Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-09-2024 Ran by Administrator (administrator) on LAPTOP-D982FIHM (LENOVO 82N6) (21-10-2024 14:58:02) Running from C:\Users\Administrator\Desktop\FRST64.exe Loaded Profiles: Administrator Platform: Microsoft Windows 11 Home Version 23H2 22631.4317 (X64) Language: English (United States) Default browser: Edge Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe (A-Volute SAS -> A-Volute) C:\Users\Administrator\AppData\Local\NhNotifSys\nahimic\nahimicNotifSys.exe (C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\LenovoVantage-(LenovoBatteryGaugeAddin).exe ->) (Lenovo -> Lenovo) C:\ProgramData\Lenovo\Vantage\Addins\LenovoBatteryGaugeAddin\1.0.5.8\x64\BGHelper.exe (C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\LenovoVantage-(DeviceSettingsSystemAddin).exe (C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\LenovoVantage-(GenericMessagingAddin).exe (C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\LenovoVantage-(GenericTelemetryAddin).exe (C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\LenovoVantage-(LenovoBatteryGaugeAddin).exe (C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\LenovoVantage-(LenovoGamingSystemAddin).exe (C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\LenovoVantage-(LenovoSystemUpdateAddin).exe (C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\LenovoVantage-(VantageCoreAddin).exe (C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe (C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe (C:\Program Files\Tobii\Tobii EyeX\Tobii.Service.exe ->) (Tobii AB -> Tobii AB) C:\Program Files\Tobii\Tobii EyeX\Tobii.EyeX.Engine.exe (C:\Program Files\Tobii\Tobii EyeX\Tobii.Service.exe ->) (Tobii AB -> Tobii AB) C:\Program Files\Tobii\Tobii EyeX\Tobii.EyeX.Interaction.exe (C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.24900.130.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\129.0.2792.89\msedgewebview2.exe <6> (D:\Downloads\MB\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) D:\Downloads\MB\Malwarebytes.exe (Dream Machines) [File not signed] C:\Program Files (x86)\DM1 Pro S\Monitor.exe (DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_1f1bd4b8a7603166\LenovoUtilityService.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_1f1bd4b8a7603166\FnHotkeyCapsLKNumLK.exe (DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_1f1bd4b8a7603166\LenovoUtilityService.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_1f1bd4b8a7603166\FnHotkeyUtility.exe (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <36> (NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (services.exe ->) () [File not signed] C:\Program Files\KelVPN\KelVPNService.exe (services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (services.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe (services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (services.exe ->) (A-Volute SAS -> Nahimic) C:\Windows\System32\NahimicService.exe (services.exe ->) (KeepSolid Inc. -> KeepSolid Inc.) D:\Program Files (x86)\VPN Unlimited\vpn-unlimited-daemon.exe (services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe (services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\drivers\lenovo\UDC\Service\UDClientService.exe (services.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\LenovoVantageService.exe (services.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_1f1bd4b8a7603166\LenovoUtilityService.exe (services.exe ->) (Malwarebytes Inc. -> Malwarebytes) D:\Downloads\MB\MBAMService.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe (services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MpDefenderCoreService.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MsMpEng.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\NisSrv.exe (services.exe ->) (nordvpn s.a. -> nordvpn S.A.) C:\Program Files\NordUpdater\NordUpdateService.exe (services.exe ->) (nordvpn s.a. -> nordvpn S.A.) C:\Program Files\NordVPN\nordvpn-service.exe (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3> (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvltsi.inf_amd64_4b4a49a5122b87e1\Display.NvContainer\NVDisplay.Container.exe <2> (services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_0e38956337e3fd2b\RtkAudUService64.exe (services.exe ->) (Tobii AB -> Tobii AB) C:\Program Files\Tobii\Tobii EyeX\Tobii.Service.exe (svchost.exe ->) (21E1B422-257A-44A2-9C8F-379165856473 -> ) C:\Program Files\WindowsApps\A-Volute.Nahimic_1.9.22.0_x64__w2gh52qy24etm\Nahimic3.exe (svchost.exe ->) (A-Volute SAS -> Nahimic) C:\Windows\System32\NahimicSvc64.exe (svchost.exe ->) (A-Volute SAS -> Nahimic) C:\Windows\SysWOW64\NahimicSvc32.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WidgetsPlatformRuntime_1.4.0.0_x64__8wekyb3d8bbwe\WidgetService\WidgetService.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_0e38956337e3fd2b\RtkAudUService64.exe [1625448 2022-11-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [3069768 2022-04-08] (Riot Games, Inc. -> Riot Games, Inc.) HKLM\...\Run: [RZTHXHelper] => C:\WINDOWS\system32\RZTHXHelper.exe (No File) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [122427152 2021-07-14] (Microsoft Corporation -> Microsoft Corporation) HKLM-x32\...\Run: [AirBackupHelper] => C:\Program Files (x86)\iMobie\AnyTrans\AirBackupHelper.exe [2740872 2022-11-21] (iMobie Inc. -> iMobie Inc.) HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> ) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed] HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM-x32\...\Run: [DM1 Pro S Mouse Driver] => C:\Program Files (x86)\DM1 Pro S\Monitor.exe [765952 2017-04-27] (Dream Machines) [File not signed] HKLM\...\Policies\Explorer: [HideSCAMeetNow] 1 HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\MRT: Restriction <==== ATTENTION HKLM\Software\Policies\...\system: [EnableActivityFeed] 0 HKLM\Software\Policies\...\system: [PublishUserActivities] 0 HKLM\Software\Policies\...\system: [UploadUserActivities] 0 HKLM\Software\Policies\...\system: [AllowClipboardHistory] 0 HKLM\Software\Policies\...