Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-12-2021 Ran by seezo (administrator) on DESKTOP-F0CH9P5 (AFTERSHOCK NP50DE_DB) (09-01-2022 20:41:57) Running from C:\Users\seezo\Desktop Loaded Profiles: seezo & SQLTELEMETRY & MSSQLSERVER Platform: Microsoft Windows 10 Education Version 20H2 19042.1415 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (CLEVO CO.) C:\Program Files\WindowsApps\CLEVOCO.FnhotkeysandOSD_3.59.0.0_x64__6h6z29zh29qx0\FnKey\FnKey.exe (Discord Inc. -> Discord Inc.) C:\Users\seezo\AppData\Local\Discord\app-1.0.9003\Discord.exe <6> (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome Remote Desktop\96.0.4664.39\remoting_host.exe <2> (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <22> (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_de0cf7bbf26b8ed4\aesm_service.exe (Intel Corporation -> Intel(R) Corporation) C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\SocketHeciServer.exe (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_badc5acaa5648e9d\LMS.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_71cc42bf8b620f67\igfxCUIService.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_71cc42bf8b620f67\igfxEM.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_4789e47f6228caeb\OneApp.IGCC.WinService.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_23a1c1315f01c788\IntelCpHDCPSvc.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_23a1c1315f01c788\IntelCpHeciSvc.exe (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_48973fc6c96c696a\RstMwService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlceip.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlservr.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <4> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Windows Hardware Compatibility Publisher -> ) C:\Windows\System32\DriverStore\FileRepository\acpi0002.inf_amd64_83c52e0a64bfd016\DCHUService.exe (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd) C:\Windows\SysWOW64\Creative.UWPRPCService.exe (Microsoft Windows Hardware Compatibility Publisher -> Insyde Software Corp.) C:\Program Files (x86)\ControlCenter\Driver\x64\HKClipSvc.exe (NortonLifeLock Inc. -> Broadcom) C:\Program Files\Norton Security\Engine\22.21.11.46\NortonSecurity.exe <2> (NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton Security\Engine\22.21.11.46\nsWscSvc.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvcvegpu.inf_amd64_c72d1ed6bd27e8cf\Display.NvContainer\NVDisplay.Container.exe <2> (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2> (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe (Telegram FZ-LLC -> Telegram FZ-LLC) C:\Users\seezo\AppData\Roaming\Telegram Desktop\Telegram.exe (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7> (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe (Windscribe Limited -> Windscribe Limited) C:\Program Files (x86)\Windscribe\WindscribeService.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [953120 2020-03-06] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-17] (Oracle America, Inc. -> Oracle Corporation) HKU\S-1-5-21-1333255723-3266158280-2740484146-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4267432 2021-12-17] (Valve Corp. -> Valve Corporation) HKU\S-1-5-21-1333255723-3266158280-2740484146-1001\...\Run: [Discord] => C:\Users\seezo\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub) HKU\S-1-5-21-1333255723-3266158280-2740484146-1001\...\Run: [CiscoMeetingDaemon] => C:\Users\seezo\AppData\Local\WebEx\WebexHost.exe [6976328 2021-12-31] (Cisco WebEx LLC -> Cisco Webex LLC) HKU\S-1-5-21-1333255723-3266158280-2740484146-1001\...\Run: [CiscoSpark] => C:\Users\seezo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webex Teams\Webex Teams.lnk [1479 2020-10-07] () [File not signed] HKU\S-1-5-21-1333255723-3266158280-2740484146-1001\...\Run: [AnyTransToolHelper] => C:\Program Files (x86)\iMobie\AnyTrans\AnyTransToolHelper.exe (No File) HKU\S-1-5-21-1333255723-3266158280-2740484146-1001\...\Run: [btweb] => "C:\Users\seezo\AppData\Roaming\BitTorrent Web\btweb.exe" /MINIMIZED (No File) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\96.0.4664.110\Installer\chrmstp.exe [2021-12-15] (Google LLC -> Google LLC) Startup: C:\Users\seezo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2021-12-29] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0DD982BF-FE2B-4BE9-9F26-AD7A29C914F3} - System32\Tasks\Norton 360\Norton 360 Error Analyzer => C:\Program Files\Norton Security\Engine\22.21.11.46\SymErr.exe [108752 2021-12-14] (NortonLifeLock Inc. -> NortonLifeLock Inc) Task: {0F9A8718-8589-4AB3-A33E-407DAC715A2D} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log Task: {1336BE01-0188-4510-A86D-33D267945052} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.21.11.46\WSCStub.exe [646520 2021-12-14] (NortonLifeLock Inc. -> NortonLifeLock Inc.) Task: {1464546A-B31B-413B-9821-8BD3E6DCF1E5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-18] (Google LLC -> Google LLC) Task: {19351FAC-6509-4FEC-AF36-7507D4B47C85} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation) Task: {23C78D20-6858-4B1C-A6F9-6C6FBA3951CE} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation) Task: {25BF7C62-246A-4454-8D89-377640760D4A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-18] (Google LLC -> Google LLC) Task: {3446357A-B314-42B6-8E4C-95A652CE6374} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3339120 2021-06-15] (NVIDIA Corporation -> NVIDIA Corporation) Task: {363A3F1C-1DC8-47F9-86FB-11DF97009956} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2353000 2021-12-14] (NortonLifeLock Inc. -> NortonLifeLock Inc.) Task: {3D514691-9F02-478A-83B1-9A6BAA9E08DE} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-seezongwei@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated -> Adobe Systems Incorporated) Task: {3ED2A6DF-0EC4-41E5-876C-B89239E99E6A} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation) Task: {3FAA16BD-A576-4204-82E9-3DFD390200A2} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1513448 2021-12-25] (Microsoft Corporation -> Microsoft Corporation) Task: {4AADC03B-43CD-4D5B-9EC4-22E109540A59} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5262848 2021-12-25] (Microsoft Corporation -> Microsoft Corporation) Task: {573EACBF-D0CC-4235-94D1-EF2635455ABE} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation) Task: {594FA63D-C416-43DD-8F96-33F5A9469B10} - System32\Tasks\Norton 360\Norton 360 Error Processor => C:\Program Files\Norton Security\Engine\22.21.11.46\SymErr.exe [108752 2021-12-14] (NortonLifeLock Inc. -> NortonLifeLock Inc) Task: {74FBC8E9-235A-4C14-ACFB-62D820C2D3D9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23081848 2021-12-13] (Microsoft Corporation -> Microsoft Corporation) Task: {85609634-17A3-4A17-B529-2E9FD59D14FB} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [754472 2021-04-05] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.) Task: {9237EF1C-3D91-4EE4-9140-C29F68168853} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation) Task: {978FD627-5C90-4CBA-90F6-63B01192FB9B} - System32\Tasks\Norton 360\Norton 360 Autofix => C:\Program Files\Norton Security\Engine\22.21.11.46\SymErr.exe [108752 2021-12-14] (NortonLifeLock Inc. -> NortonLifeLock Inc) Task: {A4FF4561-894D-44E7-940F-5B2F8A7EA9AC} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23081848 2021-12-13] (Microsoft Corporation -> Microsoft Corporation) Task: {ABEFA665-336B-4BD0-9A04-6A60240AAFD0} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation) Task: {B463BCA4-D4F4-41AC-800B-FBE2433BB773} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5262848 2021-12-25] (Microsoft Corporation -> Microsoft Corporation) Task: {C6E90091-CD8C-42B1-AFFC-84D45AF8B1A4} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [645488 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation) Task: {CFC53477-64E5-4E03-BB88-C019C64B9E3B} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log Task: {DABC0B83-F36C-4B3A-B371-98ED4F40639F} - System32\Tasks\unityhub => C:\Users\seezo\AppData\Roaming\Microsoft\unityhub.exe [1383718400 2021-11-17] (Unity Hub) [File not signed] <==== ATTENTION Task: {F82E30B5-D357-4FFC-B2F0-192538AF7A47} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [143280 2021-12-25] (Microsoft Corporation -> Microsoft Corporation) Task: {FB4DDEAB-6F56-44FD-AE63-8BC4C655FC6F} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [143280 2021-12-25] (Microsoft Corporation -> Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{061799e3-cd1c-4ef1-a7aa-acd05e0d6c5d}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{69eacfdd-e03c-4005-a1c8-47cfd07a213c}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{69eacfdd-e03c-4005-a1c8-47cfd07a213c}: [DhcpNameServer] 192.168.1.254 Edge: ======= Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found] Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found] Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found] Edge Profile: C:\Users\seezo\AppData\Local\Microsoft\Edge\User Data\Default [2022-01-07] Edge Extension: (Malwarebytes Browser Guard) - C:\Users\seezo\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-12-24] Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee] FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-11-23] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-11-23] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-07-19] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-19] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.14 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-19] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-19] (VideoLAN -> VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems Incorporated -> Adobe