:20 - 2024-01-16 16:04 - 000000000 ____D C:\Program Files (x86)\Diablo Immortal
2024-01-11 17:19 - 2024-01-11 17:19 - 000000000 ____D C:\ProgramData\Blizzard Entertainment
2024-01-11 17:16 - 2024-01-11 17:16 - 000000000 ____D C:\Users\Ahimsa\AppData\Local\Blizzard Entertainment
2024-01-11 11:40 - 2024-01-11 17:13 - 000000000 ____D C:\Users\Ahimsa\AppData\Local\PlaceholderTileLogoFolder
2024-01-11 11:40 - 2024-01-10 13:41 - 086530552 _____ C:\Users\Ahimsa\Downloads\mullvad-browser-windows-x86_64-portable-13.0.7.exe
2024-01-11 11:39 - 2024-01-16 14:47 - 000000000 ___RD C:\Users\Ahimsa\OneDrive
2024-01-11 11:39 - 2024-01-10 14:59 - 000000000 ____D C:\Users\Ahimsa\AppData\Roaming\Microsoft\Spelling
2024-01-11 11:36 - 2024-01-11 11:36 - 000000000 ____D C:\Users\Ahimsa\AppData\Local\Publishers
2024-01-11 11:35 - 2024-01-16 14:48 - 000000000 ____D C:\Users\Ahimsa\AppData\Local\Packages
2024-01-11 11:35 - 2024-01-14 13:26 - 000000000 ____D C:\ProgramData\Packages
2024-01-11 11:35 - 2024-01-12 21:06 - 000000000 ___SD C:\Users\Ahimsa\AppData\Roaming\Microsoft\Protect
2024-01-11 11:35 - 2024-01-11 11:35 - 000000000 __RHD C:\Users\Public\AccountPictures
2024-01-11 11:35 - 2024-01-11 11:35 - 000000000 ___SD C:\Users\Ahimsa\AppData\Roaming\Microsoft\SystemCertificates
2024-01-11 11:35 - 2024-01-11 11:35 - 000000000 ___SD C:\Users\Ahimsa\AppData\Roaming\Microsoft\Crypto
2024-01-11 11:35 - 2024-01-11 11:35 - 000000000 ___SD C:\Users\Ahimsa\AppData\Roaming\Microsoft\Credentials
2024-01-11 11:35 - 2024-01-11 11:35 - 000000000 ___RD C:\Users\Ahimsa\3D Objects
2024-01-11 11:35 - 2024-01-11 11:35 - 000000000 ____D C:\Users\Ahimsa\AppData\Roaming\Microsoft\Vault
2024-01-11 11:35 - 2024-01-11 11:35 - 000000000 ____D C:\Users\Ahimsa\AppData\Roaming\Microsoft\Network
2024-01-11 11:35 - 2024-01-11 11:35 - 000000000 ____D C:\Users\Ahimsa\AppData\Roaming\Adobe
2024-01-11 11:35 - 2024-01-11 11:35 - 000000000 ____D C:\Users\Ahimsa\AppData\Local\VirtualStore
2024-01-11 11:35 - 2024-01-11 11:35 - 000000000 ____D C:\Users\Ahimsa\AppData\Local\ConnectedDevicesPlatform
2024-01-11 11:34 - 2024-01-27 13:40 - 000000000 ____D C:\Users\Ahimsa
2024-01-11 11:34 - 2024-01-11 11:35 - 000000000 ____D C:\Users\Ahimsa\AppData\Roaming\Microsoft\Windows
2024-01-11 11:34 - 2024-01-11 11:34 - 000000020 ___SH C:\Users\Ahimsa\ntuser.ini
2024-01-11 11:31 - 2024-01-28 00:22 - 000795738 _____ C:\Windows\system32\PerfStringBackup.INI
2024-01-11 11:27 - 2024-01-11 11:27 - 000000000 _SHDL C:\Documents and Settings
2024-01-11 11:04 - 2024-01-27 11:58 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-01-11 11:04 - 2024-01-27 11:58 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-01-11 11:03 - 2024-01-31 11:33 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-01-11 11:03 - 2024-01-31 11:33 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-01-11 11:03 - 2024-01-11 11:03 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2024-01-11 11:02 - 2024-02-02 17:57 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2024-01-11 11:02 - 2024-01-10 18:44 - 000000000 ____D C:\Windows\system32\Drivers\wd
2024-01-11 10:59 - 2024-02-02 17:57 - 000008192 ___SH C:\DumpStack.log.tmp
2024-01-11 10:59 - 2024-02-02 16:54 - 000000000 ____D C:\Windows\system32\SleepStudy
2024-01-11 10:59 - 2024-01-11 10:59 - 000000000 ____D C:\Windows\ServiceProfiles
2024-01-10 20:07 - 2024-01-28 00:32 - 000000000 ____D C:\Users\Ahimsa\AppData\Local\Rufus
2024-01-10 20:00 - 2024-01-10 20:00 - 001431624 _____ (Akeo Consulting) C:\Users\Ahimsa\Desktop\rufus-4.3.exe
2024-01-10 19:53 - 2024-01-10 19:53 - 000000000 ____D C:\Users\Ahimsa\AppData\Local\NPE