\system: [AllowCrossDeviceClipboard] 0 HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [4919312 2024-10-15] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Run: [Discord] => C:\Users\tehke\AppData\Local\Discord\Update.exe [1512616 2022-02-17] (Discord Inc. -> GitHub) HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Run: [Steam] => D:\Program Files (x86)\Steam\steam.exe [4406632 2024-09-17] (Valve Corp. -> Valve Corporation) HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> ) HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Run: [Opera GX Stable] => C:\Users\tehke\AppData\Local\Programs\Opera GX\opera.exe [1306528 2024-09-26] (Opera Norway AS -> Opera Software) HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\tehke\AppData\Local\Microsoft\Teams\Update.exe [2587368 2023-04-02] (Microsoft 3rd Party Application Component -> Microsoft Corporation) HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Run: [Opera GX Browser Assistant] => C:\Users\tehke\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe [3291288 2021-02-01] (Opera Software AS -> Opera Software) HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Run: [MicrosoftEdgeAutoLaunch_5336C2924B55FD107B3D46AF0B1AC178] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3865656 2024-10-16] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Run: [AirBackupHelper] => C:\Program Files (x86)\iMobie\AnyTrans\AirBackupHelper.exe [2740872 2022-11-21] (iMobie Inc. -> iMobie Inc.) HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Run: [AnyTransToolHelper] => C:\Program Files (x86)\iMobie\AnyTrans\AnyTransToolHelper.exe [576136 2022-11-21] (iMobie Inc. -> iMobie Inc.) HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Run: [LenovoVantageToolbar] => C:\ProgramData\Lenovo\Vantage\AddinData\LenovoBatteryGaugeAddin\x64\QSHelper.exe [86424 2024-06-12] (Lenovo -> Lenovo) HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Run: [electron.app.BlueStacks Services] => C:\Users\tehke\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe [162219656 2024-05-08] (Now.gg, INC -> now.gg, Inc.) HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Run: [DAEMON Tools Lite Automount] => "G:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun (No File) HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Run: [NordVPN] => C:\Program Files\NordVPN\NordVPN.exe [263256 2023-09-25] (nordvpn s.a. -> nordvpn S.A.) HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Policies\Explorer: [DisallowRun] 1 HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Policies\Explorer: [HideSCAMeetNow] 1 HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Policies\Explorer\DisallowRun: [1] irsetup.exe HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\MountPoints2: {ac8a5ee2-acb9-11ec-8aed-106fd99e34c8} - "E:\setup.EXE" /AUTORUN HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [4919312 2024-10-15] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\Run: [com.squirrel.Teams.Teams] => C:\Users\terry\AppData\Local\Microsoft\Teams\Update.exe [2587368 2023-04-02] (Microsoft 3rd Party Application Component -> Microsoft Corporation) HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\Run: [LenovoVantageToolbar] => C:\ProgramData\Lenovo\Vantage\AddinData\LenovoBatteryGaugeAddin\x64\QSHelper.exe [86424 2024-06-12] (Lenovo -> Lenovo) HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\Run: [AirBackupHelper] => C:\Program Files (x86)\iMobie\AnyTrans\AirBackupHelper.exe [2740872 2022-11-21] (iMobie Inc. -> iMobie Inc.) HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\Run: [AnyTransToolHelper] => C:\Program Files (x86)\iMobie\AnyTrans\AnyTransToolHelper.exe [576136 2022-11-21] (iMobie Inc. -> iMobie Inc.) HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe /StartMinimized (No File) HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\Run: [RazerAxon] => "C:\Program Files (x86)\Razer\Razer Axon\RazerAxon.exe" -autorun (No File) HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\Run: [RzAppEngine] => "C:\Program Files\Razer\RzAppEngine\rzappengine.exe" --start-hidden --url-params=apps=virtual-ring-light,streamer-companion-app,spatial-audio&autoStart=1 (No File) HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> ) HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\Run: [MicrosoftEdgeAutoLaunch_9CE861ED124B1A707734DA2D6DCB9C85] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3865656 2024-10-16] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-3252700674-1244316876-1502611229-1006\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [4919312 2024-10-15] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-3252700674-1244316876-1502611229-1006\...\Run: [Synapse3] => "C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe" /StartMinimized (No File) HKU\S-1-5-21-3252700674-1244316876-1502611229-1006\...\Run: [MicrosoftEdgeAutoLaunch_9E340A4B8FFE17B011AC7F2648A3CF2E] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3865656 2024-10-16] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-3252700674-1244316876-1502611229-500\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [4919312 2024-10-15] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-3252700674-1244316876-1502611229-500\...\Run: [MicrosoftEdgeAutoLaunch_98769996E24836F99EC8617644423B4C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3865656 2024-10-16] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe /StartMinimized (No File) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\129.0.6668.103\Installer\chrmstp.exe [2024-10-21] (Google LLC -> Google LLC) HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {DCC5E6F8-2B3A-44BE-9B80-5860CC919A91} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe [302968 2023-08-29] (Now.gg, INC -> BlueStack Systems, Inc.) Task: {307E2E8D-3FE5-4B36-BCC4-C6C823A6E1F2} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem131.0.6776.0{95C94CA1-8F7F-4318-BB32-B8CA12E64711} => C:\Program Files (x86)\Google\GoogleUpdater\131.0.6776.0\updater.exe [5507168 2024-10-13] (Google LLC -> Google LLC) Task: {C002060A-F7AC-41D5-A686-8703DB77D121} - System32\Tasks\HidHide_Updater => C:\Program Files\Nefarius Software Solutions\HidHide\HidHide_Updater.exe [1206200 2023-05-06] (Nefarius Software Solutions e.U. -> Nefarius Software Solutions e.U.) -> C:\Program Files\Nefarius Software Solutions\HidHide\\/silent