Hey, I've been suspicious of my Desktop for awhile now and am starting the get paranoid. I have already ran a scan with Farbar could you kindly get me a fixlist?
If this doesn't work, Should I Isolate the drives offline and just do a clean install?
Rules/Tasks Found
@Firewall.dll, -80206
@Firewall.dll, -80204
@Netlogon.dll,-1003
@Netlogon.dll, -1008
Also found a Task Called VMMEM that's suspended and I cant view properties or goto file location. Is being ran by user 56E05F1B-F6B7-9057-0A0D8D9445F1
have posted elsewhere looking for help
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-11-2021
Ran by Ceek (administrator) on DESKTOP-EKO6TT0 (23-11-2021 20:30:58)
Running from C:\Users\Ceek\Downloads
Loaded Profiles: Ceek
Platform: Microsoft Windows 10 Pro Version 21H1 19043.1288 (X64) Language: English (United States) -> English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(Freemake) [File not signed] C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <16>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(Google LLC -> Google) C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\SwReporter\93.269.200\software_reporter_tool.exe <4>
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_3.59.1001.0_x64__8wekyb3d8bbwe\gamingservices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_3.59.1001.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCopyAccelerator.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d67c20d727d4578c\Display.NvContainer\NVDisplay.Container.exe <2>
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [Elgato Sound Capture] => C:\Program Files\Elgato\SoundCapture\SoundCapture.exe [1234944 2020-10-16] () [File not signed]
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235936 2017-08-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [598200 2018-06-07] (Razer USA Ltd. -> Razer Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2095672 2020-11-23] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [75776 2016-07-18] () [File not signed]
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [114824 2020-11-23] (Adobe Inc. -> )
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4110568 2021-07-21] (Valve -> Valve Corporation)
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [33310688 2021-09-03] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\Run: [uTorrent] => C:\Users\Ceek\AppData\Roaming\uTorrent\uTorrent.exe [2133544 2021-07-06] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35093120 2021-09-11] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net.exe [1109152 2019-11-06] (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [114824 2020-11-23] (Adobe Inc. -> )
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\Run: [Discord] => C:\Users\Ceek\AppData\Local\Discord\Update.exe [1512096 2021-05-24] (Discord Inc. -> GitHub)
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3145912 2021-10-19] (Electronic Arts, Inc. -> Electronic Arts)
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\Run: [Spotify] => C:\Users\Ceek\AppData\Roaming\Spotify\Spotify.exe [23592304 2020-12-15] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\Run: [electron.app.Cudo Miner] => C:\Program Files\Cudo Miner\desktop\Cudo Miner Desktop.exe --autolaunch (No File)
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\Run: [utweb] => C:\Users\Ceek\AppData\Roaming\uTorrent Web\utweb.exe [5898272 2021-07-27] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\Run: [ut] => C:\Users\Ceek\AppData\Roaming\uTorrent\uTorrent.exe [2133544 2021-07-06] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\MountPoints2: {4a7e26cf-2fb2-11eb-bbe9-18d6c7af94b3} - "D:\AutoRun.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\96.0.4664.45\Installer\chrmstp.exe [2021-11-23] (Google LLC -> Google LLC)
Startup: C:\Users\Ceek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE XTREME GAMING ENGINE.lnk [2020-08-04]
ShortcutTarget: GIGABYTE XTREME GAMING ENGINE.lnk -> C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\autorun.exe () [File not signed]
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {14A0E53E-EFE2-4F7C-B893-748E55A89EB3} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {19C221A5-CE40-4084-99F8-CE229519A66B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1A663F0D-78DD-4917-A672-0C30A1920D9A} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1F55D74B-22F0-4377-927D-F633FE078304} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-18] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {2E304554-B225-4AEA-A261-670DD6F2B456} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {3A264418-5E98-41CB-AA88-6AEBDE706FFA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [29155968 2021-09-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {5795CA13-9CFC-4A15-8A8B-E677F64DF529} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5D6C912C-1B27-46A4-B382-4DC9A43F1763} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646456 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5DA0FA4D-6AE1-44D9-9746-78FEC90C9816} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2021-09-08] (Adobe Inc. -> Adobe)
Task: {64752EE8-2204-42E6-B27D-34BF20A05DAD} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6CD63078-5EAE-4B5E-AA84-612CD80661D6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {76337188-B237-4C2A-85B8-CB80540E9707} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-04] (Google Inc -> Google Inc.)