2024-01-10 19:27 - 2024-01-10 19:27 - 000000000 ____D C:\ProgramData\PLUG
2024-01-10 18:51 - 2024-01-10 18:51 - 000055248 _____ (AVG Technologies) C:\Windows\system32\Drivers\rm.sys
2024-01-10 18:42 - 2024-01-10 18:43 - 003514508 _____ C:\Users\Ahimsa\Downloads\ProcessExplorer.zip
2024-01-10 18:32 - 2024-01-10 19:16 - 000000000 ____D C:\Users\Ahimsa\AppData\Roaming\FreeFirewall
2024-01-10 18:32 - 2024-01-10 18:32 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Evorim
2024-01-10 18:32 - 2024-01-10 18:32 - 000000000 ____D C:\Program Files\Common Files\Evorim
2024-01-10 18:31 - 2024-01-10 18:31 - 002961151 _____ C:\Users\Ahimsa\Downloads\geek.zip
2024-01-10 18:31 - 2024-01-10 18:31 - 000000000 ____D C:\Users\Ahimsa\AppData\Roaming\Geek Uninstaller
2024-01-10 18:11 - 2024-01-10 18:11 - 000000000 ____D C:\Program Files\RUXIM
2024-01-10 16:11 - 2024-01-31 17:17 - 000000000 ____D C:\Users\Ahimsa\AppData\Local\Battle.net
2024-01-10 16:11 - 2024-01-11 17:19 - 000000000 ____D C:\Users\Ahimsa\AppData\Roaming\Battle.net
2024-01-10 16:11 - 2024-01-10 16:11 - 000000000 ____D C:\Users\Ahimsa\AppData\Local\CEF
2024-01-10 16:09 - 2024-01-10 16:09 - 000000936 _____ C:\Users\Public\Desktop\Battle.net.lnk
2024-01-10 16:09 - 2024-01-10 16:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2024-01-10 16:08 - 2024-01-11 17:19 - 000000000 ____D C:\Program Files (x86)\Battle.net
2024-01-10 16:08 - 2024-01-10 16:08 - 000000000 ____D C:\ProgramData\Battle.net
2024-01-10 16:07 - 2024-01-10 16:07 - 004925568 _____ (Blizzard Entertainment) C:\Users\Ahimsa\Downloads\Battle.net-Setup.exe
2024-01-10 14:29 - 2024-01-10 14:29 - 000000000 ____D C:\Users\Ahimsa\AppData\Local\Comms
2024-01-10 14:26 - 2024-01-31 15:14 - 000000000 ____D C:\Users\Ahimsa\Desktop\passwords
2024-01-10 13:47 - 2024-01-10 13:47 - 000002134 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2024-01-10 13:47 - 2024-01-10 13:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2024-01-10 13:46 - 2024-01-27 13:47 - 000000000 ____D C:\ProgramData\NVIDIA
2024-01-10 13:46 - 2024-01-10 13:46 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2024-01-10 13:46 - 2017-10-27 18:36 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2024-01-10 13:46 - 2017-10-27 18:12 - 005960824 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2024-01-10 13:46 - 2017-10-27 18:12 - 002587768 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2024-01-10 13:46 - 2017-10-27 18:12 - 001766520 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2024-01-10 13:46 - 2017-10-27 18:12 - 000607168 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2024-01-10 13:46 - 2017-10-27 18:12 - 000449656 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2024-01-10 13:46 - 2017-10-27 18:12 - 000123000 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2024-01-10 13:46 - 2017-10-27 18:12 - 000081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2024-01-10 13:46 - 2017-10-27 18:06 - 000136312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2024-01-10 13:46 - 2017-10-25 12:33 - 007802921 _____ C:\Windows\system32\nvcoproc.bin
2024-01-10 13:46 - 2017-09-14 01:20 - 000798008 _____ C:\Windows\SysWOW64\vulkan-1.dll
2024-01-10 13:46 - 2017-09-14 01:20 - 000490296 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2024-01-10 13:46 - 2017-09-14 01:19 - 000927544 _____ C:\Windows\system32\vulkan-1.dll
2024-01-10 13:46 - 2017-09-14 01:19 - 000591160 _____ C:\Windows\system32\vulkaninfo.exe
2024-01-10 13:45 - 2024-01-10 13:47 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2024-01-10 13:45 - 2024-01-10 13:47 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2024-01-10 13:45 - 2024-01-10 13:46 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2024-01-10 13:45 - 2017-11-09 04:43 - 000540784 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2024-01-10 13:45 - 2017-11-09 04:43 - 000446392 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2024-01-10 13:44 - 2017-11-09 04:40 - 036248176 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2024-01-10 13:44 - 2017-11-09 04:40 - 029279672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2024-01-10 13:44 - 2017-11-09 04:39 - 000989808 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2024-01-10 13:44 - 2017-11-09 04:39 - 000940984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2024-01-10 13:44 - 2017-11-09 04:39 - 000054192 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2024-01-10 13:44 - 2017-11-09 04:38 - 001997752 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438813.dll
2024-01-10 13:44 - 2017-11-09 04:38 - 001682544 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438813.dll
2024-01-10 13:44 - 2017-11-09 04:38 - 001624168 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2024-01-10 13:44 - 2017-11-09 04:38 - 001108408 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2024-01-10 13:44 - 2017-11-09 04:38 - 001039800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2024-01-10 13:44 - 2017-11-09 04:38 - 000233904 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2024-01-10 13:44 - 2017-11-09 04:37 - 040246384 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2024-01-10 13:44 - 2017-11-09 04:37 - 035165624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2024-01-10 13:44 - 2017-11-09 04:37 - 004210288 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2024-01-10 13:44 - 2017-11-09 04:37 - 003623024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2024-01-10 13:44 - 2017-11-09 04:30 - 023474480 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2024-01-10 13:44 - 2017-11-09 04:30 - 019212720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2024-01-10 13:44 - 2017-11-09 04:30 - 013379352 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2024-01-10 13:44 - 2017-11-09 04:30 - 010986768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2024-01-10 13:44 - 2017-11-09 04:26 - 001154296 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2024-01-10 13:44 - 2017-11-09 04:26 - 000902312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2024-01-10 13:44 - 2017-11-09 04:25 - 013994136 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2024-01-10 13:44 - 2017-11-09 04:25 - 011891200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2024-01-10 13:44 - 2017-11-09 04:25 - 004533184 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2024-01-10 13:44 - 2017-11-09 04:25 - 003859848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2024-01-10 13:44 - 2017-11-09 03:57 - 000048442 _____ C:\Windows\system32\nvinfo.pb
2024-01-10 13:44 - 2017-11-09 03:57 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2024-01-10 13:44 - 2017-11-09 03:57 - 000000669 _____ C:\Windows\system32\nv-vk64.json
2024-01-10 13:43 - 2024-02-02 10:49 - 000000914 _____ C:\Users\Ahimsa\Desktop\Mullvad Browser.lnk
2024-01-10 13:43 - 2024-01-10 20:02 - 000000000 ____D C:\Users\Ahimsa\Desktop\Mullvad Browser
2024-01-10 13:43 - 2024-01-10 13:43 - 000000962 _____ C:\Users\Ahimsa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mullvad Browser.lnk
2024-01-10 13:43 - 2024-01-10 13:43 - 000000000 ____D C:\Users\Ahimsa\AppData\Local\D3DSCache
2024-01-10 13:43 - 2024-01-10 13:43 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-01-10 13:42 - 2024-01-10 13:42 - 000000000 ____D C:\Users\Ahimsa\AppData\Local\OneDrive