Task: {9B2542E6-086D-49EA-93C2-02B5352754E9} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2113024 2023-11-09] () [File not signed] Task: {11617D12-4B3C-4AF4-8F38-A30A4BC5E5AA} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [94496 2024-06-26] (Lenovo -> Lenovo Group Ltd.) Task: {9C49309C-2145-4677-9F0B-9EC1CC2EB47E} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => C:\WINDOWS\system32\sc.exe [98304 2022-05-06] (Microsoft Windows -> Microsoft Corporation) -> START ImControllerService Task: {1C319FDD-C11F-4D5E-ACC2-626F2FA42656} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => C:\WINDOWS\System32\reg.exe [102400 2022-05-06] (Microsoft Windows -> Microsoft Corporation) -> add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32 Task: {26FF1DC4-DEDA-4827-BB5B-C25EA2B371ED} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\03ce9ca0-51b4-4f67-86a1-4f071e474ced => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.) Task: {CE5B4A0F-43E7-4DFD-B016-4D8CFFA4A71A} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\c7867e5e-8d39-4189-beb9-18ce6bddf273 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.) Task: {C9A2A36F-B0FF-455F-9436-98E644A56614} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\f18fea6b-fb93-46be-b685-8887647a07e7 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.) Task: {A5E5C918-FF12-4D60-AB38-C1750CD3E4ED} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\f2ae3512-838b-487f-8529-7ba0519e486f => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.) Task: {C72A851C-CE4D-4979-BF97-8ACB50DAA6AC} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\f502daaf-65c0-4b3a-9cc0-cc0968084ddb => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.) Task: {2D919C47-B9B9-44F7-84FD-848263CEAC1B} - System32\Tasks\Lenovo\UDC\Lenovo UDC Diagnostic Scan => C:\Windows\system32\sc.exe [98304 2022-05-06] (Microsoft Windows -> Microsoft Corporation) -> control udcservice 210 Task: {45D7879C-FDC7-4679-9BD1-EE1D425E5C50} - System32\Tasks\Lenovo\UDC\Lenovo UDC Idle Monitor => C:\windows\system32\drivers\Lenovo\udc\Service\UDCUserAgent.exe [90976 2024-04-07] (Lenovo -> Lenovo Group Ltd.) -> C:\windows\system32\drivers\Lenovo\udc\Service\/onidle Task: {9062F728-D805-47B2-B8E0-4196CF61702E} - System32\Tasks\Lenovo\UDC\Lenovo UDC Monitor => C:\WINDOWS\system32\drivers\lenovo\udc\data\InfBackup\UdcInfInstaller.exe [188656 2024-04-07] (Lenovo -> Lenovo Group Ltd.) Task: {E91CA5CE-637F-4043-A1BD-54389D1C7883} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => C:\WINDOWS\system32\sc.exe [98304 2022-05-06] (Microsoft Windows -> Microsoft Corporation) -> start LenovoVantageService Task: {BA835612-6945-4E3E-8276-F8FE30374EAB} - System32\Tasks\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\ScheduleEventAction.exe [30056 2024-09-12] (Lenovo -> Lenovo) Task: {62B172AE-A7DF-4EC2-9B9B-F8B0068C227B} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\ScheduleEventAction.exe [30056 2024-09-12] (Lenovo -> Lenovo) Task: {165C51FE-88FC-46F5-86EE-C8174ED4A1EE} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\ScheduleEventAction.exe [30056 2024-09-12] (Lenovo -> Lenovo) Task: {D85FE556-B54E-4263-A5AB-A4E57E02FD84} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\ScheduleEventAction.exe [30056 2024-09-12] (Lenovo -> Lenovo) Task: {924A6861-0C9E-4510-8190-2B60DDBE6692} - System32\Tasks\Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent => C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\ScheduleEventAction.exe [30056 2024-09-12] (Lenovo -> Lenovo) Task: {1AE370FD-A53C-401A-9B13-334C7FEE2391} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\ScheduleEventAction.exe [30056 2024-09-12] (Lenovo -> Lenovo) Task: {32A0AB69-654E-46A4-A776-32CC92D5F697} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\ScheduleEventAction.exe [30056 2024-09-12] (Lenovo -> Lenovo) Task: {CD9522DD-08F6-4AD1-8168-0D8B556632B1} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\ScheduleEventAction.exe [30056 2024-09-12] (Lenovo -> Lenovo) Task: {45FD8AE5-5B64-45A5-8939-2F84E27024A1} - System32\Tasks\Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\ScheduleEventAction.exe [30056 2024-09-12] (Lenovo -> Lenovo) Task: {918A3CB6-62B7-4155-BBCA-ECC2D40A968B} - System32\Tasks\Lenovo\Vantage\Schedule\SmartPerformance.ExpireReminder => C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\ScheduleEventAction.exe [30056 2024-09-12] (Lenovo -> Lenovo) Task: {BF6BDDDA-07FE-49CE-A3A0-A286B7E60212} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinIdleScheduleTask => C:\ProgramData\Lenovo\Vantage\Addins\VantageCoreAddin\1.0.0.174\ScheduleEventAction.exe [17816 2024-08-30] (Lenovo -> Lenovo) Task: {84F97A57-0BB5-4FD0-A817-0FC9D7DAD362} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinWeekScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\ScheduleEventAction.exe [30056 2024-09-12] (Lenovo -> Lenovo) Task: {F3580E28-3B60-4D31-BA14-607D3CC67094} - System32\Tasks\Lenovo\Vantage\StartupFixPlan => C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\uninstall.exe [340968 2024-09-12] (Lenovo -> Lenovo) Task: {633F720F-5F4E-4410-8A7F-6683E22C6D3D} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21918696 2024-08-01] (Microsoft Corporation -> Microsoft Corporation) Task: {837AB4E7-32CE-48C3-BF5E-C98B64826209} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21918696 2024-08-01] (Microsoft Corporation -> Microsoft Corporation) Task: {0DAB57C9-55EF-42B5-899D-F303F7102475} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [147304 2024-09-09] (Microsoft Corporation -> Microsoft Corporation) Task: {FC95D63F-8CEC-4F3E-869F-2269110FA05D} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [147304 2024-09-09] (Microsoft Corporation -> Microsoft Corporation) Task: {3B648AB6-E6D8-4905-8CCD-85B7308889EF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5275568 2024-09-09] (Microsoft Corporation -> Microsoft Corporation) Task: {35E0E015-2B4E-433F-9512-E285E8CF5259} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5275568 2024-09-09] (Microsoft Corporation -> Microsoft Corporation) Task: {AE6AC975-1CB3-40F4-A23A-9EAB2388F86E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MpCmdRun.exe [1687208 2024-09-16] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {320A26C6-F263-4752-B73D-483E56149B52} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MpCmdRun.exe [1687208 2024-09-16] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {7FFAD5C9-A3B3-426F-88BA-2EC3F479D246} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MpCmdRun.exe [1687208 2024-09-16] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {A0960F3A-C384-4AFE-A8C9-A20C3CE41C2C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MpCmdRun.exe [1687208 2024-09-16] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {5FFE260E-32F1-4747-BEA5-8C55009C7F95} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-3252700674-1244316876-1502611229-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [672320 2024-10-14] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters). Task: {36989C1C-D275-4997-9B5D-A71A18835E0D} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34368 2024-10-14] (Mozilla Corporation -> Mozilla Foundation) Task: {D3E59819-91B1-44FB-8266-5065662052E5} - System32\Tasks\NahimicSvc32Run => C:\Windows\SysWOW64\NahimicSvc32.exe [844400 2022-03-29] (A-Volute SAS -> Nahimic) Task: {5F1A05D1-AEAA-4C4C-BC5B-B29E56186078} - System32\Tasks\NahimicSvc64Run => C:\Windows\system32\NahimicSvc64.exe [1105520 2022-03-29] (A-Volute SAS -> Nahimic) Task: {A667696A-4B7A-441E-9FB2-630C79EAB5F9} - System32\Tasks\NahimicTask32 => C:\Windows\System32\..\SysWOW64\NahimicSvc32.exe [844400 ] (A-Volute SAS -> Nahimic) Task: {5F0A7914-5609-444B-9E0B-244832EAD4D2} - System32\Tasks\NahimicTask64 => C:\Windows\System32\.\NahimicSvc64.exe [1105520 ] (A-Volute SAS -> Nahimic) Task: {6CC5D955-5082-465A-BC72-1BE5CC090211} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1005096 2024-03-12] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files\NVIDIA Corporation\NvContainer\-d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log Task: {E0D9AACC-85DC-4C12-94BE-0853951668A0} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3345448 2024-03-12] (NVIDIA Corporation -> NVIDIA Corporation) Task: {ABBE7EEA-E9BD-41B6-9D5E-D69733537572} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649256 2024-03-12] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files (x86)\NVIDIA Corporation\NvNode\--launcher=TaskScheduler Task: {43AE64D3-D4D1-4646-81D3-50BC0A3AC1C3} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2024-03-12] (NVIDIA Corporation -> NVIDIA Corporation) Task: {055D9CF8-2E4C-452E-9565-D74F4EF66FD7} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2024-03-12] (NVIDIA Corporation -> NVIDIA Corporation) Task: {F75058A6-FE9D-43E0-9312-082C3A0905DB} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2024-03-12] (NVIDIA Corporation -> NVIDIA Corporation) Task: {978CBE89-F76F-41ED-B1CA-AA76306138CA} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2024-03-12] (NVIDIA Corporation -> NVIDIA Corporation) Task: {8CDC3969-BB25-4D6B-A5C8-84C0ACFA97D5} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2024-03-12] (NVIDIA Corporation -> NVIDIA Corporation) Task: {5B3AFEED-1AD3-41AA-B67F-010DCC8B0BC5} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2024-03-12] (NVIDIA Corporation -> NVIDIA Corporation) Task: {820E5226-8269-4DD2-AAAE-D2D4339685E4} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4209176 2024-10-15] (Microsoft Corporation -> Microsoft Corporation) Task: {E99C436B-F57E-4D2B-8E76-ADD70103F937} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3252700674-1244316876-1502611229-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4209176 2024-10-15] (Microsoft Corporation -> Microsoft Corporation) Task: {C0523EA8-5DF0-4B5C-A016-A4D6343BA63A} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3252700674-1244316876-1502611229-1004 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4209176 2024-10-15] (Microsoft Corporation -> Microsoft Corporation) Task: {6EDBA1BC-0B71-4A64-B3AA-BAE60375919A} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3252700674-1244316876-1502611229-1006 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4209176 2024-10-15] (Microsoft Corporation -> Microsoft Corporation) Task: {9C061680-8495-46D3-AE94-B174F75ABCA5} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3252700674-1244316876-1502611229-500 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4209176 2024-10-15] (Microsoft Corporation -> Microsoft Corporation) Task: {9A6EF20A-8FC9-4AEE-A555-45C4AD5DA42B} - System32\Tasks\Opera GX scheduled assistant Autoupdate 1652344982 => C:\Users\tehke\AppData\Local\Programs\Opera GX\launcher.exe [1306528 2024-09-26] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\tehke\AppData\Local\Programs\Opera GX\assistant" $(Arg0) Task: {88B67FCB-9FA5-43BC-B304-9AE32AD2E19D} - System32\Tasks\Opera GX scheduled Autoupdate 1650357760 => C:\Users\tehke\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe [5579168 2024-09-24] (Opera Norway AS -> Opera Software) Task: {EE1ADD0E-6A2C-417C-BF00-C43C5B55E173} - System32\Tasks\ViGEmBus_Updater => C:\Program Files\Nefarius Software Solutions\ViGEm Bus Driver\ViGEmBus_Updater.exe [1117096 2022-09-27] (Nefarius Software Solutions e.U. -> Nefarius Software Solutions e.U.) -> C:\Program Files\Nefarius Software Solutions\ViGEm Bus Driver\\/silent Task: {6B901360-EE57-48D7-951C-D74D0A7E48A3} - System32\Tasks\ZoomUpdateTaskUser-S-1-5-21-3252700674-1244316876-1502611229-1001 => C:\Users\tehke\AppData\Roaming\Zoom\bin\Zoom.exe [432456 2024-09-27] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: 100.98.23.125 terryc250-everest.nord Tcpip\..\Interfaces\{3f438854-abf6-4678-8778-405ce82b3a9f}: [DhcpNameServer] 150.208.1.3 Tcpip\..\Interfaces\{9272e2bf-6bd5-1513-a95c-605fd4c46776}: [NameServer] 103.86.96.100,103.86.99.100 Tcpip\..\Interfaces\{c439920d-0d92-4cbf-9a78-ff265fa201f0}: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{c439920d-0d92-4cbf-9a78-ff265fa201f0}: [DhcpDomain] lan Tcpip\..