I'm not really sure but I think my PC was infected by Malware that I downloaded from the forum site (IObit Malware Fighter Pro Portable). I just tried it if it works on my PC then after closing the app. I noticed that the software was still running after I check Services/Autoruns. I even check if there was still a remaining folder from my files that was related to the IOBit file.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-12-2023
Ran by Burento (administrator) on BURENTO (Micro-Star International Co., Ltd. MS-7B89) (04-12-2023 21:34:17)
Running from C:\Users\atobe\Desktop\FRST64.exe
Loaded Profiles: Burento
Platform: Microsoft Windows 10 Pro Version 22H2 19045.3758 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(explorer.exe ->) (Alex313031) [File not signed] C:\Users\atobe\AppData\Local\Thorium\Application\thorium.exe <19>
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_3cf99e411755df38\RtkAudUService64.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Wagnardsoft -> Wagnardsoft) C:\Users\atobe\Documents\GameOptimize\ISLC v1.0.2.8\ISLC v1.0.2.9\Intelligent standby list cleaner ISLC.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [3022640 2023-10-28] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_3cf99e411755df38\RtkAudUService64.exe [1963928 2023-11-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 0
HKLM\...\Policies\Explorer: [HideSCAMeetNow] 1
HKLM\Software\Policies\...\system: [EnableActivityFeed] 0
HKLM\Software\Policies\...\system: [PublishUserActivities] 0
HKLM\Software\Policies\...\system: [UploadUserActivities] 0
HKLM\Software\Policies\...\system: [AllowClipboardHistory] 0
HKLM\Software\Policies\...\system: [AllowCrossDeviceClipboard] 0
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3572488 2023-11-09] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\Policies\Explorer: [HideSCAMeetNow] 1
HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3572488 2023-11-09] (Razer USA Ltd. -> Razer Inc.)
IFEO\TextInputHost.exe: [Debugger] C:\Windows\system32\systray.exe
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction - Edge <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {90D97723-1CAE-41CC-B9D5-491AADBA022A} - System32\Tasks\Intelligent StandbyList Cleaner => C:\Users\atobe\Documents\GameOptimize\ISLC v1.0.2.8\ISLC v1.0.2.9\Intelligent standby list cleaner ISLC.exe [438968 2023-06-26] (Wagnardsoft -> Wagnardsoft)
Task: {5CBDC1F3-6B2D-46DC-B87E-2B12626B70E0} - System32\Tasks\Microsoft\Windows\ConsentUX\UnifiedConsent\UnifiedConsentSyncTask => {82aa0895-198a-4c1b-b2d1-c16894218afb} C:\Windows\System32\unifiedconsent.dll [282112 2023-12-01] (Microsoft Windows -> Microsoft Corporation)
Task: {DDDB94C7-97BF-4327-A226-439AF27753B9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CAA64AA9-4C24-4733-B4B8-EB51A9BCB44D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BCB4F0B6-5FED-4D50-BDA8-A76A633C7E32} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3A8D7996-0538-4A97-9722-D3B67B6AC2E5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {36A37AD2-707E-4FA9-9A81-46657E2477F4} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Refresh Group Policy Cache => {07369A67-07A6-4608-ABEA-379491CB7C46} C:\Windows\System32\UpdatePolicy.dll [256512 2023-12-01] (Microsoft Windows -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 1.1.1.1 1.0.0.1
Tcpip\..\Interfaces\{9b00a095-6cf4-4375-a6b5-6c219ce0d2b0}: [NameServer] 1.1.1.1,1.0.0.1
Tcpip\..\Interfaces\{9b00a095-6cf4-4375-a6b5-6c219ce0d2b0}: [DhcpNameServer] 1.1.1.1 1.0.0.1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\atobe\AppData\Local\Microsoft\Edge\User Data\Default [2023-12-04]
Edge Notifications: Default -> hxxps://www.facebook.com; hxxps://www.messenger.com; hxxps://www38.davisonbarker.pro; hxxps://www54.davisonbarker.pro; hxxps://z-upload.facebook.com
Edge Session Restore: Default -> is enabled.
Edge Extension: (Authenticator) - C:\Users\atobe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bhghoamapcdpbohphigoooaddinpkbai [2023-11-25]
Edge Extension: (Enhancer for YouTube™) - C:\Users\atobe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dlgfaleeejmphhnemjgiaekdbonkagkd [2023-11-25]
Edge Extension: (GoPlay Extension) - C:\Users\atobe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\edhdonadgbpnhhkdobemjnjdpmfdjnmf [2023-11-25]
Edge Extension: (MetaMask) - C:\Users\atobe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ejbalbakoplchlghecdalmeeeajnimhm [2023-11-25]
Edge Extension: (Perplexity - AI Companion) - C:\Users\atobe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hlgbcneanomplepojfcnclggenpcoldo [2023-11-25]
Edge Extension: (SaveFrom.net helper) - C:\Users\atobe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hndfjogdceachkbgioglehonpejcdhem [2023-11-25]
Edge Extension: (Transpose ▲▼ pitch ▹ speed ▹ loop for videos) - C:\Users\atobe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ioimlbgefgadofblnajllknopjboejda [2023-11-25]
Edge Extension: (Unpaywall) - C:\Users\atobe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\iplffkdpngmdjhlpjmppncnlhomiipha [2023-11-25]
Edge Extension: (Volume Master) - C:\Users\atobe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jghecgabfgfdldnmbfkhmffcabddioke [2023-11-25]
Edge Extension: (Edge relevant text changes) - C:\Users\atobe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-11-25]
Edge Extension: (uBlock Origin) - C:\Users\atobe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2023-11-25]
Edge Profile: C:\Users\atobe\AppData\Local\Microsoft\Edge\User Data\Guest Profile [2023-12-02]
FireFox:
========
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.19 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN)
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AntiCheatExpert Service; C:\Program Files\AntiCheatExpert\SGuard\x64\SGuardSvc64.exe [2696560 2023-07-06] (HIGH MORALE DEVELOPMENTS LIMITED -> )
S3 AUEPLauncher; C:\Program Files\AMD\Performance Profile Client\AUEPDU.exe [527800 2023-08-04] (Advanced Micro Devices Inc. -> AMD)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [9712432 2023-01-16] (BattlEye Innovations e.K. -> )
S4 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [935344 2023-10-03] (EasyAntiCheat Oy -> Epic Games, Inc.)
S4 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2022-07-12] (Epic Games Inc. -> Epic Games, Inc.)
S3 GameInputSvc; C:\Windows\System32\GameInputSvc.exe [50168 2023-12-01] (Microsoft Corporation -> Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [12153200 2022-05-26] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.)
S3 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvmdig.inf_amd64_1e678564fff99713\Display.NvContainer\NVDisplay.Container.exe [1274888 2023-11-10] (NVIDIA Corporation -> NVIDIA Corporation)
S4 PrintNotify; C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll [3863040 2022-10-25] (Microsoft Corporation) [File not signed]
S3 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [256264 2023-02-10] (Razer USA Ltd. -> Razer Inc)
S3 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [297736 2023-11-09] (Razer USA Ltd. -> Razer Inc.)
S3 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [538424 2023-09-19] (Razer USA Ltd. -> Razer Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [534472 2023-12-01] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 UltraViewService; C:\Program Files (x86)\UltraViewer\UltraViewer_Service.exe [238416 2023-08-26] (DUC FABULOUS CO.,LTD -> )
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [9572824 2023-10-28] (Riot Games, Inc. -> Riot Games, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\NisSrv.exe [3121120 2023-11-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe [133704 2023-11-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 IMFservice; C:\Users\atobe\Documents\Installers\IOBit Malware\IObit Malware Fighter Pro v10.3.0.1077 Multilingual Portable\IObit Malware Fighter Pro 10.3.0.1077\App\IObit Malware Fighter\IMFSrv.exe [X]
S4 uhssvc; "C:\Program Files\Microsoft Update Health Tools\uhssvc.exe" [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ACE-BASE; C:\Windows\system32\drivers\ACE-BASE.sys [1660968 2023-07-06] (HIGH MORALE DEVELOPMENTS LIMITED -> ANTICHEATEXPERT.COM)
R3 amdgpio3; C:\Windows\System32\drivers\amdgpio3.sys [36928 2022-06-03] (ASMedia Technology Inc. -> Advanced Micro Devices, Inc)
S3 EagleX64; C:\Windows\system32\drivers\EagleX64.sys [174728 2023-03-10] (AhnLab, Inc. -> AhnLab, Inc.)
U5 PROCMON24; C:\Windows\System32\Drivers\PROCMON24.sys [80264 2023-12-01] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals - www.sysinternals.com)
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [27744 2021-03-09] (Daniel Terhell -> Resplendence Software Projects Sp.)
S3 RvNetMP60; C:\Windows\System32\drivers\RvNetMP60.sys [58288 2023-07-10] (Microsoft Windows Hardware Compatibility Publisher -> Famatech Corp.)
R3 RzCommon; C:\Windows\System32\drivers\RzCommon.sys [64168 2022-08-18] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_006e; C:\Windows\System32\drivers\RzDev_006e.sys [56152 2021-03-22] (Razer USA Ltd. -> Razer Inc)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc. -> Razer Inc)
S4 UCPD; C:\Windows\System32\drivers\UCPD.sys [29184 2023-12-01] (Microsoft Windows -> Microsoft Corporation)
R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [21679192 2023-10-27] (Riot Games, Inc. -> Riot Games, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [55744 2023-11-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [578856 2023-11-07] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105768 2023-11-07] (Microsoft Windows -> Microsoft Corporation)
S3 WireGuard; C:\Windows\System32\drivers\wireguard.sys [489368 2023-09-14] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 xhunter1; C:\Windows\xhunter1.sys [1432232 2023-06-25] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 rsDwf; \SystemRoot\system32\DRIVERS\rsDwf.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-12-04 21:34 - 2023-12-04 21:34 - 000014635 _____ C:\Users\atobe\Desktop\FRST.txt
2023-12-04 21:33 - 2023-12-04 21:34 - 000000000 ____D C:\FRST
2023-12-04 21:22 - 2023-12-04 21:22 - 002384384 _____ (Farbar) C:\Users\atobe\Desktop\FRST64.exe
2023-12-04 20:15 - 2023-11-09 00:38 - 006258032 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2023-12-04 19:31 - 2023-12-04 19:31 - 000001360 _____ C:\Users\atobe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\memreduct.lnk
2023-12-04 02:00 - 2023-12-04 02:00 - 000000000 ____D C:\Users\atobe\AppData\Roaming\IObit
2023-12-04 02:00 - 2023-12-04 02:00 - 000000000 ____D C:\ProgramData\ProductData
2023-12-03 23:57 - 2023-12-04 02:00 - 000000000 ____D C:\ProgramData\IObit
2023-12-03 23:56 - 2022-10-24 17:29 - 000042360 _____ (IObit) C:\Windows\system32\Drivers\IMFCameraProtect.sys
2023-12-03 00:08 - 2023-12-03 00:08 - 000001244 _____ C:\Users\atobe\Desktop\Roblox Studio.lnk
2023-12-02 22:38 - 2023-12-03 19:17 - 000000000 ____D C:\Users\atobe\AppData\Local\VirtualStore
2023-12-02 21:40 - 2023-12-02 21:40 - 000000000 ____D C:\SAVE
2023-12-02 21:37 - 2023-12-02 21:37 - 000000000 ____D C:\Windows\solcache
2023-12-02 21:35 - 2023-12-03 19:21 - 000000000 ____D C:\Sierra
2023-12-02 21:14 - 2023-12-02 21:14 - 000000000 ____D C:\bshift
2023-12-01 23:09 - 2023-12-01 23:09 - 000001585 _____ C:\Users\atobe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HWiNFO64.lnk
2023-12-01 22:32 - 2023-12-01 22:32 - 000001602 _____ C:\Users\atobe\Desktop\EarTrumpet.lnk
2023-12-01 20:43 - 2023-12-01 20:43 - 000000000 ____D C:\Users\atobe\AppData\Local\Datastead
2023-12-01 20:43 - 2017-12-08 18:01 - 000713216 _____ C:\Windows\system32\xvidcore.dll
2023-12-01 20:43 - 2017-12-08 18:01 - 000251392 _____ C:\Windows\system32\xvidvfw.dll
2023-12-01 20:43 - 2017-12-08 18:01 - 000172032 _____ C:\Windows\system32\xvid.ax
2023-12-01 16:22 - 2023-12-01 16:22 - 000002271 _____ C:\Users\Public\Desktop\NVIDIA RTX Voice.lnk
2023-12-01 16:22 - 2023-12-01 16:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2023-12-01 16:22 - 2020-03-12 21:58 - 000177896 _____ (NVIDIA Corporation) C:\Windows\system32\nvrtxaudcap64v.dll
2023-12-01 16:22 - 2020-03-12 21:58 - 000155024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvrtxaudcap32v.dll
2023-12-01 16:22 - 2020-03-12 21:58 - 000054504 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvrtxvad64v.sys
2023-12-01 14:58 - 2023-12-01 14:58 - 000006430 __RSH C:\ProgramData\ntuser.pol
2023-12-01 12:27 - 2023-12-01 13:28 - 000000000 ____D C:\Program Files\AMD
2023-12-01 12:27 - 2023-12-01 12:27 - 000000000 ____D C:\ProgramData\AMD
2023-12-01 11:49 - 2023-12-01 11:56 - 000000000 ____D C:\MSI
2023-12-01 10:35 - 2023-12-01 10:35 - 000000000 ____D C:\Windows\InboxApps
2023-12-01 10:05 - 2023-12-01 10:05 - 000000000 ___HD C:\$WinREAgent
2023-12-01 09:55 - 2023-12-01 09:55 - 000016707 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2023-11-26 01:40 - 2023-11-26 01:40 - 000000574 _____ C:\Users\atobe\ezpcopensdkconfig_2e76164306b94a2b9a4f01ad3f8c6f77.xml
2023-11-26 00:52 - 2023-11-26 00:52 - 000000000 ____D C:\LocalStorage
2023-11-25 22:34 - 2023-11-25 22:34 - 000000205 _____ C:\Users\atobe\.spotdl-cache
2023-11-25 22:28 - 2023-11-23 17:56 - 000000000 ____D C:\ffmpeg
2023-11-25 22:06 - 2023-11-25 22:06 - 000000000 ____D C:\Users\atobe\AppData\Local\pip
2023-11-24 01:56 - 2023-11-24 01:56 - 000000000 ____D C:\Users\atobe\AppData\Roaming\NVIDIA
2023-11-24 01:48 - 2023-11-24 01:48 - 000000000 ____D C:\Users\atobe\AppData\Local\Krisp
2023-11-22 04:14 - 2023-11-22 04:14 - 000000000 ____D C:\Users\atobe\AppData\Local\NVIDIA Corporation
2023-11-18 23:29 - 2023-11-18 23:29 - 001296872 _____ (Realtek ) C:\Windows\system32\Drivers\rt640x64.sys
2023-11-18 23:26 - 2023-11-18 23:26 - 000000000 ____D C:\Users\atobe\AppData\Roaming\Easeware
2023-11-17 22:27 - 2023-11-17 22:27 - 000002385 _____ C:\Users\atobe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Thorium.lnk
2023-11-17 21:38 - 2023-11-17 21:38 - 000001590 _____ C:\Users\atobe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter Strike 2.lnk
2023-11-16 11:22 - 2023-11-16 11:22 - 000000000 ____D C:\Users\atobe\AppData\Local\NVIDIA
2023-11-16 10:55 - 2023-11-17 22:15 - 000000000 ____D C:\Users\atobe\AppData\Local\content_shell
2023-11-15 05:19 - 2023-11-17 22:27 - 000002348 _____ C:\Users\atobe\Desktop\thorium.lnk
2023-11-15 05:07 - 2023-11-17 22:52 - 000000000 ____D C:\Users\atobe\AppData\Local\Thorium
2023-11-15 04:44 - 2023-12-03 18:39 - 000000000 ____D C:\ProgramData\NVIDIA
2023-11-15 04:44 - 2023-11-24 01:56 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2023-11-15 04:44 - 2023-11-15 04:44 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2023-11-15 04:44 - 2023-11-15 04:44 - 000000000 ____D C:\Users\atobe\AppData\LocalLow\NVIDIA
2023-11-15 04:40 - 2023-12-04 20:39 - 000000000 ____D C:\Users\atobe\AppData\Local\D3DSCache
2023-11-15 04:40 - 2023-11-10 19:38 - 001487368 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2023-11-15 04:40 - 2023-11-10 19:38 - 001424064 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2023-11-15 04:40 - 2023-11-10 19:38 - 001424064 _____ C:\Windows\system32\vulkan-1.dll
2023-11-15 04:40 - 2023-11-10 19:38 - 001246400 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2023-11-15 04:40 - 2023-11-10 19:38 - 001246400 _____ C:\Windows\SysWOW64\vulkan-1.dll
2023-11-15 04:40 - 2023-11-10 19:38 - 001226872 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2023-11-15 04:40 - 2023-11-10 19:38 - 000850512 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2023-11-15 04:40 - 2023-11-10 19:38 - 000850512 _____ C:\Windows\system32\vulkaninfo.exe
2023-11-15 04:40 - 2023-11-10 19:38 - 000731216 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2023-11-15 04:40 - 2023-11-10 19:38 - 000731216 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2023-11-15 04:39 - 2023-11-10 19:34 - 001541256 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2023-11-15 04:39 - 2023-11-10 19:34 - 001198200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2023-11-15 04:39 - 2023-11-10 19:34 - 000957960 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2023-11-15 04:39 - 2023-11-10 19:34 - 000669712 _____ (NVIDIA Corporation) C:\Windows\system32\nvofapi64.dll
2023-11-15 04:39 - 2023-11-10 19:34 - 000504840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvofapi.dll
2023-11-15 04:39 - 2023-11-10 19:33 - 002171000 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2023-11-15 04:39 - 2023-11-10 19:33 - 001624712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2023-11-15 04:39 - 2023-11-10 19:33 - 000997512 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2023-11-15 04:39 - 2023-11-10 19:33 - 000810104 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2023-11-15 04:39 - 2023-11-10 19:33 - 000774280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2023-11-15 04:39 - 2023-11-10 19:32 - 015095416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2023-11-15 04:39 - 2023-11-10 19:32 - 012375160 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2023-11-15 04:39 - 2023-11-10 19:32 - 006462600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2023-11-15 04:39 - 2023-11-10 19:32 - 005862520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcudadebugger.dll
2023-11-15 04:39 - 2023-11-10 19:32 - 005861000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2023-11-15 04:39 - 2023-11-10 19:32 - 003619960 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2023-11-15 04:39 - 2023-11-10 19:32 - 000853112 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2023-11-15 04:39 - 2023-11-10 19:32 - 000459384 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2023-11-15 04:39 - 2023-11-10 19:31 - 007866472 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2023-11-15 04:39 - 2023-11-10 19:30 - 006745880 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2023-11-15 04:39 - 2023-11-10 10:07 - 000113883 _____ C:\Windows\system32\nvinfo.pb
