Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2025 Ran by DragonBorn (administrator) on DRAGONBORN-PC (08-09-2025 23:48:15) Running from C:\Users\DragonBorn\Desktop\FRST\FRST64.exe Loaded Profiles: DragonBorn Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\taskmgr.exe (explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (nvvsvc.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (services.exe ->) () [File not signed] C:\ProgramData\Windows\rutserv.exe (services.exe ->) (Access Denied) [File not signed?] C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (services.exe ->) (Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe <2> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [19572512 2021-04-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [Realtek HD Audio] => C:\ProgramData\RealtekHD\taskhostw.exe [3050496 2020-09-23] (Realtek Semiconductor) [File not signed] <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\MRT: Restriction <==== ATTENTION HKLM\SYSTEM\...\Terminal Server: [fDenyTSConnections] = 0 <==== ATTENTION HKU\S-1-5-21-4041630877-3052751684-3598553497-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [45875504 2025-03-12] (Gen Digital Inc. -> Gen Digital Inc.) HKU\S-1-5-21-4041630877-3052751684-3598553497-1000\...\Run: [IDMan] => C:\Program Files (x86)\ExternalApps\Internet Download Manager\IDMan.exe [6013952 2025-08-06] (Tonec Inc.) [File not signed] HKU\S-1-5-21-4041630877-3052751684-3598553497-1000\...\Policies\Explorer: [DisallowRun] 1 HKU\S-1-5-21-4041630877-3052751684-3598553497-1000\...\Policies\Explorer\DisallowRun: [1] eav_trial_rus.exe HKU\S-1-5-21-4041630877-3052751684-3598553497-1000\...\Policies\Explorer\DisallowRun: [2] avast_free_antivirus_setup_online.exe HKU\S-1-5-21-4041630877-3052751684-3598553497-1000\...\Policies\Explorer\DisallowRun: [3] eis_trial_rus.exe HKU\S-1-5-21-4041630877-3052751684-3598553497-1000\...\Policies\Explorer\DisallowRun: [4] essf_trial_rus.exe HKU\S-1-5-21-4041630877-3052751684-3598553497-1000\...\Policies\Explorer\DisallowRun: [5] hitmanpro_x64.exe HKU\S-1-5-21-4041630877-3052751684-3598553497-1000\...\Policies\Explorer\DisallowRun: [6] ESETOnlineScanner_UKR.exe HKU\S-1-5-21-4041630877-3052751684-3598553497-1000\...\Policies\Explorer\DisallowRun: [7] ESETOnlineScanner_RUS.exe HKU\S-1-5-21-4041630877-3052751684-3598553497-1000\...\Policies\Explorer\DisallowRun: [8] HitmanPro.exe HKU\S-1-5-21-4041630877-3052751684-3598553497-1000\...\Policies\Explorer\DisallowRun: [9] 360TS_Setup_Mini.exe HKU\S-1-5-21-4041630877-3052751684-3598553497-1000\...\Policies\Explorer\DisallowRun: [10] Cezurity_Scanner_Pro_Free.exe HKU\S-1-5-21-4041630877-3052751684-3598553497-1000\...\Policies\Explorer\DisallowRun: [11] Cube.exe HKU\S-1-5-21-4041630877-3052751684-3598553497-1000\...\MountPoints2: {072783a3-c91c-11ef-92d0-90e6ba829c2a} - هچژن¸؛و‰‹وœ؛هٹ©و‰‹ه®‰è£…هگ‘ه¯¼.exe HKU\S-1-5-21-4041630877-3052751684-3598553497-1000\...\MountPoints2: {5a975338-a38f-11ef-a46a-ca6371625c2f} - هچژن¸؛و‰‹وœ؛هٹ©و‰‹ه®‰è£…هگ‘ه¯¼.exe HKU\S-1-5-21-4041630877-3052751684-3598553497-500\...\MountPoints2: {072783a3-c91c-11ef-92d0-90e6ba829c2a} - هچژن¸؛و‰‹وœ؛هٹ©و‰‹ه®‰è£…هگ‘ه¯¼.exe HKLM\...\Windows x64\Print Processors\SSP2MPC: C:\Windows\System32\spool\prtprocs\x64\ssp2mpc.dll [33792 2009-09-01] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Server 2003 DDK provider) HKLM\...\Print\Monitors\SSP2M Langmon: C:\Windows\system32\ssp2ml6.dll [22016 2009-09-01] (Microsoft Windows Hardware Compatibility Publisher -> ) HKLM\Software\...\AppCompatFlags\Custom\Risen.exe: [{6bd41b13-a359-4b67-811b-48b41f7a63ef}.sdb] -> gogrisen HKLM\Software\...\AppCompatFlags\InstalledSDB\{6bd41b13-a359-4b67-811b-48b41f7a63ef}: [DatabasePath] -> C:\Windows\AppPatch\Custom\{6bd41b13-a359-4b67-811b-48b41f7a63ef}.sdb [2014-03-28] HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\109.0.5414.120\Installer\chrmstp.exe [2024-08-31] (Google LLC -> Google LLC) HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2009-08-18] (Microsoft Corporation -> Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {46A035FB-CD79-4693-B6A5-A46B388496B4} - System32\Tasks\Microsoft Office 15 Sync Maintenance for DragonBorn-PC-DragonBorn DragonBorn-PC => C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE [470720 2014-01-23] (Microsoft Corporation -> Microsoft Corporation) Task: {1E219741-B97A-42EA-81D8-57966F69CC46} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation) Task: {60BFC516-A33F-4708-B765-3BCE25C13774} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation) Task: {04995F7D-3F3E-4CE1-8094-74AAB1B4046A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation) Task: {816A85B0-231C-4786-8376-BA85F8DEC614} - System32\Tasks\Microsoft\Windows\Wininet\Cleaner => C:\Programdata\WindowsTask\winlogon.exe [390144 2019-04-19] () [File not signed] <==== ATTENTION Task: {7768E906-FF00-427C-97BB-6ED00644F588} - System32\Tasks\Microsoft\Windows\Wininet\RealtekHDControl => C:\Programdata\RealtekHD\taskhost.exe [1786368 2020-09-23] (Microsoft Corporation) [File not signed] <==== ATTENTION Task: {35479B40-A674-4E23-9B0B-C721C24E724A} - System32\Tasks\Microsoft\Windows\Wininet\RealtekHDStartUP => C:\Programdata\RealtekHD\taskhost.exe [1786368 2020-09-23] (Microsoft Corporation) [File not signed] <==== ATTENTION Task: {93E5CA1C-2AAE-4B06-9438-2703321F159D} - System32\Tasks\Microsoft\Windows\Wininet\Taskhost => C:\Programdata\RealtekHD\taskhostw.exe [3050496 2020-09-23] (Realtek Semiconductor) [File not signed] <==== ATTENTION Task: {60CABFB4-D05F-4BC4-AAE5-7C8CF1AFBBE3} - System32\Tasks\Microsoft\Windows\Wininet\Taskhostw => C:\Programdata\RealtekHD\taskhostw.exe [3050496 2020-09-23] (Realtek Semiconductor) [File not signed] <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528 2009-08-18] (Microsoft Corporation -> Microsoft Corporation) Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528 2009-08-18] (Microsoft Corporation -> Microsoft Corporation) Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304 2009-08-18] (Microsoft Corporation -> Microsoft Corporation) Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304 2009-08-18] (Microsoft Corporation -> Microsoft Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.43.1 Tcpip\..\Interfaces\{5A177905-5EFD-46E2-B9F7-358458FD61C5}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{71936D84-6712-49D7-9BAC-3D07404DD259}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{94627352-FB7C-438D-A3E3-EA80883AF11C}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{D69E7721-8A00-424E-A9BC-AF2EEDB54E2A}: [DhcpNameServer] 192.168.43.1 Tcpip\..\Interfaces\{D69E7721-8A00-424E-A9BC-AF2EEDB54E2A}\8455147554940295731602D61686: [DhcpNameServer] 192.168.43.1 Tcpip\..\Interfaces\{D69E7721-8A00-424E-A9BC-AF2EEDB54E2A}\84551475549402E6F6671602131396: [DhcpNameServer] 192.168.43.1 FireFox: ======== FF HKU\S-1-5-21-4041630877-3052751684-3598553497-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\DragonBorn\AppData\Roaming\IDM\idmmzcc5 FF Extension: (IDM CC) - C:\Users\DragonBorn\AppData\Roaming\IDM\idmmzcc5 [2024-08-31] [Legacy] [not signed] FF HKU\S-1-5-21-4041630877-3052751684-3598553497-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\ExternalApps\Internet Download Manager\idmmzcc2.xpi FF Extension: (IDM integration) - C:\Program Files (x86)\ExternalApps\Internet Download Manager\idmmzcc2.xpi [2017-12-19] [Legacy] FF Plugin: @java.com/DTPlugin,version=11.251.2 -> C:\Program Files\Java\jre1.8.0_251\bin\dtplugin\npDeployJava1.dll [2024-09-01] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.251.2 -> C:\Program Files\Java\jre1.8.0_251\bin\plugin2\npjp2.dll [2024-09-01] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\ExternalApps\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2024-09-14] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\ExternalApps\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2024-09-14] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\ExternalApps\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2024-09-14] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\ExternalApps\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2024-09-14] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\ExternalApps\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2024-09-14] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.251.2 -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\dtplugin\npDeployJava1.dll [2024-09-01] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.251.2 -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\plugin2\npjp2.dll [2024-09-01] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-22] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation) Chrome: ======= CHR DefaultProfile: Profile 1 CHR Profile: C:\Users\DragonBorn\AppData\Local\Google\Chrome\User Data\Default [2025-08-20] CHR Extension: (Google Docs Offline) - C:\Users\DragonBorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-08-31] CHR Extension: (IDM Integration Module) - C:\Users\DragonBorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2025-07-06] CHR Extension: (Chrome Web Store Payments) - C:\Users\DragonBorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2025-01-02] CHR Profile: C:\Users\DragonBorn\AppData\Local\Google\Chrome\User Data\Guest Profile [2025-09-08] CHR Profile: C:\Users\DragonBorn\AppData\Local\Google\Chrome\User Data\Profile 1 [2025-09-08] CHR Notifications: Profile 1 -> hxxps://web.eitaa.com; hxxps://web.igap.net CHR HomePage: Profile 1 -> hxxps://www.google.com/ CHR Extension: (Google Docs Offline) - C:\Users\DragonBorn\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-08-31] CHR Extension: (Pie Adblock - A Powerful Free Ad Blocker) - C:\Users\DragonBorn\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jpkfgepcmmchgfbjblnodjhldacghenp [2025-08-06] CHR Extension: (Free VPN for Chrome - VPN Proxy VeePN) - C:\Users\DragonBorn\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\majdfhpaihoncoakbjgbdhglocklcgno [2025-09-06] CHR Extension: (IDM Integration Module) - C:\Users\DragonBorn\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2025-07-30] CHR Extension: (Chrome Web Store Payments) - C:\Users\DragonBorn\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-10-02] CHR Profile: C:\Users\DragonBorn\AppData\Local\Google\Chrome\User Data\Profile 2 [2025-08-20] CHR Extension: (Google Docs Offline) - C:\Users\DragonBorn\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-01-24] CHR Extension: (IDM Integration Module) - C:\Users\DragonBorn\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2025-08-06] CHR Extension: (Chrome Web Store Payments) - C:\Users\DragonBorn\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2025-01-24] CHR Profile: C:\Users\DragonBorn\AppData\Local\Google\Chrome\User Data\Profile 6 [2025-08-20] CHR Extension: (Google Docs Offline) - C:\Users\DragonBorn\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-08-06] CHR Extension: (IDM Integration Module) - C:\Users\DragonBorn\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2025-08-06] CHR Extension: (Chrome Web Store Payments) - C:\Users\DragonBorn\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2025-08-06] CHR Profile: C:\Users\DragonBorn\AppData\Local\Google\Chrome\User Data\System Profile [2025-09-08] CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\ExternalApps\Internet Download Manager\IDMGCExt.crx [2024-07-16] CHR HKU\S-1-5-21-4041630877-3052751684-3598553497-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\ExternalApps\Internet Download Manager\IDMGCExt.crx [2024-07-16] CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\ExternalApps\Internet Download Manager\IDMGCExt.crx [2024-07-16] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 Bluetooth Device Monitor; C:\Program Files (x86)\ExternalApps\Bluetooth\devmonsrv.exe [1206648 2014-12-04] (Motorola Solutions Inc. -> Motorola Solutions, Inc.) S4 Bluetooth Media Service; C:\Program Files (x86)\ExternalApps\Bluetooth\mediasrv.exe [1710456 2015-01-13] (Motorola Solutions Inc. -> Motorola Solutions, Inc.) S4 Bluetooth OBEX Service; C:\Program Files (x86)\ExternalApps\Bluetooth\obexsrv.exe [1165688 2014-10-28] (Motorola Solutions Inc. -> Motorola Solutions, Inc.) S4 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1088816 2025-03-12] (Gen Digital Inc. -> Gen Digital Inc.) S4 FoxitReaderUpdateService; C:\Program Files (x86)\Common Files\Foxit\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe [2494448 2024-09-11] (FOXIT SOFTWARE INC. -> Foxit Software Inc.) S4 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2024-08-31] (Google Inc -> Google LLC) S4 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2024-08-31] (Google Inc -> Google LLC) S4 iBtSiva; C:\Program Files (x86)\ExternalApps\Bluetooth\ibtsiva.exe [131312 2015-03-20] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) S4 InnovativeSolutions_monitor; C:\Program Files (x86)\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe [1065544 2017-08-10] (Innovative Solutions Grup SRL -> ) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2025-01-13] (Even Balance, Inc. -> ) R2 RManService; C:\ProgramData\Windows\rutserv.exe [1789440 2016-01-23] () [File not signed] R3 TermService; C:\Program Files\RDP Wrapper\rdpwrap.dll [116736 2025-09-08] (Stas'M Corp.) [File not signed] <==== ATTENTION (no ServiceDLL) S3 VSInstallerElevationService; C:\Program Files (x86)\Microsoft Visual Studio\Installer\VSInstallerElevationService.exe [43432 2025-09-08] (Microsoft Corporation -> Microsoft) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2019-12-24] (Microsoft Windows -> Microsoft Corporation) R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2291568 2009-08-18] (Microsoft Corporation -> Microsoft Corporation) R2 wuauserv; C:\Windows\system32\wuaueng2.dll [2651136 2019-12-25] (Microsoft Corporation) [File not signed] <==== ATTENTION R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe <==== ATTENTION (Access Denied) S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe <==== ATTENTION (Access Denied) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 b06diag; C:\Windows\system32\drivers\bxdiaga.sys [88104 2012-03-08] (Broadcom Corporation -> Broadcom Corporation) S3 BFN7x64; C:\Windows\system32\drivers\Xeno7x64.sys [157288 2012-02-22] (Bigfoot Networks, Inc. -> Bigfoot Networks, Inc.) S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [142136 2015-01-13] (Motorola Solutions Inc. -> Motorola Solutions, Inc.) S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [178216 2012-02-22] (Broadcom Corporation -> Broadcom Corporation) S3 bxois; C:\Windows\system32\drivers\bxois.sys [539176 2012-02-22] (Broadcom Corporation -> Broadcom Corporation) S3 ew_usbccgpfilter; C:\Windows\System32\DRIVERS\ew_usbccgpfilter.sys [18944 2024-08-31] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) R2 IDMWFP; C:\Windows\System32\DRIVERS\idmwfp.sys [173736 2023-11-25] (Microsoft Windows Hardware Compatibility Publisher -> Tonec Inc.) R1 ISODrive; C:\Program Files (x86)\ExternalApps\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.) R2 mbamchameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223296 2025-09-08] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239576 2025-09-08] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S3 monectdevices; C:\Windows\System32\DRIVERS\monectdevices.sys [15768 2013-12-03] (Kasherlab Technology Inc. -> ) S3 mtinvme; C:\Windows\system32\drivers\mtinvme.sys [124072 2016-05-10] (Micron Technology, Inc. -> Micron Technology, Inc.) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] (ASUSTeK Computer Inc. -> ) S3 nvme; C:\Windows\system32\drivers\nvme.sys [77488 2016-08-17] (Lite-On Technology Corporation -> Windows (R) Win 7 DDK provider) S3 ocznvme; C:\Windows\system32\drivers\ocznvme.sys [99592 2016-06-10] (Toshiba America Electronic Components, Inc. -> TOSHIBA CORPORATION) R0 ocztrimfilter; C:\Windows\System32\drivers\ocztrimfilter.sys [29064 2016-06-10] (Toshiba America Electronic Components, Inc. -> TOSHIBA CORPORATION) S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [163644 2025-09-02] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed] S3 secnvme; C:\Windows\system32\drivers\secnvme.sys [91352 2018-02-13] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd) R0 secnvmeF; C:\Windows\System32\drivers\secnvmeF.sys [30624 2018-02-13] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd) S3 cpuz158; \??\C:\Windows\temp\cpuz158\cpuz158_x64.sys [X] <==== ATTENTION S3 Driver; \??\C:\Program Files\ExternalApps\Precision X1\driver-x64.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2025-09-08 23:47 - 2025-09-08 23:48 - 000000000 ____D C:\Users\DragonBorn\Desktop\FRST 2025-09-08 23:47 - 2025-09-08 23:48 - 000000000 ____D C:\FRST 2025-09-08 21:52 - 2025-09-08 23:34 - 000001968 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2025-09-08 20:52 - 2025-09-08 20:52 - 000000000 ____D C:\ProgramData\Malwarebytes 2025-09-08 20:50 - 2025-09-08 20:50 - 000000000 __SHD C:\ProgramData\tl 2025-09-08 20:50 - 2025-09-08 20:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2025-09-08 20:50 - 2025-09-08 20:50 - 000000000 ____D C:\ProgramData\MB3Migration 2025-09-08 20:50 - 2025-09-08 20:50 - 000000000 ____D C:\ProgramData\MB3CoreBackup 2025-09-08 20:50 - 2025-09-08 20:50 - 000000000 ____D C:\Program Files (x86)\7-Zip 2025-09-08 20:47 - 2025-09-08 20:47 - 000000000 ____D C:\Users\DragonBorn\Desktop\Malwarebytes.Premium.5.1.2.109_YasDL.com 2025-09-08 20:44 - 2025-09-08 20:46 - 459285947 _____ C:\Users\DragonBorn\Desktop\Malwarebytes.Premium.5.1.2.109_YasDL.com.rar 2025-09-08 20:06 - 2025-09-08 20:06 - 002849787 _____ C:\Users\DragonBorn\Downloads\Microsoft.Process.Explorer.17.06.rar 2025-09-08 20:06 - 2025-09-08 20:06 - 002849787 _____ C:\Users\DragonBorn\Desktop\Microsoft.Process.Explorer.17.06.rar 2025-09-08 20:06 - 2025-09-08 20:06 - 000000000 ____D C:\Users\DragonBorn\Desktop\Microsoft.Process.Explorer.17.06 2025-09-08 20:03 - 2025-09-08 20:03 - 000000000 ____D C:\Users\DragonBorn\Documents\IAmAlive 2025-09-08 09:03 - 2025-09-08 23:34 - 000001980 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2025-09-08 08:53 - 2025-09-08 08:55 - 000000722 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2025-09-08 08:53 - 2024-02-25 12:52 - 000000000 ____D C:\ProgramData\MB2Migration 2025-09-08 08:18 - 2025-09-08 08:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\James Bond 007(TM) - Blood Stone 2025-09-08 07:59 - 2025-09-08 07:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acclaim Entertainment 2025-09-08 07:50 - 2025-09-08 20:35 - 000000000 __SHD C:\ProgramData\RealtekHD 2025-09-08 07:50 - 2025-09-08 09:04 - 000000000 __SHD C:\Program Files\Malwarebytes 2025-09-08 07:50 - 2025-09-08 07:52 - 000000000 __SHD C:\ProgramData\WindowsTask 2025-09-08 07:50 - 2025-09-08 07:51 - 000000000 __SHD C:\rdp 2025-09-08 07:50 - 2025-09-08 07:50 - 000000000 __SHD C:\ProgramData\Windows 2025-09-08 07:50 - 2025-09-08 07:50 - 000000000 __SHD C:\ProgramData\Setup 2025-09-08 07:50 - 2025-09-08 07:50 - 000000000 __SHD C:\ProgramData\RunDLL 2025-09-08 07:50 - 2025-09-08 07:50 - 000000000 __SHD C:\ProgramData\Norton 2025-09-08 07:50 - 2025-09-08 07:50 - 000000000 __SHD C:\ProgramData\McAfee 2025-09-08 07:50 - 2025-09-08 07:50 - 000000000 __SHD C:\ProgramData\Kaspersky Lab Setup Files 2025-09-08 07:50 - 2025-09-08 07:50 - 000000000 __SHD C:\ProgramData\Kaspersky Lab 2025-09-08 07:50 - 2025-09-08 07:50 - 000000000 __SHD C:\ProgramData\install 2025-09-08 07:50 - 2025-09-08 07:50 - 000000000 __SHD C:\ProgramData\grizzly 2025-09-08 07:50 - 2025-09-08 07:50 - 000000000 __SHD C:\ProgramData\ESET 2025-09-08 07:50 - 2025-09-08 07:50 - 000000000 __SHD C:\ProgramData\Doctor Web 2025-09-08 07:50 - 2025-09-08 07:50 - 000000000 __SHD C:\ProgramData\AVAST Software 2025-09-08 07:50 - 2025-09-08 07:50 - 000000000 __SHD C:\ProgramData\360safe 2025-09-08 07:50 - 2025-09-08 07:50 - 000000000 __SHD C:\Program Files\SpyHunter 2025-09-08 07:50 - 2025-09-08 07:50 - 000000000 __SHD C:\Program Files\RDP Wrapper 2025-09-08 07:50 - 2025-09-08 07:50 - 000000000 __SHD C:\Program Files\Kaspersky Lab 2025-09-08 07:50 - 2025-09-08 07:50 - 000000000 __SHD C:\Program Files\ESET 2025-09-08 07:50 - 2025-09-08 07:50 - 000000000 __SHD C:\Program Files\Enigma Software Group 2025-09-08 07:50 - 2025-09-08 07:50 - 000000000 __SHD C:\Program Files\COMODO 2025-09-08 07:50 - 2025-09-08 07:50 - 000000000 __SHD C:\Program Files\Common Files\McAfee 2025-09-08 07:50 - 2025-09-08 07:50 - 000000000 __SHD C:\Program Files\Cezurity 2025-09-08 07:50 - 2025-09-08 07:50 - 000000000 __SHD C:\Program Files\ByteFence 2025-09-08 07:50 - 2025-09-08 07:50 - 000000000 __SHD C:\Program Files\AVG 2025-09-08 07:50 - 2025-09-08 07:50 - 000000000 __SHD C:\Program Files\AVAST Software 2025-09-08 07:50 - 2025-09-08 07:50 - 000000000 __SHD C:\Program Files (x86)\SpyHunter 2025-09-08 07:50 - 2025-09-08 07:50 - 000000000 __SHD C:\Program Files (x86)\Panda Security 2025-09-08 07:50 - 2025-09-08 07:50 - 000000000 __SHD C:\Program Files (x86)\Microsoft JDX 2025-09-08 07:50 - 2025-09-08 07:50 - 000000000 __SHD C:\Program Files (x86)\Kaspersky Lab 2025-09-08 07:50 - 2025-09-08 07:50 - 000000000 __SHD C:\Program Files (x86)\GRIZZLY Antivirus 2025-09-08 07:50 - 2025-09-08 07:50 - 000000000 __SHD C:\Program Files (x86)\Cezurity 2025-09-08 07:50 - 2025-09-08 07:50 - 000000000 __SHD C:\Program Files (x86)\AVG 2025-09-08 07:50 - 2025-09-08 07:50 - 000000000 __SHD C:\Program Files (x86)\AVAST Software 2025-09-08 07:50 - 2025-09-08 07:50 - 000000000 __SHD C:\Program Files (x86)\360 2025-09-08 07:50 - 2025-09-08 07:50 - 000000000 __SHD C:\KVRT_Data 2025-09-08 07:50 - 2025-09-08 07:50 - 000000000 __SHD C:\AdwCleaner 2025-09-08 07:50 - 2025-09-08 07:50 - 000000000 ____D C:\Windows\speechstracing 2025-09-08 07:50 - 2025-09-08 07:50 - 000000000 ____D C:\ProgramData\System32 2025-09-08 07:50 - 2025-09-08 07:50 - 000000000 ____D C:\ProgramData\MB3Install 2025-09-08 07:50 - 2025-09-08 07:50 - 000000000 ____D C:\ProgramData\Indus 2025-09-08 07:50 - 2025-09-08 07:50 - 000000000 ____D C:\ProgramData\Avira 2025-09-08 06:14 - 2025-09-08 06:15 - 000000000 ____D C:\Users\DragonBorn\Desktop\C# 2025-09-08 05:49 - 2025-09-08 05:49 - 000000299 _____ C:\Users\DragonBorn\Desktop\New Text Document (2).txt 2025-09-08 01:30 - 2025-09-08 08:31 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 2025-09-08 01:27 - 2025-09-08 01:30 - 000000000 ____D C:\Users\DragonBorn\.idlerc 2025-09-07 07:14 - 2025-09-07 07:14 - 000000000 ____D C:\Users\DragonBorn\AppData\Roaming\Microsoft\Blend 2025-09-07 07:05 - 2025-09-07 07:05 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2025-09-07 06:56 - 2025-09-07 06:56 - 000000000 ____D C:\Users\Default\AppData\Local\Microsoft Help 2025-09-07 05:52 - 2025-09-08 05:52 - 000001360 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk 2025-09-07 05:07 - 2025-09-08 20:54 - 000000000 ____D C:\Users\DragonBorn\AppData\Roaming\Microsoft\VisualStudio 2025-09-07 04:08 - 2025-09-07 04:08 - 000000000 ____D C:\Program Files (x86)\NuGet 2025-09-07 03:17 - 2025-09-07 03:17 - 000000670 _____ C:\Users\DragonBorn\Desktop\All Musics.lnk 2025-09-07 02:19 - 2025-09-07 02:20 - 000000000 ____D C:\Users\DragonBorn\.dotnet 2025-09-01 07:48 - 2025-09-01 07:49 - 000000000 ____D C:\Users\DragonBorn\AppData\Roaming\NationRed 2025-09-01 07:36 - 2025-09-01 07:36 - 000000000 ____D C:\Users\DragonBorn\AppData\LocalLow\DeadToast Entertainment 2025-09-01 07:36 - 2025-09-01 07:36 - 000000000 ____D C:\Users\DragonBorn\AppData\Local\NVIDIA Corporation 2025-09-01 06:55 - 2025-09-01 06:55 - 000000000 ____D C:\Users\DragonBorn\AppData\Roaming\Rage 2025-09-01 05:58 - 2025-09-01 05:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nation Red 2025-09-01 05:56 - 2025-09-01 05:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Castle Crashers 2025-09-01 03:38 - 2025-09-01 03:38 - 000000000 ____D C:\Users\DragonBorn\AppData\Roaming\Mini Ninjas 2025-09-01 03:38 - 2025-09-01 03:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mini Ninjas 2025-09-01 03:32 - 2025-09-02 22:24 - 000163644 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\SysWOW64\Drivers\SECDRV.SYS 2025-08-30 18:15 - 2025-08-30 18:15 - 000000000 ____D C:\Users\DragonBorn\Documents\Larian Studios 2025-08-30 17:34 - 2025-08-30 17:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Larian Studios 2025-08-27 03:25 - 2025-08-28 01:45 - 000000000 ____D C:\Users\DragonBorn\Documents\Command and Conquer Generals Zero Hour Data 2025-08-27 03:25 - 2025-08-27 03:25 - 000000000 ____D C:\Users\DragonBorn\AppData\Local\VCLStylesSkin 2025-08-27 03:25 - 2018-09-21 11:25 - 000000000 ____D C:\Users\DragonBorn\Documents\Command and Conquer Generals Data 2025-08-27 02:49 - 2025-08-27 02:49 - 000000000 ____D C:\Users\DragonBorn\AppData\Roaming\Fallout Shelter_Uninstall 2025-08-27 01:09 - 2025-08-27 01:20 - 000000054 _____ C:\Users\DragonBorn\Desktop\New Text Document.txt 2025-08-26 21:39 - 2025-08-27 00:31 - 000000000 ____D C:\Users\DragonBorn\AppData\Roaming\Microsoft\Excel 2025-08-26 16:08 - 2025-08-26 16:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games 2025-08-25 11:32 - 2025-08-25 11:32 - 000245014 _____ C:\Users\DragonBorn\Downloads\0dcbcf4a43ff8500e1df94cd7e23a833.pdf 2025-08-25 06:58 - 2025-08-25 06:58 - 000000000 ____D C:\Users\DragonBorn\AppData\Local\2K Games 2025-08-23 14:01 - 2025-09-07 02:19 - 000000000 ____D C:\Users\DragonBorn\AppData\Roaming\Telegram Desktop 2025-08-22 21:29 - 2025-08-22 22:33 - 000000000 ____D C:\Users\DragonBorn\AppData\Local\modloader 2025-08-22 21:29 - 2025-08-22 22:33 - 000000000 ____D C:\ProgramData\modloader 2025-08-22 21:01 - 2025-08-22 21:01 - 003198832 _____ C:\Users\DragonBorn\Downloads\MMGE 3 ENB For GTA SA(zargame.ir).rar 2025-08-20 20:13 - 2025-08-20 20:13 - 000769861 _____ C:\Users\DragonBorn\Downloads\B42 Optics-81641-0-21b-1707330650.7z 2025-08-18 23:18 - 2025-08-18 23:18 - 000000000 ____D C:\Users\DragonBorn\Documents\MOHW 2025-08-17 04:14 - 2025-08-17 04:14 - 000000000 ____D C:\Users\DragonBorn\Documents\EA Games 2025-08-17 01:56 - 2025-08-17 01:56 - 000042248 _____ C:\Users\DragonBorn\Downloads\hlm-gtasa_202404_archive.torrent 2025-08-16 14:44 - 2025-08-16 14:44 - 000000000 ____D C:\ProgramData\temp 2025-08-09 22:41 - 2025-08-11 12:52 - 000000000 ____D C:\Users\DragonBorn\Desktop\Trailers ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2025-09-08 23:39 - 2009-07-14 08:15 - 000029888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2025-09-08 23:39 - 2009-07-14 08:15 - 000029888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2025-09-08 23:34 - 2009-07-14 06:50 - 000000000 ____D C:\Windows\inf 2025-09-08 23:32 - 2025-03-03 15:43 - 000004998 _____ C:\Windows\system32\Tasks\Microsoft Office 15 Sync Maintenance for DragonBorn-PC-DragonBorn DragonBorn-PC 2025-09-08 23:32 - 2024-08-31 23:55 - 000000000 ____D C:\Users\DragonBorn\AppData\Roaming\DMCache 2025-09-08 23:32 - 2024-08-31 23:41 - 000000000 ____D C:\Program Files\CCleaner 2025-09-08 23:32 - 2009-07-14 08:39 - 000000000 ____D C:\Windows\system32\Tasks\WPD 2025-09-08 23:31 - 2009-07-14 08:38 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2025-09-08 21:20 - 2024-09-14 13:27 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2025-09-08 21:16 - 2009-07-14 09:02 - 000000000 ____D C:\Program Files (x86)\MSBuild 2025-09-08 21:16 - 2009-07-14 06:50 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared 2025-09-08 21:13 - 2025-04-01 02:32 - 000000000 ____D C:\Program Files (x86)\Windows Kits 2025-09-08 21:13 - 2025-04-01 02:32 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs 2025-09-08 21:07 - 2024-09-14 13:28 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server 2025-09-08 21:07 - 2024-09-14 13:27 - 000000000 ____D C:\Program Files\Microsoft SQL Server 2025-09-08 20:02 - 2024-09-04 00:55 - 000000000 ____D C:\Users\DragonBorn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2025-09-08 09:03 - 2025-02-03 01:08 - 000007605 _____ C:\Users\DragonBorn\AppData\Local\Resmon.ResmonCfg 2025-09-08 08:39 - 2025-01-13 04:50 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2025-09-08 08:38 - 2025-04-01 04:28 - 000000000 ____D C:\Users\DragonBorn\AppData\Local\Activision 2025-09-08 08:36 - 2019-12-25 12:28 - 000769284 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2025-09-08 08:36 - 2009-07-14 08:43 - 000769284 _____ C:\Windows\system32\PerfStringBackup.INI 2025-09-08 08:02 - 2009-07-14 09:02 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2025-09-08 07:53 - 2024-09-14 13:29 - 000000000 ____D C:\Windows\system32\Tasks\OfficeSoftwareProtectionPlatform 2025-09-08 07:50 - 2009-07-14 06:50 - 000000000 ____D C:\Program Files\Common Files\System 2025-09-08 06:13 - 2025-04-01 02:42 - 000000000 ____D C:\Users\DragonBorn\AppData\Local\.IdentityService 2025-09-08 06:10 - 2024-08-31 23:09 - 000298856 _____ C:\Users\DragonBorn\AppData\Local\GDIPFONTCACHEV1.DAT 2025-09-08 05:51 - 2025-03-31 05:30 - 000000000 ____D C:\Users\DragonBorn\AppData\Roaming\Visual Studio Setup 2025-09-08 