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-02-02 17:59 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-02-02 16:56 - 2019-12-07 11:03 - 000524288 _____ C:\Windows\system32\config\BBI
2024-02-01 17:58 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness
2024-02-01 17:51 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2024-01-31 14:08 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-01-30 19:12 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\Offline Web Pages
2024-01-30 19:06 - 2019-12-07 11:03 - 000065536 _____ C:\Windows\system32\config\ELAM
2024-01-30 18:17 - 2019-12-07 11:14 - 000000121 _____ C:\Windows\win.ini
2024-01-27 11:55 - 2023-05-05 14:27 - 000000000 ____D C:\Windows\SystemTemp
2024-01-25 16:41 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp
2024-01-25 16:11 - 2019-12-07 11:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2024-01-24 20:27 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\LiveKernelReports
2024-01-24 20:22 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2024-01-24 20:22 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2024-01-24 20:22 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2024-01-24 20:22 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources
2024-01-24 20:22 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2024-01-24 20:22 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\setup
2024-01-24 20:22 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2024-01-24 20:22 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\oobe
2024-01-24 20:22 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\migwiz
2024-01-24 20:22 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\appraiser
2024-01-24 20:22 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ShellComponents
2024-01-24 20:22 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\bcastdvr
2024-01-17 19:58 - 2019-12-07 11:14 - 000000000 ___SD C:\Windows\Downloaded Program Files
2024-01-17 19:57 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\Help
2024-01-16 17:08 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2024-01-14 12:05 - 2019-12-07 11:14 - 000000000 ___SD C:\Windows\SysWOW64\F12
2024-01-14 12:05 - 2019-12-07 11:14 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2024-01-14 12:05 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation
2024-01-14 12:05 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2024-01-14 12:05 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\migwiz
2024-01-14 12:05 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\lv-LV
2024-01-14 12:05 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\lt-LT
2024-01-14 12:05 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\et-EE
2024-01-14 12:05 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\es-MX
2024-01-14 12:05 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2024-01-14 12:05 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\Com
2024-01-14 12:05 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2024-01-14 12:00 - 2019-12-07 11:14 - 000000000 ___SD C:\Windows\system32\UNP
2024-01-14 12:00 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2024-01-14 12:00 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2024-01-14 12:00 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\Sysprep
2024-01-14 11:58 - 2019-12-07 11:14 - 000000000 ___SD C:\Windows\system32\F12
2024-01-14 11:58 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\ShellExperiences
2024-01-14 11:58 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2024-01-14 11:58 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\lv-LV
2024-01-14 11:58 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\lt-LT
2024-01-14 11:58 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\et-EE
2024-01-14 11:58 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\es-MX
2024-01-14 11:52 - 2019-12-07 11:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2024-01-14 11:52 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\Dism
2024-01-14 11:52 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\Com
2024-01-14 11:52 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\AdvancedInstallers
2024-01-14 11:50 - 2019-12-07 11:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2024-01-14 11:50 - 2019-12-07 11:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2024-01-14 11:50 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\PrintDialog
2024-01-14 11:50 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ShellExperiences
2024-01-14 11:50 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\Provisioning
2024-01-14 11:50 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2024-01-14 11:50 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\IME
2024-01-14 11:50 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\appcompat
2024-01-14 11:50 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Windows Defender
2024-01-14 11:50 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\System
2024-01-14 11:50 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2024-01-14 11:50 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\servicing
2024-01-14 11:32 - 2019-12-07 11:52 - 000023040 _____ (Microsoft Corporation) C:\Windows\system32\OEMDefaultAssociations.dll
2024-01-14 11:32 - 2019-12-07 11:52 - 000020827 _____ C:\Windows\system32\OEMDefaultAssociations.xml
2024-01-14 11:32 - 2019-12-07 11:15 - 000208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2024-01-14 11:32 - 2019-12-07 11:14 - 000232448 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2024-01-11 20:57 - 2019-12-07 11:14 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2024-01-11 11:39 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\USOPrivate
2024-01-11 11:29 - 2019-12-07 11:50 - 000000000 ____D C:\Windows\system32\FxsTmp
2024-01-11 11:29 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\spool
2024-01-10 20:00 - 2019-12-07 11:14 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2024-01-10 18:31 - 2023-09-07 10:12 - 007020016 _____ (Geek Uninstaller) C:\Users\Ahimsa\Desktop\geek.exe
2024-01-10 16:12 - 2019-12-07 11:51 - 000000000 ____D C:\Windows\OCR
2024-01-10 13:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2024-01-10 13:53 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ServiceState

==================== Files in the root of some directories ========

2024-02-01 17:48 - 2024-02-01 18:07 - 000005094 _____ () C:\Program Files\SDLog.txt
2024-01-25 15:43 - 2024-01-25 15:43 - 000000036 _____ () C:\Users\Ahimsa\AppData\Local\housecall.guid.cache
2024-01-27 22:59 - 2024-01-27 22:59 - 000000017 _____ () C:\Users\Ahimsa\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

ADDITION Log :
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.01.2024 01
Ran by Ahimsa (02-02-2024 19:24:54)
Running from C:\Users\Ahimsa\Desktop
Microsoft Windows 10 Home Version 22H2 19045.3996 (X64) (2024-01-11 09:27:56)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3628294698-195839899-1095030745-500 - Administrator - Disabled)
Ahimsa (S-1-5-21-3628294698-195839899-1095030745-1001 - Administrator - Enabled) => C:\Users\Ahimsa
DefaultAccount (S-1-5-21-3628294698-195839899-1095030745-503 - Limited - Disabled)
Guest (S-1-5-21-3628294698-195839899-1095030745-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3628294698-195839899-1095030745-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Security (Enabled - Up to date) {26E0861C-6FB9-CEF9-E4F0-531986211ACE}
FW: ESET Firewall (Disabled) {1EDB0739-25D6-CFA1-CFAF-FA2C78F25DB5}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 23.01 (x64) (HKLM\...\7-Zip) (Version: 23.01 - Igor Pavlov)
Diablo Immortal (HKLM-x32\...\Diablo Immortal) (Version: - Blizzard Entertainment)
Glary Utilities 6.5 (HKLM-x32\...\Glary Utilities) (Version: 6.5.0.8 - Glarysoft Ltd)
Microsoft .NET Host - 7.0.15 (x64) (HKLM\...\{2EB0BDB4-BD7D-4E10-A8CE-5135290DA16B}) (Version: 56.60.5674 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 7.0.15 (x64) (HKLM\...\{D0210A10-A37D-4B32-B1EE-BB02E519C76C}) (Version: 56.60.5674 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 7.0.15 (x64) (HKLM\...\{C4FF47FF-99CD-4699-8B6D-10834B3F0554}) (Version: 56.60.5674 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 7.0.15 (x64) (HKLM-x32\...\{0331d3a0-8fc1-4154-bd6d-2a34e98de45b}) (Version: 7.0.15.33122 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 121.0.2277.83 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 120.0.2210.144 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30153 (HKLM-x32\...\{9057ceb3-ab14-4d3a-aa99-38d2d660e604}) (Version: 14.29.30153.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.29.30153 (HKLM\...\{4EF122F4-F7DA-4F5B-A7A1-3FE7AE34850D}) (Version: 14.29.30153 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.29.30153 (HKLM\...\{0F03096E-F81F-48D0-AEE0-9F8513CD883F}) (Version: 14.29.30153 - Microsoft Corporation) Hidden
NVIDIA 3D Vision Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.13.7500 - NVIDIA Corporation) Hidden
Oracle VM VirtualBox 7.0.14 (HKLM\...\{8DDF4B7A-DE1A-4619-B426-959B44E40A87}) (Version: 7.0.14 - Oracle and/or its affiliates)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden

Packages:
=========
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.18.11020.0_x64__8wekyb3d8bbwe [2024-01-14] (Microsoft Studios) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [BkavHome] -> {67EDE076-3F8F-45AD-9E80-21B0C531E972} => -> No File
ContextMenuHandlers1-x32: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Endpoint Security\x86\shellExt.dll -> No File
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities\x64\ContextHandler.dll [2024-01-15] (Glarysoft Ltd -> Glarysoft Ltd)
ContextMenuHandlers2-x32: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Endpoint Security\x86\shellExt.dll -> No File
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities\x64\ContextHandler.dll [2024-01-15] (Glarysoft Ltd -> Glarysoft Ltd)
ContextMenuHandlers3: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [BkavHome] -> {67EDE076-3F8F-45AD-9E80-21B0C531E972} => -> No File
ContextMenuHandlers6-x32: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Endpoint Security\x86\shellExt.dll -> No File
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities\x64\ContextHandler.dll [2024-01-15] (Glarysoft Ltd -> Glarysoft Ltd)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2000-01-01 02:00 - 2024-01-23 18:51 - 000829952 _____ () [File not signed] C:\Users\Ahimsa\Desktop\Mullvad Browser\Browser\libEGL.dll
2000-01-01 02:00 - 2024-01-23 18:51 - 006166016 _____ () [File not signed] C:\Users\Ahimsa\Desktop\Mullvad Browser\Browser\libGLESv2.dll
2000-01-01 02:00 - 2024-01-23 18:51 - 000702976 _____ (Mullvad VPN AB) [File not signed] C:\Users\Ahimsa\Desktop\Mullvad Browser\Browser\freebl3.dll
2000-01-01 02:00 - 2024-01-23 18:51 - 000045056 _____ (Mullvad VPN AB) [File not signed] C:\Users\Ahimsa\Desktop\Mullvad Browser\Browser\lgpllibs.dll
2000-01-01 02:00 - 2024-01-23 18:51 - 004286976 _____ (Mullvad VPN AB) [File not signed] C:\Users\Ahimsa\Desktop\Mullvad Browser\Browser\mozavcodec.dll
2000-01-01 02:00 - 2024-01-23 18:51 - 000283136 _____ (Mullvad VPN AB) [File not signed] C:\Users\Ahimsa\Desktop\Mullvad Browser\Browser\mozavutil.dll
2000-01-01 02:00 - 2024-01-23 18:51 - 001469440 _____ (Mullvad VPN AB) [File not signed] C:\Users\Ahimsa\Desktop\Mullvad Browser\Browser\mozglue.dll
2000-01-01 02:00 - 2024-01-23 18:51 - 002610176 _____ (Mullvad VPN AB) [File not signed] C:\Users\Ahimsa\Desktop\Mullvad Browser\Browser\nss3.dll
2000-01-01 02:00 - 2024-01-23 18:51 - 000484352 _____ (Mullvad VPN AB) [File not signed] C:\Users\Ahimsa\Desktop\Mullvad Browser\Browser\nssckbi.dll
2000-01-01 02:00 - 2024-01-23 18:51 - 000295424 _____ (Mullvad VPN AB) [File not signed] C:\Users\Ahimsa\Desktop\Mullvad Browser\Browser\softokn3.dll
2000-01-01 02:00 - 2024-01-23 18:51 - 157807616 _____ (Mullvad VPN AB) [File not signed] C:\Users\Ahimsa\Desktop\Mullvad Browser\Browser\xul.dll
2024-01-10 13:46 - 2017-10-27 18:06 - 000874368 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3628294698-195839899-1095030745-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO-x32: BkavSiteAdvisorEngine Class -> {2876549C-1023-4AA0-82FF-8ED7112D5269} -> C:\Program Files (x86)\BkavHome\SiteAdvisor\BkavIESiteAdvisor.dll => No File
Handler: bksa - {AFBCA127-FD48-4FF5-B523-0E0DB4B8C295} - C:\Program Files (x86)\BkavHome\SiteAdvisor\BkavIESiteAdvisor.dll No File

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 11:14 - 2024-01-24 19:06 - 000000911 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3628294698-195839899-1095030745-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Ethernet 2: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Wi-Fi: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "BdVpnApp"
HKU\S-1-5-21-3628294698-195839899-1095030745-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3628294698-195839899-1095030745-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_017B8FE825A7F9F4CD0DEE0D211F9E3B"
HKU\S-1-5-21-3628294698-195839899-1095030745-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{65C79540-5FCC-4EEC-BD10-2185AA2A0E94}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.110.3218.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{141894FE-F384-40DA-A05E-7F8723952DCE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.110.3218.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E43E32A7-97A8-44F2-925D-1FC55D737395}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.110.3218.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A8E3BCF1-88D4-4331-8AB1-DE954975968E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.110.3218.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6041DAE5-70B1-404D-AA8C-CB91C49A1888}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{EB082D33-6EF8-4D3E-9C15-ED2838385B85}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{048F8BAC-4F18-4F82-9A44-210488FDC84C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{21ED8408-09CF-41AC-862D-4139FC03F3C3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)

==================== Restore Points =========================

25-01-2024 16:40:40 Windows Modules Installer

==================== Faulty Device Manager Devices ============

Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: ========================

Application errors:
==================
Error: (02/01/2024 06:27:52 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress..

Error: (02/01/2024 06:27:52 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]

Error: (02/01/2024 06:27:52 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress..

Error: (02/01/2024 06:27:52 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]

Error: (02/01/2024 06:22:14 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (02/01/2024 06:13:26 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (02/01/2024 06:07:58 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (02/01/2024 06:07:58 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.


System errors:
=============
Error: (02/02/2024 06:55:38 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (02/02/2024 06:05:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SASDIFSV service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (02/02/2024 06:05:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SASKUTIL service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (02/02/2024 06:05:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SASKUTIL service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (02/02/2024 06:01:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SASKUTIL service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (02/02/2024 05:59:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SASKUTIL service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (02/02/2024 05:59:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SASDIFSV service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (02/02/2024 05:59:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SASKUTIL service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


Windows Defender:
================
Date: 2024-02-02 19:17:55
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2024-02-02 18:09:37
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-02-02 18:06:01
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2024-02-01 18:06:03
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-01-27 12:53:16
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===============
Date: 2024-02-02 18:05:06
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SUPERAntiSpyware\sasdifsv64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2024-02-02 18:05:05
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SUPERAntiSpyware\saskutil64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

BIOS: Award Software International, Inc. F10 03/22/2011
Motherboard: Gigabyte Technology Co., Ltd. GA-MA770T-UD3
Processor: AMD Athlon(tm) II X4 645 Processor
Percentage of memory in use: 41%
Total physical RAM: 12285.55 MB
Available physical RAM: 7197.98 MB
Total Virtual: 13053.55 MB
Available Virtual: 7288.37 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.2 GB) (Free:355.57 GB) (Model: WDC WD5000AZRX-00A8LB0 ATA Device) NTFS

\\?\Volume{ab11e5cc-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.05 GB) (Free:0.02 GB) NTFS
\\?\Volume{ab11e5cc-0000-0000-0000-005074000000}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: AB11E5CC)
Partition 1: (Active) - (Size=50 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=522 MB) - (Type=27)

==================== End of Addition.txt =======================
 
  • Like
Reactions: Trident

icotonev

Moderator
Verified
Staff Member
Mar 9, 2017
532
Hi ..! I am extremely pleased to see a compatriot with us in this forum ..! :)
Здравей..! Изключително ми е приятно да видя сънародник при нас в този форум..! Малко ми се струва че сте поомазали тази прясно преинсталирана система (Which remain after system format.)..!?! Какво ви кара да мислите че тя е заразена и с Remote access trojan (RAT) ..?


Uninstall programs/apps
  • Select Start , then select Settings > Apps > Apps & features.
  • Select the app you want to remove, and then select Uninstall.
    • Glary Utilities 6.5

Next ....:

Farbar Recovery Scan Tool - Fix

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone


Please download the attached file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.

In your next reply, please include:
  • Fixlog.txt
 

Attachments

  • fixlist.txt
    3.8 KB · Views: 93

Strike

Level 1
Thread author
Jun 12, 2022
23
I think my pc is infected with RAT,because :
-pc is too slow at moments
-some tray icons hide itself
-net speed is too slow
-apps and games are closing without an error or something
-it's even happened that system files are missing at loading of Windows (so i had to reinstall it)
-software being installed without i even notice
-open random pages of my browser
-my dvd writer is opening etc etc

Btw i uninstalled ''Glary Utilities 6.5''.
After few mins i will post and the ''FixLog".
 
  • Like
Reactions: Trident

icotonev

Moderator
Verified
Staff Member
Mar 9, 2017
532
Symptoms typical of almost any malware and a system where antivirus software has been used indiscriminately without knowing what it is..!

Farbar Recovery Scan Tool - Fix

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone

Please download the attached file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.

  • Copy/paste the following in the Search: box
Code:
Searchall: Bkav , Trend Micro , Bitdefender , Emsisoft , DrWeb , NoVirusThanks , McAfee , IObit , WiseCleaner

  • Click Search Files button
  • When completed click OK and a Search.txt document will open on your desktop
  • Аttach the report in your reply. If the file is too large zip and upload it here.

In your next reply, please include:
  • Fixlog.txt
  • Search report
 

Attachments

  • fixlist.txt
    3.3 KB · Views: 40
  • Like
Reactions: Trident

Strike

Level 1
Thread author
Jun 12, 2022
23
I know that one antivirus is enough,but i just used those to scan and when infection was no found i uninstalled them .... xD
 

Attachments

  • Fixlog.txt
    7.6 KB · Views: 87
  • Search.txt
    406 bytes · Views: 35
  • Like
Reactions: kylprq and Trident

Strike

Level 1
Thread author
Jun 12, 2022
23
Now i opened process explorer from Microsoft.
And when ticked the option to scan the processes with Virustotal.com it got two detections.
The first from WindowsMediaPlayer.exe and second from my browser (MullvadBrowser.exe).
Link to Virustotal.com for first detection :


And for second :
 

icotonev

Moderator
Verified
Staff Member
Mar 9, 2017
532
The first from WindowsMediaPlayer.exe and second from my browser (MullvadBrowser.exe).

Аbsolutely false positives ..!

Please do the following:

Fresh FRST logs

Please run FRST tool once more, and attach for me fresh logs:
  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produce two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach these two logs in your next reply.

Next ....:


Kaspersky Virus Removal Tool
  • Download Kaspersky Virus Removal Tool and save it to your Desktop
  • Hit the Windows Key + R at the same time
  • Drag and drop the KVRT icon on your Desktop into the Run box to the right of Open:
  • Add -dontencrypt so that it looks like C:\Users\**Your User Name***\Desktop\KVRT.exe -dontencrypt (with a space between .exe and "-")
  • Click OK
  • Review and place check marks in all 3 I confirm boxes then click Accept
  • Click Change parameters
  • Place check marks in the following categories:
Code:
System memory
Startup objects
Boot sectors
System drive
  • Click OK
  • Click Start scan
  • When completed click Continue
  • Close the program
  • Hit the Windows Key + E at the same time
  • Navigate to the C:\KVRT2020_Data\Reports folder
  • Right click on KLR File which looks similar to report_2022.09.12_06.27.09 and select Open
  • Please attach the contents of the log in your next reply.

Next ....:

Malwarebytes Anti-Rootkit - Scan Only

  • Download Malwarebytes Anti-Rootkit and save it to your Desktop
  • Right click the mbar icon and select Run as administrator
  • Click OK to install it on your desktop
  • Click Next on the following screen
  • On the Update Database: screen click Update to download the latest definition updates then click Next
  • Click Scan and allow the process to complete
  • Click the Exit button not Cleanup
  • A system-log report will be created in the mbar folder placed on your Desktop. Please attach the contents of the log in your next reply.

In your next reply, please post:
  • Fresh FRST logs ( FRST.txt + Addition.txt )
  • Kaspersky report
  • MBAR report
 
  • Like
Reactions: Trident

Strike

Level 1
Thread author
Jun 12, 2022
23
FRST and Addition Logs :
 

Attachments

  • Addition2.txt
    19.8 KB · Views: 57
  • FRST2.txt
    35.7 KB · Views: 43
  • Like
Reactions: Trident

Strike

Level 1
Thread author
Jun 12, 2022
23
The download button for Kaspesky virus removal tool is not working.
 

Attachments

  • system-log.txt
    42.2 KB · Views: 52
  • Like
Reactions: Trident

icotonev

Moderator
Verified
Staff Member
Mar 9, 2017
532
The download button for Kaspesky virus removal tool is not working.


Thank you..! :)
The link and the button work for me..! Please try another browser or temporarily disable VPN...

How's your computer now ? Let me know about how is the computer running. Please, include any issue and concern right now.
 
  • Like
Reactions: Trident

Strike

Level 1
Thread author
Jun 12, 2022
23
About system my game ''Diablo Immortal'' don't stop to close itself after 5-10 mins of gameplay, my mouse is moving.
I feel it like someone it's just control my computer.
Today also i was unable to connect to my Wifi.
I was able to use the internet from all my devices except my pc ....
Btw for first time i'm facing a virus that is not being detected and even remain after hard disk format/reinstall.
The problem is that i can't even use it at moments ....
The site does not allow me to upload the report due to not allowed extension so i will post it here :

<Report>
<Metadata Version="1" PCID="{B0135245-C30C-5A73-9969-6C249E58C693}" LastModification="2024.02.05 02:56:04.999" />
<EventBlocks>
<Block0 Type="Scan" Processed="445676" Found="0" Neutralized="0">
<Event0 Action="Scan" Time="133515501352996798" Object="" Info="Started" />
<Event1 Action="Scan" Time="133515573157808778" Object="" Info="Finished" />
</Block0>
</EventBlocks>
</Report>
 
  • Like
Reactions: Trident

icotonev

Moderator
Verified
Staff Member
Mar 9, 2017
532
No obvious signs of infection in the logs you've supplied....! Do you accept that the problem could be hardware..?

Farbar Recovery Scan Tool - Fix

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone


Please download the attached file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.



Next ....:
  • Boot into Safe Mode using the From the sign-in screen instructions. Check if the issues persist and let me know the result.
If the problem is present under safe mode, it means that the problem is rooted somewhere:
- among some of the applications that still start in Safe Mode (there are some, but they are very few in number)
- deeper into system files/registry;
- or in the hardware.
Logically, otherwise, if the problem is not present under Safe Mode, then it is most likely due to some of the processes/services/drivers in question not running in Safe Mode, but running in normal ie. it is almost certain that the problem is software.


In your next reply, please include:
  • Fixlog.txt
 

Attachments

  • fixlist.txt
    149 bytes · Views: 71
Last edited:
  • Like
Reactions: Trident

Strike

Level 1
Thread author
Jun 12, 2022
23
It could have been hardware,but with those weird symptoms related to virus infection ....
I don't know about Safe Mode,because if the virus is active before system start.As i think it can work also and there.
 

Attachments

  • Fixlog.txt
    6 KB · Views: 40
  • Like
Reactions: Trident

icotonev

Moderator
Verified
Staff Member
Mar 9, 2017
532
...and system files are fine..

Some time ago, I had a similar case, only it interrupted the Internet there.After restarting the router, I was fine and...! Let's try this too..!
 
  • Like
Reactions: Trident

icotonev

Moderator
Verified
Staff Member
Mar 9, 2017
532
Hello..! :)
Any developments on your issue..?

  • Download KpRm and save it to your Desktop (see here if you must use Chrome)
  • Note: If the file is detected as malware it is not and it is safe to download. The detection is a false positive.
  • Right click on the icon and select Run as administrator
  • Click Yes on the Disclaimer
  • Place a check mark in Delete Tools, Create Restore Point, and Delete in 7 days
  • Click Run
  • Click OK on All operations are completed
  • KpRm will delete itself from you Desktop and you can either save or remove the report that is generated
  • You are free to remove any other tools/reports still remaining
  • Please copy and paste its contents in your next reply.
 
  • Like
Reactions: Trident

icotonev

Moderator
Verified
Staff Member
Mar 9, 2017
532
What installation media are you using? If you formatted the drive and reinstalled the OS, then I would suggest creating a new USB install device with Windows Media Creation and start all over.


 
Last edited:
  • Like
Reactions: Trident
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top