Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-11-2021 Ran by Ceek (administrator) on DESKTOP-EKO6TT0 (23-11-2021 20:30:58) Running from C:\Users\Ceek\Downloads Loaded Profiles: Ceek Platform: Microsoft Windows 10 Pro Version 21H1 19043.1288 (X64) Language: English (United States) -> English (United Kingdom) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe (Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe (Freemake) [File not signed] C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <16> (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe (Google LLC -> Google) C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\SwReporter\93.269.200\software_reporter_tool.exe <4> (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_3.59.1001.0_x64__8wekyb3d8bbwe\gamingservices.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_3.59.1001.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe\HxTsr.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCopyAccelerator.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe (NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2> (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d67c20d727d4578c\Display.NvContainer\NVDisplay.Container.exe <2> (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM\...\Run: [Elgato Sound Capture] => C:\Program Files\Elgato\SoundCapture\SoundCapture.exe [1234944 2020-10-16] () [File not signed] HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235936 2017-08-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [598200 2018-06-07] (Razer USA Ltd. -> Razer Inc.) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2095672 2020-11-23] (Adobe Inc. -> Adobe Inc.) HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [75776 2016-07-18] () [File not signed] HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [114824 2020-11-23] (Adobe Inc. -> ) HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4110568 2021-07-21] (Valve -> Valve Corporation) HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [33310688 2021-09-03] (Epic Games Inc. -> Epic Games, Inc.) HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\Run: [uTorrent] => C:\Users\Ceek\AppData\Roaming\uTorrent\uTorrent.exe [2133544 2021-07-06] (BitTorrent Inc -> BitTorrent Inc.) HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35093120 2021-09-11] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net.exe [1109152 2019-11-06] (Blizzard Entertainment, Inc. -> Blizzard Entertainment) HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [114824 2020-11-23] (Adobe Inc. -> ) HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\Run: [Discord] => C:\Users\Ceek\AppData\Local\Discord\Update.exe [1512096 2021-05-24] (Discord Inc. -> GitHub) HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3145912 2021-10-19] (Electronic Arts, Inc. -> Electronic Arts) HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\Run: [Spotify] => C:\Users\Ceek\AppData\Roaming\Spotify\Spotify.exe [23592304 2020-12-15] (Spotify AB -> Spotify Ltd) HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\Run: [electron.app.Cudo Miner] => C:\Program Files\Cudo Miner\desktop\Cudo Miner Desktop.exe --autolaunch (No File) HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\Run: [utweb] => C:\Users\Ceek\AppData\Roaming\uTorrent Web\utweb.exe [5898272 2021-07-27] (BitTorrent Inc -> BitTorrent Inc.) HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\Run: [ut] => C:\Users\Ceek\AppData\Roaming\uTorrent\uTorrent.exe [2133544 2021-07-06] (BitTorrent Inc -> BitTorrent Inc.) HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\MountPoints2: {4a7e26cf-2fb2-11eb-bbe9-18d6c7af94b3} - "D:\AutoRun.exe" HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\96.0.4664.45\Installer\chrmstp.exe [2021-11-23] (Google LLC -> Google LLC) Startup: C:\Users\Ceek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE XTREME GAMING ENGINE.lnk [2020-08-04] ShortcutTarget: GIGABYTE XTREME GAMING ENGINE.lnk -> C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\autorun.exe () [File not signed] HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {14A0E53E-EFE2-4F7C-B893-748E55A89EB3} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {19C221A5-CE40-4084-99F8-CE229519A66B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-03] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {1A663F0D-78DD-4917-A672-0C30A1920D9A} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {1F55D74B-22F0-4377-927D-F633FE078304} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-18] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log Task: {2E304554-B225-4AEA-A261-670DD6F2B456} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {3A264418-5E98-41CB-AA88-6AEBDE706FFA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [29155968 2021-09-11] (Piriform Software Ltd -> Piriform Software Ltd) Task: {5795CA13-9CFC-4A15-8A8B-E677F64DF529} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {5D6C912C-1B27-46A4-B382-4DC9A43F1763} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646456 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {5DA0FA4D-6AE1-44D9-9746-78FEC90C9816} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2021-09-08] (Adobe Inc. -> Adobe) Task: {64752EE8-2204-42E6-B27D-34BF20A05DAD} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {6CD63078-5EAE-4B5E-AA84-612CD80661D6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.) Task: {76337188-B237-4C2A-85B8-CB80540E9707} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-04] (Google Inc -> Google Inc.) Task: {76604EBC-4544-4094-879C-8BACD0A98FAF} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {76EA25F6-561A-432A-8A15-05CB4E765833} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-ceekur1@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated) Task: {81580934-5A4A-40A9-8093-60039F159F00} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {8A924C62-0545-4465-A4F6-5DCAC77B2E0B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-04] (Google Inc -> Google Inc.) Task: {911BF3AB-7BBC-4D6C-B668-AA8FB3FB7C5B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-03] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {A30E2B89-3F6F-4520-B9F8-E708979B3AD2} - System32\Tasks\CCleanerSkipUAC - Ceek => C:\Program Files\CCleaner\CCleaner.exe [29155968 2021-09-11] (Piriform Software Ltd -> Piriform Software Ltd) Task: {ADDDAE82-EA86-4337-9EBD-A8E83D5DD256} - System32\Tasks\GoogleUpdateTaskMachineCore1d57c5651d8c276 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-04] (Google Inc -> Google Inc.) Task: {BE592D9D-34F8-46B1-9137-6CB39FF8E482} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-03] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {D2E7EAF7-FC48-4829-A90B-3D8CE8290F6D} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3301176 2020-10-21] (NVIDIA Corporation -> NVIDIA Corporation) Task: {D6E06C5F-9925-4B02-9E0D-922F9618B819} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-09-11] (Piriform Software Ltd -> Piriform) Task: {D938158D-C56C-42E7-A77F-9B4543A46C34} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-03] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {DEA08A0D-D248-40D3-A9F7-24A20707ACED} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-18] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log Task: {E0D3C361-EEA5-49ED-815D-BD21332F517D} - System32\Tasks\GoogleUpdateTaskMachineUA1d57c5651f54967 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-04] (Google Inc -> Google Inc.) Task: {E9A96842-39DE-47E2-97D5-CE56838A6EEB} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_pepper.exe [1499704 2021-09-08] (Adobe Inc. -> Adobe) Task: {FC2EA757-F0A0-4EA5-A60C-4C4FF05D23AB} - System32\Tasks\Launcher GIGABYTE XTREME GAMING ENGINE => C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\Xtreme.exe [78020552 2019-03-01] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGABYTE Technology Co.,Ltd.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.) Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-30] (Apple Inc. -> Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 10.1.1.1 Tcpip\..\Interfaces\{2adf8360-9237-4231-bc07-432d815ea201}: [DhcpNameServer] 10.1.1.1 Tcpip\..\Interfaces\{a07ed892-52be-4f33-81c5-5a293e59b779}: [DhcpNameServer] 10.1.1.1 Edge: ======= Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found] Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found] Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found] Edge Profile: C:\Users\Ceek\AppData\Local\Microsoft\Edge\User Data\Default [2021-09-29] FireFox: ======== FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2020-11-23] (Adobe Inc. -> Adobe Systems) FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2019-11-19] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2019-11-19] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2020-11-23] (Adobe Inc. -> Adobe Systems) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Default [2021-11-23] CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Extension: (Slides) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-10-04] CHR Extension: (Just Black) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aghfnjkcakhmadgdomlmlhhaocbkloab [2021-03-26] CHR Extension: (Docs) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-10-04] CHR Extension: (Google Drive) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-26] CHR Extension: (Touch VPN - Secure and unlimited VPN proxy) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bihmplhobchoageeokmgbdihknkjbknd [2020-10-24] CHR Extension: (YouTube) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-10-04] CHR Extension: (Honey) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2021-11-23] CHR Extension: (Sheets) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-10-04] CHR Extension: (Google Docs Offline) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-25] CHR Extension: (Grammarly for Chrome) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-11-23] CHR Extension: (MetaMask) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2021-11-09] CHR Extension: (Chrome Web Store Payments) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30] CHR Extension: (Gmail) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23] CHR Profile: C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-11-23] CHR Profile: C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-10-11] CHR Extension: (Slides) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-09-03] CHR Extension: (Docs) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2021-09-03] CHR Extension: (Google Drive) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-09-03] CHR Extension: (YouTube) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-09-03] CHR Extension: (Sheets) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-09-03] CHR Extension: (Google Docs Offline) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-09-28] CHR Extension: (Chrome Web Store Payments) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-09-03] CHR Extension: (Gmail) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-09-03] CHR Profile: C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\System Profile [2021-11-23] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2021-09-08] (Adobe Inc. -> Adobe) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [852024 2020-11-23] (Adobe Inc. -> Adobe Inc.) R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3833088 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3603200 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8577760 2019-07-20] (BattlEye Innovations e.K. -> ) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803456 2019-08-10] (EasyAntiCheat Oy -> EasyAntiCheat Ltd) R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2016-07-18] (Freemake) [File not signed] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7848632 2021-11-09] (Malwarebytes Inc -> Malwarebytes) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2557656 2021-10-19] (Electronic Arts, Inc. -> Electronic Arts) R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3476184 2021-10-19] (Electronic Arts, Inc. -> Electronic Arts) R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2020-07-01] (Even Balance, Inc. -> ) R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [449664 2018-08-29] (Razer USA Ltd. -> Razer Inc.) R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [942720 2018-09-12] (Razer USA Ltd. -> Razer Inc.) S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [2074928 2021-09-05] (Rockstar Games, Inc. -> Rockstar Games) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5414976 2021-10-14] (Microsoft Windows Publisher -> Microsoft Corporation) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe [2872024 2021-11-03] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe [128376 2021-11-03] (Microsoft Windows Publisher -> Microsoft Corporation) R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d67c20d727d4578c\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d67c20d727d4578c\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.) S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.) S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed] S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed] S3 ElgatoGC656Y; C:\WINDOWS\System32\Drivers\ElgatoGC656.sys [43392 2019-11-08] (Elgato Systems LLC -> UB658) S3 ElgatoVAD; C:\WINDOWS\System32\drivers\ElgatoVAD.sys [39208 2020-09-14] (Elgato Systems LLC -> Elgato Systems GmbH) S3 GVCIDrv; C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\GVCIDrv64.sys [16712 2019-01-15] (GIGA-BYTE TECHNOLOGY CO., LTD. -> ) S3 hwdatacard; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [115328 2008-09-26] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210344 2021-09-28] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-09-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-11-09] (Malwarebytes Inc -> Malwarebytes) R3 MpKsl17d253a0; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{45822AC0-A737-4DC8-9B61-EB5FE3C0FC81}\MpKslDrv.sys [130296 2021-11-23] (Microsoft Windows -> Microsoft Corporation) R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions) S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2019-01-10] (TunnelBear, Inc. -> The OpenVPN Project) S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project) S3 tesrsdt; C:\Windows\system32\drivers\tesrsdt.sys [442128 2019-10-07] (Tencent Technology(Shenzhen) Company Limited -> TENCENT) S3 TesSafe; C:\Windows\system32\TesSafe.sys [555064 2019-10-07] (Tencent Technology(Shenzhen) Company Limited -> TENCENT) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48520 2021-11-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [435424 2021-11-03] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86240 2021-11-03] (Microsoft Windows -> Microsoft Corporation) S3 dg_ssudbus; \SystemRoot\system32\DRIVERS\ssudbus.sys [X] S3 ssudmdm; \SystemRoot\system32\DRIVERS\ssudmdm.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-11-23 20:30 - 2021-11-23 20:34 - 000027581 _____ C:\Users\Ceek\Downloads\FRST.txt 2021-11-23 20:24 - 2021-11-23 20:33 - 000000000 ____D C:\FRST 2021-11-23 20:20 - 2021-11-23 20:23 - 002311680 _____ (Farbar) C:\Users\Ceek\Downloads\FRST64.exe 2021-11-19 17:50 - 2021-11-19 17:50 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC 2021-11-19 17:49 - 2021-11-19 17:49 - 000000000 ___HD C:\$WinREAgent 2021-11-19 17:45 - 2021-11-19 17:45 - 000001146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk 2021-11-19 17:44 - 2021-11-19 17:44 - 000000000 ____D C:\Program Files\PCHealthCheck 2021-11-09 17:45 - 2021-11-09 17:45 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2021-11-05 00:03 - 2021-11-05 00:07 - 001877226 ____H C:\Users\Ceek\Downloads\.cdf09bffc475789aa557eff19a090735412be99d.parts 2021-11-04 23:56 - 2021-11-04 23:56 - 000000000 ____D C:\Users\Ceek\Downloads\Shutter Island (2010) [1080p] 2021-10-29 01:32 - 2021-10-29 01:32 - 000003112 _____ C:\Users\Ceek\Downloads\sendsreceives (1).csv 2021-10-24 21:41 - 2021-10-24 21:45 - 002277448 ____H C:\Users\Ceek\Downloads\.c62db96f2940fffc47a76c82c88857a68e27a235.parts 2021-10-24 21:41 - 2021-10-24 21:41 - 000000000 ____D C:\Users\Ceek\Downloads\Se7en ( 1995 ) ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-11-23 20:31 - 2018-10-04 00:48 - 000000000 ____D C:\Program Files (x86)\Google 2021-11-23 20:11 - 2020-08-04 17:17 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-11-23 20:11 - 2019-12-07 19:44 - 000000000 ___HD C:\Program Files\WindowsApps 2021-11-23 20:11 - 2019-12-07 19:44 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-11-23 20:05 - 2018-10-04 00:58 - 000000000 ____D C:\ProgramData\Packages 2021-11-23 20:00 - 2018-10-04 00:49 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-11-23 19:57 - 2018-10-04 00:54 - 000000000 ____D C:\ProgramData\NVIDIA 2021-11-23 19:55 - 2019-12-07 19:33 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-11-23 19:55 - 2019-11-13 00:35 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData 2021-11-23 19:53 - 2019-12-07 19:44 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-11-23 19:44 - 2020-08-07 00:04 - 000000000 ____D C:\Users\Ceek 2021-11-23 19:43 - 2019-02-06 00:09 - 000000000 ____D C:\Program Files\CCleaner 2021-11-23 19:43 - 2018-10-11 08:57 - 000000000 ____D C:\WINDOWS\system32\MRT 2021-11-23 19:36 - 2018-10-11 08:57 - 141529560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2021-11-23 19:36 - 2018-10-10 19:51 - 000000447 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics 2021-11-23 19:34 - 2020-08-07 00:24 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-11-23 19:34 - 2020-08-07 00:00 - 000001134 _____ C:\WINDOWS\system32\config\VSMIDK 2021-11-23 19:34 - 2020-08-07 00:00 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2021-11-19 17:49 - 2020-08-07 00:24 - 000004164 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{ED5B5B48-7E3F-4564-83B0-C116BE17DE2A} 2021-11-19 17:49 - 2020-08-07 00:24 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2021-11-19 17:49 - 2020-08-07 00:24 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2021-11-09 22:57 - 2019-12-07 19:33 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2021-11-08 17:37 - 2021-07-30 17:44 - 000002376 _____ C:\Users\Ceek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-11-08 17:37 - 2020-08-07 00:24 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-645998501-1037966316-1842171046-1001 2021-11-06 21:48 - 2018-10-04 17:10 - 000000000 ____D C:\Users\Ceek\AppData\Local\Packages 2021-11-05 02:50 - 2018-10-07 21:45 - 000000000 ____D C:\Users\Ceek\AppData\Roaming\uTorrent Web 2021-11-05 02:40 - 2021-09-27 01:53 - 000000000 ____D C:\Users\Ceek\AppData\Roaming\vlc 2021-11-05 02:01 - 2019-10-12 21:55 - 000000000 ____D C:\Users\Ceek\AppData\Local\BitTorrentHelper 2021-11-05 00:17 - 2019-12-07 19:43 - 000000000 ____D C:\WINDOWS\INF 2021-11-05 00:16 - 2020-08-16 19:43 - 002220464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll 2021-11-05 00:16 - 2020-08-16 19:43 - 000324016 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll 2021-11-05 00:16 - 2020-08-16 19:43 - 000217520 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy.dll 2021-11-05 00:16 - 2020-08-16 19:43 - 000197048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll 2021-11-05 00:16 - 2020-08-16 19:43 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll 2021-11-05 00:16 - 2020-08-16 19:43 - 000061872 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamemodcontrol.exe 2021-11-03 22:12 - 2018-10-04 16:55 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2021-10-31 13:21 - 2020-07-01 11:42 - 000000000 ____D C:\Program Files (x86)\Origin 2021-10-25 00:50 - 2021-10-14 01:36 - 004268032 ____H C:\Users\Ceek\Downloads\.d2699d31ac68736d20999fdf678a06295709a695.parts ==================== Files in the root of some directories ======== 2020-02-01 20:06 - 2021-09-10 00:32 - 000001456 _____ () C:\Users\Ceek\AppData\Local\Adobe Save for Web 13.0 Prefs 2019-11-14 18:54 - 2019-11-14 18:54 - 000000000 _____ () C:\Users\Ceek\AppData\Local\oobelibMkey.log 2019-08-10 01:11 - 2021-10-11 22:38 - 000007603 _____ () C:\Users\Ceek\AppData\Local\Resmon.ResmonCfg ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================