Login

Register

Login

Register

Friend fell for a scam | #firefox | #chrome | #microsoftedge | #cybersecurity | #infosecurity | #hacker



Hi

My friend fell for a phone scam and gave the scammer remote access to his pc.

The scammer posed as being a bitdefender partner, Microsoft certified etc. etc. (You know the drill)

Can someone check if they left anything suspecious on his system?

Ran malwarebytes which didn’t find anything.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-06-2021
Ran by Bobo (administrator) on DESKTOP-5P5UHE7 (28-06-2021 23:39:15)
Running from C:UsersBoboDesktop
Loaded Profiles: Bobo
Platform: Windows 10 Home Version 20H2 19042.1081 (X64) Language: Dansk (Danmark)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefenderBitdefender Securitybdagent.exe
(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefenderBitdefender Securitybdntwrk.exe
(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefenderBitdefender Securitybdservicehost.exe <3>
(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefenderBitdefender Securitybdwtxag.exe
(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefenderBitdefender Securityupdatesrv.exe
(Bitdefender SRL -> Bitdefender) C:Program FilesCommon FilesBitdefenderSetupInformationBitdefender RedLinebdredline.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:Program Files (x86)IntelIntel® Management Engine ComponentsLMSLMS.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:Program FilesIntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:Program FilesIntelIntel® Rapid Storage TechnologyIAStorIcon.exe
(Malwarebytes Inc -> Malwarebytes) C:Program FilesMalwarebytesAnti-MalwareMBAMWsc.exe
(Microsoft Corporation -> Sysinternals – www.sysinternals.com) C:UsersBoboDocumentsProcessExplorerprocexp64.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32smartscreen.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:WindowsSystem32DriverStoreFileRepositorynv_dispi.inf_amd64_a494df49ba2f9f36Display.NvContainerNVDisplay.Container.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:WindowsSystem32RtkAudUService64.exe
(Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:Program FilesSamsungUSB Drivers28_ssconn2connss_conn_service2.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) D:ProgrammerTeamviewerTeamViewer.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) D:ProgrammerTeamviewerTeamViewer_Desktop.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) D:ProgrammerTeamviewerTeamViewer_Service.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) D:ProgrammerTeamviewertv_w32.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) D:ProgrammerTeamviewertv_x64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM…Run: [RtkAudUService] => C:WindowsSystem32RtkAudUService64.exe [835136 2020-05-19] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM…Run: [IAStorIcon] => C:Program FilesIntelIntel® Rapid Storage TechnologyIAStorIcon.exe [319544 2019-02-26] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM…Run: [BdVpnApp] => C:Program FilesBitdefenderBitdefender VPNBdVpnApp.exe [251496 2021-06-23] (Bitdefender SRL -> Bitdefender)
HKLM-x32…Run: [Discord] => C:ProgramDataSquirrelMachineInstallsDiscord.exe [62620472 2020-05-19] (Discord Inc. -> Discord Inc.)
HKUS-1-5-21-2778596834-1194538121-2314244375-1001…Run: [Samsung DeX] => D:mobil dexSamsung DeXSamsungDeX.exe [10517160 2021-03-03] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
HKLM…Windows x64Print ProcessorsCanon MG2500 series Print Processor: C:WindowsSystem32spoolprtprocsx64CNMPDBX.DLL [30208 2013-03-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM…PrintMonitorsCanon BJ Language Monitor MG2500 series: C:Windowssystem32CNMLMBX.DLL [391168 2013-03-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLMSoftwareMicrosoftActive SetupInstalled Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:Program Files (x86)GoogleChromeApplication91.0.4472.114Installerchrmstp.exe [2021-06-18] (Google LLC -> Google LLC)
Startup: C:ProgramDataMicrosoftWindowsStart MenuProgramsStartupROCCAT Swarm Monitor.lnk [2020-09-21]
ShortcutTarget: ROCCAT Swarm Monitor.lnk -> C:Program Files (x86)ROCCATROCCAT SwarmROCCAT_Swarm_Monitor.exe (Voyetra Turtle Beach, Inc. -> ROCCAT)
Startup: C:UsersBoboAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupprocexp64 – genvej.lnk [2020-11-08]
ShortcutTarget: procexp64 – genvej.lnk -> C:UsersBoboDocumentsProcessExplorerprocexp64.exe (Microsoft Corporation -> Sysinternals – www.sysinternals.com)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1DC0CF1A-9C2F-4CD9-8BAD-59156BF07BC6} – System32TasksAdwCleaner_onReboot => C:UsersBoboDocumentsBestSecurity FjernkontrolTempadwcleaner-7-2-7.exe <==== ATTENTION
Task: {2C0F3BBA-A0B6-4B23-B5A5-EA33ED55238F} – System32TasksGoogleUpdateTaskMachineCore => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [156104 2020-05-19] (Google LLC -> Google LLC)
Task: {2D9FD4F7-6A2A-4403-98F3-D7364FB3ABF0} – System32TasksROCCAT DEVICE SERVICE => C:Program Files (x86)ROCCATROCCAT SwarmROCCAT_dev_service.exe [442888 2021-06-15] (Voyetra Turtle Beach, Inc. -> ROCCAT)
Task: {2FEE595C-3EDF-4A44-A1B4-DD4E6E8F28C5} – System32TasksIntel PTT EK Recertification => C:WINDOWSSystem32DriverStoreFileRepositoryiclsclient.inf_amd64_75ffca5eec865b4blibIntelPTTEKRecertification.exe [918288 2020-04-22] (Intel® Trust Services -> Intel® Corporation)
Task: {3B3790BD-2475-4E87-8714-9070E48838C6} – System32TasksNvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5592ED17-0434-424C-933E-28BDFD37F4B5} – System32TasksMozillaFirefox Default Browser Agent 308046B0AF4A39CB => C:Program FilesMozilla Firefoxdefault-browser-agent.exe [690616 2021-06-25] (Mozilla Corporation -> Mozilla Foundation)
Task: {6AFCD04A-3D60-4157-B9BF-D3A23B81C887} – System32TasksNvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program Files (x86)NVIDIA CorporationNvNodenvnodejslauncher.exe [645488 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {877FFC38-AB8B-4DF5-B67A-6FE89CE18DA6} – System32TasksNvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationUpdate CoreNvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9E76AD72-4661-4257-8E95-B28515D47F20} – System32TasksNVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNVIDIA GeForce ExperienceNVIDIA GeForce Experience.exe [3339120 2021-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B3B6A427-DF75-4457-944D-F59875DA8ADE} – System32TasksNvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationUpdate CoreNvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C5196983-1A4F-449A-AB74-B260F2083A9A} – System32TasksGoogleUpdateTaskMachineUA => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [156104 2020-05-19] (Google LLC -> Google LLC)
Task: {DB672884-0256-41F1-9539-591A4249E487} – System32TasksNvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d “C:Program FilesNVIDIA CorporationNvDriverUpdateCheck” -l 3 -f C:ProgramDataNVIDIANvContainerDriverUpdateCheck.log
Task: {DF8F6DBB-0853-4945-A7D2-4C82654505B0} – System32TasksBitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:Program FilesBitdefender Agent25.0.1.192WatchDog.exe [937064 2021-06-08] (Bitdefender SRL -> Bitdefender)
Task: {E7D80678-7EAE-4325-A6A5-2AB87091D7BE} – System32TasksNvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d “C:Program FilesNVIDIA CorporationNvBackendNvBatteryBoostCheck” -l 3 -f C:ProgramDataNVIDIANvContainerBatteryBoostCheck.log
Task: {E99A3D77-621D-40C2-A77E-3AA812FFBB8A} – System32TasksNvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {EFBE4784-E59D-4C37-AC2F-11A57E3F4C55} – System32TasksBitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C => C:Program FilesBitdefenderBitdefender Securitybdagent.exe [954456 2021-05-20] (Bitdefender SRL -> Bitdefender)
Task: {F1697441-8098-4E8E-A184-2328EC6CAA46} – System32TasksNvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F2B9A538-D707-4AD2-999D-66F44BD5B495} – System32TasksNvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