Task: {76604EBC-4544-4094-879C-8BACD0A98FAF} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {76EA25F6-561A-432A-8A15-05CB4E765833} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {81580934-5A4A-40A9-8093-60039F159F00} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8A924C62-0545-4465-A4F6-5DCAC77B2E0B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-04] (Google Inc -> Google Inc.)
Task: {911BF3AB-7BBC-4D6C-B668-AA8FB3FB7C5B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A30E2B89-3F6F-4520-B9F8-E708979B3AD2} - System32\Tasks\CCleanerSkipUAC - Ceek => C:\Program Files\CCleaner\CCleaner.exe [29155968 2021-09-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {ADDDAE82-EA86-4337-9EBD-A8E83D5DD256} - System32\Tasks\GoogleUpdateTaskMachineCore1d57c5651d8c276 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-04] (Google Inc -> Google Inc.)
Task: {BE592D9D-34F8-46B1-9137-6CB39FF8E482} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D2E7EAF7-FC48-4829-A90B-3D8CE8290F6D} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3301176 2020-10-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D6E06C5F-9925-4B02-9E0D-922F9618B819} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-09-11] (Piriform Software Ltd -> Piriform)
Task: {D938158D-C56C-42E7-A77F-9B4543A46C34} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DEA08A0D-D248-40D3-A9F7-24A20707ACED} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-18] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {E0D3C361-EEA5-49ED-815D-BD21332F517D} - System32\Tasks\GoogleUpdateTaskMachineUA1d57c5651f54967 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-04] (Google Inc -> Google Inc.)
Task: {E9A96842-39DE-47E2-97D5-CE56838A6EEB} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_pepper.exe [1499704 2021-09-08] (Adobe Inc. -> Adobe)
Task: {FC2EA757-F0A0-4EA5-A60C-4C4FF05D23AB} - System32\Tasks\Launcher GIGABYTE XTREME GAMING ENGINE => C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\Xtreme.exe [78020552 2019-03-01] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGABYTE Technology Co.,Ltd.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-30] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.1.1.1
Tcpip\..\Interfaces\{2adf8360-9237-4231-bc07-432d815ea201}: [DhcpNameServer] 10.1.1.1
Tcpip\..\Interfaces\{a07ed892-52be-4f33-81c5-5a293e59b779}: [DhcpNameServer] 10.1.1.1
Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\Ceek\AppData\Local\Microsoft\Edge\User Data\Default [2021-09-29]
FireFox:
========
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2020-11-23] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2019-11-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2019-11-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2020-11-23] (Adobe Inc. -> Adobe Systems)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Default [2021-11-23]
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Extension: (Slides) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-10-04]
CHR Extension: (Just Black) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aghfnjkcakhmadgdomlmlhhaocbkloab [2021-03-26]
CHR Extension: (Docs) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-10-04]
CHR Extension: (Google Drive) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-26]
CHR Extension: (Touch VPN - Secure and unlimited VPN proxy) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bihmplhobchoageeokmgbdihknkjbknd [2020-10-24]
CHR Extension: (YouTube) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-10-04]
CHR Extension: (Honey) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2021-11-23]
CHR Extension: (Sheets) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-10-04]
CHR Extension: (Google Docs Offline) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-25]
CHR Extension: (Grammarly for Chrome) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-11-23]
CHR Extension: (MetaMask) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2021-11-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30]
CHR Extension: (Gmail) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Profile: C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-11-23]
CHR Profile: C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-10-11]
CHR Extension: (Slides) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-09-03]
CHR Extension: (Docs) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2021-09-03]
CHR Extension: (Google Drive) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-09-03]
CHR Extension: (YouTube) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-09-03]
CHR Extension: (Sheets) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-09-03]
CHR Extension: (Google Docs Offline) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-09-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-09-03]
CHR Extension: (Gmail) - C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-09-03]
CHR Profile: C:\Users\Ceek\AppData\Local\Google\Chrome\User Data\System Profile [2021-11-23]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2021-09-08] (Adobe Inc. -> Adobe)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [852024 2020-11-23] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3833088 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3603200 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8577760 2019-07-20] (BattlEye Innovations e.K. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803456 2019-08-10] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2016-07-18] (Freemake) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7848632 2021-11-09] (Malwarebytes Inc -> Malwarebytes)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2557656 2021-10-19] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3476184 2021-10-19] (Electronic Arts, Inc. -> Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2020-07-01] (Even Balance, Inc. -> )
R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [449664 2018-08-29] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [942720 2018-09-12] (Razer USA Ltd. -> Razer Inc.)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [2074928 2021-09-05] (Rockstar Games, Inc. -> Rockstar Games)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5414976 2021-10-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe [2872024 2021-11-03] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe [128376 2021-11-03] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d67c20d727d4578c\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d67c20d727d4578c\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 ElgatoGC656Y; C:\WINDOWS\System32\Drivers\ElgatoGC656.sys [43392 2019-11-08] (Elgato Systems LLC -> UB658)
S3 ElgatoVAD; C:\WINDOWS\System32\drivers\ElgatoVAD.sys [39208 2020-09-14] (Elgato Systems LLC -> Elgato Systems GmbH)
S3 GVCIDrv; C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\GVCIDrv64.sys [16712 2019-01-15] (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
S3 hwdatacard; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [115328 2008-09-26] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210344 2021-09-28] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-09-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-11-09] (Malwarebytes Inc -> Malwarebytes)
R3 MpKsl17d253a0; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{45822AC0-A737-4DC8-9B61-EB5FE3C0FC81}\MpKslDrv.sys [130296 2021-11-23] (Microsoft Windows -> Microsoft Corporation)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2019-01-10] (TunnelBear, Inc. -> The OpenVPN Project)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 tesrsdt; C:\Windows\system32\drivers\tesrsdt.sys [442128 2019-10-07] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)
