Jump to content
genericname

Malware keeps reinstalling onto itself after Malwarebytes stops it

Recommended Posts

Hi I have Malwarebytes Premium and for the last few months I randomly get a pop up from Malwarebytes saying it stopped a Trojan outbound connection with the IP 167.114.117.9 I did some research on this IP and I think it is associated with a banking Trojan called "emotet" what I think "emotet" does is that it sends your banking information back to the host, but Malwarebytes always stops this, but I would still like to find the Trojan on my PC that is doing this. Thanks. 

Here is the Malwarebytes report for it

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 11/2/19
Protection Event Time: 5:09 PM
Log File: 3df1d174-fdce-11e9-8b21-e0d55e6a7a77.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.629
Update Package Version: 1.0.13155
License: Premium

-System Information-
OS: Windows 10 (Build 18362.207)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: Trojan
Domain: 
IP Address: 167.114.117.9
Port: [63705]
Type: Outbound
File: 

(end)

Share this post


Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Let check further.

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file:
In the Reply section in the bottom of the topic Select Click the Choose a File.
Navigate to the location of the File.
Click the file. It will appear in section.
Click the Saving button.

Please post the logs for my review.

Wait for further instructions
====

p.s.

Let me know if your default Browser is Synced with other devices.

Share this post


Link to post
Share on other sites

My default browser is synced with other devices.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-11-2019
Ran by Owner (administrator) on DESKTOP-IL4AFVB (Gigabyte Technology Co., Ltd. AX370M-DS3H) (03-11-2019 10:27:16)
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: defaultuser0 & Owner)
Platform: Windows 10 Home Version 1903 18362.207 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\AMD\Performance Profile Client\RyzenMaster\AUEPRyzenMasterAC.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0345604.inf_amd64_8a71636be473da79\B345674\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0345604.inf_amd64_8a71636be473da79\B345674\atiesrxx.exe
(AMD) [File not signed] C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe
(AMD) [File not signed] C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe
(AMD) [File not signed] C:\Program Files\AMD\Performance Profile Client\AUEPUF.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel(R) Extreme Tuning Utility -> Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel(R) Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel(R) Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1908.0.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1001.5.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxApp_48.58.11001.0_x64__8wekyb3d8bbwe\XboxApp.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1910.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1910.4-0\NisSrv.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> ) C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\Synapse3\UserProcess\Razer Synapse Service Process.exe
(Razer USA Ltd. -> Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\PMRunner32.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\x64\PMRunner64.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
(Razer USA Ltd. -> Razer) C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe
(Razer USA Ltd. -> The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Cortex\Cef\CefSharp.BrowserSubprocess.exe
(Razer USA Ltd. -> The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe
(Razer USA Ltd. -> The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe
(Spotify AB -> Spotify Ltd) C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe
(Spotify AB -> Spotify Ltd) C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe
(Spotify AB -> Spotify Ltd) C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe
(Spotify AB -> Spotify Ltd) C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe
(Spotify AB -> Spotify Ltd) C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9181696 2016-12-01] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncher.exe [266624 2019-10-22] (Razer USA Ltd. -> Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11032019102531993\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3503856 2019-10-24] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11032019102532055\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11032019102532074\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2224698003-673730673-3476248444-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11032019102532097\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2224698003-673730673-3476248444-1003\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3278288 2019-10-30] (Valve -> Valve Corporation)
HKU\S-1-5-21-2224698003-673730673-3476248444-1003\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35977616 2019-10-25] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-2224698003-673730673-3476248444-1003\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3503856 2019-10-24] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-5-21-2224698003-673730673-3476248444-1003\...\Run: [utweb] => "C:\Users\Owner\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED
HKU\S-1-5-21-2224698003-673730673-3476248444-1003\...\Run: [Spotify] => C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe [21218720 2019-10-26] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-2224698003-673730673-3476248444-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2224698003-673730673-3476248444-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11032019102532132\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3278288 2019-10-30] (Valve -> Valve Corporation)
HKU\S-1-5-21-2224698003-673730673-3476248444-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11032019102532132\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35977616 2019-10-25] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-2224698003-673730673-3476248444-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11032019102532132\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3503856 2019-10-24] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-5-21-2224698003-673730673-3476248444-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11032019102532132\...\Run: [utweb] => "C:\Users\Owner\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED
HKU\S-1-5-21-2224698003-673730673-3476248444-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11032019102532132\...\Run: [Spotify] => C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe [21218720 2019-10-26] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-2224698003-673730673-3476248444-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11032019102532132\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3503856 2019-10-24] (Razer USA Ltd. -> Razer Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\77.0.3865.120\Installer\chrmstp.exe [2019-10-18] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2019-09-21]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS -> SteelSeries ApS)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0172C72E-C05B-4EF3-B1AD-1850A270DF57} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2224698003-673730673-3476248444-1003 => C:\Users\Owner\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {0BCF88DD-332E-4BF3-8171-3512BDD02502} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-18] (Google Inc -> Google LLC)
Task: {171EB012-52D0-4F9A-8FFA-F6413CC7A32A} - System32\Tasks\AMD ThankingURL => C:\Program Files\AMD\CIM\Bin64\Setup.exe [891576 2019-08-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {3014448F-3B19-4784-8FB6-97956BC7849A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {38AF3D73-2372-4715-8DFA-00B5F8ED06A4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27289376 2019-10-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {45BDCE35-F2AC-49E5-9FCC-C7E9D28338F1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5935FFBC-CA61-48D8-B521-E1704116C34C} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [68280 2019-08-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {5D6666C2-0018-47C4-B058-541D7F3B05F2} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2170264 2019-10-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {66B75A89-0103-45F0-8022-F2A2AC2DFCEB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {69BC9A05-ADCE-4573-A3AB-324FEAC1D426} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27289376 2019-10-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {69E06AC5-B4F6-43E0-B958-D3B26E64A646} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\Windows\system32\EOSNotify.exe
Task: {7BD65576-6040-4744-8FEA-302A246BA22F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {82307E60-4970-4AE2-AE7A-3A225039C800} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [781808 2019-04-21] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
Task: {88B9BDE4-9175-489E-B37F-E661ED70168F} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [156432 2019-10-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {95FC799E-C99D-4F6B-B0F8-3E2819CB52F1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-18] (Google Inc -> Google LLC)
Task: {99FB5010-2237-4EFD-AD96-90EF51EE5D2C} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61112 2019-08-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {9D5B29C0-0544-44E0-94C7-8B2050BEBAAB} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [156432 2019-10-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {9F48B70E-CBB5-40AD-AD0B-076B0A02A79C} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe [468992 2019-08-08] (Advanced Micro Devices, Inc.) [File not signed]
Task: {ADE8077A-76E0-43CD-BF9E-0A45413BB66B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2170264 2019-10-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {B3D1F25A-88B3-4B87-987E-D330C7912201} - System32\Tasks\CAM.Desktop => C:\Program Files (x86)\NZXT\CAM\CAM.Desktop.exe [344128 2019-07-28] (NZXT, Inc. -> )
Task: {C094DEE0-2B1F-41B6-A45E-14CAC61E72F2} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [468992 2019-08-08] (Advanced Micro Devices, Inc.) [File not signed]
Task: {C199B147-0042-42BC-8BC7-0CF44FCE3F5A} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe
Task: {FC61E68A-18C5-4867-9B00-427BDA39FF46} - System32\Tasks\StartCNBM => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61112 2019-08-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{3878b29d-038c-4b55-a6e3-a1c1302d8f43}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{7bac1f2f-a50b-4d90-97c1-340ead1650f1}: [DhcpNameServer] 168.94.0.14 168.94.0.15

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-2224698003-673730673-3476248444-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem17win10.msn.com/?pc=NMTE
HKU\S-1-5-21-2224698003-673730673-3476248444-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11032019102532132\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem17win10.msn.com/?pc=NMTE
SearchScopes: HKU\S-1-5-21-2224698003-673730673-3476248444-1003 -> DefaultScope {9D825E1D-057D-4728-8F64-0608FB9D5669} URL = 
SearchScopes: HKU\S-1-5-21-2224698003-673730673-3476248444-1003 -> {9D825E1D-057D-4728-8F64-0608FB9D5669} URL = 
SearchScopes: HKU\S-1-5-21-2224698003-673730673-3476248444-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11032019102532132 -> DefaultScope {9D825E1D-057D-4728-8F64-0608FB9D5669} URL = 
SearchScopes: HKU\S-1-5-21-2224698003-673730673-3476248444-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11032019102532132 -> {9D825E1D-057D-4728-8F64-0608FB9D5669} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_231\bin\ssv.dll [2019-10-17] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_231\bin\jp2ssv.dll [2019-10-17] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\ssv.dll [2019-10-17] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\jp2ssv.dll [2019-10-17] (Oracle America, Inc. -> Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-10-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-10-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-10-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-10-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-10-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-10-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-10-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-10-04] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: oe3id72o.default-1556682730909
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\oe3id72o.default-1556682730909 [2019-10-29]
FF Extension: (Grammarly for Firefox) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\oe3id72o.default-1556682730909\Extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi [2019-10-16]
FF Extension: (Dark Reader) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\oe3id72o.default-1556682730909\Extensions\addon@darkreader.org.xpi [2019-10-25]
FF Extension: (HTTPS Everywhere) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\oe3id72o.default-1556682730909\Extensions\https-everywhere@eff.org.xpi [2019-09-23]
FF Extension: (To Google Translate) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\oe3id72o.default-1556682730909\Extensions\jid1-93WyvpgvxzGATw@jetpack.xpi [2019-09-11]
FF Extension: (uBlock Origin) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\oe3id72o.default-1556682730909\Extensions\uBlock0@raymondhill.net.xpi [2019-10-25]
FF Extension: (Quantum) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\oe3id72o.default-1556682730909\Extensions\{25c704b7-1833-4562-862d-3e5ac2bdaa2f}.xpi [2019-05-13]
FF Extension: (Firefox Quantum Nightly) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\oe3id72o.default-1556682730909\Extensions\{a52d8854-4831-4a49-b621-7464a3291692}.xpi [2019-05-13]
FF Plugin: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-10-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-10-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-06-30] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-10-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-10-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-18] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-18] (Google Inc -> Google LLC)

Chrome: 
=======
CHR DefaultProfile: Default
CHR Notifications: Default -> hxxps://app.mysms.com; hxxps://mail.google.com; hxxps://www.youtube.com
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2019-11-03]
CHR Extension: (Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-05-13]
CHR Extension: (Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-05-13]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-05-13]
CHR Extension: (Honey) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2019-10-19]
CHR Extension: (uBlock Origin) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-10-25]
CHR Extension: (Dark Reader) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimadpbcbfnmbkopoojfekhnkhdbieeh [2019-10-25]
CHR Extension: (Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-05-13]
CHR Extension: (Oceanic) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbbacdmgjdfajabgglpjifcedoajdimg [2019-06-16]
CHR Extension: (HTTPS Everywhere) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2019-06-28]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-15]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2019-11-01]
CHR Extension: (Grammarly for Chrome) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2019-11-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-09-19]
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-01-13]
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\System Profile [2019-10-19]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\Windows\System32\DriverStore\FileRepository\u0345604.inf_amd64_8a71636be473da79\B345674\atiesrxx.exe [508840 2019-08-12] (Advanced Micro Devices, Inc. -> AMD)
R2 AUEPLauncher; C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe [43008 2019-08-08] (AMD) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8473200 2019-10-16] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11636808 2019-10-18] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2019-09-15] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 ibtsiva; C:\Windows\system32\ibtsiva.exe [542016 2018-11-20] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [269480 2017-07-03] (Intel(R) Wireless Connectivity Solutions -> )
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2018-06-27] (Even Balance, Inc. -> )
R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [449664 2018-08-28] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [942720 2018-09-11] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [253776 2019-10-01] (Razer USA Ltd. -> Razer Inc)
R2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [287472 2019-10-22] (Razer USA Ltd. -> Razer Inc.)
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [532864 2019-07-11] (Razer USA Ltd. -> Razer Inc.)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [290864 2019-10-22] (Razer USA Ltd. -> Razer Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\NisSrv.exe [3201616 2019-10-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MsMpEng.exe [103168 2019-10-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [18264 2017-09-27] (Intel(R) Extreme Tuning Utility -> Intel(R) Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3755176 2017-07-03] (Intel(R) Wireless Connectivity Solutions -> Intel® Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdgpio2; C:\Windows\System32\drivers\amdgpio2.sys [45832 2019-10-01] (Advanced Micro Devices INC. -> Advanced Micro Devices, Inc)
R3 amdgpio3; C:\Windows\System32\drivers\amdgpio3.sys [24424 2016-08-12] (AMD PMP-PE CB Code Signer v20160415 -> Advanced Micro Devices, Inc)
S3 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [67376 2019-01-10] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\u0345604.inf_amd64_8a71636be473da79\B345674\atikmdag.sys [60438464 2019-08-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\u0345604.inf_amd64_8a71636be473da79\B345674\atikmpag.sys [598440 2019-08-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [103456 2019-08-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 AMDPCIDev; C:\Windows\System32\drivers\AMDPCIDev.sys [31592 2018-04-25] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R0 amdpsp; C:\Windows\System32\drivers\amdpsp.sys [137496 2018-09-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. )
R2 AMDRyzenMasterDriver; C:\Program Files\AMD\Performance Profile Client\RyzenMaster\AMDRyzenMasterDriver.sys [70304 2017-11-16] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 AppleKmdfFilter; C:\Windows\System32\drivers\AppleKmdfFilter.sys [20640 2018-04-26] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35560 2018-04-26] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [108152 2019-07-23] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
S3 cpuz148; C:\Windows\temp\cpuz148\cpuz148_x64.sys [44648 2019-10-25] (CPUID S.A.R.L.U. -> CPUID)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2019-10-12] (Malwarebytes Corporation -> Malwarebytes)
S3 gdrv; C:\Windows\gdrv.sys [25640 2018-04-20] (Giga-Byte Technology -> Windows (R) Server 2003 DDK provider)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2019-04-02] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
S3 IaNVMe; C:\Windows\System32\drivers\IaNVMe.sys [101872 2016-01-26] (Intel(R) NVMe Windows Driver -> Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [144528 2018-11-20] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [38424 2017-09-15] (Intel Corporation -> Intel Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [199768 2019-10-12] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [224408 2019-10-12] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73584 2019-11-03] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-11-03] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [116832 2019-10-12] (Malwarebytes Corporation -> Malwarebytes)
R1 MpKsl0188486e; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5A3B4BFF-ECE4-4AA3-B6ED-54490F9122E2}\MpKsl0188486e.sys [58120 2019-10-17] (Microsoft Corporation -> Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\drivers\netaapl64.sys [32352 2017-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 Netwtw04; C:\Windows\System32\drivers\Netwtw04.sys [7708160 2019-03-18] (Microsoft Windows -> Intel Corporation)
S3 nvme; C:\Windows\System32\drivers\nvme.sys [119840 2015-12-16] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd)
S3 ocznvme; C:\Windows\System32\drivers\ocznvme.sys [99592 2016-06-10] (Toshiba America Electronic Components, Inc. -> TOSHIBA CORPORATION)
S3 ocztrimfilter; C:\Windows\System32\drivers\ocztrimfilter.sys [29064 2016-06-10] (Toshiba America Electronic Components, Inc. -> TOSHIBA CORPORATION)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [662528 2019-03-18] (Microsoft Windows -> Realtek )
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2017-08-27] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
R3 RzCommon; C:\Windows\System32\drivers\RzCommon.sys [49032 2019-01-16] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_005c; C:\Windows\System32\drivers\RzDev_005c.sys [51696 2018-04-22] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_021e; C:\Windows\System32\drivers\RzDev_021e.sys [51688 2018-04-22] (Razer USA Ltd. -> Razer Inc)
R3 ssdevfactory; C:\Windows\System32\drivers\ssdevfactory.sys [46776 2019-05-24] (SteelSeries ApS -> )
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 tap-tb-0901; C:\Windows\System32\drivers\tap-tb-0901.sys [38656 2018-05-01] (TunnelBear, Inc. -> The OpenVPN Project)
S3 tap0901; C:\Windows\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [236352 2019-05-13] (Oracle Corporation -> Oracle Corporation)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46472 2019-10-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [351968 2019-10-17] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [53984 2019-10-17] (Microsoft Windows -> Microsoft Corporation)
S3 WinRing0_1_2_0; C:\Program Files (x86)\NZXT\CAM\OpenHardwareMonitorLib.sys [14544 2019-10-25] (Noriyuki MIYAZAKI -> OpenLibSys.org)
U4 AppMgmt; no ImagePath
U4 CscService; no ImagePath
U4 napagent; no ImagePath
U4 PeerDistSvc; no ImagePath
S3 VBAudioVMAUXVAIOMME; \SystemRoot\System32\drivers\vbaudio_vmauxvaio64_win10.sys [X]
S3 VBAudioVMVAIOMME; \SystemRoot\System32\drivers\vbaudio_vmvaio64_win10.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-11-03 10:27 - 2019-11-03 10:27 - 000000000 ____D C:\Users\Owner\Downloads\FRST-OlderVersion
2019-11-03 10:26 - 2019-11-03 10:27 - 001619456 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2019-11-03 10:24 - 2019-11-03 10:24 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-11-03 10:24 - 2019-11-03 10:24 - 000073584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-11-03 10:24 - 2019-11-03 10:24 - 000003112 _____ C:\Windows\system32\Tasks\AMDLinkUpdate
2019-11-02 20:14 - 2019-11-02 20:14 - 000003142 _____ C:\Windows\system32\Tasks\MSIAfterburner
2019-11-02 15:58 - 2019-11-02 15:58 - 000000000 ____H C:\Users\Owner\Documents\Default.rdp
2019-11-02 15:56 - 2019-11-03 10:27 - 000037618 _____ C:\Users\Owner\Downloads\FRST.txt
2019-11-02 15:55 - 2019-11-03 10:27 - 000000000 ____D C:\FRST
2019-11-02 15:51 - 2019-11-02 15:51 - 000000606 _____ C:\Users\Owner\Desktop\emot.txt
2019-11-01 14:56 - 2019-11-01 14:56 - 003194363 _____ C:\Users\Owner\Downloads\Stuart Interview.m4a
2019-10-27 20:44 - 2019-10-27 20:44 - 000000000 ____D C:\Users\Owner\AppData\Local\TunnelBear
2019-10-27 20:05 - 2019-10-27 20:05 - 000965060 _____ C:\Users\Owner\Downloads\20Time Scene 1.mp4
2019-10-27 19:58 - 2019-10-27 20:10 - 000000000 ____D C:\Users\Owner\Desktop\20Time Animation
2019-10-26 19:08 - 2019-10-26 19:14 - 000000000 ____D C:\Users\Public\BlueStacks
2019-10-25 17:13 - 2019-10-25 17:13 - 000071680 _____ C:\Windows\SysWOW64\AMDHelper.dll
2019-10-25 16:30 - 2019-11-03 10:25 - 000000000 ____D C:\Users\Owner\AppData\Local\Spotify
2019-10-25 16:30 - 2019-10-25 16:30 - 000001850 _____ C:\Users\Owner\Desktop\Spotify.lnk
2019-10-25 16:30 - 2019-10-25 16:30 - 000001836 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2019-10-25 16:29 - 2019-11-03 10:25 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Spotify
2019-10-25 12:42 - 2019-10-26 09:49 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-10-23 21:36 - 2019-10-23 21:37 - 028480244 _____ C:\Users\Owner\Downloads\wtf is this game anymore HACKERS in LOW GOLD!!!! please report these guysrainbow six siege.mp4
2019-10-23 21:17 - 2019-10-23 21:17 - 015092239 _____ C:\Users\Owner\Downloads\03f641c45c0534af9bc3502b216226fd.mov
2019-10-23 21:02 - 2019-10-23 21:02 - 010329762 _____ C:\Users\Owner\Downloads\59859d3ea7d593ece47f23c2700b9b72.mov
2019-10-23 19:44 - 2019-10-23 19:44 - 008573904 _____ C:\Users\Owner\Downloads\My first time using frosts shotgun.mp4
2019-10-23 19:40 - 2019-10-23 19:41 - 023026795 _____ C:\Users\Owner\Downloads\Clash of clans- new shrink trap gameplay.mp4
2019-10-21 21:10 - 2019-10-21 21:10 - 000001596 _____ C:\Users\Owner\Downloads\krunker settings.txt
2019-10-18 22:50 - 2019-10-22 16:30 - 000000314 _____ C:\Users\Owner\Desktop\Fortnite.url
2019-10-18 21:53 - 2019-10-18 21:53 - 000002375 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-10-18 21:53 - 2019-10-18 21:53 - 000002334 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-10-18 21:52 - 2019-10-18 21:52 - 000003420 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2019-10-18 21:52 - 2019-10-18 21:52 - 000003296 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2019-10-17 15:08 - 2019-10-17 15:06 - 000129080 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
2019-10-17 15:08 - 2019-10-17 15:06 - 000114232 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2019-10-17 15:07 - 2019-10-17 15:06 - 000129080 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2019-10-17 14:56 - 2019-10-17 14:56 - 000000000 ____D C:\Users\Owner\AppData\LocalLow\Oracle
2019-10-16 18:55 - 2019-10-16 18:56 - 000000000 ____D C:\Users\Owner\AppData\Roaming\io.krunker.desktop
2019-10-16 18:55 - 2019-10-16 18:55 - 000000000 ____D C:\Users\Owner\Documents\KrunkerResourceSwapper
2019-10-16 18:55 - 2019-10-16 18:55 - 000000000 ____D C:\Users\Owner\AppData\Local\io.krunker.desktop-updater
2019-10-16 17:07 - 2019-10-16 17:13 - 000000000 ____D C:\Users\Owner\Desktop\Movie Media
2019-10-15 16:33 - 2019-10-15 16:33 - 000001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2019-10-15 16:33 - 2019-10-15 16:33 - 000001258 _____ C:\Users\Public\Desktop\Epic Games Launcher.lnk
2019-10-15 16:32 - 2019-10-15 16:38 - 000000000 ____D C:\ProgramData\Epic
2019-10-15 16:32 - 2019-10-15 16:32 - 000000000 ____D C:\Program Files (x86)\Epic Games
2019-10-14 16:01 - 2019-10-14 16:01 - 005598872 _____ () C:\Users\Owner\Desktop\TechnicLauncher.exe
2019-10-12 17:16 - 2019-10-12 17:16 - 000224408 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-10-12 17:16 - 2019-10-12 17:16 - 000199768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-10-12 17:16 - 2019-10-12 17:16 - 000116832 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-10-08 18:07 - 2019-10-08 18:07 - 000000000 ____D C:\Users\Owner\AppData\Local\BitTorrentHelper
2019-10-04 16:47 - 2019-10-15 16:33 - 000000000 ____D C:\Users\Owner\AppData\Local\EpicGamesLauncher
2019-10-04 16:06 - 2019-10-04 16:48 - 000000000 ____D C:\Users\Owner\Desktop\Westy Walk Media

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-11-03 10:25 - 2019-03-18 20:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-11-03 10:24 - 2019-08-19 23:07 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2019-11-03 10:24 - 2019-07-07 01:38 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-11-03 10:24 - 2019-07-07 01:19 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-11-02 22:37 - 2019-07-07 01:38 - 000004166 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{C3153E77-297D-42C7-87BE-091565768226}
2019-11-02 22:15 - 2018-05-14 20:27 - 000000000 ____D C:\Users\Owner\AppData\Roaming\discord
2019-11-02 22:15 - 2018-05-13 15:25 - 000000000 ____D C:\Program Files (x86)\Steam
2019-11-02 16:04 - 2018-08-28 16:22 - 000000000 ____D C:\Users\Owner\AppData\LocalLow\Mozilla
2019-11-01 14:24 - 2019-04-29 16:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer Cortex
2019-11-01 14:01 - 2019-03-18 20:52 - 000000000 ___HD C:\Program Files\WindowsApps
2019-11-01 14:01 - 2019-03-18 20:52 - 000000000 ____D C:\Windows\AppReadiness
2019-10-29 14:47 - 2018-12-26 11:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2019-10-28 19:02 - 2016-09-08 12:59 - 000000000 ____D C:\ProgramData\Package Cache
2019-10-27 11:42 - 2019-07-07 01:30 - 000840848 _____ C:\Windows\system32\PerfStringBackup.INI
2019-10-27 11:42 - 2019-03-18 20:50 - 000000000 ____D C:\Windows\INF
2019-10-26 19:26 - 2019-01-05 22:47 - 000000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2019-10-26 19:26 - 2018-06-30 17:56 - 000000000 ____D C:\Users\Owner\AppData\Local\Bluestacks
2019-10-26 09:49 - 2019-04-30 19:46 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-10-25 17:15 - 2019-02-15 21:17 - 000000000 ____D C:\Users\Owner\AppData\Roaming\CAM
2019-10-25 17:13 - 2019-08-02 14:50 - 000003366 _____ C:\Windows\system32\Tasks\CAM.Desktop
2019-10-25 16:57 - 2019-04-30 19:46 - 000001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-10-25 12:42 - 2019-03-18 20:52 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-10-25 12:42 - 2016-09-08 13:02 - 000000000 ____D C:\Program Files\Microsoft Office
2019-10-23 21:54 - 2019-04-19 21:23 - 000000000 ____D C:\Users\Owner\AppData\Roaming\obs-studio
2019-10-19 09:35 - 2018-05-14 16:09 - 000000000 ____D C:\Users\Owner\AppData\Local\UnrealEngine
2019-10-19 09:14 - 2019-07-09 17:07 - 000000999 _____ C:\Users\Public\Desktop\Firefox.lnk
2019-10-18 21:53 - 2018-05-13 11:18 - 000000000 ____D C:\Program Files (x86)\Google
2019-10-18 20:48 - 2018-05-12 14:45 - 000000000 ____D C:\Users\Owner\AppData\Local\Packages
2019-10-17 15:08 - 2019-08-08 01:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-10-17 15:08 - 2019-08-08 01:53 - 000000000 ____D C:\Program Files (x86)\Java
2019-10-17 15:07 - 2019-09-28 23:36 - 000000000 ____D C:\Program Files\Java
2019-10-17 14:19 - 2018-05-11 20:50 - 000000000 ____D C:\Windows\system32\Drivers\wd
2019-10-16 12:51 - 2019-07-06 23:35 - 000000000 ___DC C:\Windows\Panther
2019-10-15 16:49 - 2018-05-14 16:34 - 000000000 ____D C:\Program Files\Epic Games
2019-10-15 16:38 - 2018-05-12 17:51 - 000000000 ____D C:\Users\Owner\AppData\Local\D3DSCache
2019-10-14 22:02 - 2019-03-18 20:52 - 000000000 ____D C:\Windows\system32\NDF
2019-10-14 17:40 - 2018-05-17 21:01 - 000000000 ____D C:\Users\Owner\AppData\Local\Ubisoft Game Launcher
2019-10-14 17:30 - 2019-03-13 13:39 - 000000000 ____D C:\Users\Owner\AppData\Roaming\.minecraft
2019-10-14 16:18 - 2019-06-28 23:09 - 000000000 ____D C:\Program Files (x86)\Minecraft Launcher
2019-10-14 16:01 - 2019-08-20 20:22 - 000000000 ____D C:\Users\Owner\AppData\Roaming\.technic
2019-10-14 15:40 - 2019-04-19 20:32 - 000000000 ____D C:\Users\Owner\Documents\Sound recordings
2019-10-14 14:56 - 2018-05-12 18:51 - 000000000 ____D C:\Users\Owner\AppData\Local\PlaceholderTileLogoFolder
2019-10-12 17:16 - 2019-07-16 00:07 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-10-11 12:28 - 2019-07-07 01:02 - 000000000 ____D C:\Users\Owner
2019-10-10 16:32 - 2019-03-18 20:37 - 000524288 _____ C:\Windows\system32\config\BBI
2019-10-09 14:25 - 2019-03-18 20:37 - 000000000 ____D C:\Windows\CbsTemp
2019-10-09 14:24 - 2018-05-11 19:15 - 000000000 ____D C:\Windows\system32\MRT
2019-10-09 14:23 - 2018-05-11 19:15 - 127230528 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories ========

2019-09-20 21:28 - 2019-09-20 21:28 - 000034146 _____ () C:\Users\Owner\AppData\Roaming\VoiceMeeterBananaDefault.xml
2018-12-10 15:42 - 2018-12-10 15:42 - 000007605 _____ () C:\Users\Owner\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Addition.txt

Share this post


Link to post
Share on other sites

My default browser is synced with other devices.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-11-2019
Ran by Owner (administrator) on DESKTOP-IL4AFVB (Gigabyte Technology Co., Ltd. AX370M-DS3H) (03-11-2019 10:27:16)
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: defaultuser0 & Owner)
Platform: Windows 10 Home Version 1903 18362.207 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\AMD\Performance Profile Client\RyzenMaster\AUEPRyzenMasterAC.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0345604.inf_amd64_8a71636be473da79\B345674\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0345604.inf_amd64_8a71636be473da79\B345674\atiesrxx.exe
(AMD) [File not signed] C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe
(AMD) [File not signed] C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe
(AMD) [File not signed] C:\Program Files\AMD\Performance Profile Client\AUEPUF.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel(R) Extreme Tuning Utility -> Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel(R) Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel(R) Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1908.0.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1001.5.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxApp_48.58.11001.0_x64__8wekyb3d8bbwe\XboxApp.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1910.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1910.4-0\NisSrv.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> ) C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\Synapse3\UserProcess\Razer Synapse Service Process.exe
(Razer USA Ltd. -> Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\PMRunner32.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\x64\PMRunner64.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
(Razer USA Ltd. -> Razer) C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe
(Razer USA Ltd. -> The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Cortex\Cef\CefSharp.BrowserSubprocess.exe
(Razer USA Ltd. -> The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe
(Razer USA Ltd. -> The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe
(Spotify AB -> Spotify Ltd) C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe
(Spotify AB -> Spotify Ltd) C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe
(Spotify AB -> Spotify Ltd) C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe
(Spotify AB -> Spotify Ltd) C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe
(Spotify AB -> Spotify Ltd) C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9181696 2016-12-01] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncher.exe [266624 2019-10-22] (Razer USA Ltd. -> Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11032019102531993\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3503856 2019-10-24] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11032019102532055\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11032019102532074\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2224698003-673730673-3476248444-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11032019102532097\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2224698003-673730673-3476248444-1003\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3278288 2019-10-30] (Valve -> Valve Corporation)
HKU\S-1-5-21-2224698003-673730673-3476248444-1003\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35977616 2019-10-25] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-2224698003-673730673-3476248444-1003\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3503856 2019-10-24] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-5-21-2224698003-673730673-3476248444-1003\...\Run: [utweb] => "C:\Users\Owner\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED
HKU\S-1-5-21-2224698003-673730673-3476248444-1003\...\Run: [Spotify] => C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe [21218720 2019-10-26] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-2224698003-673730673-3476248444-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2224698003-673730673-3476248444-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11032019102532132\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3278288 2019-10-30] (Valve -> Valve Corporation)
HKU\S-1-5-21-2224698003-673730673-3476248444-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11032019102532132\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35977616 2019-10-25] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-2224698003-673730673-3476248444-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11032019102532132\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3503856 2019-10-24] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-5-21-2224698003-673730673-3476248444-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11032019102532132\...\Run: [utweb] => "C:\Users\Owner\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED
HKU\S-1-5-21-2224698003-673730673-3476248444-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11032019102532132\...\Run: [Spotify] => C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe [21218720 2019-10-26] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-2224698003-673730673-3476248444-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11032019102532132\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3503856 2019-10-24] (Razer USA Ltd. -> Razer Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\77.0.3865.120\Installer\chrmstp.exe [2019-10-18] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2019-09-21]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS -> SteelSeries ApS)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0172C72E-C05B-4EF3-B1AD-1850A270DF57} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2224698003-673730673-3476248444-1003 => C:\Users\Owner\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {0BCF88DD-332E-4BF3-8171-3512BDD02502} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-18] (Google Inc -> Google LLC)
Task: {171EB012-52D0-4F9A-8FFA-F6413CC7A32A} - System32\Tasks\AMD ThankingURL => C:\Program Files\AMD\CIM\Bin64\Setup.exe [891576 2019-08-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {3014448F-3B19-4784-8FB6-97956BC7849A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {38AF3D73-2372-4715-8DFA-00B5F8ED06A4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27289376 2019-10-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {45BDCE35-F2AC-49E5-9FCC-C7E9D28338F1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5935FFBC-CA61-48D8-B521-E1704116C34C} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [68280 2019-08-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {5D6666C2-0018-47C4-B058-541D7F3B05F2} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2170264 2019-10-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {66B75A89-0103-45F0-8022-F2A2AC2DFCEB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {69BC9A05-ADCE-4573-A3AB-324FEAC1D426} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27289376 2019-10-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {69E06AC5-B4F6-43E0-B958-D3B26E64A646} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\Windows\system32\EOSNotify.exe
Task: {7BD65576-6040-4744-8FEA-302A246BA22F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {82307E60-4970-4AE2-AE7A-3A225039C800} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [781808 2019-04-21] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
Task: {88B9BDE4-9175-489E-B37F-E661ED70168F} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [156432 2019-10-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {95FC799E-C99D-4F6B-B0F8-3E2819CB52F1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-18] (Google Inc -> Google LLC)
Task: {99FB5010-2237-4EFD-AD96-90EF51EE5D2C} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61112 2019-08-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {9D5B29C0-0544-44E0-94C7-8B2050BEBAAB} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [156432 2019-10-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {9F48B70E-CBB5-40AD-AD0B-076B0A02A79C} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe [468992 2019-08-08] (Advanced Micro Devices, Inc.) [File not signed]
Task: {ADE8077A-76E0-43CD-BF9E-0A45413BB66B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2170264 2019-10-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {B3D1F25A-88B3-4B87-987E-D330C7912201} - System32\Tasks\CAM.Desktop => C:\Program Files (x86)\NZXT\CAM\CAM.Desktop.exe [344128 2019-07-28] (NZXT, Inc. -> )
Task: {C094DEE0-2B1F-41B6-A45E-14CAC61E72F2} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [468992 2019-08-08] (Advanced Micro Devices, Inc.) [File not signed]
Task: {C199B147-0042-42BC-8BC7-0CF44FCE3F5A} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe
Task: {FC61E68A-18C5-4867-9B00-427BDA39FF46} - System32\Tasks\StartCNBM => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61112 2019-08-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{3878b29d-038c-4b55-a6e3-a1c1302d8f43}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{7bac1f2f-a50b-4d90-97c1-340ead1650f1}: [DhcpNameServer] 168.94.0.14 168.94.0.15

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-2224698003-673730673-3476248444-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem17win10.msn.com/?pc=NMTE
HKU\S-1-5-21-2224698003-673730673-3476248444-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11032019102532132\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem17win10.msn.com/?pc=NMTE
SearchScopes: HKU\S-1-5-21-2224698003-673730673-3476248444-1003 -> DefaultScope {9D825E1D-057D-4728-8F64-0608FB9D5669} URL = 
SearchScopes: HKU\S-1-5-21-2224698003-673730673-3476248444-1003 -> {9D825E1D-057D-4728-8F64-0608FB9D5669} URL = 
SearchScopes: HKU\S-1-5-21-2224698003-673730673-3476248444-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11032019102532132 -> DefaultScope {9D825E1D-057D-4728-8F64-0608FB9D5669} URL = 
SearchScopes: HKU\S-1-5-21-2224698003-673730673-3476248444-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11032019102532132 -> {9D825E1D-057D-4728-8F64-0608FB9D5669} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_231\bin\ssv.dll [2019-10-17] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_231\bin\jp2ssv.dll [2019-10-17] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\ssv.dll [2019-10-17] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\jp2ssv.dll [2019-10-17] (Oracle America, Inc. -> Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-10-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-10-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-10-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-10-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-10-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-10-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-10-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-10-04] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: oe3id72o.default-1556682730909
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\oe3id72o.default-1556682730909 [2019-10-29]
FF Extension: (Grammarly for Firefox) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\oe3id72o.default-1556682730909\Extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi [2019-10-16]
FF Extension: (Dark Reader) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\oe3id72o.default-1556682730909\Extensions\addon@darkreader.org.xpi [2019-10-25]
FF Extension: (HTTPS Everywhere) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\oe3id72o.default-1556682730909\Extensions\https-everywhere@eff.org.xpi [2019-09-23]
FF Extension: (To Google Translate) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\oe3id72o.default-1556682730909\Extensions\jid1-93WyvpgvxzGATw@jetpack.xpi [2019-09-11]
FF Extension: (uBlock Origin) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\oe3id72o.default-1556682730909\Extensions\uBlock0@raymondhill.net.xpi [2019-10-25]
FF Extension: (Quantum) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\oe3id72o.default-1556682730909\Extensions\{25c704b7-1833-4562-862d-3e5ac2bdaa2f}.xpi [2019-05-13]
FF Extension: (Firefox Quantum Nightly) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\oe3id72o.default-1556682730909\Extensions\{a52d8854-4831-4a49-b621-7464a3291692}.xpi [2019-05-13]
FF Plugin: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-10-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-10-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-06-30] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-10-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-10-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-18] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-18] (Google Inc -> Google LLC)

Chrome: 
=======
CHR DefaultProfile: Default
CHR Notifications: Default -> hxxps://app.mysms.com; hxxps://mail.google.com; hxxps://www.youtube.com
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2019-11-03]
CHR Extension: (Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-05-13]
CHR Extension: (Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-05-13]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-05-13]
CHR Extension: (Honey) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2019-10-19]
CHR Extension: (uBlock Origin) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-10-25]
CHR Extension: (Dark Reader) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimadpbcbfnmbkopoojfekhnkhdbieeh [2019-10-25]
CHR Extension: (Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-05-13]
CHR Extension: (Oceanic) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbbacdmgjdfajabgglpjifcedoajdimg [2019-06-16]
CHR Extension: (HTTPS Everywhere) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2019-06-28]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-15]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2019-11-01]
CHR Extension: (Grammarly for Chrome) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2019-11-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-09-19]
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-01-13]
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\System Profile [2019-10-19]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\Windows\System32\DriverStore\FileRepository\u0345604.inf_amd64_8a71636be473da79\B345674\atiesrxx.exe [508840 2019-08-12] (Advanced Micro Devices, Inc. -> AMD)
R2 AUEPLauncher; C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe [43008 2019-08-08] (AMD) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8473200 2019-10-16] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11636808 2019-10-18] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2019-09-15] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 ibtsiva; C:\Windows\system32\ibtsiva.exe [542016 2018-11-20] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [269480 2017-07-03] (Intel(R) Wireless Connectivity Solutions -> )
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2018-06-27] (Even Balance, Inc. -> )
R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [449664 2018-08-28] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [942720 2018-09-11] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [253776 2019-10-01] (Razer USA Ltd. -> Razer Inc)
R2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [287472 2019-10-22] (Razer USA Ltd. -> Razer Inc.)
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [532864 2019-07-11] (Razer USA Ltd. -> Razer Inc.)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [290864 2019-10-22] (Razer USA Ltd. -> Razer Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\NisSrv.exe [3201616 2019-10-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MsMpEng.exe [103168 2019-10-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [18264 2017-09-27] (Intel(R) Extreme Tuning Utility -> Intel(R) Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3755176 2017-07-03] (Intel(R) Wireless Connectivity Solutions -> Intel® Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdgpio2; C:\Windows\System32\drivers\amdgpio2.sys [45832 2019-10-01] (Advanced Micro Devices INC. -> Advanced Micro Devices, Inc)
R3 amdgpio3; C:\Windows\System32\drivers\amdgpio3.sys [24424 2016-08-12] (AMD PMP-PE CB Code Signer v20160415 -> Advanced Micro Devices, Inc)
S3 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [67376 2019-01-10] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\u0345604.inf_amd64_8a71636be473da79\B345674\atikmdag.sys [60438464 2019-08-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\u0345604.inf_amd64_8a71636be473da79\B345674\atikmpag.sys [598440 2019-08-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [103456 2019-08-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 AMDPCIDev; C:\Windows\System32\drivers\AMDPCIDev.sys [31592 2018-04-25] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R0 amdpsp; C:\Windows\System32\drivers\amdpsp.sys [137496 2018-09-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. )
R2 AMDRyzenMasterDriver; C:\Program Files\AMD\Performance Profile Client\RyzenMaster\AMDRyzenMasterDriver.sys [70304 2017-11-16] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 AppleKmdfFilter; C:\Windows\System32\drivers\AppleKmdfFilter.sys [20640 2018-04-26] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35560 2018-04-26] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [108152 2019-07-23] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
S3 cpuz148; C:\Windows\temp\cpuz148\cpuz148_x64.sys [44648 2019-10-25] (CPUID S.A.R.L.U. -> CPUID)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2019-10-12] (Malwarebytes Corporation -> Malwarebytes)
S3 gdrv; C:\Windows\gdrv.sys [25640 2018-04-20] (Giga-Byte Technology -> Windows (R) Server 2003 DDK provider)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2019-04-02] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
S3 IaNVMe; C:\Windows\System32\drivers\IaNVMe.sys [101872 2016-01-26] (Intel(R) NVMe Windows Driver -> Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [144528 2018-11-20] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [38424 2017-09-15] (Intel Corporation -> Intel Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [199768 2019-10-12] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [224408 2019-10-12] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73584 2019-11-03] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-11-03] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [116832 2019-10-12] (Malwarebytes Corporation -> Malwarebytes)
R1 MpKsl0188486e; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5A3B4BFF-ECE4-4AA3-B6ED-54490F9122E2}\MpKsl0188486e.sys [58120 2019-10-17] (Microsoft Corporation -> Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\drivers\netaapl64.sys [32352 2017-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 Netwtw04; C:\Windows\System32\drivers\Netwtw04.sys [7708160 2019-03-18] (Microsoft Windows -> Intel Corporation)
S3 nvme; C:\Windows\System32\drivers\nvme.sys [119840 2015-12-16] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd)
S3 ocznvme; C:\Windows\System32\drivers\ocznvme.sys [99592 2016-06-10] (Toshiba America Electronic Components, Inc. -> TOSHIBA CORPORATION)
S3 ocztrimfilter; C:\Windows\System32\drivers\ocztrimfilter.sys [29064 2016-06-10] (Toshiba America Electronic Components, Inc. -> TOSHIBA CORPORATION)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [662528 2019-03-18] (Microsoft Windows -> Realtek )
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2017-08-27] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
R3 RzCommon; C:\Windows\System32\drivers\RzCommon.sys [49032 2019-01-16] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_005c; C:\Windows\System32\drivers\RzDev_005c.sys [51696 2018-04-22] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_021e; C:\Windows\System32\drivers\RzDev_021e.sys [51688 2018-04-22] (Razer USA Ltd. -> Razer Inc)
R3 ssdevfactory; C:\Windows\System32\drivers\ssdevfactory.sys [46776 2019-05-24] (SteelSeries ApS -> )
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 tap-tb-0901; C:\Windows\System32\drivers\tap-tb-0901.sys [38656 2018-05-01] (TunnelBear, Inc. -> The OpenVPN Project)
S3 tap0901; C:\Windows\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [236352 2019-05-13] (Oracle Corporation -> Oracle Corporation)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46472 2019-10-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [351968 2019-10-17] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [53984 2019-10-17] (Microsoft Windows -> Microsoft Corporation)
S3 WinRing0_1_2_0; C:\Program Files (x86)\NZXT\CAM\OpenHardwareMonitorLib.sys [14544 2019-10-25] (Noriyuki MIYAZAKI -> OpenLibSys.org)
U4 AppMgmt; no ImagePath
U4 CscService; no ImagePath
U4 napagent; no ImagePath
U4 PeerDistSvc; no ImagePath
S3 VBAudioVMAUXVAIOMME; \SystemRoot\System32\drivers\vbaudio_vmauxvaio64_win10.sys [X]
S3 VBAudioVMVAIOMME; \SystemRoot\System32\drivers\vbaudio_vmvaio64_win10.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-11-03 10:27 - 2019-11-03 10:27 - 000000000 ____D C:\Users\Owner\Downloads\FRST-OlderVersion
2019-11-03 10:26 - 2019-11-03 10:27 - 001619456 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2019-11-03 10:24 - 2019-11-03 10:24 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-11-03 10:24 - 2019-11-03 10:24 - 000073584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-11-03 10:24 - 2019-11-03 10:24 - 000003112 _____ C:\Windows\system32\Tasks\AMDLinkUpdate
2019-11-02 20:14 - 2019-11-02 20:14 - 000003142 _____ C:\Windows\system32\Tasks\MSIAfterburner
2019-11-02 15:58 - 2019-11-02 15:58 - 000000000 ____H C:\Users\Owner\Documents\Default.rdp
2019-11-02 15:56 - 2019-11-03 10:27 - 000037618 _____ C:\Users\Owner\Downloads\FRST.txt
2019-11-02 15:55 - 2019-11-03 10:27 - 000000000 ____D C:\FRST
2019-11-02 15:51 - 2019-11-02 15:51 - 000000606 _____ C:\Users\Owner\Desktop\emot.txt
2019-11-01 14:56 - 2019-11-01 14:56 - 003194363 _____ C:\Users\Owner\Downloads\Stuart Interview.m4a
2019-10-27 20:44 - 2019-10-27 20:44 - 000000000 ____D C:\Users\Owner\AppData\Local\TunnelBear
2019-10-27 20:05 - 2019-10-27 20:05 - 000965060 _____ C:\Users\Owner\Downloads\20Time Scene 1.mp4
2019-10-27 19:58 - 2019-10-27 20:10 - 000000000 ____D C:\Users\Owner\Desktop\20Time Animation
2019-10-26 19:08 - 2019-10-26 19:14 - 000000000 ____D C:\Users\Public\BlueStacks
2019-10-25 17:13 - 2019-10-25 17:13 - 000071680 _____ C:\Windows\SysWOW64\AMDHelper.dll
2019-10-25 16:30 - 2019-11-03 10:25 - 000000000 ____D C:\Users\Owner\AppData\Local\Spotify
2019-10-25 16:30 - 2019-10-25 16:30 - 000001850 _____ C:\Users\Owner\Desktop\Spotify.lnk
2019-10-25 16:30 - 2019-10-25 16:30 - 000001836 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2019-10-25 16:29 - 2019-11-03 10:25 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Spotify
2019-10-25 12:42 - 2019-10-26 09:49 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-10-23 21:36 - 2019-10-23 21:37 - 028480244 _____ C:\Users\Owner\Downloads\wtf is this game anymore HACKERS in LOW GOLD!!!! please report these guysrainbow six siege.mp4
2019-10-23 21:17 - 2019-10-23 21:17 - 015092239 _____ C:\Users\Owner\Downloads\03f641c45c0534af9bc3502b216226fd.mov
2019-10-23 21:02 - 2019-10-23 21:02 - 010329762 _____ C:\Users\Owner\Downloads\59859d3ea7d593ece47f23c2700b9b72.mov
2019-10-23 19:44 - 2019-10-23 19:44 - 008573904 _____ C:\Users\Owner\Downloads\My first time using frosts shotgun.mp4
2019-10-23 19:40 - 2019-10-23 19:41 - 023026795 _____ C:\Users\Owner\Downloads\Clash of clans- new shrink trap gameplay.mp4
2019-10-21 21:10 - 2019-10-21 21:10 - 000001596 _____ C:\Users\Owner\Downloads\krunker settings.txt
2019-10-18 22:50 - 2019-10-22 16:30 - 000000314 _____ C:\Users\Owner\Desktop\Fortnite.url
2019-10-18 21:53 - 2019-10-18 21:53 - 000002375 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-10-18 21:53 - 2019-10-18 21:53 - 000002334 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-10-18 21:52 - 2019-10-18 21:52 - 000003420 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2019-10-18 21:52 - 2019-10-18 21:52 - 000003296 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2019-10-17 15:08 - 2019-10-17 15:06 - 000129080 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
2019-10-17 15:08 - 2019-10-17 15:06 - 000114232 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2019-10-17 15:07 - 2019-10-17 15:06 - 000129080 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2019-10-17 14:56 - 2019-10-17 14:56 - 000000000 ____D C:\Users\Owner\AppData\LocalLow\Oracle
2019-10-16 18:55 - 2019-10-16 18:56 - 000000000 ____D C:\Users\Owner\AppData\Roaming\io.krunker.desktop
2019-10-16 18:55 - 2019-10-16 18:55 - 000000000 ____D C:\Users\Owner\Documents\KrunkerResourceSwapper
2019-10-16 18:55 - 2019-10-16 18:55 - 000000000 ____D C:\Users\Owner\AppData\Local\io.krunker.desktop-updater
2019-10-16 17:07 - 2019-10-16 17:13 - 000000000 ____D C:\Users\Owner\Desktop\Movie Media
2019-10-15 16:33 - 2019-10-15 16:33 - 000001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2019-10-15 16:33 - 2019-10-15 16:33 - 000001258 _____ C:\Users\Public\Desktop\Epic Games Launcher.lnk
2019-10-15 16:32 - 2019-10-15 16:38 - 000000000 ____D C:\ProgramData\Epic
2019-10-15 16:32 - 2019-10-15 16:32 - 000000000 ____D C:\Program Files (x86)\Epic Games
2019-10-14 16:01 - 2019-10-14 16:01 - 005598872 _____ () C:\Users\Owner\Desktop\TechnicLauncher.exe
2019-10-12 17:16 - 2019-10-12 17:16 - 000224408 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-10-12 17:16 - 2019-10-12 17:16 - 000199768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-10-12 17:16 - 2019-10-12 17:16 - 000116832 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-10-08 18:07 - 2019-10-08 18:07 - 000000000 ____D C:\Users\Owner\AppData\Local\BitTorrentHelper
2019-10-04 16:47 - 2019-10-15 16:33 - 000000000 ____D C:\Users\Owner\AppData\Local\EpicGamesLauncher
2019-10-04 16:06 - 2019-10-04 16:48 - 000000000 ____D C:\Users\Owner\Desktop\Westy Walk Media

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-11-03 10:25 - 2019-03-18 20:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-11-03 10:24 - 2019-08-19 23:07 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2019-11-03 10:24 - 2019-07-07 01:38 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-11-03 10:24 - 2019-07-07 01:19 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-11-02 22:37 - 2019-07-07 01:38 - 000004166 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{C3153E77-297D-42C7-87BE-091565768226}
2019-11-02 22:15 - 2018-05-14 20:27 - 000000000 ____D C:\Users\Owner\AppData\Roaming\discord
2019-11-02 22:15 - 2018-05-13 15:25 - 000000000 ____D C:\Program Files (x86)\Steam
2019-11-02 16:04 - 2018-08-28 16:22 - 000000000 ____D C:\Users\Owner\AppData\LocalLow\Mozilla
2019-11-01 14:24 - 2019-04-29 16:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer Cortex
2019-11-01 14:01 - 2019-03-18 20:52 - 000000000 ___HD C:\Program Files\WindowsApps
2019-11-01 14:01 - 2019-03-18 20:52 - 000000000 ____D C:\Windows\AppReadiness
2019-10-29 14:47 - 2018-12-26 11:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2019-10-28 19:02 - 2016-09-08 12:59 - 000000000 ____D C:\ProgramData\Package Cache
2019-10-27 11:42 - 2019-07-07 01:30 - 000840848 _____ C:\Windows\system32\PerfStringBackup.INI
2019-10-27 11:42 - 2019-03-18 20:50 - 000000000 ____D C:\Windows\INF
2019-10-26 19:26 - 2019-01-05 22:47 - 000000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2019-10-26 19:26 - 2018-06-30 17:56 - 000000000 ____D C:\Users\Owner\AppData\Local\Bluestacks
2019-10-26 09:49 - 2019-04-30 19:46 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-10-25 17:15 - 2019-02-15 21:17 - 000000000 ____D C:\Users\Owner\AppData\Roaming\CAM
2019-10-25 17:13 - 2019-08-02 14:50 - 000003366 _____ C:\Windows\system32\Tasks\CAM.Desktop
2019-10-25 16:57 - 2019-04-30 19:46 - 000001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-10-25 12:42 - 2019-03-18 20:52 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-10-25 12:42 - 2016-09-08 13:02 - 000000000 ____D C:\Program Files\Microsoft Office
2019-10-23 21:54 - 2019-04-19 21:23 - 000000000 ____D C:\Users\Owner\AppData\Roaming\obs-studio
2019-10-19 09:35 - 2018-05-14 16:09 - 000000000 ____D C:\Users\Owner\AppData\Local\UnrealEngine
2019-10-19 09:14 - 2019-07-09 17:07 - 000000999 _____ C:\Users\Public\Desktop\Firefox.lnk
2019-10-18 21:53 - 2018-05-13 11:18 - 000000000 ____D C:\Program Files (x86)\Google
2019-10-18 20:48 - 2018-05-12 14:45 - 000000000 ____D C:\Users\Owner\AppData\Local\Packages
2019-10-17 15:08 - 2019-08-08 01:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-10-17 15:08 - 2019-08-08 01:53 - 000000000 ____D C:\Program Files (x86)\Java
2019-10-17 15:07 - 2019-09-28 23:36 - 000000000 ____D C:\Program Files\Java
2019-10-17 14:19 - 2018-05-11 20:50 - 000000000 ____D C:\Windows\system32\Drivers\wd
2019-10-16 12:51 - 2019-07-06 23:35 - 000000000 ___DC C:\Windows\Panther
2019-10-15 16:49 - 2018-05-14 16:34 - 000000000 ____D C:\Program Files\Epic Games
2019-10-15 16:38 - 2018-05-12 17:51 - 000000000 ____D C:\Users\Owner\AppData\Local\D3DSCache
2019-10-14 22:02 - 2019-03-18 20:52 - 000000000 ____D C:\Windows\system32\NDF
2019-10-14 17:40 - 2018-05-17 21:01 - 000000000 ____D C:\Users\Owner\AppData\Local\Ubisoft Game Launcher
2019-10-14 17:30 - 2019-03-13 13:39 - 000000000 ____D C:\Users\Owner\AppData\Roaming\.minecraft
2019-10-14 16:18 - 2019-06-28 23:09 - 000000000 ____D C:\Program Files (x86)\Minecraft Launcher
2019-10-14 16:01 - 2019-08-20 20:22 - 000000000 ____D C:\Users\Owner\AppData\Roaming\.technic
2019-10-14 15:40 - 2019-04-19 20:32 - 000000000 ____D C:\Users\Owner\Documents\Sound recordings
2019-10-14 14:56 - 2018-05-12 18:51 - 000000000 ____D C:\Users\Owner\AppData\Local\PlaceholderTileLogoFolder
2019-10-12 17:16 - 2019-07-16 00:07 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-10-11 12:28 - 2019-07-07 01:02 - 000000000 ____D C:\Users\Owner
2019-10-10 16:32 - 2019-03-18 20:37 - 000524288 _____ C:\Windows\system32\config\BBI
2019-10-09 14:25 - 2019-03-18 20:37 - 000000000 ____D C:\Windows\CbsTemp
2019-10-09 14:24 - 2018-05-11 19:15 - 000000000 ____D C:\Windows\system32\MRT
2019-10-09 14:23 - 2018-05-11 19:15 - 127230528 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories ========

2019-09-20 21:28 - 2019-09-20 21:28 - 000034146 _____ () C:\Users\Owner\AppData\Roaming\VoiceMeeterBananaDefault.xml
2018-12-10 15:42 - 2018-12-10 15:42 - 000007605 _____ () C:\Users\Owner\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Addition.txt

Share this post


Link to post
Share on other sites


Hi,

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Syncing

If the problem persists and Chrome is Synced with other Devices check this out.

https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/

Execute the suggested fix.

Restart the computer normally.
===========

Please post the Fixlog.txt and let me know if your problem is solved.

fixlist.txt

Share this post


Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.