Infected by malware (Aieov.c*m) Steam looping extracting and installing content.

I have tried scan with Malwarebytes and Microsoft Safety Scanner. And still not sholve the pc's problems.
When try to open and run Steam, Malwarebytes warn and block like this:
 

 
I have scanned my pc with FRST and here the FRST.txt result:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2022
Ran by ronyy (administrator) on DESKTOP-83B9H6O (20-03-2022 20:26:16)
Running from C:\Users\ronyy\Downloads\Programs
Loaded Profiles: ronyy
Platform: Microsoft Windows 10 Pro Version 21H2 19044.1586 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\Internet Download Manager\IDMan.exe.dat ->) (Tonec Inc. -> Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
(C:\Program Files (x86)\Internet Download Manager\IDMan.exe.dat ->) (Tonec Inc.) [File not signed] C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <41>
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(explorer.exe ->) (Tonec Inc.) [File not signed] C:\Program Files (x86)\Internet Download Manager\IDMan.exe.dat
(Kilonova LLC -> Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3b12ac0f95b18b9d\Display.NvContainer\NVDisplay.Container.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3831808 2021-08-31] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-20] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226728 2019-07-22] (Kilonova LLC -> )
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKU\S-1-5-21-3137054515-3145759511-3776740820-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [5939143 2022-02-18] (Tonec Inc.) [File not signed]
HKU\S-1-5-21-3137054515-3145759511-3776740820-1001\...\Run: [MicrosoftEdgeAutoLaunch_AA1589C437F3E6B1F041910641876AE9] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
HKU\S-1-5-21-3137054515-3145759511-3776740820-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3137054515-3145759511-3776740820-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4279208 2022-03-15] (Valve Corp. -> Valve Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\99.0.4844.74\Installer\chrmstp.exe [2022-03-20] (Google LLC -> Google LLC)
AppInit_DLLs-x32: C:\Windows\system32\dlcoer.dll => C:\Windows\SysWOW64\dlcoer.dll [69337 2022-03-20] (Microsoft Corporation) [File not signed]

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01E8EC16-69CA-474F-B076-139576DE2B6F} - System32\Tasks\GoogleUpdateTaskMachineCore{24ECD8DB-22E9-4391-9D25-87CE2F14DF1D} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [234511 2022-03-20] (Google LLC) [File not signed]
Task: {14169D26-0A2D-465E-B901-F6AA75C75B44} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1009872 2021-11-03] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {169D4D6E-7622-4C05-A313-E77E60827139} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1656320 2022-01-28] (Nvidia Corporation -> NVIDIA Corporation)
Task: {22FB6494-A3FB-4F1F-A1F5-61B2B5A53F8A} - System32\Tasks\update-S-1-5-21-3137054515-3145759511-3776740820-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [493151 2017-04-13] (TODO: <Company name>) [File not signed]
Task: {4C2642DF-823A-478B-9BEF-3FE054BE22F4} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [293231 2021-08-06] (Microsoft Corporation) [File not signed]
Task: {64F0DD2B-488F-4159-9750-FC937C831A6D} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [293231 2021-08-06] (Microsoft Corporation) [File not signed]
Task: {672AE5A3-186D-4A77-8050-2B7F6BE1FA2C} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3339472 2022-02-03] (Nvidia Corporation -> NVIDIA Corporation)
Task: {79C196FB-D652-4442-9546-3EE399A6C50B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906752 2022-01-28] (Nvidia Corporation -> NVIDIA Corporation)
Task: {8AF07727-EE0B-4E8B-9A98-A21E5AA3CC8C} - System32\Tasks\GoogleUpdateTaskMachineUA{81A001F5-AE33-4010-A49B-9B482E8EE21B} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [234511 2022-03-20] (Google LLC) [File not signed]
Task: {B2EEC7BD-BEC1-4AB0-B83E-434AB141A25D} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [647376 2022-01-28] (Nvidia Corporation -> NVIDIA Corporation)
Task: {DC832DCF-F950-4E35-BE9A-58DC99C5D22A} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [493151 2017-04-13] (TODO: <Company name>) [File not signed]
Task: {E044EBC0-1A1F-400B-A0C4-0AD79F985BD1} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1656320 2022-01-28] (Nvidia Corporation -> NVIDIA Corporation)
Task: {E435AB14-AE4D-45C0-ADBE-81865A5D7DFA} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906752 2022-01-28] (Nvidia Corporation -> NVIDIA Corporation)
Task: {E8750781-A383-4C56-9C03-1CF62C106B59} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1656320 2022-01-28] (Nvidia Corporation -> NVIDIA Corporation)
Task: {ECAE6614-829F-4945-9674-43A1796AAA57} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1656320 2022-01-28] (Nvidia Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\update-S-1-5-21-3137054515-3145759511-3776740820-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{f4dd60ca-a0c6-45cf-928d-82b312cd3e67}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge Profile: C:\Users\ronyy\AppData\Local\Microsoft\Edge\User Data\Default [2022-03-20]
Edge Extension: (IDM Integration Module) - C:\Users\ronyy\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\llbjbkhnmlidjebalopleeepgdfgcpec [2022-03-20]
Edge HKU\S-1-5-21-3137054515-3145759511-3776740820-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [llbjbkhnmlidjebalopleeepgdfgcpec] - C:\Program Files (x86)\Internet Download Manager\IDMEdgeExt.crx [2022-02-18]

FireFox:
========
FF HKU\S-1-5-21-3137054515-3145759511-3776740820-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\ronyy\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\ronyy\AppData\Roaming\IDM\idmmzcc5 [2022-03-20] [Legacy] [not signed]
FF HKU\S-1-5-21-3137054515-3145759511-3776740820-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]

Chrome:
=======
CHR Profile: C:\Users\ronyy\AppData\Local\Google\Chrome\User Data\Default [2022-03-20]
CHR StartupUrls: Default -> "hxxp://google.co.id/"
CHR Extension: (AdBlock — best ad blocker) - C:\Users\ronyy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2022-03-20]
CHR Extension: (anonymoX) - C:\Users\ronyy\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpklikeghomkemdellmmkoifgfbakio [2022-03-20]
CHR Extension: (IDM Integration Module) - C:\Users\ronyy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2022-03-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ronyy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-03-20]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2022-02-18]
CHR HKU\S-1-5-21-3137054515-3145759511-3776740820-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2022-02-18]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2022-02-18]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [812520 2022-03-20] (EasyAntiCheat Oy -> Epic Games, Inc)
S2 edgeupdate; C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [293231 2021-08-06] (Microsoft Corporation) [File not signed]
S3 edgeupdatem; C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [293231 2021-08-06] (Microsoft Corporation) [File not signed]
S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [234511 2022-03-20] (Google LLC) [File not signed]
S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [234511 2022-03-20] (Google LLC) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7138296 2022-03-20] (Malwarebytes Inc -> Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6228008 2022-03-20] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-20] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2202.4-0\NisSrv.exe [3046608 2022-03-20] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2202.4-0\MsMpEng.exe [132504 2022-03-20] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3b12ac0f95b18b9d\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3b12ac0f95b18b9d\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2022-03-20] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [217088 2022-03-20] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2022-03-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [197280 2022-03-20] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73880 2022-03-20] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2022-03-20] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [131232 2022-03-20] (Malwarebytes Inc -> Malwarebytes)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [48552 2022-01-28] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
S3 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49600 2022-03-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [439544 2022-03-20] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [90360 2022-03-20] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-03-21 02:49 - 2022-03-21 01:56 - 000000000 ____D C:\Windows\Panther
2022-03-21 02:48 - 2022-03-18 14:20 - 000001608 _____ C:\Users\Public\oem.ini
2022-03-21 01:57 - 2022-03-21 01:57 - 000000000 _SHDL C:\Documents and Settings
2022-03-21 01:52 - 2022-03-20 12:02 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-03-21 01:51 - 2022-03-21 01:52 - 000003480 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-03-21 01:51 - 2022-03-21 01:52 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-03-21 01:50 - 2022-03-21 01:50 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2022-03-21 01:50 - 2022-03-21 01:50 - 000000000 ____D C:\Windows\ServiceProfiles
2022-03-21 01:50 - 2022-03-20 19:46 - 004926288 _____ C:\Windows\system32\FNTCACHE.DAT
2022-03-21 01:50 - 2022-03-20 19:46 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-03-21 01:50 - 2022-03-20 19:43 - 000000000 ____D C:\Windows\system32\SleepStudy
2022-03-21 01:50 - 2022-03-20 14:35 - 000000000 ____D C:\Windows\system32\Drivers\wd
2022-03-21 01:49 - 2022-03-20 19:46 - 000008192 ___SH C:\DumpStack.log.tmp
2022-03-20 20:24 - 2022-03-20 20:26 - 000000000 ____D C:\FRST
2022-03-20 19:46 - 2022-03-20 19:46 - 000197280 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2022-03-20 19:46 - 2022-03-20 19:46 - 000131232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2022-03-20 19:46 - 2022-03-20 19:46 - 000073880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2022-03-20 19:28 - 2022-03-20 19:28 - 000000206 _____ C:\Windows\SysWOW64\dlcoer.dll.000
2022-03-20 18:38 - 2022-03-20 18:38 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-03-20 18:31 - 2022-03-20 18:31 - 000195584 _____ C:\Windows\system32\uwfcfgmgmt.dll
2022-03-20 18:30 - 2022-03-20 18:30 - 000011911 _____ C:\Windows\system32\DrtmAuthTxt.wim
2022-03-20 18:29 - 2022-03-20 18:29 - 002260992 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2022-03-20 18:29 - 2022-03-20 18:29 - 002254336 _____ C:\Windows\system32\dwmscene.dll
2022-03-20 18:29 - 2022-03-20 18:29 - 000272896 _____ C:\Windows\system32\TpmTool.exe
2022-03-20 18:29 - 2022-03-20 18:29 - 000223744 _____ C:\Windows\SysWOW64\TpmTool.exe
2022-03-20 18:13 - 2022-03-20 18:15 - 000000000 ___HD C:\$WinREAgent
2022-03-20 18:07 - 2022-03-20 18:13 - 000000000 ____D C:\Windows\system32\MRT
2022-03-20 16:51 - 2022-03-20 16:51 - 000000000 ____D C:\Users\ronyy\AppData\LocalLow\Adobe
2022-03-20 16:32 - 2022-03-20 16:32 - 000069337 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dlcoer.dll
2022-03-20 14:54 - 2022-03-20 14:54 - 000217088 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2022-03-20 14:53 - 2022-03-20 14:53 - 000000000 ____D C:\Users\ronyy\AppData\LocalLow\Temp
2022-03-20 14:44 - 2022-03-20 14:44 - 000000000 ____D C:\Users\ronyy\AppData\Local\mbam
2022-03-20 14:43 - 2022-03-20 14:43 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2022-03-20 14:43 - 2022-03-20 14:43 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-03-20 14:43 - 2022-03-20 14:43 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-03-20 14:43 - 2022-03-20 14:42 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2022-03-20 14:43 - 2022-03-20 14:42 - 000019912 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2022-03-20 14:42 - 2022-03-20 14:42 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-03-20 14:42 - 2022-03-20 14:42 - 000000000 ____D C:\Program Files\Malwarebytes
2022-03-20 14:38 - 2022-03-20 14:38 - 000000000 ____D C:\Users\ronyy\AppData\Roaming\EasyAntiCheat
2022-03-20 14:38 - 2022-03-20 14:38 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2022-03-20 14:03 - 2022-03-20 14:04 - 000000000 ____D C:\Users\ronyy\AppData\Local\Persona
2022-03-20 14:02 - 2022-03-20 14:02 - 000024552 _____ (EasyAntiCheat Oy) C:\Windows\system32\eac_usermode_22580186561574.dll
2022-03-20 14:02 - 2022-03-20 14:02 - 000000000 ____D C:\Users\ronyy\AppData\Roaming\AGS
2022-03-20 14:02 - 2022-03-20 14:02 - 000000000 ____D C:\Users\ronyy\AppData\Local\AGS
2022-03-20 13:10 - 2022-02-11 01:42 - 001905936 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2022-03-20 13:10 - 2022-02-11 01:42 - 001905936 _____ C:\Windows\system32\vulkaninfo.exe
2022-03-20 13:10 - 2022-02-11 01:42 - 001478416 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2022-03-20 13:10 - 2022-02-11 01:42 - 001478416 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2022-03-20 13:10 - 2022-02-11 01:42 - 001467840 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2022-03-20 13:10 - 2022-02-11 01:42 - 001432336 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2022-03-20 13:10 - 2022-02-11 01:42 - 001432336 _____ C:\Windows\system32\vulkan-1.dll
2022-03-20 13:10 - 2022-02-11 01:42 - 001209280 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2022-03-20 13:10 - 2022-02-11 01:42 - 001145616 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2022-03-20 13:10 - 2022-02-11 01:42 - 001145616 _____ C:\Windows\SysWOW64\vulkan-1.dll
2022-03-20 13:10 - 2022-02-11 01:39 - 001531872 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2022-03-20 13:10 - 2022-02-11 01:39 - 001176704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2022-03-20 13:10 - 2022-02-11 01:39 - 000797112 _____ C:\Windows\system32\nvofapi64.dll
2022-03-20 13:10 - 2022-02-11 01:39 - 000717760 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2022-03-20 13:10 - 2022-02-11 01:39 - 000636032 _____ C:\Windows\SysWOW64\nvofapi.dll
2022-03-20 13:10 - 2022-02-11 01:38 - 002120320 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2022-03-20 13:10 - 2022-02-11 01:38 - 001602728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2022-03-20 13:10 - 2022-02-11 01:38 - 000983992 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2022-03-20 13:10 - 2022-02-11 01:38 - 000795584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2022-03-20 13:10 - 2022-02-11 01:38 - 000711608 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2022-03-20 13:10 - 2022-02-11 01:37 - 008612496 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2022-03-20 13:10 - 2022-02-11 01:37 - 007714960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2022-03-20 13:10 - 2022-02-11 01:37 - 005727376 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2022-03-20 13:10 - 2022-02-11 01:37 - 005099152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2022-03-20 13:10 - 2022-02-11 01:37 - 002935744 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2022-03-20 13:10 - 2022-02-11 01:37 - 000456848 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2022-03-20 13:10 - 2022-02-11 01:35 - 000849024 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2022-03-20 13:10 - 2022-02-11 01:34 - 006461040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2022-03-20 13:10 - 2022-02-10 13:18 - 000089251 _____ C:\Windows\system32\nvinfo.pb
2022-03-20 13:08 - 2022-03-20 13:08 - 000000000 ____D C:\Users\ronyy\Documents\Bandicam
2022-03-20 13:08 - 2022-03-20 13:08 - 000000000 ____D C:\Users\ronyy\AppData\Roaming\Bandicam Company
2022-03-20 13:06 - 2022-03-20 13:06 - 000000000 ____D C:\Users\ronyy\AppData\Roaming\NVIDIA
2022-03-20 12:58 - 2022-03-20 14:39 - 000000000 ____D C:\Users\ronyy\AppData\Local\CrashDumps
2022-03-20 12:52 - 2022-03-20 14:24 - 000000000 ____D C:\Users\ronyy\AppData\Local\NVIDIA Corporation
2022-03-20 12:52 - 2022-03-20 12:57 - 000001447 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2022-03-20 12:52 - 2022-03-20 12:52 - 000000000 ____D C:\Users\ronyy\ansel
2022-03-20 12:51 - 2022-03-20 12:57 - 000004308 _____ C:\Windows\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-03-20 12:51 - 2022-03-20 12:57 - 000003976 _____ C:\Windows\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-03-20 12:51 - 2022-03-20 12:57 - 000003940 _____ C:\Windows\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-03-20 12:51 - 2022-03-20 12:57 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-03-20 12:51 - 2022-03-20 12:57 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-03-20 12:51 - 2022-03-20 12:57 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-03-20 12:51 - 2022-03-20 12:57 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-03-20 12:51 - 2022-03-20 12:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2022-03-20 12:51 - 2022-01-28 18:50 - 002859520 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2022-03-20 12:51 - 2022-01-28 18:50 - 002201800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2022-03-20 12:51 - 2022-01-28 18:50 - 001295872 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll
2022-03-20 12:51 - 2022-01-21 19:22 - 000082432 _____ C:\Windows\system32\FvSDK_x64.dll
2022-03-20 12:51 - 2022-01-21 19:22 - 000071168 _____ C:\Windows\SysWOW64\FvSDK_x86.dll
2022-03-20 12:51 - 2021-11-03 01:47 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2022-03-20 12:50 - 2022-03-20 14:00 - 000000000 ____D C:\ProgramData\Package Cache
2022-03-20 12:50 - 2022-03-20 12:56 - 000003894 _____ C:\Windows\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-03-20 12:50 - 2022-03-20 12:56 - 000003654 _____ C:\Windows\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-03-20 12:49 - 2022-03-20 19:51 - 000000000 ____D C:\ProgramData\NVIDIA
2022-03-20 12:49 - 2022-03-20 12:57 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2022-03-20 12:49 - 2022-03-20 12:52 - 000000000 ____D C:\Users\ronyy\AppData\Local\NVIDIA
2022-03-20 12:49 - 2022-03-20 12:49 - 000000000 ____D C:\Windows\system32\lxss
2022-03-20 12:49 - 2021-11-23 14:38 - 000168648 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2022-03-20 12:49 - 2021-11-23 14:38 - 000144584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2022-03-20 12:46 - 2022-01-28 18:28 - 000067464 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2022-03-20 12:46 - 2022-01-28 18:28 - 000048552 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2022-03-20 12:46 - 2022-01-28 18:28 - 000043408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\NvModuleTracker.sys
2022-03-20 12:46 - 2022-01-28 18:28 - 000040920 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhdap64.dll
2022-03-20 12:33 - 2022-03-20 12:33 - 000000000 ____D C:\Users\ronyy\AppData\Local\Steam
2022-03-20 12:33 - 2022-03-20 12:33 - 000000000 ____D C:\Users\ronyy\AppData\Local\Comms
2022-03-20 12:33 - 2022-03-20 12:33 - 000000000 ____D C:\Users\ronyy\AppData\Local\CEF
2022-03-20 12:32 - 2022-03-20 12:32 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2022-03-20 12:31 - 2022-03-20 12:31 - 000001126 _____ C:\Users\ronyy\Desktop\Adobe Photoshop CS6 (64 Bit).lnk
2022-03-20 12:27 - 2022-03-20 20:24 - 000000000 ____D C:\Program Files (x86)\Steam
2022-03-20 12:27 - 2022-03-20 12:31 - 000000000 ____D C:\Program Files\Adobe
2022-03-20 12:27 - 2022-03-20 12:27 - 000001036 _____ C:\Users\Public\Desktop\Steam.lnk
2022-03-20 12:27 - 2022-03-20 12:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2022-03-20 12:25 - 2022-03-20 14:21 - 000000420 _____ C:\Windows\Tasks\update-sys.job
2022-03-20 12:25 - 2022-03-20 14:21 - 000000420 _____ C:\Windows\Tasks\update-S-1-5-21-3137054515-3145759511-3776740820-1001.job
2022-03-20 12:25 - 2022-03-20 12:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6
2022-03-20 12:25 - 2022-03-20 12:26 - 000000000 ____D C:\Program Files (x86)\Adobe
2022-03-20 12:25 - 2022-03-20 12:25 - 000003410 _____ C:\Windows\system32\Tasks\update-S-1-5-21-3137054515-3145759511-3776740820-1001
2022-03-20 12:25 - 2022-03-20 12:25 - 000003346 _____ C:\Windows\system32\Tasks\update-sys
2022-03-20 12:25 - 2022-03-20 12:25 - 000000424 _____ C:\Users\ronyy\AppData\Local\UserProducts.xml
2022-03-20 12:25 - 2022-03-20 12:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2022-03-20 12:25 - 2022-03-20 12:25 - 000000000 ____D C:\Program Files (x86)\Skillbrains
2022-03-20 12:24 - 2022-03-20 19:58 - 000000000 ____D C:\Program Files (x86)\Internet Download Manager
2022-03-20 12:24 - 2022-03-20 19:43 - 000000000 ____D C:\Users\ronyy\AppData\Roaming\DMCache
2022-03-20 12:24 - 2022-03-20 17:41 - 000000000 ____D C:\Users\ronyy\Downloads\Compressed
2022-03-20 12:24 - 2022-03-20 14:27 - 000000000 ____D C:\Users\ronyy\AppData\Roaming\IDM
2022-03-20 12:24 - 2022-03-20 12:31 - 000000000 ____D C:\Program Files\Common Files\Adobe
2022-03-20 12:24 - 2022-03-20 12:24 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2022-03-20 12:24 - 2022-03-20 12:24 - 000000000 ____D C:\Users\ronyy\Downloads\Video
2022-03-20 12:24 - 2022-03-20 12:24 - 000000000 ____D C:\Users\ronyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2022-03-20 12:24 - 2022-03-20 12:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2022-03-20 12:24 - 2022-03-20 12:24 - 000000000 ____D C:\ProgramData\IDM
2022-03-20 12:23 - 2022-03-20 12:23 - 000002323 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-03-20 12:23 - 2022-03-20 12:23 - 000002282 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-03-20 12:23 - 2022-03-20 12:23 - 000000000 ____D C:\Program Files\Google
2022-03-20 12:22 - 2022-03-20 19:28 - 000000000 ____D C:\Program Files (x86)\Google
2022-03-20 12:22 - 2022-03-20 16:36 - 000000000 ____D C:\Program Files (x86)\Bandicam
2022-03-20 12:22 - 2022-03-20 12:59 - 000000000 ____D C:\Users\ronyy\AppData\Local\Google
2022-03-20 12:22 - 2022-03-20 12:22 - 000003496 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{81A001F5-AE33-4010-A49B-9B482E8EE21B}
2022-03-20 12:22 - 2022-03-20 12:22 - 000003372 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{24ECD8DB-22E9-4391-9D25-87CE2F14DF1D}
2022-03-20 12:22 - 2022-03-20 12:22 - 000001061 _____ C:\Users\ronyy\Desktop\Bandicam.lnk
2022-03-20 12:22 - 2022-03-20 12:22 - 000000000 ____D C:\Users\ronyy\AppData\Local\PeerDistRepub
2022-03-20 12:22 - 2022-03-20 12:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
2022-03-20 12:22 - 2022-03-20 12:22 - 000000000 ____D C:\Program Files (x86)\BandiMPEG1
2022-03-20 12:21 - 2022-03-20 12:21 - 000000000 ____D C:\Users\ronyy\AppData\Roaming\WinRAR
2022-03-20 12:19 - 2022-03-20 16:52 - 000000000 ____D C:\Users\ronyy\AppData\Local\Adobe
2022-03-20 12:19 - 2022-03-20 12:32 - 000000000 ____D C:\ProgramData\Adobe
2022-03-20 12:19 - 2022-03-20 12:19 - 000000000 ____D C:\Users\ronyy\AppData\Roaming\Macromedia
2022-03-20 12:18 - 2022-03-20 12:18 - 000000000 ____D C:\Users\ronyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2022-03-20 12:18 - 2022-03-20 12:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2022-03-20 12:18 - 2022-03-20 12:18 - 000000000 ____D C:\Program Files\WinRAR
2022-03-20 12:14 - 2022-03-20 12:14 - 000000000 ____D C:\Users\ronyy\AppData\Local\OneDrive
2022-03-20 12:13 - 2022-03-20 20:24 - 000000000 ____D C:\Users\ronyy\AppData\Local\D3DSCache
2022-03-20 12:13 - 2022-03-20 18:00 - 000000000 ____D C:\Users\ronyy\AppData\Local\PlaceholderTileLogoFolder
2022-03-20 12:13 - 2022-03-20 12:13 - 000000000 ___HD C:\OneDriveTemp
2022-03-20 12:12 - 2022-03-20 13:03 - 000000000 ___RD C:\Users\ronyy\OneDrive
2022-03-20 12:12 - 2022-03-20 12:12 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2022-03-20 12:10 - 2022-03-20 19:49 - 000000000 ____D C:\Users\ronyy\AppData\Local\VirtualStore
2022-03-20 12:10 - 2022-03-20 16:38 - 000000000 ____D C:\ProgramData\Packages
2022-03-20 12:10 - 2022-03-20 16:35 - 000000000 ____D C:\Users\ronyy\AppData\Local\Packages
2022-03-20 12:10 - 2022-03-20 14:22 - 000000000 ____D C:\Users\ronyy\AppData\Local\ConnectedDevicesPlatform
2022-03-20 12:10 - 2022-03-20 13:06 - 000000000 ____D C:\Users\ronyy\AppData\Roaming\Adobe
2022-03-20 12:10 - 2022-03-20 12:12 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-03-20 12:10 - 2022-03-20 12:10 - 000000000 ___RD C:\Users\ronyy\3D Objects
2022-03-20 12:10 - 2022-03-20 12:10 - 000000000 ____D C:\Users\ronyy\AppData\Local\Publishers
2022-03-20 12:09 - 2022-03-20 16:21 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2022-03-20 12:09 - 2022-03-20 12:56 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2022-03-20 12:09 - 2022-03-20 12:49 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2022-03-20 12:08 - 2022-02-11 01:34 - 007613344 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2022-03-20 12:08 - 2022-01-28 18:28 - 000127968 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2022-03-20 12:08 - 2020-10-08 03:34 - 000670616 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2022-03-20 12:08 - 2020-10-08 03:34 - 000555248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2022-03-20 12:06 - 2022-03-20 12:52 - 000000000 ____D C:\Users\ronyy
2022-03-20 12:06 - 2022-03-20 12:06 - 000000020 ___SH C:\Users\ronyy\ntuser.ini
2022-03-20 12:01 - 2022-03-20 19:51 - 000795738 _____ C:\Windows\system32\PerfStringBackup.INI
2022-03-20 11:59 - 2022-03-20 11:59 - 000000000 ____D C:\Windows\CSC
2022-02-18 16:30 - 2018-12-20 07:05 - 000229296 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-03-21 02:49 - 2019-12-07 16:14 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2022-03-21 01:53 - 2019-12-07 16:14 - 000000000 ____D C:\ProgramData\USOPrivate
2022-03-21 01:51 - 2019-12-07 16:03 - 000032768 _____ C:\Windows\system32\config\ELAM
2022-03-20 20:28 - 2019-12-07 16:14 - 000000000 ____D C:\Program Files\Common Files\System
2022-03-20 19:51 - 2019-12-07 16:13 - 000000000 ____D C:\Windows\INF
2022-03-20 19:48 - 2019-12-07 16:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-03-20 19:45 - 2019-12-07 16:03 - 000524288 _____ C:\Windows\system32\config\BBI
2022-03-20 19:44 - 2019-12-07 16:54 - 000000000 ___SD C:\Windows\system32\AppV
2022-03-20 19:44 - 2019-12-07 16:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-03-20 19:44 - 2019-12-07 16:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2022-03-20 19:44 - 2019-12-07 16:14 - 000000000 ____D C:\Windows\SystemResources
2022-03-20 19:44 - 2019-12-07 16:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2022-03-20 19:44 - 2019-12-07 16:14 - 000000000 ____D C:\Windows\system32\oobe
2022-03-20 19:44 - 2019-12-07 16:14 - 000000000 ____D C:\Windows\system32\migwiz
2022-03-20 19:44 - 2019-12-07 16:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2022-03-20 19:44 - 2019-12-07 16:14 - 000000000 ____D C:\Windows\bcastdvr
2022-03-20 19:44 - 2019-12-07 16:03 - 000000000 ____D C:\Windows\servicing
2022-03-20 18:39 - 2019-12-07 16:03 - 000000000 ____D C:\Windows\CbsTemp
2022-03-20 18:30 - 2019-12-07 16:14 - 000000000 ____D C:\Windows\appcompat
2022-03-20 16:38 - 2019-12-07 16:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-03-20 16:38 - 2019-12-07 16:14 - 000000000 ____D C:\Windows\AppReadiness
2022-03-20 14:43 - 2019-12-07 16:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2022-03-20 14:34 - 2019-12-07 16:14 - 000000000 ____D C:\Program Files\Windows Defender
2022-03-20 12:27 - 2019-12-07 16:14 - 000000000 ___RD C:\Windows\PrintDialog
2022-03-20 12:24 - 2019-12-07 16:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2022-03-20 12:06 - 2019-12-07 16:14 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2022-03-20 12:00 - 2019-12-07 16:14 - 000000000 ____D C:\Windows\ServiceState
2022-03-20 11:59 - 2019-12-07 16:51 - 000000000 ____D C:\Windows\system32\FxsTmp
2022-03-20 11:59 - 2019-12-07 16:14 - 000000000 ____D C:\Windows\system32\spool

==================== Files in the root of some directories ========

2022-03-20 12:25 - 2022-03-20 12:25 - 000000003 _____ () C:\Users\ronyy\AppData\Local\updater.log
2022-03-20 12:25 - 2022-03-20 12:25 - 000000424 _____ () C:\Users\ronyy\AppData\Local\UserProducts.xml

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

here the Addition.txt result:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2022
Ran by ronyy (20-03-2022 20:28:44)
Running from C:\Users\ronyy\Downloads\Programs
Microsoft Windows 10 Pro Version 21H2 19044.1586 (X64) (2022-03-20 04:58:15)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3137054515-3145759511-3776740820-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3137054515-3145759511-3776740820-503 - Limited - Disabled)
Guest (S-1-5-21-3137054515-3145759511-3776740820-501 - Limited - Disabled)
ronyy (S-1-5-21-3137054515-3145759511-3776740820-1001 - Administrator - Enabled) => C:\Users\ronyy
WDAGUtilityAccount (S-1-5-21-3137054515-3145759511-3776740820-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Bandicam 5.4.0 (HKLM-x32\...\Bandicam_is1) (Version: 5.4.0.1907 - Bandicam Company)
Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandicam.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 99.0.4844.74 - Google LLC)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: 6.40.8 - Tonec Inc.)
Lightshot-5.5.0.7 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.5.0.7 - Skillbrains)
Malwarebytes version 4.2.0.82 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.2.0.82 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 99.0.1150.46 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{5016990D-7F61-4A20-9451-A915D6616DD9}) (Version: 3.66.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.31.31103 (HKLM-x32\...\{2aaf1df0-eb13-4099-9992-962bb4e596d1}) (Version: 14.31.31103.0 - Microsoft Corporation)
NVIDIA FrameView SDK 1.2.7321.30900954 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.2.7321.30900954 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.25.0.84 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.25.0.84 - NVIDIA Corporation)
NVIDIA Graphics Driver 511.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 511.65 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.39.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.39.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH)

Packages:
=========
Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_1.24.7.0_x64__6rarf9sa4v8jt [2022-03-20] (Disney)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.2180.0_x64__8wekyb3d8bbwe [2022-03-20] (Microsoft Studios) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.962.0_x64__56jybvy8sckqj [2022-03-20] (NVIDIA Corp.)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0 [2022-03-20] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2021-03-03] (Tonec Inc. -> Tonec FZE)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-03-20] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3b12ac0f95b18b9d\nvshext.dll [2022-02-11] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-03-20] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\system32\bdmjpeg64.dll [75248 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\system32\bdmpegv64.dll [75272 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\system32\bdmpega64.acm [75784 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\SysWOW64\bdmjpeg.dll [71152 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\SysWOW64\bdmpegv.dll [71176 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\SysWOW64\bdmpega.acm [71176 2017-01-26] (Bandicam Company -> )

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2022-03-20 12:51 - 2022-01-28 18:50 - 000939151 _____ (NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackendAPI32.dll
2022-03-20 12:25 - 2019-07-22 13:21 - 000580975 _____ (Skillbrains) [File not signed] C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2021-11-09] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2021-11-09] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 16:14 - 2022-03-20 15:06 - 000000986 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 bandicam.com
127.0.0.1 ssl.bandisoft.com
127.0.0.1 cert.bandicam.com
127.0.0.1 www.bandicam.com
127.0.0.1 telemetry.malwarebytes.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3137054515-3145759511-3776740820-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKU\S-1-5-21-3137054515-3145759511-3776740820-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3137054515-3145759511-3776740820-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_AA1589C437F3E6B1F041910641876AE9"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{BBF2DB33-6D79-42B8-B564-48B2D0DBF6D3}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{CACCFD91-F246-4C85-B885-51CD80DA782F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{8F0A5806-1720-4C0F-BA0A-FB26CD1D1DB0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{37A1BCFD-E6B5-40B5-A23C-9F2F377DFF87}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2138AEE1-4C74-4EE1-96D5-225B720C256F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C0D43546-E841-41F3-BF2B-093A233DE4CB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E861E1E0-9627-499F-8310-8EFA6CB64B76}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3A1062BF-61BE-4C06-A563-5686E3217AAC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A18C084A-18A2-4E7C-AB2C-7AE64657D062}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{906E0DD8-5999-4A64-BBD0-9CF5412781CA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7D08FC92-14C5-4A93-A67B-E58C3C617950}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{353C0F95-1847-4275-A1F7-74E3C7FE716B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{0483F67D-C015-4993-8238-233B6179B4BF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{0608FAB4-21A0-4317-BCB5-F01DAAB15185}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{9F1AAC28-D6CC-48E8-B626-0EF8F430404D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{74390A32-B080-4E50-AA81-A6A63771A86C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{562FEF54-43A0-4A57-BB38-8C22D3C2812A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{68362087-DF0F-41F6-81D4-F3B8337A8C32}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{67C26287-1604-4403-A73B-50FBFE1F5BBD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{ED4E52C0-F5CC-442D-86BA-B2CDF54ABE53}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\New World\NewWorldLauncher.exe (Amazon.com Services LLC -> EasyAntiCheat Ltd)
FirewallRules: [{04EC1CFD-4389-45EB-B0DE-E4C04AA9C3D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\New World\NewWorldLauncher.exe (Amazon.com Services LLC -> EasyAntiCheat Ltd)
FirewallRules: [TCP Query User{1B08090A-6608-4D9A-AC2B-742AD9104134}C:\program files (x86)\steam\steamapps\common\new world\bin64\newworld.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\new world\bin64\newworld.exe (Amazon.com Services LLC -> Amazon.com, Inc.)
FirewallRules: [UDP Query User{1F194731-EEFB-4E46-834E-01DE64CCF11A}C:\program files (x86)\steam\steamapps\common\new world\bin64\newworld.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\new world\bin64\newworld.exe (Amazon.com Services LLC -> Amazon.com, Inc.)
FirewallRules: [TCP Query User{CD313C63-7D35-41EB-91A6-625959EAD11F}E:\software\malwarebytesantmalwre420\malwarebytes.anti-malware.premium.4.2.0.82\licensemalwarebytes.exe] => (Allow) E:\software\malwarebytesantmalwre420\malwarebytes.anti-malware.premium.4.2.0.82\licensemalwarebytes.exe => No File
FirewallRules: [UDP Query User{150DF8DC-FDDC-45E7-BF87-E60BA288B032}E:\software\malwarebytesantmalwre420\malwarebytes.anti-malware.premium.4.2.0.82\licensemalwarebytes.exe] => (Allow) E:\software\malwarebytesantmalwre420\malwarebytes.anti-malware.premium.4.2.0.82\licensemalwarebytes.exe => No File
FirewallRules: [{4FC1AC12-701E-4513-9F23-3B47F56E705C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C5195A0B-D0BD-4539-A556-37BFC0208528}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D25CEB34-0C79-4452-B850-AC298C48667F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{85626855-C0D5-43A2-9244-9E44A1BCCA40}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

==================== Restore Points =========================

20-03-2022 12:50:08 Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821

==================== Faulty Device Manager Devices ============

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (03/20/2022 08:25:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program steam.exe version 7.15.2.67 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 568

Start Time: 01d83c5d7a9c2fde

Termination Time: 14

Application Path: C:\Program Files (x86)\Steam\steam.exe

Report Id: 3193963c-e078-4957-95e0-93156d987950

Faulting package full name:

Faulting package-relative application ID:

Hang type: Cross-thread

Error: (03/20/2022 02:39:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: steamwebhelper.exe, version: 7.15.2.67, time stamp: 0x622f9c41
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1503, time stamp: 0xb2acaea9
Exception code: 0xc0000602
Fault offset: 0x000000000010b382
Faulting process id: 0x988
Faulting application start time: 0x01d83c2c5842931d
Faulting application path: C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: cec98c23-9be6-4c6f-b401-bd4c7195e810
Faulting package full name:
Faulting package-relative application ID:

Error: (03/20/2022 01:26:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program drvinst.exe version 10.0.19041.1202 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1030

Start Time: 01d83c22c1fd8d20

Termination Time: 1

Application Path: C:\Windows\System32\drvinst.exe

Report Id: cebf2de4-6323-43a8-b62b-4a4e37cb554f

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown

Error: (03/20/2022 12:58:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: setup.exe_NVIDIA Install Application, version: 2.1002.363.0, time stamp: 0x614c2b7d
Faulting module name: NvInstallerUtil.dll_unloaded, version: 16.10.8.0, time stamp: 0x5f92dca4
Exception code: 0xc0000005
Fault offset: 0x001a477d
Faulting process id: 0x1904
Faulting application start time: 0x01d83c1f3265b49d
Faulting application path: C:\ProgramData\NVIDIA Corporation\Downloader\latest\setup.exe
Faulting module path: NvInstallerUtil.dll
Report Id: 1751c863-a5c9-4839-b8b5-3498d7f282eb
Faulting package full name:
Faulting package-relative application ID:

Error: (03/20/2022 12:51:31 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (03/21/2022 01:54:50 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON.

Error: (03/21/2022 01:52:44 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1409.


System errors:
=============
Error: (03/20/2022 07:48:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (03/20/2022 07:48:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Error: (03/20/2022 07:45:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Microsoft Defender Antivirus Service service terminated with the following error:
%%2147943515 = A system shutdown is in progress.

Error: (03/20/2022 07:43:45 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-83B9H6O)
Description: The server microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout.

Error: (03/20/2022 07:29:09 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (03/20/2022 07:29:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (03/20/2022 07:29:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Error: (03/20/2022 03:28:04 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.


Windows Defender:
================
Date: 2022-03-20 14:29:26
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Floxif.H&threatid=2147684851&enterprise=0
Name: Virus:Win32/Floxif.H
Severity: Severe
Category: Virus
Path: file:_C:\Users\ronyy\Downloads\VC_redist.x64.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.361.328.0, AS: 1.361.328.0, NIS: 1.361.328.0
Engine Version: AM: 1.1.19000.8, NIS: 1.1.19000.8

Date: 2022-03-20 14:29:11
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Floxif.H&threatid=2147684851&enterprise=0
Name: Virus:Win32/Floxif.H
Severity: Severe
Category: Virus
Path: file:_E:\Software\Steam\SteamSetup.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.361.328.0, AS: 1.361.328.0, NIS: 1.361.328.0
Engine Version: AM: 1.1.19000.8, NIS: 1.1.19000.8

Date: 2022-03-20 14:29:09
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Floxif.H&threatid=2147684851&enterprise=0
Name: Virus:Win32/Floxif.H
Severity: Severe
Category: Virus
Path: file:_E:\Software\Rufus\rufus-3.11p.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.361.328.0, AS: 1.361.328.0, NIS: 1.361.328.0
Engine Version: AM: 1.1.19000.8, NIS: 1.1.19000.8

Date: 2022-03-20 14:29:08
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Floxif.H&threatid=2147684851&enterprise=0
Name: Virus:Win32/Floxif.H
Severity: Severe
Category: Virus
Path: file:_E:\Software\Opera\OperaSetup.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.361.328.0, AS: 1.361.328.0, NIS: 1.361.328.0
Engine Version: AM: 1.1.19000.8, NIS: 1.1.19000.8

Date: 2022-03-20 14:29:07
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Floxif.H&threatid=2147684851&enterprise=0
Name: Virus:Win32/Floxif.H
Severity: Severe
Category: Virus
Path: file:_E:\Software\Notepad++\npp.8.3.Installer.x64.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.361.328.0, AS: 1.361.328.0, NIS: 1.361.328.0
Engine Version: AM: 1.1.19000.8, NIS: 1.1.19000.8

==================== Memory info ===========================

BIOS: American Megatrends Inc. P1.30 03/02/2013
Motherboard: ASRock B75M-GL R2.0
Processor: Intel® Core™ i5-3330 CPU @ 3.00GHz
Percentage of memory in use: 49%
Total physical RAM: 8134.59 MB
Available physical RAM: 4139.62 MB
Total Virtual: 10054.59 MB
Available Virtual: 5631.13 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:287.67 GB) (Free:194.43 GB) NTFS
Drive d: (Data) (Fixed) (Total:200 GB) (Free:165.29 GB) NTFS
Drive e: (Software) (Fixed) (Total:199.59 GB) (Free:180.1 GB) NTFS
Drive f: (Collage) (Fixed) (Total:244.14 GB) (Free:201.3 GB) NTFS
Drive g: (ESD_ISO) (Removable) (Total:14.6 GB) (Free:7.14 GB) NTFS
Drive h: (UEFI_NTFS) (Removable) (Total:0 GB) (Free:0 GB) FAT

\\?\Volume{035a6c5d-809a-4cd3-927c-8358ce94d3af}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: FE0C52E9)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 14.6 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

Please help me... what should I do?

Edited by Oh My!, 20 March 2022 - 08:55 AM.

Greetings Rhonychi and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:

• First, please keep in mind most of us at BleepingComputer volunteer our assistance for your benefit in your time of need. Please try to match our commitment to you with your patience toward us.
• It is important to not run any tools or take any steps other than those I will provide for you.
• Please perform all steps in the order they are listed. If things are not clear or you experience problems be sure to stop and let me know.
• Please copy and paste all logs into your post unless otherwise requested.
• When your computer is clean I will let you know, provide instructions to remove tools and reports, and offer you information about how you can combat future infections.
• If you do not reply to your topic after 5 days I will assume it has been abandoned and I will close it.

===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and let me know.

Please allow me some time to review what you have posted.

Hi, gary thanks for your quick response.
I really appreciate it..
I hope to get a solution for my problem soon...
 

Greetings Rhonychi and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:

• First, please keep in mind most of us at BleepingComputer volunteer our assistance for your benefit in your time of need. Please try to match our commitment to you with your patience toward us.
• It is important to not run any tools or take any steps other than those I will provide for you.
• Please perform all steps in the order they are listed. If things are not clear or you experience problems be sure to stop and let me know.
• Please copy and paste all logs into your post unless otherwise requested.
• When your computer is clean I will let you know, provide instructions to remove tools and reports, and offer you information about how you can combat future infections.
• If you do not reply to your topic after 5 days I will assume it has been abandoned and I will close it.

===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and let me know.

Please allow me some time to review what you have posted.

 

Greetings.

The first thing we need to do is uninstall any and all software requiring proper activation for which you do not have a valid license key.

Hi there,

I have removed some of the software, what are the next steps?

Thank you.

Please consider and do this.

===================================================

Farbar Recovery Scan Tool Fix

--------------------

• Right click on the FRST icon and select Run as administrator
• Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
• There is no need to paste the information anywhere, FRST will do it for you

Start::
CreateRestorePoint:
CloseProcesses:
File: C:\Windows\system32\dlcoer.dll
cmd: type C:\Users\Public\oem.ini
HKU\S-1-5-21-3137054515-3145759511-3776740820-1001\...\Run: [AdobeBridge] => [X]
AppInit_DLLs-x32: C:\Windows\system32\dlcoer.dll => C:\Windows\SysWOW64\dlcoer.dll [69337 2022-03-20] (Microsoft Corporation) [File not signed]
2022-03-20 14:53 - 2022-03-20 14:53 - 000000000 ____D C:\Users\ronyy\AppData\LocalLow\Temp
C:\Windows\system32\dlcoer.dll
C:\Windows\SysWOW64\dlcoer.dll
FirewallRules: [TCP Query User{CD313C63-7D35-41EB-91A6-625959EAD11F}E:\software\malwarebytesantmalwre420\malwarebytes.anti-malware.premium.4.2.0.82\licensemalwarebytes.exe] => (Allow) E:\software\malwarebytesantmalwre420\malwarebytes.anti-malware.premium.4.2.0.82\licensemalwarebytes.exe => No File
FirewallRules: [UDP Query User{150DF8DC-FDDC-45E7-BF87-E60BA288B032}E:\software\malwarebytesantmalwre420\malwarebytes.anti-malware.premium.4.2.0.82\licensemalwarebytes.exe] => (Allow) E:\software\malwarebytesantmalwre420\malwarebytes.anti-malware.premium.4.2.0.82\licensemalwarebytes.exe => No File
cmd: dir /AL /S c:\Documents and Settings
zip: C:\Program Files (x86)\Internet Download Manager\IDMan.exe.dat
End::

• Click Fix
• When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
• The tool will create a zipped folder in the same location from where FRST was run with today's date, example: 02.17.2022_13.24.50.zip. Please upload the file here.

===================================================

Running Malwarebytes Premium in Side-by-Side Mode

--------------------

I would recommend modifying your system settings to run Malwarebytes Premium in Side-by-Side Mode as explained and detailed Run Malwarebytes in Side-by-Side Mode]here.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

• Fixlog
• Uploaded zip file

Hi Gary thanks for your help... I've uploaded the zipped file at the link.

About Fixlog.txt here's the result...
 

Thank you.

Please run a new FRST scan and copy/paste the reports in your reply.

Thank you.

Please run a new FRST scan and copy/paste the reports in your reply.

FRST.txt

Thank you.

Are you receiving any detection warnings or other issues with the computer?

Please do this.

===================================================

Farbar Recovery Scan Tool SearchAll

--------------------

• Right click on FRST and select Run as administrator
• Copy/paste the following in the Search: box

SearchAll: dlcoer

• Click Search Files button
• When completed click OK and a Search.txt document will open on your desktop
• Copy and paste the report in your reply. If the file is too large zip and upload it here.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

• Search.txt
• How is the computer running?

Hi Gary, how are you?

I feel very good now...

 

About my case,
I'm not receiving any warnings now, and Steam is running normally, my computer feels like it's back to normal.

I don't know if my problem is over, but I want to thank you first. 
 

Here's the result Search.txt

 

Farbar Recovery Scan Tool (x64) Version: 20-03-2022

Glad to hear things are better. We need to remove 2 more files. In addition I would like us to run one more scan.

Please do these things.

===================================================

Farbar Recovery Scan Tool Fix

--------------------

• Right click on the FRST icon and select Run as administrator
• Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
• There is no need to paste the information anywhere, FRST will do it for you

Start::
C:\Windows\SysWOW64\dlcoer.dll.000
C:\Users\ronyy\AppData\Local\VirtualStore\Windows\SysWOW64\dlcoer.dll.000
End::

• Click Fix
• When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

===================================================

ESET Online Scanner

--------------------

Note: You can expect this process to take a long time, up to several hours or more.

• Download ESET Free Online Scanner - ONE-TIME SCAN and save it to your Desktop
• Right click on esetonlinescanner_enu.exe and select Run as administrator
• Click Computer Scan
• Click Full scan
• Select Enable ESET to detect and quarantine potentially unwanted applications
• Click Start scan
• Once completed click Save scan log and save it to your Desktop as ESETScan.txt
• Click Continue then finally click Close
• Copy and paste the ESETScan.txt file contents in your reply

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

• Fixlog
• ESET report

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.

• Do you still need help with this?
• If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Things are looking good. Are there any remaining questions or concerns you might have before I post some tool/log clean up instructions and other information for you to consider going forward? Here is our final step and some additional information to consider.