Login

Register

Login

Register

Someone hijacked my computer – Virus, Trojan, Spyware, and Malware Removal Help | #firefox | #chrome | #microsoftedge | #cybersecurity | #infosecurity | #hacker


Thank you @axe0

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-08-2021

Ran by denni (administrator) on DESKTOP-1QS383H (11-08-2021 09:50:52)

Running from C:UsersdenniDownloads

Loaded Profiles: denni

Platform: Windows 10 Pro Version 20H2 19042.1110 (X64) Language: English (United States)

Default browser: FF

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc. -> Apple Inc.) C:Program FilesBlizzardBonjour ServicemDNSResponder.exe

(AVB Disc Soft, SIA -> Disc Soft Ltd) C:Program FilesDAEMON Tools LiteDiscSoftBusServiceLite.exe

(AVB Disc Soft, SIA -> Disc Soft Ltd) C:Program FilesDAEMON Tools LiteDTShellHlp.exe

(Blizzard Entertainment, Inc. -> Blizzard Entertainment) C:ProgramDataBattle.netAgentAgent.7380Agent.exe

(Blizzard Entertainment, Inc. -> Blizzard Entertainment) E:Battle.netBattle.net.exe <3>

(Electronic Arts, Inc. -> Electronic Arts) C:Program Files (x86)OriginOriginWebHelperService.exe

(Even Balance, Inc. -> ) C:WindowsSysWOW64PnkBstrA.exe

(Global Media (Thailand) Co., Ltd -> Global Media (Thailand) Co., Ltd) C:Program Files (x86)MaskVPNmask_svc.exe

(Google LLC -> Google LLC) C:UsersdenniAppDataLocalGoogleChromeApplicationchrome.exe <16>

(Google LLC -> Google LLC) C:UsersdenniAppDataLocalGoogleUpdate1.3.36.102GoogleCrashHandler.exe

(Google LLC -> Google LLC) C:UsersdenniAppDataLocalGoogleUpdate1.3.36.102GoogleCrashHandler64.exe

(Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.549981C3F5F10_3.2106.14307.0_x64__8wekyb3d8bbweCortana.exe

(Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.WindowsStore_12105.1001.23.0_x64__8wekyb3d8bbweWinStore.App.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32dllhost.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32smartscreen.exe

(Microsoft Windows Publisher -> Microsoft Corporation) C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2107.4-0MsMpEng.exe

(Microsoft Windows Publisher -> Microsoft Corporation) C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2107.4-0NisSrv.exe

(NVIDIA Corporation -> Node.js) C:Program Files (x86)NVIDIA CorporationNvNodeNVIDIA Web Helper.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe <3>

(NVIDIA Corporation -> NVIDIA Corporation) C:Program FilesNVIDIA CorporationNVIDIA GeForce ExperienceNVIDIA Share.exe <3>

(NVIDIA Corporation -> NVIDIA Corporation) C:Program FilesNVIDIA CorporationShadowPlaynvsphelper64.exe

(Nvidia Corporation -> NVIDIA Corporation) C:WindowsSystem32DriverStoreFileRepositorynv_dispi.inf_amd64_5d5c294bb8d17217Display.NvContainerNVDisplay.Container.exe <2>

(Oracle America, Inc. -> Oracle Corporation) C:Program Files (x86)Common FilesJavaJava Updatejusched.exe

(Overwolf Ltd -> Overwolf LTD) C:Program Files (x86)Common FilesOverwolf .174.87.16OverwolfHelper.exe

(Overwolf Ltd -> Overwolf LTD) C:Program Files (x86)Common FilesOverwolf .174.87.16OverwolfHelper64.exe

(Overwolf Ltd -> Overwolf LTD) C:Program Files (x86)Overwolf .174.87.16OverwolfBrowser.exe <3>

(Overwolf Ltd -> Overwolf LTD) C:Program Files (x86)Overwolfold_28717_Overwolf.exe

(Overwolf Ltd -> Overwolf LTD) C:UsersdenniAppDataLocalOverwolfProcessCache .174.87.16cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbjcurseforge.exe

(Parsec Cloud, Inc. -> Parsec) C:Program FilesParsecparsecd.exe

(Parsec Cloud, Inc. -> Parsec) C:Program FilesParsecpservice.exe

(ProtonVPN AG -> ) C:Program Files (x86)Proton TechnologiesProtonVPNProtonVPNService.exe

(Realtek Semiconductor Corp -> Realtek Semiconductor) C:Program FilesRealtekAudioHDARtkNGUI64.exe

(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:Program Files (x86)TeamViewerTeamViewer_Service.exe

(Valve -> Valve Corporation) C:Program Files (x86)Common FilesSteamSteamService.exe

(Valve -> Valve Corporation) C:Program Files (x86)Steambincefcef.win7x64steamwebhelper.exe <7>

(Valve -> Valve Corporation) C:Program Files (x86)Steamsteam.exe

(Weather app) [File not signed] C:UsersdenniAppDataRoamingWeatherWeather.exe <8>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM…Run: [RTHDVCPL] => C:Program FilesRealtekAudioHDARtkNGUI64.exe [8822528 2016-05-26] (Realtek Semiconductor Corp -> Realtek Semiconductor)

HKLM-x32…Run: [SunJavaUpdateSched] => C:Program Files (x86)Common FilesJavaJava Updatejusched.exe [706680 2020-09-17] (Oracle America, Inc. -> Oracle Corporation)

HKLM-x32…Run: [Weather] => C:UsersdenniAppDataRoamingWeatherWeather.exe [134373676 2021-06-02] (Weather app) [File not signed]

HKUS-1-5-21-386562958-4221920933-1689164847-1003…Run: [Steam] => C:Program Files (x86)Steamsteam.exe [4110568 2021-07-20] (Valve -> Valve Corporation)

HKUS-1-5-21-386562958-4221920933-1689164847-1003…Run: [Discord] => C:UsersdenniAppDataLocalDiscordUpdate.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)

HKUS-1-5-21-386562958-4221920933-1689164847-1003…Run: [Gaijin.Net Updater] => C:UsersdenniAppDataLocalGaijinProgram Files (x86)NetAgentgjagent.exe [2374376 2020-12-03] (Gaijin Network LTD -> Gaijin)

HKUS-1-5-21-386562958-4221920933-1689164847-1003…Run: [Google Update] => C:UsersdenniAppDataLocalGoogleUpdate1.3.36.102GoogleUpdateCore.exe [223816 2021-08-04] (Google LLC -> Google LLC)

HKUS-1-5-21-386562958-4221920933-1689164847-1003…Run: [Skype for Desktop] => C:Program Files (x86)MicrosoftSkype for DesktopSkype.exe [91503464 2019-12-13] (Skype Software Sarl -> Skype Technologies S.A.)

HKUS-1-5-21-386562958-4221920933-1689164847-1003…Run: [DAEMON Tools Lite Automount] => C:Program FilesDAEMON Tools LiteDTAgent.exe [365160 2020-03-20] (AVB Disc Soft, SIA -> Disc Soft Ltd)

HKUS-1-5-21-386562958-4221920933-1689164847-1003…Run: [EpicGamesLauncher] => E:epicEpic GamesLauncherPortalBinariesWin64EpicGamesLauncher.exe [32762440 2021-01-08] (Epic Games Inc. -> Epic Games, Inc.)

HKUS-1-5-21-386562958-4221920933-1689164847-1003…Run: [Battle.net] => E:Battle.netBattle.net.exe [1079184 2021-07-28] (Blizzard Entertainment, Inc. -> Blizzard Entertainment)

HKUS-1-5-21-386562958-4221920933-1689164847-1003…Run: [Overwolf] => C:Program Files (x86)OverwolfOverwolfLauncher.exe [1807192 2021-08-08] (Overwolf Ltd -> Overwolf Ltd.)

HKUS-1-5-21-386562958-4221920933-1689164847-1003…Run: [] => [X]

HKUS-1-5-21-386562958-4221920933-1689164847-1003…Run: [Parsec.App.0] => C:Program FilesParsecparsecd.exe [430272 2021-07-11] (Parsec Cloud, Inc. -> Parsec)

GroupPolicy: Restriction ? <==== ATTENTION

Policies: C:ProgramDataNTUSER.pol: Restriction <==== ATTENTION

HKLMSOFTWAREPoliciesMozillaFirefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {031B3115-6819-4A6D-8FC6-4109D82DF3B0} – System32TasksNVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNVIDIA GeForce ExperienceNVIDIA GeForce Experience.exe [3339120 2021-06-15] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {2A5B3519-6BD3-4CDC-95E8-6D345677549A} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Verification => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2107.4-0MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {2D53FD43-5C4E-4725-B91C-BC91440D159A} – System32TasksOverwolf Updater Task => C:Program Files (x86)OverwolfOverwolfUpdater.exe [2479960 2021-08-08] (Overwolf Ltd -> Overwolf LTD)

Task: {423E2457-C126-4BDB-9D37-0F6010ED0A09} – System32TasksGoogleUpdateTaskUserS-1-5-21-386562958-4221920933-1689164847-1003Core => C:UsersdenniAppDataLocalGoogleUpdateGoogleUpdate.exe [155432 2019-10-31] (Google Inc -> Google LLC)

Task: {446CD6E7-3E89-4FEB-A819-6C0F518E13F5} – System32TasksMSIAfterburner => C:Program Files (x86)MSI AfterburnerMSIAfterburner.exe [770344 2019-03-05] (MICRO-STAR INTERNATIONAL CO., LTD. -> )

Task: {52E32CEF-B4F6-408F-9CFE-21DFE1B2FC70} – System32TasksMozillaFirefox Default Browser Agent 308046B0AF4A39CB => C:Program FilesMozilla Firefoxdefault-browser-agent.exe [673720 2021-08-10] (Mozilla Corporation -> Mozilla Foundation)

Task: {621A2766-CB69-4298-8FC7-52378A16AD11} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Cache Maintenance => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2107.4-0MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {658CA339-4912-4AB5-B01A-BC70F3181E3D} – System32TasksNvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program Files (x86)NVIDIA CorporationNvNodenvnodejslauncher.exe [645488 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {66913D11-BBBF-4C9D-9CDE-2F83D80C248A} – System32TasksNvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {6F2D32C0-531D-463A-95E6-3922793931E0} – System32TasksNvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d “C:Program FilesNVIDIA CorporationNvBackendNvBatteryBoostCheck” -l 3 -f C:ProgramDataNVIDIANvContainerBatteryBoostCheck.log

Task: {706CA9E4-A5F6-4226-BE14-F739CBA59680} – System32TasksNvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationUpdate CoreNvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {769C891E-3AF8-4708-B7ED-BA3D3369E7C9} – System32TasksGoogleUpdateTaskUserS-1-5-21-386562958-4221920933-1689164847-1003UA => C:UsersdenniAppDataLocalGoogleUpdateGoogleUpdate.exe [155432 2019-10-31] (Google Inc -> Google LLC)

Task: {8F2FD62A-1F0D-469B-B0DF-7D1108A8E972} – System32TasksNvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {A6DA6F7D-D3D7-4F05-97BD-8CDC1AF2816B} – System32TasksNvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {A6ED19D0-1D27-4566-8A92-EDA6A51124AA} – System32TasksNvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {A7ABC1B5-7960-4624-9E2E-86E445215B39} – System32TasksNvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationUpdate CoreNvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {CEE0D4DE-76CC-4BC7-852E-EF43FFB7F640} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Cleanup => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2107.4-0MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {E9E482EE-B25C-4903-9D4C-C4DBB9980A10} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Scheduled Scan => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2107.4-0MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {EC22D84D-503B-4B9B-BA3C-981075F37512} – System32TasksMicrosoftWindowsremplshell => C:Program Filesremplsedlauncher.exe

Task: {F0493898-BA1F-40FF-A2A2-D3C41E192CAC} – System32TasksNvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d “C:Program FilesNVIDIA CorporationNvDriverUpdateCheck” -l 3 -f C:ProgramDataNVIDIANvContainerDriverUpdateCheck.log

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

TcpipParameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

Tcpip..Interfaces{0ccadc94-dd99-4420-9581-98dad5f52396}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Edge:

=======

Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsAutoFormFill [not found]

Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsBookViewer [not found]

Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsLearningTools [not found]

Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsPinJSAPI [not found]

Edge Profile: C:UsersdenniAppDataLocalMicrosoftEdgeUser DataDefault [2021-08-11]

FireFox:

========

FF DefaultProfile: 4gp7c00q.default

FF ProfilePath: C:UsersdenniAppDataRoamingMozillaFirefoxProfiles4gp7c00q.default [2021-08-11]

FF Notifications: MozillaFirefoxProfiles4gp7c00q.default -> hxxps://www.smashladder.com; hxxps://freebitco.in

FF Extension: (AdBlocker Ultimate) – C:UsersdenniAppDataRoamingMozillaFirefoxProfiles4gp7c00q.defaultExtensionsadblockultimate@adblockultimate.net.xpi [2021-07-26]

FF Extension: (Ghostery – Privacy Ad Blocker) – C:UsersdenniAppDataRoamingMozillaFirefoxProfiles4gp7c00q.defaultExtensionsfirefox@ghostery.com.xpi [2021-06-29]

FF Extension: (AdBlocker for YouTube) – C:UsersdenniAppDataRoamingMozillaFirefoxProfiles4gp7c00q.defaultExtensionsjid1-q4sG8pYhq8KGHs@jetpack.xpi [2021-05-17]

FF Extension: (YouTube NonStop) – C:UsersdenniAppDataRoamingMozillaFirefoxProfiles4gp7c00q.defaultExtensions{0d7cafdd-501c-49ca-8ebb-e3341caaa55e}.xpi [2021-03-12]

FF Extension: (Live Recorder) – C:UsersdenniAppDataRoamingMozillaFirefoxProfiles4gp7c00q.defaultExtensions{36da9617-69e6-45b2-a495-ac5d07168ccd}.xpi [2020-09-12]

FF Extension: (Web Scrobbler) – C:UsersdenniAppDataRoamingMozillaFirefoxProfiles4gp7c00q.defaultExtensions{799c0914-748b-41df-a25c-22d008f9e83f}.xpi [2021-07-26]

FF Extension: (Hive Keychain) – C:UsersdenniAppDataRoamingMozillaFirefoxProfiles4gp7c00q.defaultExtensions{b6bd7e35-0762-42a2-a283-95a94635047d}.xpi [2021-07-31]

FF Plugin: @java.com/DTPlugin,version=11.271.2 -> C:Program FilesJavajre1.8.0_271bindtpluginnpDeployJava1.dll [2020-10-26] (Oracle America, Inc. -> Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.271.2 -> C:Program FilesJavajre1.8.0_271binplugin2npjp2.dll [2020-10-26] (Oracle America, Inc. -> Oracle Corporation)

Chrome:

=======

CHR Profile: C:UsersdenniAppDataLocalGoogleChromeUser DataDefault [2021-08-11]

CHR Extension: (Slides) – C:UsersdenniAppDataLocalGoogleChromeUser DataDefaultExtensionsaapocclcgogkmnckokdopfmhonfmgoek [2019-10-31]

CHR Extension: (Docs) – C:UsersdenniAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake [2019-10-31]

CHR Extension: (Google Drive) – C:UsersdenniAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf [2020-10-25]

CHR Extension: (YouTube) – C:UsersdenniAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [2019-10-31]

CHR Extension: (Sheets) – C:UsersdenniAppDataLocalGoogleChromeUser DataDefaultExtensionsfelcaaldnbdncclmgdcncolpebgiejap [2019-10-31]

CHR Extension: (Google Docs Offline) – C:UsersdenniAppDataLocalGoogleChromeUser DataDefaultExtensionsghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-04]

CHR Extension: (Chrome Web Store Payments) – C:UsersdenniAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [2021-04-28]

CHR Extension: (Gmail) – C:UsersdenniAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia [2020-10-25]

CHR Extension: (Chrome Media Router) – C:UsersdenniAppDataLocalGoogleChromeUser DataDefaultExtensionspkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-08-08]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:Program Files (x86)Common FilesBattlEyeBEService.exe [8912272 2021-07-29] (BattlEye Innovations e.K. -> )

R2 Bonjour Service; C:Program FilesBlizzardBonjour ServicemDNSResponder.exe [390504 2020-09-21] (Apple Inc. -> Apple Inc.)

R3 Disc Soft Lite Bus Service; C:Program FilesDAEMON Tools LiteDiscSoftBusServiceLite.exe [4506728 2020-03-20] (AVB Disc Soft, SIA -> Disc Soft Ltd)

S3 EasyAntiCheat; C:Program Files (x86)EasyAntiCheatEasyAntiCheat.exe [818304 2020-12-03] (EasyAntiCheat Oy -> Epic Games, Inc)

S3 EasyAntiCheat_EOS; C:Program Files (x86)EasyAntiCheat_EOSEasyAntiCheat_EOS.exe [595888 2021-08-05] (EasyAntiCheat Oy -> Epic Games, Inc.)

R2 MaskVPNService; C:Program Files (x86)MaskVPNmask_svc.exe [7493560 2020-08-06] (Global Media (Thailand) Co., Ltd -> Global Media (Thailand) Co., Ltd)

S3 MBAMService; C:Program FilesMalwarebytesAnti-MalwareMBAMService.exe [7477704 2021-08-05] (Malwarebytes Inc -> Malwarebytes)

S3 Origin Client Service; C:Program Files (x86)OriginOriginClientService.exe [2556048 2021-06-22] (Electronic Arts, Inc. -> Electronic Arts)

R2 Origin Web Helper Service; C:Program Files (x86)OriginOriginWebHelperService.exe [3474584 2021-06-22] (Electronic Arts, Inc. -> Electronic Arts)

S3 OverwolfUpdater; C:Program Files (x86)OverwolfOverwolfUpdater.exe [2479960 2021-08-08] (Overwolf Ltd -> Overwolf LTD)

R2 Parsec; C:Program FilesParsecpservice.exe [395968 2021-07-11] (Parsec Cloud, Inc. -> Parsec)

R2 PnkBstrA; C:WINDOWSSysWOW64PnkBstrA.exe [76888 2019-06-01] (Even Balance, Inc. -> )

R2 ProtonVPN Service; C:Program Files (x86)Proton TechnologiesProtonVPNProtonVPNService.exe [97080 2019-08-12] (ProtonVPN AG -> )

S3 Rockstar Service; E:LauncherRockstarService.exe [1934744 2021-07-03] (Rockstar Games, Inc. -> Rockstar Games)

S3 Sense; C:Program FilesWindows Defender Advanced Threat ProtectionMsSense.exe [5395384 2021-07-18] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 TeamViewer; C:Program Files (x86)TeamViewerTeamViewer_Service.exe [13216272 2020-03-20] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

R3 WdNisSvc; C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2107.4-0NisSrv.exe [2727416 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 WinDefend; C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2107.4-0MsMpEng.exe [136656 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 NVDisplay.ContainerLocalSystem; C:WINDOWSSystem32DriverStoreFileRepositorynv_dispi.inf_amd64_5d5c294bb8d17217Display.NvContainerNVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%NVIDIANVDisplay.ContainerLocalSystem.log -l 3 -d C:WINDOWSSystem32DriverStoreFileRepositorynv_dispi.inf_amd64_5d5c294bb8d17217Display.NvContainerpluginsLocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystemLocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:WINDOWSSystem32driversBthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]

S3 dg_ssudbus; C:WINDOWSsystem32DRIVERSssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)

R3 dtlitescsibus; C:WINDOWSSystem32driversdtlitescsibus.sys [42256 2020-03-20] (AVB Disc Soft, SIA -> Disc Soft Ltd)

R3 dtliteusbbus; C:WINDOWSSystem32driversdtliteusbbus.sys [59360 2020-03-20] (AVB Disc Soft, SIA -> Disc Soft Ltd)

S0 MbamElam; C:WINDOWSSystem32DRIVERSMbamElam.sys [19912 2021-01-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)

S3 MBAMSwissArmy; C:WINDOWSSystem32Driversmbamswissarmy.sys [248992 2021-08-05] (Malwarebytes Inc -> Malwarebytes)

S3 ProtonVPNSplitTunnelCalloutDriver; C:Program Files (x86)Proton TechnologiesProtonVPNResources64-bitwin10ProtonVPNSplitTunnelCalloutDriver.Sys [48664 2019-07-02] (Microsoft Windows Hardware Compatibility Publisher -> )

S3 ssudmdm; C:WINDOWSsystem32DRIVERSssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)

R3 SteamStreamingMicrophone; C:WINDOWSsystem32driversSteamStreamingMicrophone.sys [40736 2017-07-28] (Valve Corp. -> )

R3 SteamStreamingSpeakers; C:WINDOWSsystem32driversSteamStreamingSpeakers.sys [40736 2017-07-21] (Valve Corp. -> )

R3 tap0901; C:WINDOWSSystem32driverstap0901.sys [27136 2018-08-29] (OpenVPN Technologies, Inc. -> The OpenVPN Project)

R3 tapprotonvpn; C:WINDOWSSystem32driverstapprotonvpn.sys [44976 2019-07-02] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)

R3 ViGEmBus; C:WINDOWSSystem32driversViGEmBus.sys [53128 2018-01-19] (Microsoft Windows Hardware Compatibility Publisher -> Benjamin Höglinger-Stelzer)

S3 vjoy; C:WINDOWSSystem32driversvjoy.sys [44784 2015-05-05] (Shaul Eizikovich -> Shaul Eizikovich)

S0 WdBoot; C:WINDOWSSystem32driverswdWdBoot.sys [49568 2021-08-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

R0 WdFilter; C:WINDOWSSystem32driverswdWdFilter.sys [434424 2021-08-04] (Microsoft Windows -> Microsoft Corporation)

R3 WdNisDrv; C:WINDOWSSystem32driverswdWdNisDrv.sys [78072 2021-08-04] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-08-11 09:50 – 2021-08-11 09:51 – 000023067 _____ C:UsersdenniDownloadsFRST.txt

2021-08-11 09:48 – 2021-08-11 09:51 – 000000000 ____D C:FRST

2021-08-11 09:46 – 2021-08-11 09:46 – 002300416 _____ (Farbar) C:UsersdenniDownloadsFRST64.exe

2021-08-11 09:45 – 2021-08-11 09:45 – 000003142 _____ C:WINDOWSsystem32TasksMSIAfterburner

2021-08-11 00:07 – 2021-08-11 00:07 – 000000000 ___HD C:$WinREAgent

2021-08-10 17:03 – 2021-08-10 17:03 – 000000000 ____D C:WINDOWSsystem32TasksMozilla

2021-08-10 11:57 – 2021-08-10 17:03 – 000000000 ____D C:Program FilesMozilla Firefox

2021-08-09 20:04 – 2021-08-09 20:04 – 003499136 _____ C:UsersdenniDesktopass2323332

2021-08-08 02:19 – 2021-08-08 23:38 – 000000201 _____ C:UsersdenniDesktopreshade.txt

2021-08-06 02:02 – 2021-08-06 02:02 – 000000000 ____D C:UsersdenniAppDataLocalTaskManClient

2021-08-06 02:01 – 2021-08-06 02:01 – 000000000 ____D C:UsersdenniAppDataLocalBack4BloodBeta

2021-08-06 02:01 – 2021-08-06 02:01 – 000000000 ____D C:Program Files (x86)EasyAntiCheat_EOS

2021-08-06 01:37 – 2021-08-06 01:37 – 001995028 _____ C:UsersdenniDownloadsass2234

2021-08-06 01:09 – 2021-08-06 01:09 – 003038248 _____ (crosire) C:UsersdenniDesktopReShade_Setup_4.9.1.exe

2021-08-05 14:15 – 2021-08-05 14:15 – 000000000 ____D C:WINDOWSLastGood

2021-08-05 14:06 – 2021-07-13 12:07 – 001858664 _____ C:WINDOWSsystem32vulkaninfo-1-999-0-0-0.exe

2021-08-05 14:06 – 2021-07-13 12:07 – 001858664 _____ C:WINDOWSsystem32vulkaninfo.exe

2021-08-05 14:06 – 2021-07-13 12:07 – 001438824 _____ C:WINDOWSSysWOW64vulkaninfo-1-999-0-0-0.exe

2021-08-05 14:06 – 2021-07-13 12:07 – 001438824 _____ C:WINDOWSSysWOW64vulkaninfo.exe

2021-08-05 14:06 – 2021-07-13 12:07 – 001097856 _____ C:WINDOWSsystem32vulkan-1-999-0-0-0.dll

2021-08-05 14:06 – 2021-07-13 12:07 – 001097856 _____ C:WINDOWSsystem32vulkan-1.dll

2021-08-05 14:06 – 2021-07-13 12:07 – 000951936 _____ C:WINDOWSSysWOW64vulkan-1-999-0-0-0.dll

2021-08-05 14:06 – 2021-07-13 12:07 – 000951936 _____ C:WINDOWSSysWOW64vulkan-1.dll

2021-08-05 14:06 – 2021-07-13 12:06 – 001474704 _____ (Khronos Group) C:WINDOWSsystem32OpenCL.dll

2021-08-05 14:06 – 2021-07-13 12:06 – 001212560 _____ (Khronos Group) C:WINDOWSSysWOW64OpenCL.dll

2021-08-05 14:06 – 2021-07-13 12:02 – 001520776 _____ (NVIDIA Corporation) C:WINDOWSsystem32NvIFR64.dll

2021-08-05 14:06 – 2021-07-13 12:02 – 000716912 _____ C:WINDOWSsystem32nvofapi64.dll

2021-08-05 14:06 – 2021-07-13 12:02 – 000676480 _____ (NVIDIA Corporation) C:WINDOWSsystem32NvIFROpenGL.dll

2021-08-05 14:06 – 2021-07-13 12:02 – 000645232 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvml.dll

2021-08-05 14:06 – 2021-07-13 12:02 – 000577152 _____ C:WINDOWSSysWOW64nvofapi.dll

2021-08-05 14:06 – 2021-07-13 12:02 – 000564352 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64NvIFROpenGL.dll

2021-08-05 14:06 – 2021-07-13 12:01 – 002112128 _____ (NVIDIA Corporation) C:WINDOWSsystem32NvFBC64.dll

2021-08-05 14:06 – 2021-07-13 12:01 – 001595520 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64NvFBC.dll

2021-08-05 14:06 – 2021-07-13 12:01 – 001171072 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64NvIFR.dll

2021-08-05 14:06 – 2021-07-13 12:01 – 000919168 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvEncodeAPI64.dll

2021-08-05 14:06 – 2021-07-13 12:01 – 000750208 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64nvEncodeAPI.dll

2021-08-05 14:06 – 2021-07-13 12:01 – 000706176 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvidia-smi.exe

2021-08-05 14:06 – 2021-07-13 12:00 – 008854144 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvcuvid.dll

2021-08-05 14:06 – 2021-07-13 12:00 – 007920768 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64nvcuvid.dll

2021-08-05 14:06 – 2021-07-13 12:00 – 005680760 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvcpl.dll

2021-08-05 14:06 – 2021-07-13 12:00 – 004987520 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64nvcuda.dll

2021-08-05 14:06 – 2021-07-13 12:00 – 002925696 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvcuda.dll

2021-08-05 14:06 – 2021-07-13 12:00 – 000447104 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvdebugdump.exe

2021-08-05 14:06 – 2021-07-13 11:59 – 000849008 _____ (NVIDIA Corporation) C:WINDOWSsystem32MCU.exe

2021-08-05 14:06 – 2021-07-13 11:57 – 006215792 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64nvapi.dll

2021-08-05 14:06 – 2021-07-12 06:32 – 000083062 _____ C:WINDOWSsystem32nvinfo.pb

2021-08-05 13:45 – 2021-08-05 13:45 – 008553680 _____ (Malwarebytes) C:UsersdenniDownloadsadwcleaner_8.3.0.exe

2021-08-05 13:26 – 2021-08-05 13:26 – 000248992 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbamswissarmy.sys

2021-08-05 13:25 – 2021-08-05 13:25 – 002120496 _____ (Malwarebytes) C:UsersdenniDesktopMBSetup.exe

2021-08-05 13:21 – 2021-08-05 13:21 – 000000000 ____D C:WINDOWSPanther

2021-08-05 12:55 – 2021-08-05 12:56 – 000001870 _____ C:UsersdenniDesktopRkill.txt

2021-08-05 12:55 – 2021-08-05 12:55 – 000988112 _____ (Bleeping Computer, LLC) C:UsersdenniDownloadsrkill64.exe

2021-07-31 13:35 – 2021-08-10 19:21 – 000000000 ____D C:Program FilesStreamlabs OBS

2021-07-31 13:35 – 2021-07-31 13:35 – 000001964 _____ C:UsersPublicDesktopStreamlabs OBS.lnk

2021-07-31 13:32 – 2021-07-31 13:32 – 191642920 _____ (General Workings, Inc.) C:UsersdenniDesktopStreamlabs+OBS+Setup+1.3.2-TX8ho1yLwyV3PcF.exe

2021-07-30 23:34 – 2021-07-30 23:34 – 018581488 _____ C:UsersdenniDesktopDAT Texture Wizard – v6.1.2 (x64).zip

2021-07-30 23:28 – 2021-07-30 23:28 – 000244410 _____ C:UsersdenniDesktopGoth-Peach-e58336ee.zip

2021-07-30 15:39 – 2021-07-30 15:39 – 000000000 ____D C:UsersdenniAppDataLocalslippi-launcher-updater

2021-07-30 01:19 – 2021-07-30 23:36 – 000000000 ____D C:UsersdenniDesktopStreaming

2021-07-29 21:40 – 2021-07-29 21:40 – 000415616 _____ C:UsersdenniDesktopPSDs-Paranormal-k9cn06.zip

2021-07-29 21:39 – 2021-07-29 21:40 – 333165174 _____ C:UsersdenniDesktopParanormal-Stream-Package-tq4tat.zip

2021-07-18 19:15 – 2021-07-18 19:15 – 001823280 _____ (Microsoft Corporation) C:WINDOWSsystem32winload.efi

2021-07-18 19:15 – 2021-07-18 19:15 – 000011357 _____ C:WINDOWSsystem32DrtmAuthTxt.wim

2021-07-18 19:15 – 2021-07-18 19:15 – 000007680 _____ (Microsoft Corporation) C:WINDOWSSysWOW64MsraLegacy.tlb

2021-07-18 19:15 – 2021-07-18 19:15 – 000007680 _____ (Microsoft Corporation) C:WINDOWSsystem32MsraLegacy.tlb

2021-07-18 19:15 – 2021-07-18 19:15 – 000006656 _____ (Microsoft Corporation) C:WINDOWSSysWOW64rendezvousSession.tlb

2021-07-18 19:15 – 2021-07-18 19:15 – 000006656 _____ (Microsoft Corporation) C:WINDOWSsystem32rendezvousSession.tlb

2021-07-18 10:34 – 2021-07-18 10:34 – 001405890 _____ C:UsersdenniDownloadswestballs

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-08-11 09:50 – 2019-04-19 17:29 – 000000000 ____D C:Program Files (x86)Steam

2021-08-11 09:47 – 2019-04-12 15:57 – 000000000 ____D C:ProgramDataNVIDIA

2021-08-11 09:46 – 2021-05-19 03:26 – 000000000 ____D C:Program Files (x86)Overwolf

2021-08-11 09:46 – 2019-10-02 01:40 – 000000000 ____D C:UsersdenniAppDataLocalBattle.net

2021-08-11 09:45 – 2021-05-19 03:26 – 000002172 _____ C:UsersdenniDesktopCurseForge.lnk

2021-08-11 09:45 – 2020-10-13 12:24 – 000000000 ____D C:UsersdenniAppDataLocalOverwolf

2021-08-11 05:30 – 2021-04-16 04:25 – 000000000 ____D C:Usersdenni

2021-08-11 05:30 – 2019-12-07 04:14 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft

2021-08-11 05:30 – 2019-04-20 22:21 – 000000000 ____D C:UsersdenniAppDataRoamingDiscord

2021-08-11 05:23 – 2019-04-20 22:21 – 000000000 ____D C:UsersdenniAppDataLocalDiscord

2021-08-10 21:15 – 2020-07-08 21:55 – 000000000 ____D C:UsersdenniAppDataRoamingslobs-client

2021-08-10 21:15 – 2019-04-22 22:30 – 000000000 ____D C:UsersdenniAppDataLocalCrashDumps

2021-08-10 21:11 – 2020-07-14 22:56 – 000000000 ____D C:UsersdenniDocumentsSlippi

2021-08-10 19:31 – 2019-04-12 16:05 – 000000000 ____D C:ProgramDataMozilla

2021-08-10 19:30 – 2019-04-19 17:02 – 000000000 ____D C:UsersdenniAppDataLocalLowMozilla

2021-08-10 17:03 – 2019-04-12 16:05 – 000001005 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsFirefox.lnk

2021-08-10 17:03 – 2019-04-12 16:05 – 000000000 ____D C:Program Files (x86)Mozilla Maintenance Service

2021-08-10 00:08 – 2020-09-14 11:20 – 000000000 ____D C:UsersdenniDesktopSonic 1.3

2021-08-09 22:46 – 2021-05-26 19:28 – 000000000 ____D C:UsersdenniDesktopsonic again

2021-08-09 16:40 – 2019-12-07 04:14 – 000000000 ____D C:WINDOWSAppReadiness

2021-08-09 00:27 – 2019-12-07 04:14 – 000000000 ___HD C:Program FilesWindowsApps

2021-08-08 13:22 – 2021-04-16 04:31 – 000003378 _____ C:WINDOWSsystem32TasksOneDrive Standalone Update Task-S-1-5-21-386562958-4221920933-1689164847-1003

2021-08-08 13:22 – 2021-04-16 04:25 – 000002379 _____ C:UsersdenniAppDataRoamingMicrosoftWindowsStart MenuProgramsOneDrive.lnk

2021-08-08 13:22 – 2019-04-19 15:53 – 000000000 ___RD C:UsersdenniOneDrive

2021-08-08 11:20 – 2020-11-08 19:53 – 000000000 ____D C:UsersdenniDesktopReason cool noises

2021-08-08 10:35 – 2019-04-25 14:26 – 000000000 ____D C:UsersdenniAppDataLocalD3DSCache

2021-08-08 01:54 – 2019-12-07 04:14 – 000000000 ____D C:WINDOWSLiveKernelReports

2021-08-08 01:54 – 2019-12-07 04:13 – 000000000 ____D C:WINDOWSINF

2021-08-08 00:56 – 2020-01-05 20:09 – 000000000 ____D C:UsersdenniAppDataLocalDayZ Launcher

2021-08-08 00:39 – 2020-02-13 23:42 – 000000000 ____D C:UsersdenniAppDataLocalDayZ

2021-08-07 09:26 – 2020-07-16 02:05 – 000002438 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Edge.lnk

2021-08-06 02:25 – 2019-05-24 22:27 – 000000000 ____D C:UsersdenniAppDataLocalFiveM

2021-08-06 02:01 – 2020-05-03 20:05 – 000000000 ____D C:UsersdenniAppDataRoamingEasyAntiCheat

2021-08-06 00:14 – 2020-09-30 17:15 – 000000000 ____D C:Program FilesMicrosoft Update Health Tools

2021-08-05 17:15 – 2019-10-31 09:08 – 000002498 _____ C:UsersdenniAppDataRoamingMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk

2021-08-05 14:16 – 2021-03-01 13:59 – 000000000 ____D C:UsersdenniAppDataLocalNVIDIA

2021-08-05 14:14 – 2019-04-12 15:57 – 000000000 ____D C:ProgramDataNVIDIA Corporation

2021-08-05 13:28 – 2021-04-16 04:34 – 000840598 _____ C:WINDOWSsystem32PerfStringBackup.INI

2021-08-05 13:26 – 2021-01-08 17:41 – 000002021 _____ C:UsersPublicDesktopMalwarebytes.lnk

2021-08-05 13:26 – 2020-11-05 15:34 – 000002033 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes.lnk

2021-08-05 13:26 – 2019-08-20 01:21 – 000199128 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbae64.sys

2021-08-05 13:21 – 2021-04-16 04:31 – 000000006 ____H C:WINDOWSTasksSA.DAT

2021-08-05 13:21 – 2021-04-16 04:24 – 000008192 ___SH C:DumpStack.log.tmp

2021-08-05 13:21 – 2020-04-05 02:04 – 000000000 ____D C:Program Files (x86)TeamViewer

2021-08-05 13:21 – 2019-12-07 04:03 – 000786432 _____ C:WINDOWSsystem32configBBI

2021-08-04 16:10 – 2021-04-16 04:31 – 000003680 _____ C:WINDOWSsystem32TasksGoogleUpdateTaskUserS-1-5-21-386562958-4221920933-1689164847-1003UA

2021-08-04 16:10 – 2021-04-16 04:31 – 000003412 _____ C:WINDOWSsystem32TasksGoogleUpdateTaskUserS-1-5-21-386562958-4221920933-1689164847-1003Core

2021-08-04 13:25 – 2019-04-12 17:44 – 000000000 ____D C:WINDOWSsystem32Driverswd

2021-08-01 23:21 – 2021-04-26 00:10 – 000003386 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskMachineCore1d732a2ff880397

2021-08-01 23:21 – 2021-04-16 04:31 – 000003480 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskMachineUA

2021-07-31 13:35 – 2020-07-08 21:55 – 000001976 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsStreamlabs OBS.lnk

2021-07-30 15:40 – 2020-06-23 07:12 – 000000000 ____D C:UsersdenniAppDataRoamingSlippi Launcher

2021-07-30 15:39 – 2020-06-23 07:12 – 000000000 ____D C:UsersdenniAppDataRoamingSlippi Desktop App

2021-07-30 15:39 – 2020-06-23 07:12 – 000000000 ____D C:Program FilesSlippi Launcher

2021-07-30 15:38 – 2019-04-20 22:49 – 000000000 ____D C:UsersdenniDesktopFM-v5.9-Slippi-r18-Win

2021-07-30 02:47 – 2021-01-08 17:25 – 000001272 _____ C:UsersdenniDesktopESET Online Scanner.lnk

2021-07-30 02:47 – 2019-10-19 19:40 – 000001378 _____ C:UsersdenniAppDataRoamingMicrosoftWindowsStart MenuProgramsESET Online Scanner.lnk

2021-07-30 02:44 – 2021-04-16 04:24 – 000000000 ____D C:WINDOWSsystem32SleepStudy

2021-07-29 14:21 – 2020-10-14 13:33 – 000000000 ____D C:Program FilesJava

2021-07-24 13:30 – 2020-12-20 20:03 – 000000000 ____D C:UsersdenniDesktopImportant

2021-07-18 23:56 – 2021-04-16 04:24 – 000266816 _____ C:WINDOWSsystem32FNTCACHE.DAT

2021-07-18 23:56 – 2019-12-07 04:54 – 000000000 ____D C:Program FilesWindows Defender Advanced Threat Protection

2021-07-18 23:56 – 2019-12-07 04:14 – 000000000 ____D C:WINDOWSSystemResources

2021-07-18 23:56 – 2019-12-07 04:14 – 000000000 ____D C:WINDOWSsystem32WinBioPlugIns

2021-07-18 23:56 – 2019-12-07 04:14 – 000000000 ____D C:WINDOWSbcastdvr

2021-07-18 23:56 – 2019-12-07 04:14 – 000000000 ____D C:Program FilesCommon FilesSystem

2021-07-18 19:16 – 2019-12-07 04:03 – 000000000 ____D C:WINDOWSCbsTemp

2021-07-18 19:15 – 2015-03-04 20:46 – 000414038 __RSH C:bootmgr

2021-07-18 19:08 – 2019-06-03 04:31 – 000000000 ____D C:Program FilesParsec

2021-07-16 09:45 – 2020-09-30 17:15 – 000486712 _____ (Microsoft Corporation) C:WINDOWSsystem32QualityUpdateAssistant.dll

2021-07-16 09:45 – 2020-02-18 18:53 – 000740152 _____ (Microsoft Corporation) C:WINDOWSsystem32sedplugins.dll

2021-07-16 00:50 – 2019-04-12 16:20 – 000000000 ____D C:WINDOWSsystem32MRT

2021-07-16 00:46 – 2019-04-12 16:20 – 133422552 ____C (Microsoft Corporation) C:WINDOWSsystem32MRT.exe

2021-07-13 11:57 – 2021-04-16 10:22 – 007280312 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvapi64.dll

==================== Files in the root of some directories ========

2020-05-03 09:50 – 2020-05-03 09:50 – 001065984 _____ () C:UsersdenniAppDataLocalfile__0.localstorage

2020-04-11 19:58 – 2020-04-11 19:58 – 000000993 _____ () C:UsersdenniAppDataLocalFM-v5.9-Slippi-r18-Win – Shortcut.lnk

2020-05-03 19:36 – 2020-05-03 19:36 – 000007605 _____ () C:UsersdenniAppDataLocalResmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-08-2021

Ran by denni (11-08-2021 09:52:38)

Running from C:UsersdenniDownloads

Windows 10 Pro Version 20H2 19042.1110 (X64) (2021-04-16 09:31:54)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-386562958-4221920933-1689164847-500 – Administrator – Disabled)

DefaultAccount (S-1-5-21-386562958-4221920933-1689164847-503 – Limited – Disabled)

denni (S-1-5-21-386562958-4221920933-1689164847-1003 – Administrator – Enabled) => C:Usersdenni

Guest (S-1-5-21-386562958-4221920933-1689164847-501 – Limited – Disabled)

Ohlso (S-1-5-21-386562958-4221920933-1689164847-1001 – Administrator – Enabled) => C:UsersOhlso

rose2 (S-1-5-21-386562958-4221920933-1689164847-1002 – Limited – Disabled)

WDAGUtilityAccount (S-1-5-21-386562958-4221920933-1689164847-504 – Limited – Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM…7-Zip) (Version: 19.00 – Igor Pavlov)

Advanced BAT to EXE Converter v4.11 (HKLM-x32…Advanced BAT to EXE Converter v4.11) (Version:  – )

Apex Legends (HKLM-x32…{D7FBF176-382D-484E-863A-DFD1124A2A1C}) (Version: 1.0.3.1 – Electronic Arts, Inc.)

AutoHotkey 1.1.33.02 (HKLM…AutoHotkey) (Version: 1.1.33.02 – Lexikos)

Battle.net (HKLM-x32…Battle.net) (Version:  – Blizzard Entertainment)

Br Wser ver. 1065 version 1.65 (HKLM-x32…Br Wser ver. 1065_is1) (Version: 1.65 – Networks of IN log Company)

Burning Crusade Classic (HKLM-x32…Burning Crusade Classic) (Version:  – Blizzard Entertainment)

CPUID HWMonitor 1.41 (HKLM…CPUID HWMonitor_is1) (Version: 1.41 – CPUID, Inc.)

CurseForge (HKUS-1-5-21-386562958-4221920933-1689164847-1003…Overwolf_cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj) (Version: 0.180.1.2 – Overwolf app)

DAEMON Tools Lite (HKLM…DAEMON Tools Lite) (Version: 10.12.0.1152 – Disc Soft Ltd)

Discord (HKUS-1-5-21-386562958-4221920933-1689164847-1003…Discord) (Version: 0.0.309 – Discord Inc.)

DZSALauncher version 0.0.4.8 (HKLM-x32…DZSALauncher_is1) (Version: 0.0.4.8 – Maca134)

Ecency 3.0.11 (HKUS-1-5-21-386562958-4221920933-1689164847-1003…f4cdf94b-3105-5392-819f-dbc6483c637d) (Version: 3.0.11 – Ecency)

Enlisted Launcher 1.0.3.52 (HKUS-1-5-21-386562958-4221920933-1689164847-1003…{5fcad5a5-d0d8-4edf-a5ba-040b397eac31}}_is1) (Version:  – Gaijin Network)

Epic Games Launcher (HKLM-x32…{1D4EB18B-0FEE-444E-B4D1-6F2CFBC363E6}) (Version: 1.1.267.0 – Epic Games, Inc.)

Epic Games Launcher Prerequisites (x64) (HKLM…{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 – Epic Games, Inc.) Hidden

FileZilla Client 3.42.1 (HKUS-1-5-21-386562958-4221920933-1689164847-1003…FileZilla Client) (Version: 3.42.1 – Tim Kosse)

Fire Pro Wrestling World Fighting Road Champion Road Beyond (HKLM-x32…Fire Pro Wrestling World Fighting Road Champion ~BEAB44F4_is1) (Version:  – )

FiveM (HKUS-1-5-21-386562958-4221920933-1689164847-1003…CitizenFX_FiveM) (Version:  – Cfx.re)

Genshin Impact (HKLM…Genshin Impact Beta) (Version: 2.3.3.0 – miHoYo Co.,Ltd)

Google Chrome (HKUS-1-5-21-386562958-4221920933-1689164847-1003…Google Chrome) (Version: 92.0.4515.131 – Google LLC)

Grand Theft Auto San Andreas-HOODLUM version 1.0 (HKLM-x32…Grand Theft Auto San Andreas-HOODLUM_is1) (Version: 1.0 – )

Grand Theft Auto V (HKLM-x32…{5EFC6C07-6B87-43FC-9524-F9E967241741}) (Version: “1.0.0.10” – Rockstar Games)

Heaven Benchmark version 4.0 (HKLM-x32…Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 – Unigine Corp.)

HitmanPro 3.8 (HKLM…HitmanPro38) (Version: 3.8.20.314 – SurfRight B.V.)

Intel® Wireless Bluetooth® (HKLM-x32…{00001010-0210-1033-84C8-B8D95FA3C8C3}) (Version: 21.10.1.1 – Intel Corporation)

Java 8 Update 271 (64-bit) (HKLM…{26A24AE4-039D-4CA4-87B4-2F64180271F0}) (Version: 8.0.2710.9 – Oracle Corporation)

JoyToKey version 6.5 (HKLM-x32…{EBF21C82-423E-49FD-BCBD-88C08397CB44}_is1) (Version: 6.5 – JTK software)

Launcher Prerequisites (x64) (HKLM-x32…{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 – Epic Games, Inc.) Hidden

League of Legends (HKLM-x32…League of Legends 1.0) (Version: 1.0 – Riot Games, Inc)

Malwarebytes version 4.4.4.126 (HKLM…{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.4.126 – Malwarebytes)

MaskVPN (HKLM-x32…{4A4ACF2E-4A98-4D18-80E3-5A5E5706F81E}_is1) (Version: 1.1.0.31 – Global Media (Thailand) Co., Ltd)

Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32…{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 – Microsoft Corporation)

Microsoft Edge (HKLM-x32…Microsoft Edge) (Version: 92.0.902.67 – Microsoft Corporation)

Microsoft OneDrive (HKUS-1-5-21-386562958-4221920933-1689164847-1001…OneDriveSetup.exe) (Version: 19.043.0304.0007 – Microsoft Corporation)

Microsoft OneDrive (HKUS-1-5-21-386562958-4221920933-1689164847-1003…OneDriveSetup.exe) (Version: 21.139.0711.0001 – Microsoft Corporation)

Microsoft Update Health Tools (HKLM…{852D8FE5-BC66-4061-B1C4-CADF51E5B27D}) (Version: 2.82.0.0 – Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable – x64 9.0.30729.4148 (HKLM…{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 – Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable – x64 9.0.30729.6161 (HKLM…{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 – Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.4148 (HKLM-x32…{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 – Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.6161 (HKLM-x32…{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 – Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable – 10.0.40219 (HKLM…{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 – Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable – 10.0.40219 (HKLM-x32…{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 – Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) – 11.0.61030 (HKLM-x32…{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 – Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) – 11.0.61030 (HKLM-x32…{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 – Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.30501 (HKLM-x32…{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 – Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) – 12.0.30501 (HKLM-x32…{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 – Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x64) – 14.28.29913 (HKLM-x32…{855e31d2-9031-46e1-b06d-c9d7777deefb}) (Version: 14.28.29913.0 – Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x86) – 14.28.29334 (HKLM-x32…{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 – Microsoft Corporation)

Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32…{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 – Microsoft Corporation)

mk v1.53.666 (HKLM-x32…WeriseTweaker.exe_is1) (Version: 1.53.0.666 – )

M’Overlay version 1.6.5 (HKLM…M’Overlay_is1) (Version: 1.6.5 – Bkacjios)

Mozilla Firefox (x64 en-US) (HKLM…Mozilla Firefox 91.0 (x64 en-US)) (Version: 91.0 – Mozilla)

Mozilla Maintenance Service (HKLM…MozillaMaintenanceService) (Version: 66.0.3 – Mozilla)

MSI Afterburner 4.6.0 (HKLM-x32…Afterburner) (Version: 4.6.0 – MSI Co., LTD)

NVIDIA FrameView SDK 1.1.4923.29968894 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29968894 – NVIDIA Corporation)

NVIDIA GeForce Experience 3.23.0.74 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.23.0.74 – NVIDIA Corporation)

NVIDIA Graphics Driver 471.41 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 471.41 – NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.38.60 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.60 – NVIDIA Corporation)

NVIDIA PhysX System Software 9.19.0218 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 – NVIDIA Corporation)

OpenAL (HKLM-x32…OpenAL) (Version:  – )

OpenIV (HKUS-1-5-21-386562958-4221920933-1689164847-1003…OpenIV) (Version: 3.1.1032 – .black/OpenIV Team)

Origin (HKLM-x32…Origin) (Version: 10.5.101.48500 – Electronic Arts, Inc.)

Overwolf (HKLM-x32…Overwolf) (Version: 0.176.87.27 – Overwolf Ltd.)

Parsec (HKLM-x32…Parsec) (Version:  – Parsec Cloud Inc.)

Path of Building Community (HKUS-1-5-21-386562958-4221920933-1689164847-1003…Path of Building Community) (Version: 1.4.170.8 – Path of Building Community)

PoE Overlay (HKUS-1-5-21-386562958-4221920933-1689164847-1003…Overwolf_cijcjjcjilpooaeppicpfibopeefaglkefjaeofl) (Version: 1.0.11 – Overwolf app)

Project64 version 2.3.2.202 (HKLM-x32…{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1) (Version: 2.3.2.202 – )

ProtonVPN (HKLM-x32…{8725D84B-70EA-468D-A8F3-D175DA616B52}) (Version: 1.10.1 – ProtonVPN AG) Hidden

ProtonVPN (HKLM-x32…ProtonVPN 1.10.1) (Version: 1.10.1 – ProtonVPN AG)

ProtonVPNTap (HKLM-x32…{C23BCE3A-FD25-48BA-948E-2CE94576F983}) (Version: 1.0.1 – ProtonVPN AG)

PunkBuster Services (HKLM-x32…PunkBusterSvc) (Version: 0.992 – Even Balance, Inc.)

Qcma (HKLM…Qcma) (Version: 0.4.1 – codestation)

RAGE Multiplayer (HKLM-x32…RAGE Multiplayer) (Version:  – RAGE Multiplayer Team)

Realtek High Definition Audio Driver (HKLM-x32…{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7831 – Realtek Semiconductor Corp.)

Reason 5.0 (HKLM-x32…Reason5_is1) (Version: 5.0 – Propellerhead Software AB)

RivaTuner Statistics Server 7.2.1 (HKLM-x32…RTSS) (Version: 7.2.1 – Unwinder)

Roblox Player for denni (HKUS-1-5-21-386562958-4221920933-1689164847-1003…roblox-player) (Version:  – Roblox Corporation)

Rockstar Games Launcher (HKLM-x32…Rockstar Games Launcher) (Version: 1.0.42.369 – Rockstar Games)

Rockstar Games Social Club (HKLM-x32…Rockstar Games Social Club) (Version: 2.0.8.5 – Rockstar Games)

Screenleap (HKLM-x32…{3BEF84FF-3678-4ED0-83E1-12CFD5DD8778}) (Version: 14.2.6.0 – Screenleap, Inc.)

Skype version 8.55 (HKLM-x32…Skype_is1) (Version: 8.55 – Skype Technologies S.A.)

Slippi Launcher 2.0.3 (HKLM…6864321e-78ac-5f45-8ec5-314da299c62f) (Version: 2.0.3 – Jas Laferriere)

Speccy (HKLM…Speccy) (Version: 1.32 – Piriform)

StarCraft (HKLM-x32…StarCraft) (Version:  – Blizzard Entertainment)

Steam (HKLM-x32…Steam) (Version: 2.10.91.91 – Valve Corporation)

Streamlabs OBS 1.3.2 (HKLM…



Original Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


Ads

NATIONAL CYBER SECURITY RADIO

Ads

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW