Vordead Posted February 14, 2021 ID:1438686 Share Posted February 14, 2021 After every reboot, a hidden folder gets created named "Dll" in C:\Users\user\AppData\Roaming. This folder contains "dlIhost.exe" and "WinRing0x64.sys". Both are identified as malware (Bitcoin mining) upon scanning with MalwareBytes but MalwareBytes can't detect the malware that keeps on creating this malware. Any help is appreciated. Link to post Share on other sites More sharing options...
kevinf80 Posted February 14, 2021 ID:1438734 Share Posted February 14, 2021 Hello Vordead and welcome to Malwarebytes, Lets gets some logs and see what is happening with your system.. Continue with the following: If you do not have Malwarebytes installed do the following: Download Malwarebytes version 4 from the following link:https://www.malwarebytes.com/mwb-download/thankyou/ Double click on the installer and follow the prompts. When the install completes or Malwarebytes is already installed do the following: Open Malwarebytes, select > small cog wheel top right hand corner, that will open "settings" from there select "Security" tab. Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Clsoe out the settings window, this will take you back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes quarantine any found entries... To get the log from Malwarebytes do the following: Click on the Detection History tab > from main interface. Then click on "History" that will open to a historical list Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options:Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your replyText file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Text file (*.txt), then name the file and save to a place of choice, recommend "Desktop" then attach to reply Next, Download AdwCleaner by Malwarebytes onto your Desktop. Or from this Mirror Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.htmlNote: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... If English is not your primary language right click on FRST, select rename then rename to FRSTEnglish. Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Let me see those logs in your reply... Thank you, Kevin.... Link to post Share on other sites More sharing options...
Vordead Posted February 15, 2021 Author ID:1438962 Share Posted February 15, 2021 Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 2/15/21 Scan Time: 10:57 PM Log File: 60e32abe-6fd0-11eb-b3cc-448a5bd16ad7.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1173 Update Package Version: 1.0.37165 License: Free -System Information- OS: Windows 10 (Build 19042.804) CPU: x64 File System: NTFS User: DESKTOP-PH5A07R\user -Scan Summary- Scan Type: Custom Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 906953 Threats Detected: 2 Threats Quarantined: 2 Time Elapsed: 1 hr, 5 min, 46 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 Bitcoin.Trojan.Miner.DDS, HKU\S-1-5-21-1832223671-1706311693-3573946280-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|MSDllHelper, Quarantined, 1000002, 0, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Bitcoin.Trojan.Miner.DDS, C:\USERS\USER\APPDATA\ROAMING\DLL\DLIHOST.EXE, Quarantined, 1000002, 0, 1.0.37165, 3C6846F1C08211519F6953AB, dds, 01118608, 0637C5B3859FF6AB58C4E6B974F593A3, 6679865270438CB92A3A28249B71D0EF6FDD295F1535597680CF2F4A90277FE6 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) # ------------------------------- # Malwarebytes AdwCleaner 8.1.0.0 # ------------------------------- # Build: 02-15-2021 # Database: 2021-01-11.1 (Local) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 02-16-2021 # Duration: 00:00:07 # OS: Windows 10 Enterprise # Scanned: 3425 # Detected: 0 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ***** [ Hosts File Entries ] ***** No malicious hosts file entries found. ***** [ Preinstalled Software ] ***** No Preinstalled Software found. AdwCleaner[S00].txt - [10852 octets] - [14/02/2021 20:24:50] AdwCleaner[C00].txt - [10193 octets] - [14/02/2021 20:28:37] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ########## Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-02-2021 Ran by user (administrator) on DESKTOP-PH5A07R (MSI MS-7926) (16-02-2021 01:20:40) Running from C:\Users\user\Desktop Loaded Profiles: user Platform: Windows 10 Enterprise Version 20H2 19042.804 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adguard Software Ltd) [File not signed] F:\Program Files (x86)\Adguard\AdguardSvc.exe (Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe (Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\Adobe Installer.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud Helper.exe (Adobe Inc. -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2> (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Adobe Systems Incorporated) C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe (Adobe Systems Incorporated) C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc\AdobeNotificationClient.exe (AVB Disc Soft, SIA -> Disc Soft Ltd) F:\Program Files\DAEMON Tools Ultra\DiscSoftBusServiceUltra.exe (AVB Disc Soft, SIA -> Disc Soft Ltd) F:\Program Files\DAEMON Tools Ultra\DTAgent.exe (AVB Disc Soft, SIA -> Disc Soft Ltd) F:\Program Files\DAEMON Tools Ultra\DTShellHlp.exe (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.9\bin\TrayPopupE\TrayTipAgentE.exe (Creative Technology Ltd) [File not signed] C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe (Discord Inc. -> Discord Inc.) C:\Users\user\AppData\Local\Discord\app-0.0.309\Discord.exe <6> (Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe (Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe <2> (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <25> (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe (Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe (IDSA Production signing key 2021 -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe (IDSA Production signing key 2021 -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (IDSA Production signing key 2021 -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe (Intel(R) Extreme Tuning Utility -> Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe (Intel(R) Software Development Products -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe (Intel(R) Software Development Products -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe (Intel(R) Software Development Products -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> Intel Corporation) C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Malwarebytes Inc -> Malwarebytes) C:\Users\user\Downloads\Programs\adwcleaner_8.1.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <12> (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe <2> (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2101.15643.0_x64__8wekyb3d8bbwe\Cortana.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2012.21.0_x64__8wekyb3d8bbwe\Calculator.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.11102.0_x64__8wekyb3d8bbwe\GameBar.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.11102.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.20122.11121.0_x64__8wekyb3d8bbwe\Music.UI.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe <4> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2101.9-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2101.9-0\NisSrv.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\ECO Center\ECO_Service.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\EyeRest.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\TriggerModeMonitor.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\VideoCardMonitorII.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO.,LTD.) C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Windows\SysWOW64\muachost.exe (Node.js Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe (Node.js Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe (NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2> (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3> (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3> (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (philandro Software GmbH -> philandro Software GmbH) C:\Program Files (x86)\AnyDesk\AnyDesk.exe <2> (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Riot Games, Inc. -> Riot Games, Inc.) C:\Program Files\Riot Vanguard\vgtray.exe (Slack Technologies, Inc. -> Slack Technologies Inc.) C:\Users\user\AppData\Local\slack\app-4.12.2\slack.exe <5> (Spotify AB -> Spotify Ltd) C:\Users\user\AppData\Roaming\Spotify\Spotify.exe <4> (Tonec Inc.) [File not signed] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (TunnelBear, Inc. -> ) F:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MBCfg64] => C:\Windows\system32\MBCfg64.dll [41088 2014-02-21] (Creative Technology Ltd -> Creative Technology Ltd.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9181696 2016-12-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [353400 2021-01-22] (Riot Games, Inc. -> Riot Games, Inc.) HKLM-x32\...\Run: [Sound Blaster Cinema 2] => C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe [1442304 2014-05-30] (Creative Technology Ltd) [File not signed] HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) [File not signed] HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard) HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.9\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] HKLM-x32\...\Run: [OnScreen Control] => C:\Program Files (x86)\LG Electronics\OnScreen Control\bin\OnScreenStartUpApp.exe [1785328 2015-12-14] (LG Electronics Inc. -> TODO: <Company name>) HKLM-x32\...\Run: [Fast Boot] => C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe [759120 2015-04-22] (MICRO-STAR INTERNATIONAL CO., LTD. -> ) HKLM-x32\...\Run: [Super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1028280 2017-11-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) HKLM-x32\...\Run: [Command Center] => C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe [835680 2016-06-14] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) HKLM-x32\...\Run: [LeagueDisplays] => C:\Riot Games\LeagueDisplays\assistant\LeagueDisplaysAssistant.exe /onWindowsStart HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2095672 2020-10-09] (Adobe Inc. -> Adobe Inc.) HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [114824 2020-10-09] (Adobe Inc. -> ) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5641776 2020-09-11] (Adobe Inc. -> Adobe Systems Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [26310800 2020-05-13] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe [286064 2021-01-25] (IDSA Production signing key 2021 -> Intel) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-12-09] (Oracle America, Inc. -> Oracle Corporation) HKU\S-1-5-21-1832223671-1706311693-3573946280-1001\...\Run: [Steam] => F:\Steam\steam.exe [3395360 2020-09-04] (Valve -> Valve Corporation) HKU\S-1-5-21-1832223671-1706311693-3573946280-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [50011008 2021-01-20] (Google LLC -> ) HKU\S-1-5-21-1832223671-1706311693-3573946280-1001\...\Run: [HP Deskjet 3510 series (NET)] => C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.) HKU\S-1-5-21-1832223671-1706311693-3573946280-1001\...\Run: [Discord] => C:\Users\user\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub) HKU\S-1-5-21-1832223671-1706311693-3573946280-1001\...\Run: [EpicGamesLauncher] => F:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32894024 2021-02-06] (Epic Games Inc. -> Epic Games, Inc.) HKU\S-1-5-21-1832223671-1706311693-3573946280-1001\...\Run: [GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 HKU\S-1-5-21-1832223671-1706311693-3573946280-1001\...\Run: [Lync] => C:\Program Files\Microsoft Office\Root\Office16\lync.exe [26319144 2021-02-15] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-1832223671-1706311693-3573946280-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\user\AppData\Local\Microsoft\Teams\Update.exe [2453656 2021-02-11] (Microsoft 3rd Party Application Component -> Microsoft Corporation) HKU\S-1-5-21-1832223671-1706311693-3573946280-1001\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [677512 2020-11-29] (Adobe Inc. -> Adobe Systems Incorporated) HKU\S-1-5-21-1832223671-1706311693-3573946280-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [5468672 2021-02-03] (Tonec Inc.) [File not signed] HKU\S-1-5-21-1832223671-1706311693-3573946280-1001\...\Run: [MicrosoftEdgeAutoLaunch_8714F0D917266FE3AFB7F8BB98EEBC18] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window /prefetch:5 HKU\S-1-5-21-1832223671-1706311693-3573946280-1001\...\Run: [Adguard] => F:\Program Files (x86)\Adguard\Adguard.exe [4337000 2019-12-25] (Adguard Software Limited -> Adguard Software Ltd) HKU\S-1-5-21-1832223671-1706311693-3573946280-1001\...\Run: [DAEMON Tools Ultra Agent] => F:\Program Files\DAEMON Tools Ultra\DTAgent.exe [483184 2020-08-22] (AVB Disc Soft, SIA -> Disc Soft Ltd) HKU\S-1-5-21-1832223671-1706311693-3573946280-1001\...\Run: [DAEMON Tools Ultra Automount] => F:\Program Files\DAEMON Tools Ultra\DTAgent.exe [483184 2020-08-22] (AVB Disc Soft, SIA -> Disc Soft Ltd) HKU\S-1-5-21-1832223671-1706311693-3573946280-1001\...\Run: [com.squirrel.slack.slack] => C:\Users\user\AppData\Local\slack\slack.exe [306856 2021-01-29] (Slack Technologies, Inc. -> Slack Technologies Inc.) HKU\S-1-5-21-1832223671-1706311693-3573946280-1001\...\Run: [Adobe Reader Synchronizer] => "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" HKU\S-1-5-21-1832223671-1706311693-3573946280-1001\...\Run: [Spotify] => C:\Users\user\AppData\Roaming\Spotify\Spotify.exe [25972968 2020-10-11] (Spotify AB -> Spotify Ltd) HKU\S-1-5-21-1832223671-1706311693-3573946280-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [5482544 2020-09-11] (Adobe Inc. -> Adobe Systems Incorporated) HKU\S-1-5-21-1832223671-1706311693-3573946280-1001\...\Run: [CiscoMeetingDaemon] => C:\Users\user\AppData\Local\WebEx\ciscowebexstart.exe [2427592 2021-01-29] (Cisco WebEx LLC -> Cisco Webex LLC) HKU\S-1-5-21-1832223671-1706311693-3573946280-1001\...\Run: [utweb] => "C:\Users\user\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED HKU\S-1-5-21-1832223671-1706311693-3573946280-1001\...\Run: [VScan] => C:\Users\user\AppData\Roaming\Microsoft\VScan.exe [409152 2021-02-03] () [File not signed] HKU\S-1-5-21-1832223671-1706311693-3573946280-1001\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-21-1832223671-1706311693-3573946280-1001\...\Policies\Explorer: [NoLogOff] 0 HKU\S-1-5-21-1832223671-1706311693-3573946280-1001\...\MountPoints2: {6c04a770-e40f-11ea-b991-448a5bd16ad7} - "G:\Autorun.exe" HKU\S-1-5-21-1832223671-1706311693-3573946280-1001\...\MountPoints2: {b1233bcd-e3e7-11ea-b98d-448a5bd16ad7} - "H:\Autorun.exe" HKU\S-1-5-21-1832223671-1706311693-3573946280-1001\...\MountPoints2: {c7455b03-16cd-11eb-b9a0-448a5bd16ad7} - "E:\HiSuiteDownLoader.exe" HKU\S-1-5-21-1832223671-1706311693-3573946280-1001\...\MountPoints2: {ce83e6ff-8724-11ea-b953-448a5bd16ad7} - "G:\HiSuiteDownLoader.exe" HKU\S-1-5-21-1832223671-1706311693-3573946280-1001\...\MountPoints2: {ff8b22a2-4707-11eb-b9b2-448a5bd16ad7} - "E:\HiSuiteDownLoader.exe" HKU\S-1-5-21-1832223671-1706311693-3573946280-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\launcher.scr [2417936 2019-05-09] (Riot Games, Inc. -> ) [File not signed] HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [65488 2020-09-11] (Adobe Inc. -> Adobe Systems Inc) HKLM\...\Print\Monitors\HP AD11 Status Monitor: C:\Windows\system32\hpinkstsAD11LM.dll [331664 2012-06-12] (Hewlett Packard -> Hewlett-Packard Co.) HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Deskjet 3510 series): C:\Windows\system32\HPDiscoPMAD11.dll [741480 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.150\Installer\chrmstp.exe [2021-02-09] (Google LLC -> Google LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2020-12-24] ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Content Manager Assistant for PlayStation(R).lnk [2018-08-05] ShortcutTarget: Content Manager Assistant for PlayStation(R).lnk -> C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe (Sony Interactive Entertainment Inc. -> Sony Interactive Entertainment Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Discord.lnk [2020-12-08] ShortcutTarget: Discord.lnk -> C:\Users\user\AppData\Local\Discord\Update.exe (Discord Inc. -> GitHub) Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Discord.lnk [2020-12-08] ShortcutTarget: Discord.lnk -> C:\Users\user\AppData\Local\Discord\Update.exe (Discord Inc. -> GitHub) Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk [2021-02-15] ShortcutAndArgument: Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk -> C:\WINDOWS\system32\RunDll32.exe => "C:\Program Files\HP\HP Deskjet 3510 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN31O1PK1T05R7;CONNECTION=NW;MONITOR=1; Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2020-06-09] ShortcutTarget: Twitch.lnk -> F:\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc. -> Twitch Interactive, Inc.) ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {078639E0-9C91-4FC4-922F-239615850AA6} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1498512 2021-02-15] (Microsoft Corporation -> Microsoft Corporation) Task: {104B3C2C-E536-46A1-B297-C9A02FE76683} - System32\Tasks\MSISW_Host => C:\Windows\SysWOW64\muachost.exe [1692840 2015-08-18] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) Task: {10BE98C7-1496-4F02-B147-6F1B8A1A5846} - System32\Tasks\MSIGH_Host => C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey.exe [3354296 2019-01-09] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) Task: {17585C33-FC8B-48AB-8864-D303D0251576} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5199792 2021-02-15] (Microsoft Corporation -> Microsoft Corporation) Task: {1CE06E92-A94C-4CC5-9872-912FC4D67346} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-10] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {3117F236-9CB0-4F47-9402-1EFE44F85805} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {3C3363DA-3989-433F-A31E-6AA89E6E0D47} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-02-18] (Google Inc -> Google Inc.) Task: {41098E6D-68E1-47E9-A4A5-BE7712A1F2D3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-10] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {474D4FB0-F7C4-4A7D-B586-1BF79E84F9F8} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646896 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation) Task: {4B68EBEF-C021-46F4-AA6D-ABD68AF83131} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2021-01-11] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log Task: {5728B77E-FAC3-4436-95D1-517DBF07ADD0} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe [64936 2021-01-21] (Microsoft Corporation -> Microsoft) Task: {59E46CF7-4D03-4DF6-9C54-9808D5391B28} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [677344 2021-01-31] (Mozilla Corporation -> Mozilla Foundation) Task: {5EB572A7-9F81-4D50-A2AB-5F71AE0B396B} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation) Task: {6AAEB90C-AEA0-4A77-B29A-83E1C70F45A6} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142216 2021-02-15] (Microsoft Corporation -> Microsoft Corporation) Task: {6B77022E-A2B5-4160-B111-5FA65BE53892} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3302128 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation) Task: {6F70A705-E3B1-4313-8779-10CB5CC9B27E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993800 2021-02-03] (Microsoft Corporation -> Microsoft Corporation) Task: {7EC41BB5-1AD9-4922-979F-9595EC12C46F} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142216 2021-02-15] (Microsoft Corporation -> Microsoft Corporation) Task: {86BB3F82-A761-4BD3-B53E-461C424D282A} - System32\Tasks\HPCustParticipation HP Deskjet 3510 series => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe [4119656 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.) Task: {87929949-7B06-4A39-B041-778C31FD0A54} - \R@1n-KMS\Office16ProPlus -> No File <==== ATTENTION Task: {AA5B639F-68E3-4349-971D-693BE22019DB} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe Task: {AB4C29D4-EDB2-477E-940A-0A1D55A82F34} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [1328392 2015-11-21] (Intel(R) Software -> Intel Corporation) Task: {AD38E018-1941-4DFD-9D66-CFC0209D55E2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-10] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {AF2AD3B7-5905-46C7-93EC-23160A9B0B19} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906480 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation) Task: {B25251A9-68A7-41D4-823D-D6B58E42E971} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [862 2019-04-30] () [File not signed] Task: {B5C67440-BE66-4C0C-A438-A7F1D0DA4C6E} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3087184 2020-03-10] (Intel(R) Software Development Products -> Intel Corporation) Task: {B8E3F3CA-5A58-4B81-AD7B-BF6785777189} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2021-01-11] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log Task: {B93C5C4D-1D7A-48D0-B6BF-9E071E46D781} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation) Task: {C1C702AF-185F-4A26-84DB-7654E70AF1F4} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation) Task: {C6404704-CC39-4610-B78F-7FF555CD33BF} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs" Task: {D69BF82D-529B-4EF0-834E-71105D4ECB62} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-02-18] (Google Inc -> Google Inc.) Task: {E024B7FE-10CD-47FF-96DA-989FCD43C3AD} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906480 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation) Task: {E175B969-98C7-4E41-A889-7B3DEAA5046B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-10] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {E1C0B4B5-B1CE-469D-8F6B-64B1BD4748FA} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3087184 2020-03-10] (Intel(R) Software Development Products -> Intel Corporation) Task: {E434A055-7A1B-481B-A112-4CD92AED631A} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe Task: {E4D0ACE2-38F2-4287-8CEF-06224CAE03B6} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993800 2021-02-03] (Microsoft Corporation -> Microsoft Corporation) Task: {F109144C-A8EA-44D0-97F9-F6FF03702F4D} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation) Task: {F8BB8A2F-E3EA-4D4A-8743-2075CF0DB9FD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5199792 2021-02-15] (Microsoft Corporation -> Microsoft Corporation) Task: {FAAD7144-C9C1-4EFF-8040-5AC321DB9E89} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\MSIGH_Host.job => C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey.exe Task: C:\WINDOWS\Tasks\MSISW_Host.job => C:\WINDOWS\SysWOW64\muachost.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{13cc80c2-2fdc-4a44-984f-5df64ba06440}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{181ee7cf-6df3-4865-8433-f630fc6aaad7}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{52afd339-9e53-40b1-bd4b-3fcefff2d7f2}: [DhcpNameServer] 192.168.1.1 Edge: ======= DownloadDir: C:\Users\user\Downloads Edge Notifications: HKU\S-1-5-21-1832223671-1706311693-3573946280-1001 -> hxxps://www.facebook.com; hxxps://www.youtube.com; hxxps://messages.android.com; hxxps://euw.op.gg Edge Extension: (AdBlock — best ad blocker) -> EdgeExtension_BetaFishAdBlock_c1wakc4j0nefm => C:\Program Files\WindowsApps\BetaFish.AdBlock_2.13.0.0_neutral__c1wakc4j0nefm [2020-08-15] Edge DefaultProfile: Default Edge Profile: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-16] Edge DefaultSearchURL: Default -> hxxps://www.google.com.lb/search?q={searchTerms}&ie={inputEncoding?}&oe={outputEncoding?} Edge DefaultSearchKeyword: Default -> google.com.lb Edge Extension: (YouTube) - C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\adnlfjpnmidfimlkaohpidplnoimahfh [2020-10-15] Edge Extension: (Grammarly for Microsoft Edge) - C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cnlefmmeadmemmdciolhbnfeacpdfbkd [2021-02-10] Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2021-02-01] Edge Extension: (Tab Modifier) - C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hcbgadmbdkiilgpifjgcakjehmafcjai [2020-07-29] Edge Extension: (IDM Integration Module) - C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\llbjbkhnmlidjebalopleeepgdfgcpec [2021-02-03] Edge Extension: (Project Naptha) - C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\molncoemjfmpgdkbdlbjmhlcgniigdnf [2020-05-18] Edge Extension: (Tabs Aside) - C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nboikgnmjgjcnnhencinblbaikdccdlb [2020-11-25] Edge Extension: (AdBlock — best ad blocker) - C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ndcileolkflehcjpmjnfbnaibdcgglog [2021-01-15] Edge Extension: (IDM Integration Module) - C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2020-11-17] Edge Extension: (Netflix Party is now Teleparty) - C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\oocalimimngaihdkbihfgmpkcpnmlaoa [2021-01-03] Edge Extension: (Speedtest by Ookla) - C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pgjjikdiikihdfpoppgaidccahalehjh [2020-04-29] Edge HKU\S-1-5-21-1832223671-1706311693-3573946280-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [llbjbkhnmlidjebalopleeepgdfgcpec] - C:\Program Files (x86)\Internet Download Manager\IDMEdgeExt.crx [2020-12-25] FireFox: ======== FF DefaultProfile: k802u2en.default FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\k802u2en.default [2021-01-01] FF NewTab: Mozilla\Firefox\Profiles\k802u2en.default -> hxxps://securesearch.org/homepage?hp=2&pId=BT171002&iDate=2021-01-01 08:56:45&iid=984c2fa1-39de-4107-91ea-adba4ce07d6e&bName= FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ze7s1hqw.default-release [2021-02-03] FF NewTab: Mozilla\Firefox\Profiles\ze7s1hqw.default-release -> hxxps://securesearch.org/homepage?hp=2&pId=BT171002&iDate=2021-01-01 08:56:45&iid=984c2fa1-39de-4107-91ea-adba4ce07d6e&bName= FF Extension: (IDM Integration Module) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ze7s1hqw.default-release\Extensions\mozilla_cc3@internetdownloadmanager.com.xpi [2021-02-03] FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2019-12-02] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF HKU\S-1-5-21-1832223671-1706311693-3573946280-1001\...\Firefox\Extensions: [mozilla_cc3@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi FF Extension: (IDM Integration Module) - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi [2020-11-14] FF HKU\S-1-5-21-1832223671-1706311693-3573946280-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\user\AppData\Roaming\IDM\idmmzcc5 FF Extension: (IDM CC) - C:\Users\user\AppData\Roaming\IDM\idmmzcc5 [2020-05-23] [Legacy] [not signed] FF HKU\S-1-5-21-1832223671-1706311693-3573946280-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy] FF Plugin: @java.com/DTPlugin,version=11.281.2 -> C:\Program Files\Java\jre1.8.0_281\bin\dtplugin\npDeployJava1.dll [2021-02-01] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.281.2 -> C:\Program Files\Java\jre1.8.0_281\bin\plugin2\npjp2.dll [2021-02-01] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-01-23] (Adobe Systems Incorporated -> Adobe Systems) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-02-02] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2020-09-11] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-01-23] (Adobe Systems Incorporated -> Adobe Systems) FF Plugin HKU\S-1-5-21-1832223671-1706311693-3573946280-1001: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\user\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [No File] Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2021-02-16] CHR Extension: (Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-18] CHR Extension: (Just Black) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aghfnjkcakhmadgdomlmlhhaocbkloab [2020-08-01] CHR Extension: (Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-18] CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-25] CHR Extension: (MP3Juices) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apiobadkjedgkkookeomfffejnkhebai [2020-06-18] CHR Extension: (AdGuard AdBlocker) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2020-12-24] CHR Extension: (DartPad) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjfpfmamflkamlicihojhlhgdkhfdbde [2021-02-15] CHR Extension: (Volume Booster) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkfjjkednolkdhclcoicgbfpccgihknm [2020-09-15] CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-18] CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-01-29] CHR Extension: (Adobe Acrobat) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-12-16] CHR Extension: (Krypton INTERNET) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\efnaealaphfhecmhnalmhjacjnpfliad [2020-10-12] CHR Extension: (Dark Reader) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimadpbcbfnmbkopoojfekhnkhdbieeh [2021-02-06] CHR Extension: (Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-18] CHR Extension: (Readings | Software Construction | Electrical Engineering and Computer Science | MIT OpenCourseWare) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fggdhgpbncbmiomcgpbgbagbfnpancgf [2020-11-06] CHR Extension: (Animepahe) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkgeadjppdgkhlgonmodnknglcnokame [2020-11-18] CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-18] CHR Extension: (Tab Modifier) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcbgadmbdkiilgpifjgcakjehmafcjai [2020-07-29] CHR Extension: (Export List of Followers from Instagram) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdbfckhdcpepllecbkaaojfgipnpbpb [2020-12-15] CHR Extension: (Screen Recorder) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hniebljpgcogalllopnjokppmgbhaden [2021-02-10] CHR Extension: (AUB Moodle) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfbapfhcmappopambkdgnbjopmbeclin [2020-09-15] CHR Extension: (Cisco Webex Extension) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2020-09-15] CHR Extension: (Grammarly for Chrome) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-02-15] CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-01-23] CHR Extension: (Tabs Aside) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nboikgnmjgjcnnhencinblbaikdccdlb [2020-11-25] CHR Extension: (Video Speed Controller) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffaoalbilbmmfgbnbgppjihopabppdk [2020-10-05] CHR Extension: (IDM Integration Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2020-11-18] CHR Extension: (TeamDynamix Version 11.2) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\njledbjfgaeoamhjkaeafoejfiojicoh [2020-12-09] CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29] CHR Extension: (Aniwatch) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\oibhbpmgdiicoccgpdocickmlkibfaeg [2020-10-18] CHR Extension: (Netflix Party is now Teleparty) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\oocalimimngaihdkbihfgmpkcpnmlaoa [2021-01-03] CHR Extension: (Android Developers) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\opfncoefigdklmipfplhopnijgjjgcfh [2021-01-11] CHR Extension: (Speedtest by Ookla) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjjikdiikihdfpoppgaidccahalehjh [2020-04-29] CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22] CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-29] CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile [2020-05-18] CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2020-12-25] CHR HKU\S-1-5-21-1832223671-1706311693-3573946280-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2020-12-25] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Adguard Service; F:\Program Files (x86)\Adguard\AdguardSvc.exe [163840 2019-12-26] (Adguard Software Ltd) [File not signed] R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [852024 2020-10-09] (Adobe Inc. -> Adobe Inc.) R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3739728 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3511376 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated) R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [3706832 2020-12-24] (philandro Software GmbH -> philandro Software GmbH) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8577760 2019-03-25] (BattlEye Innovations e.K. -> ) S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2018-05-07] (BitRaider LLC -> BitRaider, LLC) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8905608 2021-02-03] (Microsoft Corporation -> Microsoft Corporation) R3 Disc Soft Ultra Bus Service; F:\Program Files\DAEMON Tools Ultra\DiscSoftBusServiceUltra.exe [7262064 2020-08-22] (AVB Disc Soft, SIA -> Disc Soft Ltd) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [811120 2020-06-07] (EasyAntiCheat Oy -> Epic Games, Inc) S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [410864 2021-01-25] (NVIDIA Corporation -> NVIDIA) R2 GamingApp_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe [46776 2018-09-06] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) R2 GamingHotkey_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe [2027192 2019-01-09] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [190784 2018-12-12] (Huawei Technologies Co., Ltd. -> ) [File not signed] R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed] S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-01-21] (Malwarebytes Inc -> Malwarebytes) S3 MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService.exe [4163680 2016-09-09] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) S3 MSICOMM_CC; C:\Program Files (x86)\MSI\Command Center\MSICommService.exe [2206304 2017-01-06] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) S3 MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService.exe [4172896 2017-02-24] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) R2 MSICTL_CC; C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe [2102880 2017-02-15] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) R2 MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe [2330296 2017-09-07] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) S3 MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe [2076768 2016-12-05] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) S3 MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe [611936 2017-02-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) R2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe [86688 2018-07-25] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) R2 MSI_ECOSERVICE; C:\Program Files (x86)\MSI\ECO Center\ECO_Service.exe [2266280 2015-03-28] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) R2 MSI_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [113336 2017-12-21] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2333328 2020-05-13] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [183480 2019-02-14] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2523448 2020-12-02] (Electronic Arts, Inc. -> Electronic Arts) R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3478336 2020-12-02] (Electronic Arts, Inc. -> Electronic Arts) S3 Rockstar Service; F:\Program Files\Launcher\RockstarService.exe [1352832 2020-11-09] (Rockstar Games, Inc. -> Rockstar Games) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-15] (Microsoft Windows Publisher -> Microsoft Corporation) R2 TunnelBearMaintenance; F:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe [113024 2018-02-12] (TunnelBear, Inc. -> ) S3 VBoxSDS; F:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [746944 2021-01-07] (Oracle Corporation -> Oracle Corporation) S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [10091440 2021-01-22] (Riot Games, Inc. -> Riot Games, Inc.) S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [147392 2019-04-30] (Microsoft Corporation -> Microsoft Corporation) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\NisSrv.exe [2462960 2021-02-10] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MsMpEng.exe [128376 2021-02-10] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 adgnetworktdidrv; C:\WINDOWS\System32\drivers\adgnetworktdidrv.sys [67800 2019-09-18] (Microsoft Windows Hardware Compatibility Publisher -> ) S2 cmdrv64; C:\WINDOWS\system32\drivers\cmdrv64.sys [371528 2020-04-28] (HT Srl -> ) [File not signed] R3 dtultrascsibus; C:\WINDOWS\System32\drivers\dtultrascsibus.sys [30264 2020-08-22] (Disc Soft Ltd -> Disc Soft Ltd) R3 dtultrausbbus; C:\WINDOWS\System32\drivers\dtultrausbbus.sys [47672 2020-08-22] (Disc Soft Ltd -> Disc Soft Ltd) S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [34368 2018-01-16] (CHENGDU YIWO Tech Development Co., Ltd. -> ) R0 EPMVolFlt; C:\WINDOWS\System32\drivers\EPMVolFlt.sys [30320 2017-11-23] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows (R) Codename Longhorn DDK provider) S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10848 2016-07-11] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2018-12-12] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) R3 I2cHkBurn; C:\WINDOWS\system32\drivers\I2cHkBurn.sys [41760 2015-07-27] (Feature Integration Technology -> FINTEK Corp.) R3 kmloop; C:\WINDOWS\System32\drivers\loop.sys [17408 2019-12-07] (Microsoft Windows -> Microsoft Corporation) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220600 2021-02-10] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-01-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-02-14] (Malwarebytes Inc -> Malwarebytes) R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [83984 2019-06-11] (Insecure.Com LLC -> Insecure.Com LLC.) R1 npf; C:\WINDOWS\system32\DRIVERS\npf.sys [83984 2019-06-11] (Insecure.Com LLC -> Insecure.Com LLC.) R3 NTIOLib_ECO; C:\Program Files (x86)\MSI\ECO Center\NTIOLib_X64.sys [13808 2014-01-07] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) R3 NTIOLib_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [14288 2017-03-29] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) R3 NTIOLib_MBAPI; C:\Program Files (x86)\MSI\Gaming APP\Lib\NTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) R3 NTIOLib_MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\NTIOLib_X64.sys [13368 2012-11-27] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) S3 NTIOLib_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [14288 2017-03-15] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) U5 PROCMON24; C:\Windows\System32\Drivers\PROCMON24.sys [92008 2021-02-14] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals - www.sysinternals.com) R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> ) S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> ) R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions) S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2018-01-31] (TunnelBear, Inc. -> The OpenVPN Project) R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project) R3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [239872 2021-01-07] (Oracle Corporation -> Oracle Corporation) R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [249776 2021-01-07] (Oracle Corporation -> Oracle Corporation) R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [5782360 2021-01-22] (Riot Games, Inc. -> Riot Games, Inc.) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49552 2021-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [419040 2021-02-10] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [71912 2021-02-10] (Microsoft Windows -> Microsoft Corporation) U4 npcap_wifi; no ImagePath U4 npf_wifi; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-02-16 01:20 - 2021-02-16 01:21 - 000057206 _____ C:\Users\user\Desktop\FRST.txt 2021-02-15 23:17 - 2021-02-15 23:17 - 000002685 _____ C:\Users\user\Desktop\DartPad.lnk 2021-02-15 20:14 - 2021-02-15 20:15 - 000000000 ____D C:\Users\user\Desktop\Spring 20-21 2021-02-15 13:52 - 2021-02-16 00:18 - 000000000 ___HD C:\Users\user\AppData\Roaming\Dll 2021-02-15 01:36 - 2021-02-15 13:52 - 000000000 ____D C:\Users\user\AppData\Local\D3DSCache 2021-02-15 00:16 - 2021-02-14 14:40 - 122683392 _____ C:\WINDOWS\system32\config\SOFTWARE 2021-02-15 00:13 - 2021-02-15 00:16 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware 2021-02-14 21:52 - 2021-02-15 00:37 - 000001296 _____ C:\Users\user\Desktop\test.sml 2021-02-14 20:32 - 2021-02-15 22:58 - 000000000 ____D C:\Users\user\AppData\LocalLow\IGDump 2021-02-14 20:30 - 2021-02-16 01:21 - 000000000 ____D C:\FRST 2021-02-14 20:29 - 2021-02-16 01:18 - 002297856 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe 2021-02-14 20:24 - 2021-02-14 20:28 - 000000000 ____D C:\AdwCleaner 2021-02-14 15:21 - 2021-02-15 01:57 - 000000000 ____D C:\Users\user\.VirtualBox 2021-02-14 15:21 - 2021-02-15 01:37 - 000000000 ____D C:\ProgramData\VirtualBox 2021-02-14 15:21 - 2021-02-14 15:21 - 000000896 _____ C:\ProgramData\Desktop\Oracle VM VirtualBox.lnk 2021-02-14 15:21 - 2021-02-14 15:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox 2021-02-14 15:21 - 2021-01-07 10:18 - 001037824 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxDrv.sys 2021-02-14 15:21 - 2021-01-07 10:18 - 000187888 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys 2021-02-14 14:24 - 2021-02-14 14:24 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2021-02-14 14:21 - 2021-02-14 18:34 - 000092008 ____H (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCMON24.SYS 2021-02-14 14:12 - 2021-02-15 22:48 - 000000000 ____D C:\Users\user\AppData\Roaming\DMCache 2021-02-14 12:54 - 2021-02-14 12:54 - 000001425 _____ C:\WINDOWS\system32\default_error_stack-000056-000000.txt 2021-02-13 20:17 - 2021-02-13 20:17 - 000000000 ____D C:\Users\user\AppData\Local\Pub 2021-02-13 19:52 - 2021-02-13 19:52 - 000000025 _____ C:\Users\user\AppData\Roaming\.flutter_settings 2021-02-13 19:04 - 2021-02-13 19:04 - 000000000 ____D C:\Users\user\AppData\Roaming\.flutter-devtools 2021-02-13 19:04 - 2021-02-13 19:04 - 000000000 ____D C:\Users\user\AppData\Local\JxBrowser 2021-02-13 18:56 - 2021-02-13 18:56 - 000000000 ____D C:\Users\user\AppData\Local\.dartServer 2021-02-13 18:32 - 2021-02-13 18:56 - 000000000 ____D C:\Users\user\AppData\Roaming\.dart 2021-02-13 18:30 - 2021-02-13 18:35 - 000000078 _____ C:\Users\user\AppData\Roaming\.flutter 2021-02-13 18:29 - 2021-02-13 20:17 - 000000125 _____ C:\Users\user\AppData\Roaming\.flutter_tool_state 2021-02-13 18:25 - 2021-02-13 18:25 - 000000000 ____D C:\src 2021-02-12 19:15 - 2021-02-12 19:15 - 000399533 _____ C:\Users\user\Downloads\sml-intro.pdf 2021-02-12 12:56 - 2021-02-12 12:56 - 000015121 _____ C:\Users\user\Downloads\CMPS277_LAB_Sections.xlsx 2021-02-11 21:07 - 2021-02-11 21:07 - 000009510 _____ C:\Users\user\Downloads\proj-12-delivery-app.csv 2021-02-11 17:14 - 2021-02-11 17:14 - 000002363 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk 2021-02-11 17:14 - 2021-02-11 17:14 - 000000000 ____D C:\Users\user\AppData\Roaming\Teams 2021-02-10 18:55 - 2021-02-10 18:55 - 000220600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2021-02-10 16:48 - 2021-02-10 16:48 - 000238748 _____ C:\Users\user\Downloads\Circ aux Parents évaluations 2nd trimestre-1.pdf 2021-02-10 12:53 - 2021-02-10 12:53 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2021-02-10 12:52 - 2021-02-10 12:52 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2021-02-10 12:52 - 2021-02-10 12:52 - 001314112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2021-02-10 12:52 - 2021-02-10 12:52 - 000231232 _____ C:\WINDOWS\system32\containerdevicemanagement.dll 2021-02-10 12:52 - 2021-02-10 12:52 - 000010892 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2021-02-10 11:39 - 2021-02-10 11:39 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000055-000000.txt 2021-02-10 00:39 - 2021-02-10 00:40 - 004111010 _____ C:\Users\user\Downloads\screen-capture.webm 2021-02-08 19:14 - 2021-02-08 19:14 - 000004096 ____H C:\Users\user\_.swp 2021-02-08 19:14 - 2021-02-08 19:14 - 000000983 _____ C:\Users\user\_viminfo 2021-02-08 19:13 - 2021-02-08 19:13 - 000000882 _____ C:\ProgramData\Desktop\gVim Read only 8.2.lnk 2021-02-08 19:13 - 2021-02-08 19:13 - 000000882 _____ C:\ProgramData\Desktop\gVim Easy 8.2.lnk 2021-02-08 19:13 - 2021-02-08 19:13 - 000000876 _____ C:\ProgramData\Desktop\gVim 8.2.lnk 2021-02-08 19:13 - 2021-02-08 19:13 - 000000000 ____D C:\Users\user\vimfiles 2021-02-08 19:13 - 2021-02-08 19:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vim 8.2 2021-02-08 01:02 - 2021-02-08 01:02 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000054-000000.txt 2021-02-07 18:57 - 2021-02-07 18:57 - 000617942 _____ C:\Users\user\Downloads\Introduction-Spring-2020-21 (1).pptx 2021-02-06 13:26 - 2021-02-06 13:26 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000053-000000.txt 2021-02-06 13:15 - 2021-02-06 13:15 - 000000000 ___HD C:\$SysReset 2021-02-05 17:17 - 2021-02-10 01:18 - 000000000 ____D C:\Users\user\Desktop\CMPS Gamers 2021-02-05 12:12 - 2021-02-05 12:12 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000052-000000.txt 2021-02-05 12:02 - 2021-02-05 12:02 - 001741399 _____ C:\Users\user\Downloads\Apply to AI Ready Academy!.pdf 2021-02-04 11:40 - 2021-02-04 11:40 - 000585728 _____ C:\Users\user\Documents\Database2.accdb 2021-02-03 23:26 - 2021-02-03 23:26 - 000617942 _____ C:\Users\user\Downloads\Introduction-Spring-2020-21.pptx 2021-02-03 12:02 - 2021-02-03 12:02 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000051-000000.txt 2021-02-03 11:16 - 2021-02-03 11:16 - 000000000 ____D C:\Program Files (x86)\Passfab Toolkit 2021-02-02 21:20 - 2021-02-12 21:52 - 000002088 _____ C:\Users\user\Desktop\mhh61.sml 2021-02-02 20:43 - 2021-02-02 20:43 - 000001034 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SML of New Jersey.lnk 2021-02-02 13:40 - 2021-02-08 22:29 - 000000000 ____D C:\Users\user\AppData\Local\Deployment 2021-02-01 17:47 - 2021-02-01 17:47 - 000000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom 2021-02-01 14:40 - 2021-02-01 14:40 - 000000191 _____ C:\Users\user\.gitconfig 2021-02-01 14:39 - 2021-02-01 20:40 - 000000000 ____D C:\Users\user\AppData\Roaming\GitHub Desktop 2021-02-01 14:39 - 2021-02-01 14:39 - 000002350 _____ C:\Users\user\Desktop\GitHub Desktop.lnk 2021-02-01 14:39 - 2021-02-01 14:39 - 000000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc 2021-02-01 14:39 - 2021-02-01 14:39 - 000000000 ____D C:\Users\user\AppData\Local\GitHubDesktop 2021-02-01 14:24 - 2021-02-01 14:24 - 000000000 ____D C:\Users\user\AppData\Roaming\Sun 2021-01-31 21:48 - 2021-01-31 21:48 - 000088302 _____ C:\Users\user\Desktop\WhatsApp Image 2021-01-31 at 9.47.32 PM.jpeg 2021-01-31 18:02 - 2021-01-31 18:02 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla 2021-01-31 17:44 - 2021-02-03 12:03 - 000000000 ____D C:\Program Files\Mozilla Firefox 2021-01-31 14:52 - 2021-01-31 14:52 - 000000000 ____D C:\Users\user\Documents\PowerDesigner Libraries 2021-01-31 14:52 - 2021-01-31 14:52 - 000000000 ____D C:\Users\user\AppData\Roaming\PowerDesigner 2021-01-31 14:52 - 2021-01-31 14:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAP 2021-01-31 14:52 - 2021-01-31 14:52 - 000000000 ____D C:\Program Files\SAP 2021-01-31 14:51 - 2021-01-31 14:54 - 000000000 ____D C:\ProgramData\PowerDesigner 16 2021-01-31 01:39 - 2021-02-01 14:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2021-01-31 01:39 - 2021-01-31 01:39 - 000000000 ____D C:\Users\user\AppData\Roaming\java 2021-01-31 01:39 - 2021-01-31 01:39 - 000000000 ____D C:\ProgramData\Sun 2021-01-31 01:39 - 2021-01-31 01:39 - 000000000 ____D C:\ProgramData\Oracle 2021-01-31 01:38 - 2021-01-31 01:38 - 000000000 ____D C:\Users\user\AppData\LocalLow\Sun 2021-01-30 03:13 - 2021-01-30 03:13 - 000000922 _____ C:\Users\user\.bash_history 2021-01-30 03:02 - 2021-01-30 03:02 - 000000933 _____ C:\Users\user\.viminfo 2021-01-30 02:36 - 2021-01-30 02:50 - 000000000 ____D C:\Users\user\Desktop\test 2021-01-29 20:36 - 2021-01-29 20:36 - 000050026 _____ C:\Users\user\Downloads\Projects Roster.pptx 2021-01-29 10:45 - 2021-01-29 10:45 - 000113065 _____ C:\Users\user\Downloads\Syllabus.pdf 2021-01-28 15:09 - 2021-01-28 15:09 - 000139745 _____ C:\Users\user\Desktop\test.pptx 2021-01-26 17:57 - 2021-01-27 03:31 - 000000000 ____D C:\Users\user\Desktop\comp 2021-01-24 19:13 - 2021-01-24 19:13 - 006091286 _____ C:\Users\user\Downloads\arab-middle-class-measurement-role-change-english.pdf 2021-01-24 18:34 - 2021-01-24 18:34 - 000000000 ____D C:\Users\user\Documents\RR 2021-01-24 13:49 - 2021-01-24 13:49 - 002467914 _____ C:\Users\user\Downloads\MiddleClassAndPro-PoorGrowthInEgyp_preview.pdf 2021-01-24 13:41 - 2021-01-24 13:41 - 000000000 ____D C:\Users\user\AppData\LocalLow\uTorrent 2021-01-24 03:10 - 2021-01-24 03:10 - 000359782 _____ C:\Users\user\Downloads\Political Changes and the Middle Class in Egypt.pdf 2021-01-24 02:45 - 2021-01-24 02:45 - 000001312 _____ C:\Users\user\Desktop\Strategy - Shortcut.lnk 2021-01-23 18:15 - 2021-01-24 03:23 - 000000000 ____D C:\Users\user\Space Shooter 2021-01-23 15:01 - 2021-01-23 15:01 - 002237546 _____ C:\Users\user\Desktop\Space Shooter.unitypackage 2021-01-23 00:34 - 2021-01-23 00:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2019 Tools for Unity 2021-01-23 00:34 - 2021-01-23 00:34 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio Tools for Unity 2021-01-22 02:28 - 2021-01-22 02:28 - 000001799 _____ C:\Users\user\Desktop\Visual Studio 2019.lnk 2021-01-22 00:33 - 2021-01-23 00:34 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs 2021-01-22 00:33 - 2021-01-22 00:33 - 000000000 ____D C:\Program Files (x86)\Windows Kits 2021-01-21 18:59 - 2021-01-21 18:58 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2021-01-21 18:54 - 2021-01-21 18:54 - 000000000 ____D C:\Users\user\AppData\Local\IdentityNexusIntegration 2021-01-21 18:51 - 2021-01-21 18:51 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000050-000000.txt 2021-01-21 18:49 - 2021-01-21 18:49 - 000000000 ____D C:\ProgramData\dbg 2021-01-21 18:47 - 2021-01-21 18:47 - 000000000 ____D C:\Users\user\source 2021-01-21 18:34 - 2021-01-22 00:47 - 000000000 ____D C:\Users\user\Documents\Visual Studio 2019 2021-01-21 18:33 - 2021-02-03 20:30 - 000000000 ____D C:\Users\user\AppData\Local\.IdentityService 2021-01-21 18:33 - 2021-01-21 18:33 - 000001799 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2019.lnk 2021-01-21 18:33 - 2021-01-21 18:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2019 2021-01-21 17:53 - 2021-01-23 14:53 - 000000000 ____D C:\Users\user\AppData\Roaming\Visual Studio Setup 2021-01-21 17:53 - 2021-01-21 17:53 - 000001359 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk 2021-01-21 17:53 - 2021-01-21 17:53 - 000000000 ____D C:\Users\user\AppData\Local\ServiceHub 2021-01-21 17:52 - 2021-01-21 18:33 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 2021-01-21 17:52 - 2021-01-21 17:52 - 000000000 ____D C:\Users\user\AppData\Roaming\Microsoft Visual Studio 2021-01-21 17:50 - 2021-01-21 17:50 - 000000000 ____D C:\ProgramData\Microsoft Visual Studio 2021-01-21 02:47 - 2021-01-23 18:17 - 000000000 ____D C:\Users\user\AppData\LocalLow\DefaultCompany 2021-01-21 02:44 - 2021-01-23 02:26 - 000000000 ____D C:\Users\user\MyFirstGame 2021-01-21 02:44 - 2021-01-23 01:56 - 000000000 ____D C:\Users\user\AppData\Roaming\Unity 2021-01-21 02:44 - 2021-01-21 02:47 - 000000000 ____D C:\Users\user\AppData\LocalLow\Unity 2021-01-21 02:32 - 2021-01-21 02:44 - 000000000 ____D C:\Users\user\AppData\Local\Unity 2021-01-21 02:30 - 2021-01-21 02:30 - 000000836 _____ C:\ProgramData\Desktop\Unity 2019.4.18f1 (64-bit).lnk 2021-01-21 02:30 - 2021-01-21 02:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity 2019.4.18f1 (64-bit) 2021-01-21 01:21 - 2021-01-21 01:21 - 000000000 ____D C:\ProgramData\Unity 2021-01-21 00:40 - 2021-01-24 03:23 - 000000000 ____D C:\Users\user\AppData\Roaming\UnityHub 2021-01-21 00:40 - 2021-01-21 00:40 - 000000000 ____D C:\Users\user\AppData\Roaming\Unity Hub 2021-01-21 00:39 - 2021-01-21 00:39 - 000000952 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity Hub.lnk 2021-01-21 00:39 - 2021-01-21 00:39 - 000000952 _____ C:\ProgramData\Desktop\Unity Hub.lnk 2021-01-21 00:39 - 2021-01-21 00:39 - 000000000 ____D C:\Users\user\AppData\Local\unityhub-updater 2021-01-17 03:00 - 2021-01-17 03:00 - 000000058 _____ C:\Users\user\Desktop\asd.txt ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-02-16 01:20 - 2020-08-19 21:21 - 000000000 ____D C:\ProgramData\Adguard 2021-02-16 01:19 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-02-16 01:17 - 2020-10-06 16:01 - 000000000 ____D C:\Users\user\AppData\Roaming\Slack 2021-02-16 01:17 - 2018-02-17 14:21 - 000000000 ____D C:\Users\user\AppData\Roaming\WhatsApp 2021-02-16 00:54 - 2018-12-23 19:48 - 000000000 ____D C:\Users\user\AppData\Roaming\discord 2021-02-16 00:17 - 2020-07-30 15:37 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2021-02-16 00:15 - 2020-10-11 13:33 - 000000000 ____D C:\Users\user\AppData\Roaming\Spotify 2021-02-15 23:17 - 2020-06-12 02:37 - 000000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps 2021-02-15 22:56 - 2020-07-30 15:43 - 000840662 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-02-15 22:56 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF 2021-02-15 22:55 - 2018-02-12 18:25 - 000000000 ____D C:\ProgramData\NVIDIA 2021-02-15 22:54 - 2020-06-07 20:04 - 000000001 _____ C:\WINDOWS\vgkbootstatus.dat 2021-02-15 22:54 - 2020-04-06 18:13 - 000000000 ___RD C:\Users\user\Creative Cloud Files 2021-02-15 22:53 - 2020-10-07 22:08 - 000000000 ___RD C:\Users\user\OneDrive - American University of Beirut 2021-02-15 22:53 - 2018-03-03 18:11 - 000000000 ___RD C:\Users\user\Google Drive 2021-02-15 22:53 - 2018-02-13 02:58 - 000000000 ___RD C:\Users\user\OneDrive 2021-02-15 22:51 - 2020-07-30 15:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-02-15 22:51 - 2020-07-30 15:37 - 000008192 ___SH C:\DumpStack.log.tmp 2021-02-15 22:51 - 2020-06-07 20:00 - 000000000 ____D C:\Program Files\Riot Vanguard 2021-02-15 22:48 - 2020-08-21 17:54 - 000000000 ____D C:\Program Files (x86)\AnyDesk 2021-02-15 22:06 - 2019-08-31 20:33 - 000000000 ____D C:\Users\user\AppData\Roaming\Code 2021-02-15 20:52 - 2018-02-14 01:07 - 000000000 ____D C:\Users\user\AppData\Roaming\vlc 2021-02-15 20:20 - 2020-04-06 18:27 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData 2021-02-15 20:09 - 2020-07-30 15:45 - 000004166 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{99873555-FF0F-4498-BE3C-3B5574DA9241} 2021-02-15 19:05 - 2019-09-01 13:26 - 390353081 _____ C:\Users\user\Desktop\April 10.zip 2021-02-15 16:37 - 2018-02-13 23:52 - 000000000 ____D C:\ProgramData\Riot Games 2021-02-15 15:52 - 2020-08-21 02:54 - 000000000 ____D C:\Users\user\Downloads\Compressed 2021-02-15 01:28 - 2019-08-27 15:51 - 000000000 ____D C:\Program Files\Microsoft Office 2021-02-15 00:16 - 2020-05-23 22:28 - 000000000 ____D C:\Users\user\Downloads\Video 2021-02-14 17:07 - 2018-03-05 23:22 - 000000000 ____D C:\Users\user\.android 2021-02-14 14:44 - 2018-06-20 00:12 - 000007612 _____ C:\Users\user\AppData\Local\Resmon.ResmonCfg 2021-02-14 14:42 - 2020-10-11 13:33 - 000000000 ____D C:\Users\user\AppData\Local\Spotify 2021-02-14 14:40 - 2019-12-07 11:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2021-02-13 20:38 - 2020-12-22 01:01 - 000000000 ____D C:\Users\user\.gradle 2021-02-13 20:34 - 2020-12-22 01:00 - 000000000 ____D C:\Users\user\AndroidStudioProjects 2021-02-13 19:56 - 2020-07-30 15:45 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1832223671-1706311693-3573946280-1001 2021-02-13 19:56 - 2020-07-30 15:37 - 000002364 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-02-13 17:01 - 2020-03-07 22:34 - 000000000 ____D C:\Users\user\AppData\LocalLow\WebEx 2021-02-13 16:08 - 2020-03-07 22:34 - 000000000 ____D C:\Users\user\AppData\Local\WebEx 2021-02-13 14:08 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps 2021-02-13 14:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-02-13 13:44 - 2018-02-13 12:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2021-02-13 12:56 - 2020-04-28 22:07 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-02-12 18:53 - 2019-08-31 20:32 - 000000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Studio Code 2021-02-12 13:46 - 2020-10-11 16:05 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task 2021-02-12 13:19 - 2018-02-13 02:57 - 000000000 ____D C:\Users\user\AppData\Local\Packages 2021-02-11 17:14 - 2019-08-27 18:53 - 000000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Corporation 2021-02-11 10:05 - 2018-02-13 03:46 - 000000000 ____D C:\Users\user\AppData\Local\PlaceholderTileLogoFolder 2021-02-11 09:47 - 2020-06-20 00:56 - 000000000 ____D C:\Users\user\AppData\Roaming\obs-studio 2021-02-10 18:50 - 2018-02-19 19:09 - 000000000 ____D C:\Users\user\AppData\Local\CrashDumps 2021-02-10 18:18 - 2018-02-12 18:25 - 000000000 ____D C:\MSI 2021-02-10 18:17 - 2018-02-21 17:02 - 000000000 ____D C:\Users\user\AppData\Roaming\MSI 2021-02-10 14:14 - 2020-07-30 15:37 - 005142864 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2021-02-10 14:13 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2021-02-10 14:13 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords 2021-02-10 14:13 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources 2021-02-10 14:13 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2021-02-10 14:13 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Keywords 2021-02-10 14:13 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX 2021-02-10 14:13 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2021-02-10 14:13 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2021-02-10 14:13 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\System 2021-02-10 14:13 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\servicing 2021-02-10 12:54 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-02-10 12:48 - 2018-02-13 12:37 - 000000000 ____D C:\WINDOWS\system32\MRT 2021-02-10 12:45 - 2018-02-13 12:37 - 130141752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2021-02-10 10:02 - 2018-03-07 18:34 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2021-02-09 01:12 - 2018-02-18 00:18 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-02-06 17:43 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2021-02-06 17:29 - 2020-07-30 15:45 - 000004308 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-02-06 17:29 - 2020-07-30 15:45 - 000004106 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-02-06 17:29 - 2020-07-30 15:45 - 000003976 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-02-06 17:29 - 2020-07-30 15:45 - 000003940 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-02-06 17:29 - 2020-07-30 15:45 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-02-06 17:29 - 2020-07-30 15:45 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-02-06 17:29 - 2020-07-30 15:45 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-02-06 17:29 - 2020-07-30 15:45 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-02-06 17:29 - 2018-02-12 18:23 - 000000000 ____D C:\ProgramData\NVIDIA Corporation 2021-02-06 17:28 - 2020-07-30 15:45 - 000003894 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-02-06 17:28 - 2020-07-30 15:45 - 000003654 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-02-06 17:28 - 2018-02-12 18:25 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2021-02-06 17:28 - 2018-02-12 18:22 - 000000000 ____D C:\Program Files\NVIDIA Corporation 2021-02-05 20:14 - 2020-07-30 15:45 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2021-02-05 20:14 - 2020-07-30 15:45 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2021-02-05 12:13 - 2020-05-23 22:27 - 000000000 ____D C:\Program Files (x86)\Internet Download Manager 2021-02-05 10:35 - 2018-02-17 14:21 - 000000000 ____D C:\Users\user\AppData\Local\WhatsApp 2021-02-05 10:35 - 2018-02-17 14:21 - 000000000 ____D C:\Users\user\AppData\Local\SquirrelTemp 2021-02-05 10:01 - 2020-07-30 15:45 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2021-02-05 10:01 - 2020-07-30 15:45 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2021-02-03 20:22 - 2020-12-07 20:27 - 000000000 ____D C:\Users\user\AppData\LocalLow\Mozilla 2021-02-03 18:12 - 2020-05-23 22:28 - 000000000 ____D C:\Users\user\AppData\Roaming\IDM 2021-02-03 18:12 - 2020-05-23 22:27 - 000001082 _____ C:\Users\user\Desktop\Internet Download Manager.lnk 2021-02-03 18:12 - 2020-05-23 22:27 - 000000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager 2021-02-03 12:03 - 2020-12-07 20:27 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2021-02-01 17:47 - 2020-06-10 13:53 - 000001928 _____ C:\Users\user\Desktop\Zoom.lnk 2021-02-01 17:47 - 2020-06-10 13:52 - 000000000 ____D C:\Users\user\AppData\Roaming\Zoom 2021-02-01 14:24 - 2020-10-05 17:35 - 000192168 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll 2021-02-01 14:24 - 2020-10-05 17:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit 2021-02-01 14:24 - 2020-10-05 17:35 - 000000000 ____D C:\Program Files\Java 2021-01-31 18:02 - 2020-12-07 20:27 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2021-01-31 17:44 - 2020-12-07 20:27 - 000000000 ____D C:\ProgramData\Mozilla 2021-01-31 14:51 - 2018-02-13 12:11 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2021-01-30 22:35 - 2019-12-26 21:45 - 000001510 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver & Support Assistant.lnk 2021-01-30 22:35 - 2018-02-13 12:01 - 000000000 ____D C:\Program Files (x86)\Intel 2021-01-30 22:35 - 2018-02-12 18:24 - 000000000 ____D C:\ProgramData\Package Cache 2021-01-30 00:35 - 2018-02-13 02:57 - 000000000 ____D C:\Users\user\AppData\Roaming\Adobe 2021-01-29 08:16 - 2020-10-06 16:01 - 000002198 _____ C:\Users\user\Desktop\Slack.lnk 2021-01-29 08:16 - 2020-10-06 16:01 - 000000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies Inc 2021-01-29 08:16 - 2020-10-06 16:01 - 000000000 ____D C:\Users\user\AppData\Local\slack 2021-01-27 15:56 - 2020-12-22 00:39 - 000138068 _____ C:\Users\user\Documents\CV.pdf 2021-01-27 14:20 - 2018-03-04 17:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google 2021-01-27 13:17 - 2018-06-07 23:39 - 002797808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll 2021-01-27 13:17 - 2018-06-07 23:39 - 002154224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll 2021-01-27 13:17 - 2018-06-07 23:39 - 001295088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll 2021-01-26 14:48 - 2021-01-11 17:26 - 000000000 ____D C:\Users\user\Desktop\practice 2021-01-25 05:38 - 2020-12-23 23:29 - 000070896 _____ C:\WINDOWS\system32\FvSDK_x64.dll 2021-01-25 05:38 - 2020-12-23 23:29 - 000059632 _____ C:\WINDOWS\SysWOW64\FvSDK_x86.dll 2021-01-24 21:20 - 2018-02-23 23:02 - 000000000 ____D C:\Users\user\AppData\Roaming\uTorrent 2021-01-23 01:43 - 2018-02-12 18:27 - 000000000 ____D C:\Users\user\AppData\Local\NVIDIA 2021-01-22 16:01 - 2018-02-13 12:32 - 000799104 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2021-01-21 18:59 - 2020-08-22 03:57 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2021-01-21 18:59 - 2020-08-22 03:57 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk 2021-01-21 18:59 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2021-01-21 18:58 - 2019-07-07 19:44 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2021-01-21 18:33 - 2020-07-31 02:26 - 000000000 ____D C:\Program Files (x86)\MSBuild 2021-01-17 19:52 - 2018-07-08 03:25 - 000000000 ____D C:\Users\user\AppData\Roaming\Origin 2021-01-17 18:46 - 2018-02-18 00:14 - 000000000 ____D C:\Users\user\AppData\Local\Origin 2021-01-17 18:46 - 2018-02-18 00:14 - 000000000 ____D C:\ProgramData\Origin ==================== Files in the root of some directories ======== 2020-03-10 09:27 - 2020-11-29 20:35 - 000000254 _____ () C:\ProgramData\fontcacheev1.dat 2021-02-13 18:30 - 2021-02-13 18:35 - 000000078 _____ () C:\Users\user\AppData\Roaming\.flutter 2021-02-13 19:52 - 2021-02-13 19:52 - 000000025 _____ () C:\Users\user\AppData\Roaming\.flutter_settings 2021-02-13 18:29 - 2021-02-13 20:17 - 000000125 _____ () C:\Users\user\AppData\Roaming\.flutter_tool_state 2021-02-15 13:57 - 2021-02-03 21:20 - 000409152 ___SH () C:\Users\user\AppData\Roaming\Microsoft\VScan.exe 2020-11-26 19:09 - 2020-11-26 19:09 - 000000000 _____ () C:\Users\user\AppData\Local\Driver_LOM_8161Present.flag 2020-04-06 19:12 - 2021-01-13 22:54 - 000000410 _____ () C:\Users\user\AppData\Local\oobelibMkey.log 2018-06-20 00:12 - 2021-02-14 14:44 - 000007612 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg 2018-03-05 23:21 - 2018-03-05 23:29 - 000000130 _____ () C:\Users\user\AppData\Local\uts.ini ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== Addition.txt Link to post Share on other sites More sharing options...
Solution kevinf80 Posted February 16, 2021 Solution ID:1438989 Share Posted February 16, 2021 Hiya Vordead, Thanks for those logs, continue: Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.NOTE. It's important that both files, FRST or FRSTEnglish, and fixlist.txt are in the same location or the fix will not work.NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.Note: If the tool warned you about an outdated version please download and run the updated version.NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. The system will be rebooted after the fix has run. Next, Download "Microsoft's Safety Scanner" and save direct to the desktop Ensure to get the correct version for your system....https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Right click on the Tool, select Run as Administrator the tool will expand to the options Window In the "Scan Type" window, select Quick Scan Perform a scan and Click Finish when the scan is done. Retrieve the MSRT log as follows, and post it in your next reply: 1) Select the Windows key and R key together to open the "Run" function 2) Type or Copy/Paste the following command to the "Run Line" and Press Enter: notepad c:\windows\debug\msert.log The log will include log details for each time MSRT has run, we only need the most recent log by date and time.... Let me see those logs in your reply.. Thank you, Kevin.. fixlist.txt Link to post Share on other sites More sharing options...
Vordead Posted February 16, 2021 Author ID:1439180 Share Posted February 16, 2021 Note: The issue was fixed after I used Farbar Recovery Scan tool Fix button Thank You so much! I would definitely consider donating when PayPal becomes available in my country! --------------------------------------------------------------------------------------- Microsoft Safety Scanner v1.0, (build 1.331.1151.0) Started On Tue Feb 16 21:59:09 2021 ->Scan ERROR: resource process://pid:124,ProcessStart:132579777766122245 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:488,ProcessStart:132579778229162552 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:676,ProcessStart:132579778255135347 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:768,ProcessStart:132579778264466165 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:776,ProcessStart:132579778264506805 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:840,ProcessStart:132579778265303141 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:2792,ProcessStart:132579778274839555 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:4092,ProcessStart:132579778285137737 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:4572,ProcessStart:132579778286231668 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:7512,ProcessStart:132579778322189197 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:8896,ProcessStart:132579778345631098 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:11260,ProcessStart:132579778402031625 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:8364,ProcessStart:132579778503511729 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:21116,ProcessStart:132579779761965435 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:21456,ProcessStart:132579779768073688 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:20556,ProcessStart:132579779768862009 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:24536,ProcessStart:132579789303430363 (code 0x0000012B (299)) ->Scan ERROR: resource process://pid:7512,ProcessStart:132579778322189197 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:11260,ProcessStart:132579778402031625 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:4572,ProcessStart:132579778286231668 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:8364,ProcessStart:132579778503511729 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:21116,ProcessStart:132579779761965435 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:20556,ProcessStart:132579779768862009 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:8896,ProcessStart:132579778345631098 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:4092,ProcessStart:132579778285137737 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:21456,ProcessStart:132579779768073688 (code 0x00000005 (5)) ->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000021 (33)) ->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000021 (33)) ->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000021 (33)) ->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000021 (33)) ->Scan ERROR: resource file://C:\swapfile.sys (code 0x00000021 (33)) ->Scan ERROR: resource file://C:\swapfile.sys (code 0x00000021 (33)) ->Scan ERROR: resource process://pid:4572,ProcessStart:132579778286231668 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:4092,ProcessStart:132579778285137737 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:4572,ProcessStart:132579778286231668 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:4092,ProcessStart:132579778285137737 (code 0x00000005 (5)) Results Summary: ---------------- No infection found. Microsoft Safety Scanner Finished On Tue Feb 16 22:03:59 2021 Return code: 0 (0x0) Fixlog.txt Link to post Share on other sites More sharing options...
kevinf80 Posted February 16, 2021 ID:1439184 Share Posted February 16, 2021 Hiya Vordead, Thanks for those logs, good to hear your problem is solved. If no more issues continue to clean up: Right click on FRST here: C:\Users\stuar\Downloads\FRST-OlderVersion\FRST.exe or FRST64.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator" If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST or FRST64 to uninstall That action will remove FRST and all created files and folders... Next, Condsider the following: Malwarebytes Browser Guard (Free) for Firefox: https://addons.mozilla.org/en-GB/firefox/addon/malwarebytes/ Malwarebytes Browser Guard (Free) for Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee PatchMyPC, keep all your software upto date - https://patchmypc.com/home-updater#download From there you should be good to go... Next, Read the following links to fully understand PC Security and Best Practices, you may find them useful....Answers to Common Security Questions and best PracticesDo I need a Registry Cleaner? Take care and surf safe Kevin... Link to post Share on other sites More sharing options...
Vordead Posted February 16, 2021 Author ID:1439202 Share Posted February 16, 2021 Much appreciated, will read everything, Thank you! Link to post Share on other sites More sharing options...
kevinf80 Posted February 16, 2021 ID:1439222 Share Posted February 16, 2021 You`re very welcome, it was a pleasure to work with you.... 1 Link to post Share on other sites More sharing options...
kevinf80 Posted February 17, 2021 ID:1439344 Share Posted February 17, 2021 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you 1 Link to post Share on other sites More sharing options...
Recommended Posts