05:50 - 2025-04-01 02:40 - 000000000 ____D C:\ProgramData\Microsoft Visual Studio 2025-09-08 05:05 - 2024-09-05 14:45 - 000000000 ____D C:\Skyrim Mods 2025-09-08 02:42 - 2024-11-18 03:28 - 000000000 ____D C:\Users\DragonBorn\AppData\Roaming\Code 2025-09-08 01:57 - 2024-08-31 22:47 - 000000000 ____D C:\ProgramData\Package Cache 2025-09-08 01:27 - 2024-08-31 20:33 - 000000000 ____D C:\Users\DragonBorn 2025-09-07 23:00 - 2024-09-01 00:11 - 000000000 ____D C:\Users\DragonBorn\AppData\Local\ModOrganizer 2025-09-07 22:59 - 2024-09-01 00:11 - 000000000 ____D C:\ProgramData\USVFS 2025-09-07 18:50 - 2025-05-23 19:10 - 000000000 ____D C:\Users\DragonBorn\Documents\Euro Truck Simulator 2 2025-09-07 07:10 - 2009-07-14 08:15 - 000799152 _____ C:\Windows\system32\FNTCACHE.DAT 2025-09-07 07:08 - 2009-07-14 06:04 - 000000478 _____ C:\Windows\win.ini 2025-09-07 06:56 - 2024-09-14 13:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2025-09-07 04:51 - 2025-04-26 15:46 - 000000000 ____D C:\Users\DragonBorn\AppData\Local\ECSD 2025-09-07 04:12 - 2025-04-01 02:38 - 000000000 ____D C:\Program Files (x86)\Entity Framework Tools 2025-09-07 02:10 - 2024-12-23 02:51 - 000000000 ____D C:\Program Files\dotnet 2025-09-07 01:47 - 2024-11-18 01:47 - 000000000 ____D C:\Users\DragonBorn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps 2025-09-04 22:34 - 2009-07-14 08:38 - 000032644 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2025-09-01 08:08 - 2024-09-01 00:14 - 000000000 ____D C:\Users\DragonBorn\Documents\My Games 2025-09-01 07:59 - 2024-11-21 04:06 - 000000000 ____D C:\Users\DragonBorn\AppData\Local\SKIDROW 2025-09-01 05:53 - 2024-09-04 16:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com 2025-08-30 17:35 - 2024-10-03 12:27 - 000000000 ____D C:\ProgramData\Electronic Arts 2025-08-21 03:28 - 2024-09-14 13:31 - 000000000 ____D C:\Users\DragonBorn\AppData\Roaming\Microsoft\Word 2025-08-16 14:48 - 2024-09-11 21:48 - 000000000 ____D C:\Users\DragonBorn\AppData\Local\Overwolf 2025-08-16 14:44 - 2024-08-31 23:55 - 000000000 ____D C:\Users\DragonBorn\AppData\Roaming\IDM ==================== Files in the root of some directories ======== 2024-11-18 02:00 - 2024-11-18 03:04 - 001065984 _____ () C:\Users\DragonBorn\AppData\Local\file__0.localstorage 2025-02-03 01:08 - 2025-09-08 09:03 - 000007605 _____ () C:\Users\DragonBorn\AppData\Local\Resmon.ResmonCfg ==================== FLock ============================== 2025-09-08 07:50 C:\AdwCleaner 2025-09-08 07:50 C:\KVRT_Data 2025-09-08 07:50 C:\Program Files\AVAST Software 2025-09-08 07:50 C:\Program Files\AVG 2025-09-08 07:50 C:\Program Files\ByteFence 2025-09-08 07:50 C:\Program Files\Cezurity 2025-09-08 07:50 C:\Program Files\COMODO 2025-09-08 07:50 C:\Program Files\Enigma Software Group 2025-09-08 07:50 C:\Program Files\ESET 2025-09-08 07:50 C:\Program Files\Kaspersky Lab 2025-09-08 09:04 C:\Program Files\Malwarebytes 2025-09-08 07:50 C:\Program Files\SpyHunter 2025-09-08 07:50 C:\Program Files (x86)\360 2025-09-08 07:50 C:\Program Files (x86)\AVAST Software 2025-09-08 07:50 C:\Program Files (x86)\AVG 2025-09-08 07:50 C:\Program Files (x86)\Cezurity 2025-09-08 07:50 C:\Program Files (x86)\GRIZZLY Antivirus 2025-09-08 07:50 C:\Program Files (x86)\Kaspersky Lab 2025-09-08 07:50 C:\Program Files (x86)\Microsoft JDX 2025-09-08 07:50 C:\Program Files (x86)\Panda Security 2025-09-08 07:50 C:\Program Files (x86)\SpyHunter 2025-09-08 07:50 C:\Windows\speechstracing 2025-09-08 07:50 C:\Program Files\Common Files\McAfee 2025-09-08 07:50 C:\ProgramData\360safe 2025-09-08 07:50 C:\ProgramData\AVAST Software 2025-09-08 07:50 C:\ProgramData\Avira 2025-09-08 07:50 C:\ProgramData\Doctor Web 2025-09-08 07:50 C:\ProgramData\ESET 2025-09-08 07:50 C:\ProgramData\grizzly 2025-09-08 07:50 C:\ProgramData\Indus 2025-09-08 07:50 C:\ProgramData\Kaspersky Lab 2025-09-08 07:50 C:\ProgramData\Kaspersky Lab Setup Files 2025-09-08 07:50 C:\ProgramData\MB3Install 2025-09-08 07:50 C:\ProgramData\McAfee 2025-09-08 07:50 C:\ProgramData\Norton ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) LastRegBack: 2025-09-08 12:38 ==================== End of FRST.txt ========================