TcpipParameters: [DhcpNameServer] 212.10.10.5 212.10.10.4
Tcpip..Interfaces{b0564c02-aa2d-4348-9111-6983fe87c5c2}: [NameServer] 1.1.1.1,1.0.0.1
Tcpip..Interfaces{b0564c02-aa2d-4348-9111-6983fe87c5c2}: [DhcpNameServer] 212.10.10.5 212.10.10.4

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsAutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsBookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsLearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsPinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:UsersBoboAppDataLocalMicrosoftEdgeUser DataDefault [2021-06-28]

FireFox:
========
FF DefaultProfile: uv8onmwm.default
FF ProfilePath: C:UsersBoboAppDataRoamingMozillaFirefoxProfilesuv8onmwm.default [2021-06-28]
FF user.js: detected! => C:UsersBoboAppDataRoamingMozillaFirefoxProfilesuv8onmwm.defaultuser.js [2021-06-28]
FF ProfilePath: C:UsersBoboAppDataRoamingMozillaFirefoxProfilesj0axl809.default-release [2021-06-28]
FF user.js: detected! => C:UsersBoboAppDataRoamingMozillaFirefoxProfilesj0axl809.default-releaseuser.js [2021-06-28]
FF Homepage: MozillaFirefoxProfilesj0axl809.default-release -> hxxps://www.mozilla.org/da/firefox/central/|hxxps://www.facebook.com/?ref=tn_tnmn|hxxps://apps.facebook.com/battlefrontmars/?fb_source=canvas_bookmark|hxxps://thunderrunwarofclans.gamepedia.com/Thunder_Run:_War_of_Clans_Wiki|hxxps://www.battlehouse.com/play/battlefrontmars|hxxps://translate.yandex.com/?lang=ar-da|hxxps://docs.google.com/forms/d/e/1FAIpQLSf8tPzC2luFT9TcxbYlyioIx3nk_0NoBBl0JYlIxdzFVIHVcg/viewform|hxxps://www.roblox.com/home|hxxps://www.komogvind.dk/|hxxps://twitter.com/home|hxxps://outlook.live.com/mail/inbox|hxxps://www.proshop.dk/Guides/PcAssembling/8023541?fbclid=IwAR2VmzRCGJdPnIoIidNOeOBdom3-4hTv7Mc-ib5XM9Qjek3tmw6JTepxuXc/?selectedItems=b_2694593-c_2775193-d_2694845-f_2512327-g_2676191-k_2681393-l_2622047-|hxxps://danskebank.dk/da-dk/private-banking/bank-online/pages/netbank.aspx|hxxps://www.sygeforsikring.dk/|hxxps://www.youtube.com/|hxxps://stofa.dk/|hxxp://www.e-boks.dk/logon.aspx|hxxps://www.netflix.com/YourAccount?lnkctr=mhSS|hxxps://patientportal.egclinea.dk/?id=137|hxxps://mail.google.com/mail/u/0/?ogbl#inbox|hxxps://www.mobafire.com/league-of-legends/champions
FF Session Restore: MozillaFirefoxProfilesj0axl809.default-release -> is enabled.
FF Notifications: MozillaFirefoxProfilesj0axl809.default-release -> hxxps://www.youtube.com; hxxps://www.just-eat.dk
FF Extension: (English United States Dictionary) – C:UsersBoboAppDataRoamingMozillaFirefoxProfilesj0axl809.default-releaseExtensions@unitedstatesenglishdictionary.xpi [2021-04-12]
FF Extension: (LastPass: Free Password Manager) – C:UsersBoboAppDataRoamingMozillaFirefoxProfilesj0axl809.default-releaseExtensionssupport@lastpass.com.xpi [2021-06-24]
FF Extension: (uBlock Origin) – C:UsersBoboAppDataRoamingMozillaFirefoxProfilesj0axl809.default-releaseExtensionsuBlock0@raymondhill.net.xpi [2021-06-23]
FF HKLM…FirefoxExtensions: [bdwtwe@bitdefender.com] – C:Program FilesBitdefenderBitdefender Securitybdwteff.xpi
FF Extension: (Bitdefender Wallet) – C:Program FilesBitdefenderBitdefender Securitybdwteff.xpi [2020-11-15] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/wallet/updates.json ]
FF HKLM…FirefoxExtensions: [bdtbe@bitdefender.com] – C:Program FilesBitdefenderBitdefender Securitybdtbef.xpi
FF Extension: (Bitdefender Anti-tracker) – C:Program FilesBitdefenderBitdefender Securitybdtbef.xpi [2020-11-15] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/antitracker/updates.json ]
FF HKLM…ThunderbirdExtensions: [bdThunderbird@bitdefender.com] – C:Program FilesBitdefenderBitdefender Securitybdtbext
FF Extension: (Bitdefender Antispam Toolbar) – C:Program FilesBitdefenderBitdefender Securitybdtbext [2020-05-19] [Legacy] [not signed]
FF HKLM-x32…FirefoxExtensions: [bdwtwe@bitdefender.com] – C:Program FilesBitdefenderBitdefender Securitybdwteff.xpi
FF HKLM-x32…FirefoxExtensions: [bdtbe@bitdefender.com] – C:Program FilesBitdefenderBitdefender Securitybdtbef.xpi
FF HKLM-x32…ThunderbirdExtensions: [bdThunderbird@bitdefender.com] – C:Program FilesBitdefenderBitdefender Securitybdtbext
FF Plugin: @videolan.org/vlc,version=3.0.14 -> C:Program FilesVideoLANVLCnpvlc.dll [2021-05-10] (VideoLAN -> VideoLAN)
FF ExtraCheck: C:Program Filesmozilla firefoxdefaultsprefbd_js_config.js [2021-01-17] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:Program Filesmozilla firefoxbd_config.cfg [2021-01-17] <==== ATTENTION

