Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I need someone to Check my Farbar logs and make a fixlist


  • Please log in to reply

#1
Ceekah

Ceekah

    New Member

  • Member
  • Pip
  • 1 posts

Hey, I've been suspicious of my Desktop for awhile now and am starting the get paranoid. I have already ran a scan with Farbar could you kindly get me a fixlist? 
 

If this doesn't work, Should I Isolate the drives offline and just do a clean install? 

 

Rules/Tasks Found 

@Firewall.dll, -80206

@Firewall.dll, -80204

@Netlogon.dll,-1003

@Netlogon.dll, -1008 

 

Also found a Task Called VMMEM that's suspended and I cant view properties or goto file location. Is being ran by user 56E05F1B-F6B7-9057-0A0D8D9445F1

have posted elsewhere looking for help 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-11-2021
Ran by Ceek (administrator) on DESKTOP-EKO6TT0 (23-11-2021 20:30:58)
Running from C:\Users\Ceek\Downloads
Loaded Profiles: Ceek
Platform: Microsoft Windows 10 Pro Version 21H1 19043.1288 (X64) Language: English (United States) -> English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(Freemake) [File not signed] C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <16>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(Google LLC -> Google) C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\SwReporter\93.269.200\software_reporter_tool.exe <4>
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_3.59.1001.0_x64__8wekyb3d8bbwe\gamingservices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_3.59.1001.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCopyAccelerator.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d67c20d727d4578c\Display.NvContainer\NVDisplay.Container.exe <2>
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [Elgato Sound Capture] => C:\Program Files\Elgato\SoundCapture\SoundCapture.exe [1234944 2020-10-16] () [File not signed]
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235936 2017-08-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [598200 2018-06-07] (Razer USA Ltd. -> Razer Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2095672 2020-11-23] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [75776 2016-07-18] () [File not signed]
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [114824 2020-11-23] (Adobe Inc. -> )
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4110568 2021-07-21] (Valve -> Valve Corporation)
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [33310688 2021-09-03] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\Run: [uTorrent] => C:\Users\Ceek\AppData\Roaming\uTorrent\uTorrent.exe [2133544 2021-07-06] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35093120 2021-09-11] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net.exe [1109152 2019-11-06] (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [114824 2020-11-23] (Adobe Inc. -> )
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\Run: [Discord] => C:\Users\Ceek\AppData\Local\Discord\Update.exe [1512096 2021-05-24] (Discord Inc. -> GitHub)
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3145912 2021-10-19] (Electronic Arts, Inc. -> Electronic Arts)
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\Run: [Spotify] => C:\Users\Ceek\AppData\Roaming\Spotify\Spotify.exe [23592304 2020-12-15] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\Run: [electron.app.Cudo Miner] => C:\Program Files\Cudo Miner\desktop\Cudo Miner Desktop.exe --autolaunch (No File)
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\Run: [utweb] => C:\Users\Ceek\AppData\Roaming\uTorrent Web\utweb.exe [5898272 2021-07-27] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\Run: [ut] => C:\Users\Ceek\AppData\Roaming\uTorrent\uTorrent.exe [2133544 2021-07-06] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\MountPoints2: {4a7e26cf-2fb2-11eb-bbe9-18d6c7af94b3} - "D:\AutoRun.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\96.0.4664.45\Installer\chrmstp.exe [2021-11-23] (Google LLC -> Google LLC)
