Please help-infected with Malware

Status
Not open for further replies.

ghu2a34

New Member
Thread author
May 11, 2021
6
Hello good day,
I have found myself infected with some sort of malware. It presents my running bing searches for any item I search in google chrome. I have noticed a weird extension added to google chrome and despite my attempts to remove it once my computer is restarted it closes chrome while I am using it and appears again in extensions. It appears under the name "xAskHelp" (copied direct from google chrome extensions window). Let me post some of the additional data found in "details"

"Permissions
  • Manage your apps, extensions, and themes"


    "Source
    Unpacked extension
    Loaded from: C:\ProgramData\Sekbst\Tuqz\4432A5BD"

    please note I found this folder it was hidden and deleted all the files within during the next restart the extension re-appeared and created a new source folder Sekbst.....

    i have tried malwarebytes it cannot even find the virus/malware please help.
 

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,425
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Ensure that you are in an Administrator Account
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
[img=[URL]http://deeprybka.trojaner-board.de/eset/eng/attachlogs.png[/URL]]

Attach the file(s). A 2 Steps process.
Reply to this topic.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach. <- Step 1.
Click Attach this file. <- Step 2.
Click the Add reply button.

Please post the logs for my review.

Wait for further instructions

p.s.
The Farbar program is updated often.
If it's identified as suspicious by your Anti-Virus program trust it if Downloaded from the link I provided.
You should restore the program from the Quarantine folder.
====
 
  • Like
Reactions: Nevi and upnorth

ghu2a34

New Member
Thread author
May 11, 2021
6
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-05-2021
Ran by bring (administrator) on DESKTOP-DSJCIS2 (MSI MS-7752) (13-05-2021 15:59:15)
Running from D:\Chrome Downloads\frst64
Loaded Profiles: bring
Platform: Windows 10 Pro Version 20H2 19042.985 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe <2>
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(Electronic Arts, Inc. -> Electronic Arts) D:\Program Files (x86)\Origin\OriginWebHelperService.exe
(F.lux Software LLC -> f.lux Software LLC) C:\Users\bring\AppData\Local\FluxSoftware\Flux\flux.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <11>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.52.13001.0_x64__8wekyb3d8bbwe\GamingServices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.52.13001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.985_none_e72c6fe7263b0fe4\TiWorker.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.10-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.10-0\NisSrv.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <3>
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a494df49ba2f9f36\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7194840 2013-07-26] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Focusrite Notifier] => C:\Program Files\Focusriteusb\Focusrite Notifier.exe [5029376 2020-06-02] (Focusrite Audio Engineering, Ltd.) [File not signed]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2429153621-234642561-3579324590-1001\...\Run: [Steam] => D:\Program Files (x86)\Steam\steam.exe [4087528 2021-04-12] (Valve -> Valve Corporation)
HKU\S-1-5-21-2429153621-234642561-3579324590-1001\...\Run: [Discord] => C:\Users\bring\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-2429153621-234642561-3579324590-1001\...\Run: [f.lux] => C:\Users\bring\AppData\Local\FluxSoftware\Flux\flux.exe [1511824 2021-02-04] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-2429153621-234642561-3579324590-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5536424 2021-04-20] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-2429153621-234642561-3579324590-1001\...\Run: [com.squirrel.splice.Splice] => C:\Users\bring\AppData\Local\splice\app-3.6.94170\Splice.exe [83318784 2021-05-02] (Splice) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\90.0.4430.212\Installer\chrmstp.exe [2021-05-10] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {006CB8B0-0B69-4173-9C22-C3D578887FC8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.10-0\MpCmdRun.exe [591160 2021-05-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {04A06AAC-E389-4DB6-917C-12CB9BD6539B} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {075A32EF-9327-4B2F-BB25-0A176189E998} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-09-28] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {1058B329-C487-4561-9E93-AE6A8B5328F6} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [645488 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {35A41008-0753-4917-A8A8-31924079B2CC} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3F27A515-9C53-4B91-8EE1-A93698AC27EC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.10-0\MpCmdRun.exe [591160 2021-05-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {47359B58-F261-41FD-AF70-E708D98F702A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.10-0\MpCmdRun.exe [591160 2021-05-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4F465907-996D-4F65-8B25-A3C0000AAC00} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-26] (Adobe Inc. -> Adobe Inc.)
Task: {6A748765-BEB7-4739-9EF0-970193B1907B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-05-22] (Google LLC -> Google LLC)
Task: {A6F176BC-9E4F-4347-9E91-9981BA8FFED4} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905584 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {AD7B83C6-EA9A-4A60-AE92-D59EC297E0E8} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {AE573026-63DC-4801-8288-3BD5A9FBE62D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-05-22] (Google LLC -> Google LLC)
Task: {C9DA3100-820D-4413-A485-DB472AD820D1} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3336560 2021-04-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D58B0200-1B35-4A53-93F4-87E7E58AE84D} - System32\Tasks\Microsoft\Windows\ExploitGuard\cmiadtdim => C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe [65440 2019-12-07] (Microsoft Corporation -> Microsoft Corporation) -> /unregister /nologo C:\Users\bring\AppData\Local\BitsPrep\AsjsSobrce\Winpogs_Medxnfi.dll
Task: {DEF278E8-170F-4091-AE7A-7C47A6DC9794} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-09-28] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {F4FC3AE2-337D-4CD0-8200-03A916BE1B40} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905584 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F78960BE-21E2-481C-87D6-E9DDE349E3AA} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 200.1.104.35 200.1.104.36
Tcpip\..\Interfaces\{e876780f-f16d-44c9-adc0-66781daa9a4e}: [DhcpNameServer] 200.1.104.35 200.1.104.36

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\bring\AppData\Local\Microsoft\Edge\User Data\Default [2021-05-13]
Edge Extension: (xAskHelp) - C:\ProgramData\Sekbst\Gbzmx\4432A5BD [2021-05-13]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-04-20] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\bring\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-05-13]
CHR HomePage: Profile 1 -> hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBEQo0lOCwIxrzs2Rcb6iYzH5XEFX-HAz-jXAXZ8ivMbXbDApnjWC1w6s1wWM2ybrSNeQ28tQjfFwa-ZFxpxp4qi0881KifiyD4FALaxSmAk_z_yvKFChZfJ1h8N0Qd4N0O92dbjCiw4QK19pN2kx40Ffx6dB4jb-kAhADD3z7XMFwiozJcrKqwxLNNtak,
CHR StartupUrls: Profile 1 -> "hxxps://www.google.tt/?gws_rd=cr,ssl&ei=wvatU4CpBcTmywPb5oK4AQ"
CHR DefaultSearchURL: Profile 1 -> hxxps://www.gstatic.com/youtube/img/branding/favicon/favicon_144x144.png
CHR Extension: (Slides) - C:\Users\bring\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-05-22]
CHR Extension: (YouTube) - C:\Users\bring\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\agimnkijcaahngcdmfeangaknmldooml [2021-05-10]
CHR Extension: (Night Eye - Dark mode on any website) - C:\Users\bring\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\alncdjedloppbablonallfbkeiknmkdi [2021-04-30]
CHR Extension: (Docs) - C:\Users\bring\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2020-05-22]
CHR Extension: (Google Drive) - C:\Users\bring\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-25]
CHR Extension: (Turn Off the Lights) - C:\Users\bring\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2021-04-01]
CHR Extension: (YouTube) - C:\Users\bring\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-05-22]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\bring\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-01-29]
CHR Extension: (Tampermonkey) - C:\Users\bring\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2021-03-26]
CHR Extension: (Chameleon) - C:\Users\bring\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dmpojjilddefgnhiicjcmhbkjgbbclob [2020-05-22]
CHR Extension: (Sheets) - C:\Users\bring\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-05-22]
CHR Extension: (Google Docs Offline) - C:\Users\bring\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-05-13]
CHR Extension: (Youtube Video Downloader) - C:\Users\bring\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gjndphdopaigpbbhdlgphjgfccacnbja [2020-08-04]
CHR Extension: (Hola Free VPN Proxy Unblocker - Best VPN) - C:\Users\bring\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2021-05-13]
CHR Extension: (Looper for YouTube) - C:\Users\bring\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iggpfpnahkgpnindfkdncknoldgnccdg [2021-04-23]
CHR Extension: (Grammarly for Chrome) - C:\Users\bring\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-05-09]
CHR Extension: (DotVPN — a Better way to VPN) - C:\Users\bring\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kpiecbcckbofpmkkkdibbllpinceiihk [2020-05-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\bring\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\bring\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\bring\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-23]
CHR Extension: (xAskHelp) - C:\ProgramData\Sekbst\Gbzmx [2021-05-13]
CHR Profile: C:\Users\bring\AppData\Local\Google\Chrome\User Data\System Profile [2020-05-22]

Opera:
=======
OPR Profile: C:\Users\bring\AppData\Roaming\Opera Software\Opera Stable [2020-05-26]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-26] (Adobe Inc. -> Adobe Inc.)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [409456 2021-03-30] (NVIDIA Corporation -> NVIDIA)
S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2546776 2021-04-22] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; D:\Program Files (x86)\Origin\OriginWebHelperService.exe [3486808 2021-04-22] (Electronic Arts, Inc. -> Electronic Arts)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5393288 2021-05-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13147152 2020-08-19] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.10-0\NisSrv.exe [2599312 2021-05-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.10-0\MsMpEng.exe [128376 2021-05-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 NIHostIntegrationAgent; C:\Program Files\Common Files\Native Instruments\Hardware\NIHostIntegrationAgent.exe [X]
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a494df49ba2f9f36\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a494df49ba2f9f36\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bomebus; C:\WINDOWS\System32\drivers\bomebus.sys [56376 2018-05-16] (Bome Software GmbH & Co.KG -> Bome Software GmbH & Co. KG)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 FocusritePCIeSwRoot; C:\WINDOWS\System32\drivers\FocusritePCIeSwRoot.sys [97480 2016-11-16] (Focusrite Audio Engineering Ltd. -> Focusrite Audio Engineering Ltd.)
R3 Focusriteusb; C:\WINDOWS\System32\drivers\Focusriteusb.sys [123456 2020-06-02] (WDKTestCert builds,132265248139626354 -> Focusrite Audio Engineering Ltd.)
R3 FocusriteusbSwRoot; C:\WINDOWS\System32\drivers\FocusriteusbSwRoot.sys [92568 2020-06-02] (WDKTestCert builds,132265248139626354 -> Focusrite Audio Engineering Ltd.)
R3 Focusriteusb_AUDIO; C:\WINDOWS\system32\drivers\FocusriteusbAudio.sys [87912 2020-06-02] (WDKTestCert builds,132265248139626354 -> Focusrite Audio Engineering Ltd.)
R3 mt7612US; C:\WINDOWS\System32\drivers\mt7612US.sys [377864 2015-12-09] (Windows Central Build Account - X -> MediaTek Inc.)
S3 rzbtendpt; C:\WINDOWS\System32\drivers\rzbtendpt.sys [52240 2016-10-30] (Razer USA Ltd. -> Razer Inc)
S3 rzdaendpt; C:\WINDOWS\System32\drivers\rzdaendpt.sys [42000 2016-10-30] (Razer USA Ltd. -> Razer Inc)
R3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [52240 2016-10-30] (Razer USA Ltd. -> Razer Inc)
S3 rzhnet; C:\WINDOWS\System32\Drivers\rzhnet.sys [29712 2016-10-30] (Razer USA Ltd. -> Razer Inc)
S3 rzjstk; C:\WINDOWS\System32\drivers\rzjstk.sys [36376 2016-10-30] (Razer USA Ltd. -> Razer Inc)
S3 rzkeypadendpt; C:\WINDOWS\System32\drivers\rzkeypadendpt.sys [45592 2016-10-30] (Razer USA Ltd. -> Razer Inc)
S3 rzmpos; C:\WINDOWS\System32\drivers\rzmpos.sys [48144 2016-10-30] (Razer USA Ltd. -> Razer Inc)
S3 rzp1endpt; C:\WINDOWS\System32\drivers\rzp1endpt.sys [52240 2016-10-30] (Razer USA Ltd. -> Razer Inc)
S3 rzvkeyboard; C:\WINDOWS\System32\drivers\rzvkeyboard.sys [44048 2016-10-30] (Razer USA Ltd. -> Razer Inc)
S3 rzvmouse; C:\WINDOWS\System32\drivers\rzvmouse.sys [44048 2016-10-30] (Razer USA Ltd. -> Razer Inc)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64872 2019-09-26] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [41008 2021-02-04] (McAfee, LLC. -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-05-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [421112 2021-05-10] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [73960 2021-05-10] (Microsoft Windows -> Microsoft Corporation)
R1 WinRing0_1_2_0; C:\Program Files (x86)\EVGA\WinRing0\WinRing0x64.sys [14536 2020-05-22] (EVGA -> OpenLibSys.org)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-13 15:57 - 2021-05-13 15:59 - 000000000 ____D C:\FRST
2021-05-13 15:46 - 2021-05-13 15:46 - 000000000 ___HD C:\ProgramData\Sekbst
2021-05-13 15:36 - 2021-05-13 15:36 - 000000798 _____ C:\Users\bring\Desktop\AppCleaner.lnk
2021-05-13 15:36 - 2021-05-13 15:36 - 000000000 ____D C:\Users\bring\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppCleaner
2021-05-12 00:48 - 2021-05-12 01:47 - 000000000 ____D C:\ProgramData\AVG
2021-05-11 22:40 - 2021-05-11 22:40 - 000011351 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-05-11 18:27 - 2021-05-11 18:27 - 393645114 _____ C:\WINDOWS\MEMORY.DMP
2021-05-11 18:27 - 2021-05-11 18:27 - 000560156 _____ C:\WINDOWS\Minidump\051121-6500-01.dmp
2021-05-11 09:40 - 2021-05-11 09:40 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll
2021-05-11 09:40 - 2021-05-11 09:40 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-05-11 09:40 - 2021-05-11 09:40 - 000153600 _____ C:\WINDOWS\system32\uwfcfgmgmt.dll
2021-05-11 09:39 - 2021-05-11 09:39 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-05-11 09:39 - 2021-05-11 09:39 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-05-11 09:39 - 2021-05-11 09:39 - 001823816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-05-11 09:39 - 2021-05-11 09:39 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-05-11 09:39 - 2021-05-11 09:39 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-05-11 09:39 - 2021-05-11 09:39 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-05-11 09:39 - 2021-05-11 09:39 - 000700928 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-05-11 09:39 - 2021-05-11 09:39 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-05-11 09:38 - 2021-05-11 09:38 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-05-11 09:38 - 2021-05-11 09:38 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-05-11 09:16 - 2021-05-11 09:16 - 000000000 ___HD C:\$SysReset
2021-05-11 06:33 - 2021-05-13 15:41 - 089128960 _____ C:\WINDOWS\system32\config\SOFTWARE
2021-05-11 06:29 - 2021-05-11 06:33 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2021-05-10 23:39 - 2021-05-11 02:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Anti-Malware
2021-05-10 23:39 - 2021-05-10 23:39 - 000000000 ____D C:\ProgramData\GridinSoft
2021-05-10 23:28 - 2021-05-10 23:31 - 000000000 ____D C:\ProgramData\SecTaskMan
2021-05-10 23:08 - 2021-05-10 23:08 - 000000000 ____D C:\Users\bring\AppData\Local\mbam
2021-05-06 23:34 - 2021-05-06 23:34 - 000000000 ____D C:\Program Files\Vstplugins
2021-05-06 23:26 - 2021-05-11 03:30 - 000000000 _____ C:\Users\bring\Documents\MainAppLog.txt
2021-05-06 23:07 - 2021-05-06 23:07 - 000000870 _____ C:\Users\bring\Desktop\Studio One 5.lnk
2021-05-06 23:07 - 2021-05-06 23:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PreSonus
2021-05-06 05:23 - 2021-05-11 18:27 - 000000000 ____D C:\WINDOWS\Minidump
2021-05-06 05:23 - 2021-05-06 05:23 - 000482788 _____ C:\WINDOWS\Minidump\050621-9765-01.dmp
2021-05-06 05:07 - 2021-05-11 00:22 - 000000000 ____D C:\Users\bring\Documents\VlcpVideoV1.0.1
2021-05-06 05:06 - 2021-05-06 05:08 - 000000000 ____D C:\WINDOWS\PublicGaming
2021-05-05 19:11 - 2021-05-05 19:11 - 000366989 _____ C:\Users\bring\Desktop\kupdf.net_w-timothy-gallwey-the-inner-game-of-tennis.pdf
2021-05-02 22:58 - 2021-05-04 04:08 - 000000000 ____D C:\Users\bring\AppData\Local\SpliceSettings
2021-05-02 22:58 - 2021-05-02 22:58 - 000002215 _____ C:\Users\bring\Desktop\Splice.lnk
2021-05-02 22:58 - 2021-05-02 22:58 - 000000000 ____D C:\Users\bring\Documents\Splice
2021-05-02 22:58 - 2021-05-02 22:58 - 000000000 ____D C:\Users\bring\AppData\Roaming\Splice
2021-05-02 22:58 - 2021-05-02 22:58 - 000000000 ____D C:\Users\bring\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Splice
2021-05-02 22:58 - 2021-05-02 22:58 - 000000000 ____D C:\Users\bring\AppData\Local\splice
2021-05-02 22:58 - 2021-05-02 22:58 - 000000000 ____D C:\Users\bring\AppData\Local\IsolatedStorage
2021-05-01 21:10 - 2021-05-01 21:21 - 001597301 _____ C:\WINDOWS\gethelp_audiotroubleshooter_latestpackage.zip
2021-05-01 20:21 - 2021-05-11 03:32 - 000000000 ____D C:\Users\bring\Documents\Studio One
2021-05-01 20:06 - 2021-05-06 23:17 - 000000000 ____D C:\ProgramData\PreSonus
2021-05-01 20:06 - 2021-05-01 20:06 - 000000000 ____D C:\Program Files\Common Files\Propellerhead Software
2021-05-01 20:06 - 2020-01-24 06:25 - 000033240 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2021-05-01 20:06 - 2011-01-18 11:49 - 000034152 _____ (GEAR Software Inc.) C:\WINDOWS\SMSS-PFRO0f32.tmp
2021-05-01 19:55 - 2021-05-06 23:07 - 000000000 ____D C:\Users\bring\AppData\Roaming\PreSonus
2021-05-01 19:55 - 2021-05-01 19:55 - 000000880 _____ C:\Users\bring\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Studio One.lnk
2021-05-01 19:55 - 2021-05-01 19:55 - 000000000 ____D C:\ProgramData\{35733029-9859-49C7-8475-1E78E2AAE413}
2021-05-01 19:55 - 2020-01-24 06:25 - 000125872 _____ (GEAR Software Inc.) C:\WINDOWS\system32\GEARAspi64.dll
2021-05-01 19:55 - 2020-01-24 06:25 - 000106928 _____ (GEAR Software Inc.) C:\WINDOWS\SysWOW64\GEARAspi.dll
2021-04-29 21:05 - 2021-04-27 17:16 - 001855192 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-04-29 21:05 - 2021-04-27 17:16 - 001855192 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-04-29 21:05 - 2021-04-27 17:16 - 001453344 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-04-29 21:05 - 2021-04-27 17:16 - 001435864 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-04-29 21:05 - 2021-04-27 17:16 - 001435864 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-04-29 21:05 - 2021-04-27 17:16 - 001192736 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-04-29 21:05 - 2021-04-27 17:16 - 001094880 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-04-29 21:05 - 2021-04-27 17:16 - 001094880 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-04-29 21:05 - 2021-04-27 17:16 - 000948952 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-04-29 21:05 - 2021-04-27 17:16 - 000948952 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-04-29 21:05 - 2021-04-27 17:13 - 000715544 _____ C:\WINDOWS\system32\nvofapi64.dll
2021-04-29 21:05 - 2021-04-27 17:13 - 000626976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2021-04-29 21:05 - 2021-04-27 17:13 - 000575760 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2021-04-29 21:05 - 2021-04-27 17:12 - 002106144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2021-04-29 21:05 - 2021-04-27 17:12 - 001590560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2021-04-29 21:05 - 2021-04-27 17:12 - 001514784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2021-04-29 21:05 - 2021-04-27 17:12 - 001166112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2021-04-29 21:05 - 2021-04-27 17:12 - 000811808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2021-04-29 21:05 - 2021-04-27 17:12 - 000689952 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2021-04-29 21:05 - 2021-04-27 17:12 - 000675104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2021-04-29 21:05 - 2021-04-27 17:12 - 000656160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2021-04-29 21:05 - 2021-04-27 17:12 - 000564000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2021-04-29 21:05 - 2021-04-27 17:11 - 008317232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2021-04-29 21:05 - 2021-04-27 17:11 - 007434032 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2021-04-29 21:05 - 2021-04-27 17:11 - 004795152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2021-04-29 21:05 - 2021-04-27 17:11 - 002823472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2021-04-29 21:05 - 2021-04-27 17:11 - 000445744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2021-04-29 21:05 - 2021-04-27 17:10 - 000848664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2021-04-29 21:05 - 2021-04-27 17:09 - 006159176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2021-04-29 21:05 - 2021-04-23 21:08 - 000087164 _____ C:\WINDOWS\system32\nvinfo.pb
2021-04-29 02:43 - 2021-04-29 02:44 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2021-04-25 13:50 - 2021-04-25 13:50 - 000000000 ____D C:\Users\bring\AppData\Local\Epic Games
2021-04-25 13:49 - 2021-04-28 14:30 - 000000000 ____D C:\Users\bring\AppData\Local\T2GP Launcher
2021-04-25 13:49 - 2021-04-25 13:49 - 000000000 ____D C:\Users\bring\AppData\Roaming\T2GP Launcher
2021-04-22 13:09 - 2021-04-22 13:09 - 000002665 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quran Explorer Desktop.lnk
2021-04-22 13:09 - 2021-04-22 13:09 - 000002653 _____ C:\Users\Public\Desktop\Quran Explorer Desktop.lnk
2021-04-22 13:09 - 2021-04-22 13:09 - 000002653 _____ C:\ProgramData\Desktop\Quran Explorer Desktop.lnk
2021-04-22 13:09 - 2021-04-22 13:09 - 000000000 ____D C:\Users\bring\AppData\Roaming\Quran Explorer
2021-04-22 13:09 - 2021-04-22 13:09 - 000000000 ____D C:\Program Files\Microsoft Synchronization Services
2021-04-22 13:09 - 2021-04-22 13:09 - 000000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2021-04-22 13:09 - 2021-04-22 13:09 - 000000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2021-04-22 13:09 - 2021-04-22 13:09 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2021-04-22 13:07 - 2021-04-22 13:07 - 024546363 _____ C:\Users\bring\Downloads\QESetup-Beta.exe
2021-04-15 08:51 - 2020-08-14 03:59 - 000043416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\NvModuleTracker.sys
2021-04-14 08:11 - 2021-04-14 08:11 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-13 15:58 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2021-05-13 15:49 - 2020-09-14 22:25 - 000840602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-05-13 15:44 - 2020-05-23 12:46 - 000000000 ____D C:\ProgramData\NVIDIA
2021-05-13 15:42 - 2020-09-14 22:23 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-05-13 15:42 - 2020-09-14 22:19 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-05-13 15:42 - 2020-09-14 22:18 - 000008192 ___SH C:\DumpStack.log.tmp
2021-05-13 15:42 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-05-13 15:42 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-05-13 15:41 - 2019-12-07 05:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-05-13 12:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-05-13 10:34 - 2021-03-24 18:03 - 000004166 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{C64EBA4B-4E16-457C-AE93-EA97F16CBA90}
2021-05-13 04:13 - 2020-09-14 22:23 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2429153621-234642561-3579324590-1001
2021-05-13 04:13 - 2020-09-14 22:12 - 000002363 _____ C:\Users\bring\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-05-13 04:13 - 2020-05-22 11:09 - 000000000 ___RD C:\Users\bring\OneDrive
2021-05-12 01:17 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-05-12 00:58 - 2019-12-07 05:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-05-12 00:47 - 2020-09-14 22:19 - 000276448 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-05-12 00:46 - 2019-12-07 05:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-05-12 00:46 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-05-12 00:46 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-05-11 22:41 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-05-11 22:34 - 2020-05-22 15:25 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-05-11 22:33 - 2020-05-22 15:25 - 132732536 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-05-11 18:29 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-05-11 18:26 - 2019-12-07 05:51 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2021-05-11 18:26 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-05-11 18:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-05-11 18:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-05-11 18:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-05-11 18:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-05-11 18:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-05-11 18:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-05-11 18:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-05-11 18:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-05-11 18:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-05-11 18:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-05-11 18:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-05-11 18:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-05-11 18:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-05-11 18:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-05-11 09:43 - 2019-12-07 05:54 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-05-11 02:24 - 2020-06-05 10:57 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-05-11 02:24 - 2020-05-22 11:14 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-05-11 02:24 - 2020-05-22 11:14 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-05-11 02:24 - 2020-05-22 11:14 - 000002260 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-05-10 23:11 - 2020-05-22 11:20 - 000002412 _____ C:\Users\bring\Desktop\Ghuraba (gh) - Chrome.lnk
2021-05-10 18:38 - 2020-05-22 13:31 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-05-08 22:59 - 2020-05-22 11:14 - 000000000 ____D C:\Users\bring\AppData\Local\Google
2021-05-06 23:33 - 2020-07-09 07:03 - 000000000 ____D C:\Program Files\Common Files\VST3
2021-05-06 23:30 - 2020-05-26 22:05 - 000000000 ____D C:\Users\bring\AppData\Roaming\uTorrent
2021-05-06 04:08 - 2020-05-22 19:07 - 000000000 ____D C:\Users\bring\AppData\Roaming\vlc
2021-05-02 22:58 - 2020-10-21 11:43 - 000000000 ____D C:\Users\bring\AppData\Local\SquirrelTemp
2021-04-29 21:14 - 2020-06-15 18:46 - 000000000 ____D C:\Users\bring\AppData\Local\CrashDumps
2021-04-29 21:10 - 2020-05-28 10:55 - 000000000 ____D C:\Users\bring\AppData\Local\NVIDIA
2021-04-28 21:33 - 2020-05-27 01:19 - 000000000 ____D C:\Users\bring\AppData\Local\BitTorrentHelper
2021-04-27 17:09 - 2020-08-18 02:47 - 007212232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2021-04-25 22:45 - 2020-09-14 22:23 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-25 22:45 - 2020-09-14 22:23 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-04-25 13:49 - 2020-05-23 13:11 - 000000000 ____D C:\Users\bring\AppData\Local\D3DSCache
2021-04-25 04:17 - 2020-09-14 22:12 - 000000000 ____D C:\Users\bring
2021-04-23 10:26 - 2020-11-20 13:28 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-04-22 12:27 - 2021-03-18 13:30 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-04-22 12:27 - 2021-03-11 16:26 - 001695184 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2021-04-22 12:27 - 2021-03-11 16:26 - 000236472 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2021-04-22 12:27 - 2021-03-11 16:26 - 000176592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy.dll
2021-04-22 12:27 - 2021-03-11 16:26 - 000159672 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2021-04-22 12:27 - 2021-03-11 16:26 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2021-04-22 12:27 - 2021-03-11 16:26 - 000038328 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamemodcontrol.exe
2021-04-20 20:05 - 2020-09-14 22:23 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-04-20 20:05 - 2020-09-14 22:23 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-04-18 20:42 - 2021-03-11 00:13 - 000000000 ____D C:\Users\bring\Desktop\sfv mods
2021-04-15 08:52 - 2020-09-14 22:23 - 000003976 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-15 08:52 - 2020-09-14 22:23 - 000003940 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-15 08:52 - 2020-05-28 10:55 - 000001443 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2021-04-15 08:52 - 2020-05-28 10:55 - 000001443 _____ C:\ProgramData\Desktop\GeForce Experience.lnk
2021-04-15 08:52 - 2020-05-22 13:31 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2021-04-15 08:51 - 2020-09-14 22:23 - 000004308 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-15 08:51 - 2020-09-14 22:23 - 000004106 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-15 08:51 - 2020-09-14 22:23 - 000003894 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-15 08:51 - 2020-09-14 22:23 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-15 08:51 - 2020-09-14 22:23 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-15 08:51 - 2020-09-14 22:23 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-15 08:51 - 2020-09-14 22:23 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-15 08:51 - 2020-09-14 22:23 - 000003654 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-15 08:51 - 2020-05-22 11:25 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2021-04-15 08:51 - 2020-05-22 11:22 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2021-04-14 08:24 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-04-14 08:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-04-14 08:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-04-14 08:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-04-14 08:11 - 2020-09-14 22:20 - 002877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

**************************************************************************************************************************************************
**************************************************************************************************************************************************


addition text



***************************************************************************************************************************************************
****************************************************************************************************************************************************

could not find the more options prompt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-05-2021
Ran by bring (13-05-2021 16:01:05)
Running from D:\Chrome Downloads\frst64
Windows 10 Pro Version 20H2 19042.985 (X64) (2020-09-15 02:23:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2429153621-234642561-3579324590-500 - Administrator - Disabled)
bring (S-1-5-21-2429153621-234642561-3579324590-1001 - Administrator - Enabled) => C:\Users\bring
DefaultAccount (S-1-5-21-2429153621-234642561-3579324590-503 - Limited - Disabled)
Guest (S-1-5-21-2429153621-234642561-3579324590-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2429153621-234642561-3579324590-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2429153621-234642561-3579324590-1001\...\uTorrent) (Version: 3.5.5.45988 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.001.20150 - Adobe Systems Incorporated)
AppCleaner (HKLM-x32\...\AppCleaner) (Version: 3.3.6626.24371 - UpdateStar GmbH)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bome Virtual MIDI 2.1.0.44 (HKLM\...\BMIDI_Driver1.0.0.11_is1) (Version:  - Bome Software GmbH & Co. KG)
Core Temp 1.16 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.16 - ALCPU)
Custom Shop version 2.0.0 (HKLM\...\{21BAD046-50EC-49E2-BE7B-F9729704F2C3}_is1) (Version: 2.0.0 - IK Multimedia)
Discord (HKU\S-1-5-21-2429153621-234642561-3579324590-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{1D4EB18B-0FEE-444E-B4D1-6F2CFBC363E6}) (Version: 1.1.267.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
f.lux (HKU\S-1-5-21-2429153621-234642561-3579324590-1001\...\Flux) (Version:  - f.lux Software LLC)
Focusrite Thunderbolt 4.25.0.335 (HKLM\...\Focusrite Thunderbolt_is1) (Version: 4.25.0.335 - Focusrite Audio Engineering Ltd.)
Focusrite Usb 4.65.5.658 (HKLM\...\Focusrite Usb_is1) (Version: 4.65.5.658 - Focusrite Audio Engineering, Ltd.)
GEAR driver installer for x64 WinXP (HKLM\...\{89264031-7A83-4DB5-AECB-22BC115BB886}) (Version: 5.005.3 - GEAR Software, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 90.0.4430.212 - Google LLC)
Guitar Pro 7 (HKLM-x32\...\Guitar Pro_is1) (Version: 7.5.4.1799 - )
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LED Sync (HKLM-x32\...\{D10D6F85-907E-4F37-8E30-C17F6BC57813}) (Version: 1.1.0 - EVGA)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 90.0.818.56 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 90.0.818.56 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2429153621-234642561-3579324590-1001\...\OneDriveSetup.exe) (Version: 21.073.0411.0002 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Native Instruments Blocks Base (HKLM-x32\...\Native Instruments Blocks Base) (Version: 1.0.1.1 - Native Instruments)
Native Instruments Expansions Selection (HKLM-x32\...\Native Instruments Expansions Selection) (Version: 1.0.0.10 - Native Instruments)
Native Instruments Guitar Rig 6 (HKLM-x32\...\Native Instruments Guitar Rig 6) (Version: 6.1.1.118 - Native Instruments)
Native Instruments Native Access (HKLM-x32\...\Native Instruments Native Access) (Version: 1.13.2.135 - Native Instruments)
NVIDIA FrameView SDK 1.1.4923.29781331 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29781331 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.22.0.32 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.22.0.32 - NVIDIA Corporation)
NVIDIA Graphics Driver 466.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 466.27 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.98.47688 - Electronic Arts, Inc.)
PreSonus Studio One 5 (HKLM\...\Studio One 5_is1) (Version: 5.0.1 - PreSonus)
Quran Explorer Desktop (HKLM-x32\...\{34A9F183-1011-4845-9826-FBAA53DA59DF}) (Version: 1.0.34 - Quran Explorer)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
REDlauncher (HKU\S-1-5-21-2429153621-234642561-3579324590-1001\...\{7258BA11-600C-430E-A759-27E2C691A335}-REDlauncher_is1) (Version:  - GOG.com)
SFV Pak Mod Manager (HKU\S-1-5-21-2429153621-234642561-3579324590-1001\...\sfv) (Version: 2.2.11 - Frosthaven)
Splice (HKU\S-1-5-21-2429153621-234642561-3579324590-1001\...\splice) (Version: 3.6.94170 - Distributed Creation, Inc.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.14.1 - Synaptics Incorporated)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.9.4 - TeamViewer)
Transcribe! 8.31 (HKLM-x32\...\Transcribe!_is1) (Version: 8.31 - Seventh String Software)
Twitch Leecher 1.8.4 (HKLM\...\{4871CA2A-E8D6-429D-B3AD-DA09410AF346}) (Version: 1.8.4.0 - Franiac) Hidden
Twitch Leecher 1.8.4 (HKLM-x32\...\{904941a6-1120-4eaa-a150-30df49e3939c}) (Version: 1.8.4.0 - Franiac)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
WinRAR 5.91 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.91.1 - win.rar GmbH)

Packages:
=========
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.57.2.0_x86__kgqvnymyfvs32 [2021-04-21] (king.com)
Farm Heroes Saga -> C:\Program Files\WindowsApps\king.com.FarmHeroesSaga_5.58.5.0_x86__kgqvnymyfvs32 [2021-05-09] (king.com)
Japanese Islands PREMIUM -> C:\Program Files\WindowsApps\Microsoft.JapaneseIslandsPREMIUM_1.0.0.0_neutral__8wekyb3d8bbwe [2021-02-24] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-05-22] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-05-22] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.5060.0_x64__8wekyb3d8bbwe [2021-05-11] (Microsoft Studios) [MS Ad]
Night Eye -> C:\Program Files\WindowsApps\43069RAZORdeveloper.NightEye_3.7.6.0_neutral__c9kkezg6y739m [2021-03-24] (RAZORdeveloper)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.960.0_x64__56jybvy8sckqj [2021-04-29] (NVIDIA Corp.)
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2021-04-01] (Adobe Systems Incorporated)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0 [2021-04-30] (Spotify AB) [Startup Task]
Subdivision Metronome 10 -> C:\Program Files\WindowsApps\51672mmaciekk.SubdivisionMetronome_4.0.3.0_x64__z6teh460wqmk8 [2020-07-10] (macieksz) [MS Ad]
Trio Office -> C:\Program Files\WindowsApps\64343GTDocStudio_OfficeDocOpener_3.2.21.0_x86__3h5nez1g3qt2c [2021-01-13] (GT Office PDF Studio)
Xbox Accessories -> C:\Program Files\WindowsApps\Microsoft.XboxDevices_300.2103.5001.0_x64__8wekyb3d8bbwe [2021-03-11] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2429153621-234642561-3579324590-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}0
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-05-31] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-05-31] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a494df49ba2f9f36\nvshext.dll [2021-04-27] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-05-31] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-05-31] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\bring\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --load-extension="C:\ProgramData\Sekbst\Gbzmx\4432A5BD"

==================== Loaded Modules (Whitelisted) =============

2021-01-15 21:43 - 2021-01-15 21:42 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] D:\Program Files (x86)\Origin\LIBEAY32.dll
2021-01-15 21:43 - 2021-01-15 21:42 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] D:\Program Files (x86)\Origin\ssleay32.dll
2021-01-15 21:43 - 2021-01-15 21:42 - 001611264 _____ (The Qt Company Ltd) [File not signed] D:\Program Files (x86)\Origin\platforms\qwindows.dll
2021-05-11 00:01 - 2021-01-15 21:42 - 005487104 _____ (The Qt Company Ltd) [File not signed] D:\Program Files (x86)\Origin\Qt5Core.dll
2021-05-11 00:01 - 2021-01-15 21:42 - 005841920 _____ (The Qt Company Ltd) [File not signed] D:\Program Files (x86)\Origin\Qt5Gui.dll
2021-05-11 00:01 - 2021-01-15 21:42 - 001179136 _____ (The Qt Company Ltd) [File not signed] D:\Program Files (x86)\Origin\Qt5Network.dll
2021-05-11 00:01 - 2021-01-15 21:42 - 000146432 _____ (The Qt Company Ltd) [File not signed] D:\Program Files (x86)\Origin\Qt5WebSockets.dll
2021-05-11 00:01 - 2021-01-15 21:42 - 005089792 _____ (The Qt Company Ltd) [File not signed] D:\Program Files (x86)\Origin\Qt5Widgets.dll
2021-05-11 00:01 - 2021-01-15 21:42 - 000184832 _____ (The Qt Company Ltd) [File not signed] D:\Program Files (x86)\Origin\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\bring\AppData\Local\Temp:$DATA [16]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com
HKU\S-1-5-21-2429153621-234642561-3579324590-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com
HKU\S-1-5-21-2429153621-234642561-3579324590-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2429153621-234642561-3579324590-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2020-05-22 14:05 - 2021-03-18 13:39 - 000000826 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2429153621-234642561-3579324590-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\bring\Desktop\sekirot\Wallpaper-Berserk-anime-manga-Guts-black-armor-.jpg
DNS Servers: 200.1.104.35 - 200.1.104.36
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "Focusrite Notifier"
HKU\S-1-5-21-2429153621-234642561-3579324590-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2429153621-234642561-3579324590-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2429153621-234642561-3579324590-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-2429153621-234642561-3579324590-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2429153621-234642561-3579324590-1001\...\StartupApproved\Run: => "com.squirrel.splice.Splice"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{405A7E62-5D18-409E-8A9C-36E2A745737E}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{829BD799-0445-4FF1-8E51-0D7B99A4F998}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{7CA062A7-9CE8-4176-BC55-CAB10C4F0A4A}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{A5DD8456-47AA-4195-B1C3-6E1649AC4C17}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [UDP Query User{96D5EDCD-0146-4365-B88B-9CDC1C5A416E}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{769CFF9E-1CA7-4016-B60D-042402C14F4B}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{C51BBBC6-3CDB-48F1-98C8-FD72A7560B7E}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{52D2114B-22FE-4215-B0D9-89B65994E743}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{7F28A7F5-10EE-4470-BE78-F70BDDE037F5}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\EVGA PrecisionX\PrecisionX_x64.exe (EVGA Corp. -> EVGA Co., Ltd.)
FirewallRules: [{0242BF30-D09C-47CA-BCA7-DCDA3855CDF1}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\EVGA PrecisionX\PrecisionX_x64.exe (EVGA Corp. -> EVGA Co., Ltd.)
FirewallRules: [{E24C4617-9EBF-4A3F-82AE-79D16A256489}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{49C948DB-E880-424D-AC38-12CE7A3168FD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{0311DE83-1C0C-4E05-9E11-83D494FB42D7}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\StreetFighterV\StreetFighterV.exe (CAPCOM CO., LTD. -> )
FirewallRules: [{0ADC7103-43CD-490A-864C-16F86FD4378D}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\StreetFighterV\StreetFighterV.exe (CAPCOM CO., LTD. -> )
FirewallRules: [{37D2BF4D-F280-4085-87A6-C06C1F1A7E74}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [{945DAB81-9455-45E1-B423-941FC993D988}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [{3E0BC0CC-201F-4FA2-920C-B34210C99C45}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{D473E655-C8A0-4386-8B22-A572455EE25B}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{CBD9DD67-95A2-44A0-A448-FBDEF30F98D0}] => (Allow) D:\Program Files (x86)\Steam\steam.exe (Valve -> Valve Corporation)
FirewallRules: [{B026FBBF-5D7C-4D0D-9ECB-30D786248644}] => (Allow) D:\Program Files (x86)\Steam\steam.exe (Valve -> Valve Corporation)
FirewallRules: [{CB4DB25A-046A-416F-A535-C012CD9421F5}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe => No File
FirewallRules: [{A2EDB8F4-F8D8-4AC7-BB33-C0ED745AE9AA}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe => No File
FirewallRules: [{46BE287B-1BE8-4DE9-B3D9-08C608D9A943}] => (Allow) C:\Users\bring\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{DACB1892-9218-4ADD-AEE9-6BE1AA14A0EF}] => (Allow) C:\Users\bring\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{0CAB6D8E-90A3-477F-957C-581846C7B9A2}C:\users\bring\appdata\roaming\utorrent\updates\3.5.5_45790.exe] => (Allow) C:\users\bring\appdata\roaming\utorrent\updates\3.5.5_45790.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{BC7FDA7C-FB24-4A8F-BCDF-645ECFCD57A7}C:\users\bring\appdata\roaming\utorrent\updates\3.5.5_45790.exe] => (Allow) C:\users\bring\appdata\roaming\utorrent\updates\3.5.5_45790.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{07561935-D222-4FFF-B680-D269AB19D7D8}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Bastion\Bastion.exe (Supergiant Games) [File not signed]
FirewallRules: [{6CE8273D-B8AE-4433-9292-0620D325B875}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Bastion\Bastion.exe (Supergiant Games) [File not signed]
FirewallRules: [{8C3EFBD4-269E-460D-BE61-5783C55C2268}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe (Valve Corp. -> Irrational Games) [File not signed]
FirewallRules: [{4BD8A606-5CF3-4AFC-B87E-CB8295BF4681}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe (Valve Corp. -> Irrational Games) [File not signed]
FirewallRules: [TCP Query User{51213ECE-D1CE-4A1F-A402-604AD86334AD}D:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) D:\programdata\wargaming.net\gamecenter\wgc.exe => No File
FirewallRules: [UDP Query User{7D1FA4E5-124D-4EDF-9C22-745567651D38}D:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) D:\programdata\wargaming.net\gamecenter\wgc.exe => No File
FirewallRules: [{6F96D695-66CB-4648-9757-63859D58CEDA}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Ori DE\oriDE.exe () [File not signed]
FirewallRules: [{E64FADE3-3F2E-49DC-819B-ADDAE76F635D}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Ori DE\oriDE.exe () [File not signed]
FirewallRules: [{28B051E9-9D59-4F90-8CB9-91CC29540E1B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Cyberpunk 2077\REDprelauncher.exe (GOG Sp. z o.o. -> GOG.com)
FirewallRules: [{FA782A3F-F266-4B17-ADD2-812A8FE0FC54}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Cyberpunk 2077\REDprelauncher.exe (GOG Sp. z o.o. -> GOG.com)
FirewallRules: [TCP Query User{4CA6A2B3-6489-4C2D-B95D-F97815AE0CCE}D:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [UDP Query User{60F63836-1AD4-4CD8-A72F-B6A1DCB252DA}D:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [{1BF5E03C-B6C4-4093-99C8-67D1335B5819}] => (Allow) D:\Program Files\Focusrite\Focusrite Control\Server\ControlServer.exe => No File
FirewallRules: [{0652F21D-EE3C-43D0-9A90-22BAF3631160}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Sekiro\sekiro.exe (Activision Publishing Inc -> FromSoftware, Inc.)
FirewallRules: [{E0A09AF7-C148-4DAD-9917-F930B28335FA}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Sekiro\sekiro.exe (Activision Publishing Inc -> FromSoftware, Inc.)
FirewallRules: [{F42647FD-B0C9-4264-814E-8B7101DFB5B8}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe => No File
FirewallRules: [{3412AF86-4208-4307-A614-037ABF153510}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe => No File
FirewallRules: [{0707F02E-FE61-4060-9EE4-8B3A887B13DD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{880A7827-4A37-48B5-AB13-0E3B843AE74A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{B2EDABB9-B648-42AC-A31D-8CA40DC41016}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{44076947-F1FB-4912-92BE-C906EA286B5E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{6AD3E142-DFDA-4D6A-92A9-6D66C6C4E617}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{11F6E3A5-775D-4833-93C8-1BC3399D442B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BC0A81A2-C72D-49FA-8767-9CEA83DE8874}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{EE95A242-D9CD-4300-8FB1-3FC7174C23A6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{EA41253A-B97B-47A9-A349-3B8EF2BA907C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{89FB6BC2-B45F-4538-8836-D16C19FAF20F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D2BEF5D1-5939-436E-B5C1-746C039830A4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{78D5F687-E775-4995-868B-8F6243643325}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6D67A972-5A75-4D42-9323-790339D7D98C}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.56\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{C4811B15-76A4-4730-A0B7-F1AE788B53BB}D:\program files\presonus\studio one 5\studio one.exe] => (Allow) D:\program files\presonus\studio one 5\studio one.exe (PreSonus) [File not signed]
FirewallRules: [UDP Query User{53C3975D-829D-418A-BA23-03FA0C0AE102}D:\program files\presonus\studio one 5\studio one.exe] => (Allow) D:\program files\presonus\studio one 5\studio one.exe (PreSonus) [File not signed]
FirewallRules: [TCP Query User{2DD778B5-37D7-4B70-A1D7-FEB4D9CC228F}D:\program files\presonus\studio one 5\pluginscanner.exe] => (Allow) D:\program files\presonus\studio one 5\pluginscanner.exe (PreSonus Audio Electronics, Inc. -> PreSonus)
FirewallRules: [UDP Query User{4FB4A5ED-4F1D-4AA7-88B9-470AD077B70B}D:\program files\presonus\studio one 5\pluginscanner.exe] => (Allow) D:\program files\presonus\studio one 5\pluginscanner.exe (PreSonus Audio Electronics, Inc. -> PreSonus)
FirewallRules: [{2F5980E0-F361-4681-A41F-C02F73B37AA5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:110.03 GB) (Free:26.35 GB) (24%)

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (05/11/2021 10:52:13 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Zoro (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (05/11/2021 01:38:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemSettings.exe version 10.0.19041.789 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1dc

Start Time: 01d746790e4728a1

Termination Time: 4294967295

Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe

Report Id: 19b218d9-00ba-474a-a7f9-4cbf26fc6226

Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel

Hang type: Quiesce

Error: (05/11/2021 09:47:43 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemSettings.exe version 10.0.19041.789 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 16a0

Start Time: 01d746690dc17277

Termination Time: 4294967295

Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe

Report Id: 4314418f-1eae-43d7-9f79-bc6086c53e5c

Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel

Hang type: Quiesce

Error: (05/10/2021 11:18:57 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (05/06/2021 05:38:19 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program dota2.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2db4

Start Time: 01d7425b0763372e

Termination Time: 41

Application Path: D:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe

Report Id: fe16d99a-f0a7-4b8a-ba50-04f0e04bbf9b

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown


System errors:
=============
Error: (05/13/2021 03:42:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NIHostIntegrationAgent service failed to start due to the following error:
The system cannot find the file specified.

Error: (05/13/2021 03:42:28 PM) (Source: volmgr) (EventID: 161) (User: )
Description: Dump file creation failed due to error during dump creation.

Error: (05/12/2021 08:32:33 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-DSJCIS2)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (05/12/2021 08:32:33 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-DSJCIS2)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (05/12/2021 08:32:33 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-DSJCIS2)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (05/12/2021 08:32:33 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-DSJCIS2)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (05/12/2021 08:32:32 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-DSJCIS2)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (05/12/2021 08:32:32 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-DSJCIS2)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.


Windows Defender:
================
Date: 2021-05-11 15:15:25
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
[URL unfurl="true"]https://go.microsoft.com/fwlink/?linkid=37020&name=App:Utorrent_BundleInstaller&threatid=290703&enterprise=0[/URL]
Name: App:Utorrent_BundleInstaller
Severity: Low
Category: Potentially Unwanted Software
Path: file:_D:\Chrome Downloads\uTorrent (1).exe; file:_D:\Chrome Downloads\uTorrent.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: User
Process Name: Unknown
Security intelligence Version: AV: 1.339.429.0, AS: 1.339.429.0, NIS: 1.339.429.0
Engine Version: AM: 1.1.18100.6, NIS: 1.1.18100.6

Date: 2021-05-11 15:15:25
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
[URL unfurl="true"]https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/AskToolbar&threatid=227072&enterprise=0[/URL]
Name: PUA:Win32/AskToolbar
Severity: Low
Category: Potentially Unwanted Software
Path: file:_D:\D\dldedprograms\BitTorrent-6.1.2.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: User
Process Name: Unknown
Security intelligence Version: AV: 1.339.429.0, AS: 1.339.429.0, NIS: 1.339.429.0
Engine Version: AM: 1.1.18100.6, NIS: 1.1.18100.6

Date: 2021-05-11 15:15:25
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
[URL unfurl="true"]https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Keygen!rfn&threatid=2147692398&enterprise=0[/URL]
Name: HackTool:Win32/Keygen!rfn
Severity: High
Category: Tool
Path: containerfile:_D:\Chrome Downloads\acad2018_x64.iso; file:_D:\Chrome Downloads\acad2018_x64.iso->Crack\xf-adsk2018_x86.7z->xf-adsk2018_x86.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: User
Process Name: Unknown
Security intelligence Version: AV: 1.339.429.0, AS: 1.339.429.0, NIS: 1.339.429.0
Engine Version: AM: 1.1.18100.6, NIS: 1.1.18100.6

Date: 2021-05-11 15:15:25
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
[URL unfurl="true"]https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/PullUpdate&threatid=226949&enterprise=0[/URL]
Name: PUA:Win32/PullUpdate
Severity: Low
Category: Potentially Unwanted Software
Path: containerfile:_D:\Chrome Downloads\tuinst.exe; file:_D:\Chrome Downloads\tuinst.exe->(nsis-3-TuneUpUpdater.exe)
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: User
Process Name: Unknown
Security intelligence Version: AV: 1.339.429.0, AS: 1.339.429.0, NIS: 1.339.429.0
Engine Version: AM: 1.1.18100.6, NIS: 1.1.18100.6

Date: 2021-05-11 15:15:25
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
[URL unfurl="true"]https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS!ml&threatid=2147748160&enterprise=0[/URL]
Name: HackTool:Win32/AutoKMS!ml
Severity: High
Category: Tool
Path: containerfile:_D:\Abu Antivirus\ESET NOD32 Antivirus 6.0.308.0.rar; file:_D:\Abu Antivirus\ESET NOD32 Antivirus 6.0.308.0.rar->ESET NOD32 Antivirus 6.0.308.0\box, mara-fix 1.7\Eset fix.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: User
Process Name: Unknown
Security intelligence Version: AV: 1.339.429.0, AS: 1.339.429.0, NIS: 1.339.429.0
Engine Version: AM: 1.1.18100.6, NIS: 1.1.18100.6

Date: 2021-05-06 04:16:56
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.339.21.0
Previous security intelligence Version: 1.337.647.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.18100.6
Previous Engine Version: 1.1.18100.5
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2021-05-06 04:16:56
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.339.21.0
Previous security intelligence Version: 1.337.647.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.18100.6
Previous Engine Version: 1.1.18100.5
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2021-05-06 04:16:56
Description:
Microsoft Defender Antivirus has encountered an error trying to update the engine.
New Engine Version: 1.1.18100.6
Previous Engine Version: 1.1.18100.5
Error Code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2021-05-05 22:37:47
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.339.21.0
Previous security intelligence Version: 1.337.647.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.18100.6
Previous Engine Version: 1.1.18100.5
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2021-05-05 22:37:47
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.339.21.0
Previous security intelligence Version: 1.337.647.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.18100.6
Previous Engine Version: 1.1.18100.5
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

CodeIntegrity:
===============
Date: 2021-05-12 01:44:20
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2021-05-12 01:43:02
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. V2.10 02/28/2013
Motherboard: MSI Z77A-G45 (MS-7752)
Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 23%
Total physical RAM: 16328.87 MB
Available physical RAM: 12512.35 MB
Total Virtual: 18760.87 MB
Available Virtual: 12906.3 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:110.03 GB) (Free:26.35 GB) NTFS
Drive d: (Zoro) (Fixed) (Total:3725.8 GB) (Free:1695.13 GB) NTFS

\\?\Volume{e79f3935-25fa-4801-87c6-e3fad25f1c75}\ (Recovery) (Fixed) (Total:0.52 GB) (Free:0.09 GB) NTFS
\\?\Volume{953b5567-477d-4679-8766-431f5cacad93}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 3726 GB) (Disk ID: E1107084)

Partition: GPT.

==========================================================
Disk: 1 (Size: 111.8 GB) (Disk ID: 2D117F8C)

Partition: GPT.

==================== End of Addition.txt =======================
 
  • Like
Reactions: Nevi

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,425
Hi,

Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

If the problem persists and Chrome is Synced with other Devices reset it.



Execute the suggested fix.

Restart the computer normally.
===========

Let me know ifthe problem is solved..
 

Attachments

  • fixlist.txt
    3.4 KB · Views: 8
  • Like
Reactions: Stopspying

ghu2a34

New Member
Thread author
May 11, 2021
6
Hello,
As instructed I downloaded Fixlst.txt to the where the Farbar tool is running from. Followed all instructions thereafter computer restarted. As I was told to expect. Below you will find the contents of the Fixlog.txt during the posting of the reply to this message. Google chrome crashed and the malware extension was re installed to google chrome which was indicated by the tell tale symptom of google crashing and the extension re- appearing. I am going to now reset google chrome sync will then restart and reply to this message.
Thank you for your time and your help.
Kindest Regards,
S

****************************************************************************************************************************************************************************************

Code:
Fix result of Farbar Recovery Scan Tool (x64) Version: 14-05-2021
Ran by bring (14-05-2021 10:33:07) Run:1
Running from D:\Chrome Downloads\frst64
Loaded Profiles: bring
Boot Mode: Normal
==============================================

fixlist content:
*****************
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Extension: (xAskHelp) - C:\ProgramData\Sekbst\Gbzmx\4432A5BD [2021-05-13]
CHR HomePage: Profile 1 -> hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBEQo0lOCwIxrzs2Rcb6iYzH5XEFX-HAz-jXAXZ8ivMbXbDApnjWC1w6s1wWM2ybrSNeQ28tQjfFwa-ZFxpxp4qi0881KifiyD4FALaxSmAk_z_yvKFChZfJ1h8N0Qd4N0O92dbjCiw4QK19pN2kx40Ffx6dB4jb-kAhADD3z7XMFwiozJcrKqwxLNNtak,
CHR StartupUrls: Profile 1 -> "hxxps://www.google.tt/?gws_rd=cr,ssl&ei=wvatU4CpBcTmywPb5oK4AQ"
CHR Extension: (Hola Free VPN Proxy Unblocker - Best VPN) - C:\Users\bring\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2021-05-13]
CHR Extension: (xAskHelp) - C:\ProgramData\Sekbst\Gbzmx [2021-05-13]
AlternateDataStreams: C:\Users\bring\AppData\Local\Temp:$DATA [16]
FirewallRules: [{3E0BC0CC-201F-4FA2-920C-B34210C99C45}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{D473E655-C8A0-4386-8B22-A572455EE25B}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{CB4DB25A-046A-416F-A535-C012CD9421F5}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe => No File
FirewallRules: [{A2EDB8F4-F8D8-4AC7-BB33-C0ED745AE9AA}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe => No File
FirewallRules: [TCP Query User{51213ECE-D1CE-4A1F-A402-604AD86334AD}D:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) D:\programdata\wargaming.net\gamecenter\wgc.exe => No File
FirewallRules: [UDP Query User{7D1FA4E5-124D-4EDF-9C22-745567651D38}D:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) D:\programdata\wargaming.net\gamecenter\wgc.exe => No File
FirewallRules: [{1BF5E03C-B6C4-4093-99C8-67D1335B5819}] => (Allow) D:\Program Files\Focusrite\Focusrite Control\Server\ControlServer.exe => No File
FirewallRules: [{F42647FD-B0C9-4264-814E-8B7101DFB5B8}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe => No File
FirewallRules: [{3412AF86-4208-4307-A614-037ABF153510}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe => No File
C:\ProgramData\Sekbst
CMD: netsh int ip reset
CMD: ipconfig /flushDNS
Restart:

*****************

SystemRestore: On => completed
Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
Edge Extension: (xAskHelp) - C:\ProgramData\Sekbst\Gbzmx\4432A5BD [2021-05-13] => Error: No automatic fix found for this entry.
"Chrome HomePage" => removed successfully
"Chrome StartupUrls" => removed successfully
CHR Extension: (Hola Free VPN Proxy Unblocker - Best VPN) - C:\Users\bring\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2021-05-13] => Error: No automatic fix found for this entry.
CHR Extension: (xAskHelp) - C:\ProgramData\Sekbst\Gbzmx [2021-05-13] => Error: No automatic fix found for this entry.
C:\Users\bring\AppData\Local\Temp => ":$DATA" ADS could not remove.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3E0BC0CC-201F-4FA2-920C-B34210C99C45}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D473E655-C8A0-4386-8B22-A572455EE25B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CB4DB25A-046A-416F-A535-C012CD9421F5}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A2EDB8F4-F8D8-4AC7-BB33-C0ED745AE9AA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{51213ECE-D1CE-4A1F-A402-604AD86334AD}D:\programdata\wargaming.net\gamecenter\wgc.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{7D1FA4E5-124D-4EDF-9C22-745567651D38}D:\programdata\wargaming.net\gamecenter\wgc.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1BF5E03C-B6C4-4093-99C8-67D1335B5819}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F42647FD-B0C9-4264-814E-8B7101DFB5B8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3412AF86-4208-4307-A614-037ABF153510}" => removed successfully
C:\ProgramData\Sekbst => moved successfully

========= netsh int ip reset =========

Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= ipconfig /flushDNS =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog 10:33:18 ====
 

Attachments

  • Fixlog.txt
    8.2 KB · Views: 1

ghu2a34

New Member
Thread author
May 11, 2021
6
Good afternoon,
As instructed I disabled google sync on all google accounts on my pc. Also disabled sync on my android phone specifically contacts and calendar. Executed instructions as given i.e downloaded fix list, ran far bar tool, was prompted to restart was met with some problems as some of my windows updates were not installed properly uninstalled my last update attempted restart was successful. Proceeded to log into windows opened google chrome with 2-3 minutes crash and extension was re-installed attaching fix log test post de-activation of chrome sync.
 

Attachments

  • Fixlog.txt
    8 KB · Views: 1

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,425
Hi,
Your copy of Chrome may have been compromised

Remove and re-install Chrome. Follow these instructions.

[img=[URL]https://www.bleepingcomputer.com/forums/public/style_emoticons/default/step1.gif[/URL]] Remove Chrome from your Computer and reinstall a fresh copy later.

[img=[URL]https://www.bleepingcomputer.com/forums/public/style_emoticons/default/step2.gif[/URL]] If you remove the syncing of your account you must remove it before you save your bookmarks etc...
Delete Your Google Chrome Browser Sync Data if you sync with other devices. <- Important ...

[img=[URL]https://www.bleepingcomputer.com/forums/public/style_emoticons/default/step3.gif[/URL]] Before you remove Chrome Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.
How To: How To Back Up Your Google Chrome Bookmarks

[img=[URL]https://www.bleepingcomputer.com/forums/public/style_emoticons/default/step4.gif[/URL]] Before you remove Chrome Export your Passwords
How to export your saved passwords from Chrome

[img=[URL]https://www.bleepingcomputer.com/forums/public/style_emoticons/default/step5.gif[/URL]] Clear your Chrome cache and cookies

[img=[URL]https://www.bleepingcomputer.com/forums/public/style_emoticons/default/step6.gif[/URL]] Remove Chrome using the the instructions on this page.

[img=[URL]https://www.bleepingcomputer.com/forums/public/style_emoticons/default/step7.gif[/URL]] Re-install Chrome and the Bookmarks and passwords.
<<<>>
 

ghu2a34

New Member
Thread author
May 11, 2021
6
Hi,
Your copy of Chrome may have been compromised

Remove and re-install Chrome. Follow these instructions.

[img=[URL]https://www.bleepingcomputer.com/forums/public/style_emoticons/default/step1.gif[/URL]] Remove Chrome from your Computer and reinstall a fresh copy later.

[img=[URL]https://www.bleepingcomputer.com/forums/public/style_emoticons/default/step2.gif[/URL]] If you remove the syncing of your account you must remove it before you save your bookmarks etc...
Delete Your Google Chrome Browser Sync Data if you sync with other devices. <- Important ...

[img=[URL]https://www.bleepingcomputer.com/forums/public/style_emoticons/default/step3.gif[/URL]] Before you remove Chrome Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.
How To: How To Back Up Your Google Chrome Bookmarks

[img=[URL]https://www.bleepingcomputer.com/forums/public/style_emoticons/default/step4.gif[/URL]] Before you remove Chrome Export your Passwords
How to export your saved passwords from Chrome

[img=[URL]https://www.bleepingcomputer.com/forums/public/style_emoticons/default/step5.gif[/URL]] Clear your Chrome cache and cookies

[img=[URL]https://www.bleepingcomputer.com/forums/public/style_emoticons/default/step6.gif[/URL]] Remove Chrome using the the instructions on this page.

[img=[URL]https://www.bleepingcomputer.com/forums/public/style_emoticons/default/step7.gif[/URL]] Re-install Chrome and the Bookmarks and passwords.
<<<>>
Hey good morning nasdaq,
I followed instructions cleared all data re-installed chrome and i am also seeing the same behavior in microsoft edge. After re-installing chrome the malware extension came pre-installed into google. chrome. A point of note i checked instagram on my phone to find i was following over 1000 accounts that I do not know safe to say I feel like i have been hacked.
 
  • Like
Reactions: upnorth

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,425
Hi,

Let's have an other look at this.

Run the Farbar scan and attach fresh logs.

===

Let see what will find in the Registry.

Download the Systemlook appropriate for you system.

SystemLook (32-Bit Version) or SystemLook (64-Bit Version)

  • Double-click SystemLook.exe/SystemLook_x64.exe[/*]
  • to run it.[/*]
  • Copy and paste the content of the following bold text into the main textfield:[/*]
    :regfind
    xAskHelp
    Sekbst
    [/*]
  • Click the Look button to start the scan.[/*]
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.[/*]
  • Note: The log can also be found on your Desktop entitled SystemLook.txt.[/*]
===
 

ghu2a34

New Member
Thread author
May 11, 2021
6
Hi,
Your copy of Chrome may have been compromised

Remove and re-install Chrome. Follow these instructions.

[img=[URL]https://www.bleepingcomputer.com/forums/public/style_emoticons/default/step1.gif[/URL]] Remove Chrome from your Computer and reinstall a fresh copy later.

[img=[URL]https://www.bleepingcomputer.com/forums/public/style_emoticons/default/step2.gif[/URL]] If you remove the syncing of your account you must remove it before you save your bookmarks etc...
Delete Your Google Chrome Browser Sync Data if you sync with other devices. <- Important ...

[img=[URL]https://www.bleepingcomputer.com/forums/public/style_emoticons/default/step3.gif[/URL]] Before you remove Chrome Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.
How To: How To Back Up Your Google Chrome Bookmarks

[img=[URL]https://www.bleepingcomputer.com/forums/public/style_emoticons/default/step4.gif[/URL]] Before you remove Chrome Export your Passwords
How to export your saved passwords from Chrome

[img=[URL]https://www.bleepingcomputer.com/forums/public/style_emoticons/default/step5.gif[/URL]] Clear your Chrome cache and cookies

[img=[URL]https://www.bleepingcomputer.com/forums/public/style_emoticons/default/step6.gif[/URL]] Remove Chrome using the the instructions on this page.

[img=[URL]https://www.bleepingcomputer.com/forums/public/style_emoticons/default/step7.gif[/URL]] Re-install Chrome and the Bookmarks and passwords.
<<<>>

Hi,

Let's have an other look at this.

Run the Farbar scan and attach fresh logs.

===

Let see what will find in the Registry.

Download the Systemlook appropriate for you system.

SystemLook (32-Bit Version) or SystemLook (64-Bit Version)

  • Double-click SystemLook.exe/SystemLook_x64.exe[/*]
  • to run it.[/*]
  • Copy and paste the content of the following bold text into the main textfield:[/*]
    :regfind
    xAskHelp
    Sekbst
    [/*]
  • Click the Look button to start the scan.[/*]
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.[/*]
  • Note: The log can also be found on your Desktop entitled SystemLook.txt.[/*]
===
good morning,
I gave up i reset my windows and restarted from scratch I will have to recover all my passwords etc but thats ok that malware was too frustrating so far the pc seems fine thanks man for all your help at least i still have my bookmarks :).
thanks a million.
Kindest regards,
S
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top