Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2021 Ran by Ceek (23-11-2021 20:36:54) Running from C:\Users\Ceek\Downloads Microsoft Windows 10 Pro Version 21H1 19043.1288 (X64) (2020-08-06 13:56:54) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-645998501-1037966316-1842171046-500 - Administrator - Disabled) Ceek (S-1-5-21-645998501-1037966316-1842171046-1001 - Administrator - Enabled) => C:\Users\Ceek DefaultAccount (S-1-5-21-645998501-1037966316-1842171046-503 - Limited - Disabled) Guest (S-1-5-21-645998501-1037966316-1842171046-501 - Limited - Disabled) Guest123 (S-1-5-21-645998501-1037966316-1842171046-1002 - Limited - Enabled) => C:\Users\Guest123 WDAGUtilityAccount (S-1-5-21-645998501-1037966316-1842171046-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\uTorrent) (Version: 3.5.5.46038 - BitTorrent Inc.) Adobe After Effects 2019 (HKLM-x32\...\AEFT_16_1) (Version: 16.1 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.3.1.470 - Adobe Inc.) Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.465 - Adobe) Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: - Adobe) Adobe Media Encoder 2020 (HKLM-x32\...\AME_14_3_1) (Version: 14.3.1 - Adobe Inc.) Adobe Photoshop 2020 (HKLM-x32\...\PHSP_21_0_1) (Version: 21.0.1 - Adobe Inc.) Adobe Premiere Pro 2020 (HKLM-x32\...\PPRO_14_3_1) (Version: 14.3.1 - Adobe Inc.) Apple Application Support (32-bit) (HKLM-x32\...\{CCA8C50D-785B-4896-8675-FFE0C4ECCBC3}) (Version: 8.7 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{75BEF7E8-4370-4D42-94F3-B5AA77057965}) (Version: 8.7 - Apple Inc.) Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.) ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts) BCC 8 OFX 64Bit (HKLM\...\{24D38864-527F-4688-B831-A1A4CC60CD54}) (Version: 8.0.1 - Boris FX, Inc.) Bitcoin Core (64-bit) (HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\Bitcoin Core (64-bit)) (Version: 0.20.1 - Bitcoin Core project) BlueStacks (HyperV) Beta (HKLM\...\BlueStacks_bgp64_hyperv) (Version: 4.240.15.4204 - BlueStack Systems, Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Boris FX Sapphire Plug-ins 2019.52 for After Effects and Compatible Products (HKLM\...\GenArts Sapphire AE_is1) (Version: 12.520 - Boris FX, Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.85 - Piriform) Daedalus Mainnet (HKLM-x32\...\Daedalus Mainnet) (Version: 4.1.0 - IOHK) Discord (HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\Discord) (Version: 0.0.310 - Discord Inc.) Elgato Game Capture HD (HKLM\...\{C562FDFF-7048-45A9-A3D0-37949D7B2730}) (Version: 3.70.47.3047 - Elgato Systems GmbH) Epic Games Launcher (HKLM-x32\...\{0E63B233-DC24-442C-BD38-0B91D90FEC5B}) (Version: 1.1.167.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.1 - Seiko Epson Corporation) FiveM (HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\CitizenFX_FiveM) (Version: - Cfx.re) FL Studio 20 (HKLM-x32\...\FL Studio 20) (Version: - Image-Line) FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line) Freemake Video Converter version 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation) Game Capture HD60 v2.1.1.5 (HKLM-x32\...\Software_Elgato_Game Capture HD60) (Version: 2.1.1.5 - Elgato Systems) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 96.0.4664.45 - Google LLC) Immutable 0.13.7 (HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\{6ae4b193-3f11-53fc-9cc5-14b1f1a73184}) (Version: 0.13.7 - Immutable) Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Malwarebytes version 4.4.10.144 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.10.144 - Malwarebytes) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 96.0.1054.29 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 96.0.1054.29 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\OneDriveSetup.exe) (Version: 21.205.1003.0005 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-645998501-1037966316-1842171046-1002\...\OneDriveSetup.exe) (Version: 21.030.0211.0002 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation) Minecraft Launcher (HKLM-x32\...\{D0972543-9D51-4A1A-A765-E5A7B1CB09E5}) (Version: 1.0.0.0 - Mojang) MSI Afterburner 4.6.2 (HKLM-x32\...\Afterburner) (Version: 4.6.2 - MSI Co., LTD) NiceHash Miner 3.0.6.5 (only current user) (HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\8abad8e2-b957-48ed-92ba-4339c2a40e78) (Version: 3.0.6.5 - H-BIT, d.o.o.) NVIDIA FrameView SDK 1.1.4923.29214634 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29214634 - NVIDIA Corporation) NVIDIA GeForce Experience 3.20.5.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.5.70 - NVIDIA Corporation) NVIDIA Graphics Driver 461.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 461.40 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation) NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation) Optus Wireless Broadband (HKLM-x32\...\Optus Wireless Broadband) (Version: 11.300.05.02.74 - Huawei Technologies Co.,Ltd) Origin (HKLM-x32\...\Origin) (Version: 10.5.106.49298 - Electronic Arts, Inc.) Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment) Project64 version 2.3.2.202 (HKLM-x32\...\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1) (Version: 2.3.2.202 - ) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.) Razer Chroma SDK (HKLM-x32\...\Razer Chroma SDK) (Version: 2.20.0 - Razer Inc.) Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.21.20.606 - Razer Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8228 - Realtek Semiconductor Corp.) Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.46.448 - Rockstar Games) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.9.0 - Rockstar Games) Spotify (HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\Spotify) (Version: 1.1.48.625.g1c87c7f7 - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) uTorrent Web (HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\utweb) (Version: 1.2.3 - BitTorrent, Inc.) VEGAS Pro 15.0 (HKLM\...\{BE730580-7AF7-11E8-84B6-00155D6306C5}) (Version: 15.0.384 - VEGAS) VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN) Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22899 - Microsoft Corporation) Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation) WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH) XTREME GAMING ENGINE (HKLM-x32\...\GIGABYTE XTREME GAMING ENGINE_is1) (Version: 1.2.6.0 - GIGABYTE Technology Co.,Inc.) Packages: ========= Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc [2020-07-23] (Adobe Systems Incorporated) Cover - Comic reader -> C:\Program Files\WindowsApps\FrenchFry.Cover_3.8.3.0_x64__a3mvwcjazefp4 [2021-11-06] (French Fry) Forza Horizon 4 -> C:\Program Files\WindowsApps\Microsoft.SunriseBaseGame_1.474.687.2_x64__8wekyb3d8bbwe [2021-09-04] (Microsoft Studios) iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa [2021-10-31] (Apple Inc.) [Startup Task] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad] NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-05-30] (NVIDIA Corp.) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-645998501-1037966316-1842171046-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6} CustomCLSID: HKU\S-1-5-21-645998501-1037966316-1842171046-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-7822C329CE51} -> [Creative Cloud Files] => C:\Users\Ceek\Creative Cloud Files [2019-11-13 02:02] CustomCLSID: HKU\S-1-5-21-645998501-1037966316-1842171046-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-11-23] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-11-23] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-11-23] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-11-23] (Adobe Inc. -> ) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-09-28] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d67c20d727d4578c\nvshext.dll [2021-01-23] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-11-23] (Adobe Inc. -> ) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-09-28] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2021-07-30 17:28 - 2021-03-20 22:33 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll 2021-10-31 13:21 - 2021-03-20 22:34 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll 2021-10-31 13:21 - 2021-03-20 22:33 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll 2021-10-31 13:21 - 2021-03-20 22:34 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll 2021-10-31 13:21 - 2021-03-20 22:34 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll 2021-10-31 13:21 - 2021-03-20 22:34 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll 2021-10-31 13:21 - 2021-03-20 22:34 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll 2021-10-31 13:21 - 2021-03-20 22:34 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll 2021-10-31 13:21 - 2021-03-20 22:34 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Reprise:jhqduwvxlctbqqijsf`usjbm`bfjhiqhnhm [0] AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [464] ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC SearchScopes: HKU\S-1-5-21-645998501-1037966316-1842171046-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 SearchScopes: HKU\S-1-5-21-645998501-1037966316-1842171046-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2019-11-19] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2019-11-19] (Oracle America, Inc. -> Oracle Corporation) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2018-09-15 18:01 - 2019-11-13 00:55 - 000000826 _____ C:\WINDOWS\system32\drivers\etc\hosts 2018-10-10 19:51 - 2021-11-23 19:36 - 000000447 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics 172.26.224.1 DESKTOP-EKO6TT0.mshome.net # 2026 11 0 22 9 6 29 799 ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR HKU\S-1-5-21-645998501-1037966316-1842171046-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ceek\Desktop\goggogog.jpg HKU\S-1-5-21-645998501-1037966316-1842171046-1002\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg DNS Servers: 10.1.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run: => "SecurityHealth" HKLM\...\StartupApproved\Run: => "RTHDVCPL" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0" HKLM\...\StartupApproved\Run: => "Adobe Creative Cloud" HKLM\...\StartupApproved\Run: => "Elgato Sound Capture" HKLM\...\StartupApproved\Run32: => "amd_dc_opt" HKLM\...\StartupApproved\Run32: => "Razer Synapse" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKLM\...\StartupApproved\Run32: => "ProductUpdater" HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess" HKLM\...\StartupApproved\Run32: => "system_jconsole.jar" HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\StartupApproved\StartupFolder: => "GIGABYTE XTREME GAMING ENGINE.lnk" HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\StartupApproved\Run: => "uTorrent" HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\StartupApproved\Run: => "utweb" HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\StartupApproved\Run: => "EpicGamesLauncher" HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\StartupApproved\Run: => "Synapse3" HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning" HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\StartupApproved\Run: => "Plex Media Server" HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\StartupApproved\Run: => "Battle.net" HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\StartupApproved\Run: => "CCXProcess" HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\StartupApproved\Run: => "Discord" HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\StartupApproved\Run: => "Spotify" HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\StartupApproved\Run: => "electron.app.Cudo Miner" HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\StartupApproved\Run: => "EADM" HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\StartupApproved\Run: => "ut" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 31-10-2021 18:07:11 Scheduled Checkpoint 08-11-2021 17:49:20 Removed Elgato Game Capture HD 23-11-2021 19:44:16 Windows Modules Installer ==================== Faulty Device Manager Devices ============ Name: Realtek High Definition Audio Description: Realtek High Definition Audio Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318} Manufacturer: Realtek Service: IntcAzAudAddService Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ======================== Application errors: ================== Error: (11/23/2021 07:45:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddWin32ServiceFiles: Unable to back up image of service SshdBroker since QueryServiceConfig API failed System Error: The resource loader failed to find MUI file. . Error: (11/23/2021 07:45:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary vhdparser. System Error: Element not found. . Error: (11/23/2021 07:45:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary MsQuic. System Error: The resource loader failed to find MUI file. . Error: (11/23/2021 07:45:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary MQAC. System Error: The system cannot find the file specified. . Error: (11/09/2021 10:57:10 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (11/09/2021 10:02:06 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: ) Description: The storage optimiser couldn't complete re-trim on (E:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A) Error: (11/09/2021 10:01:59 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: ) Description: The storage optimiser couldn't complete re-trim on PortableBaseLayer (C:\ProgramData\Microsoft\Windows\Containers\BaseImages\d901dece-10a7-48be-b824-fcbe8621e5bd\BaseLayer) because: The file move failed. (0x89000016) Error: (11/09/2021 10:01:59 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: ) Description: The storage optimiser couldn't complete slab consolidation on PortableBaseLayer (C:\ProgramData\Microsoft\Windows\Containers\BaseImages\d901dece-10a7-48be-b824-fcbe8621e5bd\BaseLayer) because: The slab consolidation operation was aborted because a sufficient number of slabs could not be reclaimed (based on the limits specified in the registry). (0x89000028) System errors: ============= Error: (11/23/2021 08:27:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Volume Shadow Copy service terminated unexpectedly. It has done this 1 time(s). Error: (11/23/2021 