Chrome:
=======
CHR Profile: C:UsersBoboAppDataLocalGoogleChromeUser DataDefault [2021-06-28]
CHR Notifications: Default -> hxxps://www.facebook.com
CHR Extension: (Adblock Plus -gratis annonceblokeringsværktøj) – C:UsersBoboAppDataLocalGoogleChromeUser DataDefaultExtensionscfhdojbkjhnklbpkdaibdccddilifddb [2021-05-19]
CHR Extension: (Bitdefender Wallet) – C:UsersBoboAppDataLocalGoogleChromeUser DataDefaultExtensionsgannpgaobkkhmpomoijebaigcapoeebl [2020-07-29]
CHR Extension: (LastPass: Free Password Manager) – C:UsersBoboAppDataLocalGoogleChromeUser DataDefaultExtensionshdokiejnpimakedhajhdlcegeplioahd [2021-06-19]
CHR Extension: (Bitdefender Anti-tracker) – C:UsersBoboAppDataLocalGoogleChromeUser DataDefaultExtensionskhndhdhbebhaddchcgnalcjlaekbbeof [2020-09-21]
CHR Extension: (Betalinger i Chrome Webshop) – C:UsersBoboAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Chrome Media Router) – C:UsersBoboAppDataLocalGoogleChromeUser DataDefaultExtensionspkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-05-27]
CHR HKLM-x32…ChromeExtension: [gannpgaobkkhmpomoijebaigcapoeebl]
CHR HKLM-x32…ChromeExtension: [khndhdhbebhaddchcgnalcjlaekbbeof]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AfVpnService; C:Program FilesBitdefenderBitdefender VPNhydra.sdk.windows.service.exe [198256 2021-01-26] (Pango Inc. -> AnchorFree Inc.)
R2 BDAuxSrv; C:Program FilesBitdefenderBitdefender Securitybdservicehost.exe [798640 2021-04-20] (Bitdefender SRL -> Bitdefender)
R2 BDProtSrv; C:Program FilesBitdefenderBitdefender Securitybdservicehost.exe [798640 2021-04-20] (Bitdefender SRL -> Bitdefender)
R2 bdredline; C:Program FilesCommon FilesBitdefenderSetupInformationBitdefender RedLinebdredline.exe [2195344 2018-03-22] (Bitdefender SRL -> Bitdefender)
S2 bdredline_agent; C:Program FilesBitdefender Agentredlinebdredline.exe [1899112 2018-03-22] (Bitdefender SRL -> Bitdefender)
S2 BdVpnService; C:Program FilesBitdefenderBitdefender VPNbdvpnservice.exe [246888 2021-06-23] (Bitdefender SRL -> Bitdefender)
S3 EasyAntiCheat; C:Program Files (x86)EasyAntiCheatEasyAntiCheat.exe [802432 2021-03-20] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 MBAMService; C:Program FilesMalwarebytesAnti-MalwareMBAMService.exe [7391408 2021-06-28] (Malwarebytes Inc -> Malwarebytes)
S3 Origin Client Service; D:APEEX LEGENSOriginOriginClientService.exe [2547344 2021-05-20] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; D:APEEX LEGENSOriginOriginWebHelperService.exe [3487384 2021-05-20] (Electronic Arts, Inc. -> Electronic Arts)
S2 ProductAgentService; C:Program FilesBitdefender AgentProductAgentService.exe [774760 2021-06-08] (Bitdefender SRL -> Bitdefender)
S3 ProtonVPN Service; D:Program Files (x86)ProtonVPNProtonVPNService.exe [102136 2021-01-12] (Proton Technologies AG -> )
S3 ProtonVPN Update Service; D:Program Files (x86)ProtonVPNProtonVPN.UpdateService.exe [62712 2021-01-12] (Proton Technologies AG -> )
S3 ss_conn_launcher_service; C:WINDOWSSystem32SamsungEasySetupss_conn_launcher.exe [183816 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S2 ss_conn_service; C:Program FilesSamsungUSB Drivers27_ssconnconnss_conn_service.exe [752224 2020-11-26] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:Program FilesSamsungUSB Drivers28_ssconn2connss_conn_service2.exe [919992 2020-11-26] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
R2 TeamViewer; D:ProgrammerTeamviewerTeamViewer_Service.exe [12849960 2021-03-15] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 UPDATESRV; C:Program FilesBitdefenderBitdefender Securityupdatesrv.exe [301144 2021-05-20] (Bitdefender SRL -> Bitdefender)
R2 VSSERV; C:Program FilesBitdefenderBitdefender Securitybdservicehost.exe [798640 2021-04-20] (Bitdefender SRL -> Bitdefender)
S3 WdNisSvc; C:Program FilesWindows DefenderNisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:Program FilesWindows DefenderMsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:WINDOWSSystem32DriverStoreFileRepositorynv_dispi.inf_amd64_a494df49ba2f9f36Display.NvContainerNVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%NVIDIANVDisplay.ContainerLocalSystem.log -l 3 -d C:WINDOWSSystem32DriverStoreFileRepositorynv_dispi.inf_amd64_a494df49ba2f9f36Display.NvContainerpluginsLocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystemLocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 atc; C:WINDOWSSystem32DRIVERSatc.sys [2718744 2021-03-24] (Bitdefender SRL -> Bitdefender S.R.L. Bucharest, ROMANIA)
R2 BdDci; C:WINDOWSsystem32DRIVERSbddci.sys [802976 2021-04-20] (Bitdefender SRL -> Bitdefender)
S0 bdelam; C:WINDOWSSystem32driversbdelam.sys [22976 2021-04-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
R0 bdprivmon; C:WINDOWSSystem32DRIVERSbdprivmon.sys [46056 2021-04-28] (Bitdefender SRL -> © Bitdefender SRL)
R1 BDVEDISK; C:WINDOWSsystem32DRIVERSbdvedisk.sys [96616 2020-04-27] (Bitdefender SRL -> BitDefender)
S3 BthA2dp; C:WINDOWSSystem32driversBthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:WINDOWSsystem32DRIVERSssudbus2.sys [161288 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R0 Gemma; C:WINDOWSSystem32DRIVERSgemma.sys [488592 2021-04-20] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R0 gzflt; C:WINDOWSSystem32DRIVERSgzflt.sys [195232 2020-11-15] (Bitdefender SRL -> BitDefender LLC)
R2 Ignis; C:WINDOWSsystem32DRIVERSignis.sys [185312 2020-12-14] (Bitdefender SRL -> Bitdefender)
S0 MbamElam; C:WINDOWSSystem32DRIVERSMbamElam.sys [19912 2021-06-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:WINDOWSSystem32Driversmbamswissarmy.sys [248992 2021-06-28] (Malwarebytes Inc -> Malwarebytes)
S3 ProtonVPNCallout; D:Program Files (x86)ProtonVPNx64Win10ProtonVPN.CalloutDriver.sys [33664 2020-12-30] (Microsoft Windows Hardware Compatibility Publisher -> Proton Technologies AG)
S3 ssudmdm; C:WINDOWSsystem32DRIVERSssudmdm.sys [168968 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:WINDOWSSystem32Driversss_conn_usb_driver2.sys [45064 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tap0901; C:WINDOWSSystem32driverstap0901.sys [47920 2020-02-20] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R3 tapprotonvpn; C:WINDOWSSystem32driverstapprotonvpn.sys [49024 2020-12-30] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R0 trufos; C:WINDOWSSystem32DRIVERStrufos.sys [641728 2021-03-24] (Bitdefender SRL -> Bitdefender)
S3 WdBoot; C:WINDOWSsystem32driversWdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:WINDOWSsystem32driversWdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:WINDOWSSystem32DriversWdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 cpuz145; ??C:WINDOWStempcpuz145cpuz145_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-06-28 23:39 – 2021-06-28 23:39 – 000023577 _____ C:UsersBoboDesktopFRST.txt
2021-06-28 23:38 – 2021-06-28 23:38 – 008534696 _____ (Malwarebytes) C:UsersBoboDesktopadwcleaner_8.2.exe