Startup: C:\Users\Ceek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE XTREME GAMING ENGINE.lnk [2020-08-04]
ShortcutTarget: GIGABYTE XTREME GAMING ENGINE.lnk -> C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\autorun.exe () [File not signed]
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {14A0E53E-EFE2-4F7C-B893-748E55A89EB3} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {19C221A5-CE40-4084-99F8-CE229519A66B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1A663F0D-78DD-4917-A672-0C30A1920D9A} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1F55D74B-22F0-4377-927D-F633FE078304} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-18] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {2E304554-B225-4AEA-A261-670DD6F2B456} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {3A264418-5E98-41CB-AA88-6AEBDE706FFA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [29155968 2021-09-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {5795CA13-9CFC-4A15-8A8B-E677F64DF529} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5D6C912C-1B27-46A4-B382-4DC9A43F1763} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646456 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5DA0FA4D-6AE1-44D9-9746-78FEC90C9816} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2021-09-08] (Adobe Inc. -> Adobe)
Task: {64752EE8-2204-42E6-B27D-34BF20A05DAD} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6CD63078-5EAE-4B5E-AA84-612CD80661D6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {76337188-B237-4C2A-85B8-CB80540E9707} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-04] (Google Inc -> Google Inc.)
Task: {76604EBC-4544-4094-879C-8BACD0A98FAF} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {76EA25F6-561A-432A-8A15-05CB4E765833} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {81580934-5A4A-40A9-8093-60039F159F00} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8A924C62-0545-4465-A4F6-5DCAC77B2E0B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-04] (Google Inc -> Google Inc.)
Task: {911BF3AB-7BBC-4D6C-B668-AA8FB3FB7C5B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A30E2B89-3F6F-4520-B9F8-E708979B3AD2} - System32\Tasks\CCleanerSkipUAC - Ceek => C:\Program Files\CCleaner\CCleaner.exe [29155968 2021-09-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {ADDDAE82-EA86-4337-9EBD-A8E83D5DD256} - System32\Tasks\GoogleUpdateTaskMachineCore1d57c5651d8c276 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-04] (Google Inc -> Google Inc.)
Task: {BE592D9D-34F8-46B1-9137-6CB39FF8E482} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D2E7EAF7-FC48-4829-A90B-3D8CE8290F6D} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3301176 2020-10-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D6E06C5F-9925-4B02-9E0D-922F9618B819} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-09-11] (Piriform Software Ltd -> Piriform)
Task: {D938158D-C56C-42E7-A77F-9B4543A46C34} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DEA08A0D-D248-40D3-A9F7-24A20707ACED} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-18] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {E0D3C361-EEA5-49ED-815D-BD21332F517D} - System32\Tasks\GoogleUpdateTaskMachineUA1d57c5651f54967 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-04] (Google Inc -> Google Inc.)
Task: {E9A96842-39DE-47E2-97D5-CE56838A6EEB} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_pepper.exe [1499704 2021-09-08] (Adobe Inc. -> Adobe)
Task: {FC2EA757-F0A0-4EA5-A60C-4C4FF05D23AB} - System32\Tasks\Launcher GIGABYTE XTREME GAMING ENGINE => C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\Xtreme.exe [78020552 2019-03-01] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGABYTE Technology Co.,Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-30] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.1.1.1
Tcpip\..\Interfaces\{2adf8360-9237-4231-bc07-432d815ea201}: [DhcpNameServer] 10.1.1.1
Tcpip\..\Interfaces\{a07ed892-52be-4f33-81c5-5a293e59b779}: [DhcpNameServer] 10.1.1.1

