Solved PC Not going to sleep. Tried almost everything.

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Status
Not open for further replies.
Download ZHP Suite.


  • Then right clcick the ZHP suite icon Run as admin.
  • Then Click on Repar
  • Copy the entire content of the code box below, the next step will grab it from your clipboard.
  • Then click on paste Script.
  • Then click start script
  • Allow completion.
  • A log file will appear on your desktop.
  • Post it here in your next reply.
  • Reboot your machine.

Capture.PNG

Code: 
Start::
HKLM\SOFTWARE\Wow6432Node\IObit\RealTimeProtector
HKLM\SOFTWARE\Wow6432Node\IObit\ASC
HKLM\SOFTWARE\IObit\RealTimeProtector
HKLM\SOFTWARE\Iobit\ASC
HKLM\SOFTWARE\WOW6432Node\Conduit
HKLM\SOFTWARE\WOW6432Node\Webteh
HKCU\SOFTWARE\Conduit
HKCU\SOFTWARE\Discord
HKU\S-1-5-21-3132303913-1656691581-3202241647-1002\SOFTWARE\Conduit
HKU\S-1-5-21-3132303913-1656691581-3202241647-1002\SOFTWARE\Discord
HKLM\SOFTWARE\Microsoft\Tracing\svchost_RASCHAP
C:\Program Files (x86)\Webteh
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\svchost_RASCHAP
C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\File System\000
C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\File System\001
C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\File System\002
C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\File System\003
C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\File System\004
C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\File System\005
C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\File System\006
C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\File System\007
C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\File System\008
C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\File System\Plugins
HKLM\SOFTWARE\Wow6432Node\IObit\RealTimeProtector
HKLM\SOFTWARE\Wow6432Node\IObit\ASC
HKLM\SOFTWARE\IObit\RealTimeProtector
HKLM\SOFTWARE\Iobit\ASC
[HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:H:\setup.exe.FriendlyAppName
[HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:H:\setup.exe.ApplicationCompany
[HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:D:\IGRE\Cyberpunk 2077\unins000.exe.FriendlyAppName
[HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\Users\Korisnik\Downloads\SystemUtilities.exe.FriendlyAppName
[HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\Users\Korisnik\Downloads\SystemUtilities.exe.ApplicationCompany
[HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\Users\Korisnik\Desktop\Cyberpunk 2077 v1.03-v1.3 Plus 32 Trainer.exe.FriendlyAppName
[HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\Users\Korisnik\Desktop\Cyberpunk 2077 v1.03-v1.3 Plus 32 Trainer.exe.ApplicationCompany
[HKU\S-1-5-21-3132303913-1656691581-3202241647-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:H:\setup.exe.FriendlyAppName
[HKU\S-1-5-21-3132303913-1656691581-3202241647-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:H:\setup.exe.ApplicationCompany
[HKU\S-1-5-21-3132303913-1656691581-3202241647-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:D:\IGRE\Cyberpunk 2077\unins000.exe.FriendlyAppName
[HKU\S-1-5-21-3132303913-1656691581-3202241647-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\Users\Korisnik\Downloads\SystemUtilities.exe.FriendlyAppName
[HKU\S-1-5-21-3132303913-1656691581-3202241647-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\Users\Korisnik\Downloads\SystemUtilities.exe.ApplicationCompany
[HKU\S-1-5-21-3132303913-1656691581-3202241647-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\Users\Korisnik\Desktop\Cyberpunk 2077 v1.03-v1.3 Plus 32 Trainer.exe.FriendlyAppName
[HKU\S-1-5-21-3132303913-1656691581-3202241647-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\Users\Korisnik\Desktop\Cyberpunk 2077 v1.03-v1.3 Plus 32 Trainer.exe.ApplicationCompany
C:\Windows\SECOH-QAD.dll
C:\Windows\SECOH-QAD.exe
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
EmptyPrefetch
EmptyClsid


Adware Cleaner Scan.

Please download AdwCleaner by Xplode onto your desktop.




  • Close all open programs and internet browsers.
  • Right Click on adwcleaner.exe and run as admin to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
 
Last edited:
I will post and copy the files here.


Adware Cleaner:
# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build: 11-18-2021
# Database: 2021-12-02.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-02-2022
# Duration: 00:00:00
# OS: Windows 10 Pro
# Cleaned: 2
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

Deleted C:\Windows\System32\REGISTRYDEFRAGBOOTTIME.EXE

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

Deleted Free VPN for Chrome - VPN Proxy VeePN - majdfhpaihoncoakbjgbdhglocklcgno

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1526 octets] - [02/02/2022 20:13:23]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########





ZHP Fix:


~ ZHPFix v2022.2.2.10 by Nicolas Coolman (2022/02/02)
~ Run by Korisnik (Administrator) (02/02/2022 20:10:40)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Report : C:\Users\Korisnik\Desktop\ZHPFix.txt
~ Quarantine : HKCU\SOFTWARE\ZHP\ZHPFix\Quarantine\
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Pro, 64-bit (Build 19044)



---\\ USER SCRIPT. (48)
Start::
HKLM\SOFTWARE\Wow6432Node\IObit\RealTimeProtector
HKLM\SOFTWARE\Wow6432Node\IObit\ASC
HKLM\SOFTWARE\IObit\RealTimeProtector
HKLM\SOFTWARE\Iobit\ASC
HKLM\SOFTWARE\WOW6432Node\Conduit
HKLM\SOFTWARE\WOW6432Node\Webteh
HKCU\SOFTWARE\Conduit
HKCU\SOFTWARE\Discord
HKU\S-1-5-21-3132303913-1656691581-3202241647-1002\SOFTWARE\Conduit
HKU\S-1-5-21-3132303913-1656691581-3202241647-1002\SOFTWARE\Discord
HKLM\SOFTWARE\Microsoft\Tracing\svchost_RASCHAP
C:\Program Files (x86)\Webteh
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\svchost_RASCHAP
C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\File System\000
C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\File System\001
C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\File System\002
C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\File System\003
C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\File System\004
C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\File System\005
C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\File System\006
C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\File System\007
C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\File System\008
C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\File System\Plugins
HKLM\SOFTWARE\Wow6432Node\IObit\RealTimeProtector
HKLM\SOFTWARE\Wow6432Node\IObit\ASC
HKLM\SOFTWARE\IObit\RealTimeProtector
HKLM\SOFTWARE\Iobit\ASC
[HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:H:\setup.exe.FriendlyAppName
[HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:H:\setup.exe.ApplicationCompany
[HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:D:\IGRE\Cyberpunk 2077\unins000.exe.FriendlyAppName
[HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\Users\Korisnik\Downloads\SystemUtilities.exe.FriendlyAppName
[HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\Users\Korisnik\Downloads\SystemUtilities.exe.ApplicationCompany
[HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\Users\Korisnik\Desktop\Cyberpunk 2077 v1.03-v1.3 Plus 32 Trainer.exe.FriendlyAppName
[HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\Users\Korisnik\Desktop\Cyberpunk 2077 v1.03-v1.3 Plus 32 Trainer.exe.ApplicationCompany
[HKU\S-1-5-21-3132303913-1656691581-3202241647-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:H:\setup.exe.FriendlyAppName
[HKU\S-1-5-21-3132303913-1656691581-3202241647-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:H:\setup.exe.ApplicationCompany
[HKU\S-1-5-21-3132303913-1656691581-3202241647-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:D:\IGRE\Cyberpunk 2077\unins000.exe.FriendlyAppName
[HKU\S-1-5-21-3132303913-1656691581-3202241647-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\Users\Korisnik\Downloads\SystemUtilities.exe.FriendlyAppName
[HKU\S-1-5-21-3132303913-1656691581-3202241647-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\Users\Korisnik\Downloads\SystemUtilities.exe.ApplicationCompany
[HKU\S-1-5-21-3132303913-1656691581-3202241647-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\Users\Korisnik\Desktop\Cyberpunk 2077 v1.03-v1.3 Plus 32 Trainer.exe.FriendlyAppName
[HKU\S-1-5-21-3132303913-1656691581-3202241647-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\Users\Korisnik\Desktop\Cyberpunk 2077 v1.03-v1.3 Plus 32 Trainer.exe.ApplicationCompany
C:\Windows\SECOH-QAD.dll
C:\Windows\SECOH-QAD.exe
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
EmptyPrefetch
EmptyClsid


---\\ SOFTWARE. (0)


---\\ SERVICE. (0)


---\\ SCHEDULED TASK. (0)


---\\ INTERNET BROWSER. (0)


---\\ EXPLORER (folders, files). (15)
DELETED Folder : C:\Program Files (x86)\Webteh
DELETED Folder : C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\File System\000
DELETED Reboot Folder ^: C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\File System\001
DELETED Folder : C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\File System\002
DELETED Folder : C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\File System\003
DELETED Folder : C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\File System\004
DELETED Folder : C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\File System\005
DELETED Folder : C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\File System\006
DELETED Folder : C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\File System\007
DELETED Folder : C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\File System\008
DELETED Folder : C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\File System\Plugins
MOVED File : C:\Windows\SECOH-QAD.dll
MOVED File : C:\Windows\SECOH-QAD.exe
DELETED Folder : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
DELETED Folder : C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare


---\\ REGISTRY (keys, values, data). (36)
DELETED Key: HKLM\SOFTWARE\Wow6432Node\IObit\RealTimeProtector [RealTimeProtector]
DELETED Key: HKLM\SOFTWARE\Wow6432Node\IObit\ASC [ASC]
NOT FOUND Key: HKLM\SOFTWARE\IObit\RealTimeProtector
NOT FOUND Key: HKLM\SOFTWARE\Iobit\ASC
DELETED Key: HKLM\SOFTWARE\WOW6432Node\Conduit [Conduit]
DELETED Key: HKLM\SOFTWARE\WOW6432Node\Webteh [Webteh]
DELETED Key: HKCU\SOFTWARE\Conduit [Conduit]
DELETED Key: HKCU\SOFTWARE\Discord [Discord]
NOT FOUND Key: HKU\S-1-5-21-3132303913-1656691581-3202241647-1002\SOFTWARE\Conduit
NOT FOUND Key: HKU\S-1-5-21-3132303913-1656691581-3202241647-1002\SOFTWARE\Discord
NOT FOUND Key Tracing: HKLM\SOFTWARE\Microsoft\Tracing\svchost_RASCHAP
NOT FOUND Key Tracing: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\svchost_RASCHAP
NOT FOUND Key: HKLM\SOFTWARE\Wow6432Node\IObit\RealTimeProtector
NOT FOUND Key: HKLM\SOFTWARE\Wow6432Node\IObit\ASC
DELETED Value : H:\setup.exe.FriendlyAppName [HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
DELETED Value : H:\setup.exe.ApplicationCompany [HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
DELETED Value : D:\IGRE\Cyberpunk 2077\unins000.exe.FriendlyAppName [HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
DELETED Value : C:\Users\Korisnik\Downloads\SystemUtilities.exe.FriendlyAppName [HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
DELETED Value : C:\Users\Korisnik\Downloads\SystemUtilities.exe.ApplicationCompany [HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
DELETED Value : C:\Users\Korisnik\Desktop\Cyberpunk 2077 v1.03-v1.3 Plus 32 Trainer.exe.FriendlyAppName [HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
DELETED Value : C:\Users\Korisnik\Desktop\Cyberpunk 2077 v1.03-v1.3 Plus 32 Trainer.exe.ApplicationCompany [HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
NOT FOUND Value: HKU\S-1-5-21-3132303913-1656691581-3202241647-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache []
DELETED Value: H:\setup.exe.FriendlyAppName [HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
DELETED Value: H:\setup.exe.ApplicationCompany [HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
DELETED Value: D:\IGRE\Cyberpunk 2077\unins000.exe.FriendlyAppName [HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
DELETED Value: C:\Users\Korisnik\Downloads\SystemUtilities.exe.FriendlyAppName [HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
DELETED Value: C:\Users\Korisnik\Downloads\SystemUtilities.exe.ApplicationCompany [HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
DELETED Value: C:\Users\Korisnik\Desktop\Cyberpunk 2077 v1.03-v1.3 Plus 32 Trainer.exe.FriendlyAppName [HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
DELETED Value: C:\Users\Korisnik\Desktop\Cyberpunk 2077 v1.03-v1.3 Plus 32 Trainer.exe.ApplicationCompany [HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
DELETED Value: H:\setup.exe.FriendlyAppName [HKU\S-1-5-21-3132303913-1656691581-3202241647-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
DELETED Value: H:\setup.exe.ApplicationCompany [HKU\S-1-5-21-3132303913-1656691581-3202241647-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
DELETED Value: D:\IGRE\Cyberpunk 2077\unins000.exe.FriendlyAppName [HKU\S-1-5-21-3132303913-1656691581-3202241647-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
DELETED Value: C:\Users\Korisnik\Downloads\SystemUtilities.exe.FriendlyAppName [HKU\S-1-5-21-3132303913-1656691581-3202241647-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
DELETED Value: C:\Users\Korisnik\Downloads\SystemUtilities.exe.ApplicationCompany [HKU\S-1-5-21-3132303913-1656691581-3202241647-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
DELETED Value: C:\Users\Korisnik\Desktop\Cyberpunk 2077 v1.03-v1.3 Plus 32 Trainer.exe.FriendlyAppName [HKU\S-1-5-21-3132303913-1656691581-3202241647-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
DELETED Value: C:\Users\Korisnik\Desktop\Cyberpunk 2077 v1.03-v1.3 Plus 32 Trainer.exe.ApplicationCompany [HKU\S-1-5-21-3132303913-1656691581-3202241647-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]


---\\ COMMAND. (2)
~ EmptyPrefetch: deleted prefetcher files (767)
~ EmptyCSID: Empty CLSID folders deleted (0)


---\\ UNPROCESSED. (0)

~ The system has been restarted.

***** ~ End of report completed in 00mn00s


I quarantined some files the adware cleaner found, that was the only option
 

Attachments

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.
Once downloaded right click the FRST desktop icon and select "Run as administrator" from the menu"
icon2.jpg
If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
FRST will open with two dialogue boxes, accept the disclaimer.
frst disclaimer.jpg

  1. Accept the default whitelist options,
  2. If the additions.txt options box is not checked please select it.
  3. Then select Scan
frst.jpg
Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.
2016-08-12_152002.jpg

Please Copy and Paste the contents of these logs in your next post for review by our Security Team
 
Addition.txt



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-01-2022
Ran by Korisnik (02-02-2022 23:14:38)
Running from C:\Users\Korisnik\Downloads
Microsoft Windows 10 Pro Version 21H2 19044.1503 (X64) (2021-12-12 10:27:50)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3132303913-1656691581-3202241647-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3132303913-1656691581-3202241647-503 - Limited - Disabled)
Guest (S-1-5-21-3132303913-1656691581-3202241647-501 - Limited - Disabled)
Korisnik (S-1-5-21-3132303913-1656691581-3202241647-1002 - Administrator - Enabled) => C:\Users\Korisnik
WDAGUtilityAccount (S-1-5-21-3132303913-1656691581-3202241647-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Security (Enabled - Up to date) {89B55CC4-3881-78B2-11E2-479AE0371896}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {B18EDDE1-72EE-79EA-3ABD-EEAF1EE45FED}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.77.1092 - AB Team, d.o.o.)
Cyberpunk 2077 (HKLM-x32\...\Cyberpunk 2077_is1) (Version: 0.0.0 - DODI-Repacks)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 11.0.0.1932 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-3132303913-1656691581-3202241647-1002\...\Discord) (Version: 1.0.9003 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{209F4B4B-3DF2-4825-9906-D4D6A80EC09E}) (Version: 1.3.0.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{32C68D93-D32F-4B01-8250-61642BFC22F8}) (Version: 2.0.28.0 - Epic Games, Inc.)
ESET Security (HKLM\...\{C8113C9E-3025-4DC5-89E8-71F7C080967A}) (Version: 15.0.23.0 - ESET, spol. s r.o.)
*** of War (HKLM-x32\...\*** of War_is1) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 97.0.4692.99 - Google LLC)
Grand Theft Auto V (HKLM-x32\...\Grand Theft Auto V_is1) (Version: - )
IObit Uninstaller 11 (HKLM-x32\...\IObitUninstall) (Version: 11.1.0.18 - IObit)
Java 8 Update 311 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180311F0}) (Version: 8.0.3110.11 - Oracle Corporation)
Java 8 Update 321 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180321F0}) (Version: 8.0.3210.7 - Oracle Corporation)
Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)
Java SE Development Kit 8 Update 311 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180311}) (Version: 8.0.3110.11 - Oracle Corporation)
Java SE Development Kit 8 Update 321 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180321}) (Version: 8.0.3210.7 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Max Payne 3 (HKLM-x32\...\Max Payne 3_is1) (Version: 0.0.0 - DODI-Repacks)
Microsoft Office Professional Plus 2019 - en-us (HKLM\...\ProPlus2019Volume - en-us) (Version: 16.0.10382.20034 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E876418F-BE59-4D8C-B9A5-74B056B676FA}) (Version: 2.93.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.30.30704 (HKLM-x32\...\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}) (Version: 14.30.30704.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.30.30704 (HKLM-x32\...\{4d8dcf8c-a72a-43e1-9833-c12724db736e}) (Version: 14.30.30704.0 - Microsoft Corporation)
MSI Afterburner 4.6.4 (HKLM-x32\...\Afterburner) (Version: 4.6.4 - MSI Co., LTD)
NVIDIA FrameView SDK 1.2.4999.30397803 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.2.4999.30397803 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.24.0.126 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.24.0.126 - NVIDIA Corporation)
NVIDIA Graphics Driver 511.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 511.23 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.39.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.39.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.10382.20034 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.10382.20034 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.10382.20034 - Microsoft Corporation) Hidden
qBittorrent 4.4.0 (HKLM-x32\...\qBittorrent) (Version: 4.4.0 - The qBittorrent project)
Rayman Origins (HKLM-x32\...\{DE491AB9-1D47-4FED-A8F5-4D4325B2EB4B}) (Version: 1.00 - Ubisoft)
REDlauncher (HKU\S-1-5-21-3132303913-1656691581-3202241647-1002\...\{7258BA11-600C-430E-A759-27E2C691A335}-REDlauncher_is1) (Version: - GOG.com)
RivaTuner Statistics Server 7.3.3 (HKLM-x32\...\RTSS) (Version: 7.3.3 - Unwinder)
Sniper Ghost Warrior Contracts 2 (HKLM-x32\...\Sniper Ghost Warrior Contracts 2_is1) (Version: - )
Sniper: Ghost Warrior Contracts (HKLM-x32\...\Sniper: Ghost Warrior Contracts_is1) (Version: - )
The Witcher 3 Wild Hunt v.1.31 (HKLM-x32\...\The Witcher 3 Wild Hunt_is1) (Version: - )
TLauncher (HKLM-x32\...\TLauncher) (Version: 2.831 - TLauncher Inc.)
WinRAR 6.02 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.02.0 - win.rar GmbH)
Wolfenstein Youngblood Deluxe Edition MULTi12 - ElAmigos version 1.0.3 (HKLM-x32\...\{8D2A84ED-62F8-4817-A798-A7487A91BEAE}_is1) (Version: 1.0.3 - Bethesda Softworks)
Zoom (HKU\S-1-5-21-3132303913-1656691581-3202241647-1002\...\ZoomUMX) (Version: 5.9.1 (2581) - Zoom Video Communications, Inc.)

Packages:
=========
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-12-12] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-12-12] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.962.0_x64__56jybvy8sckqj [2022-01-19] (NVIDIA Corp.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2022-01-13] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => G:\IObit Uninstaller\IUMenuRight.dll [2020-07-31] (IObit Information Technology -> IObit)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2022-01-13] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => G:\IObit Uninstaller\IUMenuRight.dll [2020-07-31] (IObit Information Technology -> IObit)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_015fa42d67826549\nvshext.dll [2022-01-11] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2022-01-13] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => G:\IObit Uninstaller\IUMenuRight.dll [2020-07-31] (IObit Information Technology -> IObit)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-12-03 14:36 - 2021-12-03 14:36 - 000232960 _____ () [File not signed] G:\MSI Afterburner\RTCore.dll
2021-12-03 14:36 - 2021-12-03 14:36 - 000057344 _____ () [File not signed] G:\MSI Afterburner\RTFC.dll
2021-12-03 14:36 - 2021-12-03 14:36 - 000668672 _____ () [File not signed] G:\MSI Afterburner\RTHAL.dll
2021-12-03 14:36 - 2021-12-03 14:36 - 000074240 _____ () [File not signed] G:\MSI Afterburner\RTMUI.dll
2021-12-03 14:36 - 2021-12-03 14:36 - 000371712 _____ () [File not signed] G:\MSI Afterburner\RTUI.dll
2021-12-03 14:32 - 2021-12-03 14:32 - 000057344 _____ () [File not signed] G:\RivaTuner Statistics Server\RTFC.dll
2021-12-03 14:32 - 2021-12-03 14:32 - 000074240 _____ () [File not signed] G:\RivaTuner Statistics Server\RTMUI.dll
2021-12-03 14:32 - 2021-12-03 14:32 - 000368640 _____ () [File not signed] G:\RivaTuner Statistics Server\RTUI.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Korisnik\Application Data:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\Korisnik\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [6256]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> G:\IObit Uninstaller\UninstallExplorer.dll [2020-01-31] (IObit Information Technology -> IObit)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_321\bin\ssv.dll [2022-01-24] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_321\bin\jp2ssv.dll [2022-01-24] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-01-25] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-01-25] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-01-25] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-01-25] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-01-25] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-01-25] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-01-25] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-01-25] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-01-25] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 10:14 - 2021-12-13 13:29 - 000002552 _____ C:\Windows\system32\drivers\etc\hosts
109.94.209.70 fitgirlrepacks.in # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.in # Fake FitGirl site
109.94.209.70 *.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repack.org # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.org # Fake FitGirl site
109.94.209.70 fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 fitgirl-repacks.to # Fake FitGirl site
109.94.209.70 fitgirl-repack.com # Fake FitGirl site
109.94.209.70 fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 fitgirlrepack.games # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.to # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.com # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 ww9.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 www.fitgirlrepack.games # Fake FitGirl site
109.94.209.70 *.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repack.net # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.net # Fake FitGirl site
109.94.209.70 fitgirlpack.site # Fake FitGirl site
109.94.209.70 www.fitgirlpack.site # Fake FitGirl site

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-21-3132303913-1656691581-3202241647-1002\Control Panel\Desktop\\Wallpaper -> c:\users\korisnik\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbackground\11034324.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: BEService => 3
MSCONFIG\Services: Disc Soft Lite Bus Service => 3
MSCONFIG\Services: EasyAntiCheat => 3
MSCONFIG\Services: EpicOnlineServices => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IObitUnSvr => 2
MSCONFIG\Services: LGHUBUpdaterService => 3
MSCONFIG\Services: NvContainerLocalSystem => 3
MSCONFIG\Services: Razer Update Service => 3
MSCONFIG\Services: RtkAudioUniversalService => 3
MSCONFIG\Services: RzSndSrv => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: ucldr_battlegrounds_gl => 3
MSCONFIG\Services: zksvc => 3
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-3132303913-1656691581-3202241647-1002\...\StartupApproved\Run: => "LGHUB"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{92A6165B-2442-4DE6-9072-385D406409C9}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe => No File
FirewallRules: [{E897EDF9-2430-4938-B7FB-716C9F00C71A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe => No File
FirewallRules: [{5E8F2E81-C6AC-482A-A584-6B1908311DCC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9F2E0F14-A3BD-4A10-8387-D27CF4F6709B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A3A123C1-58FE-42EA-B1A4-1FCCB8DC96D3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CA252AC9-39F8-48CC-90EE-A265D519F41C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{9208624A-5CB2-498E-986E-8162BAA3FC6C}D:\igre\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\igre\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [UDP Query User{68A81671-590D-46CA-AD31-AC305888564A}D:\igre\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\igre\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [TCP Query User{C55B3A34-ED6A-4E29-A0CD-1FEA4AF53BF5}C:\users\korisnik\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\korisnik\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe
FirewallRules: [UDP Query User{BFB97476-1FD4-415A-A736-8E08F4EF66F5}C:\users\korisnik\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\korisnik\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe
FirewallRules: [TCP Query User{4B1A02B8-ADB3-464D-B68B-52B2C77CCEA3}D:\igre\forza horizon 5\forzahorizon5.exe] => (Allow) D:\igre\forza horizon 5\forzahorizon5.exe => No File
FirewallRules: [UDP Query User{FDB5F165-9F4B-4D00-A7AF-9AFA3E9FEB13}D:\igre\forza horizon 5\forzahorizon5.exe] => (Allow) D:\igre\forza horizon 5\forzahorizon5.exe => No File
FirewallRules: [{F9A199E2-071F-4970-84F8-0C25E069B82F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C695557B-548D-4226-98D4-04A46BA1B23A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{9B12E97A-122E-471A-9CF6-E7BDF65C2ABD}D:\igre\resident evil village\re8.exe] => (Allow) D:\igre\resident evil village\re8.exe => No File
FirewallRules: [UDP Query User{C9E27ECF-3641-4E44-8CE6-9A1F359ECD40}D:\igre\resident evil village\re8.exe] => (Allow) D:\igre\resident evil village\re8.exe => No File
FirewallRules: [TCP Query User{C0931358-ACEC-46C1-AFDC-9B01F3117C25}D:\igre\sniper - ghost warrior contracts\win_x64\sgwcontracts.exe] => (Allow) D:\igre\sniper - ghost warrior contracts\win_x64\sgwcontracts.exe (CI Games S.A.) [File not signed]
FirewallRules: [UDP Query User{27B00C76-E8D5-422C-802E-10370E43D373}D:\igre\sniper - ghost warrior contracts\win_x64\sgwcontracts.exe] => (Allow) D:\igre\sniper - ghost warrior contracts\win_x64\sgwcontracts.exe (CI Games S.A.) [File not signed]
FirewallRules: [{79536A55-DDE6-4960-869F-0146C8EF3E82}] => (Allow) G:\Grand Theft Auto V\GTA5.exe (Rockstar Games) [File not signed]
FirewallRules: [{C389F29D-86CC-4037-A753-246814D022BE}] => (Allow) G:\Grand Theft Auto V\GTA5.exe (Rockstar Games) [File not signed]
FirewallRules: [{A2B40E9F-FDCC-4F8C-812F-8A8304D1AF9E}] => (Allow) D:\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{B9D0ACF5-0C0C-4F70-83AD-0C0E712FBCD5}] => (Allow) D:\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{36196217-EAF7-4386-8F98-23D489157DE6}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{8564EC21-CE8F-48FA-A92A-FB54B5645811}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{6E8EA721-3913-4042-A189-CB9C1ACDBDBC}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve Corp. -> )
FirewallRules: [{D9926B84-E103-4A05-820C-30AAB23CE40A}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve Corp. -> )
FirewallRules: [{60016CEB-1A2E-438E-831E-69D219AC87C2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7CC462A2-BDC0-4B5A-89C9-645308664C56}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{07306863-6245-4D56-8DF1-04B46A72FF16}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{D3A9DAAF-C68D-46E8-ACBE-8194E5F3D53D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{1C0C4906-9299-49AB-9849-368B13EEE23C}] => (Allow) E:\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{F7F0C26C-1E7D-4253-BC80-979F4E4CAC92}] => (Allow) E:\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [TCP Query User{C76CF870-F27E-4649-9F7D-9B47382746D3}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe => No File
FirewallRules: [UDP Query User{3AC8E318-0576-42BB-984A-04D5AA42E935}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe => No File
FirewallRules: [TCP Query User{DE3FD26B-EF7A-4B71-B304-5D0945085373}C:\users\korisnik\appdata\roaming\.minecraft\runtime\java-runtime-beta\windows\java-runtime-beta\bin\javaw.exe] => (Allow) C:\users\korisnik\appdata\roaming\.minecraft\runtime\java-runtime-beta\windows\java-runtime-beta\bin\javaw.exe
FirewallRules: [UDP Query User{33146ABF-E773-4953-8FE5-29EDD7642CB6}C:\users\korisnik\appdata\roaming\.minecraft\runtime\java-runtime-beta\windows\java-runtime-beta\bin\javaw.exe] => (Allow) C:\users\korisnik\appdata\roaming\.minecraft\runtime\java-runtime-beta\windows\java-runtime-beta\bin\javaw.exe
FirewallRules: [TCP Query User{B407939B-02CA-48C8-B370-060EE980A080}F:\subnautica - below zero\subnauticazero.exe] => (Allow) F:\subnautica - below zero\subnauticazero.exe => No File
FirewallRules: [UDP Query User{3C0A1EB2-C136-4BF6-BD08-AE460F2C0797}F:\subnautica - below zero\subnauticazero.exe] => (Allow) F:\subnautica - below zero\subnauticazero.exe => No File
FirewallRules: [TCP Query User{E43C76B7-5E50-463C-B897-E9346F3D05FA}D:\igre\sniper ghost warrior contracts 2\win_x64\sgwcontracts2.exe] => (Allow) D:\igre\sniper ghost warrior contracts 2\win_x64\sgwcontracts2.exe (CI Games S.A.) [File not signed]
FirewallRules: [UDP Query User{47FDF079-4637-4B7D-B063-D465B90BE293}D:\igre\sniper ghost warrior contracts 2\win_x64\sgwcontracts2.exe] => (Allow) D:\igre\sniper ghost warrior contracts 2\win_x64\sgwcontracts2.exe (CI Games S.A.) [File not signed]
FirewallRules: [{5DB4EB62-59C4-4CC6-85FD-3DAAD9217B65}] => (Allow) C:\Users\Korisnik\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{B51B5B26-7A6A-427C-82A2-9882915751CB}] => (Allow) E:\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{2650D425-2A7A-42C4-9C7F-F03A025106DE}] => (Allow) E:\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{1B45D14C-CEAF-4B9F-89EF-B24EA6D5CD62}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{80376D0B-038F-447B-9313-96870432D9BA}] => (Allow) D:\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\ExecPubg.exe (PUBG CORPORATION -> KRAFTON, Inc.)
FirewallRules: [{6190D7A7-5D25-4A3B-A0A9-924A9B0780BD}] => (Allow) D:\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\ExecPubg.exe (PUBG CORPORATION -> KRAFTON, Inc.)
FirewallRules: [{D9A2604F-9677-45E3-BCA5-F8A08F2EA178}] => (Allow) D:\IGRE\Rayman Origins.exe => No File
FirewallRules: [{30F6BBF0-5806-4599-A691-26198E99B99C}] => (Allow) D:\IGRE\Rayman Origins.exe => No File
FirewallRules: [{62B3BCA1-B9F8-45D1-9D7A-71A2095AFD84}] => (Allow) D:\IGRE\gu.exe => No File
FirewallRules: [{40258A75-D79E-4813-B492-63C43366CC37}] => (Allow) D:\IGRE\gu.exe => No File

==================== Restore Points =========================

30-01-2022 19:00:01 Windows Backup
01-02-2022 15:24:04 Removed ESET Security

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (02/02/2022 08:11:36 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (02/02/2022 05:09:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Aplikacija koja je prouzročila pogrešku: wmiprvse.exe, verzija: 10.0.19041.546, vremenska oznaka: 0x5da7ab91
Modul koji je prouzročio pogrešku: unknown, verzija: 0.0.0.0, vremenska oznaka: 0x00000000
Kôd iznimke: 0x80131623
Pomak pogreške 0x00007ff88f5f200f
Id postupka: 0x1f44
Vrijeme pokretanja aplikacije koja je prouzročila pogrešku: 0x01d8184f50687f5a
Put aplikacije koja je prouzročila pogrešku: C:\Windows\system32\wbem\wmiprvse.exe
Put modula koji je prouzročio pogrešku: unknown
Id izvješća: 5c5c0a63-603c-4216-894b-d48b6e5884aa
Puni naziv paketa koji je prouzročio pogrešku:
Relativni ID aplikacije paketa koji je prouzročio pogrešku:

Error: (02/02/2022 05:09:54 PM) (Source: .NET Runtime) (EventID: 1025) (User: )
Description: Application: wmiprvse.exe
Framework Version: v4.0.30319
Description: The application requested process termination through System.Environment.FailFast(string message).
Message: Unexpected exception thrown from the provider:
System.IO.FileLoadException:
File name: 'Microsoft.AppV.AppvClientComConsumer, Version=10.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35'
at Microsoft.AppV.AppvPublishingServerWMI.AppvPublishingServer.EnumeratePublishingServers()


Stack:
at System.Environment.FailFast(System.String)
at WmiNative.WbemProvider.WmiNative.IWbemServices.CreateInstanceEnumAsync(System.String, Int32, WmiNative.IWbemContext, WmiNative.IWbemObjectSink)

Error: (02/02/2022 05:09:53 PM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002

Error: (02/02/2022 05:09:53 PM) (Source: Microsoft Security Client) (EventID: 2002) (User: )
Description: Event-ID 2002

Error: (02/02/2022 05:09:53 PM) (Source: Microsoft Security Client) (EventID: 2003) (User: )
Description: Event-ID 2003

Error: (02/01/2022 04:58:36 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (02/01/2022 03:49:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Aplikacija koja je prouzročila pogrešku: wmiprvse.exe, verzija: 10.0.19041.546, vremenska oznaka: 0x5da7ab91
Modul koji je prouzročio pogrešku: unknown, verzija: 0.0.0.0, vremenska oznaka: 0x00000000
Kôd iznimke: 0x80131623
Pomak pogreške 0x00007ffa4190200f
Id postupka: 0x20bc
Vrijeme pokretanja aplikacije koja je prouzročila pogrešku: 0x01d8177af08c926c
Put aplikacije koja je prouzročila pogrešku: C:\Windows\system32\wbem\wmiprvse.exe
Put modula koji je prouzročio pogrešku: unknown
Id izvješća: 13a96642-38c9-46b6-812e-16e33948d61d
Puni naziv paketa koji je prouzročio pogrešku:
Relativni ID aplikacije paketa koji je prouzročio pogrešku:


System errors:
=============
Error: (02/02/2022 09:10:21 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: ACPI2

Error: (02/02/2022 09:10:03 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-IRCP48C)
Description: The server {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} did not register with DCOM within the required timeout.

Error: (02/02/2022 08:14:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Servis Microsoft Office Click-to-Run Service neočekivano je prekinut. To se dogodilo 1 puta. Za 0 ms bit će poduzeta sljedeća akcija ispravljanja: Restart the service.

Error: (02/02/2022 08:14:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Servis Intel(R) Storage Middleware Service neočekivano je prekinut. To se dogodilo 1 puta.

Error: (02/02/2022 08:14:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Servis NVIDIA Display Container LS neočekivano je prekinut. To se dogodilo 1 puta. Za 6000 ms bit će poduzeta sljedeća akcija ispravljanja: Restart the service.

Error: (02/02/2022 08:11:58 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: ACPI2

Error: (02/02/2022 02:43:57 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-IRCP48C)
Description: Unable to start a DCOM Server: Microsoft.MicrosoftEdge_44.19041.1266.0_neutral__8wekyb3d8bbwe!MicrosoftEdge.AppXre20k58eaa822f0smszc2fbv5y0azn7k.mca as Unavailable/Unavailable. The error:
"2147942402"
Happened while starting this command:
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

Error: (02/02/2022 02:43:45 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-IRCP48C)
Description: Unable to start a DCOM Server: Microsoft.MicrosoftEdge_44.19041.1266.0_neutral__8wekyb3d8bbwe!MicrosoftEdge.AppXre20k58eaa822f0smszc2fbv5y0azn7k.mca as Unavailable/Unavailable. The error:
"2147942402"
Happened while starting this command:
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca


CodeIntegrity:
===============
Date: 2022-02-02 21:12:30
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume8\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

BIOS: American Megatrends International, LLC. F1 05/14/2021
Motherboard: Gigabyte Technology Co., Ltd. B560M DS3H V2
Processor: Intel(R) Core(TM) i5-10400F CPU @ 2.90GHz
Percentage of memory in use: 23%
Total physical RAM: 16253.29 MB
Available physical RAM: 12460.21 MB
Total Virtual: 30589.29 MB
Available Virtual: 24386.17 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:214.24 GB) (Free:138.59 GB) NTFS
Drive d: (Nova jedinica) (Fixed) (Total:976.56 GB) (Free:537.66 GB) NTFS
Drive e: (Nova jedinica) (Fixed) (Total:292.97 GB) (Free:245.87 GB) NTFS
Drive f: (Nova jedinica) (Fixed) (Total:593.47 GB) (Free:378.33 GB) NTFS
Drive g: (Nova jedinica) (Fixed) (Total:250.92 GB) (Free:178.1 GB) NTFS

\\?\Volume{3caca965-574a-4151-838e-2df5047aa778}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.07 GB) NTFS
\\?\Volume{0dd22b59-2a77-47af-afca-ed30fa423303}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================





FRST.txt



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-01-2022
Ran by Korisnik (administrator) on DESKTOP-IRCP48C (Gigabyte Technology Co., Ltd. B560M DS3H V2) (02-02-2022 23:13:44)
Running from C:\Users\Korisnik\Downloads
Loaded Profiles: Korisnik
Platform: Microsoft Windows 10 Pro Version 21H2 19044.1503 (X64) Language: engleski (Sjedinjene Države) -> hrvatski (Hrvatska)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Alexey Nicolaychuk -> ) G:\RivaTuner Statistics Server\EncoderServer.exe
(Alexey Nicolaychuk -> ) G:\RivaTuner Statistics Server\RTSS.exe
(Alexey Nicolaychuk -> ) G:\RivaTuner Statistics Server\RTSSHooksLoader64.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <11>
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_ec6acb81b9300f24\RstMwService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> ) G:\MSI Afterburner\MSIAfterburner.exe
(Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_015fa42d67826549\Display.NvContainer\NVDisplay.Container.exe <2>
(The qBittorrent Project) [File not signed] E:\qBittorrent\qbittorrent.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [167496 2022-01-13] (ESET, spol. s r.o. -> ESET)
HKU\S-1-5-21-3132303913-1656691581-3202241647-1002\...\Policies\Explorer: [HideSCAMeetNow] 1
HKU\S-1-5-21-3132303913-1656691581-3202241647-1002\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-3132303913-1656691581-3202241647-1002\...\MountPoints2: {64941ade-5b3a-11ec-af29-d85ed301c0da} - "I:\setup.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\97.0.4692.99\Installer\chrmstp.exe [2022-01-24] (Google LLC -> Google LLC)
BootExecute: autocheck autochk * SmartDefragBootTime.exe
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
HKU\S-1-5-21-3132303913-1656691581-3202241647-1002\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {040A9AAA-D675-4DC4-AE41-25E5707C45D4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23563696 2022-01-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {098599EF-8D99-44DE-BE19-6DE2A9F510D8} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2208208 2022-01-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {18305FCC-6D41-4331-943B-EFE6D9E41F30} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-12-12] (Google LLC -> Google LLC)
Task: {2DBCE23D-2264-49B5-AA1F-CFD31E268C3C} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3132303913-1656691581-3202241647-1003 => C:\Users\Korisnik\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)
Task: {3BFE5F00-41A0-4D96-B94B-950393CB6D84} - System32\Tasks\Intel PTT EK Recertification => C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\IntelPTTEKRecertification.exe [818008 2021-09-15] (Intel Corporation -> Intel(R) Corporation)
Task: {6254464A-FC4A-43F7-8BEE-7E1C4EA520EA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [3513800 2022-01-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {6DA18C18-E5A3-4A69-8798-B0FFAB290663} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1650384 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {74D07083-70C8-4C94-9E05-1DC8BF9919FC} - System32\Tasks\Uninstaller_SkipUac_Korisnik => G:\IObit Uninstaller\IObitUninstaler.exe [7350808 2021-10-19] (IObit CO., LTD -> IObit)
Task: {7723D9A7-4B06-41C8-94C6-4BD519518D69} - System32\Tasks\MSIAfterburner => G:\MSI Afterburner\MSIAfterburner.exe [804408 2021-12-03] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
Task: {82CF67A4-283A-46D3-8143-0B93D013CC51} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1650384 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {84D9B6B8-549C-405D-B1C7-414A03D4CBDA} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [904904 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {8A3CBC76-D705-412C-AF3F-73737880E7D7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [3513800 2022-01-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {9381E5B5-D8EE-4060-A065-A0FAE708343E} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NoUACCheck
Task: {93B41730-1062-43BA-96A1-5BA4003FE29D} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3132303913-1656691581-3202241647-1003 => C:\Users\Korisnik\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (No File)
Task: {A29AB79F-A6A7-4831-B32E-67B107EB77FE} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3341312 2021-12-09] (Nvidia Corporation -> NVIDIA Corporation)
Task: {A43E9B5C-7867-4431-AF7F-935B08ACA267} - System32\Tasks\Online_KMS_Activation_Script-Renewal => %ProgramData%\Online_KMS_Activation\Activate.cmd Task
Task: {AA87C4B7-C6BD-4D38-92E9-79922EC358F0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-12-12] (Google LLC -> Google LLC)
Task: {B426CABB-ED5B-466B-A06F-CCA04D4913C6} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [904904 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {C805E389-27CA-415F-B3B0-F8F3B460B853} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649216 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {DFA42C47-FE47-4E43-B5AD-545C6AD1C0A2} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2208208 2022-01-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {E45A65AC-5AC5-4ABD-A93E-605E7C282C4F} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-11-16] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {E6C1DE8C-14F4-4F12-B9A4-58ED0BD734DC} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23563696 2022-01-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {EA9E889F-D0C8-4F5B-A8D3-1E89331B9E6D} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1650384 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {F509D6B5-62FA-48A1-8D0F-DBACCD7A3FF3} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1650384 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{0da5278c-291d-47f9-9274-9251109cc5ca}: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.321.2 -> C:\Program Files\Java\jre1.8.0_321\bin\dtplugin\npDeployJava1.dll [2022-01-24] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.321.2 -> C:\Program Files\Java\jre1.8.0_321\bin\plugin2\npjp2.dll [2022-01-24] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-01-25] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-01-25] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default [2022-02-02]
CHR Extension: (Slides) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-12-12]
CHR Extension: (Docs) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-12-12]
CHR Extension: (Google Drive) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-12-12]
CHR Extension: (YouTube) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-12-12]
CHR Extension: (Email Finder by Snov.io) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\einnffiilpmgldkapbikhkeicohlaapj [2022-01-17]
CHR Extension: (Sheets) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-12-12]
CHR Extension: (Google Docs Offline) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-01-19]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2022-01-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-12-12]
CHR Extension: (Gmail) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-12-12]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8901960 2022-01-28] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9482176 2022-01-06] (Microsoft Corporation -> Microsoft Corporation)
S3 Disc Soft Lite Bus Service; E:\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4958096 2021-12-18] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S4 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [813032 2021-12-31] (EasyAntiCheat Oy -> Epic Games, Inc)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [3141480 2022-01-13] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [3141480 2022-01-13] (ESET, spol. s r.o. -> ESET)
S4 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934368 2021-10-01] (Epic Games Inc. -> Epic Games, Inc.)
S4 IObitUnSvr; G:\IObit Uninstaller\IUService.exe [158232 2021-08-04] (IObit CO., LTD -> IObit)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6136536 2022-01-29] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 ucldr_battlegrounds_gl; C:\Program Files\Common Files\UNCHEATER\ucldr_battlegrounds_gl.exe [7152880 2022-01-30] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 zksvc; C:\Program Files\Common Files\PUBG\zksvc.exe [8737992 2022-01-30] (PUBG CORPORATION -> PUBG Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_015fa42d67826549\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_015fa42d67826549\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 cpuz150; C:\Windows\temp\cpuz150\cpuz150_x64.sys [44832 2022-01-30] (CPUID S.A.R.L.U. -> CPUID)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [42256 2021-12-18] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [63696 2021-12-18] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [184464 2022-01-13] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [122944 2022-01-13] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15824 2022-01-12] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [201976 2022-01-13] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [43904 2022-01-13] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [69704 2022-01-13] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [110560 2022-01-13] (ESET, spol. s r.o. -> ESET)
R3 iaLPSS2_GPIO2_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_2546dafe2183e972\iaLPSS2_GPIO2_TGL.sys [131224 2021-12-17] (Intel Corporation -> Intel Corporation)
S3 IUFileFilter; G:\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys [43896 2020-07-31] (IObit Information Technology -> IObit)
S3 IUProcessFilter; G:\IObit Uninstaller\drivers\win10_amd64\IUProcessFilter.sys [37112 2020-07-31] (IObit Information Technology -> IObit)
S3 IURegistryFilter; G:\IObit Uninstaller\drivers\win10_amd64\IURegistryFilter.sys [51128 2020-07-31] (IObit Information Technology -> IObit)
S3 logi_joy_bus_enum; C:\Windows\system32\drivers\logi_joy_bus_enum.sys [37200 2021-12-19] (Logitech Inc -> Logitech)
S3 logi_joy_xlcore; C:\Windows\system32\drivers\logi_joy_xlcore.sys [66896 2021-12-19] (Logitech Inc -> Logitech)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [48552 2021-11-01] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
R3 RTCore64; G:\MSI Afterburner\RTCore64.sys [36824 2020-07-13] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [30744 2017-03-09] (IObit Information Technology -> IObit)
S3 tapprotonvpn; C:\Windows\System32\drivers\tapprotonvpn.sys [49024 2021-05-28] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\Windows\xhunter1.sys [2522256 2022-01-30] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-02-02 23:13 - 2022-02-02 23:14 - 000018197 _____ C:\Users\Korisnik\Downloads\FRST.txt
2022-02-02 23:13 - 2022-02-02 23:13 - 000000000 ____D C:\FRST
2022-02-02 23:12 - 2022-02-02 23:13 - 002311680 _____ (Farbar) C:\Users\Korisnik\Downloads\FRST64.exe
2022-02-02 21:10 - 2022-02-02 21:10 - 000003108 _____ C:\Windows\system32\Tasks\MSIAfterburner
2022-02-02 14:39 - 2022-02-02 20:11 - 000000000 ____D C:\Users\Korisnik\AppData\Roaming\ZHP
2022-02-02 14:39 - 2022-02-02 20:09 - 000000000 ____D C:\Users\Korisnik\AppData\Local\ZHP
2022-02-01 23:39 - 2022-02-01 23:39 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3132303913-1656691581-3202241647-1003
2022-02-01 23:39 - 2022-02-01 23:39 - 000003392 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3132303913-1656691581-3202241647-1003
2022-02-01 23:39 - 2022-02-01 23:39 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2022-02-01 22:14 - 2022-02-01 22:14 - 000000483 _____ C:\Users\Public\Desktop\*** of War.lnk
2022-02-01 22:12 - 2022-02-01 22:12 - 000001082 _____ C:\Users\Korisnik\Desktop\Rayman Origins.lnk
2022-02-01 22:10 - 2022-02-01 22:10 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2022-02-01 15:48 - 2022-02-01 15:48 - 000000000 ____D C:\Users\Korisnik\AppData\Local\ESET
2022-02-01 15:42 - 2022-02-01 15:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2022-02-01 15:42 - 2022-02-01 15:42 - 000000000 ____D C:\ProgramData\ESET
2022-02-01 15:42 - 2022-02-01 15:42 - 000000000 ____D C:\Program Files\ESET
2022-02-01 15:34 - 2022-02-01 15:34 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2022-01-31 23:13 - 2022-01-31 23:13 - 000032768 _____ C:\Users\Public\Documents\crash_dump.bin
2022-01-31 21:36 - 2022-01-31 21:36 - 000000911 _____ C:\Users\Public\Desktop\Wolfenstein Youngblood.lnk
2022-01-31 21:36 - 2022-01-31 21:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfenstein Youngblood
2022-01-31 20:04 - 2022-01-31 20:04 - 000000914 _____ C:\Users\Public\Desktop\Play Cyberpunk 2077.lnk
2022-01-31 20:04 - 2022-01-31 20:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cyberpunk 2077
2022-01-31 17:26 - 2022-01-31 17:26 - 000000000 ____D C:\Users\Korisnik\AppData\Local\FLiNGTrainer
2022-01-31 17:25 - 2021-08-20 01:28 - 001469440 _____ (3DMGAME) C:\Users\Korisnik\Desktop\Cyberpunk 2077 v1.03-v1.3 Plus 32 Trainer.exe
2022-01-30 22:58 - 2022-02-01 15:35 - 000691512 _____ C:\Windows\ntbtlog.txt
2022-01-30 22:00 - 2022-01-30 22:00 - 000000706 __RSH C:\ProgramData\ntuser.pol
2022-01-30 21:59 - 2022-01-30 21:59 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2022-01-30 19:00 - 2022-01-30 19:00 - 000164313 _____ C:\Windows\system32\sleepstudy-report.html
2022-01-30 18:45 - 2022-01-30 18:45 - 000003662 _____ C:\Windows\system32\Tasks\CreateExplorerShellUnelevatedTask
2022-01-30 00:12 - 2022-01-30 00:12 - 000000000 ___HD C:\$WinREAgent
2022-01-29 23:56 - 2022-01-29 23:56 - 000223744 _____ C:\Windows\SysWOW64\TpmTool.exe
2022-01-29 23:56 - 2022-01-29 23:56 - 000011805 _____ C:\Windows\system32\DrtmAuthTxt.wim
2022-01-29 23:55 - 2022-01-29 23:55 - 000288768 _____ C:\Windows\system32\Windows.Management.InprocObjects.dll
2022-01-29 23:55 - 2022-01-29 23:55 - 000272384 _____ C:\Windows\system32\TpmTool.exe
2022-01-29 23:55 - 2022-01-29 23:55 - 000162816 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2022-01-29 23:14 - 2022-01-29 23:14 - 000000000 ____D C:\Windows\Tasks\ImCleanDisabled
2022-01-29 00:24 - 2022-01-29 00:24 - 000000000 ____D C:\Users\Korisnik\AppData\Local\TslGame
2022-01-29 00:23 - 2022-01-29 00:23 - 000000000 ____D C:\Users\Korisnik\AppData\Local\BattlEye
2022-01-29 00:22 - 2022-01-30 23:58 - 000000000 ____D C:\Program Files\Common Files\PUBG
2022-01-29 00:22 - 2022-01-30 23:26 - 002522256 _____ (Wellbia.com Co., Ltd.) C:\Windows\xhunter1.sys
2022-01-29 00:22 - 2022-01-30 12:21 - 000000000 ____D C:\Users\Korisnik\AppData\Local\WELLBIA
2022-01-29 00:22 - 2022-01-29 00:22 - 000000000 ____D C:\Program Files\Common Files\UNCHEATER
2022-01-28 23:16 - 2022-01-28 23:16 - 000000202 _____ C:\Users\Korisnik\Desktop\PUBG BATTLEGROUNDS.url
2022-01-28 23:16 - 2022-01-28 23:16 - 000000000 ____D C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2022-01-28 19:33 - 2022-01-29 23:22 - 000000000 ____D C:\Users\Korisnik\Documents\Shadow of the Tomb Raider
2022-01-28 19:33 - 2022-01-28 19:33 - 000000000 ____D C:\Users\Korisnik\AppData\Roaming\Eidos Montreal
2022-01-26 22:02 - 2022-01-26 22:19 - 000000000 ____D C:\Users\Korisnik\AppData\Local\Skyrim Special Edition
2022-01-26 19:41 - 2022-02-01 20:05 - 000000000 ____D C:\Users\Korisnik\AppData\Roaming\Vortex
2022-01-26 17:45 - 2022-01-26 17:45 - 000000000 ____D C:\Users\Korisnik\AppData\Roaming\Goldberg SocialClub Emu Saves
2022-01-26 12:28 - 2022-01-26 12:28 - 000000457 _____ C:\Users\Public\Desktop\Play Max Payne 3.lnk
2022-01-26 12:28 - 2022-01-26 12:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Max Payne 3
2022-01-26 12:27 - 2022-01-26 19:41 - 000000000 ____D C:\Users\Korisnik\AppData\Local\Skyrim
2022-01-25 22:26 - 2022-01-25 22:26 - 000002459 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2022-01-25 22:26 - 2022-01-25 22:26 - 000002458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2022-01-25 22:26 - 2022-01-25 22:26 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2022-01-25 22:26 - 2022-01-25 22:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2022-01-25 22:26 - 2022-01-25 22:26 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2022-01-25 22:24 - 2022-01-25 22:26 - 000000000 ____D C:\Program Files\Microsoft Office
2022-01-25 22:24 - 2022-01-25 22:24 - 000000000 ____D C:\Program Files\Microsoft Office 15
2022-01-25 16:11 - 2022-02-02 21:10 - 103546880 _____ C:\Windows\system32\config\SOFTWARE
2022-01-25 16:11 - 2022-02-02 21:10 - 000786432 _____ C:\Windows\system32\config\DEFAULT
2022-01-25 16:11 - 2022-02-02 21:10 - 000049152 _____ C:\Windows\system32\config\SAM
2022-01-25 16:11 - 2022-02-02 21:10 - 000045056 _____ C:\Windows\system32\config\SECURITY
2022-01-25 16:11 - 2022-01-25 16:11 - 103448576 _____ C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2022-01-25 16:11 - 2022-01-25 16:11 - 002428928 _____ C:\Windows\system32\config\DEFAULT.iodefrag.bak
2022-01-25 16:11 - 2022-01-25 16:11 - 000049152 _____ C:\Windows\system32\config\SAM.iodefrag.bak
2022-01-25 16:11 - 2022-01-25 16:11 - 000045056 _____ C:\Windows\system32\config\SECURITY.iodefrag.bak
2022-01-25 09:34 - 2019-09-12 09:59 - 000178960 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll
2022-01-25 09:34 - 2017-03-09 13:53 - 000030744 _____ (IObit) C:\Windows\system32\Drivers\SmartDefragDriver.sys
2022-01-25 01:20 - 2022-01-25 01:20 - 103448576 _____ C:\Windows\system32\config\SOFTWARE.iobit
2022-01-25 01:20 - 2022-01-25 01:20 - 002428928 _____ C:\Windows\system32\config\DEFAULT.iobit
2022-01-25 01:20 - 2022-01-25 01:20 - 000049152 _____ C:\Windows\system32\config\SAM.iobit
2022-01-25 01:20 - 2022-01-25 01:20 - 000045056 _____ C:\Windows\system32\config\SECURITY.iobit
2022-01-25 00:53 - 2022-01-25 00:53 - 000002089 _____ C:\Windows\system32\ooshutup10.cfg
2022-01-25 00:53 - 2022-01-25 00:53 - 000000000 ____D C:\Users\Korisnik\AppData\Local\OO Software
2022-01-25 00:32 - 2022-01-25 00:32 - 000000000 ____D C:\Temp
2022-01-24 22:26 - 2022-01-24 22:26 - 000000000 ____D C:\Users\Korisnik\AppData\Local\O&O_Software_GmbH
2022-01-24 22:26 - 2022-01-24 22:26 - 000000000 ____D C:\Users\Korisnik\AppData\Local\O&O
2022-01-24 22:25 - 2022-01-24 22:27 - 000000000 ____D C:\Windows\system32\oodag
2022-01-24 22:25 - 2022-01-24 22:25 - 000000000 ____D C:\ProgramData\OO Software
2022-01-24 15:41 - 2022-01-24 15:40 - 000192736 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2022-01-24 15:26 - 2022-01-24 15:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2022-01-24 15:12 - 2022-01-24 15:12 - 000000000 ____D C:\Windows\pss
2022-01-23 20:50 - 2022-01-23 20:50 - 000000000 ____D C:\Windows\system32\Tasks\Agent Activation Runtime
2022-01-23 01:36 - 2022-01-23 01:36 - 000040763 _____ C:\Windows\system32\energy-report.html
2022-01-22 23:51 - 2022-01-28 00:31 - 000000000 ____D C:\Users\Korisnik\Documents\The Witcher 3
2022-01-22 19:23 - 2022-01-22 19:23 - 000001016 _____ C:\Users\Korisnik\Desktop\The Witcher 3 Wild Hunt.lnk
2022-01-22 19:23 - 2022-01-22 19:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by.xatab
2022-01-22 18:37 - 2022-01-11 00:54 - 000118952 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2022-01-22 18:37 - 2022-01-11 00:54 - 000039080 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhdap64.dll
2022-01-22 18:36 - 2022-01-11 13:28 - 001879784 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2022-01-22 18:36 - 2022-01-11 13:28 - 001879784 _____ C:\Windows\system32\vulkaninfo.exe
2022-01-22 18:36 - 2022-01-11 13:28 - 001467872 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2022-01-22 18:36 - 2022-01-11 13:28 - 001454824 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2022-01-22 18:36 - 2022-01-11 13:28 - 001454824 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2022-01-22 18:36 - 2022-01-11 13:28 - 001206400 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2022-01-22 18:36 - 2022-01-11 13:28 - 001115368 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2022-01-22 18:36 - 2022-01-11 13:28 - 001115368 _____ C:\Windows\system32\vulkan-1.dll
2022-01-22 18:36 - 2022-01-11 13:28 - 000969448 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2022-01-22 18:36 - 2022-01-11 13:28 - 000969448 _____ C:\Windows\SysWOW64\vulkan-1.dll
2022-01-22 18:36 - 2022-01-11 13:25 - 001529512 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2022-01-22 18:36 - 2022-01-11 13:25 - 001179096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2022-01-22 18:36 - 2022-01-11 13:25 - 000797096 _____ C:\Windows\system32\nvofapi64.dll
2022-01-22 18:36 - 2022-01-11 13:25 - 000710824 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2022-01-22 18:36 - 2022-01-11 13:25 - 000710776 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2022-01-22 18:36 - 2022-01-11 13:25 - 000637864 _____ C:\Windows\SysWOW64\nvofapi.dll
2022-01-22 18:36 - 2022-01-11 13:24 - 002119792 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2022-01-22 18:36 - 2022-01-11 13:24 - 001601144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2022-01-22 18:36 - 2022-01-11 13:24 - 000983208 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2022-01-22 18:36 - 2022-01-11 13:24 - 000792688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2022-01-22 18:36 - 2022-01-11 13:24 - 000455792 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2022-01-22 18:36 - 2022-01-11 13:23 - 008609920 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2022-01-22 18:36 - 2022-01-11 13:23 - 007713392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2022-01-22 18:36 - 2022-01-11 13:23 - 005734568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2022-01-22 18:36 - 2022-01-11 13:23 - 005099176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2022-01-22 18:36 - 2022-01-11 13:23 - 002934696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2022-01-22 18:36 - 2022-01-11 13:22 - 000850088 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2022-01-22 18:36 - 2022-01-11 13:21 - 007610232 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2022-01-22 18:36 - 2022-01-11 13:21 - 006455824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2022-01-22 18:36 - 2022-01-11 00:54 - 000089178 _____ C:\Windows\system32\nvinfo.pb
2022-01-20 13:17 - 2022-01-20 13:17 - 000000146 _____ C:\Users\Korisnik\.packettracer
2022-01-20 13:17 - 2022-01-20 13:17 - 000000000 ____D C:\Users\Korisnik\AppData\Local\PacketTracer
2022-01-18 10:54 - 2022-01-18 11:01 - 000000000 ____D C:\Users\Korisnik\Documents\Zoom
2022-01-18 10:06 - 2022-01-18 10:06 - 000000000 ____D C:\Users\Korisnik\AppData\Roaming\Zoom
2022-01-18 10:06 - 2022-01-18 10:06 - 000000000 ____D C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2022-01-17 17:39 - 2022-01-25 01:11 - 000000000 ____D C:\Program Files (x86)\Proton Technologies
2022-01-17 17:39 - 2022-01-17 17:39 - 000029680 _____ (WireGuard LLC) C:\Windows\system32\Drivers\wintun.sys
2022-01-17 17:39 - 2022-01-17 17:39 - 000000000 ____D C:\Users\Korisnik\AppData\Local\ToastNotificationManagerCompat
2022-01-17 17:09 - 2022-01-17 17:09 - 000000805 _____ C:\Users\Public\Desktop\Sniper Ghost Warrior Contracts 2.lnk
2022-01-17 09:10 - 2022-01-17 09:10 - 000000000 ____D C:\Users\Korisnik\Documents\Custom Office Templates
2022-01-15 13:12 - 2022-01-15 13:12 - 000000000 ____D C:\Users\Korisnik\AppData\Roaming\FLT
2022-01-14 16:33 - 2022-01-14 16:33 - 000523776 _____ (curl, hxxps://curl.se/) C:\Windows\system32\curl.exe
2022-01-14 16:33 - 2022-01-14 16:33 - 000464384 _____ (curl, hxxps://curl.se/) C:\Windows\SysWOW64\curl.exe
2022-01-13 13:48 - 2022-01-13 13:48 - 000201976 _____ (ESET) C:\Windows\system32\Drivers\ehdrv.sys
2022-01-13 13:48 - 2022-01-13 13:48 - 000184464 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
2022-01-13 13:48 - 2022-01-13 13:48 - 000122944 _____ (ESET) C:\Windows\system32\Drivers\edevmon.sys
2022-01-13 13:48 - 2022-01-13 13:48 - 000110560 _____ (ESET) C:\Windows\system32\Drivers\epfwwfp.sys
2022-01-13 13:48 - 2022-01-13 13:48 - 000069704 _____ (ESET) C:\Windows\system32\Drivers\epfw.sys
2022-01-13 13:48 - 2022-01-13 13:48 - 000043904 _____ (ESET) C:\Windows\system32\Drivers\ekbdflt.sys
2022-01-12 11:57 - 2022-01-12 11:57 - 001159216 _____ (Realtek ) C:\Windows\system32\Drivers\rt640x64.sys
2022-01-12 10:35 - 2022-01-12 10:35 - 000015824 _____ (ESET) C:\Windows\system32\Drivers\eelam.sys
2022-01-07 14:26 - 2022-01-07 14:39 - 000000000 ____D C:\Users\Korisnik\AppData\Local\Aiseesoft Studio
2022-01-07 14:26 - 2022-01-07 14:26 - 000000000 ____D C:\Users\Korisnik\.android
2022-01-05 00:30 - 2022-01-05 00:30 - 000028672 _____ C:\Users\Korisnik\AppData\Roaming\crash.bin
2022-01-04 13:56 - 2022-01-04 13:57 - 000000000 ____D C:\Users\Korisnik\AppData\Roaming\Goldberg SteamEmu Saves

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-02-02 23:02 - 2021-12-18 12:40 - 000000000 ____D C:\Users\Korisnik\AppData\Roaming\qBittorrent
2022-02-02 21:17 - 2021-09-20 19:25 - 000840598 _____ C:\Windows\system32\PerfStringBackup.INI
2022-02-02 21:17 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2022-02-02 21:12 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-02-02 21:10 - 2021-12-12 11:41 - 000000000 ____D C:\ProgramData\NVIDIA
2022-02-02 21:10 - 2021-09-21 04:15 - 000008192 ___SH C:\DumpStack.log.tmp
2022-02-02 21:10 - 2021-09-21 04:15 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-02-02 21:10 - 2019-12-07 10:03 - 000524288 _____ C:\Windows\system32\config\BBI
2022-02-02 20:32 - 2021-12-18 12:35 - 000000000 ____D C:\Users\Korisnik\Desktop\Alati
2022-02-02 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2022-02-02 00:02 - 2021-12-12 11:32 - 000000000 ____D C:\Users\Korisnik\AppData\Local\PlaceholderTileLogoFolder
2022-02-01 23:50 - 2021-12-12 11:30 - 000000000 ____D C:\Users\Korisnik\AppData\Local\D3DSCache
2022-02-01 23:48 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\Registration
2022-02-01 23:37 - 2021-09-20 19:20 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-02-01 23:37 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2022-02-01 22:20 - 2021-12-19 18:55 - 000000000 ____D C:\Users\Korisnik\Documents\My Games
2022-02-01 22:06 - 2021-12-13 23:57 - 000000000 ____D C:\Users\Korisnik\Desktop\Arijan
2022-02-01 15:42 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2022-02-01 15:23 - 2021-12-12 12:54 - 000002498 _____ C:\Windows\system32\Tasks\Uninstaller_SkipUac_Korisnik
2022-01-31 22:46 - 2021-12-12 11:33 - 000000000 ____D C:\Program Files (x86)\Google
2022-01-31 22:10 - 2021-12-12 11:30 - 000000000 ____D C:\Users\Korisnik\AppData\Local\Packages
2022-01-31 21:36 - 2021-12-12 11:27 - 000004116 _____ C:\Windows\system32\Tasks\Online_KMS_Activation_Script-Renewal
2022-01-31 21:29 - 2021-12-17 01:48 - 000003212 _____ C:\Windows\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-01-31 21:28 - 2021-12-17 01:48 - 000003458 _____ C:\Windows\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-01-31 19:03 - 2021-12-16 17:19 - 000000000 ____D C:\Users\Korisnik\AppData\Local\CrashDumps
2022-01-31 18:36 - 2021-12-18 12:21 - 000000000 ____D C:\Program Files (x86)\IObit
2022-01-30 18:52 - 2021-12-17 01:18 - 000007601 _____ C:\Users\Korisnik\AppData\Local\Resmon.ResmonCfg
2022-01-30 18:45 - 2021-12-12 11:35 - 000000000 ____D C:\Users\Korisnik\AppData\LocalLow\IObit
2022-01-30 18:45 - 2021-12-12 11:34 - 000000000 ____D C:\Users\Korisnik\AppData\Roaming\IObit
2022-01-30 18:45 - 2021-12-12 11:34 - 000000000 ____D C:\ProgramData\IObit
2022-01-30 15:49 - 2021-12-12 11:29 - 000000000 ____D C:\Users\Korisnik
2022-01-30 00:29 - 2021-09-21 04:15 - 000440696 _____ C:\Windows\system32\FNTCACHE.DAT
2022-01-30 00:28 - 2019-12-07 10:52 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-01-30 00:28 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2022-01-30 00:28 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources
2022-01-30 00:28 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\et-EE
2022-01-30 00:28 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\es-MX
2022-01-30 00:28 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Dism
2022-01-30 00:28 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\appraiser
2022-01-30 00:28 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellExperiences
2022-01-30 00:28 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2022-01-30 00:28 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr
2022-01-30 00:16 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2022-01-29 23:55 - 2021-09-20 19:18 - 002877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2022-01-29 23:31 - 2021-12-12 11:36 - 000000000 ____D C:\ProgramData\ProductData
2022-01-29 23:22 - 2021-12-13 23:47 - 000000000 ____D C:\Users\Korisnik\AppData\Local\Discord
2022-01-29 23:16 - 2021-12-18 00:28 - 000000000 ____D C:\Users\Korisnik\AppData\Local\Razer
2022-01-29 23:16 - 2021-12-18 00:28 - 000000000 ____D C:\ProgramData\Razer
2022-01-29 23:16 - 2021-12-18 00:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2022-01-29 11:04 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-01-29 00:24 - 2021-12-18 12:42 - 000000000 ____D C:\Users\Korisnik\AppData\Local\UnrealEngine
2022-01-29 00:22 - 2021-12-12 19:50 - 000000000 ____D C:\ProgramData\Package Cache
2022-01-28 19:34 - 2021-12-31 12:12 - 000000000 ____D C:\Users\Korisnik\AppData\Local\Epic Games
2022-01-26 17:45 - 2021-12-12 12:22 - 000000000 ____D C:\Users\Korisnik\Documents\Rockstar Games
2022-01-25 22:26 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2022-01-25 01:10 - 2021-12-13 12:00 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2022-01-24 22:28 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\LiveKernelReports
2022-01-24 15:41 - 2021-12-15 22:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2022-01-24 15:41 - 2021-12-12 14:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2022-01-24 15:40 - 2021-12-12 14:12 - 000000000 ____D C:\Program Files\Java
2022-01-24 15:31 - 2021-12-12 11:33 - 000002319 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-01-24 15:31 - 2021-12-12 11:33 - 000002278 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-01-24 15:26 - 2021-12-12 11:33 - 000003408 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2022-01-24 15:26 - 2021-12-12 11:33 - 000003184 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2022-01-22 19:23 - 2021-12-12 12:26 - 000000000 ____D C:\Windows\SysWOW64\directx
2022-01-22 18:38 - 2021-12-12 12:02 - 000000000 ____D C:\Users\Korisnik\AppData\Local\NVIDIA
2022-01-21 22:35 - 2021-12-13 23:47 - 000000000 ____D C:\Users\Korisnik\AppData\Local\SquirrelTemp
2022-01-21 00:51 - 2021-12-13 23:47 - 000000000 ____D C:\Users\Korisnik\AppData\Roaming\discord
2022-01-20 13:17 - 2021-12-16 22:52 - 000000000 ____D C:\Users\Korisnik\AppData\Local\cache
2022-01-19 21:38 - 2021-09-21 04:15 - 000000000 ____D C:\Windows\system32\SleepStudy
2022-01-14 17:06 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2022-01-14 17:06 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\setup
2022-01-14 17:06 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\oobe
2022-01-14 16:29 - 2021-12-17 01:30 - 000000000 ____D C:\Windows\system32\MRT
2022-01-14 16:27 - 2021-12-17 01:30 - 145765912 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2022-01-12 11:47 - 2021-12-12 11:59 - 000003840 _____ C:\Windows\system32\Tasks\Intel PTT EK Recertification
2022-01-03 10:37 - 2021-12-17 01:48 - 000003008 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-01-03 10:37 - 2021-12-17 01:48 - 000003008 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-01-03 10:37 - 2021-12-17 01:48 - 000003008 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

==================== Files in the root of some directories ========

2022-01-05 00:30 - 2022-01-05 00:30 - 000028672 _____ () C:\Users\Korisnik\AppData\Roaming\crash.bin
2021-05-07 09:37 - 2021-05-07 09:39 - 000012288 _____ () C:\Users\Korisnik\AppData\Roaming\emp.bin
2021-12-17 01:18 - 2022-01-30 18:52 - 000007601 _____ () C:\Users\Korisnik\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 

Attachments

Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system. Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.





Seems windows defender is still running, use this tool to disable it,

www.sordum.org

Defender Control v2.1

In Windows there is no option to completely turn off Microsoft Defender , Defender control is a Portable freeware to disable Ms Defender.
www.sordum.org www.sordum.org
 

Attachments

I can't disable the windows defender, the program starts and shows something among the lines : "The IT admin has limited acces..." I have tried adding an exclusion but can't since ESET manages that. Should I be disabling the windows defender? The PC slept fine with it before.
1643899099543.png
 
I see that Bittorrent is running on the machine, I'd uninstall that to see if it is preventing the machine from sleeping. You can use the tool I sent you to disable windows defender. There is no need to have two antivirus running, ESET can more than handle the antivirus needs of your machine, as a general rule, only one antivirus per machine.



ZHP Scan.

Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.


2. Once you have started the program, you will need to click the scanner button.
The program will close all open browsers!

3. Once the scan is completed, the you will want to click the Repair button.

At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.
 
Also, please attach new FRST and Additon.txt logs when you have uninstalled bittorrent and ran the ZHP clean tool please. As well let me know if uninstalling the torrent software has allowed the machine to sleep.
 
I have uninstalled the qBittorrent and run the fix. The ZHP Cleaner showed some error at the end of a scan the first time so I ran it a second time. I will attach both logs.The pc still doesn't sleep after uninstalling torrent.
My windows defender is disabled automatically (replaced with ESET)
 

Attachments

Disable the windows firewall, it is active and should not be since eset is providing firewall service for your machine.

Here is your new fixlist.
 

Attachments

Aside from just disconnecting the external HDD from the machine, I am running short on ideas. I think that you should start a new thread and provide a link to this one, so that another member will pick it up. Usually in my experience its always a task running in the backround that prevents a machine from sleeping.
 
It may be a windows setting that is out of whack there is the all in one repair tool that sets things back right it is suggested that you run in safe mode.

www.tweaking.com

Tweaking.com - Windows Repair Free/Pro

Unlock the power of Tweaking.com Windows Repair Free and Pro. Repair and optimize your Windows system by clicking here and trying it out!
www.tweaking.com www.tweaking.com
 
I don't have any external hdd's connected.
I will give that a try and let you know.
Thank you for your help anyways man, the things you did, I'm really shocked.
 
  • Like
Reactions: Malnutrition
At least your machine is 100 percent clean of any type of malware, that you can be certain of. :)

Have a good day.
 
To clean up the tools we used.

Download KpRM
Save to Desktop
Check Delete Tools'
Delete Restore points
Create Restore point.
Then click run.

I will close this thread, I hope another member can get your machine sleeping.
 
Status
Not open for further replies.
Top Bottom