Systems) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-07-19] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-07-19] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems Incorporated -> Adobe Systems) FF Plugin ProgramFiles/Appdata: C:\Users\seezo\AppData\Roaming\mozilla\plugins\npatgpc.dll [2020-10-02] Chrome: ======= CHR Profile: C:\Users\seezo\AppData\Local\Google\Chrome\User Data\Default [2022-01-09] CHR Notifications: Default -> hxxps://web.telegram.org CHR DefaultSearchURL: Default -> hxxps://ssl.gstatic.com/chromoting/chromoting_logo_512.png CHR Extension: (Slides) - C:\Users\seezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-09-18] CHR Extension: (Docs) - C:\Users\seezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-09-18] CHR Extension: (Google Drive) - C:\Users\seezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-21] CHR Extension: (YouTube) - C:\Users\seezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-09-18] CHR Extension: (Honey) - C:\Users\seezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2021-12-17] CHR Extension: (Chrome Remote Desktop) - C:\Users\seezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\efmjfjelnicpmdcmfikempdhlmainjcb [2020-11-30] CHR Extension: (Sheets) - C:\Users\seezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-09-18] CHR Extension: (Google Docs Offline) - C:\Users\seezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-12-02] CHR Extension: (AdBlock — best ad blocker) - C:\Users\seezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2022-01-04] CHR Extension: (Chrome Remote Desktop) - C:\Users\seezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2020-11-26] CHR Extension: (Cisco Webex Extension) - C:\Users\seezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2021-11-29] CHR Extension: (Google Classroom) - C:\Users\seezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhehppjhmmnlfbbopchdfldgimhfhfk [2021-09-27] CHR Extension: (Chrome Web Store Payments) - C:\Users\seezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29] CHR Extension: (Gmail) - C:\Users\seezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23] CHR Profile: C:\Users\seezo\AppData\Local\Google\Chrome\User Data\System Profile [2020-09-18] CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] CHR HKLM-x32\...\Chrome\Extension: [mfhcmdonhekjhfbjmeacdjbhlfgpjabp] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AsusROGLSLService; C:\Program Files (x86)\ASUS\AsusROGLSLService\AsusROGLSLService.exe [590360 2020-11-01] (ASUSTeK Computer Inc. -> ) R2 AzureAttestService; C:\Program Files\Microsoft\AzureAttestService\AzureAttestService.dll [151288 2019-07-24] (Microsoft Windows -> Microsoft Corporation) R2 CCDCHUService; C:\WINDOWS\System32\DriverStore\FileRepository\acpi0002.inf_amd64_83c52e0a64bfd016\DCHUService.exe [188520 2020-02-06] (Microsoft Windows Hardware Compatibility Publisher -> ) R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\96.0.4664.39\remoting_host.exe [72536 2021-11-04] (Google LLC -> Google LLC) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8689000 2021-12-13] (Microsoft Corporation -> Microsoft Corporation) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [805488 2021-03-01] (EasyAntiCheat Oy -> EasyAntiCheat Ltd) R2 HKClipSvc; C:\Program Files (x86)\ControlCenter\Driver\x64\HKClipSvc.exe [431696 2019-03-06] (Microsoft Windows Hardware Compatibility Publisher -> Insyde Software Corp.) S3 LxssManagerUser; C:\WINDOWS\system32\lxss\wslclient.dll [305664 2021-12-15] (Microsoft Windows -> Microsoft Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7901368 2022-01-08] (Malwarebytes Inc -> Malwarebytes) R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [626280 2019-09-24] (Microsoft Corporation -> Microsoft Corporation) R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.21.11.46\NortonSecurity.exe [343336 2021-12-14] (NortonLifeLock Inc. -> Broadcom) R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.21.11.46\nsWscSvc.exe [1059176 2021-12-14] (NortonLifeLock Inc. -> NortonLifeLock Inc.) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6138112 2021-12-15] (Microsoft Windows Publisher -> Microsoft Corporation) S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [695912 2019-09-24] (Microsoft Corporation -> Microsoft Corporation) R2 SQLTELEMETRY; C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlceip.exe [290648 2019-09-24] (Microsoft Corporation -> Microsoft Corporation) R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) R2 UWPService; C:\WINDOWS\SysWOW64\Creative.UWPRPCService.exe [357272 2020-01-22] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd) S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [746688 2021-04-28] (Oracle Corporation -> Oracle Corporation) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2008.9-0\NisSrv.exe [2343112 2020-09-20] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2008.9-0\MsMpEng.exe [128360 2020-09-20] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [1300352 2021-12-20] (Windscribe Limited -> Windscribe Limited) R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvcvegpu.inf_amd64_c72d1ed6bd27e8cf\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvcvegpu.inf_amd64_c72d1ed6bd27e8cf\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AcpiBridge; C:\WINDOWS\System32\drivers\AcpiBridge.sys [48928 2019-06-20] (WDKTestCert stone.cheng,131352419880621518 -> Insyde Software Corporation) S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.) S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.) R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.20.5.39\Definitions\BASHDefs\20220106.011\BHDrvx64.sys [2018784 2021-09-15] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) R2 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv_bgp.sys [315976 2020-10-05] (Bluestack Systems, Inc -> Bluestack System Inc.) R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\16150B0.02E\ccSetx64.sys [192256 2021-12-14] (Symantec Corporation -> Symantec Corporation) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159864 2021-06-29] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [509904 2021-11-05] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [145376 2021-11-06] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2022-01-08] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 HKKbdFltr; C:\WINDOWS\system32\DRIVERS\HKKbdFltr.sys [40320 2019-03-06] (WDKTestCert stone.cheng,131963286194994418 -> Insyde Software Corp.) R3 HKMouFltr; C:\WINDOWS\system32\DRIVERS\HKMouFltr.sys [38552 2019-03-06] (WDKTestCert stone.cheng,131963286194994418 -> Insyde Software Corp.) R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.20.5.39\Definitions\IPSDefs\20220107.061\IDSvia64.sys [1480144 2021-09-29] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210352 2022-01-08] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2022-01-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [193448 2022-01-09] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69040 2022-01-09] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2022-01-09] (Malwarebytes Inc -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [149424 2022-01-09] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBfilt; C:\WINDOWS\system32\drivers\MBfilt64.sys [34688 2020-01-22] (WDKTestCert ctl_avpbuild,131450919658074287 -> Creative Technology Ltd.) S3 nsvst_NGC; C:\WINDOWS\System32\drivers\NGCx64\16150B0.02E\nsvst.sys [56080 2021-12-14] (NortonLifeLock Inc. -> NortonLifeLock Inc.) S4 RsFx0600; C:\WINDOWS\System32\DRIVERS\RsFx0600.sys [286976 2019-09-24] (Microsoft Corporation -> Microsoft Corporation) R3 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\16150B0.02E\SRTSP64.SYS [892600 2021-12-14] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\16150B0.02E\SRTSPX64.SYS [48824 2021-12-14] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) R3 sshid; C:\WINDOWS\system32\DRIVERS\sshid.sys [47760 2021-09-01] (SteelSeries ApS -> SteelSeries ApS) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\16150B0.02E\SYMEFASI64.SYS [2030768 2021-12-14] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\16150B0.02E\SymELAM.sys [31984 2021-12-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Broadcom Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [93152 2021-08-03] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) R3 SymEvnt; C:\Program Files\Norton Security\NortonData\22.20.5.39\SymPlatform\SymEvnt.sys [712432 2021-07-14] (Symantec Corporation -> Symantec Corporation) R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\16150B0.02E\Ironx64.SYS [319152 2021-12-14] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\16150B0.02E\symnets.sys [575344 2021-12-14] (Symantec Corporation -> Symantec Corporation) R3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [57768 2021-12-19] (Windscribe Limited -> The OpenVPN Project) R3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [239616 2021-04-28] (Oracle Corporation -> Oracle Corporation) R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [249536 2021-04-28] (Oracle Corporation -> Oracle Corporation) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48520 2020-09-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [428256 2020-09-20] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [69856 2020-09-20] (Microsoft Windows -> Microsoft Corporation) S3 WindscribeSplitTunnel; C:\WINDOWS\system32\DRIVERS\WindscribeSplitTunnel.sys [35752 2021-12-20] (Windscribe Limited -> ) R3 windtun420; C:\WINDOWS\System32\drivers\windtun420.sys [47544 2021-12-19] (Windscribe Limited -> WireGuard LLC) R1 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\16150B0.02E\wpCtrlDrv.sys [1015760 2021-12-14] (NortonLifeLock Inc. -> NortonLifeLock Inc.) S3 xhunter1; C:\WINDOWS\xhunter1.sys [2719256 2021-03-02] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2022-01-09 20:41 - 2022-01-09 20:41 - 000000000 ____D C:\Users\seezo\AppData\LocalLow\IGDump 2022-01-09 17:59 - 2022-01-09 17:59 - 000000000 ____D C:\WINDOWS\system32\Tasks\Remediation 2022-01-09 17:22 - 2022-01-09 17:23 - 000060854 _____ C:\Users\seezo\Desktop\Addition.txt 2022-01-09 17:10 - 2022-01-09 20:42 - 000031859 _____ C:\Users\seezo\Desktop\FRST.txt 2022-01-09 17:09 - 2022-01-09 20:42 - 000000000 ____D C:\FRST 2022-01-09 17:06 - 2022-01-09 17:06 - 002311168 _____ (Farbar) C:\Users\seezo\Desktop\FRST64.exe 2022-01-09 11:58 - 2022-01-09 11:58 - 000193448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2022-01-09 11:58 - 2022-01-09 11:58 - 000149424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2022-01-09 11:58 - 2022-01-09 11:58 - 000069040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2022-01-08 10:11 - 2022-01-09 11:58 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2022-01-08 10:11 - 2022-01-08 10:11 - 000210352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2022-01-08 10:11 - 2022-01-08 10:11 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2022-01-08 10:11 - 2022-01-08 10:11 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2022-01-08 10:11 - 2022-01-08 10:11 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2022-01-08 10:11 - 2022-01-08 10:11 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2022-01-08 10:10 - 2022-01-08 10:10 - 002910904 _____ (Malwarebytes) C:\Users\seezo\Downloads\MBSetup (1).exe 2022-01-07 22:18 - 2022-01-07 22:18 - 000001155 _____ C:\Users\seezo\Desktop\conceptmatrix - shortcut.lnk 2022-01-07 22:17 - 2022-01-07 22:17 - 000003334 _____ C:\WINDOWS\system32\Tasks\unityhub 2022-01-07 14:16 - 2022-01-07 22:13 - 000000000 ____D C:\Users\seezo\AppData\Local\NPE 2022-01-07 14:12 - 2021-11-17 12:37 - 1383718400 ___SH (Unity Hub) C:\WINDOWS\system32\unityhub.exe 2022-01-07 13:57 - 2022-01-07 13:57 - 030177492 _____ (The qBittorrent project) C:\Users\seezo\Downloads\qbittorrent_4.4.0_x64_setup.exe 2022-01-07 13:51 - 2022-01-07 14:01 - 000000000 ____D C:\Users\seezo\AppData\LocalLow\Mozilla 2022-01-07 13:51 - 2022-01-07 13:51 - 000000917 _____ C:\Users\seezo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk 2022-01-07 13:51 - 2022-01-07 13:51 - 000000869 _____ C:\Users\seezo\Desktop\Start Tor Browser.lnk 2022-01-07 13:50 - 2022-01-07 13:51 - 000000000 ____D C:\Users\seezo\Desktop\Tor Browser 2022-01-07 13:50 - 2022-01-07 13:50 - 077167024 _____ C:\Users\seezo\Downloads\torbrowser-install-win64-11.0.3_en-US.exe 2022-01-06 14:25 - 2022-01-06 14:39 - 238427322 _____ C:\Users\seezo\Downloads\EV22m01.mp4 2022-01-05 19:40 - 2022-01-05 19:40 - 000726708 _____ C:\Users\seezo\Downloads\1a.cryptography.pdf 2022-01-02 12:03 - 2022-01-02 12:03 - 000000000 _____ C:\WINDOWS\system32\Drivers\etc\hosts.tmp 2022-01-01 18:54 - 2022-01-01 18:57 - 013660751 _____ C:\Users\seezo\Downloads\CreambeeShort-SplootoonV2.swf 2021-12-30 21:26 - 2021-12-30 21:26 - 000001756 _____ C:\Users\seezo\Desktop\Photoshop.exe - Shortcut.lnk 2021-12-30 21:26 - 2021-12-30 21:26 - 000000000 ____D C:\Users\seezo\AppData\LocalLow\Adobe 2021-12-30 21:16 - 2021-12-30 21:16 - 000003666 _____ C:\WINDOWS\system32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-seezongwei@gmail.com 2021-12-30 21:15 - 2021-12-30 21:15 - 000001092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.lnk 2021-12-30 21:15 - 2021-12-30 21:15 - 000000000 ____D C:\Users\seezo\Documents\Adobe 2021-12-30 21:15 - 2021-12-30 21:15 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2021-12-30 21:13 - 2021-12-30 21:15 - 000000000 ____D C:\Program Files\Common Files\Adobe 2021-12-30 21:13 - 2021-12-30 21:13 - 000001626 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk 2021-12-30 21:13 - 2021-12-30 21:13 - 000001614 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk 2021-12-30 21:13 - 2021-12-30 21:13 - 000000000 ____D C:\Program Files\Adobe 2021-12-30 21:12 - 2022-01-09 12:01 - 000000000 ____D C:\Users\seezo\AppData\Local\Adobe 2021-12-30 21:12 - 2021-12-31 11:46 - 000000000 ____D C:\ProgramData\Adobe 2021-12-29 12:00 - 2021-12-29 12:00 - 001655152 _____ C:\Users\seezo\Downloads\XXX_Anim-Poses_V1.zip 2021-12-27 23:11 - 2021-12-27 23:11 - 000000000 ____D C:\Users\Public\mod.io 2021-12-27 23:10 - 2021-12-27 23:10 - 000000000 ____D C:\Users\seezo\AppData\Local\mod.io 2021-12-27 22:59 - 2021-12-27 22:59 - 000004291 _____ C:\Users\seezo\AppData\Local\recently-used.xbel 2021-12-27 17:58 - 2021-12-27 22:27 - 000000000 ____D C:\Users\seezo\AppData\Local\gtk-2.0 2021-12-27 17:49 - 2021-12-27 23:02 - 000000000 ____D C:\Users\seezo\AppData\Local\babl-0.1 2021-12-27 17:49 - 2021-12-27 17:49 - 000000953 _____ C:\Users\seezo\Desktop\GIMP 2.10.30.lnk 2021-12-27 17:49 - 2021-12-27 17:49 - 000000000 ____D C:\Users\seezo\AppData\Roaming\GIMP 2021-12-27 