2023-11-13 00:41 - 2023-11-17 23:25 - 000000000 ____D C:\Windows\system32\MSDtc
2023-11-12 03:45 - 2023-11-12 03:45 - 000000000 ____D C:\Users\atobe\AppData\Roaming\Pegasun
2023-11-12 01:52 - 2023-11-12 01:52 - 000001828 _____ C:\Users\atobe\Desktop\CrystalDiskInfo.lnk
2023-11-12 01:52 - 2023-11-12 01:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2023-11-12 01:52 - 2023-11-12 01:52 - 000000000 ____D C:\Program Files\CrystalDiskInfo
2023-11-12 01:15 - 2023-11-12 01:15 - 000000112 ___SH C:\bootTel.dat
2023-11-11 23:28 - 2023-11-11 23:28 - 000000000 ____D C:\Users\atobe\AppData\Local\Patch_My_PC,_LLC
2023-11-10 14:46 - 2023-11-11 15:50 - 000000000 ____D C:\Users\atobe\AppData\Local\Playnite
2023-11-10 08:08 - 2023-11-10 08:08 - 000000000 ____D C:\Users\atobe\AppData\LocalLow\Asobimo,Inc
2023-11-08 19:06 - 2022-05-16 17:23 - 000013576 ____H (Windows (R) Win 7 DDK provider) C:\Windows\acpimof.dll
2023-11-08 18:59 - 2023-11-08 19:07 - 000000000 ____D C:\ProgramData\MSI
2023-11-08 18:57 - 2023-12-01 11:56 - 000000000 ____D C:\Program Files (x86)\MSI
2023-11-08 16:21 - 2023-11-26 22:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2023-11-08 16:21 - 2023-11-25 23:17 - 000000000 ____D C:\Users\atobe\AppData\Local\Razer
2023-11-08 16:19 - 2023-11-25 23:17 - 000000000 ____D C:\Program Files (x86)\Razer
2023-11-08 16:08 - 2023-11-08 16:08 - 000001087 _____ C:\Users\atobe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RevoUPort.lnk
2023-11-08 00:11 - 2023-12-03 23:02 - 000000000 ____D C:\Users\atobe\Downloads\Video
2023-11-08 00:11 - 2023-11-11 22:53 - 000000000 ____D C:\Program Files (x86)\Internet Download Manager
2023-11-08 00:11 - 2023-11-11 22:52 - 000000000 ____D C:\Users\atobe\AppData\Roaming\IDM
2023-11-08 00:11 - 2023-11-08 18:30 - 000000000 ____D C:\Users\atobe\AppData\Roaming\DMCache
2023-11-08 00:11 - 2023-11-08 00:11 - 000000000 ____D C:\Users\atobe\Downloads\Compressed
2023-11-08 00:11 - 2023-11-08 00:11 - 000000000 ____D C:\ProgramData\IDM
2023-11-04 23:37 - 2023-11-04 23:37 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2023-11-04 23:04 - 2023-12-01 16:22 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2023-11-04 22:40 - 2023-11-16 12:45 - 000001787 _____ C:\Users\atobe\Desktop\CLEAN TEMP .bat - Shortcut.lnk
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-12-04 21:33 - 2022-10-25 11:06 - 000840878 _____ C:\Windows\system32\PerfStringBackup.INI
2023-12-04 21:33 - 2019-12-07 17:13 - 000000000 ____D C:\Windows\INF
2023-12-04 21:31 - 2022-10-26 14:48 - 000000001 _____ C:\Windows\vgkbootstatus.dat
2023-12-04 21:30 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\AppReadiness
2023-12-04 21:29 - 2019-12-07 17:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-12-04 21:28 - 2022-10-26 01:59 - 000008192 ___SH C:\DumpStack.log.tmp
2023-12-04 21:28 - 2022-10-26 01:59 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-12-04 21:28 - 2019-12-07 17:03 - 000262144 _____ C:\Windows\system32\config\BBI
2023-12-04 20:59 - 2023-02-07 10:00 - 000000000 ____D C:\Users\atobe\Documents\GameOptimize
2023-12-04 20:16 - 2023-07-26 22:01 - 000000000 ___HD C:\Program Files (x86)\Temp
2023-12-04 20:15 - 2022-11-30 15:09 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2023-12-04 19:51 - 2019-12-07 17:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-12-04 19:48 - 2023-10-29 20:29 - 000000000 ____D C:\Users\atobe\Documents\Installers
2023-12-03 23:56 - 2022-10-25 11:05 - 000000000 ____D C:\Windows\system32\MRT
2023-12-03 23:50 - 2022-11-11 21:04 - 000000000 ____D C:\Users\atobe\AppData\Roaming\vlc
2023-12-03 22:09 - 2022-10-26 01:59 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-12-03 18:51 - 2023-09-04 00:19 - 000000000 ____D C:\Games
2023-12-03 17:03 - 2022-10-26 18:05 - 000000000 ____D C:\Users\atobe\AppData\Local\CrashDumps
2023-12-03 00:08 - 2023-11-02 09:40 - 000000000 ____D C:\Users\atobe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2023-12-03 00:08 - 2023-01-11 10:30 - 000000256 _____ C:\Users\atobe\AppData\LocalLow\rbxcsettings.rbx
2023-12-03 00:05 - 2022-10-25 15:23 - 000000000 ____D C:\ProgramData\Package Cache
2023-12-03 00:00 - 2023-07-04 09:29 - 000000000 ___RD C:\Users\atobe\Documents\RevoUninstaller_Portable
2023-12-02 23:59 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\LiveKernelReports
2023-12-02 22:22 - 2022-11-30 14:49 - 000000000 ____D C:\ProgramData\chocolatey
2023-12-02 21:39 - 2022-10-26 14:55 - 000000000 ____D C:\Program Files (x86)\Steam
2023-12-02 19:09 - 2022-11-21 20:36 - 000000000 ____D C:\Users\atobe\Documents\Games
2023-12-01 23:20 - 2022-10-25 15:07 - 000000000 ____D C:\Windows\pss
2023-12-01 16:59 - 2023-08-07 14:02 - 000000000 ____D C:\Users\atobe\AppData\Roaming\discord
2023-12-01 16:58 - 2023-08-07 14:02 - 000000000 ____D C:\Users\atobe\AppData\Local\Discord
2023-12-01 16:57 - 2023-07-26 21:53 - 000000061 _____ C:\ProgramData\perma.bm
2023-12-01 16:57 - 2022-11-17 16:41 - 000000000 _____ C:\ProgramData\system.conf
2023-12-01 16:57 - 2022-10-26 18:18 - 000001044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z.lnk
2023-12-01 16:57 - 2022-10-26 01:59 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-12-01 16:57 - 2022-10-25 18:05 - 000001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2023-12-01 16:56 - 2022-12-13 02:41 - 000000000 ____D C:\ProgramData\Riot Games
2023-12-01 16:53 - 2023-08-07 14:02 - 000002227 _____ C:\Users\atobe\Desktop\Discord.lnk
2023-12-01 16:22 - 2022-10-25 16:24 - 000000000 ____D C:\temp
2023-12-01 15:18 - 2023-10-06 00:58 - 000000016 _____ C:\ProgramData\rtpeskt
2023-12-01 15:15 - 2023-01-26 11:43 - 000000016 _____ C:\ProgramData\mntemp
2023-12-01 13:55 - 2023-09-04 19:05 - 000000000 ____D C:\ProgramData\Windows Master Setup
2023-12-01 13:46 - 2022-11-24 04:23 - 000000000 ____D C:\Program Files\WinRAR
2023-12-01 13:28 - 2022-10-25 15:38 - 000000000 ____D C:\AMD
2023-12-01 13:15 - 2023-09-26 02:56 - 000080264 ____H (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCMON24.SYS
2023-12-01 12:27 - 2022-11-03 12:17 - 000000000 ____D C:\Users\atobe\AppData\Local\Downloaded Installations
2023-12-01 12:27 - 2022-10-25 11:02 - 000000000 ____D C:\Users\atobe
2023-12-01 12:26 - 2023-09-13 22:56 - 000000000 ____D C:\Users\atobe\Documents\Realtek
2023-12-01 11:59 - 2022-11-30 15:09 - 000000000 ____D C:\Program Files (x86)\Realtek
2023-12-01 10:36 - 2022-10-26 01:59 - 000259736 _____ C:\Windows\system32\FNTCACHE.DAT
2023-12-01 10:36 - 2022-10-25 11:03 - 000000000 ____D C:\Users\atobe\AppData\Local\Packages
2023-12-01 10:35 - 2019-12-07 17:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2023-12-01 10:35 - 2019-12-07 17:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-12-01 10:35 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2023-12-01 10:35 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2023-12-01 10:35 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\SystemResources
2023-12-01 10:35 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2023-12-01 10:35 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\system32\oobe
2023-12-01 10:35 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\system32\Dism
2023-12-01 10:35 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\ShellExperiences
2023-12-01 10:35 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\Provisioning
2023-12-01 10:35 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2023-12-01 10:35 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\bcastdvr
2023-12-01 10:35 - 2019-12-07 17:03 - 000000000 ____D C:\Windows\servicing
2023-12-01 10:28 - 2019-12-07 17:03 - 000000000 ____D C:\Windows\CbsTemp
2023-12-01 09:57 - 2019-12-07 17:54 - 000023040 _____ (Microsoft Corporation) C:\Windows\system32\OEMDefaultAssociations.dll
2023-12-01 09:57 - 2019-12-07 17:54 - 000020827 _____ C:\Windows\system32\OEMDefaultAssociations.xml
2023-11-30 22:42 - 2022-10-26 01:59 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-11-25 23:25 - 2022-10-25 11:02 - 000000000 ____D C:\ProgramData\Razer
2023-11-25 22:57 - 2023-11-01 22:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox
2023-11-25 22:27 - 2023-10-05 23:44 - 000000000 ____D C:\Users\atobe\Documents\Docs
2023-11-25 19:57 - 2022-11-03 01:01 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2023-11-25 19:56 - 2023-10-10 13:45 - 000000000 ____D C:\Users\atobe\Documents\Image-Line
2023-11-25 19:56 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\registration
2023-11-17 21:46 - 2022-10-26 14:55 - 000000000 ____D C:\Users\atobe\AppData\Local\Steam
2023-11-17 03:50 - 2022-12-11 19:05 - 000000000 ____D C:\Users\atobe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2023-11-16 12:31 - 2023-01-11 10:30 - 000000000 ____D C:\Users\atobe\AppData\Local\Roblox
2023-11-15 05:16 - 2022-09-08 11:12 - 000000000 ____D C:\Windows\SystemTemp
2023-11-15 04:33 - 2019-12-07 17:14 - 000000000 ___SD C:\Windows\system32\UNP
2023-11-15 04:33 - 2019-12-07 17:14 - 000000000 ___RD C:\Windows\PrintDialog
2023-11-15 04:33 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2023-11-15 04:33 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\system32\migwiz
2023-11-15 04:33 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\ShellComponents
2023-11-15 04:20 - 2022-10-25 11:05 - 182871392 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2023-11-12 21:10 - 2022-12-13 02:42 - 000000000 ____D C:\Program Files\Riot Vanguard
2023-11-12 03:46 - 2022-11-03 04:07 - 000000000 ____D C:\Users\atobe\AppData\Local\OO Software
2023-11-10 08:09 - 2023-01-26 11:43 - 000000000 ____D C:\Users\atobe\AppData\LocalLow\Unity
2023-11-08 18:59 - 2022-10-25 11:03 - 000000000 ____D C:\ProgramData\Packages
2023-11-07 23:07 - 2023-09-25 19:27 - 000000000 ____D C:\Program Files (x86)\UltraViewer
2023-11-07 15:05 - 2022-10-26 01:59 - 000000000 ____D C:\Windows\system32\Drivers\wd
2023-11-04 23:59 - 2022-10-25 11:02 - 000000000 ____D C:\Users\atobe\AppData\Roaming\Microsoft\Windows
==================== Files in the root of some directories ========
2023-04-06 11:59 - 2023-04-08 18:49 - 000152276 _____ () C:\Users\atobe\AppData\Local\keyword.txt
2023-04-06 11:59 - 2023-04-08 18:49 - 000067928 _____ () C:\Users\atobe\AppData\Local\keyword.zip
2023-09-25 20:31 - 2023-09-25 20:31 - 000007601 _____ () C:\Users\atobe\AppData\Local\Resmon.ResmonCfg
2023-04-06 11:59 - 2023-04-09 00:42 - 000819383 _____ () C:\Users\atobe\AppData\Local\YouMeIMLogV2.txt
2023-04-06 11:59 - 2023-04-06 11:59 - 000008192 _____ () C:\Users\atobe\AppData\Local\youmeimprofile.db
2023-04-06 12:14 - 2023-04-06 12:14 - 000016384 _____ () C:\Users\atobe\AppData\Local\youme_im_message.db
2023-04-06 12:14 - 2023-04-06 12:14 - 000008192 _____ () C:\Users\atobe\AppData\Local\youme_im_notice.db
2023-04-06 11:59 - 2023-04-08 18:50 - 000008192 _____ () C:\Users\atobe\AppData\Local\youme_im_report.db
==================== FLock ==============================
2023-11-02 13:32 C:\Windows\UV_LastPW.ini
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2023
Ran by Burento (04-12-2023 21:35:01)
Running from C:\Users\atobe\Desktop
Microsoft Windows 10 Pro Version 22H2 19045.3758 (X64) (2022-10-25 03:00:46)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-1914130881-976919837-3734132408-500 - Administrator - Disabled)
Burento (S-1-5-21-1914130881-976919837-3734132408-1001 - Administrator - Enabled) => C:\Users\atobe
DefaultAccount (S-1-5-21-1914130881-976919837-3734132408-503 - Limited - Disabled)
Guest (S-1-5-21-1914130881-976919837-3734132408-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1914130881-976919837-3734132408-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 5.08.02.027 - Advanced Micro Devices, Inc.)
AMD GPIO2 Driver (HKLM-x32\...\{E9DD399F-21A3-479E-A7DF-D6CF4B2ADBF3}) (Version: 2.2.0.130 - Advanced Micro Devices, Inc.) Hidden
AMD PCI Driver (HKLM-x32\...\{80EC3CEE-2940-42A1-A776-B5D810D39F1E}) (Version: 1.0.0.90 - Advanced Micro Devices, Inc.) Hidden
AMD PSP Driver (HKLM-x32\...\{988F14B8-79A8-475D-BAC7-83F96AD3D821}) (Version: 5.24.0.0 - Advanced Micro Devices, Inc.) Hidden
AMD Ryzen Balanced Driver (HKLM-x32\...\{A171D320-C42C-4F3B-A2D8-C6A09F6788CC}) (Version: 8.0.0.13 - Advanced Micro Devices, Inc.) Hidden
AMD SBxxx SMBus Driver (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.38 - Advanced Micro Devices, Inc.) Hidden
AMD_Chipset_Drivers (HKLM-x32\...\{94dc9043-935f-4e10-ac8b-5ce0ac055188}) (Version: 5.08.02.027 - Advanced Micro Devices, Inc.) Hidden
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
CPUID CPU-Z MSI 2.06 (HKLM\...\CPUID CPU-Z MSI_is1) (Version: 2.06 - CPUID, Inc.)
CrystalDiskInfo 9.1.1 (HKLM\...\CrystalDiskInfo_is1) (Version: 9.1.1 - Crystal Dew World)
Discord (HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\Discord) (Version: 1.0.9016 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{20235E2B-1E9F-473D-A215-B2467F1F06E3}) (Version: 1.3.51.0 - Epic Games, Inc.)
Epic Online Services (HKLM-x32\...\{19695986-25CE-41AC-9C6F-54794653EDBA}) (Version: 2.0.36.0 - Epic Games, Inc.)
Equalizer APO (HKLM\...\EqualizerAPO) (Version: 1.3 - )
FL Studio 20 (HKLM-x32\...\FL Studio 20) (Version: - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
LatencyMon 7.31 (HKLM\...\LatencyMon_is1) (Version: 7.31 - Resplendence Software Projects Sp.)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft .NET Core Host - 3.1.31 (x64) (HKLM\...\{97ECD882-397F-4825-B7FB-1B9DF76B7DD9}) (Version: 24.124.31813 - Microsoft Corporation) Hidden
Microsoft .NET Core Host FX Resolver - 3.1.31 (x64) (HKLM\...\{4CF84AED-891D-4ECD-93FB-94B58A43F454}) (Version: 24.124.31813 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.31 (x64) (HKLM\...\{337A821B-2ED5-42BC-8699-238B600CBB73}) (Version: 24.124.31813 - Microsoft Corporation) Hidden
Microsoft .NET Host - 5.0.17 (x64) (HKLM\...\{E663ED1E-899C-40E8-91D0-8D37B95E3C69}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.11 (x64) (HKLM\...\{B92B890A-04F2-4880-BA20-20D4364FB263}) (Version: 48.47.50420 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.17 (x64) (HKLM\...\{8BA25391-0BE6-443A-8EBF-86A29BAFC479}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.11 (x64) (HKLM\...\{5E63E49B-C88C-46C5-855C-A7B07C11CDC8}) (Version: 48.47.50420 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x64) (HKLM\...\{5A66E598-37BD-4C8A-A7CB-A71C32ABCD78}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.11 (x64) (HKLM\...\{C3DD1448-513A-4DB8-978D-6991562EA63D}) (Version: 48.47.50420 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 119.0.2151.97 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 115.0.1901.188 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{56F27690-F6EA-3356-980A-02BA379506EE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{1b103cea-f037-4504-81de-956057b442c3}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.38.33130 (HKLM-x32\...\{1de5e707-82da-4db6-b810-5d140cc4cbb3}) (Version: 14.38.33130.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.38.33130 (HKLM-x32\...\{2cfeba4a-21f8-4ea7-9927-c5a5c6f13cc9}) (Version: 14.38.33130.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.38.33130 (HKLM\...\{C31777DB-51C1-4B19-9F80-38EF5C1D7C89}) (Version: 14.38.33130 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.38.33130 (HKLM\...\{1CA7421F-A225-4A9C-B320-A36981A2B789}) (Version: 14.38.33130 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.38.33130 (HKLM-x32\...\{5CA9AE7B-2EFC-4F02-81CD-32ABE173C755}) (Version: 14.38.33130 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.38.33130 (HKLM-x32\...\{DF1B52DF-C88E-4DDF-956B-6E7A03327F46}) (Version: 14.38.33130 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 3.1.31 (x64) (HKLM\...\{F3479C10-2CEA-4C17-8C49-5AD92965254D}) (Version: 24.124.31813 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 3.1.31 (x64) (HKLM-x32\...\{2c0fd312-a570-439d-8831-42fe66080acc}) (Version: 3.1.31.31813 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.17 (x64) (HKLM\...\{3C31CBA1-A0D9-4B95-A807-AD2313D12F47}) (Version: 40.68.31219 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 5.0.17 (x64) (HKLM-x32\...\{20d5df4e-006c-4d6d-a0dc-490d009b9786}) (Version: 5.0.17.31219 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 6.0.11 (x64) (HKLM\...\{A39D4115-3A27-4245-AE92-3214B8B21932}) (Version: 48.47.50419 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.11 (x64) (HKLM-x32\...\{c4846f79-a633-4ae4-92a3-92fdbeb33da2}) (Version: 6.0.11.31823 - Microsoft Corporation)
NVIDIA Graphics Driver 546.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 546.17 - NVIDIA Corporation)
NVIDIA NVIDIA RTX Voice Driver 1.0.0.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_RTXVoice.Driver) (Version: 1.0.0.2 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
NVIDIA RTX Voice Application (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_RTXVoice) (Version: 0.5.12.6 - NVIDIA Corporation)
NVIDIA USBC Driver 1.50.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.50.831.832 - NVIDIA Corporation)
Promontory_GPIO Driver (HKLM-x32\...\{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}) (Version: 3.0.0.0 - Advanced Micro Devices, Inc.) Hidden
Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.8.1031.110912 - Razer Inc.)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9601.1 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.64.316.2023 - Realtek)
Riot Client (HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\Riot Game Riot_Client.) (Version: - Riot Games, Inc)
Riot Vanguard (HKLM\...\Riot Vanguard) (Version: - Riot Games, Inc.)
Roblox Player for Burento (HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\roblox-player) (Version: - Roblox Corporation)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TechPowerUp GPU-Z (HKLM-x32\...\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1) (Version: 2.55.0 - TechPowerUp)
Thorium (HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\Thorium) (Version: 117.0.5938.157 - The Thorium Authors)
Tony Hawks Pro Skater 1 Plus 2 (HKLM-x32\...\Tony Hawks Pro Skater 1 Plus 2_is1) (Version: - )
UE4 Prerequisites (x64) (HKLM\...\{D7B591D8-1091-4A00-A0B3-5301C45E5D51}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
UltraViewer version 6.6.48 (HKLM-x32\...\{E0FABD74-083B-47F4-AC5B-CA4237BF8913}_is1) (Version: 6.6.48 - DucFabulous)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation)
VALORANT (HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\Riot Game valorant.live) (Version: - Riot Games, Inc)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.20 - VideoLAN)
Windows Driver Package - Razer Inc. (WinUSB) USB (05/04/2016 6.2.9200.16385) (HKLM\...\874D6B1A2BD2AE8FF3594AB704F2A4A3F8342FB5) (Version: 05/04/2016 6.2.9200.16385 - Razer Inc.)
WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH)
Packages:
=========
AV1 Video Extension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.61781.0_x64__8wekyb3d8bbwe [2023-11-25] (Microsoft Corporation)
EarTrumpet -> C:\Program Files\WindowsApps\40459File-New-Project.EarTrumpet_2.3.0.0_x86__1sdd7yawvg6ne [2023-11-25] (File-New-Project) [Startup Task]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-11-28] (NVIDIA Corp.)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2023-11-25] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2023-11-25] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.48.312.0_x64__dt26b99r8h8gj [2023-12-01] (Realtek Semiconductor Corp)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1914130881-976919837-3734132408-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1914130881-976919837-3734132408-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1914130881-976919837-3734132408-1001_Classes\CLSID\{5ea9a442-5352-ed6e-d37f-9d511e7e2caa}\localserver32 -> "C:\Program Files\PowerToys\PowerToys.PowerLauncher.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-1914130881-976919837-3734132408-1001_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\localserver32 -> C:\Users\atobe\AppData\Local\Thorium\Application\117.0.5938.157\notification_helper.exe (Alex313031) [File not signed]
ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvmdig.inf_amd64_1e678564fff99713\nvshext.dll [2023-11-10] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.XVID] => c:\windows\system32\xvidvfw.dll [251392 2017-12-08] () [File not signed]
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\atobe\Desktop\CLEAN TEMP .bat - Shortcut.lnk -> C:\Users\atobe\Documents\GameOptimize\Aysa FPS Folder\clean\CLEAN TEMP .bat ()
==================== Loaded Modules (Whitelisted) =============
2022-05-23 02:57 - 2022-05-23 02:57 - 000613376 _____ () [File not signed] C:\Program Files\EqualizerAPO\EqualizerAPO.dll
2016-07-31 05:42 - 2016-07-31 05:42 - 002772692 _____ () [File not signed] C:\Program Files\EqualizerAPO\libfftw3f-3.dll
2017-04-03 01:01 - 2017-04-03 01:01 - 001748992 _____ () [File not signed] C:\Program Files\EqualizerAPO\libsndfile-1.dll
2023-11-17 22:26 - 2023-10-11 02:19 - 000498176 _____ () [File not signed] C:\Users\atobe\AppData\Local\Thorium\Application\117.0.5938.157\libegl.dll
2023-11-17 22:26 - 2023-10-11 02:19 - 008403968 _____ () [File not signed] C:\Users\atobe\AppData\Local\Thorium\Application\117.0.5938.157\libglesv2.dll
2023-11-17 22:27 - 2023-10-11 02:19 - 005973504 _____ () [File not signed] C:\Users\atobe\AppData\Local\Thorium\Application\117.0.5938.157\vk_swiftshader.dll
2023-11-17 22:26 - 2023-10-11 02:19 - 237415424 _____ (Alex313031) [File not signed] C:\Users\atobe\AppData\Local\Thorium\Application\117.0.5938.157\chrome.dll
2023-11-17 22:26 - 2023-10-11 02:19 - 001394688 _____ (Alex313031) [File not signed] C:\Users\atobe\AppData\Local\Thorium\Application\117.0.5938.157\chrome_elf.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\mntemp:8EAD8B3507 [5138]
AlternateDataStreams: C:\ProgramData\perma.bm:4A13D2B240 [5138]
AlternateDataStreams: C:\ProgramData\rtpeskt:1F3D48CBE8 [5138]
AlternateDataStreams: C:\ProgramData\system.conf:0F57F3FDE6 [5138]
AlternateDataStreams: C:\ProgramData\system.conf:422D4106AB [5138]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:98F6F85C [114]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [5138]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [5138]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [5138]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk:E77773B271 [5138]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z.lnk:718E15FDE8 [5138]
AlternateDataStreams: C:\Users\atobe\Application Data:401b39480725c581a77cd78cb5a228f5 [394]
AlternateDataStreams: C:\Users\atobe\Application Data:671890e017d8a4fb26004192461213ff [394]
AlternateDataStreams: C:\Users\atobe\Application Data:6f253e6e4a0b5d350d885c54873a9999 [394]
AlternateDataStreams: C:\Users\atobe\Application Data:9e1811b514796fb3fd8d48513cdb9024 [394]
AlternateDataStreams: C:\Users\atobe\Application Data:a4a7135d5fc196220c4b1dfe38793a5a [394]
AlternateDataStreams: C:\Users\atobe\Application Data:cbb0660c87f0ef13f0dc1af5fc07272a [394]
AlternateDataStreams: C:\Users\atobe\Application Data:ec26fcc64579419b6922f3893f7e4905 [394]
AlternateDataStreams: C:\Users\atobe\AppData\Roaming:401b39480725c581a77cd78cb5a228f5 [394]
AlternateDataStreams: C:\Users\atobe\AppData\Roaming:671890e017d8a4fb26004192461213ff [394]
AlternateDataStreams: C:\Users\atobe\AppData\Roaming:6f253e6e4a0b5d350d885c54873a9999 [394]
AlternateDataStreams: C:\Users\atobe\AppData\Roaming:9e1811b514796fb3fd8d48513cdb9024 [394]
AlternateDataStreams: C:\Users\atobe\AppData\Roaming:a4a7135d5fc196220c4b1dfe38793a5a [394]
AlternateDataStreams: C:\Users\atobe\AppData\Roaming:cbb0660c87f0ef13f0dc1af5fc07272a [394]
AlternateDataStreams: C:\Users\atobe\AppData\Roaming:ec26fcc64579419b6922f3893f7e4905 [394]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [8374]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
==================== Association (Whitelisted) =================
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\Software\Classes\regfile: <==== ATTENTION
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\Software\Classes\.reg: => <==== ATTENTION
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\Software\Classes\.bat: => <==== ATTENTION
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\Software\Classes\.cmd: => <==== ATTENTION
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 17:14 - 2023-09-26 10:08 - 000003200 _____ C:\Windows\system32\drivers\etc\hosts
109.94.209.70 fitgirlrepacks.in # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.in # Fake FitGirl site
109.94.209.70 fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 fitgirl-repacks.to # Fake FitGirl site
109.94.209.70 fitgirl-repack.com # Fake FitGirl site
109.94.209.70 fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.to # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.com # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 ww9.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 *.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repack.net # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.net # Fake FitGirl site
109.94.209.70 fitgirlpack.site # Fake FitGirl site
109.94.209.70 www.fitgirlpack.site # Fake FitGirl site
109.94.209.70 fitgirl-repack.org # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.org # Fake FitGirl site
109.94.209.70 fitgirlrepacks.pro # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.pro # Fake FitGirl site
109.94.209.70 fitgirlrepack.games # Fake FitGirl site
109.94.209.70 www.fitgirlrepack.games # Fake FitGirl site
109.94.209.70 fitgirl-repacks-site.org # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks-site.org # Fake FitGirl site
109.94.209.70 fitgirls-repacks.com # Fake FitGirl site
109.94.209.70 fitgirlrepack.cc # Fake FitGirl site
109.94.209.70 fitgirlrepacks.org # Fake FitGirl site
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\Control Panel\Desktop\\Wallpaper -> D:\Users\Brent Martin\Pictures\Neomuhae II\338915506_1357099454858559_4899861212144086898_n.jpg
DNS Servers: 1.1.1.1 - 1.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\Services: EasyAntiCheat_EOS => 3
MSCONFIG\Services: EpicOnlineServices => 3
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IMFservice => 3
MSCONFIG\Services: PCManager Service => 2
MSCONFIG\Services: ProtonVPN Service => 3
MSCONFIG\Services: ProtonVPN WireGuard => 3
MSCONFIG\Services: RvControlSvc => 3
MSCONFIG\Services: TeamViewer => 3
HKLM\...\StartupApproved\StartupFolder: => "AnyDesk.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "Riot Vanguard"
HKLM\...\StartupApproved\Run32: => "Discord"
HKLM\...\StartupApproved\Run32: => "RadminVPN"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "Netmarble Launcher"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "Synapse3"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "Battle.net"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_99AB2386BA0AFF948500766949EA6367"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "Glyph Client"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "RiotClient"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "ProtonVPN"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "TeraBox"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "TeraBoxWeb"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "IDMan"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{8C426E08-8407-4F95-BF4C-05ABAB54CB31}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{0D07FBA8-8BAF-47CF-9165-4B25DCE202DC}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{6552CA0D-5356-4F62-B5D3-5408DA567C2D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{C9016994-AB95-4EBE-B38C-0831ADA9235A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{60112DA9-7D02-4E20-9368-B8A53BD3827B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{7E5FDBD4-70E3-4051-9E2D-FD8CA30BBF08}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [TCP Query User{0671EB70-A463-47DB-A762-93C6096A11B8}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [UDP Query User{422BA90D-D9FD-4C6B-A28B-A618127D4A29}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [{6D972FA1-2B08-45CF-88AE-D3D8A4671F5F}] => (Allow) C:\Riot Games\VALORANT\live\VALORANT.exe (Riot Games, Inc. -> Riot Games)
FirewallRules: [{489794AE-77EE-4797-A9FB-1BC73B6338DB}] => (Allow) C:\Riot Games\VALORANT\live\VALORANT.exe (Riot Games, Inc. -> Riot Games)
FirewallRules: [{E829A648-6E48-4FDF-8DD0-2E5F7369B156}] => (Allow) C:\Riot Games\VALORANT\live\ShooterGame\Binaries\Win64\VALORANT-Win64-Shipping.exe (Riot Games, Inc. -> Riot Games)
FirewallRules: [{47457A3F-903A-4FC4-B205-9E4BF36747D5}] => (Allow) C:\Riot Games\VALORANT\live\ShooterGame\Binaries\Win64\VALORANT-Win64-Shipping.exe (Riot Games, Inc. -> Riot Games)
FirewallRules: [{E0CEDCC0-9D81-46D1-84F1-761031F30982}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{BE838F45-ADB0-4B80-9644-8F9F7B235618}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{0BC962BA-E681-4A13-B6CE-6BA2B28302E0}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{9FA623B2-5480-4781-9D80-03CD2C276DDE}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{83B21BF0-6A74-4816-B486-C9D1ED0076DE}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{5B4C74F8-F4C4-4578-807F-E6AE1AC38BC6}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{371380C1-C5D0-4933-A7A5-1B0B4364BA32}] => (Allow) LPort=2099
FirewallRules: [{05027FC0-8EC2-4817-8A28-300A936F02A8}] => (Allow) LPort=5223
FirewallRules: [{D06A136F-6262-4CA9-A2F4-D5DB5233A51C}] => (Allow) LPort=5222
FirewallRules: [{1D4848FC-E387-4176-9FD1-10D369897E5D}] => (Allow) LPort=80
FirewallRules: [{5FA538C9-A3E8-4A88-AAFB-97FF9860DBD7}] => (Allow) LPort=443
FirewallRules: [{5C7D414D-7BD6-47C8-A720-8BAF0FEB7870}] => (Allow) LPort=8088
FirewallRules: [{434D6E9A-D91A-47B2-A6B9-8B643842B768}] => (Allow) LPort=8088
FirewallRules: [{5E7A6138-AC4D-4959-B565-92C622FC0BFA}] => (Allow) C:\Riot Games\VALORANT\live\VALORANT.exe (Riot Games, Inc. -> Riot Games)
FirewallRules: [{03A58B38-BC2C-4DED-8212-333A192451E2}] => (Allow) C:\Riot Games\VALORANT\live\VALORANT.exe (Riot Games, Inc. -> Riot Games)
FirewallRules: [{E048D2FD-BF2A-4000-AE5D-35DF888BDC45}] => (Allow) C:\Program Files\Riot Vanguard\vgc.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{E6DFDC83-8E59-41FF-9ACC-9685FCCAD980}] => (Allow) C:\Program Files\Riot Vanguard\vgc.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{E6825A23-D51C-4277-B011-98A44AD20FA9}] => (Allow) C:\Riot Games\Riot Client\RiotClientServices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{0833BCBF-E22A-4C32-93AC-2E3DC38DC754}] => (Allow) C:\Riot Games\Riot Client\RiotClientServices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{758C93E3-2803-4C8E-8853-6D901816A32A}] => (Allow) E:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [{548FB8E5-8E2E-4C87-84D5-3186479755F0}] => (Allow) E:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [TCP Query User{79F2A70B-17FA-4A0D-B4FE-5928C9ABFE16}C:\counter-strike-original\hl.exe] => (Allow) C:\counter-strike-original\hl.exe => No File
FirewallRules: [UDP Query User{6CCE973E-329D-4177-9B84-6C9EFC4F709D}C:\counter-strike-original\hl.exe] => (Allow) C:\counter-strike-original\hl.exe => No File
FirewallRules: [TCP Query User{33652D8A-1B9E-4DCC-90E6-50EE3685F797}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{D42B1470-8396-403D-9BDE-FA7354CBD207}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{60CB3AF8-1CCE-4F9B-82C4-85B61B56391D}] => (Allow) C:\Riot Games\VALORANT\live\VALORANT.exe (Riot Games, Inc. -> Riot Games)
FirewallRules: [{5CF05C24-A937-4575-80BA-A75EB4EEFBCC}] => (Allow) C:\Riot Games\VALORANT\live\VALORANT.exe (Riot Games, Inc. -> Riot Games)
FirewallRules: [{CE491951-4055-49EB-B52D-56E416FE912F}] => (Allow) C:\Riot Games\VALORANT\live\VALORANT.exe (Riot Games, Inc. -> Riot Games)
FirewallRules: [{980782DD-9CE6-40A7-8B61-908FB4469B09}] => (Allow) C:\Riot Games\VALORANT\live\VALORANT.exe (Riot Games, Inc. -> Riot Games)
FirewallRules: [{745DEFB6-B960-4739-BE5D-E7D5A908F045}] => (Allow) C:\Riot Games\VALORANT\live\ShooterGame\Binaries\Win64\VALORANT-Win64-Shipping.exe (Riot Games, Inc. -> Riot Games)
FirewallRules: [{981BE553-31D0-40E3-AAB3-A9366A0C75B0}] => (Allow) C:\Riot Games\VALORANT\live\ShooterGame\Binaries\Win64\VALORANT-Win64-Shipping.exe (Riot Games, Inc. -> Riot Games)
FirewallRules: [{988747E5-EC80-4887-8854-929A302D7A8B}] => (Allow) C:\Riot Games\VALORANT\live\ShooterGame\Binaries\Win64\VALORANT-Win64-Shipping.exe (Riot Games, Inc. -> Riot Games)
FirewallRules: [{5C319DD3-3E88-4046-ABAE-B3095C16054D}] => (Allow) C:\Riot Games\VALORANT\live\ShooterGame\Binaries\Win64\VALORANT-Win64-Shipping.exe (Riot Games, Inc. -> Riot Games)
FirewallRules: [{F96FB750-C5D7-4E44-88EC-D9B277CCF7C9}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Client.exe => No File
FirewallRules: [{E9E0256F-4DB3-4E1B-BA78-B003841A35DC}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Client.exe => No File
FirewallRules: [{956B912A-C22D-4A56-8A74-C34970B71891}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Client.exe => No File
FirewallRules: [{6013F402-18C8-48F3-B055-DF8A965A70E4}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Client.exe => No File
FirewallRules: [{62A45987-67BE-4018-83AF-2E1A5BC0D379}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Amanoma Patcher.exe => No File
FirewallRules: [{7D80EA22-EBCB-4E0F-AAF2-4A992C526050}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Amanoma Patcher.exe => No File
FirewallRules: [{D0DDE83B-B89E-4E8D-B161-62BC9C775563}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Amanoma Patcher.exe => No File
FirewallRules: [{18B54967-04C7-4E74-9DCF-AEB13BB58F44}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Amanoma Patcher.exe => No File
FirewallRules: [{85F7C383-4411-4167-9818-66F2160C6360}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Amanoma Patcher NEW.exe => No File
FirewallRules: [{79D42EF5-BFAA-430C-85E6-7730F2F10FB9}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Amanoma Patcher NEW.exe => No File
FirewallRules: [{33A7D57C-BED6-4C75-9CA2-C8555C4BCD09}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Amanoma Patcher NEW.exe => No File
FirewallRules: [{F7D55B4B-C34F-4962-A721-6B140F88AFEF}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Amanoma Patcher NEW.exe => No File
FirewallRules: [{16B82B12-BB62-4F78-A283-AB4CD8746E29}] => (Allow) C:\Program Files\Amanoma FlyFF Client\MiniA.exe => No File
FirewallRules: [{DD8BBE80-6B3E-4AC2-8659-A747E6884E8C}] => (Allow) C:\Program Files\Amanoma FlyFF Client\MiniA.exe => No File
FirewallRules: [{76DBF020-19EE-4617-B480-72476631C6BC}] => (Allow) C:\Program Files\Amanoma FlyFF Client\MiniA.exe => No File
FirewallRules: [{41DF0742-D3C5-4F6E-82C9-1B75388613C7}] => (Allow) C:\Program Files\Amanoma FlyFF Client\MiniA.exe => No File
FirewallRules: [{E3A5AF8C-8FE9-42B8-82C6-BC5CED286852}] => (Allow) C:\Users\atobe\Documents\Games\CS1.3\AGCSv1.exe => No File
FirewallRules: [{116A493E-7EF2-4D0F-9550-91EE7F261653}] => (Allow) C:\Users\atobe\Documents\Games\CS1.3\AGCSv1.exe => No File
FirewallRules: [{6B551386-E949-4F29-A708-FFB359E1EB59}] => (Allow) C:\Users\atobe\Documents\Games\CS1.3\AGCSv1.exe => No File
FirewallRules: [{0855753B-A884-4FF2-A3AC-09BDFD80022D}] => (Allow) C:\Users\atobe\Documents\Games\CS1.3\AGCSv1.exe => No File
FirewallRules: [TCP Query User{A59ADE67-D1F9-4668-B5F2-1FAB6AE042D0}C:\users\atobe\documents\games\trombonechamp\trombone.champ.v1.0898-goldberg\trombonechamp.exe] => (Allow) C:\users\atobe\documents\games\trombonechamp\trombone.champ.v1.0898-goldberg\trombonechamp.exe => No File
FirewallRules: [UDP Query User{3DD2B027-C64B-4076-8135-ADF07C69DEAC}C:\users\atobe\documents\games\trombonechamp\trombone.champ.v1.0898-goldberg\trombonechamp.exe] => (Allow) C:\users\atobe\documents\games\trombonechamp\trombone.champ.v1.0898-goldberg\trombonechamp.exe => No File
FirewallRules: [TCP Query User{6EA57D2E-459B-45C7-BF42-77E4A9FA9890}C:\program files\gamelauncher\roo_pc\ro.exe] => (Allow) C:\program files\gamelauncher\roo_pc\ro.exe => No File
FirewallRules: [UDP Query User{EBE5B732-0177-4534-B587-5006A1FAAFDD}C:\program files\gamelauncher\roo_pc\ro.exe] => (Allow) C:\program files\gamelauncher\roo_pc\ro.exe => No File
FirewallRules: [TCP Query User{A7DA3341-BF91-4D18-B714-030E59BA00C7}C:\program files\gamelauncher\roo_pc\ro_data\plugins\x86_64\vuplexwebviewchromium\vuplex webview.vuplex] => (Allow) C:\program files\gamelauncher\roo_pc\ro_data\plugins\x86_64\vuplexwebviewchromium\vuplex webview.vuplex => No File
FirewallRules: [UDP Query User{3976A0C3-57B7-4BED-A1A1-F130BAFB94FD}C:\program files\gamelauncher\roo_pc\ro_data\plugins\x86_64\vuplexwebviewchromium\vuplex webview.vuplex] => (Allow) C:\program files\gamelauncher\roo_pc\ro_data\plugins\x86_64\vuplexwebviewchromium\vuplex webview.vuplex => No File
FirewallRules: [{DE056BE2-CC18-4483-ACB7-4562F6BC471A}] => (Allow) E:\SteamLibrary\steamapps\common\LEAP Playtest\start_protected_game.exe => No File
FirewallRules: [{5A9A3304-09E7-4ED6-A072-7370F1FACF5F}] => (Allow) E:\SteamLibrary\steamapps\common\LEAP Playtest\start_protected_game.exe => No File
FirewallRules: [{319F2BA6-65FD-49A2-A6BB-0238582FB148}] => (Allow) E:\SteamLibrary\steamapps\common\Retail Royale\IkeaBR_Server.exe => No File
FirewallRules: [{EB5340BA-B79D-4AF4-B030-2DCCB18E3826}] => (Allow) E:\SteamLibrary\steamapps\common\Retail Royale\IkeaBR_Server.exe => No File
FirewallRules: [{AAFD46BC-FCF2-4A6C-864B-A9BDBCB2ACE4}] => (Allow) C:\Program => No File
FirewallRules: [{D0D47D0A-941D-4AEF-B506-9284145F0A2E}] => (Allow) C:\Program => No File
FirewallRules: [{450F9AE4-AB25-4FDA-BB12-7D2878133A87}] => (Allow) C:\Program => No File
FirewallRules: [{70D07DDA-F878-4A85-A90C-1DFB557FDCCF}] => (Allow) C:\Program => No File
FirewallRules: [TCP Query User{F9F5D99C-829F-4B2C-80BE-D389F05BB162}C:\program files (x86)\mumu\emulator\nemu\emulatorshell\nemuplayer.exe] => (Allow) C:\program files (x86)\mumu\emulator\nemu\emulatorshell\nemuplayer.exe => No File
FirewallRules: [UDP Query User{C3F12465-67CF-47F4-B278-B1A0879837EB}C:\program files (x86)\mumu\emulator\nemu\emulatorshell\nemuplayer.exe] => (Allow) C:\program files (x86)\mumu\emulator\nemu\emulatorshell\nemuplayer.exe => No File
FirewallRules: [TCP Query User{081E98F2-85E6-4478-A6AB-392126C9C392}E:\steamlibrary\steamapps\common\naraka bladepoint\narakabladepoint.exe] => (Allow) E:\steamlibrary\steamapps\common\naraka bladepoint\narakabladepoint.exe => No File
FirewallRules: [UDP Query User{0D03F58F-14B8-41F5-9F15-741D54A0A9C8}E:\steamlibrary\steamapps\common\naraka bladepoint\narakabladepoint.exe] => (Allow) E:\steamlibrary\steamapps\common\naraka bladepoint\narakabladepoint.exe => No File
FirewallRules: [{0A1FA9CB-B647-4AFC-A4F5-CC1E7E71ECF8}] => (Allow) C:\Users\atobe\Downloads\AnyDesk.exe => No File
FirewallRules: [{00BF8CF7-C3F5-4462-B2EC-227E9C1831B8}] => (Allow) C:\Users\atobe\Downloads\AnyDesk.exe => No File
FirewallRules: [{52384158-878E-4184-929D-6CACD93CECD3}] => (Allow) C:\Users\atobe\Downloads\AnyDesk.exe => No File
FirewallRules: [{1C09A530-F61D-4C51-AAE9-FF1B518E9A4C}] => (Allow) C:\Users\atobe\Downloads\AnyDesk.exe => No File
FirewallRules: [{C6857852-45D2-43D6-9D49-FFE001F708F5}] => (Allow) C:\Users\atobe\Downloads\AnyDesk.exe => No File
FirewallRules: [{F4FFA4A8-5AF6-43E2-9770-CDDDD90620DD}] => (Allow) C:\Users\atobe\Downloads\AnyDesk.exe => No File
FirewallRules: [TCP Query User{33B2BDAD-F627-43B9-82C0-A13774B12483}C:\users\atobe\documents\games\wwe 2k23 icon edition\wwe 2k23\wwe2k23_x64.exe] => (Allow) C:\users\atobe\documents\games\wwe 2k23 icon edition\wwe 2k23\wwe2k23_x64.exe => No File
FirewallRules: [UDP Query User{1AFE6EC2-31BF-497C-A4C0-E91C495B9BE0}C:\users\atobe\documents\games\wwe 2k23 icon edition\wwe 2k23\wwe2k23_x64.exe] => (Allow) C:\users\atobe\documents\games\wwe 2k23 icon edition\wwe 2k23\wwe2k23_x64.exe => No File
FirewallRules: [TCP Query User{7B8D5A2E-6543-40F9-90B9-3AC0BDC5A3B0}C:\users\atobe\appdata\local\discord\app-1.0.9016\discord.exe] => (Allow) C:\users\atobe\appdata\local\discord\app-1.0.9016\discord.exe => No File
FirewallRules: [UDP Query User{2B1711FE-A84B-4EBD-8294-ECA9AD800C7D}C:\users\atobe\appdata\local\discord\app-1.0.9016\discord.exe] => (Allow) C:\users\atobe\appdata\local\discord\app-1.0.9016\discord.exe => No File
FirewallRules: [{5AD0833E-69EA-41D4-B74A-32221030FB03}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.188\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{1C7BBB07-DB0A-4BE0-8579-E5EAC04CCC3A}C:\users\atobe\documents\games\warcraft iii\war3.exe] => (Allow) C:\users\atobe\documents\games\warcraft iii\war3.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{F834D4E9-7889-49E2-86E2-3738BBF06CB4}C:\users\atobe\documents\games\warcraft iii\war3.exe] => (Allow) C:\users\atobe\documents\games\warcraft iii\war3.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{702757D7-9BA2-46B4-8439-0B0CC9E39477}D:\games\left 4 dead 2\left4dead2.exe] => (Allow) D:\games\left 4 dead 2\left4dead2.exe => No File
FirewallRules: [UDP Query User{4B3F44D7-94B5-46AD-AE09-EDA247F1D9F9}D:\games\left 4 dead 2\left4dead2.exe] => (Allow) D:\games\left 4 dead 2\left4dead2.exe => No File
FirewallRules: [TCP Query User{71FC2A33-4C5A-43BA-9218-FE8C1FF86307}C:\program files\tiktok live studio\0.41.4\tiktok live studio.exe] => (Allow) C:\program files\tiktok live studio\0.41.4\tiktok live studio.exe => No File
FirewallRules: [UDP Query User{CCBF34CF-646E-4156-9FFF-128AD5B43C86}C:\program files\tiktok live studio\0.41.4\tiktok live studio.exe] => (Allow) C:\program files\tiktok live studio\0.41.4\tiktok live studio.exe => No File
FirewallRules: [TCP Query User{9D5241FD-DA39-44A5-9301-08D4DB046B85}C:\users\atobe\documents\games\mythforce\mythforce.build.12203944\mythforce\binaries\win64\mythforce-win64-shipping.exe] => (Allow) C:\users\atobe\documents\games\mythforce\mythforce.build.12203944\mythforce\binaries\win64\mythforce-win64-shipping.exe => No File
FirewallRules: [UDP Query User{F27810E7-4747-490D-BB0C-796545A23282}C:\users\atobe\documents\games\mythforce\mythforce.build.12203944\mythforce\binaries\win64\mythforce-win64-shipping.exe] => (Allow) C:\users\atobe\documents\games\mythforce\mythforce.build.12203944\mythforce\binaries\win64\mythforce-win64-shipping.exe => No File
FirewallRules: [TCP Query User{73050D7E-037A-4588-9D19-4621CCF70CE0}C:\games\tony hawks pro skater 1 plus 2\base\binaries\win64\thps12.exe] => (Allow) C:\games\tony hawks pro skater 1 plus 2\base\binaries\win64\thps12.exe (Activision Publishing Inc -> Activision Publishing Inc.) [File not signed]
FirewallRules: [UDP Query User{850FB46A-2C73-4E35-800B-DC371BB9E20F}C:\games\tony hawks pro skater 1 plus 2\base\binaries\win64\thps12.exe] => (Allow) C:\games\tony hawks pro skater 1 plus 2\base\binaries\win64\thps12.exe (Activision Publishing Inc -> Activision Publishing Inc.) [File not signed]
FirewallRules: [{991B79BC-CD9D-42E6-8CF9-1F71B0C321C8}] => (Allow) E:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\game\bin\win64\cs2.exe (Valve Corp. -> )
FirewallRules: [{D14BD3A7-EFD4-4E7D-8D2D-66DB35BA29F4}] => (Allow) E:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\game\bin\win64\cs2.exe (Valve Corp. -> )
FirewallRules: [{524D4CE7-33EE-4D31-A597-662816B14943}] => (Allow) C:\Users\atobe\Documents\Spotify\Spotify 1.2.22.982.exe (LR) [File not signed]
FirewallRules: [{335CEB8E-1D32-4E26-9141-0773D3B8D333}] => (Allow) C:\Users\atobe\Documents\Spotify\Spotify 1.2.22.982.exe (LR) [File not signed]
FirewallRules: [{DCC367E1-BDBB-4E70-B4FF-F67C36385F14}] => (Allow) C:\Users\atobe\Documents\Spotify\Spotify 1.2.22.982.exe (LR) [File not signed]
FirewallRules: [{003DF336-4F41-48E0-976D-59056A48A3A4}] => (Allow) C:\Users\atobe\Documents\Spotify\Spotify 1.2.22.982.exe (LR) [File not signed]
FirewallRules: [{FBB0090E-74BF-47FA-B40F-CFC80D5E8E5A}] => (Allow) C:\Users\atobe\Documents\Spotify\Spotify\SpotifyPortable.exe (LRepacks) [File not signed]
FirewallRules: [{75246FBA-2CE2-4430-8ECA-435913DB3CBA}] => (Allow) C:\Users\atobe\Documents\Spotify\Spotify\SpotifyPortable.exe (LRepacks) [File not signed]
FirewallRules: [{BBA18ABF-A492-44D1-94A8-4A55CB27C533}] => (Allow) C:\Users\atobe\Documents\Spotify\Spotify\SpotifyPortable.exe (LRepacks) [File not signed]
FirewallRules: [{43B9A126-A5B2-4B81-834F-77049BEE1C51}] => (Allow) C:\Users\atobe\Documents\Spotify\Spotify\SpotifyPortable.exe (LRepacks) [File not signed]
FirewallRules: [TCP Query User{C4BCC487-FFB9-4B86-9566-09DC67D7635B}C:\users\atobe\documents\spotify\spotify\app\spotify\spotify.exe] => (Allow) C:\users\atobe\documents\spotify\spotify\app\spotify\spotify.exe (Spotify Ltd) [File not signed]
FirewallRules: [UDP Query User{6C0AF0C4-62FA-46FD-B34A-11CB57CA83F3}C:\users\atobe\documents\spotify\spotify\app\spotify\spotify.exe] => (Allow) C:\users\atobe\documents\spotify\spotify\app\spotify\spotify.exe (Spotify Ltd) [File not signed]
FirewallRules: [TCP Query User{1D7EA484-0CEE-43ED-B700-29A1F6F0A89A}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{E5613A94-2E4E-4435-BEC5-D752ADC76846}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{A5ACB11B-A731-4F7C-B472-57FDFB48A6BC}] => (Allow) LPort=26822
FirewallRules: [{37626B05-4BA5-403D-819A-324FAD04C1D5}] => (Allow) LPort=32683
FirewallRules: [TCP Query User{B1D03B68-BF38-441E-9A62-CAC2F8344E88}C:\users\atobe\documents\installers\thorium\bin\thorium.exe] => (Allow) C:\users\atobe\documents\installers\thorium\bin\thorium.exe => No File
FirewallRules: [UDP Query User{C6C2C3BE-8391-42F4-82B8-FF4CFA166D9A}C:\users\atobe\documents\installers\thorium\bin\thorium.exe] => (Allow) C:\users\atobe\documents\installers\thorium\bin\thorium.exe => No File
FirewallRules: [{C9975CF6-AC79-422D-9E74-A428CFB81CC2}] => (Allow) C:\Users\atobe\AppData\Local\Thorium\Application\thorium.exe (Alex313031) [File not signed]
FirewallRules: [{6566A870-706E-40D7-9988-B117983E7E45}] => (Allow) C:\Games\Counter-Strike WaRzOnE\hl.exe => No File
FirewallRules: [{8B200EF4-E551-4F41-AF3C-F6B8BA8C478B}] => (Allow) C:\Games\Counter-Strike WaRzOnE\hl.exe => No File
FirewallRules: [TCP Query User{840B1CBC-2DFE-45E8-BC41-51818182C01B}C:\games\half-life1016\hl.exe] => (Allow) C:\games\half-life1016\hl.exe => No File
FirewallRules: [UDP Query User{52D8700C-E4E0-4D0E-89EC-8C4231855934}C:\games\half-life1016\hl.exe] => (Allow) C:\games\half-life1016\hl.exe => No File
FirewallRules: [TCP Query User{A81B389D-6747-4A9B-867D-5AF3CC53CC79}C:\program files\half-life1016\hl.exe] => (Block) C:\program files\half-life1016\hl.exe => No File
FirewallRules: [UDP Query User{F5E8AC9E-C8F0-4331-AF5C-44E89D1CCF60}C:\program files\half-life1016\hl.exe] => (Block) C:\program files\half-life1016\hl.exe => No File
FirewallRules: [TCP Query User{5FD326DE-16F2-4CBE-803F-BA5496B60ACE}C:\sierra\hl.exe] => (Allow) C:\sierra\hl.exe => No File
FirewallRules: [UDP Query User{5BC1D687-B0D6-4D77-8B83-37A0E778D8F9}C:\sierra\hl.exe] => (Allow) C:\sierra\hl.exe => No File
==================== Restore Points =========================
04-12-2023 02:12:13 Revo Uninstaller's restore point - yt-dlp
04-12-2023 21:30:37 FRST
==================== Faulty Device Manager Devices ============
Name: High precision event timer
Description: High precision event timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: High Definition Audio Controller
Description: High Definition Audio Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: ========================
Application errors:
==================
Error: (12/04/2023 09:29:06 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\BURENTO$ via https://amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep failed:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Mon, 04 Dec 2023 13:29:08 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 1ab66cf6-8656-49ed-b3fe-73b58edc2546
Method: GET(703ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (12/04/2023 08:33:29 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\BURENTO$ via https://amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep failed:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Mon, 04 Dec 2023 12:33:31 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: bf556ba2-d5e8-4027-aae2-92f5cf4da228
Method: GET(547ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (12/04/2023 08:16:57 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\BURENTO$ via https://amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep failed:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Mon, 04 Dec 2023 12:16:59 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 9a9cec55-2a13-4e21-b752-bc872182efc6
Method: GET(468ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (12/04/2023 08:14:15 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\BURENTO$ via https://amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep failed:
GetCACaps
Method: GET(16ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)
Error: (12/04/2023 08:13:47 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
Error: (12/04/2023 02:12:14 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (12/04/2023 02:11:58 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.
Operation:
Executing Asynchronous Operation
Context:
Current State: DoSnapshotSet
Error: (12/04/2023 02:11:47 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
System errors:
=============
Error: (12/04/2023 09:32:53 PM) (Source: DCOM) (EventID: 10010) (User: BURENTO)
Description: The server MicrosoftWindows.Client.CBS_1000.19053.1000.0_x64__cw5n1h2txyewy!InputApp did not register with DCOM within the required timeout.
Error: (12/04/2023 09:32:45 PM) (Source: DCOM) (EventID: 10010) (User: BURENTO)
Description: The server MicrosoftWindows.Client.CBS_1000.19053.1000.0_x64__cw5n1h2txyewy!InputApp did not register with DCOM within the required timeout.
Error: (12/04/2023 09:31:53 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.
Error: (12/04/2023 09:31:49 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.
Error: (12/04/2023 09:31:46 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.
Error: (12/04/2023 09:31:42 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.
Error: (12/04/2023 09:31:38 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.
Error: (12/04/2023 09:31:34 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.
Windows Defender:
================
Date: 2023-12-02 23:51:55
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
HackTool:Win32/Keygen threat description - Microsoft Security Intelligence
Name: HackTool:Win32/Keygen
Severity: High
Category: Tool
Path: file:_C:\Users\atobe\Downloads\Programs\Movavi Video Converter Premium 22.4.0.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.401.1546.0, AS: 1.401.1546.0, NIS: 1.401.1546.0
Engine Version: AM: 1.1.23100.2009, NIS: 1.1.23100.2009
Date: 2023-12-02 23:51:44
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
HackTool:Win32/Keygen threat description - Microsoft Security Intelligence
Name: HackTool:Win32/Keygen
Severity: High
Category: Tool
Path: file:_C:\Users\atobe\Downloads\Programs\Movavi Video Converter Premium 22.4.0.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.401.1546.0, AS: 1.401.1546.0, NIS: 1.401.1546.0
Engine Version: AM: 1.1.23100.2009, NIS: 1.1.23100.2009
Date: 2023-12-02 23:51:34
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
HackTool:Win32/Keygen threat description - Microsoft Security Intelligence
Name: HackTool:Win32/Keygen
Severity: High
Category: Tool
Path: file:_C:\Users\atobe\Downloads\Programs\Movavi Video Converter Premium 22.4.0.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: Unknown
Security intelligence Version: AV: 1.401.1546.0, AS: 1.401.1546.0, NIS: 1.401.1546.0
Engine Version: AM: 1.1.23100.2009, NIS: 1.1.23100.2009
Date: 2023-12-01 13:52:33
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Custom Scan
Event[0]:
Date: 2023-11-25 19:57:53
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80070003
Error description: The system cannot find the path specified.
Security intelligence Version: 0.0.0.0;0.0.0.0
Engine Version: 0.0.0.0
==================== Memory info ===========================
BIOS: American Megatrends International, LLC. 2.K0 10/20/2023
Motherboard: Micro-Star International Co., Ltd. B450M MORTAR MAX (MS-7B89)
Processor: AMD Ryzen 5 3600 6-Core Processor
Percentage of memory in use: 24%
Total physical RAM: 16309.54 MB
Available physical RAM: 12367.57 MB
Total Virtual: 18997.54 MB
Available Virtual: 13588.43 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:341.16 GB) (Free:170.58 GB) (Model: Samsung SSD 860 EVO 500GB) NTFS
Drive d: (HDD) (Fixed) (Total:930.91 GB) (Free:733.5 GB) (Model: WDC WD10EZEX-21M2NA0) NTFS
Drive e: (New Volume) (Fixed) (Total:123.96 GB) (Free:35.67 GB) (Model: Samsung SSD 860 EVO 500GB) NTFS
\\?\Volume{306c1475-881e-499f-8a6a-4e1f7517d9b8}\ () (Fixed) (Total:0.52 GB) (Free:0.06 GB) NTFS
\\?\Volume{7d909c85-b9a6-4f5d-8695-1f401beb88e5}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: CF2238B6)
Partition: GPT.
==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: B6A65161)
Partition: GPT.
==================== End of Addition.txt =======================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-12-2023
Ran by Burento (administrator) on BURENTO (Micro-Star International Co., Ltd. MS-7B89) (04-12-2023 21:34:17)
Running from C:\Users\atobe\Desktop\FRST64.exe
Loaded Profiles: Burento
Platform: Microsoft Windows 10 Pro Version 22H2 19045.3758 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(explorer.exe ->) (Alex313031) [File not signed] C:\Users\atobe\AppData\Local\Thorium\Application\thorium.exe <19>
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_3cf99e411755df38\RtkAudUService64.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Wagnardsoft -> Wagnardsoft) C:\Users\atobe\Documents\GameOptimize\ISLC v1.0.2.8\ISLC v1.0.2.9\Intelligent standby list cleaner ISLC.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [3022640 2023-10-28] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_3cf99e411755df38\RtkAudUService64.exe [1963928 2023-11-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 0
HKLM\...\Policies\Explorer: [HideSCAMeetNow] 1
HKLM\Software\Policies\...\system: [EnableActivityFeed] 0
HKLM\Software\Policies\...\system: [PublishUserActivities] 0
HKLM\Software\Policies\...\system: [UploadUserActivities] 0
HKLM\Software\Policies\...\system: [AllowClipboardHistory] 0
HKLM\Software\Policies\...\system: [AllowCrossDeviceClipboard] 0
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3572488 2023-11-09] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\Policies\Explorer: [HideSCAMeetNow] 1
HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3572488 2023-11-09] (Razer USA Ltd. -> Razer Inc.)
IFEO\TextInputHost.exe: [Debugger] C:\Windows\system32\systray.exe
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction - Edge <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {90D97723-1CAE-41CC-B9D5-491AADBA022A} - System32\Tasks\Intelligent StandbyList Cleaner => C:\Users\atobe\Documents\GameOptimize\ISLC v1.0.2.8\ISLC v1.0.2.9\Intelligent standby list cleaner ISLC.exe [438968 2023-06-26] (Wagnardsoft -> Wagnardsoft)
Task: {5CBDC1F3-6B2D-46DC-B87E-2B12626B70E0} - System32\Tasks\Microsoft\Windows\ConsentUX\UnifiedConsent\UnifiedConsentSyncTask => {82aa0895-198a-4c1b-b2d1-c16894218afb} C:\Windows\System32\unifiedconsent.dll [282112 2023-12-01] (Microsoft Windows -> Microsoft Corporation)
Task: {DDDB94C7-97BF-4327-A226-439AF27753B9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CAA64AA9-4C24-4733-B4B8-EB51A9BCB44D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BCB4F0B6-5FED-4D50-BDA8-A76A633C7E32} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3A8D7996-0538-4A97-9722-D3B67B6AC2E5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {36A37AD2-707E-4FA9-9A81-46657E2477F4} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Refresh Group Policy Cache => {07369A67-07A6-4608-ABEA-379491CB7C46} C:\Windows\System32\UpdatePolicy.dll [256512 2023-12-01] (Microsoft Windows -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 1.1.1.1 1.0.0.1
Tcpip\..\Interfaces\{9b00a095-6cf4-4375-a6b5-6c219ce0d2b0}: [NameServer] 1.1.1.1,1.0.0.1
Tcpip\..\Interfaces\{9b00a095-6cf4-4375-a6b5-6c219ce0d2b0}: [DhcpNameServer] 1.1.1.1 1.0.0.1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\atobe\AppData\Local\Microsoft\Edge\User Data\Default [2023-12-04]
Edge Notifications: Default -> hxxps://www.facebook.com; hxxps://www.messenger.com; hxxps://www38.davisonbarker.pro; hxxps://www54.davisonbarker.pro; hxxps://z-upload.facebook.com
Edge Session Restore: Default -> is enabled.
Edge Extension: (Authenticator) - C:\Users\atobe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bhghoamapcdpbohphigoooaddinpkbai [2023-11-25]
Edge Extension: (Enhancer for YouTube™) - C:\Users\atobe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dlgfaleeejmphhnemjgiaekdbonkagkd [2023-11-25]
Edge Extension: (GoPlay Extension) - C:\Users\atobe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\edhdonadgbpnhhkdobemjnjdpmfdjnmf [2023-11-25]
Edge Extension: (MetaMask) - C:\Users\atobe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ejbalbakoplchlghecdalmeeeajnimhm [2023-11-25]
Edge Extension: (Perplexity - AI Companion) - C:\Users\atobe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hlgbcneanomplepojfcnclggenpcoldo [2023-11-25]
Edge Extension: (SaveFrom.net helper) - C:\Users\atobe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hndfjogdceachkbgioglehonpejcdhem [2023-11-25]
Edge Extension: (Transpose ▲▼ pitch ▹ speed ▹ loop for videos) - C:\Users\atobe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ioimlbgefgadofblnajllknopjboejda [2023-11-25]
Edge Extension: (Unpaywall) - C:\Users\atobe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\iplffkdpngmdjhlpjmppncnlhomiipha [2023-11-25]
Edge Extension: (Volume Master) - C:\Users\atobe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jghecgabfgfdldnmbfkhmffcabddioke [2023-11-25]
Edge Extension: (Edge relevant text changes) - C:\Users\atobe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-11-25]
Edge Extension: (uBlock Origin) - C:\Users\atobe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2023-11-25]
Edge Profile: C:\Users\atobe\AppData\Local\Microsoft\Edge\User Data\Guest Profile [2023-12-02]
FireFox:
========
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.19 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN)
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AntiCheatExpert Service; C:\Program Files\AntiCheatExpert\SGuard\x64\SGuardSvc64.exe [2696560 2023-07-06] (HIGH MORALE DEVELOPMENTS LIMITED -> )
S3 AUEPLauncher; C:\Program Files\AMD\Performance Profile Client\AUEPDU.exe [527800 2023-08-04] (Advanced Micro Devices Inc. -> AMD)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [9712432 2023-01-16] (BattlEye Innovations e.K. -> )
S4 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [935344 2023-10-03] (EasyAntiCheat Oy -> Epic Games, Inc.)
S4 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2022-07-12] (Epic Games Inc. -> Epic Games, Inc.)
S3 GameInputSvc; C:\Windows\System32\GameInputSvc.exe [50168 2023-12-01] (Microsoft Corporation -> Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [12153200 2022-05-26] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.)
S3 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvmdig.inf_amd64_1e678564fff99713\Display.NvContainer\NVDisplay.Container.exe [1274888 2023-11-10] (NVIDIA Corporation -> NVIDIA Corporation)
S4 PrintNotify; C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll [3863040 2022-10-25] (Microsoft Corporation) [File not signed]
S3 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [256264 2023-02-10] (Razer USA Ltd. -> Razer Inc)
S3 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [297736 2023-11-09] (Razer USA Ltd. -> Razer Inc.)
S3 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [538424 2023-09-19] (Razer USA Ltd. -> Razer Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [534472 2023-12-01] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 UltraViewService; C:\Program Files (x86)\UltraViewer\UltraViewer_Service.exe [238416 2023-08-26] (DUC FABULOUS CO.,LTD -> )
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [9572824 2023-10-28] (Riot Games, Inc. -> Riot Games, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\NisSrv.exe [3121120 2023-11-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe [133704 2023-11-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 IMFservice; C:\Users\atobe\Documents\Installers\IOBit Malware\IObit Malware Fighter Pro v10.3.0.1077 Multilingual Portable\IObit Malware Fighter Pro 10.3.0.1077\App\IObit Malware Fighter\IMFSrv.exe [X]
S4 uhssvc; "C:\Program Files\Microsoft Update Health Tools\uhssvc.exe" [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ACE-BASE; C:\Windows\system32\drivers\ACE-BASE.sys [1660968 2023-07-06] (HIGH MORALE DEVELOPMENTS LIMITED -> ANTICHEATEXPERT.COM)
R3 amdgpio3; C:\Windows\System32\drivers\amdgpio3.sys [36928 2022-06-03] (ASMedia Technology Inc. -> Advanced Micro Devices, Inc)
S3 EagleX64; C:\Windows\system32\drivers\EagleX64.sys [174728 2023-03-10] (AhnLab, Inc. -> AhnLab, Inc.)
U5 PROCMON24; C:\Windows\System32\Drivers\PROCMON24.sys [80264 2023-12-01] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals - www.sysinternals.com)
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [27744 2021-03-09] (Daniel Terhell -> Resplendence Software Projects Sp.)
S3 RvNetMP60; C:\Windows\System32\drivers\RvNetMP60.sys [58288 2023-07-10] (Microsoft Windows Hardware Compatibility Publisher -> Famatech Corp.)
R3 RzCommon; C:\Windows\System32\drivers\RzCommon.sys [64168 2022-08-18] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_006e; C:\Windows\System32\drivers\RzDev_006e.sys [56152 2021-03-22] (Razer USA Ltd. -> Razer Inc)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc. -> Razer Inc)
S4 UCPD; C:\Windows\System32\drivers\UCPD.sys [29184 2023-12-01] (Microsoft Windows -> Microsoft Corporation)
R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [21679192 2023-10-27] (Riot Games, Inc. -> Riot Games, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [55744 2023-11-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [578856 2023-11-07] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105768 2023-11-07] (Microsoft Windows -> Microsoft Corporation)
S3 WireGuard; C:\Windows\System32\drivers\wireguard.sys [489368 2023-09-14] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 xhunter1; C:\Windows\xhunter1.sys [1432232 2023-06-25] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 rsDwf; \SystemRoot\system32\DRIVERS\rsDwf.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-12-04 21:34 - 2023-12-04 21:34 - 000014635 _____ C:\Users\atobe\Desktop\FRST.txt
2023-12-04 21:33 - 2023-12-04 21:34 - 000000000 ____D C:\FRST
2023-12-04 21:22 - 2023-12-04 21:22 - 002384384 _____ (Farbar) C:\Users\atobe\Desktop\FRST64.exe
2023-12-04 20:15 - 2023-11-09 00:38 - 006258032 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2023-12-04 19:31 - 2023-12-04 19:31 - 000001360 _____ C:\Users\atobe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\memreduct.lnk
2023-12-04 02:00 - 2023-12-04 02:00 - 000000000 ____D C:\Users\atobe\AppData\Roaming\IObit
2023-12-04 02:00 - 2023-12-04 02:00 - 000000000 ____D C:\ProgramData\ProductData
2023-12-03 23:57 - 2023-12-04 02:00 - 000000000 ____D C:\ProgramData\IObit
2023-12-03 23:56 - 2022-10-24 17:29 - 000042360 _____ (IObit) C:\Windows\system32\Drivers\IMFCameraProtect.sys
2023-12-03 00:08 - 2023-12-03 00:08 - 000001244 _____ C:\Users\atobe\Desktop\Roblox Studio.lnk
2023-12-02 22:38 - 2023-12-03 19:17 - 000000000 ____D C:\Users\atobe\AppData\Local\VirtualStore
2023-12-02 21:40 - 2023-12-02 21:40 - 000000000 ____D C:\SAVE
2023-12-02 21:37 - 2023-12-02 21:37 - 000000000 ____D C:\Windows\solcache
2023-12-02 21:35 - 2023-12-03 19:21 - 000000000 ____D C:\Sierra
2023-12-02 21:14 - 2023-12-02 21:14 - 000000000 ____D C:\bshift
2023-12-01 23:09 - 2023-12-01 23:09 - 000001585 _____ C:\Users\atobe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HWiNFO64.lnk
2023-12-01 22:32 - 2023-12-01 22:32 - 000001602 _____ C:\Users\atobe\Desktop\EarTrumpet.lnk
2023-12-01 20:43 - 2023-12-01 20:43 - 000000000 ____D C:\Users\atobe\AppData\Local\Datastead
2023-12-01 20:43 - 2017-12-08 18:01 - 000713216 _____ C:\Windows\system32\xvidcore.dll
2023-12-01 20:43 - 2017-12-08 18:01 - 000251392 _____ C:\Windows\system32\xvidvfw.dll
2023-12-01 20:43 - 2017-12-08 18:01 - 000172032 _____ C:\Windows\system32\xvid.ax
2023-12-01 16:22 - 2023-12-01 16:22 - 000002271 _____ C:\Users\Public\Desktop\NVIDIA RTX Voice.lnk
2023-12-01 16:22 - 2023-12-01 16:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2023-12-01 16:22 - 2020-03-12 21:58 - 000177896 _____ (NVIDIA Corporation) C:\Windows\system32\nvrtxaudcap64v.dll
2023-12-01 16:22 - 2020-03-12 21:58 - 000155024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvrtxaudcap32v.dll
2023-12-01 16:22 - 2020-03-12 21:58 - 000054504 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvrtxvad64v.sys
2023-12-01 14:58 - 2023-12-01 14:58 - 000006430 __RSH C:\ProgramData\ntuser.pol
2023-12-01 12:27 - 2023-12-01 13:28 - 000000000 ____D C:\Program Files\AMD
2023-12-01 12:27 - 2023-12-01 12:27 - 000000000 ____D C:\ProgramData\AMD
2023-12-01 11:49 - 2023-12-01 11:56 - 000000000 ____D C:\MSI
2023-12-01 10:35 - 2023-12-01 10:35 - 000000000 ____D C:\Windows\InboxApps
2023-12-01 10:05 - 2023-12-01 10:05 - 000000000 ___HD C:\$WinREAgent
2023-12-01 09:55 - 2023-12-01 09:55 - 000016707 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2023-11-26 01:40 - 2023-11-26 01:40 - 000000574 _____ C:\Users\atobe\ezpcopensdkconfig_2e76164306b94a2b9a4f01ad3f8c6f77.xml
2023-11-26 00:52 - 2023-11-26 00:52 - 000000000 ____D C:\LocalStorage
2023-11-25 22:34 - 2023-11-25 22:34 - 000000205 _____ C:\Users\atobe\.spotdl-cache
2023-11-25 22:28 - 2023-11-23 17:56 - 000000000 ____D C:\ffmpeg
2023-11-25 22:06 - 2023-11-25 22:06 - 000000000 ____D C:\Users\atobe\AppData\Local\pip
2023-11-24 01:56 - 2023-11-24 01:56 - 000000000 ____D C:\Users\atobe\AppData\Roaming\NVIDIA
2023-11-24 01:48 - 2023-11-24 01:48 - 000000000 ____D C:\Users\atobe\AppData\Local\Krisp
2023-11-22 04:14 - 2023-11-22 04:14 - 000000000 ____D C:\Users\atobe\AppData\Local\NVIDIA Corporation
2023-11-18 23:29 - 2023-11-18 23:29 - 001296872 _____ (Realtek ) C:\Windows\system32\Drivers\rt640x64.sys
2023-11-18 23:26 - 2023-11-18 23:26 - 000000000 ____D C:\Users\atobe\AppData\Roaming\Easeware
2023-11-17 22:27 - 2023-11-17 22:27 - 000002385 _____ C:\Users\atobe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Thorium.lnk
2023-11-17 21:38 - 2023-11-17 21:38 - 000001590 _____ C:\Users\atobe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter Strike 2.lnk
2023-11-16 11:22 - 2023-11-16 11:22 - 000000000 ____D C:\Users\atobe\AppData\Local\NVIDIA
2023-11-16 10:55 - 2023-11-17 22:15 - 000000000 ____D C:\Users\atobe\AppData\Local\content_shell
2023-11-15 05:19 - 2023-11-17 22:27 - 000002348 _____ C:\Users\atobe\Desktop\thorium.lnk
2023-11-15 05:07 - 2023-11-17 22:52 - 000000000 ____D C:\Users\atobe\AppData\Local\Thorium
2023-11-15 04:44 - 2023-12-03 18:39 - 000000000 ____D C:\ProgramData\NVIDIA
2023-11-15 04:44 - 2023-11-24 01:56 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2023-11-15 04:44 - 2023-11-15 04:44 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2023-11-15 04:44 - 2023-11-15 04:44 - 000000000 ____D C:\Users\atobe\AppData\LocalLow\NVIDIA
2023-11-15 04:40 - 2023-12-04 20:39 - 000000000 ____D C:\Users\atobe\AppData\Local\D3DSCache
2023-11-15 04:40 - 2023-11-10 19:38 - 001487368 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2023-11-15 04:40 - 2023-11-10 19:38 - 001424064 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2023-11-15 04:40 - 2023-11-10 19:38 - 001424064 _____ C:\Windows\system32\vulkan-1.dll
2023-11-15 04:40 - 2023-11-10 19:38 - 001246400 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2023-11-15 04:40 - 2023-11-10 19:38 - 001246400 _____ C:\Windows\SysWOW64\vulkan-1.dll
2023-11-15 04:40 - 2023-11-10 19:38 - 001226872 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2023-11-15 04:40 - 2023-11-10 19:38 - 000850512 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2023-11-15 04:40 - 2023-11-10 19:38 - 000850512 _____ C:\Windows\system32\vulkaninfo.exe
2023-11-15 04:40 - 2023-11-10 19:38 - 000731216 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2023-11-15 04:40 - 2023-11-10 19:38 - 000731216 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2023-11-15 04:39 - 2023-11-10 19:34 - 001541256 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2023-11-15 04:39 - 2023-11-10 19:34 - 001198200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2023-11-15 04:39 - 2023-11-10 19:34 - 000957960 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2023-11-15 04:39 - 2023-11-10 19:34 - 000669712 _____ (NVIDIA Corporation) C:\Windows\system32\nvofapi64.dll
2023-11-15 04:39 - 2023-11-10 19:34 - 000504840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvofapi.dll
2023-11-15 04:39 - 2023-11-10 19:33 - 002171000 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2023-11-15 04:39 - 2023-11-10 19:33 - 001624712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2023-11-15 04:39 - 2023-11-10 19:33 - 000997512 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2023-11-15 04:39 - 2023-11-10 19:33 - 000810104 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2023-11-15 04:39 - 2023-11-10 19:33 - 000774280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2023-11-15 04:39 - 2023-11-10 19:32 - 015095416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2023-11-15 04:39 - 2023-11-10 19:32 - 012375160 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2023-11-15 04:39 - 2023-11-10 19:32 - 006462600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2023-11-15 04:39 - 2023-11-10 19:32 - 005862520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcudadebugger.dll
2023-11-15 04:39 - 2023-11-10 19:32 - 005861000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2023-11-15 04:39 - 2023-11-10 19:32 - 003619960 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2023-11-15 04:39 - 2023-11-10 19:32 - 000853112 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2023-11-15 04:39 - 2023-11-10 19:32 - 000459384 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2023-11-15 04:39 - 2023-11-10 19:31 - 007866472 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2023-11-15 04:39 - 2023-11-10 19:30 - 006745880 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2023-11-15 04:39 - 2023-11-10 10:07 - 000113883 _____ C:\Windows\system32\nvinfo.pb
2023-11-13 00:41 - 2023-11-17 23:25 - 000000000 ____D C:\Windows\system32\MSDtc
2023-11-12 03:45 - 2023-11-12 03:45 - 000000000 ____D C:\Users\atobe\AppData\Roaming\Pegasun
2023-11-12 01:52 - 2023-11-12 01:52 - 000001828 _____ C:\Users\atobe\Desktop\CrystalDiskInfo.lnk
2023-11-12 01:52 - 2023-11-12 01:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2023-11-12 01:52 - 2023-11-12 01:52 - 000000000 ____D C:\Program Files\CrystalDiskInfo
2023-11-12 01:15 - 2023-11-12 01:15 - 000000112 ___SH C:\bootTel.dat
2023-11-11 23:28 - 2023-11-11 23:28 - 000000000 ____D C:\Users\atobe\AppData\Local\Patch_My_PC,_LLC
2023-11-10 14:46 - 2023-11-11 15:50 - 000000000 ____D C:\Users\atobe\AppData\Local\Playnite
2023-11-10 08:08 - 2023-11-10 08:08 - 000000000 ____D C:\Users\atobe\AppData\LocalLow\Asobimo,Inc
2023-11-08 19:06 - 2022-05-16 17:23 - 000013576 ____H (Windows (R) Win 7 DDK provider) C:\Windows\acpimof.dll
2023-11-08 18:59 - 2023-11-08 19:07 - 000000000 ____D C:\ProgramData\MSI
2023-11-08 18:57 - 2023-12-01 11:56 - 000000000 ____D C:\Program Files (x86)\MSI
2023-11-08 16:21 - 2023-11-26 22:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2023-11-08 16:21 - 2023-11-25 23:17 - 000000000 ____D C:\Users\atobe\AppData\Local\Razer
2023-11-08 16:19 - 2023-11-25 23:17 - 000000000 ____D C:\Program Files (x86)\Razer
2023-11-08 16:08 - 2023-11-08 16:08 - 000001087 _____ C:\Users\atobe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RevoUPort.lnk
2023-11-08 00:11 - 2023-12-03 23:02 - 000000000 ____D C:\Users\atobe\Downloads\Video
2023-11-08 00:11 - 2023-11-11 22:53 - 000000000 ____D C:\Program Files (x86)\Internet Download Manager
2023-11-08 00:11 - 2023-11-11 22:52 - 000000000 ____D C:\Users\atobe\AppData\Roaming\IDM
2023-11-08 00:11 - 2023-11-08 18:30 - 000000000 ____D C:\Users\atobe\AppData\Roaming\DMCache
2023-11-08 00:11 - 2023-11-08 00:11 - 000000000 ____D C:\Users\atobe\Downloads\Compressed
2023-11-08 00:11 - 2023-11-08 00:11 - 000000000 ____D C:\ProgramData\IDM
2023-11-04 23:37 - 2023-11-04 23:37 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2023-11-04 23:04 - 2023-12-01 16:22 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2023-11-04 22:40 - 2023-11-16 12:45 - 000001787 _____ C:\Users\atobe\Desktop\CLEAN TEMP .bat - Shortcut.lnk
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-12-04 21:33 - 2022-10-25 11:06 - 000840878 _____ C:\Windows\system32\PerfStringBackup.INI
2023-12-04 21:33 - 2019-12-07 17:13 - 000000000 ____D C:\Windows\INF
2023-12-04 21:31 - 2022-10-26 14:48 - 000000001 _____ C:\Windows\vgkbootstatus.dat
2023-12-04 21:30 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\AppReadiness
2023-12-04 21:29 - 2019-12-07 17:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-12-04 21:28 - 2022-10-26 01:59 - 000008192 ___SH C:\DumpStack.log.tmp
2023-12-04 21:28 - 2022-10-26 01:59 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-12-04 21:28 - 2019-12-07 17:03 - 000262144 _____ C:\Windows\system32\config\BBI
2023-12-04 20:59 - 2023-02-07 10:00 - 000000000 ____D C:\Users\atobe\Documents\GameOptimize
2023-12-04 20:16 - 2023-07-26 22:01 - 000000000 ___HD C:\Program Files (x86)\Temp
2023-12-04 20:15 - 2022-11-30 15:09 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2023-12-04 19:51 - 2019-12-07 17:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-12-04 19:48 - 2023-10-29 20:29 - 000000000 ____D C:\Users\atobe\Documents\Installers
2023-12-03 23:56 - 2022-10-25 11:05 - 000000000 ____D C:\Windows\system32\MRT
2023-12-03 23:50 - 2022-11-11 21:04 - 000000000 ____D C:\Users\atobe\AppData\Roaming\vlc
2023-12-03 22:09 - 2022-10-26 01:59 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-12-03 18:51 - 2023-09-04 00:19 - 000000000 ____D C:\Games
2023-12-03 17:03 - 2022-10-26 18:05 - 000000000 ____D C:\Users\atobe\AppData\Local\CrashDumps
2023-12-03 00:08 - 2023-11-02 09:40 - 000000000 ____D C:\Users\atobe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2023-12-03 00:08 - 2023-01-11 10:30 - 000000256 _____ C:\Users\atobe\AppData\LocalLow\rbxcsettings.rbx
2023-12-03 00:05 - 2022-10-25 15:23 - 000000000 ____D C:\ProgramData\Package Cache
2023-12-03 00:00 - 2023-07-04 09:29 - 000000000 ___RD C:\Users\atobe\Documents\RevoUninstaller_Portable
2023-12-02 23:59 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\LiveKernelReports
2023-12-02 22:22 - 2022-11-30 14:49 - 000000000 ____D C:\ProgramData\chocolatey
2023-12-02 21:39 - 2022-10-26 14:55 - 000000000 ____D C:\Program Files (x86)\Steam
2023-12-02 19:09 - 2022-11-21 20:36 - 000000000 ____D C:\Users\atobe\Documents\Games
2023-12-01 23:20 - 2022-10-25 15:07 - 000000000 ____D C:\Windows\pss
2023-12-01 16:59 - 2023-08-07 14:02 - 000000000 ____D C:\Users\atobe\AppData\Roaming\discord
2023-12-01 16:58 - 2023-08-07 14:02 - 000000000 ____D C:\Users\atobe\AppData\Local\Discord
2023-12-01 16:57 - 2023-07-26 21:53 - 000000061 _____ C:\ProgramData\perma.bm
2023-12-01 16:57 - 2022-11-17 16:41 - 000000000 _____ C:\ProgramData\system.conf
2023-12-01 16:57 - 2022-10-26 18:18 - 000001044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z.lnk
2023-12-01 16:57 - 2022-10-26 01:59 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-12-01 16:57 - 2022-10-25 18:05 - 000001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2023-12-01 16:56 - 2022-12-13 02:41 - 000000000 ____D C:\ProgramData\Riot Games
2023-12-01 16:53 - 2023-08-07 14:02 - 000002227 _____ C:\Users\atobe\Desktop\Discord.lnk
2023-12-01 16:22 - 2022-10-25 16:24 - 000000000 ____D C:\temp
2023-12-01 15:18 - 2023-10-06 00:58 - 000000016 _____ C:\ProgramData\rtpeskt
2023-12-01 15:15 - 2023-01-26 11:43 - 000000016 _____ C:\ProgramData\mntemp
2023-12-01 13:55 - 2023-09-04 19:05 - 000000000 ____D C:\ProgramData\Windows Master Setup
2023-12-01 13:46 - 2022-11-24 04:23 - 000000000 ____D C:\Program Files\WinRAR
2023-12-01 13:28 - 2022-10-25 15:38 - 000000000 ____D C:\AMD
2023-12-01 13:15 - 2023-09-26 02:56 - 000080264 ____H (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCMON24.SYS
2023-12-01 12:27 - 2022-11-03 12:17 - 000000000 ____D C:\Users\atobe\AppData\Local\Downloaded Installations
2023-12-01 12:27 - 2022-10-25 11:02 - 000000000 ____D C:\Users\atobe
2023-12-01 12:26 - 2023-09-13 22:56 - 000000000 ____D C:\Users\atobe\Documents\Realtek
2023-12-01 11:59 - 2022-11-30 15:09 - 000000000 ____D C:\Program Files (x86)\Realtek
2023-12-01 10:36 - 2022-10-26 01:59 - 000259736 _____ C:\Windows\system32\FNTCACHE.DAT
2023-12-01 10:36 - 2022-10-25 11:03 - 000000000 ____D C:\Users\atobe\AppData\Local\Packages
2023-12-01 10:35 - 2019-12-07 17:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2023-12-01 10:35 - 2019-12-07 17:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-12-01 10:35 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2023-12-01 10:35 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2023-12-01 10:35 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\SystemResources
2023-12-01 10:35 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2023-12-01 10:35 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\system32\oobe
2023-12-01 10:35 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\system32\Dism
2023-12-01 10:35 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\ShellExperiences
2023-12-01 10:35 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\Provisioning
2023-12-01 10:35 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2023-12-01 10:35 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\bcastdvr
2023-12-01 10:35 - 2019-12-07 17:03 - 000000000 ____D C:\Windows\servicing
2023-12-01 10:28 - 2019-12-07 17:03 - 000000000 ____D C:\Windows\CbsTemp
2023-12-01 09:57 - 2019-12-07 17:54 - 000023040 _____ (Microsoft Corporation) C:\Windows\system32\OEMDefaultAssociations.dll
2023-12-01 09:57 - 2019-12-07 17:54 - 000020827 _____ C:\Windows\system32\OEMDefaultAssociations.xml
2023-11-30 22:42 - 2022-10-26 01:59 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-11-25 23:25 - 2022-10-25 11:02 - 000000000 ____D C:\ProgramData\Razer
2023-11-25 22:57 - 2023-11-01 22:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox
2023-11-25 22:27 - 2023-10-05 23:44 - 000000000 ____D C:\Users\atobe\Documents\Docs
2023-11-25 19:57 - 2022-11-03 01:01 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2023-11-25 19:56 - 2023-10-10 13:45 - 000000000 ____D C:\Users\atobe\Documents\Image-Line
2023-11-25 19:56 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\registration
2023-11-17 21:46 - 2022-10-26 14:55 - 000000000 ____D C:\Users\atobe\AppData\Local\Steam
2023-11-17 03:50 - 2022-12-11 19:05 - 000000000 ____D C:\Users\atobe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2023-11-16 12:31 - 2023-01-11 10:30 - 000000000 ____D C:\Users\atobe\AppData\Local\Roblox
2023-11-15 05:16 - 2022-09-08 11:12 - 000000000 ____D C:\Windows\SystemTemp
2023-11-15 04:33 - 2019-12-07 17:14 - 000000000 ___SD C:\Windows\system32\UNP
2023-11-15 04:33 - 2019-12-07 17:14 - 000000000 ___RD C:\Windows\PrintDialog
2023-11-15 04:33 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2023-11-15 04:33 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\system32\migwiz
2023-11-15 04:33 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\ShellComponents
2023-11-15 04:20 - 2022-10-25 11:05 - 182871392 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2023-11-12 21:10 - 2022-12-13 02:42 - 000000000 ____D C:\Program Files\Riot Vanguard
2023-11-12 03:46 - 2022-11-03 04:07 - 000000000 ____D C:\Users\atobe\AppData\Local\OO Software
2023-11-10 08:09 - 2023-01-26 11:43 - 000000000 ____D C:\Users\atobe\AppData\LocalLow\Unity
2023-11-08 18:59 - 2022-10-25 11:03 - 000000000 ____D C:\ProgramData\Packages
2023-11-07 23:07 - 2023-09-25 19:27 - 000000000 ____D C:\Program Files (x86)\UltraViewer
2023-11-07 15:05 - 2022-10-26 01:59 - 000000000 ____D C:\Windows\system32\Drivers\wd
2023-11-04 23:59 - 2022-10-25 11:02 - 000000000 ____D C:\Users\atobe\AppData\Roaming\Microsoft\Windows
==================== Files in the root of some directories ========
2023-04-06 11:59 - 2023-04-08 18:49 - 000152276 _____ () C:\Users\atobe\AppData\Local\keyword.txt
2023-04-06 11:59 - 2023-04-08 18:49 - 000067928 _____ () C:\Users\atobe\AppData\Local\keyword.zip
2023-09-25 20:31 - 2023-09-25 20:31 - 000007601 _____ () C:\Users\atobe\AppData\Local\Resmon.ResmonCfg
2023-04-06 11:59 - 2023-04-09 00:42 - 000819383 _____ () C:\Users\atobe\AppData\Local\YouMeIMLogV2.txt
2023-04-06 11:59 - 2023-04-06 11:59 - 000008192 _____ () C:\Users\atobe\AppData\Local\youmeimprofile.db
2023-04-06 12:14 - 2023-04-06 12:14 - 000016384 _____ () C:\Users\atobe\AppData\Local\youme_im_message.db
2023-04-06 12:14 - 2023-04-06 12:14 - 000008192 _____ () C:\Users\atobe\AppData\Local\youme_im_notice.db
2023-04-06 11:59 - 2023-04-08 18:50 - 000008192 _____ () C:\Users\atobe\AppData\Local\youme_im_report.db
==================== FLock ==============================
2023-11-02 13:32 C:\Windows\UV_LastPW.ini
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2023
Ran by Burento (04-12-2023 21:35:01)
Running from C:\Users\atobe\Desktop
Microsoft Windows 10 Pro Version 22H2 19045.3758 (X64) (2022-10-25 03:00:46)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-1914130881-976919837-3734132408-500 - Administrator - Disabled)
Burento (S-1-5-21-1914130881-976919837-3734132408-1001 - Administrator - Enabled) => C:\Users\atobe
DefaultAccount (S-1-5-21-1914130881-976919837-3734132408-503 - Limited - Disabled)
Guest (S-1-5-21-1914130881-976919837-3734132408-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1914130881-976919837-3734132408-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 5.08.02.027 - Advanced Micro Devices, Inc.)
AMD GPIO2 Driver (HKLM-x32\...\{E9DD399F-21A3-479E-A7DF-D6CF4B2ADBF3}) (Version: 2.2.0.130 - Advanced Micro Devices, Inc.) Hidden
AMD PCI Driver (HKLM-x32\...\{80EC3CEE-2940-42A1-A776-B5D810D39F1E}) (Version: 1.0.0.90 - Advanced Micro Devices, Inc.) Hidden
AMD PSP Driver (HKLM-x32\...\{988F14B8-79A8-475D-BAC7-83F96AD3D821}) (Version: 5.24.0.0 - Advanced Micro Devices, Inc.) Hidden
AMD Ryzen Balanced Driver (HKLM-x32\...\{A171D320-C42C-4F3B-A2D8-C6A09F6788CC}) (Version: 8.0.0.13 - Advanced Micro Devices, Inc.) Hidden
AMD SBxxx SMBus Driver (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.38 - Advanced Micro Devices, Inc.) Hidden
AMD_Chipset_Drivers (HKLM-x32\...\{94dc9043-935f-4e10-ac8b-5ce0ac055188}) (Version: 5.08.02.027 - Advanced Micro Devices, Inc.) Hidden
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
CPUID CPU-Z MSI 2.06 (HKLM\...\CPUID CPU-Z MSI_is1) (Version: 2.06 - CPUID, Inc.)
CrystalDiskInfo 9.1.1 (HKLM\...\CrystalDiskInfo_is1) (Version: 9.1.1 - Crystal Dew World)
Discord (HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\Discord) (Version: 1.0.9016 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{20235E2B-1E9F-473D-A215-B2467F1F06E3}) (Version: 1.3.51.0 - Epic Games, Inc.)
Epic Online Services (HKLM-x32\...\{19695986-25CE-41AC-9C6F-54794653EDBA}) (Version: 2.0.36.0 - Epic Games, Inc.)
Equalizer APO (HKLM\...\EqualizerAPO) (Version: 1.3 - )
FL Studio 20 (HKLM-x32\...\FL Studio 20) (Version: - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
LatencyMon 7.31 (HKLM\...\LatencyMon_is1) (Version: 7.31 - Resplendence Software Projects Sp.)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft .NET Core Host - 3.1.31 (x64) (HKLM\...\{97ECD882-397F-4825-B7FB-1B9DF76B7DD9}) (Version: 24.124.31813 - Microsoft Corporation) Hidden
Microsoft .NET Core Host FX Resolver - 3.1.31 (x64) (HKLM\...\{4CF84AED-891D-4ECD-93FB-94B58A43F454}) (Version: 24.124.31813 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.31 (x64) (HKLM\...\{337A821B-2ED5-42BC-8699-238B600CBB73}) (Version: 24.124.31813 - Microsoft Corporation) Hidden
Microsoft .NET Host - 5.0.17 (x64) (HKLM\...\{E663ED1E-899C-40E8-91D0-8D37B95E3C69}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.11 (x64) (HKLM\...\{B92B890A-04F2-4880-BA20-20D4364FB263}) (Version: 48.47.50420 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.17 (x64) (HKLM\...\{8BA25391-0BE6-443A-8EBF-86A29BAFC479}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.11 (x64) (HKLM\...\{5E63E49B-C88C-46C5-855C-A7B07C11CDC8}) (Version: 48.47.50420 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x64) (HKLM\...\{5A66E598-37BD-4C8A-A7CB-A71C32ABCD78}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.11 (x64) (HKLM\...\{C3DD1448-513A-4DB8-978D-6991562EA63D}) (Version: 48.47.50420 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 119.0.2151.97 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 115.0.1901.188 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{56F27690-F6EA-3356-980A-02BA379506EE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{1b103cea-f037-4504-81de-956057b442c3}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.38.33130 (HKLM-x32\...\{1de5e707-82da-4db6-b810-5d140cc4cbb3}) (Version: 14.38.33130.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.38.33130 (HKLM-x32\...\{2cfeba4a-21f8-4ea7-9927-c5a5c6f13cc9}) (Version: 14.38.33130.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.38.33130 (HKLM\...\{C31777DB-51C1-4B19-9F80-38EF5C1D7C89}) (Version: 14.38.33130 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.38.33130 (HKLM\...\{1CA7421F-A225-4A9C-B320-A36981A2B789}) (Version: 14.38.33130 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.38.33130 (HKLM-x32\...\{5CA9AE7B-2EFC-4F02-81CD-32ABE173C755}) (Version: 14.38.33130 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.38.33130 (HKLM-x32\...\{DF1B52DF-C88E-4DDF-956B-6E7A03327F46}) (Version: 14.38.33130 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 3.1.31 (x64) (HKLM\...\{F3479C10-2CEA-4C17-8C49-5AD92965254D}) (Version: 24.124.31813 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 3.1.31 (x64) (HKLM-x32\...\{2c0fd312-a570-439d-8831-42fe66080acc}) (Version: 3.1.31.31813 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.17 (x64) (HKLM\...\{3C31CBA1-A0D9-4B95-A807-AD2313D12F47}) (Version: 40.68.31219 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 5.0.17 (x64) (HKLM-x32\...\{20d5df4e-006c-4d6d-a0dc-490d009b9786}) (Version: 5.0.17.31219 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 6.0.11 (x64) (HKLM\...\{A39D4115-3A27-4245-AE92-3214B8B21932}) (Version: 48.47.50419 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.11 (x64) (HKLM-x32\...\{c4846f79-a633-4ae4-92a3-92fdbeb33da2}) (Version: 6.0.11.31823 - Microsoft Corporation)
NVIDIA Graphics Driver 546.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 546.17 - NVIDIA Corporation)
NVIDIA NVIDIA RTX Voice Driver 1.0.0.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_RTXVoice.Driver) (Version: 1.0.0.2 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
NVIDIA RTX Voice Application (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_RTXVoice) (Version: 0.5.12.6 - NVIDIA Corporation)
NVIDIA USBC Driver 1.50.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.50.831.832 - NVIDIA Corporation)
Promontory_GPIO Driver (HKLM-x32\...\{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}) (Version: 3.0.0.0 - Advanced Micro Devices, Inc.) Hidden
Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.8.1031.110912 - Razer Inc.)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9601.1 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.64.316.2023 - Realtek)
Riot Client (HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\Riot Game Riot_Client.) (Version: - Riot Games, Inc)
Riot Vanguard (HKLM\...\Riot Vanguard) (Version: - Riot Games, Inc.)
Roblox Player for Burento (HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\roblox-player) (Version: - Roblox Corporation)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TechPowerUp GPU-Z (HKLM-x32\...\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1) (Version: 2.55.0 - TechPowerUp)
Thorium (HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\Thorium) (Version: 117.0.5938.157 - The Thorium Authors)
Tony Hawks Pro Skater 1 Plus 2 (HKLM-x32\...\Tony Hawks Pro Skater 1 Plus 2_is1) (Version: - )
UE4 Prerequisites (x64) (HKLM\...\{D7B591D8-1091-4A00-A0B3-5301C45E5D51}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
UltraViewer version 6.6.48 (HKLM-x32\...\{E0FABD74-083B-47F4-AC5B-CA4237BF8913}_is1) (Version: 6.6.48 - DucFabulous)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation)
VALORANT (HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\Riot Game valorant.live) (Version: - Riot Games, Inc)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.20 - VideoLAN)
Windows Driver Package - Razer Inc. (WinUSB) USB (05/04/2016 6.2.9200.16385) (HKLM\...\874D6B1A2BD2AE8FF3594AB704F2A4A3F8342FB5) (Version: 05/04/2016 6.2.9200.16385 - Razer Inc.)
WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH)
Packages:
=========
AV1 Video Extension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.61781.0_x64__8wekyb3d8bbwe [2023-11-25] (Microsoft Corporation)
EarTrumpet -> C:\Program Files\WindowsApps\40459File-New-Project.EarTrumpet_2.3.0.0_x86__1sdd7yawvg6ne [2023-11-25] (File-New-Project) [Startup Task]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-11-28] (NVIDIA Corp.)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2023-11-25] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2023-11-25] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.48.312.0_x64__dt26b99r8h8gj [2023-12-01] (Realtek Semiconductor Corp)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1914130881-976919837-3734132408-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1914130881-976919837-3734132408-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1914130881-976919837-3734132408-1001_Classes\CLSID\{5ea9a442-5352-ed6e-d37f-9d511e7e2caa}\localserver32 -> "C:\Program Files\PowerToys\PowerToys.PowerLauncher.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-1914130881-976919837-3734132408-1001_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\localserver32 -> C:\Users\atobe\AppData\Local\Thorium\Application\117.0.5938.157\notification_helper.exe (Alex313031) [File not signed]
ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvmdig.inf_amd64_1e678564fff99713\nvshext.dll [2023-11-10] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.XVID] => c:\windows\system32\xvidvfw.dll [251392 2017-12-08] () [File not signed]
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\atobe\Desktop\CLEAN TEMP .bat - Shortcut.lnk -> C:\Users\atobe\Documents\GameOptimize\Aysa FPS Folder\clean\CLEAN TEMP .bat ()
==================== Loaded Modules (Whitelisted) =============
2022-05-23 02:57 - 2022-05-23 02:57 - 000613376 _____ () [File not signed] C:\Program Files\EqualizerAPO\EqualizerAPO.dll
2016-07-31 05:42 - 2016-07-31 05:42 - 002772692 _____ () [File not signed] C:\Program Files\EqualizerAPO\libfftw3f-3.dll
2017-04-03 01:01 - 2017-04-03 01:01 - 001748992 _____ () [File not signed] C:\Program Files\EqualizerAPO\libsndfile-1.dll
2023-11-17 22:26 - 2023-10-11 02:19 - 000498176 _____ () [File not signed] C:\Users\atobe\AppData\Local\Thorium\Application\117.0.5938.157\libegl.dll
2023-11-17 22:26 - 2023-10-11 02:19 - 008403968 _____ () [File not signed] C:\Users\atobe\AppData\Local\Thorium\Application\117.0.5938.157\libglesv2.dll
2023-11-17 22:27 - 2023-10-11 02:19 - 005973504 _____ () [File not signed] C:\Users\atobe\AppData\Local\Thorium\Application\117.0.5938.157\vk_swiftshader.dll
2023-11-17 22:26 - 2023-10-11 02:19 - 237415424 _____ (Alex313031) [File not signed] C:\Users\atobe\AppData\Local\Thorium\Application\117.0.5938.157\chrome.dll
2023-11-17 22:26 - 2023-10-11 02:19 - 001394688 _____ (Alex313031) [File not signed] C:\Users\atobe\AppData\Local\Thorium\Application\117.0.5938.157\chrome_elf.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\mntemp:8EAD8B3507 [5138]
AlternateDataStreams: C:\ProgramData\perma.bm:4A13D2B240 [5138]
AlternateDataStreams: C:\ProgramData\rtpeskt:1F3D48CBE8 [5138]
AlternateDataStreams: C:\ProgramData\system.conf:0F57F3FDE6 [5138]
AlternateDataStreams: C:\ProgramData\system.conf:422D4106AB [5138]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:98F6F85C [114]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [5138]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [5138]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [5138]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk:E77773B271 [5138]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z.lnk:718E15FDE8 [5138]
AlternateDataStreams: C:\Users\atobe\Application Data:401b39480725c581a77cd78cb5a228f5 [394]
AlternateDataStreams: C:\Users\atobe\Application Data:671890e017d8a4fb26004192461213ff [394]
AlternateDataStreams: C:\Users\atobe\Application Data:6f253e6e4a0b5d350d885c54873a9999 [394]
AlternateDataStreams: C:\Users\atobe\Application Data:9e1811b514796fb3fd8d48513cdb9024 [394]
AlternateDataStreams: C:\Users\atobe\Application Data:a4a7135d5fc196220c4b1dfe38793a5a [394]
AlternateDataStreams: C:\Users\atobe\Application Data:cbb0660c87f0ef13f0dc1af5fc07272a [394]
AlternateDataStreams: C:\Users\atobe\Application Data:ec26fcc64579419b6922f3893f7e4905 [394]
AlternateDataStreams: C:\Users\atobe\AppData\Roaming:401b39480725c581a77cd78cb5a228f5 [394]
AlternateDataStreams: C:\Users\atobe\AppData\Roaming:671890e017d8a4fb26004192461213ff [394]
AlternateDataStreams: C:\Users\atobe\AppData\Roaming:6f253e6e4a0b5d350d885c54873a9999 [394]
AlternateDataStreams: C:\Users\atobe\AppData\Roaming:9e1811b514796fb3fd8d48513cdb9024 [394]
AlternateDataStreams: C:\Users\atobe\AppData\Roaming:a4a7135d5fc196220c4b1dfe38793a5a [394]
AlternateDataStreams: C:\Users\atobe\AppData\Roaming:cbb0660c87f0ef13f0dc1af5fc07272a [394]
AlternateDataStreams: C:\Users\atobe\AppData\Roaming:ec26fcc64579419b6922f3893f7e4905 [394]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [8374]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
==================== Association (Whitelisted) =================
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\Software\Classes\regfile: <==== ATTENTION
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\Software\Classes\.reg: => <==== ATTENTION
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\Software\Classes\.bat: => <==== ATTENTION
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\Software\Classes\.cmd: => <==== ATTENTION
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 17:14 - 2023-09-26 10:08 - 000003200 _____ C:\Windows\system32\drivers\etc\hosts
109.94.209.70 fitgirlrepacks.in # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.in # Fake FitGirl site
109.94.209.70 fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 fitgirl-repacks.to # Fake FitGirl site
109.94.209.70 fitgirl-repack.com # Fake FitGirl site
109.94.209.70 fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.to # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.com # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 ww9.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 *.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repack.net # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.net # Fake FitGirl site
109.94.209.70 fitgirlpack.site # Fake FitGirl site
109.94.209.70 www.fitgirlpack.site # Fake FitGirl site
109.94.209.70 fitgirl-repack.org # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.org # Fake FitGirl site
109.94.209.70 fitgirlrepacks.pro # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.pro # Fake FitGirl site
109.94.209.70 fitgirlrepack.games # Fake FitGirl site
109.94.209.70 www.fitgirlrepack.games # Fake FitGirl site
109.94.209.70 fitgirl-repacks-site.org # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks-site.org # Fake FitGirl site
109.94.209.70 fitgirls-repacks.com # Fake FitGirl site
109.94.209.70 fitgirlrepack.cc # Fake FitGirl site
109.94.209.70 fitgirlrepacks.org # Fake FitGirl site
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\Control Panel\Desktop\\Wallpaper -> D:\Users\Brent Martin\Pictures\Neomuhae II\338915506_1357099454858559_4899861212144086898_n.jpg
DNS Servers: 1.1.1.1 - 1.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\Services: EasyAntiCheat_EOS => 3
MSCONFIG\Services: EpicOnlineServices => 3
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IMFservice => 3
MSCONFIG\Services: PCManager Service => 2
MSCONFIG\Services: ProtonVPN Service => 3
MSCONFIG\Services: ProtonVPN WireGuard => 3
MSCONFIG\Services: RvControlSvc => 3
MSCONFIG\Services: TeamViewer => 3
HKLM\...\StartupApproved\StartupFolder: => "AnyDesk.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "Riot Vanguard"
HKLM\...\StartupApproved\Run32: => "Discord"
HKLM\...\StartupApproved\Run32: => "RadminVPN"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "Netmarble Launcher"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "Synapse3"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "Battle.net"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_99AB2386BA0AFF948500766949EA6367"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "Glyph Client"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "RiotClient"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "ProtonVPN"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "TeraBox"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "TeraBoxWeb"
HKU\S-1-5-21-1914130881-976919837-3734132408-1001\...\StartupApproved\Run: => "IDMan"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{8C426E08-8407-4F95-BF4C-05ABAB54CB31}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{0D07FBA8-8BAF-47CF-9165-4B25DCE202DC}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{6552CA0D-5356-4F62-B5D3-5408DA567C2D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{C9016994-AB95-4EBE-B38C-0831ADA9235A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{60112DA9-7D02-4E20-9368-B8A53BD3827B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{7E5FDBD4-70E3-4051-9E2D-FD8CA30BBF08}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [TCP Query User{0671EB70-A463-47DB-A762-93C6096A11B8}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [UDP Query User{422BA90D-D9FD-4C6B-A28B-A618127D4A29}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [{6D972FA1-2B08-45CF-88AE-D3D8A4671F5F}] => (Allow) C:\Riot Games\VALORANT\live\VALORANT.exe (Riot Games, Inc. -> Riot Games)
FirewallRules: [{489794AE-77EE-4797-A9FB-1BC73B6338DB}] => (Allow) C:\Riot Games\VALORANT\live\VALORANT.exe (Riot Games, Inc. -> Riot Games)
FirewallRules: [{E829A648-6E48-4FDF-8DD0-2E5F7369B156}] => (Allow) C:\Riot Games\VALORANT\live\ShooterGame\Binaries\Win64\VALORANT-Win64-Shipping.exe (Riot Games, Inc. -> Riot Games)
FirewallRules: [{47457A3F-903A-4FC4-B205-9E4BF36747D5}] => (Allow) C:\Riot Games\VALORANT\live\ShooterGame\Binaries\Win64\VALORANT-Win64-Shipping.exe (Riot Games, Inc. -> Riot Games)
FirewallRules: [{E0CEDCC0-9D81-46D1-84F1-761031F30982}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{BE838F45-ADB0-4B80-9644-8F9F7B235618}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{0BC962BA-E681-4A13-B6CE-6BA2B28302E0}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{9FA623B2-5480-4781-9D80-03CD2C276DDE}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{83B21BF0-6A74-4816-B486-C9D1ED0076DE}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{5B4C74F8-F4C4-4578-807F-E6AE1AC38BC6}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{371380C1-C5D0-4933-A7A5-1B0B4364BA32}] => (Allow) LPort=2099
FirewallRules: [{05027FC0-8EC2-4817-8A28-300A936F02A8}] => (Allow) LPort=5223
FirewallRules: [{D06A136F-6262-4CA9-A2F4-D5DB5233A51C}] => (Allow) LPort=5222
FirewallRules: [{1D4848FC-E387-4176-9FD1-10D369897E5D}] => (Allow) LPort=80
FirewallRules: [{5FA538C9-A3E8-4A88-AAFB-97FF9860DBD7}] => (Allow) LPort=443
FirewallRules: [{5C7D414D-7BD6-47C8-A720-8BAF0FEB7870}] => (Allow) LPort=8088
FirewallRules: [{434D6E9A-D91A-47B2-A6B9-8B643842B768}] => (Allow) LPort=8088
FirewallRules: [{5E7A6138-AC4D-4959-B565-92C622FC0BFA}] => (Allow) C:\Riot Games\VALORANT\live\VALORANT.exe (Riot Games, Inc. -> Riot Games)
FirewallRules: [{03A58B38-BC2C-4DED-8212-333A192451E2}] => (Allow) C:\Riot Games\VALORANT\live\VALORANT.exe (Riot Games, Inc. -> Riot Games)
FirewallRules: [{E048D2FD-BF2A-4000-AE5D-35DF888BDC45}] => (Allow) C:\Program Files\Riot Vanguard\vgc.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{E6DFDC83-8E59-41FF-9ACC-9685FCCAD980}] => (Allow) C:\Program Files\Riot Vanguard\vgc.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{E6825A23-D51C-4277-B011-98A44AD20FA9}] => (Allow) C:\Riot Games\Riot Client\RiotClientServices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{0833BCBF-E22A-4C32-93AC-2E3DC38DC754}] => (Allow) C:\Riot Games\Riot Client\RiotClientServices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{758C93E3-2803-4C8E-8853-6D901816A32A}] => (Allow) E:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [{548FB8E5-8E2E-4C87-84D5-3186479755F0}] => (Allow) E:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [TCP Query User{79F2A70B-17FA-4A0D-B4FE-5928C9ABFE16}C:\counter-strike-original\hl.exe] => (Allow) C:\counter-strike-original\hl.exe => No File
FirewallRules: [UDP Query User{6CCE973E-329D-4177-9B84-6C9EFC4F709D}C:\counter-strike-original\hl.exe] => (Allow) C:\counter-strike-original\hl.exe => No File
FirewallRules: [TCP Query User{33652D8A-1B9E-4DCC-90E6-50EE3685F797}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{D42B1470-8396-403D-9BDE-FA7354CBD207}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{60CB3AF8-1CCE-4F9B-82C4-85B61B56391D}] => (Allow) C:\Riot Games\VALORANT\live\VALORANT.exe (Riot Games, Inc. -> Riot Games)
FirewallRules: [{5CF05C24-A937-4575-80BA-A75EB4EEFBCC}] => (Allow) C:\Riot Games\VALORANT\live\VALORANT.exe (Riot Games, Inc. -> Riot Games)
FirewallRules: [{CE491951-4055-49EB-B52D-56E416FE912F}] => (Allow) C:\Riot Games\VALORANT\live\VALORANT.exe (Riot Games, Inc. -> Riot Games)
FirewallRules: [{980782DD-9CE6-40A7-8B61-908FB4469B09}] => (Allow) C:\Riot Games\VALORANT\live\VALORANT.exe (Riot Games, Inc. -> Riot Games)
FirewallRules: [{745DEFB6-B960-4739-BE5D-E7D5A908F045}] => (Allow) C:\Riot Games\VALORANT\live\ShooterGame\Binaries\Win64\VALORANT-Win64-Shipping.exe (Riot Games, Inc. -> Riot Games)
FirewallRules: [{981BE553-31D0-40E3-AAB3-A9366A0C75B0}] => (Allow) C:\Riot Games\VALORANT\live\ShooterGame\Binaries\Win64\VALORANT-Win64-Shipping.exe (Riot Games, Inc. -> Riot Games)
FirewallRules: [{988747E5-EC80-4887-8854-929A302D7A8B}] => (Allow) C:\Riot Games\VALORANT\live\ShooterGame\Binaries\Win64\VALORANT-Win64-Shipping.exe (Riot Games, Inc. -> Riot Games)
FirewallRules: [{5C319DD3-3E88-4046-ABAE-B3095C16054D}] => (Allow) C:\Riot Games\VALORANT\live\ShooterGame\Binaries\Win64\VALORANT-Win64-Shipping.exe (Riot Games, Inc. -> Riot Games)
FirewallRules: [{F96FB750-C5D7-4E44-88EC-D9B277CCF7C9}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Client.exe => No File
FirewallRules: [{E9E0256F-4DB3-4E1B-BA78-B003841A35DC}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Client.exe => No File
FirewallRules: [{956B912A-C22D-4A56-8A74-C34970B71891}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Client.exe => No File
FirewallRules: [{6013F402-18C8-48F3-B055-DF8A965A70E4}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Client.exe => No File
FirewallRules: [{62A45987-67BE-4018-83AF-2E1A5BC0D379}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Amanoma Patcher.exe => No File
FirewallRules: [{7D80EA22-EBCB-4E0F-AAF2-4A992C526050}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Amanoma Patcher.exe => No File
FirewallRules: [{D0DDE83B-B89E-4E8D-B161-62BC9C775563}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Amanoma Patcher.exe => No File
FirewallRules: [{18B54967-04C7-4E74-9DCF-AEB13BB58F44}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Amanoma Patcher.exe => No File
FirewallRules: [{85F7C383-4411-4167-9818-66F2160C6360}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Amanoma Patcher NEW.exe => No File
FirewallRules: [{79D42EF5-BFAA-430C-85E6-7730F2F10FB9}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Amanoma Patcher NEW.exe => No File
FirewallRules: [{33A7D57C-BED6-4C75-9CA2-C8555C4BCD09}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Amanoma Patcher NEW.exe => No File
FirewallRules: [{F7D55B4B-C34F-4962-A721-6B140F88AFEF}] => (Allow) C:\Program Files\Amanoma FlyFF Client\Amanoma Patcher NEW.exe => No File
FirewallRules: [{16B82B12-BB62-4F78-A283-AB4CD8746E29}] => (Allow) C:\Program Files\Amanoma FlyFF Client\MiniA.exe => No File
FirewallRules: [{DD8BBE80-6B3E-4AC2-8659-A747E6884E8C}] => (Allow) C:\Program Files\Amanoma FlyFF Client\MiniA.exe => No File
FirewallRules: [{76DBF020-19EE-4617-B480-72476631C6BC}] => (Allow) C:\Program Files\Amanoma FlyFF Client\MiniA.exe => No File
FirewallRules: [{41DF0742-D3C5-4F6E-82C9-1B75388613C7}] => (Allow) C:\Program Files\Amanoma FlyFF Client\MiniA.exe => No File
FirewallRules: [{E3A5AF8C-8FE9-42B8-82C6-BC5CED286852}] => (Allow) C:\Users\atobe\Documents\Games\CS1.3\AGCSv1.exe => No File
FirewallRules: [{116A493E-7EF2-4D0F-9550-91EE7F261653}] => (Allow) C:\Users\atobe\Documents\Games\CS1.3\AGCSv1.exe => No File
FirewallRules: [{6B551386-E949-4F29-A708-FFB359E1EB59}] => (Allow) C:\Users\atobe\Documents\Games\CS1.3\AGCSv1.exe => No File
FirewallRules: [{0855753B-A884-4FF2-A3AC-09BDFD80022D}] => (Allow) C:\Users\atobe\Documents\Games\CS1.3\AGCSv1.exe => No File
FirewallRules: [TCP Query User{A59ADE67-D1F9-4668-B5F2-1FAB6AE042D0}C:\users\atobe\documents\games\trombonechamp\trombone.champ.v1.0898-goldberg\trombonechamp.exe] => (Allow) C:\users\atobe\documents\games\trombonechamp\trombone.champ.v1.0898-goldberg\trombonechamp.exe => No File
FirewallRules: [UDP Query User{3DD2B027-C64B-4076-8135-ADF07C69DEAC}C:\users\atobe\documents\games\trombonechamp\trombone.champ.v1.0898-goldberg\trombonechamp.exe] => (Allow) C:\users\atobe\documents\games\trombonechamp\trombone.champ.v1.0898-goldberg\trombonechamp.exe => No File
FirewallRules: [TCP Query User{6EA57D2E-459B-45C7-BF42-77E4A9FA9890}C:\program files\gamelauncher\roo_pc\ro.exe] => (Allow) C:\program files\gamelauncher\roo_pc\ro.exe => No File
FirewallRules: [UDP Query User{EBE5B732-0177-4534-B587-5006A1FAAFDD}C:\program files\gamelauncher\roo_pc\ro.exe] => (Allow) C:\program files\gamelauncher\roo_pc\ro.exe => No File
FirewallRules: [TCP Query User{A7DA3341-BF91-4D18-B714-030E59BA00C7}C:\program files\gamelauncher\roo_pc\ro_data\plugins\x86_64\vuplexwebviewchromium\vuplex webview.vuplex] => (Allow) C:\program files\gamelauncher\roo_pc\ro_data\plugins\x86_64\vuplexwebviewchromium\vuplex webview.vuplex => No File
FirewallRules: [UDP Query User{3976A0C3-57B7-4BED-A1A1-F130BAFB94FD}C:\program files\gamelauncher\roo_pc\ro_data\plugins\x86_64\vuplexwebviewchromium\vuplex webview.vuplex] => (Allow) C:\program files\gamelauncher\roo_pc\ro_data\plugins\x86_64\vuplexwebviewchromium\vuplex webview.vuplex => No File
FirewallRules: [{DE056BE2-CC18-4483-ACB7-4562F6BC471A}] => (Allow) E:\SteamLibrary\steamapps\common\LEAP Playtest\start_protected_game.exe => No File
FirewallRules: [{5A9A3304-09E7-4ED6-A072-7370F1FACF5F}] => (Allow) E:\SteamLibrary\steamapps\common\LEAP Playtest\start_protected_game.exe => No File
FirewallRules: [{319F2BA6-65FD-49A2-A6BB-0238582FB148}] => (Allow) E:\SteamLibrary\steamapps\common\Retail Royale\IkeaBR_Server.exe => No File
FirewallRules: [{EB5340BA-B79D-4AF4-B030-2DCCB18E3826}] => (Allow) E:\SteamLibrary\steamapps\common\Retail Royale\IkeaBR_Server.exe => No File
FirewallRules: [{AAFD46BC-FCF2-4A6C-864B-A9BDBCB2ACE4}] => (Allow) C:\Program => No File
FirewallRules: [{D0D47D0A-941D-4AEF-B506-9284145F0A2E}] => (Allow) C:\Program => No File
FirewallRules: [{450F9AE4-AB25-4FDA-BB12-7D2878133A87}] => (Allow) C:\Program => No File
FirewallRules: [{70D07DDA-F878-4A85-A90C-1DFB557FDCCF}] => (Allow) C:\Program => No File
FirewallRules: [TCP Query User{F9F5D99C-829F-4B2C-80BE-D389F05BB162}C:\program files (x86)\mumu\emulator\nemu\emulatorshell\nemuplayer.exe] => (Allow) C:\program files (x86)\mumu\emulator\nemu\emulatorshell\nemuplayer.exe => No File
FirewallRules: [UDP Query User{C3F12465-67CF-47F4-B278-B1A0879837EB}C:\program files (x86)\mumu\emulator\nemu\emulatorshell\nemuplayer.exe] => (Allow) C:\program files (x86)\mumu\emulator\nemu\emulatorshell\nemuplayer.exe => No File
FirewallRules: [TCP Query User{081E98F2-85E6-4478-A6AB-392126C9C392}E:\steamlibrary\steamapps\common\naraka bladepoint\narakabladepoint.exe] => (Allow) E:\steamlibrary\steamapps\common\naraka bladepoint\narakabladepoint.exe => No File
FirewallRules: [UDP Query User{0D03F58F-14B8-41F5-9F15-741D54A0A9C8}E:\steamlibrary\steamapps\common\naraka bladepoint\narakabladepoint.exe] => (Allow) E:\steamlibrary\steamapps\common\naraka bladepoint\narakabladepoint.exe => No File
FirewallRules: [{0A1FA9CB-B647-4AFC-A4F5-CC1E7E71ECF8}] => (Allow) C:\Users\atobe\Downloads\AnyDesk.exe => No File
FirewallRules: [{00BF8CF7-C3F5-4462-B2EC-227E9C1831B8}] => (Allow) C:\Users\atobe\Downloads\AnyDesk.exe => No File
FirewallRules: [{52384158-878E-4184-929D-6CACD93CECD3}] => (Allow) C:\Users\atobe\Downloads\AnyDesk.exe => No File
FirewallRules: [{1C09A530-F61D-4C51-AAE9-FF1B518E9A4C}] => (Allow) C:\Users\atobe\Downloads\AnyDesk.exe => No File
FirewallRules: [{C6857852-45D2-43D6-9D49-FFE001F708F5}] => (Allow) C:\Users\atobe\Downloads\AnyDesk.exe => No File
FirewallRules: [{F4FFA4A8-5AF6-43E2-9770-CDDDD90620DD}] => (Allow) C:\Users\atobe\Downloads\AnyDesk.exe => No File
FirewallRules: [TCP Query User{33B2BDAD-F627-43B9-82C0-A13774B12483}C:\users\atobe\documents\games\wwe 2k23 icon edition\wwe 2k23\wwe2k23_x64.exe] => (Allow) C:\users\atobe\documents\games\wwe 2k23 icon edition\wwe 2k23\wwe2k23_x64.exe => No File
FirewallRules: [UDP Query User{1AFE6EC2-31BF-497C-A4C0-E91C495B9BE0}C:\users\atobe\documents\games\wwe 2k23 icon edition\wwe 2k23\wwe2k23_x64.exe] => (Allow) C:\users\atobe\documents\games\wwe 2k23 icon edition\wwe 2k23\wwe2k23_x64.exe => No File
FirewallRules: [TCP Query User{7B8D5A2E-6543-40F9-90B9-3AC0BDC5A3B0}C:\users\atobe\appdata\local\discord\app-1.0.9016\discord.exe] => (Allow) C:\users\atobe\appdata\local\discord\app-1.0.9016\discord.exe => No File
FirewallRules: [UDP Query User{2B1711FE-A84B-4EBD-8294-ECA9AD800C7D}C:\users\atobe\appdata\local\discord\app-1.0.9016\discord.exe] => (Allow) C:\users\atobe\appdata\local\discord\app-1.0.9016\discord.exe => No File
FirewallRules: [{5AD0833E-69EA-41D4-B74A-32221030FB03}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.188\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{1C7BBB07-DB0A-4BE0-8579-E5EAC04CCC3A}C:\users\atobe\documents\games\warcraft iii\war3.exe] => (Allow) C:\users\atobe\documents\games\warcraft iii\war3.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{F834D4E9-7889-49E2-86E2-3738BBF06CB4}C:\users\atobe\documents\games\warcraft iii\war3.exe] => (Allow) C:\users\atobe\documents\games\warcraft iii\war3.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{702757D7-9BA2-46B4-8439-0B0CC9E39477}D:\games\left 4 dead 2\left4dead2.exe] => (Allow) D:\games\left 4 dead 2\left4dead2.exe => No File
FirewallRules: [UDP Query User{4B3F44D7-94B5-46AD-AE09-EDA247F1D9F9}D:\games\left 4 dead 2\left4dead2.exe] => (Allow) D:\games\left 4 dead 2\left4dead2.exe => No File
FirewallRules: [TCP Query User{71FC2A33-4C5A-43BA-9218-FE8C1FF86307}C:\program files\tiktok live studio\0.41.4\tiktok live studio.exe] => (Allow) C:\program files\tiktok live studio\0.41.4\tiktok live studio.exe => No File
FirewallRules: [UDP Query User{CCBF34CF-646E-4156-9FFF-128AD5B43C86}C:\program files\tiktok live studio\0.41.4\tiktok live studio.exe] => (Allow) C:\program files\tiktok live studio\0.41.4\tiktok live studio.exe => No File
FirewallRules: [TCP Query User{9D5241FD-DA39-44A5-9301-08D4DB046B85}C:\users\atobe\documents\games\mythforce\mythforce.build.12203944\mythforce\binaries\win64\mythforce-win64-shipping.exe] => (Allow) C:\users\atobe\documents\games\mythforce\mythforce.build.12203944\mythforce\binaries\win64\mythforce-win64-shipping.exe => No File
FirewallRules: [UDP Query User{F27810E7-4747-490D-BB0C-796545A23282}C:\users\atobe\documents\games\mythforce\mythforce.build.12203944\mythforce\binaries\win64\mythforce-win64-shipping.exe] => (Allow) C:\users\atobe\documents\games\mythforce\mythforce.build.12203944\mythforce\binaries\win64\mythforce-win64-shipping.exe => No File
FirewallRules: [TCP Query User{73050D7E-037A-4588-9D19-4621CCF70CE0}C:\games\tony hawks pro skater 1 plus 2\base\binaries\win64\thps12.exe] => (Allow) C:\games\tony hawks pro skater 1 plus 2\base\binaries\win64\thps12.exe (Activision Publishing Inc -> Activision Publishing Inc.) [File not signed]
FirewallRules: [UDP Query User{850FB46A-2C73-4E35-800B-DC371BB9E20F}C:\games\tony hawks pro skater 1 plus 2\base\binaries\win64\thps12.exe] => (Allow) C:\games\tony hawks pro skater 1 plus 2\base\binaries\win64\thps12.exe (Activision Publishing Inc -> Activision Publishing Inc.) [File not signed]
FirewallRules: [{991B79BC-CD9D-42E6-8CF9-1F71B0C321C8}] => (Allow) E:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\game\bin\win64\cs2.exe (Valve Corp. -> )
FirewallRules: [{D14BD3A7-EFD4-4E7D-8D2D-66DB35BA29F4}] => (Allow) E:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\game\bin\win64\cs2.exe (Valve Corp. -> )
FirewallRules: [{524D4CE7-33EE-4D31-A597-662816B14943}] => (Allow) C:\Users\atobe\Documents\Spotify\Spotify 1.2.22.982.exe (LR) [File not signed]
FirewallRules: [{335CEB8E-1D32-4E26-9141-0773D3B8D333}] => (Allow) C:\Users\atobe\Documents\Spotify\Spotify 1.2.22.982.exe (LR) [File not signed]
FirewallRules: [{DCC367E1-BDBB-4E70-B4FF-F67C36385F14}] => (Allow) C:\Users\atobe\Documents\Spotify\Spotify 1.2.22.982.exe (LR) [File not signed]
FirewallRules: [{003DF336-4F41-48E0-976D-59056A48A3A4}] => (Allow) C:\Users\atobe\Documents\Spotify\Spotify 1.2.22.982.exe (LR) [File not signed]
FirewallRules: [{FBB0090E-74BF-47FA-B40F-CFC80D5E8E5A}] => (Allow) C:\Users\atobe\Documents\Spotify\Spotify\SpotifyPortable.exe (LRepacks) [File not signed]
FirewallRules: [{75246FBA-2CE2-4430-8ECA-435913DB3CBA}] => (Allow) C:\Users\atobe\Documents\Spotify\Spotify\SpotifyPortable.exe (LRepacks) [File not signed]
FirewallRules: [{BBA18ABF-A492-44D1-94A8-4A55CB27C533}] => (Allow) C:\Users\atobe\Documents\Spotify\Spotify\SpotifyPortable.exe (LRepacks) [File not signed]
FirewallRules: [{43B9A126-A5B2-4B81-834F-77049BEE1C51}] => (Allow) C:\Users\atobe\Documents\Spotify\Spotify\SpotifyPortable.exe (LRepacks) [File not signed]
FirewallRules: [TCP Query User{C4BCC487-FFB9-4B86-9566-09DC67D7635B}C:\users\atobe\documents\spotify\spotify\app\spotify\spotify.exe] => (Allow) C:\users\atobe\documents\spotify\spotify\app\spotify\spotify.exe (Spotify Ltd) [File not signed]
FirewallRules: [UDP Query User{6C0AF0C4-62FA-46FD-B34A-11CB57CA83F3}C:\users\atobe\documents\spotify\spotify\app\spotify\spotify.exe] => (Allow) C:\users\atobe\documents\spotify\spotify\app\spotify\spotify.exe (Spotify Ltd) [File not signed]
FirewallRules: [TCP Query User{1D7EA484-0CEE-43ED-B700-29A1F6F0A89A}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{E5613A94-2E4E-4435-BEC5-D752ADC76846}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{A5ACB11B-A731-4F7C-B472-57FDFB48A6BC}] => (Allow) LPort=26822
FirewallRules: [{37626B05-4BA5-403D-819A-324FAD04C1D5}] => (Allow) LPort=32683
FirewallRules: [TCP Query User{B1D03B68-BF38-441E-9A62-CAC2F8344E88}C:\users\atobe\documents\installers\thorium\bin\thorium.exe] => (Allow) C:\users\atobe\documents\installers\thorium\bin\thorium.exe => No File
FirewallRules: [UDP Query User{C6C2C3BE-8391-42F4-82B8-FF4CFA166D9A}C:\users\atobe\documents\installers\thorium\bin\thorium.exe] => (Allow) C:\users\atobe\documents\installers\thorium\bin\thorium.exe => No File
FirewallRules: [{C9975CF6-AC79-422D-9E74-A428CFB81CC2}] => (Allow) C:\Users\atobe\AppData\Local\Thorium\Application\thorium.exe (Alex313031) [File not signed]
FirewallRules: [{6566A870-706E-40D7-9988-B117983E7E45}] => (Allow) C:\Games\Counter-Strike WaRzOnE\hl.exe => No File
FirewallRules: [{8B200EF4-E551-4F41-AF3C-F6B8BA8C478B}] => (Allow) C:\Games\Counter-Strike WaRzOnE\hl.exe => No File
FirewallRules: [TCP Query User{840B1CBC-2DFE-45E8-BC41-51818182C01B}C:\games\half-life1016\hl.exe] => (Allow) C:\games\half-life1016\hl.exe => No File
FirewallRules: [UDP Query User{52D8700C-E4E0-4D0E-89EC-8C4231855934}C:\games\half-life1016\hl.exe] => (Allow) C:\games\half-life1016\hl.exe => No File
FirewallRules: [TCP Query User{A81B389D-6747-4A9B-867D-5AF3CC53CC79}C:\program files\half-life1016\hl.exe] => (Block) C:\program files\half-life1016\hl.exe => No File
FirewallRules: [UDP Query User{F5E8AC9E-C8F0-4331-AF5C-44E89D1CCF60}C:\program files\half-life1016\hl.exe] => (Block) C:\program files\half-life1016\hl.exe => No File
FirewallRules: [TCP Query User{5FD326DE-16F2-4CBE-803F-BA5496B60ACE}C:\sierra\hl.exe] => (Allow) C:\sierra\hl.exe => No File
FirewallRules: [UDP Query User{5BC1D687-B0D6-4D77-8B83-37A0E778D8F9}C:\sierra\hl.exe] => (Allow) C:\sierra\hl.exe => No File
==================== Restore Points =========================
04-12-2023 02:12:13 Revo Uninstaller's restore point - yt-dlp
04-12-2023 21:30:37 FRST
==================== Faulty Device Manager Devices ============
Name: High precision event timer
Description: High precision event timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: High Definition Audio Controller
Description: High Definition Audio Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: ========================
Application errors:
==================
Error: (12/04/2023 09:29:06 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\BURENTO$ via https://amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep failed:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Mon, 04 Dec 2023 13:29:08 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 1ab66cf6-8656-49ed-b3fe-73b58edc2546
Method: GET(703ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (12/04/2023 08:33:29 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\BURENTO$ via https://amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep failed:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Mon, 04 Dec 2023 12:33:31 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: bf556ba2-d5e8-4027-aae2-92f5cf4da228
Method: GET(547ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (12/04/2023 08:16:57 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\BURENTO$ via https://amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep failed:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Mon, 04 Dec 2023 12:16:59 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 9a9cec55-2a13-4e21-b752-bc872182efc6
Method: GET(468ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (12/04/2023 08:14:15 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\BURENTO$ via https://amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep failed:
GetCACaps
Method: GET(16ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)
Error: (12/04/2023 08:13:47 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
Error: (12/04/2023 02:12:14 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (12/04/2023 02:11:58 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.
Operation:
Executing Asynchronous Operation
Context:
Current State: DoSnapshotSet
Error: (12/04/2023 02:11:47 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
System errors:
=============
Error: (12/04/2023 09:32:53 PM) (Source: DCOM) (EventID: 10010) (User: BURENTO)
Description: The server MicrosoftWindows.Client.CBS_1000.19053.1000.0_x64__cw5n1h2txyewy!InputApp did not register with DCOM within the required timeout.
Error: (12/04/2023 09:32:45 PM) (Source: DCOM) (EventID: 10010) (User: BURENTO)
Description: The server MicrosoftWindows.Client.CBS_1000.19053.1000.0_x64__cw5n1h2txyewy!InputApp did not register with DCOM within the required timeout.
Error: (12/04/2023 09:31:53 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.
Error: (12/04/2023 09:31:49 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.
Error: (12/04/2023 09:31:46 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.
Error: (12/04/2023 09:31:42 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.
Error: (12/04/2023 09:31:38 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.
Error: (12/04/2023 09:31:34 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.
Windows Defender:
================
Date: 2023-12-02 23:51:55
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
HackTool:Win32/Keygen threat description - Microsoft Security Intelligence
Name: HackTool:Win32/Keygen
Severity: High
Category: Tool
Path: file:_C:\Users\atobe\Downloads\Programs\Movavi Video Converter Premium 22.4.0.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.401.1546.0, AS: 1.401.1546.0, NIS: 1.401.1546.0
Engine Version: AM: 1.1.23100.2009, NIS: 1.1.23100.2009
Date: 2023-12-02 23:51:44
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
HackTool:Win32/Keygen threat description - Microsoft Security Intelligence
Name: HackTool:Win32/Keygen
Severity: High
Category: Tool
Path: file:_C:\Users\atobe\Downloads\Programs\Movavi Video Converter Premium 22.4.0.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.401.1546.0, AS: 1.401.1546.0, NIS: 1.401.1546.0
Engine Version: AM: 1.1.23100.2009, NIS: 1.1.23100.2009
Date: 2023-12-02 23:51:34
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
HackTool:Win32/Keygen threat description - Microsoft Security Intelligence
Name: HackTool:Win32/Keygen
Severity: High
Category: Tool
Path: file:_C:\Users\atobe\Downloads\Programs\Movavi Video Converter Premium 22.4.0.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: Unknown
Security intelligence Version: AV: 1.401.1546.0, AS: 1.401.1546.0, NIS: 1.401.1546.0
Engine Version: AM: 1.1.23100.2009, NIS: 1.1.23100.2009
Date: 2023-12-01 13:52:33
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Custom Scan
Event[0]:
Date: 2023-11-25 19:57:53
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80070003
Error description: The system cannot find the path specified.
Security intelligence Version: 0.0.0.0;0.0.0.0
Engine Version: 0.0.0.0
==================== Memory info ===========================
BIOS: American Megatrends International, LLC. 2.K0 10/20/2023
Motherboard: Micro-Star International Co., Ltd. B450M MORTAR MAX (MS-7B89)
Processor: AMD Ryzen 5 3600 6-Core Processor
Percentage of memory in use: 24%
Total physical RAM: 16309.54 MB
Available physical RAM: 12367.57 MB
Total Virtual: 18997.54 MB
Available Virtual: 13588.43 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:341.16 GB) (Free:170.58 GB) (Model: Samsung SSD 860 EVO 500GB) NTFS
Drive d: (HDD) (Fixed) (Total:930.91 GB) (Free:733.5 GB) (Model: WDC WD10EZEX-21M2NA0) NTFS
Drive e: (New Volume) (Fixed) (Total:123.96 GB) (Free:35.67 GB) (Model: Samsung SSD 860 EVO 500GB) NTFS
\\?\Volume{306c1475-881e-499f-8a6a-4e1f7517d9b8}\ () (Fixed) (Total:0.52 GB) (Free:0.06 GB) NTFS
\\?\Volume{7d909c85-b9a6-4f5d-8695-1f401beb88e5}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: CF2238B6)
Partition: GPT.
==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: B6A65161)
Partition: GPT.
==================== End of Addition.txt =======================