S3 TesSafe; C:\Windows\system32\TesSafe.sys [555064 2019-10-07] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48520 2021-11-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [435424 2021-11-03] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86240 2021-11-03] (Microsoft Windows -> Microsoft Corporation)
S3 dg_ssudbus; \SystemRoot\system32\DRIVERS\ssudbus.sys [X]
S3 ssudmdm; \SystemRoot\system32\DRIVERS\ssudmdm.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-11-23 20:30 - 2021-11-23 20:34 - 000027581 _____ C:\Users\Ceek\Downloads\FRST.txt
2021-11-23 20:24 - 2021-11-23 20:33 - 000000000 ____D C:\FRST
2021-11-23 20:20 - 2021-11-23 20:23 - 002311680 _____ (Farbar) C:\Users\Ceek\Downloads\FRST64.exe
2021-11-19 17:50 - 2021-11-19 17:50 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2021-11-19 17:49 - 2021-11-19 17:49 - 000000000 ___HD C:\$WinREAgent
2021-11-19 17:45 - 2021-11-19 17:45 - 000001146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2021-11-19 17:44 - 2021-11-19 17:44 - 000000000 ____D C:\Program Files\PCHealthCheck
2021-11-09 17:45 - 2021-11-09 17:45 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-11-05 00:03 - 2021-11-05 00:07 - 001877226 ____H C:\Users\Ceek\Downloads\.cdf09bffc475789aa557eff19a090735412be99d.parts
2021-11-04 23:56 - 2021-11-04 23:56 - 000000000 ____D C:\Users\Ceek\Downloads\Shutter Island (2010) [1080p]
2021-10-29 01:32 - 2021-10-29 01:32 - 000003112 _____ C:\Users\Ceek\Downloads\sendsreceives (1).csv
2021-10-24 21:41 - 2021-10-24 21:45 - 002277448 ____H C:\Users\Ceek\Downloads\.c62db96f2940fffc47a76c82c88857a68e27a235.parts
2021-10-24 21:41 - 2021-10-24 21:41 - 000000000 ____D C:\Users\Ceek\Downloads\Se7en ( 1995 )
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-11-23 20:31 - 2018-10-04 00:48 - 000000000 ____D C:\Program Files (x86)\Google
2021-11-23 20:11 - 2020-08-04 17:17 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-11-23 20:11 - 2019-12-07 19:44 - 000000000 ___HD C:\Program Files\WindowsApps
2021-11-23 20:11 - 2019-12-07 19:44 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-11-23 20:05 - 2018-10-04 00:58 - 000000000 ____D C:\ProgramData\Packages
2021-11-23 20:00 - 2018-10-04 00:49 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-11-23 19:57 - 2018-10-04 00:54 - 000000000 ____D C:\ProgramData\NVIDIA
2021-11-23 19:55 - 2019-12-07 19:33 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-11-23 19:55 - 2019-11-13 00:35 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-11-23 19:53 - 2019-12-07 19:44 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-11-23 19:44 - 2020-08-07 00:04 - 000000000 ____D C:\Users\Ceek
2021-11-23 19:43 - 2019-02-06 00:09 - 000000000 ____D C:\Program Files\CCleaner
2021-11-23 19:43 - 2018-10-11 08:57 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-11-23 19:36 - 2018-10-11 08:57 - 141529560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-11-23 19:36 - 2018-10-10 19:51 - 000000447 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2021-11-23 19:34 - 2020-08-07 00:24 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-11-23 19:34 - 2020-08-07 00:00 - 000001134 _____ C:\WINDOWS\system32\config\VSMIDK
2021-11-23 19:34 - 2020-08-07 00:00 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-11-19 17:49 - 2020-08-07 00:24 - 000004164 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{ED5B5B48-7E3F-4564-83B0-C116BE17DE2A}
2021-11-19 17:49 - 2020-08-07 00:24 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-11-19 17:49 - 2020-08-07 00:24 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-11-09 22:57 - 2019-12-07 19:33 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-11-08 17:37 - 2021-07-30 17:44 - 000002376 _____ C:\Users\Ceek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-11-08 17:37 - 2020-08-07 00:24 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-645998501-1037966316-1842171046-1001
2021-11-06 21:48 - 2018-10-04 17:10 - 000000000 ____D C:\Users\Ceek\AppData\Local\Packages
2021-11-05 02:50 - 2018-10-07 21:45 - 000000000 ____D C:\Users\Ceek\AppData\Roaming\uTorrent Web
2021-11-05 02:40 - 2021-09-27 01:53 - 000000000 ____D C:\Users\Ceek\AppData\Roaming\vlc
2021-11-05 02:01 - 2019-10-12 21:55 - 000000000 ____D C:\Users\Ceek\AppData\Local\BitTorrentHelper
2021-11-05 00:17 - 2019-12-07 19:43 - 000000000 ____D C:\WINDOWS\INF
2021-11-05 00:16 - 2020-08-16 19:43 - 002220464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2021-11-05 00:16 - 2020-08-16 19:43 - 000324016 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2021-11-05 00:16 - 2020-08-16 19:43 - 000217520 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy.dll
2021-11-05 00:16 - 2020-08-16 19:43 - 000197048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2021-11-05 00:16 - 2020-08-16 19:43 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2021-11-05 00:16 - 2020-08-16 19:43 - 000061872 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamemodcontrol.exe
2021-11-03 22:12 - 2018-10-04 16:55 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-10-31 13:21 - 2020-07-01 11:42 - 000000000 ____D C:\Program Files (x86)\Origin
2021-10-25 00:50 - 2021-10-14 01:36 - 004268032 ____H C:\Users\Ceek\Downloads\.d2699d31ac68736d20999fdf678a06295709a695.parts
==================== Files in the root of some directories ========
2020-02-01 20:06 - 2021-09-10 00:32 - 000001456 _____ () C:\Users\Ceek\AppData\Local\Adobe Save for Web 13.0 Prefs
2019-11-14 18:54 - 2019-11-14 18:54 - 000000000 _____ () C:\Users\Ceek\AppData\Local\oobelibMkey.log
2019-08-10 01:11 - 2021-10-11 22:38 - 000007603 _____ () C:\Users\Ceek\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2021
Ran by Ceek (23-11-2021 20:36:54)
Running from C:\Users\Ceek\Downloads
Microsoft Windows 10 Pro Version 21H1 19043.1288 (X64) (2020-08-06 13:56:54)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-645998501-1037966316-1842171046-500 - Administrator - Disabled)
Ceek (S-1-5-21-645998501-1037966316-1842171046-1001 - Administrator - Enabled) => C:\Users\Ceek
DefaultAccount (S-1-5-21-645998501-1037966316-1842171046-503 - Limited - Disabled)
Guest (S-1-5-21-645998501-1037966316-1842171046-501 - Limited - Disabled)
Guest123 (S-1-5-21-645998501-1037966316-1842171046-1002 - Limited - Enabled) => C:\Users\Guest123
WDAGUtilityAccount (S-1-5-21-645998501-1037966316-1842171046-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\uTorrent) (Version: 3.5.5.46038 - BitTorrent Inc.)
Adobe After Effects 2019 (HKLM-x32\...\AEFT_16_1) (Version: 16.1 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.3.1.470 - Adobe Inc.)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.465 - Adobe)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: - Adobe)
Adobe Media Encoder 2020 (HKLM-x32\...\AME_14_3_1) (Version: 14.3.1 - Adobe Inc.)
Adobe Photoshop 2020 (HKLM-x32\...\PHSP_21_0_1) (Version: 21.0.1 - Adobe Inc.)
Adobe Premiere Pro 2020 (HKLM-x32\...\PPRO_14_3_1) (Version: 14.3.1 - Adobe Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{CCA8C50D-785B-4896-8675-FFE0C4ECCBC3}) (Version: 8.7 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{75BEF7E8-4370-4D42-94F3-B5AA77057965}) (Version: 8.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
BCC 8 OFX 64Bit (HKLM\...\{24D38864-527F-4688-B831-A1A4CC60CD54}) (Version: 8.0.1 - Boris FX, Inc.)
Bitcoin Core (64-bit) (HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\Bitcoin Core (64-bit)) (Version: 0.20.1 - Bitcoin Core project)
BlueStacks (HyperV) Beta (HKLM\...\BlueStacks_bgp64_hyperv) (Version: 4.240.15.4204 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Boris FX Sapphire Plug-ins 2019.52 for After Effects and Compatible Products (HKLM\...\GenArts Sapphire AE_is1) (Version: 12.520 - Boris FX, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.85 - Piriform)
Daedalus Mainnet (HKLM-x32\...\Daedalus Mainnet) (Version: 4.1.0 - IOHK)
Discord (HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\Discord) (Version: 0.0.310 - Discord Inc.)
Elgato Game Capture HD (HKLM\...\{C562FDFF-7048-45A9-A3D0-37949D7B2730}) (Version: 3.70.47.3047 - Elgato Systems GmbH)
Epic Games Launcher (HKLM-x32\...\{0E63B233-DC24-442C-BD38-0B91D90FEC5B}) (Version: 1.1.167.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.1 - Seiko Epson Corporation)
FiveM (HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\CitizenFX_FiveM) (Version: - Cfx.re)
FL Studio 20 (HKLM-x32\...\FL Studio 20) (Version: - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line)
Freemake Video Converter version 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
Game Capture HD60 v2.1.1.5 (HKLM-x32\...\Software_Elgato_Game Capture HD60) (Version: 2.1.1.5 - Elgato Systems)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 96.0.4664.45 - Google LLC)
Immutable 0.13.7 (HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\{6ae4b193-3f11-53fc-9cc5-14b1f1a73184}) (Version: 0.13.7 - Immutable)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 4.4.10.144 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.10.144 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 96.0.1054.29 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 96.0.1054.29 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\OneDriveSetup.exe) (Version: 21.205.1003.0005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-645998501-1037966316-1842171046-1002\...\OneDriveSetup.exe) (Version: 21.030.0211.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{D0972543-9D51-4A1A-A765-E5A7B1CB09E5}) (Version: 1.0.0.0 - Mojang)
MSI Afterburner 4.6.2 (HKLM-x32\...\Afterburner) (Version: 4.6.2 - MSI Co., LTD)
NiceHash Miner 3.0.6.5 (only current user) (HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\8abad8e2-b957-48ed-92ba-4339c2a40e78) (Version: 3.0.6.5 - H-BIT, d.o.o.)
NVIDIA FrameView SDK 1.1.4923.29214634 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29214634 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.20.5.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.5.70 - NVIDIA Corporation)
NVIDIA Graphics Driver 461.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 461.40 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Optus Wireless Broadband (HKLM-x32\...\Optus Wireless Broadband) (Version: 11.300.05.02.74 - Huawei Technologies Co.,Ltd)
Origin (HKLM-x32\...\Origin) (Version: 10.5.106.49298 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Project64 version 2.3.2.202 (HKLM-x32\...\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1) (Version: 2.3.2.202 - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Razer Chroma SDK (HKLM-x32\...\Razer Chroma SDK) (Version: 2.20.0 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.21.20.606 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8228 - Realtek Semiconductor Corp.)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.46.448 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.9.0 - Rockstar Games)
Spotify (HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\Spotify) (Version: 1.1.48.625.g1c87c7f7 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
uTorrent Web (HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\utweb) (Version: 1.2.3 - BitTorrent, Inc.)
VEGAS Pro 15.0 (HKLM\...\{BE730580-7AF7-11E8-84B6-00155D6306C5}) (Version: 15.0.384 - VEGAS)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22899 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
XTREME GAMING ENGINE (HKLM-x32\...\GIGABYTE XTREME GAMING ENGINE_is1) (Version: 1.2.6.0 - GIGABYTE Technology Co.,Inc.)
Packages:
=========
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc [2020-07-23] (Adobe Systems Incorporated)
Cover - Comic reader -> C:\Program Files\WindowsApps\FrenchFry.Cover_3.8.3.0_x64__a3mvwcjazefp4 [2021-11-06] (French Fry)
Forza Horizon 4 -> C:\Program Files\WindowsApps\Microsoft.SunriseBaseGame_1.474.687.2_x64__8wekyb3d8bbwe [2021-09-04] (Microsoft Studios)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa [2021-10-31] (Apple Inc.) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-05-30] (NVIDIA Corp.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-645998501-1037966316-1842171046-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-645998501-1037966316-1842171046-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-7822C329CE51} -> [Creative Cloud Files] => C:\Users\Ceek\Creative Cloud Files [2019-11-13 02:02]
CustomCLSID: HKU\S-1-5-21-645998501-1037966316-1842171046-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-11-23] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-11-23] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-11-23] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-11-23] (Adobe Inc. -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-09-28] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d67c20d727d4578c\nvshext.dll [2021-01-23] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-11-23] (Adobe Inc. -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-09-28] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2021-07-30 17:28 - 2021-03-20 22:33 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2021-10-31 13:21 - 2021-03-20 22:34 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2021-10-31 13:21 - 2021-03-20 22:33 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2021-10-31 13:21 - 2021-03-20 22:34 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2021-10-31 13:21 - 2021-03-20 22:34 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2021-10-31 13:21 - 2021-03-20 22:34 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2021-10-31 13:21 - 2021-03-20 22:34 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2021-10-31 13:21 - 2021-03-20 22:34 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2021-10-31 13:21 - 2021-03-20 22:34 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Reprise:jhqduwvxlctbqqijsf`usjbm`bfjhiqhnhm [0]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [464]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKU\S-1-5-21-645998501-1037966316-1842171046-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-645998501-1037966316-1842171046-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2019-11-19] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2019-11-19] (Oracle America, Inc. -> Oracle Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-09-15 18:01 - 2019-11-13 00:55 - 000000826 _____ C:\WINDOWS\system32\drivers\etc\hosts
2018-10-10 19:51 - 2021-11-23 19:36 - 000000447 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
172.26.224.1 DESKTOP-EKO6TT0.mshome.net # 2026 11 0 22 9 6 29 799
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ceek\Desktop\goggogog.jpg
HKU\S-1-5-21-645998501-1037966316-1842171046-1002\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 10.1.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run: => "Elgato Sound Capture"
HKLM\...\StartupApproved\Run32: => "amd_dc_opt"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "ProductUpdater"
HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess"
HKLM\...\StartupApproved\Run32: => "system_jconsole.jar"
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\StartupApproved\StartupFolder: => "GIGABYTE XTREME GAMING ENGINE.lnk"
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\StartupApproved\Run: => "utweb"
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\StartupApproved\Run: => "Synapse3"
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\StartupApproved\Run: => "Plex Media Server"
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\StartupApproved\Run: => "Battle.net"
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\StartupApproved\Run: => "CCXProcess"
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\StartupApproved\Run: => "electron.app.Cudo Miner"
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-645998501-1037966316-1842171046-1001\...\StartupApproved\Run: => "ut"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
31-10-2021 18:07:11 Scheduled Checkpoint
08-11-2021 17:49:20 Removed Elgato Game Capture HD
23-11-2021 19:44:16 Windows Modules Installer
==================== Faulty Device Manager Devices ============
Name: Realtek High Definition Audio
Description: Realtek High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: IntcAzAudAddService
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: ========================
Application errors:
==================
Error: (11/23/2021 07:45:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddWin32ServiceFiles: Unable to back up image of service SshdBroker since QueryServiceConfig API failed
System Error:
The resource loader failed to find MUI file.
.
Error: (11/23/2021 07:45:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary vhdparser.
System Error:
Element not found.
.
Error: (11/23/2021 07:45:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary MsQuic.
System Error:
The resource loader failed to find MUI file.
.
Error: (11/23/2021 07:45:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary MQAC.
System Error:
The system cannot find the file specified.
.
Error: (11/09/2021 10:57:10 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
Error: (11/09/2021 10:02:06 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimiser couldn't complete re-trim on (E:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
Error: (11/09/2021 10:01:59 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimiser couldn't complete re-trim on PortableBaseLayer (C:\ProgramData\Microsoft\Windows\Containers\BaseImages\d901dece-10a7-48be-b824-fcbe8621e5bd\BaseLayer) because: The file move failed. (0x89000016)
Error: (11/09/2021 10:01:59 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimiser couldn't complete slab consolidation on PortableBaseLayer (C:\ProgramData\Microsoft\Windows\Containers\BaseImages\d901dece-10a7-48be-b824-fcbe8621e5bd\BaseLayer) because: The slab consolidation operation was aborted because a sufficient number of slabs could not be reclaimed (based on the limits specified in the registry). (0x89000028)
System errors:
=============
Error: (11/23/2021 08:27:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Volume Shadow Copy service terminated unexpectedly. It has done this 1 time(s).
Error: (11/23/2021 07:55:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240016: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.353.1449.0).
Error: (11/23/2021 07:50:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Group Policy Client service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (11/23/2021 07:50:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Group Policy Client service to connect.
Error: (11/23/2021 07:34:37 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:37:46 PM on 11/19/2021 was unexpected.
Error: (11/19/2021 05:44:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Software Protection service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (11/19/2021 05:44:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
Error: (11/19/2021 05:42:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Security Center service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Windows Defender:
================
Date: 2021-11-23 20:34:40
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...72&enterprise=0
Name: Trojan:Win32/CoinMiner!MSR
Severity: Severe
Category: Trojan
Path: file:_C:\Windows\System32\7B296FC0-376B-497d-B013-58F4D9633A22-5P-1.B5841A4C-A289-439d-8115-50AB69CD450B
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\Ceek\Downloads\FRST64.exe
Security intelligence Version: AV: 1.353.1449.0, AS: 1.353.1449.0, NIS: 1.353.1449.0
Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4
Date: 2021-11-06 20:40:46
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-11-06 20:11:54
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-11-05 16:28:34
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-11-03 23:51:35
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:
Date: 2021-11-23 19:56:48
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.353.1449.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18700.4
Error code: 0x8050a003
Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
Date: 2021-11-23 19:56:48
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.353.1449.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18700.4
Error code: 0x8050a003
Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
Date: 2021-11-23 19:56:48
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.353.1449.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18700.4
Error code: 0x8050a003
Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
Date: 2021-11-19 17:52:14
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.353.1239.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18700.4
Error code: 0x8050a003
Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
Date: 2021-11-19 17:52:14
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.353.1239.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18700.4
Error code: 0x8050a003
Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
CodeIntegrity:
===============
Date: 2021-11-23 20:40:11
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2021-11-23 20:39:00
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2021-11-23 20:36:21
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. F2 12/24/2015
Motherboard: Gigabyte Technology Co., Ltd. F2A88XM-D3HP
Processor: AMD A8-6500 APU with Radeon HD Graphics
Percentage of memory in use: 54%
Total physical RAM: 8134.91 MB
Available physical RAM: 3716.7 MB
Total Virtual: 11590.91 MB
Available Virtual: 4594.19 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:1861.94 GB) (Free:762.02 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.54 GB) (Free:0.52 GB) NTFS
Drive e: () (Fixed) (Total:232.35 GB) (Free:184.22 GB) NTFS
Drive g: (The Lesson - Ceekah) (Fixed) (Total:931.48 GB) (Free:810.5 GB) NTFS
\\?\Volume{5c12f414-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{629458e4-0000-0000-0000-010000000000}\ (PortableBaseLayer) (Fixed) (Total:8 GB) (Free:7.52 GB) NTFS
\\?\Volume{5c12f414-0000-0000-0000-8082d1010000}\ () (Fixed) (Total:0.54 GB) (Free:0.1 GB) NTFS
\\?\Volume{5c12f414-0000-0000-0000-d0a4d1010000}\ () (Fixed) (Total:0.44 GB) (Free:0.12 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 5C12F414)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1861.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=548 MB) - (Type=27)
Partition 4: (Not Active) - (Size=450 MB) - (Type=27)
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 15EBF797)
Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.3 GB) - (Type=07 NTFS)
==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 8 GB) (Disk ID: 629458E4)
Partition 1: (Not Active) - (Size=8 GB) - (Type=07 NTFS)
==========================================================
Disk: 3 (Size: 931.5 GB) (Disk ID: 16F2A91F)
Partition: GPT.
==================== End of Addition.txt =======================