07:55:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80240016: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.353.1449.0). Error: (11/23/2021 07:50:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Group Policy Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (11/23/2021 07:50:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Group Policy Client service to connect. Error: (11/23/2021 07:34:37 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 5:37:46 PM on ‎11/‎19/‎2021 was unexpected. Error: (11/19/2021 05:44:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (11/19/2021 05:44:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect. Error: (11/19/2021 05:42:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Security Center service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Windows Defender: ================ Date: 2021-11-23 20:34:40 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/CoinMiner!MSR&threatid=2147743972&enterprise=0 Name: Trojan:Win32/CoinMiner!MSR Severity: Severe Category: Trojan Path: file:_C:\Windows\System32\7B296FC0-376B-497d-B013-58F4D9633A22-5P-1.B5841A4C-A289-439d-8115-50AB69CD450B Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Users\Ceek\Downloads\FRST64.exe Security intelligence Version: AV: 1.353.1449.0, AS: 1.353.1449.0, NIS: 1.353.1449.0 Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4 Date: 2021-11-06 20:40:46 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-11-06 20:11:54 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-11-05 16:28:34 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-11-03 23:51:35 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Event[0]: Date: 2021-11-23 19:56:48 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.353.1449.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.18700.4 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. Date: 2021-11-23 19:56:48 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.353.1449.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 1.1.18700.4 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. Date: 2021-11-23 19:56:48 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.353.1449.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.18700.4 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. Date: 2021-11-19 17:52:14 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.353.1239.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.18700.4 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. Date: 2021-11-19 17:52:14 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.353.1239.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 1.1.18700.4 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. CodeIntegrity: =============== Date: 2021-11-23 20:40:11 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2021-11-23 20:39:00 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2021-11-23 20:36:21 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements. ==================== Memory info =========================== BIOS: American Megatrends Inc. F2 12/24/2015 Motherboard: Gigabyte Technology Co., Ltd. F2A88XM-D3HP Processor: AMD A8-6500 APU with Radeon(tm) HD Graphics Percentage of memory in use: 54% Total physical RAM: 8134.91 MB Available physical RAM: 3716.7 MB Total Virtual: 11590.91 MB Available Virtual: 4594.19 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:1861.94 GB) (Free:762.02 GB) NTFS Drive d: (System Reserved) (Fixed) (Total:0.54 GB) (Free:0.52 GB) NTFS Drive e: () (Fixed) (Total:232.35 GB) (Free:184.22 GB) NTFS Drive g: (The Lesson - Ceekah) (Fixed) (Total:931.48 GB) (Free:810.5 GB) NTFS \\?\Volume{5c12f414-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS \\?\Volume{629458e4-0000-0000-0000-010000000000}\ (PortableBaseLayer) (Fixed) (Total:8 GB) (Free:7.52 GB) NTFS \\?\Volume{5c12f414-0000-0000-0000-8082d1010000}\ () (Fixed) (Total:0.54 GB) (Free:0.1 GB) NTFS \\?\Volume{5c12f414-0000-0000-0000-d0a4d1010000}\ () (Fixed) (Total:0.44 GB) (Free:0.12 GB) NTFS ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 5C12F414) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1861.9 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=548 MB) - (Type=27) Partition 4: (Not Active) - (Size=450 MB) - (Type=27) ========================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 15EBF797) Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=232.3 GB) - (Type=07 NTFS) ========================================================== Disk: 2 (MBR Code: Windows 7/8/10) (Size: 8 GB) (Disk ID: 629458E4) Partition 1: (Not Active) - (Size=8 GB) - (Type=07 NTFS) ========================================================== Disk: 3 (Size: 931.5 GB) (Disk ID: 16F2A91F) Partition: GPT. ==================== End of Addition.txt =======================