17:49 - 2021-12-27 17:49 - 000000000 ____D C:\Users\seezo\AppData\Local\GIMP 2021-12-27 17:49 - 2021-12-27 17:49 - 000000000 ____D C:\Users\seezo\AppData\Local\gegl-0.4 2021-12-27 17:43 - 2021-12-27 17:43 - 000000953 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.10.30.lnk 2021-12-27 17:41 - 2021-12-27 17:41 - 000000000 ____D C:\Program Files\GIMP 2 2021-12-27 17:39 - 2021-12-27 17:40 - 257259032 _____ (The GIMP Team ) C:\Users\seezo\Downloads\gimp-2.10.30-setup.exe 2021-12-24 16:53 - 2021-12-24 16:53 - 001062584 _____ C:\Users\seezo\Downloads\CamScanner 12-24-2021 12.19-compressed (1) (1).pdf 2021-12-24 13:10 - 2021-12-24 13:12 - 000543772 _____ C:\Users\seezo\Desktop\Application.pdf 2021-12-24 12:41 - 2021-12-24 12:41 - 000940700 _____ C:\Users\seezo\Downloads\CamScanner 12-24-2021 12.39.pdf 2021-12-24 12:36 - 2021-12-24 12:36 - 001062584 _____ C:\Users\seezo\Downloads\CamScanner 12-24-2021 12.19-compressed (1).pdf 2021-12-24 12:32 - 2021-12-24 12:32 - 000178201 _____ C:\Users\seezo\Downloads\CamScanner 12-24-2021 12.19-compressed.pdf 2021-12-24 12:29 - 2021-12-24 12:29 - 001122320 _____ C:\Users\seezo\Downloads\CamScanner 12-24-2021 12.19.pdf 2021-12-24 12:18 - 2022-01-09 12:03 - 000510340 _____ C:\WINDOWS\system32\prfh0804.dat 2021-12-24 12:18 - 2022-01-09 12:03 - 000171316 _____ C:\WINDOWS\system32\prfc0804.dat 2021-12-24 12:18 - 2021-12-24 12:18 - 000113218 _____ C:\WINDOWS\system32\prfi0804.dat 2021-12-24 12:18 - 2021-12-24 12:18 - 000033402 _____ C:\WINDOWS\system32\prfd0804.dat 2021-12-24 12:18 - 2021-12-24 12:18 - 000000000 ____D C:\WINDOWS\SysWOW64\zh-HANS 2021-12-24 12:18 - 2021-12-24 12:18 - 000000000 ____D C:\WINDOWS\system32\zh-HANS 2021-12-24 12:13 - 2021-12-24 12:13 - 000864355 _____ C:\Users\seezo\Downloads\CamScanner 12-20-2021 11.00.pdf 2021-12-24 12:03 - 2021-12-24 12:10 - 000045579 _____ C:\Users\seezo\Downloads\WhatsApp Image 2021-12-24 at 12.02.12.jpeg 2021-12-24 11:58 - 2021-12-24 11:58 - 000454066 _____ C:\Users\seezo\Downloads\CamScanner 12-24-2021 11.52.pdf 2021-12-24 11:58 - 2021-12-24 11:58 - 000081064 _____ C:\Users\seezo\Downloads\CamScanner 12-24-2021 11.56.pdf 2021-12-24 11:47 - 2021-12-24 11:47 - 000000000 ____D C:\Users\seezo\AppData\LocalLow\MSLiveStickerWhiteList 2021-12-24 11:46 - 2019-10-15 13:50 - 000001696 _____ C:\WINDOWS\system32\NOISE.CHS 2021-12-22 12:08 - 2021-12-22 12:08 - 000000000 ____D C:\Users\seezo\AppData\Local\Norton 2021-12-22 11:58 - 2022-01-09 18:48 - 000000000 ____D C:\WINDOWS\system32\Tasks\Norton 360 2021-12-22 11:53 - 2021-12-22 23:22 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security 2021-12-22 11:53 - 2021-12-22 11:53 - 000003378 _____ C:\WINDOWS\system32\Tasks\Norton WSC Integration 2021-12-21 21:06 - 2021-12-21 21:06 - 000001116 _____ C:\Users\seezo\Desktop\Anamnesis.exe - Shortcut.lnk 2021-12-21 19:57 - 2021-12-21 19:57 - 009995773 _____ C:\Users\seezo\Downloads\2021-12-14.zip 2021-12-20 21:48 - 2021-12-20 21:48 - 000001463 _____ C:\Users\seezo\Desktop\FFXIV_TexTools.exe - Shortcut.lnk 2021-12-20 21:22 - 2021-12-21 11:14 - 000000000 ____D C:\Program Files (x86)\Windscribe 2021-12-20 21:22 - 2021-12-20 21:22 - 020761984 _____ (Windscribe Limited) C:\Users\seezo\Downloads\Windscribe.exe 2021-12-20 21:22 - 2021-12-20 21:22 - 000035752 _____ C:\WINDOWS\system32\Drivers\WindscribeSplitTunnel.sys 2021-12-20 21:22 - 2021-12-20 21:22 - 000001151 _____ C:\Users\Public\Desktop\Windscribe.lnk 2021-12-20 21:22 - 2021-12-20 21:22 - 000000000 ____D C:\Users\seezo\AppData\Local\Windscribe 2021-12-20 21:22 - 2021-12-20 21:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windscribe 2021-12-20 13:32 - 2021-12-27 22:06 - 000000000 ____D C:\Users\seezo\Documents\TexTools 2021-12-20 13:32 - 2021-12-20 13:32 - 000000000 ____D C:\Users\seezo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FFXIV TexTools 2021-12-20 13:31 - 2021-12-20 13:31 - 072109384 _____ C:\Users\seezo\Downloads\Install_TexTools.exe 2021-12-19 14:12 - 2021-12-19 14:12 - 012768875 _____ C:\Users\seezo\Downloads\CreambeeShort-SplootoonV1.8.swf 2021-12-19 12:11 - 2021-12-19 12:11 - 000057768 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tapwindscribe0901.sys 2021-12-19 12:11 - 2021-12-19 12:11 - 000047544 _____ (WireGuard LLC) C:\WINDOWS\system32\Drivers\windtun420.sys 2021-12-16 22:52 - 2021-12-16 22:52 - 000175449 _____ C:\Users\seezo\Downloads\exam314.pdf 2021-12-16 00:10 - 2021-12-16 00:10 - 000000000 ____D C:\WINDOWS\SystemTemp 2021-12-15 11:40 - 2021-12-15 11:40 - 027590526 _____ (The qBittorrent project) C:\Users\seezo\Downloads\qbittorrent_4.3.9_x64_setup.exe 2021-12-15 10:44 - 2021-12-15 10:44 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe 2021-12-15 10:44 - 2021-12-15 10:44 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe 2021-12-15 10:44 - 2021-12-15 10:44 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe 2021-12-15 10:44 - 2021-12-15 10:44 - 000011979 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2021-12-15 10:39 - 2021-12-15 10:39 - 000000000 ___HD C:\$WinREAgent 2021-12-13 22:02 - 2021-12-13 22:02 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1333255723-3266158280-2740484146-1001 2021-12-10 20:02 - 2022-01-09 11:58 - 000008192 ___SH C:\DumpStack.log.tmp ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2022-01-09 20:43 - 2020-09-21 16:08 - 000000000 ____D C:\Users\seezo\AppData\Roaming\discord 2022-01-09 20:41 - 2021-01-16 01:28 - 000000000 ____D C:\Users\seezo 2022-01-09 20:37 - 2020-09-20 22:02 - 000000000 ____D C:\Program Files (x86)\Steam 2022-01-09 20:27 - 2020-09-18 15:17 - 000000000 ____D C:\Program Files (x86)\Google 2022-01-09 20:01 - 2020-05-03 05:56 - 000000000 ____D C:\ProgramData\NVIDIA 2022-01-09 19:58 - 2020-09-21 16:08 - 000000000 ____D C:\Users\seezo\AppData\Local\Discord 2022-01-09 19:31 - 2019-12-07 17:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2022-01-09 19:04 - 2021-01-16 01:27 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2022-01-09 17:13 - 2019-12-07 17:13 - 000000000 ____D C:\WINDOWS\INF 2022-01-09 13:56 - 2021-01-05 12:36 - 000000000 ____D C:\Users\seezo\Downloads\Telegram Desktop 2022-01-09 13:54 - 2021-01-04 16:25 - 000000000 ____D C:\Users\seezo\AppData\Roaming\Telegram Desktop 2022-01-09 12:29 - 2021-01-05 17:28 - 000000000 ____D C:\Users\seezo\AppData\Roaming\vlc 2022-01-09 12:03 - 2021-01-16 17:14 - 000577492 _____ C:\WINDOWS\system32\perfh011.dat 2022-01-09 12:03 - 2021-01-16 17:14 - 000172154 _____ C:\WINDOWS\system32\perfc011.dat 2022-01-09 12:03 - 2021-01-16 01:36 - 002389794 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2022-01-09 11:58 - 2021-01-16 01:33 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2022-01-09 11:58 - 2020-09-18 15:15 - 000000000 __SHD C:\Users\seezo\IntelGraphicsProfiles 2022-01-09 11:58 - 2020-05-03 05:54 - 000000000 ____D C:\Intel 2022-01-08 22:56 - 2019-12-07 17:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2022-01-08 22:25 - 2020-09-24 11:25 - 000000000 ____D C:\Users\seezo\AppData\Local\WebEx 2022-01-08 21:16 - 2019-12-07 17:14 - 000000000 ___HD C:\Program Files\WindowsApps 2022-01-08 21:16 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2022-01-08 21:15 - 2020-10-01 12:32 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2022-01-08 21:15 - 2020-10-01 12:32 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2022-01-08 11:32 - 2020-10-02 12:53 - 000000000 ____D C:\Users\seezo\AppData\LocalLow\WebEx 2022-01-08 10:28 - 2020-09-20 21:45 - 000000000 ____D C:\Users\seezo\AppData\Local\D3DSCache 2022-01-08 10:26 - 2020-10-02 12:54 - 000000000 ____D C:\Users\seezo\AppData\Roaming\webex 2022-01-08 10:11 - 2019-12-07 17:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2022-01-08 10:10 - 2021-01-11 20:52 - 000000000 ____D C:\ProgramData\Malwarebytes 2022-01-08 10:10 - 2021-01-11 20:50 - 000000000 ____D C:\Program Files\Malwarebytes 2022-01-08 09:50 - 2021-01-11 21:03 - 000007600 _____ C:\Users\seezo\AppData\Local\resmon.resmoncfg 2022-01-07 22:23 - 2020-10-08 23:27 - 000000000 ____D C:\Users\seezo\AppData\Local\CrashDumps 2022-01-07 22:00 - 2021-03-16 20:33 - 000000000 ____D C:\Users\seezo\AppData\Local\sfv 2022-01-07 14:16 - 2020-09-20 21:57 - 000000000 ____D C:\ProgramData\Norton 2022-01-07 14:14 - 2021-11-30 16:03 - 000000000 ____D C:\Users\seezo\AppData\Roaming\RenPy 2022-01-06 12:45 - 2021-07-10 21:30 - 000000000 ____D C:\Users\seezo\AppData\Roaming\Anamnesis 2022-01-04 11:02 - 2019-12-07 17:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2022-01-02 11:44 - 2020-10-27 02:20 - 000000000 ____D C:\Users\seezo\Documents\Bandicam 2022-01-01 16:16 - 2021-08-31 18:52 - 000000000 ____D C:\Users\seezo\Documents\Anamnesis 2021-12-30 21:16 - 2020-09-18 15:15 - 000000000 ____D C:\Users\seezo\AppData\Roaming\Adobe 2021-12-27 17:49 - 2021-10-08 17:32 - 000000000 ____D C:\Users\seezo\.cache 2021-12-26 17:45 - 2021-01-04 16:25 - 000000000 ____D C:\Users\seezo\AppData\Roaming\WhatsApp 2021-12-26 17:45 - 2021-01-04 16:24 - 000000000 ____D C:\Users\seezo\AppData\Local\WhatsApp 2021-12-25 19:37 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\NDF 2021-12-25 12:22 - 2020-09-22 17:23 - 000000000 ____D C:\Program Files\Microsoft Office 2021-12-24 21:34 - 2021-01-16 01:27 - 000512336 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2021-12-24 15:50 - 2020-09-18 15:17 - 000000000 ____D C:\Users\seezo\AppData\Local\PlaceholderTileLogoFolder 2021-12-24 15:50 - 2020-09-18 15:15 - 000000000 ____D C:\Users\seezo\AppData\Local\Packages 2021-12-24 12:19 - 2019-12-07 17:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-12-24 12:18 - 2021-10-22 13:15 - 000000000 ___SD C:\WINDOWS\system32\lxss 2021-12-24 12:18 - 2019-12-07 17:54 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2021-12-24 12:18 - 2019-12-07 17:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2021-12-24 12:18 - 2019-12-07 17:54 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2021-12-24 12:18 - 2019-12-07 17:50 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm 2021-12-24 12:18 - 2019-12-07 17:50 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN 2021-12-24 12:18 - 2019-12-07 17:50 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr 2021-12-24 12:18 - 2019-12-07 17:50 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts 2021-12-24 12:18 - 2019-12-07 17:50 - 000000000 ____D C:\WINDOWS\system32\winrm 2021-12-24 12:18 - 2019-12-07 17:50 - 000000000 ____D C:\WINDOWS\system32\WCN 2021-12-24 12:18 - 2019-12-07 17:50 - 000000000 ____D C:\WINDOWS\system32\slmgr 2021-12-24 12:18 - 2019-12-07 17:50 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts 2021-12-24 12:18 - 2019-12-07 17:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12 2021-12-24 12:18 - 2019-12-07 17:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs 2021-12-24 12:18 - 2019-12-07 17:14 - 000000000 ___SD C:\WINDOWS\system32\F12 2021-12-24 12:18 - 2019-12-07 17:14 - 000000000 ___SD C:\WINDOWS\system32\dsc 2021-12-24 12:18 - 2019-12-07 17:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs 2021-12-24 12:18 - 2019-12-07 17:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2021-12-24 12:18 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2021-12-24 12:18 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2021-12-24 12:18 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com 2021-12-24 12:18 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2021-12-24 12:18 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2021-12-24 12:18 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep 2021-12-24 12:18 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation 2021-12-24 12:18 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2021-12-24 12:18 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\migwiz 2021-12-24 12:18 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\Dism 2021-12-24 12:18 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\Com 2021-12-24 12:18 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2021-12-24 12:18 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\IME 2021-12-24 12:18 - 2019-12-07 17:14 - 000000000 ____D C:\Program Files\Windows Defender 2021-12-24 12:18 - 2019-12-07 17:14 - 000000000 ____D C:\Program Files\Common Files\System 2021-12-24 12:18 - 2019-12-07 17:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender 2021-12-24 12:18 - 2019-12-07 17:03 - 000000000 ____D C:\WINDOWS\servicing 2021-12-24 11:46 - 2019-12-07 17:52 - 000000000 ____D C:\WINDOWS\OCR 2021-12-22 23:22 - 2020-09-20 21:59 - 000002436 _____ C:\Users\Public\Desktop\Norton Security.lnk 2021-12-22 13:22 - 2020-09-20 22:24 - 000000000 ____D C:\Program Files\Common Files\AV 2021-12-22 11:55 - 2020-05-03 05:39 - 000000000 ____D C:\ProgramData\Packages 2021-12-22 11:53 - 2020-09-20 21:58 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64 2021-12-20 13:32 - 2021-01-11 21:19 - 000000000 ____D C:\Users\seezo\AppData\Local\FFXIV_TexTools 2021-12-16 00:10 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SystemResources 2021-12-16 00:10 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\setup 2021-12-16 00:10 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV 2021-12-16 00:10 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT 2021-12-16 00:10 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\et-EE 2021-12-16 00:10 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\es-MX 2021-12-16 00:10 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\Provisioning 2021-12-16 00:10 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2021-12-15 10:38 - 2020-09-20 21:44 - 000000000 ____D C:\WINDOWS\system32\MRT 2021-12-15 10:37 - 2020-09-20 21:44 - 137938848 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2021-12-15 10:28 - 2020-09-18 15:18 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-12-15 10:28 - 2020-09-18 15:18 - 000002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2021-12-13 22:02 - 2021-01-16 01:33 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1333255723-3266158280-2740484146-1001 2021-12-13 22:02 - 2021-01-16 01:28 - 000002390 _____ C:\Users\seezo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-12-12 15:46 - 2021-06-26 19:53 - 000000000 ____D C:\Users\seezo\Desktop\Beat ==================== Files in the root of some directories ======== 2022-01-07 14:12 - 2021-11-17 12:37 - 1383718400 ___SH (Unity Hub) C:\Users\seezo\AppData\Roaming\Microsoft\unityhub.exe 2021-12-27 22:59 - 2021-12-27 22:59 - 000004291 _____ () C:\Users\seezo\AppData\Local\recently-used.xbel 2021-01-11 21:03 - 2022-01-08 09:50 - 000007600 _____ () C:\Users\seezo\AppData\Local\resmon.resmoncfg ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================