\Interfaces\{c439920d-0d92-4cbf-9a78-ff265fa201f0}\4554C4553583445424: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{c439920d-0d92-4cbf-9a78-ff265fa201f0}\455627279791023702960586F6E656: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{fc01fcd5-2b9d-2fd8-78d8-cb78b313e2b2}: [NameServer] 103.86.96.100,103.86.99.100 Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default [2024-10-21] Edge Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-10-20] Edge Extension: (Edge relevant text changes) - C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-03-25] FireFox: ======== FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-04-19] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=3.0.16 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.17.4 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-04-19] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-04-19] (Microsoft Corporation -> Microsoft Corporation) Chrome: ======= CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default [2024-10-18] CHR StartupUrls: Default -> "hxxp://google.ca/" CHR Extension: (BetterTTV) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2024-10-18] CHR Extension: (MEGA) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2024-10-18] [UpdateUrl:hxxps://mega.nz/firefox-web-extension-updates.json] <==== ATTENTION CHR Extension: (uBlock Origin) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2024-10-18] CHR Extension: (Tampermonkey) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2024-10-18] CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-10-18] CHR Extension: (AdBlock — block ads across the web) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2024-10-18] CHR Extension: (Coinbase Wallet extension) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnfanknocfeofbddgcijnmhnfnkdnaad [2024-10-18] CHR Extension: (Imagus) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\immpkjjlgappgfkkfieppnmlhakdmaab [2024-10-18] CHR Extension: (Violentmonkey) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jinjaccalgkegednnccohejagnlnfdag [2024-10-18] CHR Extension: (Reddit Enhancement Suite) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2024-10-18] CHR Extension: (Behind The Overlay) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljipkdpcjbmhkdjjmbbaggebcednbbme [2024-10-18] CHR Extension: (Fakespot Fake Amazon Reviews and eBay Sellers) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nakplnnackehceedgkgkokbgbmfghain [2024-10-18] CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-10-18] CHR Extension: (Hover Zoom+) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pccckmaobkjjboncdfnnofkonhgpceea [2024-10-18] Opera: ======= StartMenuInternet: (HKU\S-1-5-21-3252700674-1244316876-1502611229-1001) Opera GXStable - "C:\Users\tehke\AppData\Local\Programs\Opera GX\opera.exe" ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [944096 2023-10-13] (Adobe Inc. -> Adobe Inc.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2021-08-20] (Apple Inc. -> Apple Inc.) S3 battlenet_helpersvc; C:\ProgramData\Battle.net_components\battlenet_helpersvc\AgentHelper.exe [2573448 2024-10-12] (Blizzard Entertainment, Inc. -> Blizzard Entertainment) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9202688 2024-08-01] (Microsoft Corporation -> Microsoft Corporation) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [811496 2022-08-03] (EasyAntiCheat Oy -> Epic Games, Inc) S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\24.186.0915.0004\FileSyncHelper.exe [3525136 2024-10-15] (Microsoft Corporation -> Microsoft Corporation) R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.) R2 KelVPNService; C:\Program Files\KelVPN\KelVPNService.exe [15511552 2023-06-22] () [File not signed] R2 LenovoFnAndFunctionKeys; C:\WINDOWS\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_1f1bd4b8a7603166\LenovoUtilityService.exe [178656 2024-08-21] (Lenovo -> Lenovo) R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\LenovoVantageService.exe [34256 2024-09-12] (Lenovo -> Lenovo) R2 MBAMService; D:\Downloads\MB\MBAMService.exe [9319296 2024-10-20] (Malwarebytes Inc. -> Malwarebytes) S3 MBVpnTunnelService; D:\Downloads\MB\MBVpnTunnelService.exe [3073888 2024-06-07] (Malwarebytes Inc. -> Malwarebytes) R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MpDefenderCoreService.exe [1431160 2024-09-16] (Microsoft Windows Publisher -> Microsoft Corporation) R2 NahimicService; C:\WINDOWS\system32\NahimicService.exe [1930888 2022-03-29] (A-Volute SAS -> Nahimic) R2 NordUpdaterService; C:\Program Files\NordUpdater\NordUpdateService.exe [297848 2022-12-21] (nordvpn s.a. -> nordvpn S.A.) R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [263256 2023-09-25] (nordvpn s.a. -> nordvpn S.A.) R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvltsi.inf_amd64_4b4a49a5122b87e1\Display.NvContainer\NVDisplay.Container.exe [1275544 2024-04-12] (NVIDIA Corporation -> NVIDIA Corporation) S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\24.186.0915.0004\OneDriveUpdaterService.exe [3869200 2024-10-15] (Microsoft Corporation -> Microsoft Corporation) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed] R2 Tobii Service; C:\Program Files\Tobii\Tobii EyeX\Tobii.Service.exe [223528 2021-05-05] (Tobii AB -> Tobii AB) R2 UDCService; C:\WINDOWS\system32\DRIVERS\Lenovo\udc\Service\UDClientService.exe [72432 2024-04-07] (Lenovo -> Lenovo Group Ltd.) S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [10569840 2022-04-08] (Riot Games, Inc. -> Riot Games, Inc.) R2 VPNUnlimitedService; D:\Program Files (x86)\VPN Unlimited\vpn-unlimited-daemon.exe [54136 2024-04-12] (KeepSolid Inc. -> KeepSolid Inc.) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\NisSrv.exe [3199656 2024-09-16] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MsMpEng.exe [133704 2024-09-16] (Microsoft Windows Publisher -> Microsoft Corporation) S3 Disc Soft Lite Bus Service; "G:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe" [X] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 amdfendrmgr; C:\WINDOWS\System32\drivers\amdfendrmgr.sys [33216 2021-12-02] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [39272 2023-06-27] (Apple Inc. -> Apple Inc.) S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [55608 2023-06-27] (Apple Inc. -> Apple Inc.) R2 BlueStacksDrv_nxt; C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys [310672 2023-08-29] (Microsoft Windows Hardware Compatibility Publisher -> Bluestack System Inc.) S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [544768 2023-12-12] (Microsoft Corporation) [File not signed] S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [188416 2023-11-14] (Microsoft Corporation) [File not signed] S3 cpuz158; C:\WINDOWS\temp\cpuz158\cpuz158_x64.sys [44592 2024-09-25] (Microsoft Windows Hardware Compatibility Publisher -> CPUID) <==== ATTENTION R3 csaudio; C:\WINDOWS\System32\DriverStore\FileRepository\csaudio.inf_amd64_3abbd251e5a04b6f\csaudio.sys [322984 2022-04-25] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2022-03-26] (Disc Soft Ltd -> Disc Soft Ltd) R3 FBNetFilter; C:\WINDOWS\System32\drivers\FBNetFlt.sys [60784 2023-12-06] (Lenovo -> Lenovo) R3 HidHide; C:\WINDOWS\System32\drivers\HidHide.sys [66584 2022-06-27] (Microsoft Windows Hardware Compatibility Publisher -> Nefarius Software Solutions e.U.) R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [231504 2024-10-14] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-06-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239568 2024-07-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MTKBTFilterX64; C:\WINDOWS\system32\DRIVERS\mtkbtfilterx.sys [286424 2022-05-14] (MEDIATEK INC. -> MediaTek Inc.) R3 mtkwlex; C:\WINDOWS\System32\drivers\mtkwl6ex.sys [1439976 2022-05-15] (MEDIATEK INC. -> MediaTek Inc.) R3 NahimicBTLink; C:\WINDOWS\System32\drivers\NahimicBTLink.sys [85144 2021-09-13] (A-Volute SAS -> Windows (R) Win 7 DDK provider) R3 Nahimic_Mirroring; C:\WINDOWS\System32\drivers\Nahimic_Mirroring.sys [85144 2021-09-13] (A-Volute SAS -> Windows (R) Win 7 DDK provider) R2 NDivert; C:\Program Files\NordVPN\7.29.3.0\Drivers\NDivert.sys [131472 2024-09-13] (nordvpn s.a. -> Nordvpn S.A.) S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [32352 2017-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.) R4 NordDivert10; C:\Program Files\NordVPN\7.29.3.0\NordDivert1064.sys [101240 2024-09-13] (nordvpn s.a. -> NordVPN/Basil) R1 nordlwf; C:\WINDOWS\system32\DRIVERS\nordlwf.sys [44928 2024-05-29] (nordvpn s.a. -> TEFINCOM S.A.) R3 NvModuleTracker; C:\WINDOWS\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2024-03-12] (Nvidia Corporation -> NVIDIA Corporation) R3 nvpcf; C:\WINDOWS\System32\drivers\nvpcf.sys [235016 2024-04-11] (NVIDIA Corporation -> NVIDIA Corporation) R3 ovpn-dco; C:\WINDOWS\System32\drivers\ovpn-dco.sys [92664 2024-06-05] (WDKTestCert lev,133391533294737317 -> OpenVPN, Inc) S3 rspLLL; C:\WINDOWS\System32\DRIVERS\rspLLL64.sys [27744 2021-03-09] (Daniel Terhell -> Resplendence Software Projects Sp.) S3 RzCommon; C:\WINDOWS\System32\drivers\RzCommon.sys [64168 2022-08-18] (Razer USA Ltd. -> Razer Inc) S3 RzDev_0094; C:\WINDOWS\System32\drivers\RzDev_0094.sys [55376 2021-01-21] (Razer USA Ltd. -> Razer Inc) S3 RzDev_0095; C:\WINDOWS\System32\drivers\RzDev_0095.sys [56728 2020-12-10] (Razer USA Ltd. -> Razer Inc) R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39920 2023-07-19] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project) R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [41120 2024-08-29] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project) S1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [8571048 2022-04-08] (Riot Games, Inc. -> Riot Games, Inc.) R1 ViGEmBus; C:\WINDOWS\System32\drivers\ViGEmBus.sys [249400 2022-08-29] (Microsoft Windows Hardware Compatibility Publisher -> Nefarius Software Solutions e.U.) S3 VPNUSplitTunnel; D:\Program Files (x86)\VPN Unlimited\VpnuDriver\VpnuDriver.sys [49608 2023-11-30] (KeepSolid Inc. -> ) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [22080 2024-09-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-06] (Microsoft Windows -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [602392 2024-09-16] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105864 2024-09-16] (Microsoft Windows -> Microsoft Corporation) S3 wintun; C:\WINDOWS\system32\DRIVERS\wintun.sys [29592 2024-07-22] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC) R3 WireGuard; C:\WINDOWS\System32\drivers\wireguard.sys [489368 2023-10-22] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2024-10-21 14:57 - 2024-10-21 14:57 - 002397696 _____ (Farbar) C:\Users\Administrator\Downloads\Unconfirmed 548831.crdownload 2024-10-21 14:57 - 2024-10-21 14:57 - 002397696 _____ (Farbar) C:\Users\Administrator\Downloads\Unconfirmed 52432.crdownload 2024-10-21 14:57 - 2024-10-21 14:57 - 002397696 _____ (Farbar) C:\Users\Administrator\Downloads\Unconfirmed 478500.crdownload 2024-10-21 14:57 - 2024-10-21 14:57 - 002397696 _____ (Farbar) C:\Users\Administrator\Downloads\Unconfirmed 426091.crdownload 2024-10-21 14:57 - 2024-10-21 14:57 - 002397696 _____ (Farbar) C:\Users\Administrator\Downloads\Unconfirmed 294408.crdownload 2024-10-21 14:57 - 2024-10-21 14:57 - 002397696 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64 (5).exe 2024-10-21 14:57 - 2024-10-21 14:57 - 002397696 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe 2024-10-21 01:11 - 2024-10-21 01:11 - 000211199 _____ C:\Users\tehke\Downloads\609FBC46-B66C-4384-B6E5-0D152E129999.jpeg 2024-10-20 21:54 - 2024-10-20 21:54 - 000000165 _____ C:\Users\tehke\Desktop\Goodgame Empire.url 2024-10-20 21:03 - 2024-10-20 21:04 - 211775488 _____ C:\Users\tehke\Downloads\calibre-64bit-7.20.0.msi 2024-10-20 18:27 - 2024-10-20 18:27 - 000001393 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WickrMe.lnk 2024-10-20 18:27 - 2024-10-20 18:27 - 000000000 ____D C:\Users\Administrator\AppData\Local\Wickr, LLC 2024-10-20 18:27 - 2024-10-20 18:27 - 000000000 ____D C:\Users\Administrator\AppData\Local\cache 2024-10-18 23:45 - 2024-10-18 23:45 - 010219392 _____ (Google LLC) C:\Users\tehke\Downloads\ChromeSetup.exe 2024-10-18 21:04 - 2024-10-18 21:04 - 000089759 _____ C:\Users\Administrator\Downloads\FilterKeysSetter_1.0.zip 2024-10-18 20:51 - 2024-10-18 20:59 - 000068285 _____ C:\Users\Administrator\Desktop\Addition.txt 2024-10-18 20:50 - 2024-10-21 14:58 - 000049176 _____ C:\Users\Administrator\Desktop\FRST.txt 2024-10-18 20:44 - 2024-10-18 20:44 - 000176273 _____ C:\Users\Administrator\Desktop\Serving It Right.pdf 2024-10-18 20:36 - 2024-10-18 20:46 - 000000000 ____D C:\Users\Administrator\AppData\Local\NordVPN 2024-10-18 20:36 - 2024-10-18 20:36 - 000000000 ____D C:\Users\Administrator\AppData\Local\ToastNotificationManagerCompat 2024-10-18 20:35 - 2024-10-18 20:35 - 000000000 ____D C:\Users\Administrator\AppData\Local\Nahimic 2024-10-18 16:37 - 2024-10-18 16:38 - 000070722 _____ C:\Users\tehke\Downloads\Addition.txt 2024-10-18 16:36 - 2024-10-18 16:38 - 000069135 _____ C:\Users\tehke\Downloads\FRST.txt 2024-10-14 20:49 - 2024-10-18 22:30 - 000000000 ____D C:\Program Files\Mozilla Firefox 2024-10-10 17:53 - 2024-10-10 17:53 - 000033124 _____ C:\Users\tehke\Documents\Terry-Chhim.pdf 2024-10-09 21:40 - 2024-10-09 21:40 - 012080851 _____ C:\Users\tehke\Documents\AQPxtPMMIVeqVfyDzN6N1vOdgtNORH7NPlvbInNM_Mf6rncMN16rEETVanzplBWPQpabxD09z8OGsqDcGJUXPTcG.mp4 2024-10-03 18:38 - 2024-10-03 18:38 - 003497025 _____ C:\Users\tehke\Downloads\resume (1).pdf 2024-10-02 01:00 - 2024-10-02 01:00 - 000000000 ____D C:\Users\tehke\Documents\DM1S Updater_V16_560_28SSOP_3360_DD16H_V102 2024-10-02 00:40 - 2024-10-02 00:40 - 000000000 ____D C:\flassh 2024-10-01 23:47 - 2024-10-01 23:47 - 053555016 _____ C:\Users\tehke\Documents\Untitled-2.psd 2024-10-01 23:47 - 2024-10-01 23:47 - 041725242 _____ C:\Users\tehke\Documents\Untitled-3.psd 2024-10-01 22:00 - 2024-10-18 22:32 - 000000000 ____D C:\Program Files (x86)\DM1 Pro S 2024-10-01 22:00 - 2024-10-01 22:00 - 000001933 _____ C:\Users\Public\Desktop\DM1 Pro S Mouse Driver.lnk 2024-10-01 22:00 - 2024-10-01 22:00 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2024-10-01 22:00 - 2024-10-01 22:00 - 000000000 ____D C:\Users\tehke\Downloads\V16 DM1 S PRO Mouse Driver(Eng) 20170704 2024-10-01 22:00 - 2024-10-01 22:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DM1 Pro S 2024-09-27 03:23 - 2024-09-27 03:23 - 000000000 ____D C:\Users\tehke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom 2024-09-25 21:49 - 2024-10-18 22:32 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2024-09-25 21:49 - 2024-10-15 03:49 - 000001016 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2024-09-25 21:49 - 2024-09-25 21:49 - 000372088 _____ (Mozilla) C:\Users\tehke\Downloads\Firefox Installer.exe 2024-09-25 21:49 - 2024-09-25 21:49 - 000002049 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk 2024-09-25 21:49 - 2024-09-25 21:49 - 000001004 _____ C:\Users\Public\Desktop\Firefox.lnk 2024-09-25 21:49 - 2024-09-25 21:49 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla 2024-09-25 21:49 - 2024-09-25 21:49 - 000000000 ____D C:\Users\tehke\AppData\Roaming\Mozilla 2024-09-25 21:49 - 2024-09-25 21:49 - 000000000 ____D C:\Users\tehke\AppData\Local\Mozilla ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2024-10-21 14:58 - 2023-03-15 00:47 - 000000000 ____D C:\FRST 2024-10-21 14:57 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SystemTemp 2024-10-21 14:55 - 2024-01-19 11:45 - 000000000 ____D C:\Users\Administrator\AppData\Local\Malwarebytes 2024-10-21 14:55 - 2024-01-19 11:45 - 000000000 ____D C:\Users\Administrator\.tobii 2024-10-21 14:55 - 2023-02-23 22:51 - 000000000 ____D C:\Users\tehke 2024-10-21 14:55 - 2022-05-06 22:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2024-10-21 14:55 - 2022-04-01 03:01 - 000000000 ____D C:\Users\tehke\Documents\ShareX 2024-10-21 14:55 - 2022-03-24 15:25 - 000000000 ____D C:\Users\tehke\.tobii 2024-10-21 14:55 - 2022-03-24 14:21 - 000000000 ____D C:\Users\tehke\AppData\Roaming\discord 2024-10-21 14:55 - 2022-02-14 20:16 - 000000000 ____D C:\ProgramData\NVIDIA 2024-10-21 14:54 - 2022-04-15 18:41 - 000000000 ____D C:\Users\tehke\AppData\Local\Wickr, LLC 2024-10-21 14:52 - 2023-02-23 22:55 - 000003112 _____ C:\WINDOWS\system32\Tasks\NahimicTask32 2024-10-21 14:52 - 2023-02-23 22:55 - 000003092 _____ C:\WINDOWS\system32\Tasks\NahimicTask64 2024-10-21 14:52 - 2022-03-24 14:21 - 000000000 ____D C:\Users\tehke\AppData\Local\Discord 2024-10-21 14:45 - 2023-02-23 23:00 - 000851362 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2024-10-21 14:45 - 2022-05-06 22:22 - 000000000 ____D C:\WINDOWS\INF 2024-10-21 14:38 - 2023-02-23 22:50 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2024-10-21 14:37 - 2023-04-29 11:32 - 000000000 ____D C:\Users\tehke\AppData\Local\Malwarebytes 2024-10-21 14:37 - 2023-02-23 22:55 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2024-10-21 14:37 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\ServiceState 2024-10-21 14:37 - 2021-06-23 11:44 - 000012288 ___SH C:\DumpStack.log.tmp 2024-10-21 03:29 - 2022-03-24 14:21 - 000002258 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2024-10-21 03:29 - 2022-03-24 14:21 - 000002217 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2024-10-20 23:01 - 2022-04-15 21:53 - 000000000 ____D C:\Users\tehke\AppData\Roaming\Microsoft\Word 2024-10-20 21:54 - 2022-03-24 18:49 - 000000859 _____ C:\Users\tehke\Desktop\Core Temp.lnk 2024-10-20 21:54 - 2022-03-24 18:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp 2024-10-20 21:49 - 2023-10-12 04:40 - 000000000 ____D C:\WINDOWS\Minidump 2024-10-20 21:49 - 2022-02-14 20:08 - 003891418 ____N C:\WINDOWS\Minidump\102024-16453-01.dmp 2024-10-20 21:06 - 2022-03-24 18:47 - 000000000 ____D C:\Users\tehke\AppData\Local\CrashDumps 2024-10-20 20:17 - 2022-03-24 23:28 - 000000000 ____D C:\Users\tehke\AppData\Roaming\vlc 2024-10-20 19:40 - 2022-05-06 22:24 - 000000000 ___HD C:\Program Files\WindowsApps 2024-10-20 19:40 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\AppReadiness 2024-10-20 18:27 - 2024-01-19 11:45 - 000000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA 2024-10-20 18:27 - 2022-02-14 20:20 - 000000000 ____D C:\ProgramData\McAfee 2024-10-20 18:25 - 2024-01-19 11:45 - 000000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform 2024-10-19 07:38 - 2023-01-17 12:07 - 000002249 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2024-10-19 07:38 - 2021-06-23 11:45 - 000002411 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2024-10-19 00:17 - 2023-03-23 00:56 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38 2024-10-18 22:32 - 2024-07-05 11:57 - 000000000 ____D C:\Users\defaultuser100000.LAPTOP-D982FIHM 2024-10-18 22:32 - 2024-01-19 11:45 - 000000000 ____D C:\Users\Administrator 2024-10-18 22:32 - 2023-02-23 22:51 - 000000000 ____D C:\Users\Terryc 2024-10-18 22:32 - 2023-02-23 22:51 - 000000000 ____D C:\Users\terry 2024-10-18 22:32 - 2023-02-23 22:51 - 000000000 ____D C:\Users\defaultuser100000 2024-10-18 22:32 - 2022-04-21 14:48 - 000000000 ____D C:\Program Files\Microsoft OneDrive 2024-10-18 22:32 - 2021-06-05 05:10 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy 2024-10-18 22:31 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\registration 2024-10-18 22:30 - 2022-02-14 20:16 - 000000000 ____D C:\ProgramData\A-Volute 2024-10-18 22:24 - 2024-07-22 21:11 - 000000000 ____D C:\Users\tehke\AppData\Local\NordVPN 2024-10-18 20:47 - 2024-01-19 11:45 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages 2024-10-18 20:47 - 2022-03-24 14:18 - 000000000 ____D C:\ProgramData\Packages 2024-10-18 20:37 - 2024-01-19 11:47 - 000000000 ____D C:\Users\Administrator\AppData\Local\D3DSCache 2024-10-18 20:37 - 2024-01-19 11:45 - 000000000 ___SD C:\Users\Administrator\AppData\Roaming\Microsoft\Credentials 2024-10-18 20:21 - 2022-03-24 14:18 - 000000000 ____D C:\Users\tehke\AppData\Local\Packages 2024-10-18 20:00 - 2024-01-19 11:46 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe 2024-10-18 19:59 - 2024-01-19 11:46 - 000000000 ____D C:\Users\Administrator\AppData\Local\PlaceholderTileLogoFolder 2024-10-18 19:59 - 2024-01-19 11:45 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\NVIDIA 2024-10-18 19:55 - 2023-02-28 04:48 - 000001607 _____ C:\WINDOWS\system32\config\VSMIDK 2024-10-17 04:27 - 2022-03-24 14:18 - 000000000 ____D C:\Users\tehke\AppData\Local\D3DSCache 2024-10-15 18:18 - 2024-01-19 11:46 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3252700674-1244316876-1502611229-500 2024-10-15 18:18 - 2023-02-23 22:55 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3252700674-1244316876-1502611229-1006 2024-10-15 18:18 - 2023-02-23 22:55 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3252700674-1244316876-1502611229-1004 2024-10-15 18:18 - 2023-02-23 22:55 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3252700674-1244316876-1502611229-1001 2024-10-15 18:18 - 2023-02-23 22:55 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task 2024-10-15 18:18 - 2022-04-19 02:11 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2024-10-14 17:44 - 2024-07-22 21:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordSec 2024-10-14 17:44 - 2024-07-22 21:10 - 000000000 ____D C:\Program Files\NordVPN 2024-10-14 01:09 - 2023-09-05 04:14 - 000000000 ____D C:\Users\tehke\AppData\Roaming\bluestacks-services 2024-10-14 01:08 - 2022-02-14 20:08 - 003691504 ____N C:\WINDOWS\Minidump\101424-17984-01.dmp 2024-10-14 01:07 - 2022-05-09 15:47 - 000000001 _____ C:\WINDOWS\vgkbootstatus.dat 2024-10-14 01:07 - 2022-05-06 22:17 - 001572864 _____ C:\WINDOWS\system32\config\BBI 2024-10-14 01:02 - 2022-03-24 14:57 - 000000000 ____D C:\Users\tehke\AppData\Local\Battle.net 2024-10-12 03:37 - 2022-10-04 02:21 - 000000000 ____D C:\Users\tehke\Downloads\Telegram Desktop 2024-10-10 13:21 - 2022-05-06 22:24 - 000000000 ____D C:\ProgramData\USOPrivate 2024-10-10 13:05 - 2023-02-23 22:50 - 005164408 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2024-10-10 13:04 - 2023-10-12 04:34 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView 2024-10-10 13:04 - 2022-05-06 23:10 - 000000000 ____D C:\WINDOWS\system32\OpenSSH 2024-10-10 13:04 - 2022-05-06 22:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2024-10-10 13:04 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SystemResources 2024-10-10 13:04 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SystemApps 2024-10-10 13:04 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm 2024-10-10 13:04 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\oobe 2024-10-10 13:04 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\appraiser 2024-10-10 13:04 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\ShellExperiences 2024-10-10 13:04 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\Provisioning 2024-10-10 13:04 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\IME 2024-10-10 13:04 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\bcastdvr 2024-10-10 13:04 - 2022-05-06 22:17 - 000000000 ____D C:\WINDOWS\servicing 2024-10-09 20:59 - 2022-03-25 15:32 - 000000000 ____D C:\WINDOWS\system32\MRT 2024-10-09 20:56 - 2022-05-06 22:17 - 000000000 ____D C:\WINDOWS\CbsTemp 2024-10-09 20:56 - 2022-03-25 15:32 - 201324920 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2024-10-09 20:54 - 2023-02-23 22:54 - 003213312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2024-10-09 09:32 - 2023-02-23 22:55 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2024-10-09 09:32 - 2023-02-23 22:55 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2024-10-07 16:49 - 2022-03-24 14:18 - 000000000 ____D C:\Users\tehke\AppData\Local\PlaceholderTileLogoFolder 2024-10-05 17:50 - 2022-03-24 14:21 - 000002258 _____ C:\Users\tehke\Desktop\Discord.lnk 2024-10-02 23:31 - 2024-08-28 03:39 - 000000000 ____D C:\Users\tehke\AppData\Roaming\obs-studio 2024-10-02 00:00 - 2023-02-23 22:19 - 000000000 ____D C:\Program Files\Razer 2024-10-02 00:00 - 2022-08-02 02:39 - 000000000 ____D C:\Users\terry\AppData\Local\Razer 2024-10-02 00:00 - 2022-04-07 16:00 - 000000000 ____D C:\Users\Terryc\AppData\Local\Razer 2024-10-02 00:00 - 2022-03-25 06:08 - 000000000 ____D C:\ProgramData\Razer 2024-10-02 00:00 - 2022-03-25 06:08 - 000000000 ____D C:\Program Files (x86)\Razer 2024-10-02 00:00 - 2022-03-24 14:26 - 000000000 ____D C:\Users\tehke\AppData\Local\Razer 2024-10-02 00:00 - 2022-03-24 14:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer 2024-10-01 23:54 - 2024-01-19 11:45 - 000000000 ____D C:\Users\Administrator\AppData\Local\Razer 2024-10-01 23:49 - 2022-03-24 14:18 - 000000000 ____D C:\Users\tehke\AppData\Local\VirtualStore 2024-09-27 14:18 - 2024-09-06 02:54 - 000000000 ____D C:\Users\tehke\AppData\Roaming\Zoom 2024-09-27 03:23 - 2024-09-06 03:16 - 000004268 _____ C:\WINDOWS\system32\Tasks\ZoomUpdateTaskUser-S-1-5-21-3252700674-1244316876-1502611229-1001 2024-09-26 17:15 - 2023-02-23 22:55 - 000004278 _____ C:\WINDOWS\system32\Tasks\Opera GX scheduled Autoupdate 1650357760 2024-09-26 17:15 - 2022-04-19 01:42 - 000001430 _____ C:\Users\tehke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera GX Browser.lnk ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================