Trouble (?) With Linux:multiverze

Hi,

Recently (in the last 2 weeks) my computer started to slow down occasionally without any apparent reason (it started after updating Google but I don't think it is related to it). Yesterday I checked Windows Defender and there is a detection for Linux:Multiverze, with medium severity. It cannot be deleted or quaranined. Malwarebytes doesn't detect it. Is there a way to remove it, could it be related to the slow downs?

Thanks...

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-06-2023
Ran by Artur (administrator) on DESKTOP-MAPRNM8 (Gigabyte Technology Co., Ltd. X570 AORUS MASTER) (20-06-2023 18:37:51)
Running from C:\Users\Artur\Desktop\FRST64.exe
Loaded Profiles: Artur
Platform: Microsoft Windows 10 Pro Version 22H2 19045.3086 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe ->) (Razer USA Ltd. -> The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe <5>
(C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe ->) (Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\Synapse3\UserProcess\Razer Synapse Service Process.exe
(C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_appbroker.exe
(C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe
(C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
(C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(C:\Program Files\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe ->) (Oculus VR, LLC -> Facebook Technologies, LLC) C:\Program Files\Oculus\Support\oculus-runtime\OVRRedir.exe
(C:\Program Files\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe ->) (Oculus VR, LLC -> Facebook Technologies, LLC) C:\Program Files\Oculus\Support\oculus-runtime\OVRServer_x64.exe
(C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe ->) (Plex, Inc. -> ) C:\Program Files\Plex\Plex Media Server\Plex Tuner Service.exe
(C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe ->) (Plex, Inc. -> ) C:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe <2>
(E:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe ->) (Epic Games Inc. -> Epic Games, Inc.) E:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe <3>
(E:\Steam\steam.exe ->) (Valve Corp. -> Valve Corporation) E:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <6>
(explorer.exe ->) (Adaware Software (7270356 CANADA INC.) -> ) C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.10.249.0\AdAwareTray.exe
(explorer.exe ->) (Epic Games Inc. -> Epic Games, Inc.) E:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <20>
(explorer.exe ->) (Logitech Inc -> Logitech) C:\Program Files\Logi\LogiBolt\LogiBolt.exe
(explorer.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <9>
(explorer.exe ->) (Native Instruments GmbH -> Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareAccessibilityHelper.exe
(explorer.exe ->) (Native Instruments GmbH -> Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\NTK\NTKDaemon.exe
(explorer.exe ->) (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
(explorer.exe ->) (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe
(explorer.exe ->) (Plex, Inc. -> Plex, Inc.) C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe
(explorer.exe ->) (Privax Limited -> Privax Limited) C:\Program Files\Privax\HMA VPN\Vpn.exe <3>
(explorer.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
(explorer.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE
(explorer.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\spool\drivers\x64\3\E_YATISPE.EXE
(explorer.exe ->) (Valve Corp. -> Valve Corporation) E:\Steam\steam.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.272\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.272\GoogleCrashHandler64.exe
(Malwarebytes Inc. -> Malwarebytes) F:\Program Files\Malwarebytes\Malwarebytes.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
(Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(services.exe ->) (Adaware Software (7270356 CANADA INC.) -> ) C:\Program Files\adaware\adaware antivirus\elam\3.0.0.0\AdAwareWSCService.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) F:\Program Files\Malwarebytes\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe <2>
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\NisSrv.exe
(services.exe ->) (Native Instruments GmbH -> Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHostIntegrationAgent.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_36f8a434e9b7b9f2\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Oculus VR, LLC -> Facebook Technologies, LLC) C:\Program Files\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe
(services.exe ->) (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(services.exe ->) (Plex, Inc. -> Plex, Inc.) C:\Program Files\Plex\Plex Media Server\Plex Update Service.exe
(services.exe ->) (Privax Limited -> Privax Limited) C:\Program Files\Privax\HMA VPN\VpnSvc.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_ee6fe91a35eb809c\RtkAudUService64.exe <2>
(services.exe ->) (Synology Inc. -> ) C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(services.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\steamservice.exe
(svchost.exe ->) (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\GIGABYTE\SIV\sensord.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_ee6fe91a35eb809c\RtkAudUService64.exe [3450728 2022-02-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM\...\Run: [EPPCCMON] => C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE [445800 2021-10-08] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM\...\Run: [PowerDVD20Agent] => e:\Program Files\CyberLink\PowerDVD20\PowerDVD20Agent.exe [534848 2020-03-20] (CyberLink Corp. -> CyberLink Corp.)
HKLM\...\Run: [AdAwareTray] => C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.10.249.0\AdAwareTray.exe [4879840 2023-01-07] (Adaware Software (7270356 CANADA INC.) -> )
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1690368 2022-07-22] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [LogiBolt] => C:\Program Files\Logi\LogiBolt\LogiBolt.exe [22423104 2021-12-14] (Logitech Inc -> Logitech)
HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [11797192 2023-06-05] (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [109324536 2021-03-12] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [70858912 2021-06-20] (Discord Inc. -> Discord Inc.)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [670080 2021-08-06] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [895360 2021-08-06] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1310720 2020-02-10] (Seiko Epson Corporation) [File not signed]
HKLM-x32\...\Run: [PowerDVD20Agent] => e:\Program Files\CyberLink\PowerDVD20\PowerDVD20Agent.exe [534848 2020-03-20] (CyberLink Corp. -> CyberLink Corp.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [739448 2023-03-17] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-4196824725-3086983806-1830072506-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2605944 2023-06-20] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-4196824725-3086983806-1830072506-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Artur\AppData\Local\Microsoft\Teams\Update.exe [2453704 2021-06-20] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-4196824725-3086983806-1830072506-1001\...\Run: [Steam] => E:\Steam\steam.exe [4371816 2023-06-16] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-4196824725-3086983806-1830072506-1001\...\Run: [EpicGamesLauncher] => E:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [37077968 2023-06-14] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-4196824725-3086983806-1830072506-1001\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3548424 2023-06-02] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-5-21-4196824725-3086983806-1830072506-1001\...\Run: [CyberlinkPowerPlayerMediaServer] => E:\Program Files\CyberLink\PowerDVD20\Common\CLMediaServer\clmediaserver.exe [5446976 2020-03-20] (CyberLink Corp. -> CyberLink Corp.)
HKU\S-1-5-21-4196824725-3086983806-1830072506-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATISPE.EXE [418736 2019-08-22] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-4196824725-3086983806-1830072506-1001\...\Run: [Plex Media Server] => C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe [27375368 2023-04-25] (Plex, Inc. -> Plex, Inc.)
HKU\S-1-5-21-4196824725-3086983806-1830072506-1001\...\Run: [LogiBolt] => C:\Program Files\Logi\LogiBolt\LogiBolt.exe [22423104 2021-12-14] (Logitech Inc -> Logitech)
HKU\S-1-5-21-4196824725-3086983806-1830072506-1001\...\Run: [MicrosoftEdgeAutoLaunch_2CF32DBEB1F4C460876BA3E327D82F7A] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4113824 2023-06-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-4196824725-3086983806-1830072506-1001\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-4196824725-3086983806-1830072506-1001\...\Policies\Explorer: [NoDrives] 33554432
HKU\S-1-5-21-4196824725-3086983806-1830072506-1001\...\Policies\Explorer: [NoViewOnDrive] 33554432
HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3548424 2023-06-02] (Razer USA Ltd. -> Razer Inc.)
HKLM\...\Windows x64\Print Processors\CnXP0PP: C:\Windows\System32\spool\prtprocs\x64\CnXP0PP.DLL [666624 2022-01-21] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\CPCA Language Monitor4: C:\Windows\system32\CNAS0MPK.DLL [1804288 2021-07-01] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\EPSON L6190 Series 64MonitorBE: C:\Windows\system32\E_YLMBSPE.DLL [184832 2017-07-14] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation)
HKLM\...\Print\Monitors\EPSON PC-FAX Driver2 64Monitor: C:\Windows\system32\EFXLM16A.DLL [182784 2021-08-06] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EPSON Universal Print Driver 64MonitorBE: C:\Windows\system32\E_2LM0DE.DLL [187392 2018-06-15] (Seiko Epson Corporation) [File not signed]
HKLM\...\Print\Monitors\EpsonNet Print Port: C:\Windows\system32\enppmon.dll [500736 2016-09-14] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\114.0.5735.134\Installer\chrmstp.exe [2023-06-16] (Google LLC -> Google LLC)
AppInit_DLLs: E:\Program, Files\Virtual, Desktop, Streamer\VirtualDesktop.Injector64.dll => No File
AppInit_DLLs-x32: E:\Program, Files\Virtual, Desktop, Streamer\VirtualDesktop.Injector32.dll => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HMA VPN.lnk [2023-05-06]
ShortcutTarget: HMA VPN.lnk -> C:\Program Files\Privax\HMA VPN\Vpn.exe (Privax Limited -> Privax Limited)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NIHardwareAccessibilityHelper.exe.lnk [2021-12-25]
ShortcutTarget: NIHardwareAccessibilityHelper.exe.lnk -> C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareAccessibilityHelper.exe (Native Instruments GmbH -> Native Instruments GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NTKDaemon.lnk [2021-12-25]
ShortcutTarget: NTKDaemon.lnk -> C:\Program Files\Common Files\Native Instruments\NTK\NTKDaemon.exe (Native Instruments GmbH -> Native Instruments GmbH)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

 

==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {03905C79-4314-4E6E-8572-3DAFE27A468A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MpCmdRun.exe [1650040 2023-06-13] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {182C04D5-3713-42B4-9641-E2FE4F71A433} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-06-20] (Google LLC -> Google LLC)
Task: {199D1B73-EF8D-4CFB-AF56-55ADE1478F99} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26557376 2023-06-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {1B52E29D-3BCB-47A1-81E3-A5CCF79BA4EB} - System32\Tasks\SIV => C:\Program Files (x86)\GIGABYTE\SIV\Thermald.exe [392296 2023-03-06] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
Task: {4F6808E3-0265-49D4-B395-D24EDF833B19} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [133905984 2023-03-10] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
Task: {53C0E625-C1FF-4E98-A924-49FF605979DF} - System32\Tasks\Privax\HMA VPN Update => C:\Program Files\Common Files\Privax\Icarus\privax-vpn\icarus.exe [7095688 2023-04-26] (Privax Limited -> Privax Limited)
Task: {55706881-0076-4B89-A594-F869F91BB3D4} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [157552 2023-06-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {67F7BA53-8B99-4B91-A2EC-A1DD8DCBE5BD} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2113024 2023-06-09] () [File not signed]
Task: {68455022-77F4-490E-8CF5-E4095AA547E2} - System32\Tasks\EPSON L6190 Series Update {4DF45AEB-CB7C-436A-A97D-DB3BC5A8286F} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSSPE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Task: {721C852C-55D0-48E1-A503-F3BB403F8FF7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-06-20] (Google LLC -> Google LLC)
Task: {7F9F88C1-7815-4870-B97F-03B0784DB419} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [170456 2023-06-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {881E7AE9-0711-4AEE-A365-6DCC9FF51072} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [3854016 2023-06-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {8A7280B9-71BB-472E-83F1-A754BC6E785D} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4147592 2023-06-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {9BA1C231-1676-44C0-B413-EF19B18E0F8D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MpCmdRun.exe [1650040 2023-06-13] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A9C4BBE4-A0E4-4466-9755-957610DC3F6E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564152 2023-04-03] (Adobe Inc. -> Adobe Inc.)
Task: {AD85B42A-31D4-4AD8-87B2-189BF35EA101} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MpCmdRun.exe [1650040 2023-06-13] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AE225BB2-3B82-4408-9B12-F8825378B5ED} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-4196824725-3086983806-1830072506-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4147592 2023-06-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {B4C0F94C-79D2-4F08-B89A-F9021159A24B} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [157552 2023-06-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {B4F9AD06-3F71-4944-B56D-272C02CACE6F} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26557376 2023-06-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {B5ED0B56-EEC6-4116-8F35-1AC137889771} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe [65432 2021-11-24] (Microsoft Corporation -> Microsoft)
Task: {B846809E-45E2-4212-AA39-D5578C234474} - System32\Tasks\SIV-VGA => C:\Program Files (x86)\GIGABYTE\SIV\Sensord.exe [257408 2021-06-29] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
Task: {BBF20943-3750-4CB8-8F6B-8CC5FFFD75D7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MpCmdRun.exe [1650040 2023-06-13] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C6F11D9C-3EC7-4FE5-A7EF-1BD0369D74B5} - System32\Tasks\IcarusPrivaxVpnUpgrade => C:\Program Files\Privax\HMA VPN\setup\privax_vpn_online_setup.exe -> /silent /ShowVpnGui=0 /RestartUpdaterTaskName=IcarusPrivaxVpnUpgrade /RestartUpdaterAppExe="C:\Program Files\Privax\HMA VPN\setup\privax_vpn_online_setup.exe"
Task: {F6FAC2A5-120B-4D19-8BDB-44958D7B9670} - System32\Tasks\HMA VPN Update => C:\Program Files\Privax\HMA VPN\VpnUpdate.exe [1319304 2023-05-06] (Privax Limited -> Privax Limited)
Task: {F7BB0893-23F6-4ED7-82E8-029508623BDF} - System32\Tasks\Privax\HMA VPN Bug Report => C:\Program Files\Privax\HMA VPN\AvBugReport.exe [5030792 2023-05-06] (Privax Limited -> Privax Limited) -> --filter "*.dmp;*.mdmp;icarus.log" --send "dumps|report" --silent --product 78 --programpath "C:\Program Files\Privax\HMA VPN" --configpath "C:\ProgramData\Privax\HMA VPN" --path "C:\ProgramData\Privax\HMA VPN\log" --path "C:\ProgramData\Privax\Icarus\Logs" --logpath "C:\ProgramData\Privax\HMA VPN\l (the data entry has 47 more characters).
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\Windows\Tasks\EPSON L6190 Series Update {4DF45AEB-CB7C-436A-A97D-DB3BC5A8286F}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSSPE.EXE:/EXE:{4DF45AEB-CB7C-436A-A97D-DB3BC5A8286F} /F:UpdateWORKGROUP\DESKTOP-MAPRNM8$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-4196824725-3086983806-1830072506-1001] => 194.27.128.8:3128
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{188df61f-1032-4ca8-9c0a-c6c15421967f}: [NameServer] 100.122.0.0
Tcpip\..\Interfaces\{8dd9ad8c-edc8-4c9f-b88e-33336d97c4c5}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{8dd9ad8c-edc8-4c9f-b88e-33336d97c4c5}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9378245b-b3ea-41c9-a2ce-03fcaadc26f3}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a6fa1761-c232-4beb-8396-c683b1018366}: [DhcpNameServer] 192.168.105.83
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Artur\AppData\Local\Microsoft\Edge\User Data\Default [2023-06-20]
Edge Extension: (Video Downloader Plus) - C:\Users\Artur\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cnbnfjhmdaflilgadocmfindhmcfpfnc [2022-04-02]
Edge Extension: (EndNote Click - Formerly Kopernio) - C:\Users\Artur\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jaleebmaoohbjjohjlfmihkkopgfibne [2022-01-03]
Edge Extension: (Edge relevant text changes) - C:\Users\Artur\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-05-20]
Edge Extension: (Snapstream video downloader) - C:\Users\Artur\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mmjdebklmfjajmoplcloodegnkanahmm [2022-04-02]
Edge HKLM-x32\...\Edge\Extension: [jaleebmaoohbjjohjlfmihkkopgfibne]
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.15 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-08] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-05-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.371.2 -> C:\Program Files (x86)\Java\jre-1.8\bin\dtplugin\npDeployJava1.dll [2023-03-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.371.2 -> C:\Program Files (x86)\Java\jre-1.8\bin\plugin2\npjp2.dll [2023-03-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default [2022-05-11]
CHR DownloadDir: E:\Downloads\ChromeDownloads
CHR HomePage: Default -> about:blank
CHR Extension: (Vimeo Private Downloader) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigelpnhidcahdkpmbgpllmiibdkllai [2022-05-04]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2022-05-04]
CHR Extension: (Augmented Steam) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnhpnfgdlenaccegplpojghhmaamnnfp [2022-05-04]
CHR Extension: (Disable HTML5 Autoplay) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\efdhoaajjjgckpbkoglidkeendpkolai [2022-05-04]
CHR Extension: (Dark Reader) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimadpbcbfnmbkopoojfekhnkhdbieeh [2022-05-04]
CHR Extension: (Video Downloader professional) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2022-05-04]
CHR Extension: (EndNote Click - Formerly Kopernio) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjgncogppolhfdpijihbpfmeohpaadpc [2022-05-04]
CHR Extension: (video downloader - CocoCut) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\gddbgllpilhpnjpkdbopahnpealaklle [2022-05-04]
CHR Extension: (The Camelizer) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo [2022-05-04]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2022-05-04]
CHR Extension: (Trusty Search Assistant for Amazon) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmchbfaebbmmhepolfecmihamjfmofl [2022-05-04]
CHR Extension: (FastForward) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\icallnadddjmdinamnolclfjanhfoafe [2022-05-04]
CHR Extension: (Stream Recorder - download HLS as MP4) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\iogidnfllpdhagebkblkgbfijkbkjdmm [2022-05-04]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2022-05-04]
CHR Extension: (SteamDB) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdbmhfkmnlmbkgbabkdealhhbfhlmmon [2022-05-04]
CHR Extension: (ActiveX for Chrome) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgllffgicojgllpmdbemgglaponefajn [2022-05-04]
CHR Extension: (Video Popout) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\lomlmaamgdjplnhhgnoajlbnlgnpkobl [2022-05-04]
CHR Extension: (Morpheon Dark) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2022-05-04]
CHR Extension: (Keepa - Amazon Price Tracker) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebplgakaahbhdphmkckjjcegoiijjo [2022-05-04]
CHR Extension: (DFK Alerts) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\nghiadigonalglomdnbgellmhiecaclh [2022-05-04]
CHR Extension: (MetaMask) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2022-05-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-05-04]
CHR Extension: (TabCloud) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\npecfdijgoblfcgagoijgmgejmcpnhof [2022-05-04]
CHR Extension: (DeFi Kingdoms Profession Scores) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Default\Extensions\pklfcddomaflmgkinpcmendfkkdopnlp [2022-05-04]
CHR Profile: C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-05-04]
CHR Profile: C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Profile 1 [2023-06-20]
CHR Extension: (Image Downloader) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2023-05-21]
CHR Extension: (Tampermonkey) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2023-05-21]
CHR Extension: (Augmented Steam) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dnhpnfgdlenaccegplpojghhmaamnnfp [2023-05-21]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-06-11]
CHR Extension: (Video Downloader Professional) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2023-05-21]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2023-06-13]
CHR Extension: (Stream Recorder - download HLS as MP4) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iogidnfllpdhagebkblkgbfijkbkjdmm [2023-05-21]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2023-05-21]
CHR Extension: (SteamDB) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kdbmhfkmnlmbkgbabkdealhhbfhlmmon [2023-05-21]
CHR Extension: (Morpheon Dark) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2023-05-21]
CHR Extension: (Keepa - Amazon Price Tracker) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\neebplgakaahbhdphmkckjjcegoiijjo [2023-05-21]
CHR Extension: (MetaMask) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2023-06-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-05-21]
CHR Extension: (TabCloud) - C:\Users\Artur\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\npecfdijgoblfcgagoijgmgejmcpnhof [2023-05-21]
CHR Profile: C:\Users\Artur\AppData\Local\Google\Chrome\User Data\System Profile [2022-05-04]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [fjgncogppolhfdpijihbpfmeohpaadpc] - hxxps://click.endnote.com/extensions/chrome/update-manifest.xml
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 adawareantivirusservice; C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.10.249.0\AdAwareService.exe [588768 2023-01-07] (Adaware Software (7270356 CANADA INC.) -> )
R2 adawareantiviruswscservice; C:\Program Files\adaware\adaware antivirus\elam\3.0.0.0\AdAwareWSCService.exe [4839392 2023-01-07] (Adaware Software (7270356 CANADA INC.) -> )
S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-04-03] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-01-10] (Apple Inc. -> Apple Inc.)
S2 CdRomAccessAgentService; C:\Program Files (x86)\Common Files\cdagtsvc\cdagtsvc_v1.0.0_x86.exe [110664 2022-11-30] (Shenzhen Moyea Software -> Leawo Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11774392 2023-06-07] (Microsoft Corporation -> Microsoft Corporation)
S2 CMigrationService; C:\Program Files (x86)\Samsung\Samsung Magician\MigrationService\MigrationService.exe [761408 2023-03-10] (Samsung Electronics Co., Ltd. -> Clonix & CottonCandy)
S2 DOService; F:\Program Files\Dragonfly\DOService.exe [310784 2023-02-11] () [File not signed]
S3 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [11373160 2023-06-16] (Electronic Arts, Inc. -> Electronic Arts)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2022-07-11] (Epic Games Inc. -> Epic Games, Inc.)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [206304 2020-10-02] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.114.0530.0001\FileSyncHelper.exe [3446648 2023-06-20] (Microsoft Corporation -> Microsoft Corporation)
R2 HmaProVpn; C:\Program Files\Privax\HMA VPN\VpnSvc.exe [10043272 2023-05-06] (Privax Limited -> Privax Limited)
S2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21304 2017-09-28] (Microsoft Corporation -> Microsoft Corporation)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [14039808 2023-06-05] (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd)
R2 MBAMService; F:\Program Files\Malwarebytes\MBAMService.exe [9266864 2023-06-20] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; F:\Program Files\Malwarebytes\MBVpnTunnelService.exe [2954424 2023-06-20] (Malwarebytes Inc. -> Malwarebytes)
R2 NIHostIntegrationAgent; C:\Program Files\Common Files\Native Instruments\Hardware\NIHostIntegrationAgent.exe [18849168 2021-07-26] (Native Instruments GmbH -> Native Instruments GmbH)
S3 OfficeSvcManagerAddons; C:\Windows\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [21312 2021-04-09] (Microsoft Windows -> Microsoft Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.114.0530.0001\OneDriveUpdaterService.exe [3781496 2023-06-20] (Microsoft Corporation -> Microsoft Corporation)
R2 OptionsPlusUpdaterService; C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe [17929472 2023-05-21] (Logitech Inc -> Logitech, Inc.)
S2 Orthanc; f:\Program Files\Orthanc Server\OrthancService.exe [974848 2023-03-29] () [File not signed]
S3 OVRLibraryService; C:\Program Files\Oculus\Support\oculus-librarian\OVRLibraryService.exe [148024 2023-05-03] (Oculus VR, LLC -> Facebook Technologies, LLC)
R2 OVRService; C:\Program Files\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe [514616 2023-05-03] (Oculus VR, LLC -> Facebook Technologies, LLC)
R2 PlexUpdateService; C:\Program Files\Plex\Plex Media Server\Plex Update Service.exe [824088 2023-04-25] (Plex, Inc. -> Plex, Inc.)
R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [256264 2023-02-10] (Razer USA Ltd. -> Razer Inc)
R2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [297736 2023-06-02] (Razer USA Ltd. -> Razer Inc.)
S3 Rockstar Service; D:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1856816 2021-08-13] (Rockstar Games, Inc. -> Rockstar Games) [File not signed]
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [538424 2023-04-19] (Razer USA Ltd. -> Razer Inc.)
S2 SamsungMagicianSVC; C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagicianSVC.exe [381504 2023-03-10] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S2 SbieSvc; f:\Program Files\Sandboxie-Plus\SbieSvc.exe [360976 2021-11-01] (Tonalio GmbH -> sandboxie-plus.com)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [336208 2023-06-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 Synology Active Backup for Business Service; C:\Program Files (x86)\Synology\ActiveBackupforBusinessAgent\service\Synology Active Backup for Business Service.exe [3707776 2023-04-13] (Synology Inc. -> )
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [187904 2017-09-28] (Microsoft Corporation) [File not signed]
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [2004352 2023-03-15] (Synology Inc. -> )
S2 VirtualDesktop.Service.exe; C:\Program Files\Virtual Desktop\VirtualDesktop.Service.exe [1972504 2022-03-10] (Virtual Desktop, Inc. -> Virtual Desktop, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\NisSrv.exe [3232576 2023-06-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MsMpEng.exe [133592 2023-06-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_36f8a434e9b7b9f2\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_36f8a434e9b7b9f2\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
S2 OCButtonService; "C:\Program Files (x86)\Gigabyte\EasyTuneEngineService\OcButtonService.exe" [X]

 

===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 adawareelam; C:\Windows\System32\DRIVERS\elamtd.sys [20000 2022-08-16] (Microsoft Windows Early Launch Anti-malware Publisher -> adaware)
R3 AmdTools64; C:\Windows\System32\drivers\AmdTools64.sys [63392 2020-06-16] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 AppleKmdfFilter; C:\Windows\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R3 bomebus; C:\Windows\System32\drivers\bomebus.sys [56376 2018-05-16] (Bome Software GmbH & Co.KG -> Bome Software GmbH & Co. KG)
S3 bomemidi; C:\Windows\system32\drivers\bomemidi.sys [50744 2018-05-16] (Bome Software GmbH & Co.KG -> Bome Software GmbH & Co. KG)
R3 busenum; C:\Windows\System32\drivers\busenum.sys [57824 2012-08-03] (Synology Inc. -> Windows (R) Win 7 DDK provider)
R2 CLFCL5.20; C:\Windows\System32\drivers\CLFCL5.20\000.fcl [46952 2020-03-20] (CyberLink Corp. -> CyberLink Corp.)
R1 CTIIO; C:\Windows\system32\drivers\CtiIo64.sys [32296 2023-05-21] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Innovation Co., LTd.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 gdrv3; C:\Windows\System32\drivers\gdrv3.sys [45248 2023-05-21] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
S3 hmatap; C:\Windows\System32\drivers\hmatap.sys [36456 2021-06-21] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 HWiNFO_162; C:\Users\Artur\AppData\Local\Temp\HWiNFO64A_162.SYS [55824 2021-08-11] (Microsoft Windows Hardware Compatibility Publisher -> REALiX(tm)) <==== ATTENTION
S1 hwinterface; C:\Windows\SysWOW64\Drivers\hwinterface.sys [3026 2023-03-04] (Logix4u) [File not signed]
R2 inpoutx64; C:\Windows\System32\Drivers\inpoutx64.sys [15008 2021-06-26] (Red Fox UK Limited -> Highresolution Enterprises [www.highrez.co.uk])
R3 LiquidHidInput; C:\Windows\System32\drivers\LiquidHidInput.sys [40864 2021-09-08] (Astropad (Astro HQ LLC) -> )
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223176 2023-06-20] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2023-06-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2023-06-20] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R0 mrcbt; C:\Windows\System32\drivers\mrcbt.sys [119040 2023-06-18] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R0 mrigflt; C:\Windows\System32\drivers\mrigflt.sys [75672 2023-06-18] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S3 nikksm2midi; C:\Windows\System32\Drivers\nikksm2midi.sys [340312 2017-07-20] (Native Instruments GmbH -> Native Instruments GmbH)
S3 nikksm2usb; C:\Windows\System32\drivers\nikksm2usb.sys [88016 2017-07-20] (Native Instruments GmbH -> Native Instruments GmbH)
R3 oculusvad_oculusvad; C:\Windows\System32\drivers\oculusvad.sys [75280 2021-07-04] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R3 Oculus_ViGEmBus; C:\Windows\System32\drivers\Oculus_ViGEmBus.sys [32856 2021-07-04] (Oculus VR, LLC -> Facebook Inc.)
S3 PHYMEM2; C:\Program Files (x86)\Leawo\Blu-ray Player\phymem_ext64.sys [16032 2021-12-16] (Shenzhen Moyea Software -> )
S3 pvxVpnRdr; C:\Windows\System32\drivers\pvxVpnRdr.sys [76624 2023-04-04] (Privax Limited -> Privax Limited)
R3 pvxWintun; C:\Windows\System32\drivers\pvxWintun.sys [48016 2022-12-01] (Privax Limited -> Privax Limited)
S3 RTCore64; D:\Program Files (x86)\MSI Afterburner\RTCore64.sys [36824 2020-07-13] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
R3 RzCommon; C:\Windows\System32\drivers\RzCommon.sys [64168 2022-08-18] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_0221; C:\Windows\System32\drivers\RzDev_0221.sys [54168 2020-08-24] (Razer USA Ltd. -> Razer Inc)
R3 SbieDrv; f:\Program Files\Sandboxie-Plus\SbieDrv.sys [229384 2021-11-01] (Microsoft Windows Hardware Compatibility Publisher -> sandboxie-plus.com)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\Windows\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 SteamStreamingMicrophone; C:\Windows\system32\drivers\SteamStreamingMicrophone.sys [40736 2020-06-01] (Valve Corp. -> )
R3 SteamStreamingSpeakers; C:\Windows\system32\drivers\SteamStreamingSpeakers.sys [40736 2020-06-01] (Valve Corp. -> )
R3 synusb64; C:\Windows\System32\drivers\synusb64.sys [30352 2011-12-14] (Steinberg Media Technologies GmbH -> Steinberg Media Technologies GmbH)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [633264 2022-12-01] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
R3 vdvad_WaveExtensible; C:\Windows\System32\drivers\vdvad.sys [44936 2022-02-14] (Virtual Desktop, Inc. -> Virtual Desktop, Inc.)
R3 vdvge; C:\Windows\System32\drivers\vdvge.sys [77864 2021-05-18] (Virtual Desktop, Inc. -> Virtual Desktop, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49560 2023-06-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [498944 2023-06-13] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [99568 2023-06-13] (Microsoft Windows -> Microsoft Corporation)
S3 WinRing0_1_2_0; C:\Program Files (x86)\GIGABYTE\RGBFusion\MODAPI.sys [14544 2021-10-13] (Noriyuki MIYAZAKI -> OpenLibSys.org)
S1 EneTechIo; \??\C:\Windows\system32\drivers\ene.sys [X]
S3 GVCIDrv; \??\C:\Program Files (x86)\GIGABYTE\RGBFusion\GVCIDrv64.sys [X]
S1 MSIO; \??\C:\Windows\system32\drivers\MsIo64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-06-20 18:37 - 2023-06-20 18:38 - 000046580 _____ C:\Users\Artur\Desktop\FRST.txt
2023-06-20 18:37 - 2023-06-20 18:38 - 000000000 ____D C:\FRST
2023-06-20 18:36 - 2023-06-20 18:36 - 002383360 _____ (Farbar) C:\Users\Artur\Desktop\FRST64.exe
2023-06-20 02:21 - 2023-06-20 02:22 - 000000000 ____D C:\AdwCleaner
2023-06-20 02:20 - 2023-06-20 02:20 - 008791352 _____ (Malwarebytes) C:\Users\Artur\Downloads\AdwCleaner.exe
2023-06-20 01:55 - 2023-06-20 01:59 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2023-06-20 01:53 - 2023-06-20 02:06 - 000000000 ____D C:\Windows\pss
2023-06-20 01:25 - 2023-06-20 18:35 - 000000000 ____D C:\Users\Artur\AppData\Local\Malwarebytes
2023-06-20 01:25 - 2023-06-20 01:25 - 000000865 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2023-06-20 01:25 - 2023-06-20 01:25 - 000000865 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2023-06-20 01:24 - 2023-06-20 01:24 - 000000000 ____D C:\ProgramData\Malwarebytes
2023-06-20 01:23 - 2023-06-20 01:24 - 554441776 _____ (Malwarebytes) C:\Users\Artur\Downloads\MBSetup.exe
2023-06-20 01:00 - 2023-06-20 01:00 - 000044055 _____ C:\Users\Artur\Downloads\[935482]_Ladies_on_Top_Vol_3.torrent
2023-06-18 22:45 - 2023-06-18 22:45 - 000000000 ____D C:\Users\Artur\Documents\Reflect
2023-06-18 22:23 - 2023-06-18 22:23 - 000001886 _____ C:\Users\Public\Desktop\Macrium Reflect.lnk
2023-06-18 22:23 - 2023-06-18 22:23 - 000001868 _____ C:\Users\Public\Desktop\Macrium viBoot.lnk
2023-06-18 22:23 - 2023-06-18 22:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
2023-06-18 22:23 - 2023-06-18 22:23 - 000000000 ____D C:\Program Files\Macrium
2023-06-18 22:20 - 2023-06-20 01:33 - 000000000 ____D C:\ProgramData\Macrium
2023-06-18 22:20 - 2023-06-18 22:20 - 005655928 _____ (Paramount Software UK Ltd) C:\Users\Artur\Downloads\reflectdlfull.exe
2023-06-18 18:55 - 2023-06-18 18:55 - 002244347 _____ C:\Users\Artur\Downloads\kokoj42epdyu.txt
2023-06-18 14:41 - 2023-06-20 02:07 - 000000000 ____D C:\ProgramData\ActiveBackupforBusinessAgent
2023-06-18 14:41 - 2023-06-18 14:41 - 000001484 _____ C:\Users\Public\Desktop\Synology Active Backup for Business Agent.lnk
2023-06-18 14:40 - 2023-06-18 14:40 - 057016320 _____ C:\Users\Artur\Downloads\Synology Active Backup for Business Agent-2.6.0-3032-x64.msi
2023-06-18 12:58 - 2023-06-18 12:58 - 000000426 _____ C:\ProgramData\ntuser.pol
2023-06-18 12:05 - 2023-06-18 12:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2023-06-18 12:03 - 2023-06-18 12:03 - 005725496 _____ (Crystal Dew World ) C:\Users\Artur\Downloads\CrystalDiskInfo9_0_1a.exe
2023-06-18 10:53 - 2023-06-19 00:49 - 000000000 ____D C:\Users\Artur\AppData\Roaming\Samsung Magician
2023-06-18 10:52 - 2023-06-18 12:25 - 000002594 _____ C:\Windows\system32\Tasks\SamsungMagician
2023-06-18 10:52 - 2023-06-18 10:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician
2023-06-18 10:52 - 2023-06-18 10:52 - 000000000 ____D C:\Program Files (x86)\Samsung
2023-06-18 01:20 - 2023-06-18 01:20 - 000000112 ___SH C:\bootTel.dat
2023-06-16 00:05 - 2023-06-16 00:05 - 000000000 ____D C:\Users\Artur\AppData\Local\EALaunchHelper
2023-06-14 00:01 - 2023-06-14 00:01 - 000000000 ___HD C:\$WinREAgent
2023-06-10 19:36 - 2023-06-10 19:37 - 050551197 _____ (KLCP ) C:\Users\Artur\Downloads\K-Lite_Codec_Pack_1766_Full.exe
2023-05-23 21:45 - 2023-05-23 21:45 - 000000000 ____D C:\Users\Artur\Documents\SpellForce
2023-05-23 01:54 - 2023-05-23 01:54 - 000000000 ____D C:\Users\Artur\Downloads\Commodore
2023-05-21 18:35 - 2023-05-21 18:35 - 000501855 _____ C:\Users\Artur\Downloads\euroson2023_presentemplate_main.pptx
2023-05-21 14:20 - 2023-05-21 14:20 - 000000000 ____D C:\Users\Artur\AppData\Local\FirmwareUpdateTool
2023-05-21 14:18 - 2023-06-20 18:30 - 000000000 ____D C:\Users\Artur\AppData\Local\LogiOptionsPlus
2023-05-21 14:18 - 2023-05-21 14:25 - 000000000 ____D C:\Users\Artur\AppData\Roaming\logioptionsplus
2023-05-21 14:18 - 2023-05-21 14:18 - 000000935 _____ C:\Users\Public\Desktop\Logi Options+.lnk
2023-05-21 14:18 - 2023-05-21 14:18 - 000000000 ____D C:\Program Files\LogiOptionsPlus
2023-05-21 14:17 - 2023-05-21 14:18 - 000000000 ____D C:\ProgramData\LogiOptionsPlus
2023-05-21 13:42 - 2023-05-21 13:42 - 000000000 ____D C:\Program Files (x86)\Intel
2023-05-21 13:34 - 2023-05-21 13:37 - 000000000 ____D C:\ProgramData\Norton
2023-05-21 13:34 - 2023-05-21 13:34 - 000000000 ____D C:\ProgramData\NortonInstaller
2023-05-21 13:32 - 2023-05-21 13:32 - 000000000 ____D C:\Program Files\WD
2023-05-21 13:32 - 2023-05-21 13:32 - 000000000 ____D C:\Program Files\Patriot
2023-05-21 13:30 - 2023-05-21 13:43 - 000000000 ____D C:\Program Files\Intel
2023-05-21 13:30 - 2023-05-21 13:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2023-05-21 13:30 - 2022-02-21 09:33 - 001163096 _____ (Realtek ) C:\Windows\system32\Drivers\rt640x64.sys
2023-05-21 13:30 - 2021-03-25 18:33 - 000118616 _____ (Intel Corporation) C:\Windows\system32\e1rmsg.dll
2023-05-21 13:29 - 2023-05-21 13:29 - 000005770 _____ C:\Windows\SysWOW64\Upgrade_Saved_Config.txt
2023-05-21 13:29 - 2023-05-21 13:29 - 000000408 _____ C:\Windows\SysWOW64\Saved_StaticIP.txt
2023-05-21 13:28 - 2022-02-16 18:58 - 000277912 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTHDASIO64.dll
2023-05-21 13:28 - 2022-02-16 18:58 - 000232312 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RTHDASIO.dll
2023-05-21 13:23 - 2023-05-21 13:23 - 000000000 ____D C:\Users\Artur\Downloads\mb_bios_x570-aorus-master_f37c
2023-05-21 13:16 - 2023-05-21 13:16 - 000036352 ____N (GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Windows\gdrv3.sys
2023-05-21 13:14 - 2023-05-21 13:14 - 000003384 _____ C:\Windows\system32\Tasks\SIV-VGA
2023-05-21 13:14 - 2023-05-21 13:14 - 000003378 _____ C:\Windows\system32\Tasks\SIV
2023-05-21 13:12 - 2023-05-21 13:12 - 000045248 ____N (GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Windows\system32\Drivers\gdrv3.sys
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-06-20 18:29 - 2023-05-04 23:12 - 000000000 ____D C:\Users\Artur\AppData\Local\LogiBolt
2023-06-20 18:29 - 2023-04-30 18:45 - 000000000 ____D C:\Users\Artur\AppData\Local\Plex Media Server
2023-06-20 18:29 - 2021-12-17 12:05 - 000000000 ____D C:\Windows\SystemTemp
2023-06-20 18:29 - 2021-06-20 00:06 - 000000000 ____D C:\Program Files (x86)\Google
2023-06-20 18:28 - 2021-07-04 01:08 - 000000000 ____D C:\Users\Artur\AppData\Local\Oculus
2023-06-20 02:25 - 2021-06-19 23:59 - 000000000 ____D C:\ProgramData\NVIDIA
2023-06-20 02:22 - 2021-06-21 21:33 - 000003946 _____ C:\Windows\system32\Tasks\HMA VPN Update
2023-06-20 02:14 - 2021-06-19 23:56 - 000840878 _____ C:\Windows\system32\PerfStringBackup.INI
2023-06-20 02:14 - 2019-12-07 12:13 - 000000000 ____D C:\Windows\INF
2023-06-20 02:07 - 2021-06-21 21:32 - 000000000 ____D C:\ProgramData\Privax
2023-06-20 02:07 - 2020-01-01 00:31 - 000008192 ___SH C:\DumpStack.log.tmp
2023-06-20 02:07 - 2020-01-01 00:31 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-06-20 02:07 - 2019-12-07 12:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-06-20 02:06 - 2019-12-07 12:03 - 000524288 _____ C:\Windows\system32\config\BBI
2023-06-20 01:56 - 2021-07-17 13:40 - 000000000 ____D C:\Users\Artur\AppData\Local\CrashDumps
2023-06-20 01:41 - 2021-06-20 00:08 - 000000000 ____D C:\Users\Artur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2023-06-20 01:33 - 2021-09-12 14:01 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2023-06-20 01:31 - 2021-06-20 23:13 - 000000000 ____D C:\Users\Artur\Desktop\NVIDIA
2023-06-20 01:25 - 2019-12-07 12:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2023-06-20 01:15 - 2023-04-23 22:21 - 000000000 ____D C:\Users\Artur\AppData\Roaming\FileZilla
2023-06-20 01:02 - 2021-12-13 04:37 - 000003596 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-4196824725-3086983806-1830072506-1001
2023-06-20 01:02 - 2021-06-20 00:19 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2023-06-20 01:02 - 2021-06-20 00:19 - 000002092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-06-20 00:03 - 2019-12-07 12:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-06-20 00:03 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\AppReadiness
2023-06-19 23:33 - 2021-06-20 00:12 - 000000000 ____D C:\Program Files\Microsoft Office
2023-06-19 23:31 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\Registration
2023-06-19 00:48 - 2021-06-20 00:27 - 000000000 ____D C:\Users\Artur\Documents\Outlook Dosyaları
2023-06-18 23:03 - 2020-01-01 00:31 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-06-18 20:54 - 2021-06-19 23:57 - 000000000 ____D C:\Users\Artur\AppData\Local\D3DSCache
2023-06-18 20:47 - 2021-06-20 01:18 - 000000000 ____D C:\Users\Artur\AppData\Roaming\Microsoft\MMC
2023-06-18 20:45 - 2021-06-20 17:05 - 000000000 ____D C:\Users\Artur\AppData\Roaming\Notepad++
2023-06-18 14:41 - 2023-04-14 00:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synology
2023-06-18 14:41 - 2023-04-14 00:01 - 000000000 ____D C:\Program Files (x86)\Synology
2023-06-18 13:05 - 2021-06-20 00:59 - 000000000 ____D C:\Users\Public\Documents\Creative
2023-06-18 13:03 - 2021-12-23 02:05 - 000000000 ____D C:\tmp
2023-06-18 13:00 - 2021-06-20 00:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
2023-06-18 13:00 - 2021-06-20 00:47 - 000000000 ____D C:\Program Files (x86)\GIGABYTE
2023-06-18 13:00 - 2021-06-20 00:33 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2023-06-18 12:55 - 2019-12-07 12:14 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2023-06-18 10:52 - 2021-12-04 22:26 - 000000000 ____D C:\ProgramData\Samsung
2023-06-18 01:21 - 2021-06-20 17:05 - 000000000 ____D C:\Program Files (x86)\Notepad++
2023-06-17 19:34 - 2021-06-23 20:29 - 000000000 ____D C:\Users\Artur\AppData\Roaming\Microsoft\Word
2023-06-17 18:56 - 2021-06-20 17:05 - 000001104 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2023-06-17 15:05 - 2020-01-01 00:31 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-06-17 15:05 - 2020-01-01 00:31 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-06-17 03:22 - 2022-12-31 17:41 - 000000000 ____D C:\Users\Artur\AppData\Roaming\calibre
2023-06-16 22:44 - 2021-06-20 00:06 - 000002207 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-06-16 22:44 - 2021-06-20 00:06 - 000002166 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-06-16 00:06 - 2022-11-27 13:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
2023-06-16 00:06 - 2022-11-27 13:46 - 000000000 ____D C:\ProgramData\EA Desktop
2023-06-15 22:35 - 2021-06-20 00:06 - 000003714 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2023-06-15 22:35 - 2021-06-20 00:06 - 000003590 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2023-06-14 22:28 - 2022-06-04 09:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2023-06-14 00:15 - 2020-01-01 00:31 - 000439016 _____ C:\Windows\system32\FNTCACHE.DAT
2023-06-14 00:15 - 2019-12-07 12:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2023-06-14 00:15 - 2019-12-07 12:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-06-14 00:15 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2023-06-14 00:15 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\SystemResources
2023-06-14 00:15 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2023-06-14 00:15 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\system32\oobe
2023-06-14 00:15 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\system32\migwiz
2023-06-14 00:15 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\ShellExperiences
2023-06-14 00:15 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\bcastdvr
2023-06-14 00:05 - 2019-12-07 12:03 - 000000000 ____D C:\Windows\CbsTemp
2023-06-14 00:04 - 2021-06-19 23:51 - 003015168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2023-06-14 00:01 - 2021-06-21 00:18 - 000000000 ____D C:\Windows\system32\MRT
2023-06-13 23:58 - 2021-06-21 00:18 - 170078616 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2023-06-13 22:33 - 2020-01-01 00:31 - 000000000 ____D C:\Windows\system32\Drivers\wd
2023-06-11 13:35 - 2023-05-01 01:20 - 000000000 ____D C:\Users\Artur\AppData\Roaming\GitHub Desktop
2023-06-10 19:38 - 2021-06-20 17:06 - 000003300 _____ C:\Windows\system32\Tasks\klcp_update
2023-06-10 19:38 - 2021-06-20 17:06 - 000001278 _____ C:\Users\Public\Desktop\Media Player Classic.lnk
2023-06-10 19:38 - 2021-06-20 17:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2023-06-10 19:38 - 2021-06-20 17:06 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2023-06-09 22:38 - 2020-01-01 00:31 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-06-09 22:38 - 2020-01-01 00:31 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-06-09 00:09 - 2021-06-19 23:57 - 000000000 ____D C:\Users\Artur\AppData\Local\Packages
2023-06-04 16:58 - 2021-06-26 23:15 - 000000000 ____D C:\Users\Artur\AppData\Roaming\qBittorrent
2023-06-02 00:40 - 2023-04-23 22:21 - 000000000 ____D C:\Users\Artur\AppData\Local\FileZilla
2023-05-31 01:06 - 2022-06-18 10:39 - 000000000 ____D C:\Users\Artur\Desktop\Prostat
2023-05-31 00:22 - 2021-07-17 02:36 - 000000000 ____D C:\Users\Artur\AppData\Roaming\Microsoft\PowerPoint
2023-05-23 23:17 - 2021-08-12 00:50 - 000000000 ____D C:\Users\Artur\AppData\Roaming\HandBrake
2023-05-21 23:09 - 2021-06-19 23:58 - 000000000 ____D C:\Users\Artur\AppData\Local\PlaceholderTileLogoFolder
2023-05-21 23:05 - 2021-06-20 14:47 - 000000000 ____D C:\ProgramData\Logishrd
2023-05-21 14:18 - 2023-05-04 23:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2023-05-21 13:43 - 2021-06-20 00:47 - 000000000 ____D C:\ProgramData\Package Cache
2023-05-21 13:41 - 2021-06-20 01:01 - 000000000 ____D C:\Users\Artur\AppData\Roaming\AMD
2023-05-21 13:41 - 2021-06-20 01:01 - 000000000 ____D C:\Program Files (x86)\AMD
2023-05-21 13:41 - 2021-06-20 01:01 - 000000000 ____D C:\AMD
2023-05-21 13:32 - 2021-06-20 00:57 - 000000000 ____D C:\Program Files\ENE
2023-05-21 13:32 - 2021-06-20 00:48 - 000000000 ____D C:\Users\Artur\AppData\Local\Downloaded Installations
2023-05-21 13:30 - 2021-06-20 00:33 - 000000000 ____D C:\Program Files (x86)\Realtek
2023-05-21 13:29 - 2021-06-20 00:33 - 000000000 ___HD C:\Program Files (x86)\Temp
==================== Files in the root of some directories ========
2022-11-25 00:29 - 2022-11-25 00:29 - 000000007 _____ () C:\Users\Artur\AppData\Roaming\account_name.txt
2022-11-25 00:29 - 2022-11-25 00:29 - 000000523 _____ () C:\Users\Artur\AppData\Roaming\DLC.txt
2022-11-25 00:29 - 2022-11-25 00:29 - 000000007 _____ () C:\Users\Artur\AppData\Roaming\language.txt
2022-11-25 00:29 - 2022-11-25 00:29 - 000000005 _____ () C:\Users\Artur\AppData\Roaming\listen_port.txt
2022-11-25 00:29 - 2022-11-25 00:29 - 000000000 _____ () C:\Users\Artur\AppData\Roaming\local_save.txt
2022-11-25 00:29 - 2022-11-25 00:29 - 000000001 _____ () C:\Users\Artur\AppData\Roaming\offline.txt
2022-11-25 00:29 - 2022-11-25 00:29 - 000000006 _____ () C:\Users\Artur\AppData\Roaming\steam_appid.txt
2022-11-25 00:29 - 2022-11-25 00:29 - 000000000 _____ () C:\Users\Artur\AppData\Roaming\user_steam_id.txt
2022-10-23 10:05 - 2023-04-16 23:40 - 000000128 _____ () C:\Users\Artur\AppData\Roaming\winscp.rnd
2023-04-02 16:17 - 2023-05-20 21:29 - 000000128 _____ () C:\Users\Artur\AppData\Local\PUTTY.RND
2022-10-16 23:51 - 2022-10-16 23:51 - 000002601 _____ () C:\Users\Artur\AppData\Local\recently-used.xbel
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================

 

I am sorry, both of the files are too long to be pasted in a single post (first.txt required 3 posts). Do you want me to proceed with addition.txt in this manner?

 

Here's first.txt and addition.txt , just in case it's more practical

 

Hi,

Thanks for the suggestions.

I do recognize Istanbul University, it is work related.

By the way, Linux/Multiverze is still detected by Windows Defender, also a new one has been added yesterday and today, so there are three Linux/Multiverze detections, all seemingly win Windows/Temp folder, even though the folder has been deleted and I can't see the folders mentioned by Windows Defender. Each new detection is accompanied by 3-4 new malware detections, which can be blocked by Defender, but Linux/Multiverzes' are still active.

 

Hi,

I am aware that Malwarebytes is on F: drive, I installed it there. The reason it is not on C: drive is that C drive, which is a 2 years old NVME drive, had a bad sector on a recent scan and it cannot be fixed. I already ordered a new NVME disk and as there is a possiblity that my C drive could fail in near future, so I try not to stress it too much by writing on it.

Adaware was also installed by me a few months ago from its official site. Revo Uninstaller didn't give me the option to uninstall it so I removed it by using its own uninstaller.

 

Hi,

I applied the fix.

Performance wise, I've realized that the problem wasn't related to the Windows Defender detection, but a problem due to the mouse acting weirdly, probably due to a connection problem. Unplugging the USB and replugging it sloved the issues related to the mouse pointer pausing randomly (at least for now).

Windows Defender still detects 3 copies of Linux/Multiverse and cannot remove them. Interestingly, the subfolders where they are detected (some subfolders on C:\Windows\Temp) don't exist (my settinsg eneable viewing hidden folders but there aren't any, so I wonder if it is possible to hide these folders even tough the option to view hidden folders is turned on).

 

Hi,

Thanks again for the continued support!

Here's the result of the Fix command:

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-06-2023
Ran by Artur (25-06-2023 12:53:06) Run:4
Running from C:\Users\Artur\Desktop
Loaded Profiles: Artur
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start::
StartBatch:
icacls "C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db" /save "C:\Users\Artur\Desktop\mpenginedb"
takeown /f "C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db"
icacls "C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db" /grant administrators:F
copy "C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db" "C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db.old"
del "C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db"
icacls "C:\ProgramData\Microsoft\Windows Defender\Scans" /restore "C:\Users\Artur\Desktop\mpenginedb"
EndBatch:
End::
*****************
========= Batch: =========
processed file: C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db
Successfully processed 1 files; Failed processing 0 files
SUCCESS: The file (or folder): "C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db" now owned by user "DESKTOP-MAPRNM8\Artur".
processed file: C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db
Successfully processed 1 files; Failed processing 0 files
1 file(s) copied.
C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db
processed file: C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db
Successfully processed 1 files; Failed processing 0 files
========= End of Batch: =========
==== End of Fixlog 12:53:08 ====

About the detections, it is slightly confusing. Windows Security still has the white X over the red shield symbol, indicating a need to take action. The protection history still shwos the three instances of Linux:Multiverze being active and needing action. However, when running a new scan (Quickscan) 0 threats are detected.

 

Hi,

Here is the fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-06-2023
Ran by Artur (25-06-2023 17:07:59) Run:5
Running from C:\Users\Artur\Desktop
Loaded Profiles: Artur
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start::
Powershell: Get-MpComputerStatus
ExportKey: HKLM\System\CurrentControlSet\Services\Windefend
End::
*****************
========= Get-MpComputerStatus =========
AMEngineVersion : 1.1.23050.3
AMProductVersion : 4.18.23050.5
AMRunningMode : Normal
AMServiceEnabled : True
AMServiceVersion : 4.18.23050.5
AntispywareEnabled : True
AntispywareSignatureAge : 0
AntispywareSignatureLastUpdated : 25.06.2023 06:36:43
AntispywareSignatureVersion : 1.391.2575.0
AntivirusEnabled : True
AntivirusSignatureAge : 0
AntivirusSignatureLastUpdated : 25.06.2023 06:36:42
AntivirusSignatureVersion : 1.391.2575.0
BehaviorMonitorEnabled : True
ComputerID : B6CB6543-2A6A-4CAC-BA6A-D85C01CB38A3
ComputerState : 0
DefenderSignaturesOutOfDate : False
DeviceControlDefaultEnforcement : Default Allow
DeviceControlPoliciesLastUpdated : 27.03.2023 23:42:47
DeviceControlState : Disabled
FullScanAge : 1
FullScanEndTime : 24.06.2023 12:18:41
FullScanOverdue : False
FullScanRequired : False
FullScanSignatureVersion : 1.391.2388.0
FullScanStartTime : 24.06.2023 00:00:42
IoavProtectionEnabled : True
IsTamperProtected : True
IsVirtualMachine : False
LastFullScanSource : 1
LastQuickScanSource : 2
NISEnabled : True
NISEngineVersion : 1.1.23050.3
NISSignatureAge : 0
NISSignatureLastUpdated : 25.06.2023 06:36:42
NISSignatureVersion : 1.391.2575.0
OnAccessProtectionEnabled : True
ProductStatus : 524288
QuickScanAge : 0
QuickScanEndTime : 25.06.2023 13:53:07
QuickScanOverdue : False
QuickScanSignatureVersion : 1.391.2575.0
QuickScanStartTime : 25.06.2023 13:50:09
RealTimeProtectionEnabled : True
RealTimeScanDirection : 0
RebootRequired : False
SmartAppControlExpiration :
SmartAppControlState : Off
TamperProtectionSource : Signatures
TDTMode : N/A
TDTSiloType : N/A
TDTStatus : N/A
TDTTelemetry : N/A
TroubleShootingDailyMaxQuota :
TroubleShootingDailyQuotaLeft :
TroubleShootingEndTime :
TroubleShootingExpirationLeft :
TroubleShootingMode :
TroubleShootingModeSource :
TroubleShootingQuotaResetTime :
TroubleShootingStartTime :
PSComputerName :
========= End of Powershell: =========
================== ExportKey: ===================
[HKLM\System\CurrentControlSet\Services\Windefend]
"DependOnService"="RpcSs"
"Description"="@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-240"
"DisplayName"="@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310"
"ErrorControl"="1"
"FailureActions"="805101000000000001000000030000001400000001000000e803000001000000102700000100000060ea0000"
"ImagePath"=""C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MsMpEng.exe""
"LaunchProtected"="3"
"ObjectName"="LocalSystem"
"RequiredPrivileges"="SeImpersonatePrivilege*SeBackupPrivilege*SeRestorePrivilege*SeDebugPrivilege*SeChangeNotifyPrivilege*SeLoadDriverPrivilege*SeSecurityPrivilege*SeShutdownPrivilege*SeIncreaseQuotaPrivilege*SeAssignPrim (the data entry has 118 more characters)."
"ServiceSidType"="1"
"Start"="2"
"Type"="16"
[HKLM\System\CurrentControlSet\Services\Windefend\Security]
"Security"="01001480cc000000d8000000140000003000000002001c000100000002801400ff010f0001010000000000010000000002009c0006000000000018009d01020001020000000000052000000021020000000014009d010200010100000000000512000000 (the data entry has 256 more characters)."
=== End of ExportKey ===
==== End of Fixlog 17:08:05 ====

 

Hello again,

Yes, I'd like to fix this issue if possible.

 

Hi,

I followed your steps for clearing the logs and then rebooted.

The red X is still there. Also, I cans still see the protection history, with the 3 instances of Linux:Multiverze being active. I have uploaded the WDlog.zip file.

I have also attached a WDlog2.zip file, which is the logs created by Windows Defender immediately after the reboot, which could maybe be of interest to you.

 

No, I didn't, however I ran full computer scans a few times in the last week after the problem happened, so there probably were some older unused files which were detccted. I used to do mining, so Defender generally flags every mining related file as Malware. Also, there a some tools for allowing cheats at some games (downloaded from Cheathappens web site) which are also detected, as they modify sections at the memory, so some of the detections are false.

When I looked at the Linux/Multiverze detection details, there is a mention of Adaware as the parent process. Does that mean Adaware created them? If so, it should be false positives, as Adaware was generally accepted as a safe tool, if things didn't change recemtly.

 

This system has hard drives that are copied and transferred from an older PC. The files mentionned came from the old system and have never been used in the new one. The recent detection is due to full system scans that I have performed at these dates. The scan takes around 15 hours. D is not an external drive.

 

Hi,

The result is basically similar to the whole scan, with D drvie included. There is no active detection. The three instances of Linux:Multiverze are still active (but their detection date are June 18th for 2 instances and June 21 for the last one. I still have the red cross.

 

Hi,

Sorry for the late reply. I was away from the computer for a week. When I went back, I noticed that I don't have the red cross anymore. Probably Windows deleted the history, so it doesn't look as an active threat anymore, as there are no recent detections.

Thank you very much for all the help you've provided Oh My!