2021-06-28 23:20 – 2021-06-28 23:20 – 000248992 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbamswissarmy.sys
2021-06-28 23:20 – 2021-06-28 23:20 – 000199128 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbae64.sys
2021-06-28 23:20 – 2021-06-28 23:20 – 000019912 _____ (Malwarebytes) C:WINDOWSsystem32DriversMbamElam.sys
2021-06-28 23:20 – 2021-06-28 23:20 – 000002041 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes.lnk
2021-06-28 23:20 – 2021-06-28 23:20 – 000002029 _____ C:UsersPublicDesktopMalwarebytes.lnk
2021-06-28 23:20 – 2021-06-28 23:20 – 000002029 _____ C:ProgramDataDesktopMalwarebytes.lnk
2021-06-28 23:20 – 2021-06-28 23:20 – 000000000 ____D C:ProgramDataMalwarebytes
2021-06-28 23:20 – 2021-06-28 23:20 – 000000000 ____D C:Program FilesMalwarebytes
2021-06-28 23:09 – 2021-06-28 23:39 – 000000000 ____D C:FRST
2021-06-28 23:08 – 2021-06-28 23:09 – 002300416 _____ (Farbar) C:UsersBoboDesktopFRST64.exe
2021-06-28 22:44 – 2021-06-28 22:44 – 000004308 _____ C:WINDOWSsystem32TasksNvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-06-28 22:44 – 2021-06-28 22:44 – 000004106 _____ C:WINDOWSsystem32TasksNvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-06-28 22:44 – 2021-06-28 22:44 – 000003976 _____ C:WINDOWSsystem32TasksNVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-06-28 22:44 – 2021-06-28 22:44 – 000003940 _____ C:WINDOWSsystem32TasksNvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-06-28 22:44 – 2021-06-28 22:44 – 000003894 _____ C:WINDOWSsystem32TasksNvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-06-28 22:44 – 2021-06-28 22:44 – 000003858 _____ C:WINDOWSsystem32TasksNvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-06-28 22:44 – 2021-06-28 22:44 – 000003858 _____ C:WINDOWSsystem32TasksNvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-06-28 22:44 – 2021-06-28 22:44 – 000003858 _____ C:WINDOWSsystem32TasksNvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-06-28 22:44 – 2021-06-28 22:44 – 000003858 _____ C:WINDOWSsystem32TasksNvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-06-28 22:44 – 2021-06-28 22:44 – 000003654 _____ C:WINDOWSsystem32TasksNvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-06-28 22:44 – 2021-06-09 16:17 – 002838384 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvspcap64.dll
2021-06-28 22:44 – 2021-06-02 16:03 – 000067464 _____ (NVIDIA Corporation) C:WINDOWSsystem32Driversnvvhci.sys
2021-06-28 21:41 – 2021-06-28 23:14 – 000000742 _____ C:UsersBoboDesktopTeamViewer.lnk
2021-06-28 13:55 – 2021-06-28 13:55 – 000007605 _____ C:UsersBoboAppDataLocalResmon.ResmonCfg
2021-06-28 13:31 – 2021-06-28 13:31 – 000224116 _____ C:ProgramDatavpn.1624879867.bdinstall.v2.bin
2021-06-28 13:31 – 2021-06-28 13:31 – 000081040 _____ C:ProgramDatavpn.uninstall.1624879867.bdinstall.v2.bin
2021-06-28 13:27 – 2021-06-28 13:27 – 002371072 _____ C:WINDOWSsystem32rdpnano.dll
2021-06-28 13:27 – 2021-06-28 13:27 – 002260992 _____ C:WINDOWSsystem32TextInputMethodFormatter.dll
2021-06-28 13:27 – 2021-06-28 13:27 – 001823304 _____ (Microsoft Corporation) C:WINDOWSsystem32winload.efi
2021-06-28 13:27 – 2021-06-28 13:27 – 001393504 _____ (Microsoft Corporation) C:WINDOWSsystem32winresume.efi
2021-06-28 13:27 – 2021-06-28 13:27 – 001314128 _____ (Microsoft Corporation) C:WINDOWSsystem32SecConfig.efi
2021-06-28 13:27 – 2021-06-28 13:27 – 000570880 _____ (Microsoft Corporation) C:WINDOWSsystem32inetcpl.cpl
2021-06-28 13:27 – 2021-06-28 13:27 – 000452608 _____ (Microsoft Corporation) C:WINDOWSSysWOW64inetcpl.cpl
2021-06-28 13:27 – 2021-06-28 13:27 – 000097792 _____ C:WINDOWSsystem32Driverscimfs.sys
2021-06-28 13:27 – 2021-06-28 13:27 – 000084992 _____ (Microsoft Corporation) C:WINDOWSsystem32wscui.cpl
2021-06-28 13:27 – 2021-06-28 13:27 – 000067584 _____ (Microsoft Corporation) C:WINDOWSSysWOW64wscui.cpl
2021-06-28 13:27 – 2021-06-28 13:27 – 000060928 _____ C:WINDOWSsystem32runexehelper.exe
2021-06-28 13:27 – 2021-06-28 13:27 – 000011333 _____ C:WINDOWSsystem32DrtmAuthTxt.wim
2021-06-28 13:17 – 2021-06-28 13:17 – 000003236 _____ C:WINDOWSsystem32TasksAdwCleaner_onReboot
2021-06-28 13:17 – 2021-06-28 13:17 – 000000000 ____D C:AdwCleaner
2021-06-28 13:14 – 2021-06-28 13:14 – 000000000 ____D C:UsersBoboAppDataLocalmbam
2021-06-28 13:13 – 2021-06-28 15:28 – 083099648 _____ C:WINDOWSsystem32configSOFTWARE
2021-06-28 13:13 – 2021-06-28 15:28 – 000405504 _____ C:WINDOWSsystem32configDEFAULT
2021-06-28 13:13 – 2021-06-28 15:28 – 000069632 _____ C:WINDOWSsystem32configSAM
2021-06-28 13:13 – 2021-06-28 15:28 – 000028672 _____ C:WINDOWSsystem32configSECURITY
2021-06-28 13:13 – 2021-06-28 13:13 – 078790656 _____ C:WINDOWSsystem32configSOFTWARE.iodefrag.bak
2021-06-28 13:13 – 2021-06-28 13:13 – 006381568 _____ C:WINDOWSsystem32configDRIVERS.iodefrag.bak
2021-06-28 13:13 – 2021-06-28 13:13 – 000405504 _____ C:WINDOWSsystem32configDEFAULT.iodefrag.bak
2021-06-28 13:13 – 2021-06-28 13:13 – 000069632 _____ C:WINDOWSsystem32configSAM.iodefrag.bak
2021-06-28 13:13 – 2021-06-28 13:13 – 000028672 _____ C:WINDOWSsystem32configSECURITY.iodefrag.bak
2021-06-28 13:13 – 2021-06-28 13:13 – 000000000 ____H C:asc_rdflag
2021-06-28 13:10 – 2021-06-28 13:10 – 078630912 _____ C:WINDOWSsystem32configSOFTWARE.iobit
2021-06-28 13:10 – 2021-06-28 13:10 – 006381568 _____ C:WINDOWSsystem32configDRIVERS.iobit
2021-06-28 13:10 – 2021-06-28 13:10 – 000405504 _____ C:WINDOWSsystem32configDEFAULT.iobit
2021-06-28 13:10 – 2021-06-28 13:10 – 000069632 _____ C:WINDOWSsystem32configSAM.iobit
2021-06-28 13:10 – 2021-06-28 13:10 – 000028672 _____ C:WINDOWSsystem32configSECURITY.iobit
2021-06-28 13:09 – 2021-06-28 13:09 – 000000000 ____D C:ProgramData{F86B0233-9A85-4589-8AAF-524CC4F8211B}
2021-06-28 13:08 – 2021-06-28 13:17 – 000000000 ____D C:Program Files (x86)IObit
2021-06-28 13:07 – 2021-06-28 15:28 – 000000000 ____D C:ProgramDatascre..tion_b15b0581876c57b7_0015.0008_da89c48907e14af1
2021-06-28 13:07 – 2021-06-28 13:07 – 000000000 ____D C:UsersBoboAppDataLocalDeployment
2021-06-28 13:07 – 2021-06-28 13:07 – 000000000 ____D C:UsersBoboAppDataLocalApps2.0
2021-06-25 13:26 – 2021-06-25 13:26 – 000000000 ____D C:WINDOWSsystem32TasksMozilla
2021-06-25 13:22 – 2021-06-25 13:22 – 000153348 _____ C:ProgramDataagent.update.1624620118.bdinstall.v2.bin
2021-06-09 13:15 – 2021-06-09 13:15 – 002755584 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mshtml.tlb
2021-06-09 13:15 – 2021-06-09 13:15 – 002755584 _____ (Microsoft Corporation) C:WINDOWSsystem32mshtml.tlb
2021-06-09 13:15 – 2021-06-09 13:15 – 001864192 _____ (The ICU Project) C:WINDOWSSysWOW64icu.dll
2021-06-09 13:15 – 2021-06-09 13:15 – 000468440 _____ C:WINDOWSSysWOW64WindowManagementAPI.dll
2021-06-09 13:15 – 2021-06-09 13:15 – 000423936 _____ (Microsoft Corporation) C:WINDOWSSysWOW64winspool.drv
2021-06-09 13:15 – 2021-06-09 13:15 – 000223744 _____ C:WINDOWSSysWOW64TpmTool.exe
2021-06-09 13:14 – 2021-06-09 13:14 – 002260480 _____ (The ICU Project) C:WINDOWSsystem32icu.dll
2021-06-09 13:14 – 2021-06-09 13:14 – 000657464 _____ C:WINDOWSsystem32WindowManagementAPI.dll
2021-06-09 13:14 – 2021-06-09 13:14 – 000563712 _____ (Microsoft Corporation) C:WINDOWSsystem32winspool.drv
2021-06-09 13:14 – 2021-06-09 13:14 – 000287232 _____ C:WINDOWSsystem32CoreMas.dll
2021-06-09 13:14 – 2021-06-09 13:14 – 000272384 _____ C:WINDOWSsystem32TpmTool.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-06-28 23:38 – 2020-05-19 16:31 – 000000000 ____D C:ProgramDataNVIDIA
2021-06-28 23:38 – 2019-12-07 11:14 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft
2021-06-28 23:37 – 2020-05-19 16:44 – 000000000 ____D C:UsersBoboAppDataLocalLowMozilla
2021-06-28 23:34 – 2020-05-19 16:44 – 000000000 ____D C:ProgramDataMozilla
2021-06-28 23:33 – 2019-12-07 11:03 – 000065536 _____ C:WINDOWSsystem32configELAM
2021-06-28 23:20 – 2019-12-07 11:14 – 000000000 ___HD C:WINDOWSELAMBKUP
2021-06-28 23:17 – 2020-05-19 16:49 – 000000000 ____D C:UsersBoboAppDataRoamingdiscord
2021-06-28 23:12 – 2019-12-07 11:13 – 000000000 ____D C:WINDOWSINF
2021-06-28 22:49 – 2020-05-19 16:49 – 000000000 ____D C:UsersBoboAppDataLocalDiscord
2021-06-28 22:48 – 2021-02-27 08:49 – 001374532 _____ C:WINDOWSsystem32PerfStringBackup.INI
2021-06-28 22:48 – 2019-12-07 16:56 – 000465556 _____ C:WINDOWSsystem32perfh006.dat
2021-06-28 22:48 – 2019-12-07 16:56 – 000079342 _____ C:WINDOWSsystem32perfc006.dat
2021-06-28 22:44 – 2020-05-19 16:31 – 000000000 ____D C:Program Files (x86)NVIDIA Corporation
2021-06-28 22:44 – 2020-05-19 16:16 – 000000000 ____D C:ProgramDataNVIDIA Corporation
2021-06-28 22:44 – 2020-05-19 16:16 – 000000000 ____D C:Program FilesNVIDIA Corporation
2021-06-28 21:18 – 2021-02-27 08:40 – 000000000 ____D C:WINDOWSsystem32SleepStudy
2021-06-28 15:31 – 2021-03-20 01:12 – 000000000 ____D C:Program Files (x86)Steam
2021-06-28 15:31 – 2020-05-22 06:49 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsRiot Games
2021-06-28 15:30 – 2020-06-06 16:45 – 000000000 ____D C:UsersBoboAppDataRoamingobs-studio
2021-06-28 15:28 – 2021-02-27 08:44 – 000000006 ____H C:WINDOWSTasksSA.DAT
2021-06-28 15:28 – 2021-02-27 08:40 – 000008192 ___SH C:DumpStack.log.tmp
2021-06-28 15:28 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSServiceState
2021-06-28 15:28 – 2019-12-07 11:03 – 000524288 _____ C:WINDOWSsystem32configBBI
2021-06-28 15:25 – 2020-05-19 16:13 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsBitdefender Security
2021-06-28 15:25 – 2019-12-07 11:14 – 000000000 ___SD C:WINDOWSDownloaded Program Files
2021-06-28 15:25 – 2019-12-07 11:14 – 000000000 ___RD C:WINDOWSOffline Web Pages
2021-06-28 13:32 – 2020-05-19 15:58 – 000000000 ____D C:UsersBoboAppDataLocalD3DSCache
2021-06-28 13:31 – 2020-05-19 16:13 – 000000000 ____D C:Program FilesBitdefender
2021-06-28 13:30 – 2021-02-27 08:40 – 000257792 _____ C:WINDOWSsystem32FNTCACHE.DAT
2021-06-28 13:30 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSAppReadiness
2021-06-28 13:29 – 2019-12-07 11:14 – 000000000 ___RD C:WINDOWSImmersiveControlPanel
2021-06-28 13:29 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSSysWOW64setup
2021-06-28 13:29 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSSysWOW64oobe
2021-06-28 13:29 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSSysWOW64Dism
2021-06-28 13:29 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSSystemResources
2021-06-28 13:29 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSsystem32setup
2021-06-28 13:29 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSsystem32oobe
2021-06-28 13:29 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSsystem32Dism
2021-06-28 13:29 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSProvisioning
2021-06-28 13:29 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSbcastdvr
2021-06-28 13:29 – 2019-12-07 11:03 – 000000000 ____D C:WINDOWSCbsTemp
2021-06-28 13:19 – 2020-07-15 12:06 – 000002450 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Edge.lnk
2021-06-28 13:19 – 2020-05-19 16:52 – 000002313 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk
2021-06-28 13:17 – 2020-08-04 21:06 – 000000000 ____D C:UsersBoboAppDataRoamingIObit
2021-06-28 13:17 – 2020-08-04 20:59 – 000000000 ____D C:UsersBoboAppDataLocalLowIObit
2021-06-28 13:11 – 2021-02-27 07:04 – 000000000 ___DC C:WINDOWSPanther
2021-06-28 13:11 – 2020-11-08 06:26 – 000000000 ____D C:UsersBoboNCH Software Suite
2021-06-28 13:09 – 2020-08-04 20:59 – 000000000 ____D C:ProgramDataProductData
2021-06-28 12:51 – 2020-05-19 16:44 – 000000000 ____D C:Program FilesMozilla Firefox
2021-06-28 12:51 – 2020-05-19 16:44 – 000000000 ____D C:Program Files (x86)Mozilla Maintenance Service
2021-06-26 12:37 – 2019-12-07 11:14 – 000000000 ___HD C:Program FilesWindowsApps
2021-06-25 13:26 – 2020-05-19 16:44 – 000001005 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsFirefox.lnk
2021-06-25 13:22 – 2021-02-27 08:44 – 000003846 _____ C:WINDOWSsystem32TasksBitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2021-06-25 13:22 – 2020-05-19 16:11 – 000000000 ____D C:Program FilesBitdefender Agent
2021-06-23 20:11 – 2020-07-02 15:32 – 000001388 _____ C:UsersBoboDesktopRoblox Player.lnk
2021-06-23 20:11 – 2020-07-02 15:32 – 000001211 _____ C:UsersBoboDesktopRoblox Studio.lnk
2021-06-23 20:11 – 2020-07-02 15:32 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsRoblox
2021-06-19 15:25 – 2020-05-19 16:58 – 000000000 ____D C:UsersBoboDesktoppic
2021-06-18 05:18 – 2021-02-27 08:44 – 000003690 _____ C:WINDOWSsystem32TasksROCCAT DEVICE SERVICE
2021-06-09 16:17 – 2020-05-19 16:31 – 002186608 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64nvspcap.dll
2021-06-09 16:17 – 2020-05-19 16:31 – 001293680 _____ (NVIDIA Corporation) C:WINDOWSsystem32NvRtmpStreamer64.dll
2021-06-09 13:59 – 2019-12-07 11:14 – 000000000 ___RD C:WINDOWSPrintDialog
2021-06-09 13:59 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSSysWOW64lv-LV
2021-06-09 13:59 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSSysWOW64et-EE
2021-06-09 13:59 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSsystem32migwiz
2021-06-09 13:59 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSsystem32lv-LV
2021-06-09 13:59 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSsystem32et-EE
2021-06-09 13:10 – 2020-05-19 16:25 – 000000000 ____D C:WINDOWSsystem32MRT
2021-06-09 13:08 – 2020-05-19 16:25 – 132447432 ____C (Microsoft Corporation) C:WINDOWSsystem32MRT.exe
2021-06-04 14:22 – 2020-05-19 16:31 – 000168304 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvaudcap64v.dll
2021-06-04 14:22 – 2020-05-19 16:31 – 000144240 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64nvaudcap32v.dll
2021-06-02 19:03 – 2020-09-30 23:47 – 000000000 ____D C:Program FilesMicrosoft Update Health Tools

==================== Files in the root of some directories ========

2020-09-15 22:38 – 2020-12-19 23:41 – 001065984 _____ () C:UsersBoboAppDataLocalfile__0.localstorage
2021-06-28 13:55 – 2021-06-28 13:55 – 000007605 _____ () C:UsersBoboAppDataLocalResmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-06-2021
Ran by Bobo (28-06-2021 23:40:32)
Running from C:UsersBoboDesktop
Windows 10 Home Version 20H2 19042.1081 (X64) (2021-02-27 06:44:32)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2778596834-1194538121-2314244375-500 – Administrator – Disabled)
Bobo (S-1-5-21-2778596834-1194538121-2314244375-1001 – Administrator – Enabled) => C:UsersBobo
DefaultAccount (S-1-5-21-2778596834-1194538121-2314244375-503 – Limited – Disabled)
Gæst (S-1-5-21-2778596834-1194538121-2314244375-501 – Limited – Disabled)
WDAGUtilityAccount (S-1-5-21-2778596834-1194538121-2314244375-504 – Limited – Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled – Up to date) {BAD274F4-FA00-8560-1CDE-6C830442BEFA}
AV: Windows Defender (Disabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled – Out of date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
FW: Bitdefender Firewall (Enabled) {82E9F5D1-B06F-8438-3781-C5B6FA91F981}

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM…7-Zip) (Version: 19.00 – Igor Pavlov)
Apex Legends (HKLM-x32…{D7FBF176-382D-484E-863A-DFD1124A2A1C}) (Version: 1.0.3.8 – Electronic Arts, Inc.)
Bitdefender Agent (HKLM…Bitdefender Agent) (Version: 25.0.1.192 – Bitdefender)
Bitdefender Total Security (HKLM…Bitdefender) (Version: 24.0.24.131 – Bitdefender)
Bitdefender VPN (HKLM…Bitdefender VPN) (Version: 25.4.2.39 – Bitdefender)
Discord (HKUS-1-5-21-2778596834-1194538121-2314244375-1001…Discord) (Version: 0.0.309 – Discord Inc.)
Google Chrome (HKLM-x32…Google Chrome) (Version: 91.0.4472.114 – Google LLC)
Heaven Benchmark version 4.0 (HKLM-x32…Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 – Unigine Corp.)
Intel® Management Engine Components (HKLM…{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1846.12.0.1177 – Intel Corporation)
Intel® Processor Graphics (HKLM-x32…{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 25.20.100.6471 – Intel Corporation)
Intel® Rapid Storage Technology (HKLM…{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 17.2.0.1009 – Intel Corporation)
Intel® Trusted Connect Service Client x86 (HKLM-x32…{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.50.638.1 – Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32…{99ee3c29-c7cd-450f-8db9-d43cc49de1c7}) (Version: 1.50.638.1 – Intel Corporation) Hidden
Malwarebytes version 4.4.0.117 (HKLM…{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.0.117 – Malwarebytes)
Microsoft Edge (HKLM-x32…Microsoft Edge) (Version: 91.0.864.59 – Microsoft Corporation)
Microsoft Update Health Tools (HKLM…{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 – Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.6161 (HKLM-x32…{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 – Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable – 10.0.40219 (HKLM…{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 – Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable – 10.0.40219 (HKLM-x32…{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 – Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) – 11.0.61030 (HKLM-x32…{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 – Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) – 11.0.61030 (HKLM-x32…{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 – Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.30501 (HKLM-x32…{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 – Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) – 12.0.30501 (HKLM-x32…{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 – Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) – 14.28.29325 (HKLM-x32…{33628a12-6787-4b9f-95a1-92449f69fae0}) (Version: 14.28.29325.2 – Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) – 14.24.28127 (HKLM-x32…{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 – Microsoft Corporation)
Mozilla Firefox 89.0.2 (x64 da) (HKLM…Mozilla Firefox 89.0.2 (x64 da)) (Version: 89.0.2 – Mozilla)
Mozilla Maintenance Service (HKLM…MozillaMaintenanceService) (Version: 76.0.1 – Mozilla)
NVIDIA FrameView SDK 1.1.4923.29968894 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29968894 – NVIDIA Corporation)
NVIDIA GeForce Experience 3.23.0.74 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.23.0.74 – NVIDIA Corporation)
NVIDIA Grafikdriver 466.27 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 466.27 – NVIDIA Corporation)
NVIDIA HD-lyddriver 1.3.38.40 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 – NVIDIA Corporation)
NVIDIA PhysX-systemsoftware 9.19.0218 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 – NVIDIA Corporation)
NVIDIA USBC Driver 1.46.831.832 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.46.831.832 – NVIDIA Corporation)
OBS Studio (HKLM-x32…OBS Studio) (Version: 25.0.8 – OBS Project)
Origin (HKLM-x32…Origin) (Version: 10.5.100.48178 – Electronic Arts, Inc.)
ProtonVPN (HKLM-x32…{E1B7E6B6-393F-4DCB-BCA5-00000E00CC7A}) (Version: 1.18.2 – Proton Technologies AG) Hidden
ProtonVPN (HKLM-x32…ProtonVPN 1.18.2) (Version: 1.18.2 – Proton Technologies AG)
ProtonVPNTap (HKLM-x32…{5DA710E2-1B81-4675-BFC5-76BAF63AE1F6}) (Version: 1.1.3 – Proton Technologies AG)
Python 3.8.5 (32-bit) (HKUS-1-5-21-2778596834-1194538121-2314244375-1001…{44a59e57-34e2-4d86-93ba-a2588bfac760}) (Version: 3.8.5150.0 – Python Software Foundation)
Python 3.8.5 Add to Path (32-bit) (HKLM-x32…{2D01141A-8022-4100-B256-02EFB0F1830B}) (Version: 3.8.5150.0 – Python Software Foundation) Hidden
Python 3.8.5 Core Interpreter (32-bit) (HKLM-x32…{31F7FCA7-1F15-48FD-BFB9-91FE58FC2F07}) (Version: 3.8.5150.0 – Python Software Foundation) Hidden
Python 3.8.5 Development Libraries (32-bit) (HKLM-x32…{657AEF25-7BC3-4E93-A08C-ECD14E8A74AE}) (Version: 3.8.5150.0 – Python Software Foundation) Hidden
Python 3.8.5 Documentation (32-bit) (HKLM-x32…{F7A293EB-21B8-45DE-85A5-8ADEB68B9EFB}) (Version: 3.8.5150.0 – Python Software Foundation) Hidden
Python 3.8.5 Executables (32-bit) (HKLM-x32…{F6156224-C882-453A-9046-EFCD31982E68}) (Version: 3.8.5150.0 – Python Software Foundation) Hidden
Python 3.8.5 pip Bootstrap (32-bit) (HKLM-x32…{71C0D67F-EF42-4C5C-A2AE-04FD8B38AB1C}) (Version: 3.8.5150.0 – Python Software Foundation) Hidden
Python 3.8.5 Standard Library (32-bit) (HKLM-x32…{4D147A72-5C01-47B2-8789-1D1969F6AC32}) (Version: 3.8.5150.0 – Python Software Foundation) Hidden
Python 3.8.5 Tcl/Tk Support (32-bit) (HKLM-x32…{653FBD26-2D1A-48C1-AAB1-0AB6F2A3749B}) (Version: 3.8.5150.0 – Python Software Foundation) Hidden
Python 3.8.5 Test Suite (32-bit) (HKLM-x32…{DE45C740-8250-4A49-8B81-FE347C70E6BA}) (Version: 3.8.5150.0 – Python Software Foundation) Hidden
Python 3.8.5 Utility Scripts (32-bit) (HKLM-x32…{9450D936-1E4F-44EF-A0D4-92C471229B98}) (Version: 3.8.5150.0 – Python Software Foundation) Hidden
Python Launcher (HKLM-x32…{CEEAEA02-2472-4BF6-8994-52D6783F5575}) (Version: 3.8.7140.0 – Python Software Foundation)
Realtek Ethernet Controller Driver (HKLM-x32…{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.31.828.2018 – Realtek)
Realtek High Definition Audio Driver (HKLM-x32…{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8746.1 – Realtek Semiconductor Corp.)
Roblox Player (HKLM-x32…roblox-player-admin) (Version:  – Roblox Corporation)
ROCCAT Swarm (HKLM-x32…{9D12397F-45AF-4517-B492-1D1E2FA475EE}) (Version: 1.93.900 – ROCCAT GmbH) Hidden
ROCCAT Swarm (HKLM-x32…InstallShield_{9D12397F-45AF-4517-B492-1D1E2FA475EE}) (Version: 1.93.900 – ROCCAT GmbH)
Samsung DeX (HKLM-x32…{589A31D3-C347-4F23-A3B8-98E7603C3DCA}) (Version: 2.0.0.21 – Samsung Electronics Co., Ltd.) Hidden
Samsung DeX (HKLM-x32…{a57d934a-f197-4680-96f3-6b7b837ab1fa}) (Version: 2.0.0.21 – Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM…{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.43.0 – Samsung Electronics Co., Ltd.)
Steam (HKLM-x32…Steam) (Version: 2.10.91.91 – Valve Corporation)
VLC media player (HKLM…VLC media player) (Version: 3.0.14 – VideoLAN)

Packages:
=========
Bubble Witch 3 Saga -> C:Program FilesWindowsAppsking.com.BubbleWitch3Saga_7.5.37.0_x86__kgqvnymyfvs32 [2021-05-26] (king.com)
Candy Crush Friends -> C:Program FilesWindowsAppsking.com.CandyCrushFriends_1.60.1.0_x86__kgqvnymyfvs32 [2021-06-24] (king.com)
Canon Inkjet Print Utility -> C:Program FilesWindowsApps34791E63.CanonInkjetPrintUtility_3.1.0.0_neutral__6e5tt8cgb93ep [2021-02-19] (Canon Inc.)
Intel® grafikkommandocenter -> C:Program FilesWindowsAppsAppUp.IntelGraphicsExperience_1.100.3325.0_x64__8j3eq9eme6ctt [2021-05-07] (INTEL CORP) [Startup Task]
Intel® Graphics Control Panel -> C:Program FilesWindowsAppsAppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2020-05-19] (INTEL CORP)
Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-02-27] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-02-27] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:Program FilesWindowsAppsMicrosoft.MicrosoftSolitaireCollection_4.9.6151.0_x64__8wekyb3d8bbwe [2021-06-20] (Microsoft Studios) [MS Ad]
NVIDIA Control Panel -> C:Program FilesWindowsAppsNVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-05-26] (NVIDIA Corp.)
Realtek Audio Control -> C:Program FilesWindowsAppsRealtekSemiconductorCorp.RealtekAudioControl_1.2.155.0_x64__dt26b99r8h8gj [2021-02-27] (Realtek Semiconductor Corp)
Spotify Music -> C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.161.583.0_x86__zpdnekdrzrea0 [2021-06-10] (Spotify AB) [Startup Task]
Tilføjelsesprogrammet Photos Media Engine -> C:Program FilesWindowsAppsMicrosoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-12-20] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:7-zip7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2021-06-28] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:7-zip7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:WINDOWSSystem32DriverStoreFileRepositorynv_dispi.inf_amd64_a494df49ba2f9f36nvshext.dll [2021-04-27] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:7-zip7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2021-06-28] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:UsersBoboDesktopautokeyattack – genvej.lnk -> C:UsersBoboDesktopautokeyattack.bat ()
Shortcut: C:UsersBoboDesktopautokeyimproved attackbat – genvej.lnk -> C:UsersBoboDesktopautokeyimproved attackbat.bat ()
Shortcut: C:UsersBoboDesktopautokeyRemove-Error – genvej.lnk -> C:UsersBoboDesktopautokeyRemove-Error.bat ()

==================== Loaded Modules (Whitelisted) =============

2021-01-23 21:01 – 2019-02-21 18:00 – 000078336 _____ (Igor Pavlov) [File not signed] D:7-zip7-zip.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalMBAMService => “”=”Service”
HKLMSYSTEMCurrentControlSetControlSafeBootNetworkMBAMService => “”=”Service”

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
HKUS-1-5-21-2778596834-1194538121-2314244375-1001SoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
BHO: Bitdefender Trackers Blocking -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:Program FilesBitdefenderBitdefender Securitybdtbie.dll [2021-05-20] (Bitdefender SRL -> Bitdefender)
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:Program FilesBitdefenderBitdefender Securitypmbxie.dll [2021-05-20] (Bitdefender SRL -> Bitdefender)
BHO-x32: Bitdefender Trackers Blocking -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:Program FilesBitdefenderBitdefender Securityantispam32bdtbie.dll [2021-05-20] (Bitdefender SRL -> Bitdefender)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:Program FilesBitdefenderBitdefender SecurityAntispam32pmbxie.dll [2021-05-20] (Bitdefender SRL -> Bitdefender)
Toolbar: HKLM – Bitdefender Wallet – {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} – C:Program FilesBitdefenderBitdefender Securitypmbxie.dll [2021-05-20] (Bitdefender SRL -> Bitdefender)
Toolbar: HKLM-x32 – Bitdefender Wallet – {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} – C:Program FilesBitdefenderBitdefender SecurityAntispam32pmbxie.dll [2021-05-20] (Bitdefender SRL -> Bitdefender)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 06:49 – 2021-06-28 23:28 – 000000824 _____ C:WINDOWSsystem32driversetchosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKUS-1-5-21-2778596834-1194538121-2314244375-1001Control PanelDesktopWallpaper ->
DNS Servers: 1.1.1.1 – 1.0.0.1
HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM…StartupApprovedRun: => “SecurityHealth”
HKLM…StartupApprovedRun: => “BdVpnApp”
HKLM…StartupApprovedRun32: => “Discord”
HKUS-1-5-21-2778596834-1194538121-2314244375-1001…StartupApprovedRun: => “Discord”
HKUS-1-5-21-2778596834-1194538121-2314244375-1001…StartupApprovedRun: => “Samsung DeX”
HKUS-1-5-21-2778596834-1194538121-2314244375-1001…StartupApprovedRun: => “Steam”

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{EB1E5BD2-3CCD-45F9-996B-B122ADECC62B}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{209EE4E5-9961-4DDA-9659-33B428DB6813}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{89811AE2-959F-40B9-B048-48FBDC7082CD}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{69833C15-EA3C-4304-986D-E1637CACBC84}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0442D46C-DE15-4C2B-A6D7-6FD2B996BADC}] => (Allow) D:Program Files (x86)Origin GamesApexEasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{EB38A5F6-684E-4FDD-8D07-B448733A4E72}] => (Allow) D:Program Files (x86)Origin GamesApexEasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{7D7C5CF8-8B99-476A-AD72-2AC66D6072A0}] => (Allow) C:Program FilesMozilla Firefoxfirefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{717D1FEE-2D50-46C4-B317-A3827775C98F}] => (Allow) C:Program FilesMozilla Firefoxfirefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{DAA8ECCF-1836-46C9-8786-F0A858B4230F}] => (Allow) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{DBAE878F-D412-4F1A-8815-12E921C95347}] => (Allow) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{180DBDFC-5A2D-419A-A8EC-17726F4F00DF}] => (Allow) C:Program Files (x86)SteamSteam.exe (Valve -> Valve Corporation)
FirewallRules: [{19CDA21B-D965-4073-9C50-5CB769630818}] => (Allow) C:Program Files (x86)SteamSteam.exe (Valve -> Valve Corporation)
FirewallRules: [{A33AB606-B275-4C16-8A91-3017F1547461}] => (Allow) C:Program Files (x86)Steambincefcef.win7x64steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{6438F899-FA66-4360-8872-3AD13E168863}] => (Allow) C:Program Files (x86)Steambincefcef.win7x64steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{7655E5F3-E4B6-4DBF-B606-9F6234D20760}] => (Allow) D:SteamLibrarysteamappscommonPaladinsBinariesWin64PaladinsEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{929E365D-3F39-4E15-B5C2-C256C0E25A38}] => (Allow) D:SteamLibrarysteamappscommonPaladinsBinariesWin64PaladinsEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{FEB1202E-530E-42D9-8BF5-000C0DD2BD0A}] => (Allow) D:ProgrammerTeamviewerTeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{05793896-5388-49FE-B8FC-32F70C00EFAB}] => (Allow) D:ProgrammerTeamviewerTeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{830CF646-0913-4E8B-AE78-822D5B9B733D}] => (Allow) D:ProgrammerTeamviewerTeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{817ED878-8AD0-4661-AC2E-BA774FCF3BA4}] => (Allow) D:ProgrammerTeamviewerTeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{D6423A91-9061-4406-B97C-354342697A4C}] => (Allow) D:mobil dexSamsung DeXSamsungDeX.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{C9E5EE32-FF22-41C8-8048-B351336EB062}] => (Allow) D:mobil dexSamsung DeXSamsungDeX.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{B87DBC62-C715-4AEF-8E6E-CD5E38D210B1}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.161.583.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{74F2A614-5DC4-4849-9EC1-BF6E2F99AB93}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.161.583.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D371D5EB-908F-443C-951E-7FC5903E059C}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.161.583.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E0870AE8-19FD-41BB-9C3E-C6CFAA52D380}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.161.583.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F0D3608F-DB16-45C6-AEE8-D2BD9F16FF29}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.161.583.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9781984B-7D63-4A4C-BA0E-12E3F74557DB}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.161.583.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3C5D4C14-31ED-40CE-808B-10F70EF0AF66}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.161.583.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0443F86D-2CF1-4831-AB55-F69687AFB781}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.161.583.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{DD670C99-8022-4FE8-B845-ED3CA892F73A}] => (Allow) C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC -> Google LLC)
FirewallRules: [{59424D5A-859F-4195-BC17-A8DD88B0F216}] => (Allow) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3AE47BE8-BE01-4EF6-9A78-868B93CAF215}] => (Allow) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{FAF974AD-D76A-46E2-B153-930AC03C49A7}] => (Allow) C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4DA2ADC3-C51D-4F4E-A8B5-57E49B11E689}] => (Allow) C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)

==================== Restore Points =========================

09-06-2021 13:10:09 Installationsprogram til Windows-moduler
18-06-2021 15:09:37 Planlagt kontrolpunkt
27-06-2021 15:24:21 Planlagt kontrolpunkt

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (06/28/2021 11:29:23 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Fejl under opdatering af -statussen til SECURITY_PRODUCT_STATE_ON.

Error: (06/28/2021 11:29:18 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Fejl under opdatering af -statussen til SECURITY_PRODUCT_STATE_ON.

Error: (06/28/2021 11:29:13 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Fejl under opdatering af -statussen til SECURITY_PRODUCT_STATE_ON.

Error: (06/28/2021 11:29:08 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Fejl under opdatering af -statussen til SECURITY_PRODUCT_STATE_ON.

Error: (06/28/2021 11:29:03 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Fejl under opdatering af -statussen til SECURITY_PRODUCT_STATE_ON.

Error: (06/28/2021 11:28:58 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Fejl under opdatering af -statussen til SECURITY_PRODUCT_STATE_ON.

Error: (06/28/2021 11:28:53 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Fejl under opdatering af -statussen til SECURITY_PRODUCT_STATE_ON.

Error: (06/28/2021 11:28:48 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Fejl under opdatering af -statussen til SECURITY_PRODUCT_STATE_ON.

System errors:
=============
Error: (06/28/2021 11:38:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Tjenesten NVIDIA LocalSystem Container blev afbrudt uventet. Dette er sket 1 gange. Følgende korrigerende handling foretages om 6000 millisekunder: Genstart tjenesten.

Error: (06/28/2021 11:38:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjenesten Origin Web Helper Service afsluttede uventet. Dette er sket 1 gang(e).

Error: (06/28/2021 11:38:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Tjenesten Bitdefender Agent RedLine Service blev afbrudt uventet. Dette er sket 1 gange. Følgende korrigerende handling foretages om 60000 millisekunder: Genstart tjenesten.

Error: (06/28/2021 11:38:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjenesten Intel® Dynamic Application Loader Host Interface Service afsluttede uventet. Dette er sket 1 gang(e).

Error: (06/28/2021 11:38:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjenesten SAMSUNG Mobile Connectivity Service afsluttede uventet. Dette er sket 1 gang(e).

Error: (06/28/2021 11:38:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjenesten ProductAgentService afsluttede uventet. Dette er sket 1 gang(e).

Error: (06/28/2021 11:38:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjenesten Bitdefender Vpn Service afsluttede uventet. Dette er sket 1 gang(e).

Error: (06/28/2021 11:38:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Tjenesten SAMSUNG Mobile Connectivity Service V2 blev afbrudt uventet. Dette er sket 1 gange. Følgende korrigerende handling foretages om 100 millisekunder: Genstart tjenesten.

CodeIntegrity:
===============
Date: 2021-05-09 23:52:57
Description:
Code Integrity determined that a process (DeviceHarddiskVolume4WindowsSystem32vdsldr.exe) attempted to load DeviceHarddiskVolume5ProgrammerTeamviewertv_x64.dll that did not meet the Microsoft signing level requirements.

Date: 2021-05-09 23:24:15
Description:
Code Integrity determined that a process (DeviceHarddiskVolume5WindowsSystem32vdsldr.exe) attempted to load DeviceHarddiskVolume5UsersBoboAppDataLocalTempTeamViewertv_x64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 1006 08/13/2019
Motherboard: ASUSTeK COMPUTER INC. PRIME H310M-E R2.0
Processor: Intel® Core™ i5-9500 CPU @ 3.00GHz
Percentage of memory in use: 28%
Total physical RAM: 16319.21 MB
Available physical RAM: 11636.98 MB
Total Virtual: 18751.21 MB
Available Virtual: 12443.22 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:476.31 GB) (Free:414.09 GB) NTFS
Drive d: (Ny diskenhed) (Fixed) (Total:931.51 GB) (Free:865.12 GB) NTFS

?Volume{c259432f-e92e-4083-b488-c6b8ca02a8d0} (Genoprettelse) (Fixed) (Total:0.52 GB) (Free:0.1 GB) NTFS
?Volume{38709cfb-38d5-4085-b110-02bc1dfd68bc} () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 91C2ABA2)

Partition: GPT.

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 599FC304)
Partition 1: (Not Active) – (Size=931.5 GB) – (Type=07 NTFS)

==================== End of Addition.txt =======================

Edited by DragonMaster141, 28 June 2021 – 04:57 PM.





Original Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


Ads

NATIONAL CYBER SECURITY RADIO

Ads

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW