Windows 10 - ActiveX/COM Issue - system32\RandomName.dll

9092374756 · 10.09.2022, 12:13

Hallo zusammen,

es geht um einen reg. Eintrag von einer nicht existierenden dll im System32.
Der Name dieser dll ist immer wieder anders, ich habe noch nicht herausgefunden wann dieser Registereintrag neu erstellt wird, manchmal nach einem neustart, manchmal erst nach ein paar Stunden PC Nutzung.

Das einzige das ich im Web gefunden habe, das ungefähr passt ist das hier:
https://community.norton.com/en/forums/there-are-suspicious-clsid-reg-virus-or-something

Mein Antivirus ist seit über 5 Jahren - Norton.
Diesen Registereintrag habe ich jedoch erst vor etwa 2 Monaten bemerkt.
Seit dem habe ich Windows 10 - 3 mal komplett neu installiert und diese dll wird noch immer mit zufälligem Namen im Register eingetragen.
Die Windows ISOs habe ich mir immer per Media Creation tool von Microsoft auf einen Stick gezogen, Windows ist legal aktiviert ebenso jedes andere Programm das ist benutze.

Auszug aus CCleaner:

Code:

ATTFilter

ActiveX/COM Issue	LocalServer32\C:\Windows\SysWOW64\Speech_OneCore\Common\SpeechRuntime.exe -ToastNotifier	HKCR\CLSID\{265b1075-d22b-41eb-bc97-87568f3e6dab}
ActiveX/COM Issue	InProcServer32\%SystemRoot%\system32\jtjppftquows.dll	HKCR\CLSID\{B6BB91E0-E023-BD21-A045-44B4A7F0B4F3}
ActiveX/COM Issue	InProcServer32\C:\Program Files\Norton Security\Engine\22.22.7.14\McStatus.dll	HKCR\CLSID\{09D32393-10DA-4eca-91AA-AD11C69DB966}
Missing TypeLib Reference	IBackupLocationsShellFolderImpl - {00020424-0000-0000-C000-000000000046}	HKCR\Interface\{F0E3A5D7-80C7-4228-90FE-61DF01C417A5}
Obsolete software key	VMware, Inc.	HKCU\Software\VMware, Inc.

Register Eintrag:

Code:

ATTFilter

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B6BB91E0-E023-BD21-A045-44B4A7F0B4F3}]

[HKEY_CLASSES_ROOT\CLSID\{B6BB91E0-E023-BD21-A045-44B4A7F0B4F3}\InprocServer32]
@="%SystemRoot%\\system32\\jtjppftquows.dll"

--

Code:

ATTFilter

Invalid or empty file class	AcroExch.Document	HKCR\AcroExch.Document
ActiveX/COM Issue	LocalServer32\C:\Windows\SysWOW64\Speech_OneCore\Common\SpeechRuntime.exe -ToastNotifier	HKCR\CLSID\{265b1075-d22b-41eb-bc97-87568f3e6dab}
ActiveX/COM Issue	InProcServer32\%SystemRoot%\system32\zsddnedz.dll	HKCR\CLSID\{B6BB91E0-E023-BD21-A045-44B4A7F0B4F3}
ActiveX/COM Issue	InProcServer32\C:\Program Files\Norton Security\Engine\22.22.7.14\McStatus.dll	HKCR\CLSID\{09D32393-10DA-4eca-91AA-AD11C69DB966}
Missing TypeLib Reference	IBackupLocationsShellFolderImpl - {00020424-0000-0000-C000-000000000046}	HKCR\Interface\{F0E3A5D7-80C7-4228-90FE-61DF01C417A5}

Nach neustart von Windows und ca 10min. Wartezeit:

Code:

ATTFilter

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B6BB91E0-E023-BD21-A045-44B4A7F0B4F3}]

[HKEY_CLASSES_ROOT\CLSID\{B6BB91E0-E023-BD21-A045-44B4A7F0B4F3}\InprocServer32]
@="%SystemRoot%\\system32\\zsddnedz.dll"

Logs:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-08-2022
Ran by User (administrator) on USER-PC (Gigabyte Technology Co., Ltd. X570 AORUS MASTER) (10-09-2022 11:59:26)
Running from C:\Users\User\Desktop
Loaded Profiles: User
Platform: Microsoft Windows 10 Pro Version 21H2 19044.1889 (X64) Language: English (United Kingdom)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(F.lux Software LLC -> f.lux Software LLC) C:\Users\User\AppData\Local\FluxSoftware\Flux\flux.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <14>
(Mullvad VPN) [File not signed] C:\Program Files\Mullvad VPN\Mullvad VPN.exe <4>
(services.exe ->) (Mullvad VPN AB -> Mullvad VPN AB) C:\Program Files\Mullvad VPN\resources\mullvad-daemon.exe
(services.exe ->) (NortonLifeLock Inc. -> NortonLifelock Inc.) C:\Program Files\Norton Security\Engine\22.22.7.14\NortonSecurity.exe <2>
(services.exe ->) (NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton Security\Engine\22.22.7.14\nsWscSvc.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1852_none_7de3b01c7cacf858\TiWorker.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-2041107291-3206987621-2178598254-1001\...\Run: [f.lux] => C:\Users\User\AppData\Local\FluxSoftware\Flux\flux.exe [1515848 2021-06-18] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-2041107291-3206987621-2178598254-1001\...\Run: [net.mullvad.vpn] => C:\Program Files\Mullvad VPN\Mullvad VPN.exe [146720256 2022-08-19] (Mullvad VPN) [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03A4F475-5006-41ED-95D4-89A955D698BF} - System32\Tasks\Norton 360\Norton 360 Error Processor => C:\Program Files\Norton Security\Engine\22.22.7.14\SymErr.exe [379064 2022-08-11] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {1118AB16-4DFF-487E-929F-54A9381AB74C} - System32\Tasks\Sophia Script\SoftwareDistribution => powershell.exe  (No File)
Task: {1690A3C9-65DB-4D27-9A03-3A548756B5A4} - System32\Tasks\Sophia Script\Windows Cleanup => powershell.exe  (No File)
Task: {1D74AFB5-3A11-40AB-96A3-E453A84D1269} - System32\Tasks\Norton 360\Norton 360 Autofix => C:\Program Files\Norton Security\Engine\22.22.7.14\SymErr.exe [379064 2022-08-11] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {3D315E4E-39CF-476B-826F-6E5F31744651} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-08-12] (Piriform Software Ltd -> Piriform)
Task: {4CD7C261-91F5-49AC-8552-E3E22A7F54F6} - System32\Tasks\PrivaZer_SkipUAC => C:\Program Files (x86)\PrivaZer\PrivaZer.exe [21146152 2022-09-02] (Goversoft LLC -> Goversoft LLC)
Task: {4DF6B95E-8CA4-4BAA-B190-47FC4085A013} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.22.7.14\WSCStub.exe [646520 2022-08-11] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {4F0FC269-71FD-4745-ABA3-31140ACA0EDC} - System32\Tasks\Norton 360\Norton 360 Error Analyzer => C:\Program Files\Norton Security\Engine\22.22.7.14\SymErr.exe [379064 2022-08-11] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {950BE9DA-164F-4EBE-89E5-2D308630C52A} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {A1F7D08A-FACE-4D50-A7B6-9065B1F24422} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2353000 2022-08-11] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {A6B0D755-6950-492F-8599-B316A5DC7543} - System32\Tasks\Sophia Script\Temp => powershell.exe  (No File)
Task: {B80DA7F2-228D-4A28-AAC6-CC6F3FD63D6D} - System32\Tasks\Sophia Script\Windows Cleanup Notification => powershell.exe  (No File)
Task: {D389AD15-E04A-4457-B2D6-B38A4DA2A331} - System32\Tasks\CCleanerSkipUAC - User => C:\Program Files\CCleaner\CCleaner.exe [31990800 2022-08-12] (Piriform Software Ltd -> Piriform Software Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 15 C:\Windows\SysWOW64\vsocklib.dll [44128 2021-08-16] (VMware, Inc. -> VMware, Inc.)
Winsock: Catalog9 16 C:\Windows\SysWOW64\vsocklib.dll [44128 2021-08-16] (VMware, Inc. -> VMware, Inc.)
Winsock: Catalog9-x64 15 C:\Windows\system32\vsocklib.dll [48224 2021-08-16] (VMware, Inc. -> VMware, Inc.)
Winsock: Catalog9-x64 16 C:\Windows\system32\vsocklib.dll [48224 2021-08-16] (VMware, Inc. -> VMware, Inc.)
Tcpip\..\Interfaces\{514a3988-9716-43d5-8b05-31da25a044a9}: [NameServer] 10.64.0.1
Tcpip\..\Interfaces\{6580eb73-5450-4c6c-8328-bb5a8154905a}: [DhcpNameServer] 192.168.178.1

Edge: 
=======
Edge Profile: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default [2022-09-10]

FireFox:
========
FF DefaultProfile: j7sh0pps.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j7sh0pps.default [not found] <==== ATTENTION
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bk4u9caj.default-release [2022-09-10]
FF Extension: (CanvasBlocker) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bk4u9caj.default-release\Extensions\CanvasBlocker@kkapsner.de.xpi [2022-09-02]
FF Extension: (Decentraleyes) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bk4u9caj.default-release\Extensions\jid1-BoFifL9Vbdl2zQ@jetpack.xpi [2022-09-02]
FF Extension: (Privacy Badger) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bk4u9caj.default-release\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2022-09-02]
FF Extension: (JShelter) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bk4u9caj.default-release\Extensions\jsr@javascriptrestrictor.xpi [2022-09-02]
FF Extension: (English (US) Language Pack) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bk4u9caj.default-release\Extensions\langpack-en-US@firefox.mozilla.org.xpi [2022-09-06]
FF Extension: (uBlock Origin) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bk4u9caj.default-release\Extensions\uBlock0@raymondhill.net.xpi [2022-09-07]
FF Extension: (Startpage Privacy Protection) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bk4u9caj.default-release\Extensions\{5b1a796b-231a-4ad1-84ff-918db0818207}.xpi [2022-09-04]
FF Extension: (NoScript) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bk4u9caj.default-release\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2022-09-02]
FF Plugin: @videolan.org/vlc,version=3.0.17.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader 2020\Reader\AIR\nppdf32.dll [2022-07-29] (Adobe Inc. -> Adobe Systems Inc.)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1135648 2022-09-07] (EasyAntiCheat Oy -> Epic Games, Inc)
R2 MullvadVPN; C:\Program Files\Mullvad VPN\resources\mullvad-daemon.exe [17450720 2022-08-19] (Mullvad VPN AB -> Mullvad VPN AB)
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.22.7.14\NortonSecurity.exe [344888 2022-08-11] (NortonLifeLock Inc. -> NortonLifelock Inc.)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.22.7.14\nsWscSvc.exe [1059176 2022-08-11] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2579272 2022-09-02] (Electronic Arts, Inc. -> Electronic Arts)
S4 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3497808 2022-09-02] (Electronic Arts, Inc. -> Electronic Arts)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6255896 2022-09-02] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2205.7-0\NisSrv.exe [3120992 2022-09-02] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2205.7-0\MsMpEng.exe [133544 2022-09-02] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_47917a79b8c7fd22\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_47917a79b8c7fd22\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.22.7.14\Definitions\BASHDefs\20220908.011\BHDrvx64.sys [1672672 2022-09-01] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R1 ccSet_NGC; C:\Windows\System32\drivers\NGCx64\1616070.00E\ccSetx64.sys [198336 2022-08-11] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [527864 2022-05-27] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [159720 2022-09-02] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.22.7.14\Definitions\IPSDefs\20220909.001\IDSvia64.sys [1526776 2022-09-06] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 mullvad-split-tunnel; C:\Windows\System32\drivers\mullvad-split-tunnel.sys [89320 2022-04-22] (Mullvad VPN AB -> Mullvad VPN AB)
R3 MullvadWireGuard; C:\Windows\System32\drivers\mullvad-wireguard.sys [498664 2022-09-02] (Mullvad VPN AB -> WireGuard LLC)
R1 nanowfp; C:\Windows\system32\DRIVERS\nanowfp64.sys [248760 2022-09-02] (NANO Security Ltd -> NANO Security)
S3 nsvst_NGC; C:\Windows\System32\drivers\NGCx64\1616070.00E\nsvst.sys [57104 2022-08-11] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
R3 SRTSP; C:\Windows\System32\drivers\NGCx64\1616070.00E\SRTSP64.SYS [956088 2022-08-11] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SRTSPX; C:\Windows\System32\drivers\NGCx64\1616070.00E\SRTSPX64.SYS [52920 2022-08-11] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R0 SymEFASI; C:\Windows\System32\drivers\NGCx64\1616070.00E\SYMEFASI64.SYS [2092736 2022-08-11] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S0 SymELAM; C:\Windows\System32\drivers\NGCx64\1616070.00E\SymELAM.sys [36080 2022-08-11] (Microsoft Windows Early Launch Anti-Malware Publisher -> Broadcom)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100328 2022-09-02] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 SymEvnt; C:\Program Files\Norton Security\NortonData\22.22.7.14\SymPlatform\SymEvnt.sys [722400 2022-06-06] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SymIRON; C:\Windows\System32\drivers\NGCx64\1616070.00E\Ironx64.SYS [306880 2022-08-11] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SymNetS; C:\Windows\System32\drivers\NGCx64\1616070.00E\symnets.sys [490704 2022-08-11] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [817672 2022-09-02] (Microsoft Windows Hardware Compatibility Publisher -> IDRIX)
R2 VMnetBridge; C:\Windows\system32\DRIVERS\vmnetbridge.sys [67072 2022-07-10] (VMware, Inc. -> VMware, Inc.)
R0 vsock; C:\Windows\System32\DRIVERS\vsock.sys [105912 2021-08-16] (VMware, Inc. -> VMware, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [49576 2022-09-02] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [452856 2022-09-02] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [91384 2022-09-02] (Microsoft Windows -> Microsoft Corporation)
S3 wintun; C:\Windows\system32\DRIVERS\wintun.sys [29680 2022-09-08] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
R1 wpCtrlDrv_NGC; C:\Windows\System32\drivers\NGCx64\1616070.00E\wpCtrlDrv.sys [1016792 2022-08-11] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-09-10 11:59 - 2022-09-10 11:59 - 000015256 _____ C:\Users\User\Desktop\FRST.txt
2022-09-10 11:58 - 2022-09-10 11:59 - 000000000 ____D C:\FRST
2022-09-10 11:57 - 2022-09-10 11:57 - 002371072 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2022-09-10 11:45 - 2022-09-10 11:45 - 000000476 _____ C:\Users\User\Desktop\v1.reg
2022-09-10 04:18 - 2022-09-10 04:18 - 000000000 ____D C:\Windows\system32\Tasks\Remediation
2022-09-10 03:37 - 2022-09-10 03:37 - 000001968 _____ C:\Users\User\Desktop\7.lnk
2022-09-10 01:09 - 2022-09-10 02:03 - 000002246 ____H C:\Users\User\Documents\Default.rdp
2022-09-09 09:06 - 2022-09-09 09:06 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2022-09-08 22:11 - 2022-09-08 22:11 - 000029680 _____ (WireGuard LLC) C:\Windows\system32\Drivers\wintun.sys
2022-09-08 22:10 - 2022-09-08 22:10 - 000257824 _____ C:\Windows\system32\FNTCACHE.DAT
2022-09-08 21:49 - 2022-09-08 21:49 - 000000000 ____D C:\Users\User\AppData\Local\Norton
2022-09-08 21:32 - 2022-09-08 21:32 - 000003170 _____ C:\Windows\system32\Tasks\PrivaZer_SkipUAC
2022-09-08 21:32 - 2022-09-08 21:32 - 000002884 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC - User
2022-09-05 21:43 - 2022-09-05 21:43 - 000000903 _____ C:\Users\User\Desktop\Recon.lnk
2022-09-02 21:01 - 2022-09-02 21:01 - 000000000 ____D C:\Users\User\AppData\Roaming\EasyAntiCheat
2022-09-02 20:57 - 2022-09-02 20:57 - 000248760 _____ (NANO Security) C:\Windows\system32\Drivers\nanowfp64.sys
2022-09-02 19:01 - 2022-09-08 21:35 - 000000000 ____D C:\Users\User\AppData\Local\PrivaZer
2022-09-02 19:01 - 2022-09-02 19:01 - 000001970 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrivaZer.lnk
2022-09-02 19:01 - 2022-09-02 19:01 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivaZer
2022-09-02 19:01 - 2022-09-02 19:01 - 000000000 ____D C:\ProgramData\privazer
2022-09-02 19:01 - 2022-09-02 19:01 - 000000000 ____D C:\Program Files (x86)\PrivaZer
2022-09-02 19:00 - 2022-09-10 11:58 - 000000000 ____D C:\Users\User\.dbus-keyrings
2022-09-02 19:00 - 2022-09-02 19:00 - 000000000 ____D C:\Users\User\AppData\Roaming\BleachBit
2022-09-02 16:09 - 2022-09-02 19:02 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps
2022-09-02 16:08 - 2022-09-02 16:11 - 000000000 ____D C:\Wallpaper
2022-09-02 15:38 - 2022-09-10 11:44 - 000000000 ____D C:\Users\User\AppData\Roaming\TS3Client
2022-09-02 15:38 - 2022-09-02 15:38 - 000001239 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2022-09-02 15:38 - 2022-09-02 15:38 - 000000000 ____D C:\Users\User\AppData\Local\TeamSpeak 3 Client
2022-09-02 15:38 - 2022-09-02 15:38 - 000000000 ____D C:\Users\User\AppData\Local\TeamSpeak 3
2022-09-02 15:09 - 2022-09-02 15:09 - 000000000 ____D C:\Users\User\AppData\Local\PeerDistRepub
2022-09-02 15:07 - 2022-09-02 21:01 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2022-09-02 15:07 - 2022-09-02 15:07 - 000000000 ___HD C:\Program Files\Common Files\EAInstaller
2022-09-02 15:07 - 2022-09-02 15:07 - 000000000 ____D C:\Users\User\Documents\Stronghold Kingdoms
2022-09-02 15:07 - 2022-09-02 15:07 - 000000000 ____D C:\Users\User\AppData\Roaming\Firefly Studios
2022-09-02 15:07 - 2022-09-02 15:07 - 000000000 ____D C:\Users\User\AppData\Local\Geckofx
2022-09-02 15:07 - 2022-09-02 15:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apex Legends
2022-09-02 15:06 - 2022-09-02 15:06 - 000000000 ____D C:\Users\User\Documents\My Games
2022-09-02 15:06 - 2022-09-02 15:06 - 000000000 ____D C:\Users\User\Documents\DayZ
2022-09-02 15:05 - 2022-09-02 15:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefly Studios
2022-09-02 15:05 - 2022-09-02 15:05 - 000000000 ____D C:\ProgramData\Firefly Studios
2022-09-02 15:05 - 2022-09-02 15:05 - 000000000 ____D C:\Program Files (x86)\Firefly Studios
2022-09-02 15:04 - 2022-09-02 15:04 - 000000000 ____D C:\Users\User\AppData\Roaming\Battlestate Games
2022-09-02 15:04 - 2022-09-02 15:04 - 000000000 ____D C:\Users\User\AppData\Local\DaysGone
2022-09-02 15:01 - 2022-09-10 11:42 - 000000000 ____D C:\ProgramData\VMware
2022-09-02 15:01 - 2022-09-10 04:20 - 000000000 ____D C:\Users\User\AppData\Local\VMware
2022-09-02 15:01 - 2022-09-09 23:55 - 000000000 ____D C:\Users\User\AppData\Roaming\VMware
2022-09-02 15:01 - 2022-09-02 15:01 - 000804232 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2022-09-02 15:01 - 2022-09-02 15:01 - 000000000 ____D C:\Program Files\Common Files\VMware
2022-09-02 15:01 - 2022-09-02 15:01 - 000000000 ____D C:\Program Files (x86)\VMware
2022-09-02 15:01 - 2022-07-10 23:11 - 001303792 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2022-09-02 15:01 - 2022-07-10 23:10 - 000428272 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2022-09-02 15:01 - 2022-07-10 23:10 - 000383728 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2022-09-02 15:01 - 2022-07-10 23:10 - 000119792 _____ (VMware, Inc.) C:\Windows\system32\vnetinst.dll
2022-09-02 15:01 - 2022-07-10 23:10 - 000044544 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2022-09-02 15:01 - 2022-07-10 23:05 - 000114232 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2022-09-02 15:01 - 2021-10-11 04:26 - 000084480 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2022-09-02 15:01 - 2021-08-16 18:23 - 000105912 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2022-09-02 15:01 - 2021-08-16 18:23 - 000048224 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2022-09-02 15:01 - 2021-08-16 18:23 - 000044128 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2022-09-02 15:00 - 2022-09-02 15:00 - 000817672 _____ (IDRIX) C:\Windows\system32\Drivers\veracrypt.sys
2022-09-02 15:00 - 2022-09-02 15:00 - 000000000 ____D C:\Users\User\AppData\Roaming\VeraCrypt
2022-09-02 15:00 - 2022-09-02 15:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VeraCrypt
2022-09-02 15:00 - 2022-09-02 15:00 - 000000000 ____D C:\Program Files\VeraCrypt
2022-09-02 14:56 - 2022-09-02 14:56 - 000003406 __RSH C:\ProgramData\ntuser.pol
2022-09-02 14:54 - 2022-09-02 14:54 - 000000000 ____D C:\Windows\system32\Tasks\Sophia Script
2022-09-02 14:52 - 2022-09-02 14:52 - 000000000 ____D C:\Program Files (x86)\dotnet
2022-09-02 14:50 - 2022-09-02 14:50 - 000000000 ____D C:\Users\User\AppData\Local\PackageManagement
2022-09-02 14:19 - 2022-09-02 14:19 - 000000000 ____D C:\Windows\SystemTemp
2022-09-02 14:18 - 2022-09-02 14:18 - 000000000 ____D C:\Program Files\Common Files\AV
2022-09-02 14:15 - 2022-09-02 14:15 - 001333760 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll
2022-09-02 14:15 - 2022-09-02 14:15 - 000693248 _____ C:\Windows\system32\FsNVSDeviceSource.dll
2022-09-02 14:15 - 2022-09-02 14:15 - 000581120 _____ (Microsoft Corporation) C:\Windows\system32\PhotoScreensaver.scr
2022-09-02 14:15 - 2022-09-02 14:15 - 000530944 _____ (curl, hxxps://curl.se/) C:\Windows\system32\curl.exe
2022-09-02 14:15 - 2022-09-02 14:15 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoScreensaver.scr
2022-09-02 14:15 - 2022-09-02 14:15 - 000479744 _____ C:\Windows\system32\AssignedAccessCsp.dll
2022-09-02 14:15 - 2022-09-02 14:15 - 000470528 _____ (curl, hxxps://curl.se/) C:\Windows\SysWOW64\curl.exe
2022-09-02 14:15 - 2022-09-02 14:15 - 000270848 _____ C:\Windows\system32\EsclScan.dll
2022-09-02 14:15 - 2022-09-02 14:15 - 000223744 _____ C:\Windows\SysWOW64\TpmTool.exe
2022-09-02 14:15 - 2022-09-02 14:15 - 000188928 _____ C:\Windows\system32\uwfcfgmgmt.dll
2022-09-02 14:15 - 2022-09-02 14:15 - 000152064 _____ C:\Windows\system32\EsclProtocol.dll
2022-09-02 14:15 - 2022-09-02 14:15 - 000104448 _____ C:\Windows\system32\nettraceex.dll
2022-09-02 14:15 - 2022-09-02 14:15 - 000040960 _____ C:\Windows\system32\uwfservicingapi.dll
2022-09-02 14:15 - 2022-09-02 14:15 - 000039936 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2022-09-02 14:15 - 2022-09-02 14:15 - 000033280 _____ (Microsoft Corporation) C:\Windows\system32\mode.com
2022-09-02 14:15 - 2022-09-02 14:15 - 000026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mode.com
2022-09-02 14:15 - 2022-09-02 14:15 - 000020992 _____ (Microsoft Corporation) C:\Windows\system32\tree.com
2022-09-02 14:15 - 2022-09-02 14:15 - 000018944 _____ C:\Windows\SysWOW64\WsdProviderUtil.dll
2022-09-02 14:15 - 2022-09-02 14:15 - 000017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tree.com
2022-09-02 14:15 - 2022-09-02 14:15 - 000014848 _____ (Microsoft Corporation) C:\Windows\system32\chcp.com
2022-09-02 14:15 - 2022-09-02 14:15 - 000012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chcp.com
2022-09-02 14:15 - 2022-09-02 14:15 - 000011803 _____ C:\Windows\system32\DrtmAuthTxt.wim
2022-09-02 14:14 - 2022-09-02 14:14 - 002260480 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2022-09-02 14:14 - 2022-09-02 14:14 - 002254336 _____ C:\Windows\system32\dwmscene.dll
2022-09-02 14:14 - 2022-09-02 14:14 - 000640512 _____ C:\Windows\system32\SettingSyncDownloadHelper.dll
2022-09-02 14:14 - 2022-09-02 14:14 - 000288768 _____ C:\Windows\system32\Windows.Management.InprocObjects.dll
2022-09-02 14:14 - 2022-09-02 14:14 - 000272896 _____ C:\Windows\system32\TpmTool.exe
2022-09-02 14:14 - 2022-09-02 14:14 - 000232288 _____ C:\Windows\system32\containerdevicemanagement.dll
2022-09-02 14:14 - 2022-09-02 14:14 - 000162304 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2022-09-02 14:14 - 2022-09-02 14:14 - 000093696 _____ C:\Windows\system32\Drivers\cimfs.sys
2022-09-02 14:14 - 2022-09-02 14:14 - 000089088 _____ C:\Windows\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2022-09-02 14:14 - 2022-09-02 14:14 - 000073216 _____ C:\Windows\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2022-09-02 14:14 - 2022-09-02 14:14 - 000061952 _____ C:\Windows\system32\printticketvalidation.dll
2022-09-02 14:14 - 2022-09-02 14:14 - 000060928 _____ C:\Windows\system32\runexehelper.exe
2022-09-02 14:14 - 2022-09-02 14:14 - 000057344 _____ C:\Windows\system32\APMonUI.dll
2022-09-02 14:14 - 2022-09-02 14:14 - 000048640 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2022-09-02 14:14 - 2022-09-02 14:14 - 000024576 _____ C:\Windows\system32\WsdProviderUtil.dll
2022-09-02 14:09 - 2022-09-02 14:09 - 000000000 ___HD C:\$WinREAgent
2022-09-02 14:09 - 2022-09-02 14:09 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-09-02 14:07 - 2022-09-02 14:08 - 000000000 ____D C:\Windows\system32\MRT
2022-09-02 14:07 - 2022-09-02 14:07 - 000001146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2022-09-02 14:07 - 2022-09-02 14:07 - 000000000 ____D C:\Program Files\PCHealthCheck
2022-09-02 14:06 - 2022-09-02 14:06 - 000000000 ____D C:\Users\User\AppData\LocalLow\Adobe
2022-09-02 14:06 - 2022-09-02 14:06 - 000000000 ____D C:\Users\User\AppData\Local\Steam
2022-09-02 14:06 - 2022-09-02 14:06 - 000000000 ____D C:\Users\User\AppData\Local\Adobe
2022-09-02 14:04 - 2022-09-10 11:59 - 000000000 ____D C:\Users\User\AppData\Roaming\vlc
2022-09-02 14:04 - 2022-09-02 14:04 - 000000128 _____ C:\Users\User\AppData\Roaming\winscp.rnd
2022-09-02 14:02 - 2022-09-02 14:02 - 000000000 ____D C:\Users\User\AppData\Local\ONLYOFFICE
2022-09-02 13:54 - 2022-09-10 09:06 - 000000000 ____D C:\Program Files (x86)\Origin Games
2022-09-02 13:52 - 2022-09-10 11:49 - 000000000 ____D C:\Windows\system32\Tasks\Norton 360
2022-09-02 13:51 - 2022-09-02 13:53 - 000000000 ____D C:\Users\User\AppData\LocalLow\Norton
2022-09-02 13:50 - 2022-09-02 14:20 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2022-09-02 13:50 - 2022-09-02 13:50 - 000100328 _____ (Broadcom) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2022-09-02 13:50 - 2022-09-02 13:50 - 000011301 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2022-09-02 13:50 - 2022-09-02 13:50 - 000003376 _____ C:\Windows\system32\Tasks\Norton WSC Integration
2022-09-02 13:50 - 2022-09-02 13:50 - 000000000 ____D C:\Windows\system32\Drivers\NGCx64
2022-09-02 13:50 - 2022-09-02 13:50 - 000000000 ____D C:\Program Files\Norton Security
2022-09-02 13:50 - 2022-09-02 13:50 - 000000000 ____D C:\Program Files\Common Files\Symantec Shared
2022-09-02 13:49 - 2022-09-10 11:38 - 000000000 ____D C:\Users\User\AppData\Roaming\obs-studio
2022-09-02 13:49 - 2022-09-08 21:49 - 000000000 ____D C:\ProgramData\Norton
2022-09-02 13:49 - 2022-09-02 15:56 - 000000000 ____D C:\Program Files (x86)\Origin
2022-09-02 13:49 - 2022-09-02 15:07 - 000000000 ____D C:\ProgramData\Electronic Arts
2022-09-02 13:49 - 2022-09-02 13:49 - 000000000 ____D C:\Users\User\AppData\Local\CEF
2022-09-02 13:49 - 2022-09-02 13:49 - 000000000 ____D C:\Users\Public\Downloads\Norton
2022-09-02 13:49 - 2022-09-02 13:49 - 000000000 ____D C:\ProgramData\obs-studio-hook
2022-09-02 13:49 - 2022-09-02 13:49 - 000000000 ____D C:\ProgramData\NortonInstaller
2022-09-02 13:49 - 2022-09-02 13:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2022-09-02 13:49 - 2022-09-02 13:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2022-09-02 13:49 - 2022-09-02 13:49 - 000000000 ____D C:\Program Files (x86)\NortonInstaller
2022-09-02 13:48 - 2022-09-10 11:38 - 000000000 ____D C:\Users\User\AppData\Roaming\Origin
2022-09-02 13:48 - 2022-09-10 11:38 - 000000000 ____D C:\ProgramData\Origin
2022-09-02 13:48 - 2022-09-10 11:35 - 000000000 ____D C:\Users\User\AppData\Local\Origin
2022-09-02 13:48 - 2022-09-02 13:49 - 000000000 ____D C:\Program Files\obs-studio
2022-09-02 13:48 - 2022-09-02 13:48 - 000498664 _____ (WireGuard LLC) C:\Windows\system32\Drivers\mullvad-wireguard.sys
2022-09-02 13:48 - 2022-09-02 13:48 - 000000000 ____D C:\Users\User\.QtWebEngineProcess
2022-09-02 13:48 - 2022-09-02 13:48 - 000000000 ____D C:\Users\User\.Origin
2022-09-02 13:45 - 2022-09-10 11:43 - 000000000 ____D C:\Users\User\AppData\Local\Mullvad VPN
2022-09-02 13:45 - 2022-09-07 21:24 - 000000000 ____D C:\JDownloader
2022-09-02 13:45 - 2022-09-02 13:45 - 000002155 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk
2022-09-02 13:45 - 2022-09-02 13:45 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2022-09-02 13:45 - 2022-09-02 13:45 - 000000000 ____D C:\Users\User\AppData\Local\FluxSoftware
2022-09-02 13:44 - 2022-09-10 11:42 - 000000000 ____D C:\ProgramData\Mullvad VPN
2022-09-02 13:44 - 2022-09-02 13:44 - 000001894 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mullvad VPN.lnk
2022-09-02 13:44 - 2022-09-02 13:44 - 000000000 ____D C:\Program Files\Mullvad VPN
2022-09-02 13:43 - 2022-09-02 13:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONLYOFFICE
2022-09-02 13:42 - 2022-09-10 11:58 - 000000000 ____D C:\Program Files\CCleaner
2022-09-02 13:42 - 2022-09-02 15:57 - 000003254 _____ C:\Windows\system32\Tasks\CCleaner Update
2022-09-02 13:42 - 2022-09-02 13:42 - 000000000 ____D C:\ProgramData\ONLYOFFICE
2022-09-02 13:42 - 2022-09-02 13:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2022-09-02 13:42 - 2022-09-02 13:42 - 000000000 ____D C:\Program Files\ONLYOFFICE
2022-09-02 13:41 - 2022-09-02 13:41 - 000000000 ____D C:\Users\User\AppData\Local\DBG
2022-09-02 13:40 - 2022-09-02 13:40 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2022-09-02 13:39 - 2022-09-02 13:39 - 000000000 ____D C:\Windows\system32\lxss
2022-09-02 13:39 - 2022-09-02 13:39 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2022-09-02 13:39 - 2022-07-28 06:46 - 007483400 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2022-09-02 13:39 - 2022-07-22 06:25 - 000043184 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhdap64.dll
2022-09-02 13:38 - 2022-09-02 13:38 - 000000000 ____D C:\Users\User\AppData\Local\fontconfig
2022-09-02 13:37 - 2022-09-02 13:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BleachBit
2022-09-02 13:37 - 2022-09-02 13:37 - 000000000 ____D C:\Program Files (x86)\BleachBit
2022-09-02 13:37 - 2022-07-28 06:53 - 001905912 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2022-09-02 13:37 - 2022-07-28 06:53 - 001905912 _____ C:\Windows\system32\vulkaninfo.exe
2022-09-02 13:37 - 2022-07-28 06:53 - 001478392 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2022-09-02 13:37 - 2022-07-28 06:53 - 001478392 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2022-09-02 13:37 - 2022-07-28 06:53 - 001471984 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2022-09-02 13:37 - 2022-07-28 06:53 - 001432328 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2022-09-02 13:37 - 2022-07-28 06:53 - 001432328 _____ C:\Windows\system32\vulkan-1.dll
2022-09-02 13:37 - 2022-07-28 06:53 - 001213424 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2022-09-02 13:37 - 2022-07-28 06:53 - 001145592 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2022-09-02 13:37 - 2022-07-28 06:53 - 001145592 _____ C:\Windows\SysWOW64\vulkan-1.dll
2022-09-02 13:37 - 2022-07-28 06:50 - 000865776 _____ C:\Windows\system32\nvofapi64.dll
2022-09-02 13:37 - 2022-07-28 06:50 - 000771568 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2022-09-02 13:37 - 2022-07-28 06:50 - 000687624 _____ C:\Windows\SysWOW64\nvofapi.dll
2022-09-02 13:37 - 2022-07-28 06:49 - 002127872 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2022-09-02 13:37 - 2022-07-28 06:49 - 001536512 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2022-09-02 13:37 - 2022-07-28 06:49 - 001182720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2022-09-02 13:37 - 2022-07-28 06:49 - 000714760 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2022-09-02 13:37 - 2022-07-28 06:48 - 010269680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2022-09-02 13:37 - 2022-07-28 06:48 - 008803848 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2022-09-02 13:37 - 2022-07-28 06:48 - 005362696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2022-09-02 13:37 - 2022-07-28 06:48 - 003066888 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2022-09-02 13:37 - 2022-07-28 06:48 - 001607680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2022-09-02 13:37 - 2022-07-28 06:48 - 001059320 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2022-09-02 13:37 - 2022-07-28 06:48 - 000845312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2022-09-02 13:37 - 2022-07-28 06:48 - 000456200 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2022-09-02 13:37 - 2022-07-28 06:47 - 005735944 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2022-09-02 13:37 - 2022-07-28 06:47 - 000853000 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2022-09-02 13:37 - 2022-07-28 06:45 - 006367432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2022-09-02 13:37 - 2022-07-22 06:25 - 000093241 _____ C:\Windows\system32\nvinfo.pb
2022-09-02 13:36 - 2022-09-10 11:59 - 000000000 ____D C:\Users\User\AppData\Roaming\discord
2022-09-02 13:36 - 2022-09-10 11:58 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2022-09-02 13:36 - 2022-09-10 11:58 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-09-02 13:36 - 2022-09-09 10:46 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-09-02 13:36 - 2022-09-09 10:46 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-09-02 13:36 - 2022-09-09 09:06 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-09-02 13:36 - 2022-09-02 13:36 - 000002146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader 2020.lnk
2022-09-02 13:36 - 2022-09-02 13:36 - 000000000 ____D C:\Users\User\AppData\Roaming\Mozilla
2022-09-02 13:36 - 2022-09-02 13:36 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2022-09-02 13:36 - 2022-09-02 13:36 - 000000000 ____D C:\Users\User\AppData\Local\Mozilla
2022-09-02 13:36 - 2022-09-02 13:36 - 000000000 ____D C:\ProgramData\Adobe
2022-09-02 13:36 - 2022-09-02 13:36 - 000000000 ____D C:\Program Files\dotnet
2022-09-02 13:36 - 2022-09-02 13:36 - 000000000 ____D C:\Program Files (x86)\Adobe
2022-09-02 13:35 - 2022-09-10 11:58 - 000000000 ____D C:\Users\User\AppData\Roaming\Notepad++
2022-09-02 13:35 - 2022-09-10 10:49 - 000000000 ____D C:\Users\User\AppData\Local\Discord
2022-09-02 13:35 - 2022-09-02 15:56 - 000000000 ____D C:\Program Files (x86)\Steam
2022-09-02 13:35 - 2022-09-02 15:07 - 000000000 ____D C:\ProgramData\Package Cache
2022-09-02 13:35 - 2022-09-02 13:36 - 000000000 ____D C:\Users\User\AppData\Local\SquirrelTemp
2022-09-02 13:35 - 2022-09-02 13:35 - 000001146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
2022-09-02 13:35 - 2022-09-02 13:35 - 000001104 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2022-09-02 13:35 - 2022-09-02 13:35 - 000000000 ____D C:\Users\User\AppData\Local\Package Cache
2022-09-02 13:35 - 2022-09-02 13:35 - 000000000 ____D C:\ProgramData\SquirrelMachineInstalls
2022-09-02 13:35 - 2022-09-02 13:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Code
2022-09-02 13:35 - 2022-09-02 13:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2022-09-02 13:35 - 2022-09-02 13:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2022-09-02 13:35 - 2022-09-02 13:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2022-09-02 13:35 - 2022-09-02 13:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.10
2022-09-02 13:35 - 2022-09-02 13:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY (64-bit)
2022-09-02 13:35 - 2022-09-02 13:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2022-09-02 13:35 - 2022-09-02 13:35 - 000000000 ____D C:\Program Files\VS Revo Group
2022-09-02 13:35 - 2022-09-02 13:35 - 000000000 ____D C:\Program Files\VideoLAN
2022-09-02 13:35 - 2022-09-02 13:35 - 000000000 ____D C:\Program Files\Python310
2022-09-02 13:35 - 2022-09-02 13:35 - 000000000 ____D C:\Program Files\PuTTY
2022-09-02 13:35 - 2022-09-02 13:35 - 000000000 ____D C:\Program Files\Microsoft VS Code
2022-09-02 13:35 - 2022-09-02 13:35 - 000000000 ____D C:\Program Files\7-Zip
2022-09-02 13:35 - 2022-09-02 13:35 - 000000000 ____D C:\Program Files (x86)\WinSCP
2022-09-02 13:35 - 2022-09-02 13:35 - 000000000 ____D C:\Program Files (x86)\Notepad++
2022-09-02 13:33 - 2022-09-02 13:33 - 000000000 ____D C:\Users\User\AppData\Local\Comms
2022-09-02 13:33 - 2021-02-17 02:41 - 000283288 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTHDASIO64.dll
2022-09-02 13:33 - 2021-02-17 02:41 - 000238232 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RTHDASIO.dll
2022-09-01 19:26 - 2022-09-04 07:06 - 000000000 ____D C:\Windows\Panther
2022-09-01 17:37 - 2022-09-02 19:03 - 000000000 ____D C:\Users\User\AppData\Local\PlaceholderTileLogoFolder
2022-09-01 17:37 - 2022-09-02 15:56 - 000000000 ____D C:\ProgramData\NVIDIA
2022-09-01 17:37 - 2022-09-02 13:40 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2022-09-01 17:37 - 2022-09-02 13:39 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2022-09-01 17:37 - 2022-09-01 17:37 - 000000000 ____D C:\Users\User\AppData\Local\NVIDIA
2022-09-01 17:36 - 2022-09-10 11:58 - 000000000 ____D C:\Users\User\AppData\Local\D3DSCache
2022-09-01 17:36 - 2022-09-04 15:09 - 000000000 ____D C:\Users\User\AppData\Local\Packages
2022-09-01 17:36 - 2022-09-02 14:54 - 000000000 ____D C:\ProgramData\Packages
2022-09-01 17:36 - 2022-09-02 14:06 - 000000000 ____D C:\Users\User\AppData\Roaming\Adobe
2022-09-01 17:36 - 2022-09-01 17:36 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-09-01 17:36 - 2022-09-01 17:36 - 000000000 ___RD C:\Users\User\3D Objects
2022-09-01 17:36 - 2022-09-01 17:36 - 000000000 ____D C:\Users\User\AppData\Local\VirtualStore
2022-09-01 17:36 - 2022-09-01 17:36 - 000000000 ____D C:\Users\User\AppData\Local\Publishers
2022-09-01 17:36 - 2022-09-01 17:36 - 000000000 ____D C:\Users\User\AppData\Local\ConnectedDevicesPlatform
2022-09-01 17:36 - 2022-07-22 06:25 - 000130216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2022-09-01 17:35 - 2022-09-01 17:35 - 000000020 ___SH C:\Users\User\ntuser.ini
2022-09-01 17:32 - 2022-09-10 11:47 - 000799886 _____ C:\Windows\system32\PerfStringBackup.INI
2022-09-01 17:28 - 2022-09-01 17:28 - 000000000 _SHDL C:\Documents and Settings
2022-09-01 17:28 - 2022-09-01 17:28 - 000000000 ____D C:\Windows\CSC
2022-09-01 17:27 - 2022-09-10 11:44 - 000000000 ____D C:\Windows\system32\SleepStudy
2022-09-01 17:27 - 2022-09-10 11:42 - 000008192 ___SH C:\DumpStack.log.tmp
2022-09-01 17:27 - 2022-09-10 11:42 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-09-01 17:27 - 2022-09-02 13:43 - 000000000 ____D C:\Windows\system32\Drivers\wd
2022-09-01 17:27 - 2022-09-01 17:34 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-09-01 17:27 - 2022-09-01 17:27 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2022-09-01 17:27 - 2022-09-01 17:27 - 000000000 ____D C:\Windows\ServiceProfiles

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-09-10 11:47 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2022-09-10 11:44 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-09-10 11:42 - 2019-12-07 11:03 - 000262144 _____ C:\Windows\system32\config\BBI
2022-09-08 22:11 - 2019-12-07 11:03 - 000032768 _____ C:\Windows\system32\config\ELAM
2022-09-08 17:41 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-09-08 17:41 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness
2022-09-06 23:13 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2022-09-06 23:13 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp
2022-09-02 14:56 - 2019-12-07 11:14 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2022-09-02 14:51 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\lv-LV
2022-09-02 14:51 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\lt-LT
2022-09-02 14:51 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\et-EE
2022-09-02 14:51 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\es-MX
2022-09-02 14:51 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources
2022-09-02 14:51 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\lv-LV
2022-09-02 14:51 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\lt-LT
2022-09-02 14:51 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\et-EE
2022-09-02 14:51 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\es-MX
2022-09-02 14:51 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2022-09-02 14:19 - 2019-12-07 16:49 - 000000000 ___SD C:\Windows\system32\AppV
2022-09-02 14:19 - 2019-12-07 16:49 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-09-02 14:19 - 2019-12-07 16:49 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2022-09-02 14:19 - 2019-12-07 16:45 - 000000000 ____D C:\Windows\en-GB
2022-09-02 14:19 - 2019-12-07 11:14 - 000000000 ___SD C:\Windows\system32\UNP
2022-09-02 14:19 - 2019-12-07 11:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2022-09-02 14:19 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\PrintDialog
2022-09-02 14:19 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2022-09-02 14:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2022-09-02 14:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2022-09-02 14:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2022-09-02 14:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2022-09-02 14:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2022-09-02 14:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\ShellExperiences
2022-09-02 14:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\setup
2022-09-02 14:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\oobe
2022-09-02 14:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\migwiz
2022-09-02 14:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\Dism
2022-09-02 14:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\DDFs
2022-09-02 14:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\appraiser
2022-09-02 14:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ShellExperiences
2022-09-02 14:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ShellComponents
2022-09-02 14:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\Provisioning
2022-09-02 14:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\bcastdvr
2022-09-02 14:19 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\System
2022-09-02 14:19 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\servicing
2022-09-02 13:50 - 2019-12-07 11:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2022-09-02 13:49 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2022-09-02 13:42 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Windows Defender
2022-09-02 13:38 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\appcompat
2022-09-02 13:33 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ServiceState
2022-09-02 13:32 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2022-09-01 19:26 - 2019-12-07 11:14 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2022-09-01 17:28 - 2019-12-07 16:46 - 000000000 ____D C:\Windows\system32\FxsTmp
2022-09-01 17:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\spool
2022-09-01 17:28 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\USOPrivate
2022-09-01 17:27 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\Drivers\DriverData

==================== Files in the root of some directories ========

2022-09-02 14:04 - 2022-09-02 14:04 - 000000128 _____ () C:\Users\User\AppData\Roaming\winscp.rnd

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Addition:

Code:

ATTFilter

Additional
FRST Logfile:


FRST Logfile:

	Code: 

 ATTFilter

  
	scan result of Farbar Recovery Scan Tool (x64) Version: 30-08-2022
Ran by User (10-09-2022 12:00:13)
Running from C:\Users\User\Desktop
Microsoft Windows 10 Pro Version 21H2 19044.1889 (X64) (2022-09-01 15:28:40)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2041107291-3206987621-2178598254-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2041107291-3206987621-2178598254-503 - Limited - Disabled)
Guest (S-1-5-21-2041107291-3206987621-2178598254-501 - Limited - Disabled)
User (S-1-5-21-2041107291-3206987621-2178598254-1001 - Administrator - Enabled) => C:\Users\User
WDAGUtilityAccount (S-1-5-21-2041107291-3206987621-2178598254-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton 360 (Enabled - Up to date) {AECE2126-F4E7-6909-11F2-1B69D1FBCBD0}
FW: Norton 360 (Enabled) {96F5A003-BE88-6851-3AAD-B25C2F288CAB}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 22.01 (x64) (HKLM\...\7-Zip) (Version: 22.01 - Igor Pavlov)
Adobe Acrobat Reader 2020 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AE1401753200}) (Version: 20.005.30381 - Adobe Systems Incorporated)
Apex Legends (HKLM-x32\...\{D7FBF176-382D-484E-863A-DFD1124A2A1C}) (Version: 1.1.0.4 - Electronic Arts, Inc.)
BleachBit 4.4.2.2142 (HKLM-x32\...\BleachBit) (Version: 4.4.2.2142 - BleachBit)
CCleaner (HKLM\...\CCleaner) (Version: 6.03 - Piriform)
Discord (HKU\S-1-5-21-2041107291-3206987621-2178598254-1001\...\Discord) (Version: 1.0.9005 - Discord Inc.)
f.lux (HKU\S-1-5-21-2041107291-3206987621-2178598254-1001\...\Flux) (Version:  - f.lux Software LLC)
JDownloader 2 (HKU\S-1-5-21-2041107291-3206987621-2178598254-1001\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Microsoft .NET Host - 5.0.17 (x64) (HKLM\...\{E663ED1E-899C-40E8-91D0-8D37B95E3C69}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.8 (x64) (HKLM\...\{6950FA03-8B88-4675-B685-FB21CA1762CC}) (Version: 48.35.45462 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.8 (x86) (HKLM-x32\...\{46F7B664-9497-493D-8269-C39DE0F9C7BB}) (Version: 48.35.45462 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.17 (x64) (HKLM\...\{8BA25391-0BE6-443A-8EBF-86A29BAFC479}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.8 (x64) (HKLM\...\{3C3CA326-3F1D-43B7-B0AD-CBC06B2DED5A}) (Version: 48.35.45462 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.8 (x86) (HKLM-x32\...\{56205076-5F5F-408B-A2CC-EF72BFFBC6DD}) (Version: 48.35.45462 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x64) (HKLM\...\{5A66E598-37BD-4C8A-A7CB-A71C32ABCD78}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.8 (x64) (HKLM\...\{7CEA3ABF-FE24-42AF-ADE6-B4A3EE346743}) (Version: 48.35.45462 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.8 (x64) (HKLM-x32\...\{df65a075-27e0-4afc-baea-ecaadef7b85c}) (Version: 6.0.8.31513 - Microsoft Corporation)
Microsoft .NET Runtime - 6.0.8 (x86) (HKLM-x32\...\{4368217D-0EEE-4612-973D-CB228B37F17A}) (Version: 48.35.45462 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.8 (x86) (HKLM-x32\...\{469641e6-0ab0-4da8-88d5-7bd24b093271}) (Version: 6.0.8.31513 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 104.0.1293.70 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29913 (HKLM-x32\...\{03d1453c-7d5c-479c-afea-8482f406e036}) (Version: 14.28.29913.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31332 (HKLM-x32\...\{3746f21b-c990-4045-bb33-1cf98cff7a68}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29913 (HKLM-x32\...\{572DCD10-CF2E-43D1-8151-8BD9AC9086D0}) (Version: 14.28.29913 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29913 (HKLM-x32\...\{6236EBBD-F50F-40B3-B819-8DB0C608308C}) (Version: 14.28.29913 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31332 (HKLM\...\{F4499EE3-A166-496C-81BB-51D1BCDC70A9}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31332 (HKLM\...\{3407B900-37F5-4CC2-B612-5CD5D580A163}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual Studio Code (HKLM\...\{EA457B21-F73E-494C-ACAB-524FDE069978}_is1) (Version: 1.70.2 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.17 (x64) (HKLM\...\{3C31CBA1-A0D9-4B95-A807-AD2313D12F47}) (Version: 40.68.31219 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 5.0.17 (x64) (HKLM-x32\...\{20d5df4e-006c-4d6d-a0dc-490d009b9786}) (Version: 5.0.17.31219 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 6.0.8 (x64) (HKLM\...\{EB3983F9-3D60-456D-A11A-C1366C79AD3E}) (Version: 48.35.45540 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.8 (x64) (HKLM-x32\...\{ca35acb3-b442-44fb-924c-4448120bf689}) (Version: 6.0.8.31518 - Microsoft Corporation)
Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 104.0.2 (x64 de)) (Version: 104.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 104.0.1 - Mozilla)
Mullvad VPN 2022.4.0 (HKLM\...\2A356FD4-03B7-4F45-99B4-737BE580DC82) (Version: 2022.4.0 - Mullvad VPN)
Norton 360 (HKLM-x32\...\NGC) (Version: 22.22.7.14 - NortonLifeLock Inc)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 8.4.4 - Notepad++ Team)
NVIDIA Graphics Driver 516.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 516.94 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.39.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.39.14 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 28.0.0 - OBS Project)
ONLYOFFICE Desktop Editors 7.1 (x64) (HKLM\...\ONLYOFFICE Desktop Editors_is1) (Version: 7.1.1.57 - Ascensio System SIA)
Origin (HKLM-x32\...\Origin) (Version: 10.5.115.51547 - Electronic Arts, Inc.)
PrivaZer (HKLM-x32\...\PrivaZer) (Version: 4.0.51.0 - Goversoft LLC)
PuTTY release 0.77 (64-bit) (HKLM\...\{E078C644-A120-4668-AD62-02E9FD530190}) (Version: 0.77.0.0 - Simon Tatham)
Python 3.10.6 (64-bit) (HKU\S-1-5-21-2041107291-3206987621-2178598254-1001\...\{1fab56ed-b241-47a3-9abc-d51dc01b8dff}) (Version: 3.10.6150.0 - Python Software Foundation)
Python 3.10.6 Core Interpreter (64-bit) (HKLM\...\{C91F8E4B-F9C1-4FD1-BCF3-4A91CDAD4B72}) (Version: 3.10.6150.0 - Python Software Foundation) Hidden
Python 3.10.6 Development Libraries (64-bit) (HKLM\...\{07CDAC2C-737C-4D8A-AF42-6BCE111699AE}) (Version: 3.10.6150.0 - Python Software Foundation) Hidden
Python 3.10.6 Documentation (64-bit) (HKLM\...\{4306E3B9-B285-4747-B84D-9FAF08AA412D}) (Version: 3.10.6150.0 - Python Software Foundation) Hidden
Python 3.10.6 Executables (64-bit) (HKLM\...\{750538B5-3E77-4F94-A64A-D3F09E608CA2}) (Version: 3.10.6150.0 - Python Software Foundation) Hidden
Python 3.10.6 pip Bootstrap (64-bit) (HKLM\...\{3983F17E-1088-46F9-BB00-53B888FF3835}) (Version: 3.10.6150.0 - Python Software Foundation) Hidden
Python 3.10.6 Standard Library (64-bit) (HKLM\...\{C3A057F3-209B-4244-9697-D69031B81AAB}) (Version: 3.10.6150.0 - Python Software Foundation) Hidden
Python 3.10.6 Tcl/Tk Support (64-bit) (HKLM\...\{A551B92B-102D-45DC-8050-5CE10DE81CD0}) (Version: 3.10.6150.0 - Python Software Foundation) Hidden
Python 3.10.6 Test Suite (64-bit) (HKLM\...\{1204E654-144E-4FBA-ACA0-558F6E54FC5A}) (Version: 3.10.6150.0 - Python Software Foundation) Hidden
Python 3.10.6 Utility Scripts (64-bit) (HKLM\...\{1D60E386-848D-45D1-BB0A-7E26A3E32011}) (Version: 3.10.6150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{7805B176-9059-45BD-8C4A-5B9EB0C2C387}) (Version: 3.10.7882.0 - Python Software Foundation)
Revo Uninstaller 2.3.9 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.3.9 - VS Revo Group, Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stronghold Kingdoms (HKLM-x32\...\{D1D632A2-E249-466D-A094-B1B934D37645}_is1) (Version: 1.17 - Firefly Studios)
TeamSpeak 3 Client (HKU\S-1-5-21-2041107291-3206987621-2178598254-1001\...\TeamSpeak 3 Client) (Version: 3.5.6 - TeamSpeak Systems GmbH)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.25.9 - IDRIX)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.17.4 - VideoLAN)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
WinSCP 5.21.2 (HKLM-x32\...\winscp3_is1) (Version: 5.21.2 - Martin Prikryl)

Packages:
=========
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.962.0_x64__56jybvy8sckqj [2022-09-02] (NVIDIA Corp.)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.20.238.0_x64__dt26b99r8h8gj [2022-09-02] (Realtek Semiconductor Corp)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.193.898.0_x86__zpdnekdrzrea0 [2022-09-08] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.22.7.14\buShell.dll [2022-08-11] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.22.7.14\buShell.dll [2022-08-11] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.22.7.14\buShell.dll [2022-08-11] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.22.7.14\buShell.dll [2022-08-11] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.22.7.14\buShell.dll [2022-08-11] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.22.7.14\buShell.dll [2022-08-11] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2022-07-15] (Notepad++ -> )
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.22.7.14\buShell.dll [2022-08-11] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.22.7.14\NavShExt.dll [2022-08-11] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2022-09-02] (Goversoft LLC -> )
ContextMenuHandlers2: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.22.7.14\NavShExt.dll [2022-08-11] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers2: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2022-09-02] (Goversoft LLC -> )
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Player\vmdkShellExt.dll [2022-07-10] (VMware, Inc. -> VMware, Inc.)
ContextMenuHandlers2: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Player\x64\vmdkShellExt64.dll [2022-07-10] (VMware, Inc. -> VMware, Inc.)
ContextMenuHandlers3: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2022-09-02] (Goversoft LLC -> )
ContextMenuHandlers3: [SendTo] -> -{7BA4C740-9E81-11CF-99D3-00AA004AE837} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2022-09-02] (Goversoft LLC -> )
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_47917a79b8c7fd22\nvshext.dll [2022-07-28] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.22.7.14\buShell.dll [2022-08-11] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers6: [Library Location] -> -{3dad6c5d-2167-4cae-9914-f99e41c12cfa} =>  -> No File
ContextMenuHandlers6: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.22.7.14\NavShExt.dll [2022-08-11] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers6: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2022-09-02] (Goversoft LLC -> )

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2022-09-02 13:44 - 2022-08-19 14:27 - 002714112 _____ () [File not signed] C:\Program Files\Mullvad VPN\ffmpeg.dll
2022-09-02 13:44 - 2022-08-19 14:27 - 000447488 _____ () [File not signed] C:\Program Files\Mullvad VPN\libegl.dll
2022-09-02 13:44 - 2022-08-19 14:27 - 007040512 _____ () [File not signed] C:\Program Files\Mullvad VPN\libglesv2.dll
2022-09-02 13:44 - 2022-08-19 14:27 - 004654592 _____ () [File not signed] C:\Program Files\Mullvad VPN\vk_swiftshader.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.22.7.14\coIEPlg.dll [2022-08-11] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.22.7.14\coIEPlg.dll [2022-08-11] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.22.7.14\coIEPlg.dll [2022-08-11] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.22.7.14\coIEPlg.dll [2022-08-11] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 11:14 - 2019-12-07 11:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\VMware\VMware Player\bin\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\PuTTY\;C:\Program Files\Microsoft VS Code\bin;C:\Program Files\dotnet\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Mullvad VPN\resources
HKU\S-1-5-21-2041107291-3206987621-2178598254-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 10.64.0.1 - 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
VMware Network Adapter VMnet8: VMware Bridge Protocol -> vmware_bridge (disabled) 
WiFi: VMware Bridge Protocol -> vmware_bridge (enabled) 
Ethernet: VMware Bridge Protocol -> vmware_bridge (enabled) 
VMware Network Adapter VMnet1: VMware Bridge Protocol -> vmware_bridge (disabled) 
Mullvad: VMware Bridge Protocol -> vmware_bridge (enabled) 

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [Microsoft-Windows-Unified-Telemetry-Client] => (Block) C:\Windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{F5F91BE7-A8F4-4E58-BF8A-05337FBD6B08}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{2292187D-4D3E-43E1-9055-66F615E82CE5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{C87E6AE4-9B07-4EB3-97B2-DE588175CB80}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D876B1BA-9D3A-4913-8CD9-0EA53BF2C524}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{82F12B43-7135-4779-BF45-2FC5DB904AFD}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{035D630B-EB38-4E79-8A15-38958BC3B5EC}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{B5B330D7-D3F6-418A-8B94-9EC529C4C6DF}] => (Allow) F:\Origin Games\Apex\EasyAntiCheat_launcher.exe (Electronic Arts, Inc. -> EasyAntiCheat Ltd)
FirewallRules: [{C8E4549E-BB9A-4811-AFDA-0C8E24DD6CED}] => (Allow) F:\Origin Games\Apex\EasyAntiCheat_launcher.exe (Electronic Arts, Inc. -> EasyAntiCheat Ltd)
FirewallRules: [{C013AEBD-7E22-455D-A2D4-88B1A5C6E21D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.193.898.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2551D73E-C738-4B87-87D6-B5A5F8CC3629}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.193.898.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{90FF1E1F-B1FE-4990-A080-ADE134866BF8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.193.898.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5C728119-66FE-4220-B159-6675E6D33DFF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.193.898.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C888A08E-83A3-4A5A-BF43-221295323AD6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.193.898.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{94A90DC6-92DB-4B6D-B4C2-A89D125F8281}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.193.898.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{16208DB2-B836-47C3-960E-87F1C0F851BD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.193.898.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{CF15FC30-E5DC-47AF-980C-2C60E02A367E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.193.898.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================

System errors:
=============
Error: (09/10/2022 11:58:47 AM) (Source: DCOM) (EventID: 10000) (User: USER-PC)
Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:
"2147942767"
Happened while starting this command:
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (09/10/2022 11:44:33 AM) (Source: DCOM) (EventID: 10000) (User: USER-PC)
Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:
"2147942767"
Happened while starting this command:
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (09/10/2022 11:43:02 AM) (Source: NetBT) (EventID: 4307) (User: )
Description: Initialization failed because the transport refused to open initial addresses.

Error: (09/10/2022 03:43:10 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{D46B8794-5A6B-497E-9994-880B06828664} because another computer on the network has the same name.  The server could not start.

Error: (09/10/2022 03:43:10 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{5FDFF5D6-E9E1-42C9-9EE0-E843878FA62B} because another computer on the network has the same name.  The server could not start.

Error: (09/10/2022 03:43:10 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{6580EB73-5450-4C6C-8328-BB5A8154905A} because another computer on the network has the same name.  The server could not start.

Error: (09/10/2022 03:43:10 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{D46B8794-5A6B-497E-9994-880B06828664} because another computer on the network has the same name.  The server could not start.

Error: (09/10/2022 03:43:10 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{5FDFF5D6-E9E1-42C9-9EE0-E843878FA62B} because another computer on the network has the same name.  The server could not start.


CodeIntegrity:
===============
Date: 2022-09-10 11:45:26
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume5\Program Files\Norton Security\Engine\22.22.7.14\symamsi.dll that did not meet the Microsoft signing level requirements.

Date: 2022-09-10 11:44:26
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Norton Security\Engine\22.22.7.14\symamsi.dll that did not meet the Windows signing level requirements.


==================== Memory info =========================== 

BIOS: American Megatrends International, LLC. F33 05/21/2021
Motherboard: Gigabyte Technology Co., Ltd. X570 AORUS MASTER
Processor: AMD Ryzen 9 5950X 16-Core Processor 
Percentage of memory in use: 7%
Total physical RAM: 65478.64 MB
Available physical RAM: 60589.76 MB
Total Virtual: 75206.64 MB
Available Virtual: 68346.74 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1862.4 GB) (Free:1815.42 GB) (Model: Seagate FireCuda 520 SSD ZP2000GM30002) NTFS
Drive d: (Down & Rec) (Fixed) (Total:7452.02 GB) (Free:4607.95 GB) (Model: ST8000DM004-2CX188) NTFS
Drive e: (Volume) (Fixed) (Total:7452.02 GB) (Free:7277 GB) (Model: ST8000DM004-2CX188) NTFS
Drive f: (Games) (Fixed) (Total:1863 GB) (Free:397.74 GB) (Model: Seagate FireCuda 520 SSD ZP2000GM30002) NTFS

\\?\Volume{36741afa-ae97-466d-a377-26620c333e23}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
\\?\Volume{6a6f6b36-5c1f-4505-afa2-ad162d2c112f}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 7452 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 7452 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 2 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 3 (Size: 1863 GB) (Disk ID: 5409DDFB)

Partition: GPT.

==================== End of Addition.txt =======================
         
 --- --- ---


--- --- ---

SecurityCheck:

Code:

ATTFilter

SecurityCheck by glax24 & Severnyj v.1.4.0.54 [06.12.21]
WebSite: www.safezone.cc
DateLog: 10.09.2022 12:19:20
Path starting: C:\Users\User\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: User
VersionXML: 10.14is-04.09.2022
___________________________________________________________________________

Windows 10(6.3.19044) (x64) Professional Release: 2009 Lang: English(0809)
Installation date OS: 01.09.2022 15:28:40
LicenseStatus: Windows(R), Professional edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
SystemDrive: C: FS: [NTFS] Capacity: [1862.4 Gb] Used: [47 Gb] Free: [1815.4 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.789.19041.0
User Account Control enabled
The elevation prompt for administrators disabled
^It is recommended to enable (default): Win+R typing UserAccountControlSettings and Enter^
Norton WSC Service (nsWscSvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Windows Defender (disabled and up to date)
Norton 360 (disabled)
---------------------------- [ Firewall_WMI ] -----------------------------
Norton 360
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Norton 360 v.22.22.7.14
--------------------------- [ OtherUtilities ] ----------------------------
ONLYOFFICE Desktop Editors 7.1 (x64) v.7.1.1.57
VMware Player v.16.2.4
PuTTY release 0.77 (64-bit) v.0.77.0.0
Microsoft Visual Studio Code v.1.70.2 Warning! Download Update
Python 3.10.6 (64-bit) v.3.10.6150.0
Notepad++ (32-bit x86) v.8.4.4
Steam v.2.10.91.91
VeraCrypt v.1.25.9
WinSCP 5.21.2 v.5.21.2
------------------------------ [ ArchAndFM ] ------------------------------
7-Zip 22.01 (x64) v.22.01
-------------------------- [ IMAndCollaborate ] ---------------------------
Discord v.1.0.9005 Warning! Download Update
-------------------------------- [ Media ] --------------------------------
VLC media player v.3.0.17.4
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Acrobat Reader 2020 MUI v.20.005.30381 Warning! This software is no longer supported. Please uninstall it and use Adobe Acrobat Reader DC.
------------------------------- [ Browser ] -------------------------------
Mozilla Firefox (x64 de) v.104.0.2 [+]
Microsoft Edge v.104.0.1293.70 Warning! Download Update
------------------ [ AntivirusFirewallProcessServices ] -------------------
Norton Security (NortonSecurity) - The service is running
C:\Program Files\Norton Security\Engine\22.22.7.14\NortonSecurity.exe v.17.2.3.65
Microsoft Defender Antivirus Service (WinDefend) - The service has stopped
Microsoft Defender Antivirus Network Inspection Service (WdNisSvc) - The service has stopped
---------------------------- [ UnwantedApps ] -----------------------------
CCleaner v.6.03 Warning! Suspected demo version of anti-spyware, driver updater or optimizer. If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware. Possible you became a victim of fraud or social engineering. Computer experts no longer recommend this program.
JDownloader 2 v.2.0 Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware and Malwarebytes AdwCleaner. Before uninstallation and scanning it is necessary to consult in the forum where cure is provided for you!!!
PrivaZer v.4.0.51.0 Warning! Suspected demo version of anti-spyware, driver updater or optimizer. If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware. Possible you became a victim of fraud or social engineering. Computer experts no longer recommend this program.
----------------------------- [ End of Log ] ------------------------------

Windows 10 habe ich vor 2 Tagen frisch augesetzt und nur die nötigsten Programme installiert. Die DLL ist wieder aufgetaucht.
Mit ESET Online Scanner konnte ich bisher nicht scannen, wenn ich versuche das Programm zu starten schließt es sich ohne Fehlermeldung.
Malewarebytes hat nichts gefunden ebenso Bitdefender, Avast und Avira.

Alle installierten Programme benutze ich regelmäßig und es ist mir durchaus bewusst was diese Programme tun und was nicht.
Ebenso installiere ich keine Adware mit den Programmen die dafür evtl. bekannt sind wie zB. JDownloader, in solchen Fällen habe ich saubere Setups ohne intigrierter Adware.
Hier geht es ausschließlich darum, den Ursprung dieser dll zu finden.

Danke & Grüße

M-K-D-B · 10.09.2022, 21:58

Mein Name ist Matthias und ich werde dir bei der Analyse und der eventuell notwendigen Bereinigung deines Computers helfen.

Vielen Dank für die ausführlichen Erläuterungen sowie die Logdateien.
Ich kann mich nicht erinnern, so etwas schon einmal gesehen zu haben. Interessant auf jeden Fall. Die Dateinamen wechseln ja. Obwohl sich der Name der .dll jedes Mal zu ändern scheint, bleibt die GUID ( {B6BB91E0-E023-BD21-A045-44B4A7F0B4F3} ) bei dir jedoch immer gleich. Sehe ich das richtig?

Zitat:

Seit dem habe ich Windows 10 - 3 mal komplett neu installiert und diese dll wird noch immer mit zufälligem Namen im Register eingetragen.

Hier wäre ein Ansatzpunkt.
Wenn du eine saubere Neuinstallation durchführt hast, also ein blankes Windows hast, war danach auch dieser Eintrag zu finden?
Wenn nicht, dann kommt das wohl "Huckepack" mit einer Software, die du jedes Mal installiert hast. Da müsstest du jetzt nach jeder einzelnen Installation immer wieder nachsehen, ob da was kommt. All das kostet viel Zeit, aber so könntest du die Ursache eingrenzen.

Zitat:

es geht um einen reg. Eintrag von einer nicht existierenden dll im System32.

Die Datei war auch nicht versteckt (hidden) bzw. als Systemdatei (S) gekennzeichnet (das heißt, du hast dir alle Dateien und Ordner zu dem Zeitpunkt anzeigen lassen)?
Das hast du alles überprüft?

Zitat:

[HKEY_CLASSES_ROOT\CLSID\{B6BB91E0-E023-BD21-A045-44B4A7F0B4F3}\InprocServer32]
@="%SystemRoot%\\system32\\jtjppftquows.dll"

Eventuell findet sich diese GUID auch noch an anderer Stelle in der Registry? Hast du das schon mal überprüft? Wir können einen Versuch mit FRST starten.

Nach dem nächsten Neustart könntest du dir den Schlüssel nochmal ansehen, was dann für ein Dateiname "NameDerDatei.dll" zu finden ist und mit FRST nach den beiden Daten B6BB91E0-E023-BD21-A045-44B4A7F0B4F3 und NameDerDatei (ohne ".dll") suchen lassen.
Anstatt NameDerDatei müsstest du halt jtjppftquows oder was auch immer einsetzen.
Eine Anleitung dazu findest du weiter unten.

Findet sich dieser Schlüssel auch im abgesicherten Modus? Wenn ja, findet sich dort vielleicht die Datei im System32-Ordner?

Spezialsuche mit FRST

Starte FRST erneut. Kopiere den Inhalt der folgenden Code-Box oben in das Suchfeld:
Code:
ATTFilter
```
SearchAll: B6BB91E0-E023-BD21-A045-44B4A7F0B4F3;NameDerDatei
         
```
Klicke auf den Button Datei-Suche.
FRST beginnt mit dem Suchlauf. Das kann einige Zeit dauern, bitte gedulde dich!
Am Ende wird eine Textdatei Search.txt erstellt.
Poste mir deren Inhalt mit deiner nächsten Antwort.

9092374756 · 11.09.2022, 23:03

Hallo Matthias, danke für deine Antwort.

Zitat:

Obwohl sich der Name der .dll jedes Mal zu ändern scheint, bleibt die GUID ( {B6BB91E0-E023-BD21-A045-44B4A7F0B4F3} ) bei dir jedoch immer gleich. Sehe ich das richtig?

Das ist richtig, ich bin mir nicht sicher ob die GUID auch nach der Neuinstallation von Windows gleich bleibt, das bleibt noch zu testen. Nach einem neustart bleibt die GUID jedenfalls gleich, nur der dateiname ändert sich.

Zitat:

Wenn du eine saubere Neuinstallation durchführt hast, also ein blankes Windows hast, war danach auch dieser Eintrag zu finden?
Wenn nicht, dann kommt das wohl "Huckepack" mit einer Software, die du jedes Mal installiert hast. Da müsstest du jetzt nach jeder einzelnen Installation immer wieder nachsehen, ob da was kommt. All das kostet viel Zeit, aber so könntest du die Ursache eingrenzen.

So bin ich bei der letzten Neuinstallation vorgegangen. Ich habe über 6 Stunden damit verbracht, Software für Software zu installieren und den PC neuzustarten. Nachdem die nötigsten Programme installiert waren, habe ich den PC laufen lassen und erst nach etwa 2 weiteren Stunden + Neustart ist der Reg. Eintrag aufgetaucht.

Zitat:

Die Datei war auch nicht versteckt (hidden) bzw. als Systemdatei (S) gekennzeichnet (das heißt, du hast dir alle Dateien und Ordner zu dem Zeitpunkt anzeigen lassen)?
Das hast du alles überprüft?

Systemdateien und Versteckte Dateien habe ich anzeigen lassen, diese dll existierte nicht oder wurde automatisch gelöscht.
Auch öffnen mit dem jeweiligen neuen Dateinamen geht nicht.

Da fällt mir ein ich lasse mal ein Wiederherstellungsprogramm laufen, villeicht lässt sich diese DLL zurückholen.

Die Suche mit FRST hat folgendes ergeben:

Code:

ATTFilter

Farbar Recovery Scan Tool (x64) Version: 30-08-2022
Ran by User (11-09-2022 22:44:41)
Running from C:\Users\User\Desktop
Boot Mode: Normal

================== Search Files: "SearchAll: B6BB91E0-E023-BD21-A045-44B4A7F0B4F3;zsddnedz.dll" =============

File:
========

folder:
========

Registry:
========

===================== Search result for "B6BB91E0-E023-BD21-A045-44B4A7F0B4F3" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B6BB91E0-E023-BD21-A045-44B4A7F0B4F3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B6BB91E0-E023-BD21-A045-44B4A7F0B4F3}\InprocServer32]
""="%SystemRoot%\system32\zsddnedz.dll"


===================== Search result for "zsddnedz.dll" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B6BB91E0-E023-BD21-A045-44B4A7F0B4F3}\InprocServer32]
""="%SystemRoot%\system32\zsddnedz.dll"


====== End of Search ======

Den Abgesicherten Modus habe ich noch nicht versucht, das werde ich morgen testen und berichten.

Meine Vermutung ist dass sich diese DLL in einen anderen Prozess injiziert und danach löscht bzw. dass ein anderes Programm dies tut und die datei danach löscht oder umbenennt. / Nur wie findet man heraus ob so etwas passiert?
Sollten wir keine Lösung finden bzw diese Datei irgendwie auftreiben können, werde ich gerne nochmals Win10 installieren und über einen längeren Zeitraum Software für Software installieren um zu sehen was passiert.

Sollte es ein RAT oder eine andere bösartige Software sein, würde ich das gerne wissen bevor ich alles platt mache und diese DLL danach nicht mehr auftaucht

M-K-D-B · 12.09.2022, 18:23

Vielen Dank für die Rückmeldung. Bin gespannt, was du berichtest, wie es im abgesicherten Modus aussieht.

Was passiert, wenn du den Schlüssel löscht?
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B6BB91E0-E023-BD21-A045-44B4A7F0B4F3}

Taucht der dann nach dem Neustart wieder neu auf, oder?

Sind das deine Scripts?

Zitat:

Task: {1118AB16-4DFF-487E-929F-54A9381AB74C} - System32\Tasks\Sophia Script\SoftwareDistribution => powershell.exe (No File)
Task: {1690A3C9-65DB-4D27-9A03-3A548756B5A4} - System32\Tasks\Sophia Script\Windows Cleanup => powershell.exe (No File)
Task: {A6B0D755-6950-492F-8599-B316A5DC7543} - System32\Tasks\Sophia Script\Temp => powershell.exe (No File)
Task: {B80DA7F2-228D-4A28-AAC6-CC6F3FD63D6D} - System32\Tasks\Sophia Script\Windows Cleanup Notification => powershell.exe (No File)

Wir können gerne einige Tools und Bereinigungen ausführen und schauen, ob wir etwas finden.

M-K-D-B · 17.09.2022, 21:53

Fehlende Rückmeldung
Dieses Thema wurde aus unseren Abos gelöscht. Somit bekommen wir keine Benachrichtigung über neue Antworten.
Solltest Du das Thema erneut brauchen, schicke uns bitte eine Erinnerung inklusive Link zum Thema.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und ein eigenes Thema erstellen!

Windows 10 - ActiveX/COM Issue - system32\RandomName.dll

Log-Analyse und Auswertung: Windows 10 - ActiveX/COM Issue - system32\RandomName.dll