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\Ceek\AppData\Local\Microsoft\Edge\User Data\Default [2021-09-29]

FireFox:
========
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2020-11-23] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2019-11-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2019-11-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2020-11-23] (Adobe Inc. -> Adobe Systems)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Default [2021-11-23]
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Extension: (Slides) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-10-04]
CHR Extension: (Just Black) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aghfnjkcakhmadgdomlmlhhaocbkloab [2021-03-26]
CHR Extension: (Docs) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-10-04]
CHR Extension: (Google Drive) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-26]
CHR Extension: (Touch VPN - Secure and unlimited VPN proxy) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bihmplhobchoageeokmgbdihknkjbknd [2020-10-24]
CHR Extension: (YouTube) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-10-04]
CHR Extension: (Honey) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2021-11-23]
CHR Extension: (Sheets) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-10-04]
CHR Extension: (Google Docs Offline) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-25]
CHR Extension: (Grammarly for Chrome) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-11-23]
CHR Extension: (MetaMask) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2021-11-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30]
CHR Extension: (Gmail) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Profile: C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-11-23]
CHR Profile: C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-10-11]
CHR Extension: (Slides) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-09-03]
CHR Extension: (Docs) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2021-09-03]
CHR Extension: (Google Drive) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-09-03]
CHR Extension: (YouTube) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-09-03]
CHR Extension: (Sheets) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-09-03]
CHR Extension: (Google Docs Offline) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-09-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-09-03]
CHR Extension: (Gmail) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-09-03]
CHR Profile: C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\System Profile [2021-11-23]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2021-09-08] (Adobe Inc. -> Adobe)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [852024 2020-11-23] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3833088 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3603200 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8577760 2019-07-20] (BattlEye Innovations e.K. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803456 2019-08-10] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2016-07-18] (Freemake) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7848632 2021-11-09] (Malwarebytes Inc -> Malwarebytes)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2557656 2021-10-19] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3476184 2021-10-19] (Electronic Arts, Inc. -> Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2020-07-01] (Even Balance, Inc. -> )
R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [449664 2018-08-29] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [942720 2018-09-12] (Razer USA Ltd. -> Razer Inc.)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [2074928 2021-09-05] (Rockstar Games, Inc. -> Rockstar Games)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5414976 2021-10-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe [2872024 2021-11-03] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe [128376 2021-11-03] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d67c20d727d4578c\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d67c20d727d4578c\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 ElgatoGC656Y; C:\WINDOWS\System32\Drivers\ElgatoGC656.sys [43392 2019-11-08] (Elgato Systems LLC -> UB658)
S3 ElgatoVAD; C:\WINDOWS\System32\drivers\ElgatoVAD.sys [39208 2020-09-14] (Elgato Systems LLC -> Elgato Systems GmbH)
S3 GVCIDrv; C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\GVCIDrv64.sys [16712 2019-01-15] (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
S3 hwdatacard; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [115328 2008-09-26] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210344 2021-09-28] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-09-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-11-09] (Malwarebytes Inc -> Malwarebytes)
R3 MpKsl17d253a0; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{45822AC0-A737-4DC8-9B61-EB5FE3C0FC81}\MpKslDrv.sys [130296 2021-11-23] (Microsoft Windows -> Microsoft Corporation)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2019-01-10] (TunnelBear, Inc. -> The OpenVPN Project)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 tesrsdt; C:\Windows\system32\drivers\tesrsdt.sys [442128 2019-10-07] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)
S3 TesSafe; C:\Windows\system32\TesSafe.sys [555064 2019-10-07] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48520 2021-11-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [435424 2021-11-03] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86240 2021-11-03] (Microsoft Windows -> Microsoft Corporation)
S3 dg_ssudbus; \SystemRoot\system32\DRIVERS\ssudbus.sys [X]
S3 ssudmdm; \SystemRoot\system32\DRIVERS\ssudmdm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-11-23 20:30 - 2021-11-23 20:34 - 000027581 _____ C:\Users\Ceek\Downloads\FRST.txt
2021-11-23 20:24 - 2021-11-23 20:33 - 000000000 ____D C:\FRST
2021-11-23 20:20 - 2021-11-23 20:23 - 002311680 _____ (Farbar) C:\Users\Ceek\Downloads\FRST64.exe
2021-11-19 17:50 - 2021-11-19 17:50 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2021-11-19 17:49 - 2021-11-19 17:49 - 000000000 ___HD C:\$WinREAgent
2021-11-19 17:45 - 2021-11-19 17:45 - 000001146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2021-11-19 17:44 - 2021-11-19 17:44 - 000000000 ____D C:\Program Files\PCHealthCheck
2021-11-09 17:45 - 2021-11-09 17:45 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-11-05 00:03 - 2021-11-05 00:07 - 001877226 ____H C:\Users\Ceek\Downloads\.cdf09bffc475789aa557eff19a090735412be99d.parts
2021-11-04 23:56 - 2021-11-04 23:56 - 000000000 ____D C:\Users\Ceek\Downloads\Shutter Island (2010) [1080p]
2021-10-29 01:32 - 2021-10-29 01:32 - 000003112 _____ C:\Users\Ceek\Downloads\sendsreceives (1).csv
2021-10-24 21:41 - 2021-10-24 21:45 - 002277448 ____H C:\Users\Ceek\Downloads\.c62db96f2940fffc47a76c82c88857a68e27a235.parts
2021-10-24 21:41 - 2021-10-24 21:41 - 000000000 ____D C:\Users\Ceek\Downloads\Se7en ( 1995 )

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-11-23 20:31 - 2018-10-04 00:48 - 000000000 ____D C:\Program Files (x86)\Google
2021-11-23 20:11 - 2020-08-04 17:17 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-11-23 20:11 - 2019-12-07 19:44 - 000000000 ___HD C:\Program Files\WindowsApps
2021-11-23 20:11 - 2019-12-07 19:44 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-11-23 20:05 - 2018-10-04 00:58 - 000000000 ____D C:\ProgramData\Packages
2021-11-23 20:00 - 2018-10-04 00:49 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-11-23 19:57 - 2018-10-04 00:54 - 000000000 ____D C:\ProgramData\NVIDIA
2021-11-23 19:55 - 2019-12-07 19:33 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-11-23 19:55 - 2019-11-13 00:35 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-11-23 19:53 - 2019-12-07 19:44 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-11-23 19:44 - 2020-08-07 00:04 - 000000000 ____D C:\Users\Ceek
2021-11-23 19:43 - 2019-02-06 00:09 - 000000000 ____D C:\Program Files\CCleaner
2021-11-23 19:43 - 2018-10-11 08:57 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-11-23 19:36 - 2018-10-11 08:57 - 141529560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-11-23 19:36 - 2018-10-10 19:51 - 000000447 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2021-11-23 19:34 - 2020-08-07 00:24 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-11-23 19:34 - 2020-08-07 00:00 - 000001134 _____ C:\WINDOWS\system32\config\VSMIDK
2021-11-23 19:34 - 2020-08-07 00:00 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-11-19 17:49 - 2020-08-07 00:24 - 000004164 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{ED5B5B48-7E3F-4564-83B0-C116BE17DE2A}
2021-11-19 17:49 - 2020-08-07 00:24 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-11-19 17:49 - 2020-08-07 00:24 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-11-09 22:57 - 2019-12-07 19:33 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-11-08 17:37 - 2021-07-30 17:44 - 000002376 _____ C:\Users\Ceek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-11-08 17:37 - 2020-08-07 00:24 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-645998501-1037966316-1842171046-1001
2021-11-06 21:48 - 2018-10-04 17:10 - 000000000 ____D C:\Users\Ceek\AppData\Local\Packages
2021-11-05 02:50 - 2018-10-07 21:45 - 000000000 ____D C:\Users\Ceek\AppData\Roaming\uTorrent Web
2021-11-05 02:40 - 2021-09-27 01:53 - 000000000 ____D C:\Users\Ceek\AppData\Roaming\vlc
2021-11-05 02:01 - 2019-10-12 21:55 - 000000000 ____D C:\Users\Ceek\AppData\Local\BitTorrentHelper
2021-11-05 00:17 - 2019-12-07 19:43 - 000000000 ____D C:\WINDOWS\INF
2021-11-05 00:16 - 2020-08-16 19:43 - 002220464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2021-11-05 00:16 - 2020-08-16 19:43 - 000324016 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2021-11-05 00:16 - 2020-08-16 19:43 - 000217520 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy.dll
2021-11-05 00:16 - 2020-08-16 19:43 - 000197048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2021-11-05 00:16 - 2020-08-16 19:43 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2021-11-05 00:16 - 2020-08-16 19:43 - 000061872 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamemodcontrol.exe
2021-11-03 22:12 - 2018-10-04 16:55 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-10-31 13:21 - 2020-07-01 11:42 - 000000000 ____D C:\Program Files (x86)\Origin
2021-10-25 00:50 - 2021-10-14 01:36 - 004268032 ____H C:\Users\Ceek\Downloads\.d2699d31ac68736d20999fdf678a06295709a695.parts

==================== Files in the root of some directories ========

2020-02-01 20:06 - 2021-09-10 00:32 - 000001456 _____ () C:\Users\Ceek\AppData\Local\Adobe Save for Web 13.0 Prefs
2019-11-14 18:54 - 2019-11-14 18:54 - 000000000 _____ () C:\Users\Ceek\AppData\Local\oobelibMkey.log
2019-08-10 01:11 - 2021-10-11 22:38 - 000007603 _____ () C:\Users\Ceek\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2021
Ran by Ceek (23-11-2021 20:36:54)
Running from C:\Users\Ceek\Downloads
Microsoft Windows 10 Pro Version 21H1 19043.1288 (X64) (2020-08-06 13:56:54)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-645998501-1037966316-1842171046-500 - Administrator - Disabled)
Ceek (S-1-5-21-645998501-1037966316-1842171046-1001 - Administrator - Enabled) => C:\Users\Ceek
DefaultAccount (S-1-5-21-645998501-1037966316-1842171046-503 - Limited - Disabled)
Guest (S-1-5-21-645998501-1037966316-1842171046-501 - Limited - Disabled)
Guest123 (S-1-5-21-645998501-1037966316-1842171046-1002 - Limited - Enabled) => C:\Users\Guest123
WDAGUtilityAccount (S-1-5-21-645998501-1037966316-1842171046-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\uTorrent) (Version: 3.5.5.46038 - BitTorrent Inc.)
Adobe After Effects 2019 (HKLM-x32\...\AEFT_16_1) (Version: 16.1 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.3.1.470 - Adobe Inc.)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.465 - Adobe)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version:  - Adobe)
Adobe Media Encoder 2020 (HKLM-x32\...\AME_14_3_1) (Version: 14.3.1 - Adobe Inc.)
Adobe Photoshop 2020 (HKLM-x32\...\PHSP_21_0_1) (Version: 21.0.1 - Adobe Inc.)
Adobe Premiere Pro 2020 (HKLM-x32\...\PPRO_14_3_1) (Version: 14.3.1 - Adobe Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{CCA8C50D-785B-4896-8675-FFE0C4ECCBC3}) (Version: 8.7 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{75BEF7E8-4370-4D42-94F3-B5AA77057965}) (Version: 8.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
BCC 8 OFX 64Bit (HKLM\...\{24D38864-527F-4688-B831-A1A4CC60CD54}) (Version: 8.0.1 - Boris FX, Inc.)
Bitcoin Core (64-bit) (HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\Bitcoin Core (64-bit)) (Version: 0.20.1 - Bitcoin Core project)
BlueStacks (HyperV) Beta (HKLM\...\BlueStacks_bgp64_hyperv) (Version: 4.240.15.4204 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Boris FX Sapphire Plug-ins 2019.52 for After Effects and Compatible Products (HKLM\...\GenArts Sapphire AE_is1) (Version: 12.520 - Boris FX, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.85 - Piriform)
Daedalus Mainnet (HKLM-x32\...\Daedalus Mainnet) (Version: 4.1.0 - IOHK)
Discord (HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\Discord) (Version: 0.0.310 - Discord Inc.)
Elgato Game Capture HD (HKLM\...\{C562FDFF-7048-45A9-A3D0-37949D7B2730}) (Version: 3.70.47.3047 - Elgato Systems GmbH)
Epic Games Launcher (HKLM-x32\...\{0E63B233-DC24-442C-BD38-0B91D90FEC5B}) (Version: 1.1.167.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.1 - Seiko Epson Corporation)
FiveM (HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\CitizenFX_FiveM) (Version:  - Cfx.re)
FL Studio 20 (HKLM-x32\...\FL Studio 20) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
Freemake Video Converter version 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
Game Capture HD60 v2.1.1.5 (HKLM-x32\...\Software_Elgato_Game Capture HD60) (Version: 2.1.1.5 - Elgato Systems)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 96.0.4664.45 - Google LLC)
Immutable 0.13.7 (HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\{6ae4b193-3f11-53fc-9cc5-14b1f1a73184}) (Version: 0.13.7 - Immutable)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 4.4.10.144 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.10.144 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 96.0.1054.29 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 96.0.1054.29 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\OneDriveSetup.exe) (Version: 21.205.1003.0005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-645998501-1037966316-1842171046-1002\...\OneDriveSetup.exe) (Version: 21.030.0211.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{D0972543-9D51-4A1A-A765-E5A7B1CB09E5}) (Version: 1.0.0.0 - Mojang)
MSI Afterburner 4.6.2 (HKLM-x32\...\Afterburner) (Version: 4.6.2 - MSI Co., LTD)
NiceHash Miner 3.0.6.5 (only current user) (HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\8abad8e2-b957-48ed-92ba-4339c2a40e78) (Version: 3.0.6.5 - H-BIT, d.o.o.)
NVIDIA FrameView SDK 1.1.4923.29214634 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29214634 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.20.5.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.5.70 - NVIDIA Corporation)
NVIDIA Graphics Driver 461.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 461.40 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Optus Wireless Broadband (HKLM-x32\...\Optus Wireless Broadband) (Version: 11.300.05.02.74 - Huawei Technologies Co.,Ltd)
Origin (HKLM-x32\...\Origin) (Version: 10.5.106.49298 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Project64 version 2.3.2.202 (HKLM-x32\...\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1) (Version: 2.3.2.202 - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Razer Chroma SDK (HKLM-x32\...\Razer Chroma SDK) (Version: 2.20.0 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.21.20.606 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8228 - Realtek Semiconductor Corp.)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.46.448 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.9.0 - Rockstar Games)
Spotify (HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\Spotify) (Version: 1.1.48.625.g1c87c7f7 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
uTorrent Web (HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\utweb) (Version: 1.2.3 - BitTorrent, Inc.)
VEGAS Pro 15.0 (HKLM\...\{BE730580-7AF7-11E8-84B6-00155D6306C5}) (Version: 15.0.384 - VEGAS)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22899 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
XTREME GAMING ENGINE (HKLM-x32\...\GIGABYTE XTREME GAMING ENGINE_is1) (Version: 1.2.6.0 - GIGABYTE Technology Co.,Inc.)

Packages:
=========
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc [2020-07-23] (Adobe Systems Incorporated)
Cover - Comic reader -> C:\Program Files\WindowsApps\FrenchFry.Cover_3.8.3.0_x64__a3mvwcjazefp4 [2021-11-06] (French Fry)
Forza Horizon 4 -> C:\Program Files\WindowsApps\Microsoft.SunriseBaseGame_1.474.687.2_x64__8wekyb3d8bbwe [2021-09-04] (Microsoft Studios)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa [2021-10-31] (Apple Inc.) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-05-30] (NVIDIA Corp.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-645998501-1037966316-1842171046-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-645998501-1037966316-1842171046-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-7822C329CE51} -> [Creative Cloud Files] => C:\Users\Ceek\Creative Cloud Files [2019-11-13 02:02]
CustomCLSID: HKU\S-1-5-21-645998501-1037966316-1842171046-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-11-23] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-11-23] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-11-23] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-11-23] (Adobe Inc. -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-09-28] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d67c20d727d4578c\nvshext.dll [2021-01-23] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-11-23] (Adobe Inc. -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-09-28] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-07-30 17:28 - 2021-03-20 22:33 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2021-10-31 13:21 - 2021-03-20 22:34 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2021-10-31 13:21 - 2021-03-20 22:33 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2021-10-31 13:21 - 2021-03-20 22:34 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2021-10-31 13:21 - 2021-03-20 22:34 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2021-10-31 13:21 - 2021-03-20 22:34 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2021-10-31 13:21 - 2021-03-20 22:34 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2021-10-31 13:21 - 2021-03-20 22:34 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2021-10-31 13:21 - 2021-03-20 22:34 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:jhqduwvxlctbqqijsf`usjbm`bfjhiqhnhm [0]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [464]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKU\S-1-5-21-645998501-1037966316-1842171046-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-645998501-1037966316-1842171046-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2019-11-19] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2019-11-19] (Oracle America, Inc. -> Oracle Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-09-15 18:01 - 2019-11-13 00:55 - 000000826 _____ C:\WINDOWS\system32\drivers\etc\hosts

2018-10-10 19:51 - 2021-11-23 19:36 - 000000447 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
172.26.224.1 DESKTOP-EKO6TT0.mshome.net # 2026 11 0 22 9 6 29 799

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ceek\Desktop\goggogog.jpg
HKU\S-1-5-21-645998501-1037966316-1842171046-1002\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 10.1.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run: => "Elgato Sound Capture"
HKLM\...\StartupApproved\Run32: => "amd_dc_opt"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "ProductUpdater"
HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess"
HKLM\...\StartupApproved\Run32: => "system_jconsole.jar"
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\StartupApproved\StartupFolder: => "GIGABYTE XTREME GAMING ENGINE.lnk"
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\StartupApproved\Run: => "utweb"
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\StartupApproved\Run: => "Synapse3"
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\StartupApproved\Run: => "Plex Media Server"
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\StartupApproved\Run: => "Battle.net"
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\StartupApproved\Run: => "CCXProcess"
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\StartupApproved\Run: => "electron.app.Cudo Miner"
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\StartupApproved\Run: => "ut"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

31-10-2021 18:07:11 Scheduled Checkpoint
08-11-2021 17:49:20 Removed Elgato Game Capture HD
23-11-2021 19:44:16 Windows Modules Installer

==================== Faulty Device Manager Devices ============

Name: Realtek High Definition Audio
Description: Realtek High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: IntcAzAudAddService
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (11/23/2021 07:45:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service SshdBroker since QueryServiceConfig API failed

System Error:
The resource loader failed to find MUI file.
.

Error: (11/23/2021 07:45:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary vhdparser.

System Error:
Element not found.
.

Error: (11/23/2021 07:45:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary MsQuic.

System Error:
The resource loader failed to find MUI file.
.

Error: (11/23/2021 07:45:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary MQAC.

System Error:
The system cannot find the file specified.
.

Error: (11/09/2021 10:57:10 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (11/09/2021 10:02:06 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimiser couldn't complete re-trim on (E:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (11/09/2021 10:01:59 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimiser couldn't complete re-trim on PortableBaseLayer (C:\ProgramData\Microsoft\Windows\Containers\BaseImages\d901dece-10a7-48be-b824-fcbe8621e5bd\BaseLayer) because: The file move failed. (0x89000016)

Error: (11/09/2021 10:01:59 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimiser couldn't complete slab consolidation on PortableBaseLayer (C:\ProgramData\Microsoft\Windows\Containers\BaseImages\d901dece-10a7-48be-b824-fcbe8621e5bd\BaseLayer) because: The slab consolidation operation was aborted because a sufficient number of slabs could not be reclaimed (based on the limits specified in the registry). (0x89000028)


System errors:
=============
Error: (11/23/2021 08:27:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Volume Shadow Copy service terminated unexpectedly. It has done this 1 time(s).

Error: (11/23/2021 07:55:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240016: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.353.1449.0).

Error: (11/23/2021 07:50:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Group Policy Client service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/23/2021 07:50:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Group Policy Client service to connect.

Error: (11/23/2021 07:34:37 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:37:46 PM on ‎11/‎19/‎2021 was unexpected.

Error: (11/19/2021 05:44:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Software Protection service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/19/2021 05:44:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.

Error: (11/19/2021 05:42:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Security Center service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Windows Defender:
================
Date: 2021-11-23 20:34:40
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...72&enterprise=0
Name: Trojan:Win32/CoinMiner!MSR
Severity: Severe
Category: Trojan
Path: file:_C:\Windows\System32\7B296FC0-376B-497d-B013-58F4D9633A22-5P-1.B5841A4C-A289-439d-8115-50AB69CD450B
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\Ceek\Downloads\FRST64.exe
Security intelligence Version: AV: 1.353.1449.0, AS: 1.353.1449.0, NIS: 1.353.1449.0
Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4

Date: 2021-11-06 20:40:46
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-11-06 20:11:54
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-11-05 16:28:34
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-11-03 23:51:35
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:

Date: 2021-11-23 19:56:48
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.353.1449.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18700.4
Error code: 0x8050a003
Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.

Date: 2021-11-23 19:56:48
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.353.1449.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18700.4
Error code: 0x8050a003
Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.

Date: 2021-11-23 19:56:48
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.353.1449.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18700.4
Error code: 0x8050a003
Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.

Date: 2021-11-19 17:52:14
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.353.1239.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18700.4
Error code: 0x8050a003
Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.

Date: 2021-11-19 17:52:14
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.353.1239.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18700.4
Error code: 0x8050a003
Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.

CodeIntegrity:
===============
Date: 2021-11-23 20:40:11
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-11-23 20:39:00
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2021-11-23 20:36:21
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. F2 12/24/2015
Motherboard: Gigabyte Technology Co., Ltd. F2A88XM-D3HP
Processor: AMD A8-6500 APU with Radeon™ HD Graphics
Percentage of memory in use: 54%
Total physical RAM: 8134.91 MB
Available physical RAM: 3716.7 MB
Total Virtual: 11590.91 MB
Available Virtual: 4594.19 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1861.94 GB) (Free:762.02 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.54 GB) (Free:0.52 GB) NTFS
Drive e: () (Fixed) (Total:232.35 GB) (Free:184.22 GB) NTFS
Drive g: (The Lesson - Ceekah) (Fixed) (Total:931.48 GB) (Free:810.5 GB) NTFS

\\?\Volume{5c12f414-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{629458e4-0000-0000-0000-010000000000}\ (PortableBaseLayer) (Fixed) (Total:8 GB) (Free:7.52 GB) NTFS
\\?\Volume{5c12f414-0000-0000-0000-8082d1010000}\ () (Fixed) (Total:0.54 GB) (Free:0.1 GB) NTFS
\\?\Volume{5c12f414-0000-0000-0000-d0a4d1010000}\ () (Fixed) (Total:0.44 GB) (Free:0.12 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 5C12F414)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1861.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=548 MB) - (Type=27)
Partition 4: (Not Active) - (Size=450 MB) - (Type=27)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 15EBF797)
Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.3 GB) - (Type=07 NTFS)

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 8 GB) (Disk ID: 629458E4)
Partition 1: (Not Active) - (Size=8 GB) - (Type=07 NTFS)

==========================================================
Disk: 3 (Size: 931.5 GB) (Disk ID: 16F2A91F)

Partition: GPT.

==================== End of Addition.txt =======================

Attached Files


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,052 posts
  • MVP

Not sure what you are talking about as none of the terms you mention appear in your FRST logs.  I have built you a fixlist to remove some deadwood and a few suspicious entries.  It will also test your system files and fix any that are corrupt.  Normally takes about 25 minutes to complete so be patient.  Windows Defender seems to think FRST is a coin miner so you should pause it while you run FRST.

 

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   3.84KB   17 downloads

Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again but this time make sure Addition.txt is checked and hit Scan.  Post both logs.

 

Just to make sure there is nothing hiding run MBAR:

 

https://www.malwareb...com/antirootkit

 

Click on Download then Save the file.  Go to your Download folder and right click on the file and Run As Admin.  Does it find anything?

 

What problems are you having that make you think you might be infected?

 



 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP